Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 07:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/testing/btest/Traces/http
History
Robin Sommer 9e1592d5c4
Spicy: Do not raise an analyzer error when a connection is missing a regular tear-down. 
So far, when Zeek didn't see a connection's regular tear-down (e.g.,
because its state timed-out before we got to the end), we'd still
signal a regular end-of-data to Spicy parsers. As a result, they would
then typically raise a parse error because they were probably still
expecting data and would now declare it missing. That's not very
useful because semantically it's not really a protocol issue if the
data just doesn't make it over to us; it's a transport-layer issue
that Zeek already handles elsewhere. So we now switch to signaling
end-of-data to Spicy analyzers only if the connection indeed shuts
down regularly. This is also matches how BinPAC handles it.

This also comes with a test exercising various combinations of
end-of-data behavior so that we ensure consistent/desired behavior.

Closes #4007.
2024-11-08 12:20:29 +01:00
..
100-continue.trace FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
206_example_a.pcap FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
206_example_b.pcap FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
206_example_c.pcap FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
1000-requests-one-dropped-response.pcap.gz http: Prevent request/response de-synchronization and unbounded state growth 2023-08-28 15:02:58 +02:00
basic-auth-with-colon.trace http: fix password capture when enabled 2024-08-28 21:44:39 +02:00
basic-auth-with-extra-space.trace Merge branch 'master' of https://github.com/progmboy/zeek 2023-06-27 18:21:34 +02:00
bro.org-filtered.pcap Add script to detect filtered TCP traces, addresses BIT-1119. 2014-01-31 17:04:58 -06:00
bro.org.pcap Add unit tests for new Bro Manual docs. 2014-01-21 16:01:55 -06:00
byteranges.trace FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
concurrent-range-requests-complete.pcap frameworks/notice: Handle fa_file with no or more than a single connection better 2022-12-06 11:17:30 +01:00
concurrent-range-requests.pcap files.log: Unroll and introduce uid and id fields 2022-08-16 17:22:20 +02:00
connect-with-header.trace Fix support for HTTP connect when server adds headers to response. 2015-10-23 13:10:33 -07:00
connect-with-smtp.trace HTTP CONNECT proxy support. 2014-02-12 22:38:59 -05:00
content-range-gap-skip.trace Fix incorrect data delivery skips after gap in HTTP Content-Range. 2014-09-11 14:53:47 -05:00
content-range-gap.trace Fix file analysis placement of data after gap in HTTP Content-Range. 2014-09-11 12:25:43 -05:00
content-range-less-than-len.pcap BIT-1926: add unit tests for misc. HTTP patches 2018-05-08 15:39:27 -05:00
cooper-grill-dvwa.pcapng Merge branch 'sqli-spaces-encode-to-plus' of https://github.com/cooper-grill/zeek 2024-10-29 14:08:39 +01:00
curl_http_09.pcap http: Heuristic around rejecting malformed HTTP/0.9 traffic 2022-11-18 18:19:58 +01:00
deeply-nested-mime.pcap MIME: Cap nested MIME analysis depth to 100 2024-01-17 10:18:13 -07:00
entity_gap.trace Raise http_entity_data in line with data arrival. 2014-09-10 13:20:47 -05:00
entity_gap2.trace Fix issue w/ TCP reassembler not delivering some segments. 2014-09-11 10:47:56 -05:00
fake-content-length.pcap BIT-1926: add unit tests for misc. HTTP patches 2018-05-08 15:39:27 -05:00
flash-version.trace Adding tests for Flash version parsing and plugin detection. 2015-07-30 07:23:14 -07:00
get-gzip.trace FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
get-without-fins.trace Spicy: Do not raise an analyzer error when a connection is missing a regular tear-down. 2024-11-08 12:20:29 +01:00
get.trace FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
get_nosyn.trace Initial implementation of Lower-Level analyzers 2020-09-23 11:13:25 -07:00
http-09-content-length-confusion.pcap HTTP: Reset reply_message for HTTP/0.9 2023-03-13 14:13:50 +01:00
http-11-request-then-cruft.pcap testing/http: http-11-request-then-cruft 2023-01-26 19:59:39 +01:00
http-bad-content-range-01.pcap HTTP: Make Content-Range parsing more robust 2023-03-13 18:00:39 +01:00
http-bad-request-with-version.trace updated weird message and tests 2016-03-04 18:03:24 -05:00
http-body-match.pcap Test how the signature framework matches HTTP body 2023-11-03 15:28:15 +01:00
http-desync-request-response-5.pcap http: Prevent request/response de-synchronization and unbounded state growth 2023-08-28 15:02:58 +02:00
http-filename.pcap Additional test specifically for the HTTP filename handling. 2016-06-15 01:56:07 -04:00
http-large-gap.pcap Add extract_limit_includes_missing option for file extraction 2023-09-14 12:11:42 -07:00
http-post-large.pcap Add speculative service script. 2019-08-29 11:47:04 +02:00
http_09.pcap http: Heuristic around rejecting malformed HTTP/0.9 traffic 2022-11-18 18:19:58 +01:00
http_large_req_8001.pcap Change HTTP's DPD signatures so that each side can trigger the analyzer on its own. 2020-09-08 07:33:36 +00:00
interleaved-http-entity.pcap http: Prevent script errors when http$current_entity is not set 2022-09-26 10:18:24 +02:00
iso-download.pcap.gz signatures: Fix ISO 9960 signature 2024-02-22 12:37:40 +01:00
methods.trace FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
missing-zlib-header.pcap Fixes an issue with missing zlib headers on deflated HTTP content. 2015-05-18 14:30:32 -04:00
multipart-form-data.pcap GH-1100: Fix reported body-length of HTTP messages w/ sub-entities 2020-08-04 14:21:03 -07:00
multipart.trace Fix HTTP multipart body file analysis. 2013-05-21 15:35:22 -05:00
no-uri.pcap GH-977: Improve pcap error handling 2020-06-08 18:11:58 -07:00
no-version.pcap Tweaking how HTTP requests without URIs are handled. 2016-01-15 12:59:11 -08:00
no_crlf.pcap Fix HTTP evasion 2021-07-23 09:28:29 +02:00
percent-end-of-line.pcap Better handling of % at end of line. 2017-07-27 22:04:47 -07:00
pipelined-requests.trace FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
post.trace FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
proxy.pcap Add unit tests for new Bro Manual docs. 2014-01-21 16:01:55 -06:00
putty-upload.pcap intel/seen/file-names: Use file_over_new_connection() 2023-01-10 10:10:28 +01:00
version-mismatch.pcap testing/http: Add pcap extracted from m5-long external test-suite 2023-01-26 19:59:39 +01:00
vnd.ms-cab-compressed-multi-conn.pcap test-all-policy: Do not load iso-9660.zeek 2024-02-26 17:58:26 +01:00
websocket.pcap HTTP: Recognize and skip upgrade/websocket connections. 2017-08-04 07:04:28 -07:00
x-gzip.pcap BIT-1926: add unit tests for misc. HTTP patches 2018-05-08 15:39:27 -05:00
zeek-image-1080-80-x.pcap HTTP: Implement FlipRoles() 2024-07-04 11:38:33 +02:00
zeek-image-post-1080-8000-x.pcap HTTP: Implement FlipRoles() 2024-07-04 11:38:33 +02:00
zero-length-bodies-with-drops.pcap Fix an issue with packet loss in http file reporting. 2015-04-08 13:39:42 -04:00