zeek/testing/btest/policy/protocols/smtp/mime.test

# Checks logging of mime types and md5 calculation.  Mime type in the log
# is normalized to prevent sensitivity to libmagic version.

# @TEST-REQUIRES: grep -q '#define HAVE_LIBMAGIC' $BUILD/config.h
# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
# @TEST-EXEC: btest-diff smtp_entities.log

@load base/protocols/smtp

redef SMTP::generate_md5=/text\/plain/;

event bro_init()
	{
	Log::remove_default_filter(SMTP::SMTP_ENTITIES);
	Log::add_filter(SMTP::SMTP_ENTITIES, [$name="normalized-mime-types",
									  $pred=function(rec: SMTP::EntityInfo): bool
		{
		if ( rec?$mime_type )
			rec$mime_type = "FAKE_MIME";
		return T;
		}
	]);
	}