Skip to content

Commit

Permalink
add bro language support
Browse files Browse the repository at this point in the history 
Add support for the Bro language from https://zeek.org/.

Bro is a programming language designed specifically to be able to
represent network-related abstractions (e.g. addresses and ports) and
as such offers a great deal of functionality and flexibility in terms
of helping you accomplish your network-monitoring goals.
  • Loading branch information
@lilyinstarlight
lilyinstarlight committed Mar 11, 2019
1 parent 2ed47cf commit 686db64
Show file tree
Hide file tree
Showing 19 changed files with 274 additions and 0 deletions.
1 change: 1 addition & 0 deletions AUTHORS.en.txt
View file
Expand Up @@ -275,3 +275,4 @@ Contributors:
- Laurent Voullemier <laurent.voullemier@gmail.com>
- Sean T. Allen <sean@monkeysnatchbanana.com>
- Greg Cline <gregrcline@gmail.com>
- Foster McLane <fkmclane@gmail.com>
1 change: 1 addition & 0 deletions CHANGES.md
View file
@@ -1,6 +1,7 @@
## Master

New languages:
- *Bro* by [Foster McLane][]

New styles:

Expand Down
2 changes: 2 additions & 0 deletions docs/css-classes-reference.rst
View file
Expand Up @@ -179,6 +179,8 @@ Language names and aliases
+-------------------------+---------------------------------------------------+
| Brainfuck | brainfuck, bf |
+-------------------------+---------------------------------------------------+
| Bro | bro |
+-------------------------+---------------------------------------------------+
| C# | cs, csharp |
+-------------------------+---------------------------------------------------+
| C++ | cpp, c, cc, h, c++, h++, hpp |
Expand Down
195 changes: 195 additions & 0 deletions src/languages/bro.js
View file
@@ -0,0 +1,195 @@
/*
Language: Bro
Author: Foster McLane <fkmclane@gmail.com>
Description: Bro is a programming language designed specifically to be able to represent network-related abstractions (e.g. addresses and ports) and as such offers a great deal of functionality and flexibility in terms of helping you accomplish your network-monitoring goals.
Category: misc
*/

function(hljs) {
var HEX = '[0-9a-fA-F_]';
var FLOAT = '((\\d*\\.?\\d+)|(\\d+\\.?\\d*))([eE][-+]?\\d+)?';
var H = '[A-Za-z0-9][-A-Za-z0-9]*';

var KEYWORDS = {
keyword:
'const|0 event|10 export|0 function|0 global|0 hook|10 module|0 option redef type ' +

'addr|10 any|10 bool|0 count counter double|0 enum|0 file int|0 interval ' +
'opaque|10 pattern|10 port|10 record set string|0 subnet|10 table|0 time ' +
'timer vector|0 ' +

'local|0 add delete print|0 for|0 while|0 next|10 break|0 if|0 else|0 switch|0 break|0 ' +
'fallthrough|10 when|10 schedule return|0 ' +

'in is as',

literal:
'T F'
};

var PREPROC = {
className: 'meta',
begin:
'^\\s*@(deprecated|load|load-plugin|load-sigs|unload|prefixes|if|' +
'ifdef|ifndef|else|endif)\\b', end: '$',
contains: [
{
className: 'meta-string',
begin: '"', end: '"',
illegal: '\\n',
contains: [hljs.BACKSLASH_ESCAPE]
}
],
relevance: 0
};

var META = {
className: 'meta',
begin: '@(DEBUG|DIR|FILENAME)\\b'
};

var ATTRIBUTE = {
className: 'attribute',
begin:
'&(redef|priority|log|optional|default|add_func|' +
'delete_func|expire_func|read_expire|write_expire|' +
'create_expire|synchronized|persistent|rotate_interval|' +
'rotate_size|encrypt|raw_output|mergeable|error_handler|' +
'type_column|deprecated)\\b',
relevance: 10
};

