diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index f58754c..f2862c4 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -10,8 +10,8 @@ jobs: strategy: matrix: version: - - zeek:5.0 - zeek:6.0 + - zeek:6.2 - zeek-dev:latest fail-fast: false diff --git a/tests/analyzer/basic.zeek b/tests/analyzer/basic.zeek index d333817..ab64aed 100644 --- a/tests/analyzer/basic.zeek +++ b/tests/analyzer/basic.zeek @@ -2,12 +2,15 @@ # @TEST-EXEC: zeek -r ${TRACES}/http-post.pcap frameworks/files/hash-all-files %INPUT # @TEST-EXEC: cat files.log | sed 's/SHA1,MD5/MD5,SHA1/g' >files.log.tmp && mv -f files.log.tmp files.log -# @TEST-EXEC: zeek-cut -C ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service history conn.log2 && mv conn.log2 conn.log -# @TEST-EXEC: zeek-cut -C fuid source depth analyzers mime_type filename total_bytes files.log.tmp && mv files.log.tmp files.log +# +# Drop fields which are incompatible between zeek-6.0 and dev version. +# @TEST-EXEC: zeek-cut -C -n fuid conn.log2 && mv conn.log2 conn.log +# @TEST-EXEC: zeek-cut -C -n orig_fuids resp_fuids http.log.tmp && mv http.log.tmp http.log +# @TEST-EXEC: zeek-cut -C -n fuid parent_fuid files.log.tmp && mv files.log.tmp files.log +# # @TEST-EXEC: btest-diff conn.log -# Skip baselining of fuids on pre-6.0 versions (fuids stopped being canonified with 6.0). -# @TEST-EXEC: zeek -b -e 'exit(Version::at_least("6.0") ? 1 : 0)' || btest-diff http.log -# @TEST-EXEC: zeek -b -e 'exit(Version::at_least("6.0") ? 1 : 0)' || btest-diff files.log +# @TEST-EXEC: btest-diff http.log +# @TEST-EXEC: btest-diff files.log # # @TEST-DOC: Test HTTP analyzer with small trace. diff --git a/tests/baseline/analyzer.basic/conn.log b/tests/baseline/analyzer.basic/conn.log index b05856c..076a0c8 100644 --- a/tests/baseline/analyzer.basic/conn.log +++ b/tests/baseline/analyzer.basic/conn.log @@ -6,7 +6,7 @@ #unset_field - #path conn #open XXXX-XX-XX-XX-XX-XX -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service history -#types time string addr port addr port enum string string +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents +#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] #close XXXX-XX-XX-XX-XX-XX -XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.228.5 53595 54.243.55.129 80 tcp http ShADadFf +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.228.5 53595 54.243.55.129 80 tcp http 0.068875 160 519 SF F F 0 ShADadFf 8 588 6 839 - diff --git a/tests/baseline/analyzer.basic/files.log b/tests/baseline/analyzer.basic/files.log index b25ead9..e5d6400 100644 --- a/tests/baseline/analyzer.basic/files.log +++ b/tests/baseline/analyzer.basic/files.log @@ -6,8 +6,8 @@ #unset_field - #path files #open XXXX-XX-XX-XX-XX-XX -#fields fuid source depth analyzers mime_type filename total_bytes -#types string string count set[string] string string count +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout md5 sha1 sha256 extracted extracted_cutoff extracted_size +#types time string addr port addr port string count set[string] string string interval bool bool count count count count bool string string string string bool count #close XXXX-XX-XX-XX-XX-XX -FM47gX3vI5ofQPm1li HTTP 0 MD5,SHA1 text/plain - 11 -FZjUS57tUkGFTibv3 HTTP 0 MD5,SHA1 text/json - 366 +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.228.5 53595 54.243.55.129 80 HTTP 0 MD5,SHA1 text/plain - 0.000000 F T 11 11 0 0 F 5eb63bbbe01eeed093cb22bb8f5acdc3 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed - - - - +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.228.5 53595 54.243.55.129 80 HTTP 0 MD5,SHA1 text/json - 0.000000 F F 366 366 0 0 F c9337794df612aeaa901dcf9fa446bca 6a1582672c203210c6d18d700322060b676365e7 - - - - diff --git a/tests/baseline/analyzer.basic/http.log b/tests/baseline/analyzer.basic/http.log index 32b9e27..c15dcb3 100644 --- a/tests/baseline/analyzer.basic/http.log +++ b/tests/baseline/analyzer.basic/http.log @@ -6,7 +6,7 @@ #unset_field - #path http #open XXXX-XX-XX-XX-XX-XX -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent origin request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types -#types time string addr port addr port count string string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string] +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent origin request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_filenames orig_mime_types resp_filenames resp_mime_types +#types time string addr port addr port count string string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] #close XXXX-XX-XX-XX-XX-XX -XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.228.5 53595 54.243.55.129 80 1 POST httpbin.org /post - 1.1 curl/7.29.0 - 11 366 200 OK - - (empty) - - - FM47gX3vI5ofQPm1li - text/plain FZjUS57tUkGFTibv3 - text/json +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.228.5 53595 54.243.55.129 80 1 POST httpbin.org /post - 1.1 curl/7.29.0 - 11 366 200 OK - - (empty) - - - - text/plain - text/json