mirror of
https://github.com/zeek/zeek.git
synced 2025-10-03 23:28:20 +00:00

- policy/ renamed to scripts/ - By default BROPATH now contains: - scripts/ - scripts/policy - scripts/site - *Nearly* all tests pass. - All of scripts/base/ is loaded by main.cc - Can be disabled by setting $BRO_NO_BASE_SCRIPTS - Scripts in scripts/base/ don't use relative path loading to ease use of BRO_NO_BASE_SCRIPTS (to copy and paste that script). - The scripts in scripts/base/protocols/ only (or soon will only) do logging and state building. - The scripts in scripts/base/frameworks/ add functionality without causing any additional overhead. - All "detection" activity happens through scripts in scripts/policy/. - Communications framework modified temporarily to need an environment variable to actually enable (ENABLE_COMMUNICATION=1) - This is so the communications framework can be loaded as part of the base without causing trouble when it's not needed. - This will be removed once a resolution to ticket #540 is reached.
105 lines
2.9 KiB
Text
105 lines
2.9 KiB
Text
# @TEST-EXEC: bro %INPUT > output
|
|
# @TEST-EXEC: btest-diff output
|
|
|
|
# This is loaded by default
|
|
#@load base/utils/addrs
|
|
|
|
event bro_init()
|
|
{
|
|
local ip = "0.0.0.0";
|
|
|
|
print "============ test ipv4 regex";
|
|
print ip == ipv4_addr_regex;
|
|
print is_valid_ip(ip);
|
|
ip = "1.1.1.1";
|
|
print ip == ipv4_addr_regex;
|
|
print is_valid_ip(ip);
|
|
ip = "255.255.255.255";
|
|
print ip == ipv4_addr_regex;
|
|
print is_valid_ip(ip);
|
|
ip = "255.255.255.256";
|
|
print ip == ipv4_addr_regex; # the regex doesn't check for 0-255
|
|
print is_valid_ip(ip); # but is_valid_ip() will
|
|
ip = "255.255.255.255.255";
|
|
print ip == ipv4_addr_regex;
|
|
print is_valid_ip(ip);
|
|
ip = "192.168.1.100";
|
|
print ip == ipv4_addr_regex;
|
|
print is_valid_ip(ip);
|
|
|
|
print "============ test ipv6 regex";
|
|
|
|
ip = "2001:0db8:85a3:0000:0000:8a2e:0370:7334";
|
|
print is_valid_ip(ip);
|
|
|
|
# test for case insensitivity
|
|
ip = "2001:0DB8:85A3:0000:0000:8A2E:0370:7334";
|
|
print is_valid_ip(ip);
|
|
|
|
# any case mixture is allowed
|
|
ip = "2001:0dB8:85a3:0000:0000:8A2E:0370:7334";
|
|
print is_valid_ip(ip);
|
|
|
|
# leading zeroes of a 16-bit group may be omitted
|
|
ip = "2001:db8:85a3:0:0:8a2e:370:7334";
|
|
print is_valid_ip(ip);
|
|
|
|
# a single occurrence of consecutive groups of zeroes may be replaced by ::
|
|
ip = "2001:db8:85a3::8a2e:370:7334";
|
|
print is_valid_ip(ip);
|
|
|
|
# this should fail because we don't have enough 16-bit groups
|
|
ip = "2001:db8:85a3:8a2e:370:7334";
|
|
print is_valid_ip(ip);
|
|
|
|
# this should fail because of an invalid hex digit
|
|
ip = "2001:gb8:85a3::8a2e:370:7334";
|
|
print is_valid_ip(ip);
|
|
|
|
# this should fail because we have too many 16-bit groups
|
|
ip = "2001:0db8:85a3:0000:0000:8a2e:0370:7334:1111";
|
|
print is_valid_ip(ip);
|
|
|
|
# this should fail because one group isn't 16-bits
|
|
ip = "2001:0db8:85a3:0000:0000:8a2e00:0370:7334";
|
|
print is_valid_ip(ip);
|
|
|
|
# this should fail because we can't have more than one ::
|
|
ip = "2001::85a3::7334";
|
|
print is_valid_ip(ip);
|
|
|
|
# all zeroes should work
|
|
ip = "0:0:0:0:0:0:0:0";
|
|
print is_valid_ip(ip);
|
|
|
|
# all zeroes condensed should work
|
|
ip = "::";
|
|
print is_valid_ip(ip);
|
|
|
|
print "============ test ipv6-ipv4 hybrid regexes";
|
|
|
|
# hybrid ipv6-ipv4 address should work
|
|
ip = "2001:db8:0:0:0:FFFF:192.168.0.5";
|
|
print is_valid_ip(ip);
|
|
|
|
# hybrid ipv6-ipv4 address with zero ommission should work
|
|
ip = "2001:db8::FFFF:192.168.0.5";
|
|
print is_valid_ip(ip);
|
|
|
|
# hybrid format with more than six 16-bit groups should fail
|
|
ip = "2001:db8:0:0:0:0:FFFF:192.168.0.5";
|
|
print is_valid_ip(ip);
|
|
|
|
# hybrid format without a 4 octet ipv4 part should fail
|
|
ip = "2001:db8:0:0:0:FFFF:192.168.0";
|
|
print is_valid_ip(ip);
|
|
|
|
# hybrid format's ipv4 part should test that all octet's are 0-255
|
|
ip = "2001:db8:0:0:0:FFFF:192.168.0.256";
|
|
print is_valid_ip(ip);
|
|
|
|
print "============ test find_ip_addresses()";
|
|
print find_ip_addresses("this is 1.1.1.1 a test 2.2.2.2 string with ip addresses 3.3.3.3");
|
|
print find_ip_addresses("this is 1.1.1.1 a test 0:0:0:0:0:0:0:0 string with ip addresses 3.3.3.3");
|
|
|
|
}
|