var PORT = {
className: 'number',
begin: '\\d+/(tcp|udp|icmp|unknown)\\b',
relevance: 10
};

var ADDRESS = {
className: 'number',
variants: [
{begin: '(\\d+\\.){3}\\d+(/\\d+)?'},
{begin: '\\[(' + HEX + '{0,4}:)+' + HEX + '{0,4}\\](/\\d+)?'}
],
};

var HOST = {
className: 'string',
begin: H + '(\\.' + H + ')+',
relevance: 0
};

var TIME = {
className: 'number',
begin: FLOAT + '\\s*(day|hr|min|sec|msec|usec)s?\\b',
};

var DECL = {
beginKeywords:
'const global module option redef type', end: ';', excludeEnd: true,
keywords: KEYWORDS,
contains: [
PREPROC,
hljs.HASH_COMMENT_MODE,
META,
ATTRIBUTE,
PORT,
ADDRESS,
HOST,
TIME,
hljs.C_NUMBER_MODE,
hljs.REGEXP_MODE,
hljs.QUOTE_STRING_MODE,
],
relevance: 0
};

var CALL = {
beginKeywords: 'event hook', end: ';', excludeEnd: true,
keywords: KEYWORDS,
contains: [
PREPROC,
hljs.HASH_COMMENT_MODE,
META,
ATTRIBUTE,
PORT,
ADDRESS,
HOST,
TIME,
hljs.C_NUMBER_MODE,
hljs.REGEXP_MODE,
hljs.QUOTE_STRING_MODE,
],
relevance: 10
};

var BODY = {
begin: '\\{',
end: '\\}',
keywords: KEYWORDS,
contains: [
PREPROC,
hljs.HASH_COMMENT_MODE,
META,
ATTRIBUTE,
PORT,
ADDRESS,
HOST,
TIME,
hljs.C_NUMBER_MODE,
hljs.REGEXP_MODE,
hljs.QUOTE_STRING_MODE,
CALL,
'self'
],
relevance: 0
};

var FUNC = {
className: 'function',
beginKeywords: 'event function hook', end: '\\s*\\{', excludeEnd: true,
keywords: KEYWORDS,
contains: [
PREPROC,
hljs.HASH_COMMENT_MODE,
{
className: 'params',
begin: '\\(', end: '\\)',
illegal: '["\']',
keywords: KEYWORDS
},
META,
ATTRIBUTE,
PORT,
ADDRESS,
HOST,
TIME,
hljs.C_NUMBER_MODE,
hljs.REGEXP_MODE,
hljs.QUOTE_STRING_MODE,
hljs.TITLE_MODE
],
starts: BODY,
relevance: 0
};

return {
illegal: '</',
keywords: KEYWORDS,
contains: [
PREPROC,
hljs.HASH_COMMENT_MODE,
META,
ATTRIBUTE,
PORT,
ADDRESS,
HOST,
TIME,
hljs.C_NUMBER_MODE,
hljs.REGEXP_MODE,
hljs.QUOTE_STRING_MODE,
DECL,
FUNC
]
};
}
49 changes: 49 additions & 0 deletions test/detect/bro/default.txt
View file
@@ -0,0 +1,49 @@
global local_subnets: set[subnet] = { 192.168.1.0/24, 192.68.2.0/24, 172.16.0.0/20, 172.16.16.0/20, 172.16.32.0/20, 172.16.48.0/20 };
global my_count = 0;
global inside_networks: set[addr];
global outside_networks: set[addr];

event new_connection(c: connection)
{
++my_count;
if ( my_count <= 10 )
{
print fmt("The connection %s from %s on port %s to %s on port %s started at %s.", c$uid, c$id$orig_h, c$id$orig_p, c$id$resp_h, c$id$resp_p, strftime("%D %H:%M", c$start_time));
}
if ( c$id$orig_h in local_subnets)
{
add inside_networks[c$id$orig_h];
}
else
add outside_networks[c$id$orig_h];

