-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add CI to this repository #1
Comments
rsmmr
added a commit
that referenced
this issue
May 19, 2021
* added LDAP stubbed out files * stubbing PDU types * work in progress (found asn1.spicy module) * more asn1 work in progress * more asn1 work in progress * more asn1 work in progress * more asn1 work in progress * more asn1 work in progress; compiling but some stuff has been commented out. need to examine one by one * more asn1 work in progress; compiling but some stuff has been commented out. need to examine one by one * asn1 work in progress * asn1 work in progress * stub out debug output * work in progress * added debug back in * more work on bind request * more work in progress on bind request * more work on ldap bindRequest * more work in progress, figururing out application ASN.1 BER class. see https://ldap.com/ldapv3-wire-protocol-reference-asn1-ber/ for a big help * more work in progress, figururing out application ASN.1 * more work in progress, figururing out application ASN.1 * working on bindrequest * more work on ldap * wip on ldap/spicy * comment out specifying vector length * more work in progress on ldap * LDAP work in progress * Fix indents and remove wrapper. * Spaces to tabs. * Switch to spaces. * Update source for trace file. * Fix various vector parsing issues. Also remove typing from the_type since we don't know all cases yet. * Added Cisco vendor IDs. * Update baselines. * Add another vendor id. * work in progress with zeek integration plumbing: * plumbing in place for logging * more logging work in progress * more logging work in progress * comment out some stuff * redue verbosity * print out numbers of unparsed bytes * debugging ldap * specify message length so we don't parse more than we should per-message * ldap work in progress * push 'catch-all' bytes &eod array to the sub-messages * debug print out the list of unparsed data * need to parse ldap messages in an array * Adding result * don't explicitly set a bool for hasResult * explicitly set a bool for hasResult * add column * use unset value instead of a separate boolean * progress on ldap.log * added more results * more work on ldap log * make op and result set of enum instead of vector of enum * add comments * need EOL * formatting and work on ldap processor * more work on ldap * working on putting search into its own separate log file * working on putting search into its own separate log file * more work on search filtering * work in progress on the ldap processor; asn1 can now be recursive, although I'm not using it yet because it's a whole mindshift from what i've been doing * Added more debug printing * Added more debug printing * for now store application types in a big 'bytes' array * Added more debug printing * recursive parsing for ldap via asn1 * great progress on ldap * great progress on ldap * great progress on ldap * Allow success with empty entries * formatting, and use &convert to decomplicate member access * use strings instead of enums for log output Co-authored-by: Keith Jones <keith@keithjjones.com> Co-authored-by: Robin Sommer <robin@corelight.com>
rsmmr
added a commit
that referenced
this issue
May 19, 2021
Couple tweaks included: - Turned PR summary into README - Capitalized module names * ssh://github.com/mmguero-dev/spicy-analyzers: something in 51ec8fd broke something, this will (should) fix it something in 51ec8fd broke something, this will (should) fix it try to expose less useless stuff in each unit, for #56 update changes Remove analyzer_id from scripts for ipsec. update .log files from baseline test to reflect new logs fields Added proto (TCP for now, may include UDP in the future ) to the ldap logs changes made after @bbanier's review of PR #56. See the comments in that review for the details. changes made after @bbanier's review of PR #56. See the comments in that review for the details. Moving computation for |self.seq.submessages| to temporary local variable to fix CI integration error. void fields never store a value and cannot be named void fields never store a value and cannot be named fix LDAP test (specify -C to zeek) update changes added ldap test rename ldap.zeek to main.zeek don't save both 'bind' and 'bind simple'/'bind SASL' in the operations list added more ldap codes Added ldap version Topic/ldap (#1)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Should tests some version of the following:
@load packages
)zkg install .
from a clone of this repositoryzeek -NN _Zeek::Spicy
output (ideally create a baseline showing all the included analyzers)zeek
uses the new analyzers. maybe runzeek
and then baselinecat loaded_scripts.log | grep spicy-analyzers
; our analyzer scripts should show up in there.Do this for a couple different platforms and (for now) Zeek 3.0, Zeek 3.2, Zeek 4.0.
The text was updated successfully, but these errors were encountered: