mirror of
https://github.com/zeek/zeek.git
synced 2025-10-03 23:28:20 +00:00
f050d96503
The core.file-analyzer-violation test showed that it's possible to create new threads (log writers) when Zeek is in the process of terminating. This can result in the IO manager's deconstructor deleting IO sources for threads that are still running. This is sort of a scripting issue, so for now log a reporter warning when it happens to have a bit of a bread-crumb what might be going on. In the future it might make sense to plug APIs with zeek_is_terminating().
38 lines
970 B
Text
38 lines
970 B
Text
# @TEST-DOC: Verify analyzer_violation_info is raised for an invalid PE file.
|
|
# @TEST-EXEC: zeek -b %INPUT
|
|
# @TEST-EXEC: btest-diff .stderr
|
|
# @TEST-EXEC: btest-diff .stdout
|
|
# @TEST-EXEC: btest-diff files.log
|
|
|
|
@load base/frameworks/files
|
|
@load base/files/pe
|
|
|
|
redef exit_only_after_terminate = T;
|
|
|
|
event analyzer_violation_info(tag: AllAnalyzers::Tag, info: AnalyzerViolationInfo)
|
|
{
|
|
print tag, info$reason, info$f$id, cat(info$f$info$analyzers);
|
|
terminate();
|
|
}
|
|
|
|
event force_terminate()
|
|
{
|
|
if ( zeek_is_terminating() )
|
|
return;
|
|
|
|
Reporter::error("force_terminate called - timeout?");
|
|
terminate();
|
|
}
|
|
|
|
event zeek_init()
|
|
{
|
|
local source: string = "./myfile.exe";
|
|
Input::add_analysis([$source=source, $name=source]);
|
|
schedule 10sec { force_terminate() };
|
|
}
|
|
|
|
# This file triggers a binpac exception for PE that is reported through
|
|
# analyzer_violation_info
|
|
@TEST-START-FILE ./myfile.exe
|
|
MZ0000000000000000000000000000000000000000000000000000000000000
|
|
@TEST-END-FILE
|