if ( c$id$resp_h in local_subnets)
{
add inside_networks[c$id$resp_h];
}
else
add outside_networks[c$id$resp_h];
}

event connection_state_remove(c: connection)
{
if ( my_count <= 10 )
{
print fmt("Connection %s took %s seconds", c$uid, c$duration);
}
}

event bro_done()
{
print fmt("Saw %d new connections", my_count);
print "These IPs are considered local";
for (a in inside_networks)
{
print a;
}
print "These IPs are considered external";
for (a in outside_networks)
{
print a;
}
}
4 changes: 4 additions & 0 deletions test/markup/bro/address.expect.txt
View file
@@ -0,0 +1,4 @@
<span class="hljs-keyword">local</span> a = <span class="hljs-number">192.168.0.1</span>;
<span class="hljs-keyword">local</span> b = <span class="hljs-number">192.168.0.1/24</span>;
<span class="hljs-keyword">local</span> c = <span class="hljs-number">[fe80::1]</span>;
<span class="hljs-keyword">local</span> d = <span class="hljs-number">[fe80::1]/64</span>;
4 changes: 4 additions & 0 deletions test/markup/bro/address.txt
View file
@@ -0,0 +1,4 @@
local a = 192.168.0.1;
local b = 192.168.0.1/24;
local c = [fe80::1];
local d = [fe80::1]/64;
4 changes: 4 additions & 0 deletions test/markup/bro/event.expect.txt
View file
@@ -0,0 +1,4 @@
<span class="hljs-function"><span class="hljs-keyword">event</span> <span class="hljs-title">new_connection</span><span class="hljs-params">(c: connection)</span></span>
{
<span class="hljs-keyword">print</span> fmt(<span class="hljs-string">"New connection: %s"</span>, c$id);
}
4 changes: 4 additions & 0 deletions test/markup/bro/event.txt
View file
@@ -0,0 +1,4 @@
event new_connection(c: connection)
{
print fmt("New connection: %s", c$id);
}
1 change: 1 addition & 0 deletions test/markup/bro/host.expect.txt
View file
@@ -0,0 +1 @@
<span class="hljs-keyword">local</span> h = <span class="hljs-string">www.google.com</span>;
1 change: 1 addition & 0 deletions test/markup/bro/host.txt
View file
@@ -0,0 +1 @@
local h = www.google.com;
1 change: 1 addition & 0 deletions test/markup/bro/port.expect.txt
View file
@@ -0,0 +1 @@
<span class="hljs-keyword">local</span> p = <span class="hljs-number">123/udp</span>;
1 change: 1 addition & 0 deletions test/markup/bro/port.txt
View file
@@ -0,0 +1 @@
local p = 123/udp;
1 change: 1 addition & 0 deletions test/markup/bro/preproc.expect.txt
View file
@@ -0,0 +1 @@
<span class="hljs-meta">@load policy/frameworks/notice</span>
1 change: 1 addition & 0 deletions test/markup/bro/preproc.txt
View file
@@ -0,0 +1 @@
@load policy/frameworks/notice
1 change: 1 addition & 0 deletions test/markup/bro/table.expect.txt
View file
@@ -0,0 +1 @@
<span class="hljs-keyword">local</span> t: <span class="hljs-keyword">table</span>[<span class="hljs-keyword">string</span>] of <span class="hljs-keyword">count</span>;
1 change: 1 addition & 0 deletions test/markup/bro/table.txt
View file
@@ -0,0 +1 @@
local t: table[string] of count;
1 change: 1 addition & 0 deletions test/markup/bro/time.expect.txt
View file
@@ -0,0 +1 @@
<span class="hljs-keyword">local</span> t = <span class="hljs-number">10min</span>;
1 change: 1 addition & 0 deletions test/markup/bro/time.txt
View file
@@ -0,0 +1 @@
local t = 10min;

0 comments on commit 686db64

Please sign in to comment.