Add CI to this repository #1

rsmmr · 2021-02-24T19:30:34Z

Should tests some version of the following:

Install Zeek from binary package
Install zkg (unless 4.0, where is comes with)
Configure zkg (autoconf / @load packages)
zkg install . from a clone of this repository
Check that our analyzers show up in zeek -NN _Zeek::Spicy output (ideally create a baseline showing all the included analyzers)
Check that running zeek uses the new analyzers. maybe run zeek and then baseline cat loaded_scripts.log | grep spicy-analyzers; our analyzer scripts should show up in there.

Do this for a couple different platforms and (for now) Zeek 3.0, Zeek 3.2, Zeek 4.0.

The text was updated successfully, but these errors were encountered:

* added LDAP stubbed out files * stubbing PDU types * work in progress (found asn1.spicy module) * more asn1 work in progress * more asn1 work in progress * more asn1 work in progress * more asn1 work in progress * more asn1 work in progress; compiling but some stuff has been commented out. need to examine one by one * more asn1 work in progress; compiling but some stuff has been commented out. need to examine one by one * asn1 work in progress * asn1 work in progress * stub out debug output * work in progress * added debug back in * more work on bind request * more work in progress on bind request * more work on ldap bindRequest * more work in progress, figururing out application ASN.1 BER class. see https://ldap.com/ldapv3-wire-protocol-reference-asn1-ber/ for a big help * more work in progress, figururing out application ASN.1 * more work in progress, figururing out application ASN.1 * working on bindrequest * more work on ldap * wip on ldap/spicy * comment out specifying vector length * more work in progress on ldap * LDAP work in progress * Fix indents and remove wrapper. * Spaces to tabs. * Switch to spaces. * Update source for trace file. * Fix various vector parsing issues. Also remove typing from the_type since we don't know all cases yet. * Added Cisco vendor IDs. * Update baselines. * Add another vendor id. * work in progress with zeek integration plumbing: * plumbing in place for logging * more logging work in progress * more logging work in progress * comment out some stuff * redue verbosity * print out numbers of unparsed bytes * debugging ldap * specify message length so we don't parse more than we should per-message * ldap work in progress * push 'catch-all' bytes &eod array to the sub-messages * debug print out the list of unparsed data * need to parse ldap messages in an array * Adding result * don't explicitly set a bool for hasResult * explicitly set a bool for hasResult * add column * use unset value instead of a separate boolean * progress on ldap.log * added more results * more work on ldap log * make op and result set of enum instead of vector of enum * add comments * need EOL * formatting and work on ldap processor * more work on ldap * working on putting search into its own separate log file * working on putting search into its own separate log file * more work on search filtering * work in progress on the ldap processor; asn1 can now be recursive, although I'm not using it yet because it's a whole mindshift from what i've been doing * Added more debug printing * Added more debug printing * for now store application types in a big 'bytes' array * Added more debug printing * recursive parsing for ldap via asn1 * great progress on ldap * great progress on ldap * great progress on ldap * Allow success with empty entries * formatting, and use &convert to decomplicate member access * use strings instead of enums for log output Co-authored-by: Keith Jones <keith@keithjjones.com> Co-authored-by: Robin Sommer <robin@corelight.com>

Couple tweaks included: - Turned PR summary into README - Capitalized module names * ssh://github.com/mmguero-dev/spicy-analyzers: something in 51ec8fd broke something, this will (should) fix it something in 51ec8fd broke something, this will (should) fix it try to expose less useless stuff in each unit, for #56 update changes Remove analyzer_id from scripts for ipsec. update .log files from baseline test to reflect new logs fields Added proto (TCP for now, may include UDP in the future ) to the ldap logs changes made after @bbanier's review of PR #56. See the comments in that review for the details. changes made after @bbanier's review of PR #56. See the comments in that review for the details. Moving computation for |self.seq.submessages| to temporary local variable to fix CI integration error. void fields never store a value and cannot be named void fields never store a value and cannot be named fix LDAP test (specify -C to zeek) update changes added ldap test rename ldap.zeek to main.zeek don't save both 'bind' and 'bind simple'/'bind SASL' in the operations list added more ldap codes Added ldap version Topic/ldap (#1)

bbannier self-assigned this Feb 25, 2021

bbannier mentioned this issue Mar 3, 2021

Add basic CI infrastructure. #2

Merged

bbannier closed this as completed in #2 Mar 4, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add CI to this repository #1

Add CI to this repository #1

rsmmr commented Feb 24, 2021

Add CI to this repository #1

Add CI to this repository #1

Comments

rsmmr commented Feb 24, 2021