mirror of
https://github.com/zeek/zeek.git
synced 2025-10-04 07:38:19 +00:00
8015e35747
I wasn't accounting for analyzers being disabled and not actually instantiating when requested. This includes a test which verifies there is no crash or problem when a user disables DCE_RPC.
12 lines
434 B
Text
12 lines
434 B
Text
# @TEST-EXEC: bro -C -r $TRACES/smb/dssetup_DsRoleGetPrimaryDomainInformation_standalone_workstation.cap %INPUT
|
|
# @TEST-EXEC: [ ! -f dce_rpc.log ]
|
|
|
|
@load policy/protocols/smb
|
|
|
|
# The DCE_RPC analyzer is a little weird since it's instantiated
|
|
# by the SMB analyzer directly in some cases. Care needs to be
|
|
# taken to handle a disabled analyzer correctly.
|
|
event bro_init()
|
|
{
|
|
Analyzer::disable_analyzer(Analyzer::ANALYZER_DCE_RPC);
|
|
}
|