LDAP analyzer #56
Merged
LDAP analyzer #56
Commits on May 10, 2021
-
* added LDAP stubbed out files * stubbing PDU types * work in progress (found asn1.spicy module) * more asn1 work in progress * more asn1 work in progress * more asn1 work in progress * more asn1 work in progress * more asn1 work in progress; compiling but some stuff has been commented out. need to examine one by one * more asn1 work in progress; compiling but some stuff has been commented out. need to examine one by one * asn1 work in progress * asn1 work in progress * stub out debug output * work in progress * added debug back in * more work on bind request * more work in progress on bind request * more work on ldap bindRequest * more work in progress, figururing out application ASN.1 BER class. see https://ldap.com/ldapv3-wire-protocol-reference-asn1-ber/ for a big help * more work in progress, figururing out application ASN.1 * more work in progress, figururing out application ASN.1 * working on bindrequest * more work on ldap * wip on ldap/spicy * comment out specifying vector length * more work in progress on ldap * LDAP work in progress * Fix indents and remove wrapper. * Spaces to tabs. * Switch to spaces. * Update source for trace file. * Fix various vector parsing issues. Also remove typing from the_type since we don't know all cases yet. * Added Cisco vendor IDs. * Update baselines. * Add another vendor id. * work in progress with zeek integration plumbing: * plumbing in place for logging * more logging work in progress * more logging work in progress * comment out some stuff * redue verbosity * print out numbers of unparsed bytes * debugging ldap * specify message length so we don't parse more than we should per-message * ldap work in progress * push 'catch-all' bytes &eod array to the sub-messages * debug print out the list of unparsed data * need to parse ldap messages in an array * Adding result * don't explicitly set a bool for hasResult * explicitly set a bool for hasResult * add column * use unset value instead of a separate boolean * progress on ldap.log * added more results * more work on ldap log * make op and result set of enum instead of vector of enum * add comments * need EOL * formatting and work on ldap processor * more work on ldap * working on putting search into its own separate log file * working on putting search into its own separate log file * more work on search filtering * work in progress on the ldap processor; asn1 can now be recursive, although I'm not using it yet because it's a whole mindshift from what i've been doing * Added more debug printing * Added more debug printing * for now store application types in a big 'bytes' array * Added more debug printing * recursive parsing for ldap via asn1 * great progress on ldap * great progress on ldap * great progress on ldap * Allow success with empty entries * formatting, and use &convert to decomplicate member access * use strings instead of enums for log output Co-authored-by: Keith Jones <keith@keithjjones.com> Co-authored-by: Robin Sommer <robin@corelight.com>
3 people committedMay 10, 2021 -
-
-
Commits on May 11, 2021
Commits on May 12, 2021
-
Moving computation for |self.seq.submessages| to temporary local vari…
…able to fix CI integration error. Thanks to @bbannier in #56 (comment): "This combination of stringification, tuples, and|...| triggers the CI error you are seeing." This could be removed once zeek/spicy#919 is in.
-
changes made after @bbanier's review of PR #56. See the comments in t…
…hat review for the details.
-
changes made after @bbanier's review of PR #56. See the comments in t…
…hat review for the details.
Commits on May 18, 2021
-
-
try to expose less useless stuff in each unit, for #56
As per the suggestion here #56 (review)
-
something in 51ec8fd broke something, this will (should) fix it
Squashed commit of the following: commit 4cd5e79 Author: SG <13872653+mmguero@users.noreply.github.com> Date: Tue May 18 12:32:26 2021 -0600 something in 51ec8fd broke something, this branch is debugging it commit bbf65a7 Author: SG <13872653+mmguero@users.noreply.github.com> Date: Tue May 18 12:29:39 2021 -0600 something in 51ec8fd broke something, this branch is debugging it commit 3636f30 Author: SG <13872653+mmguero@users.noreply.github.com> Date: Tue May 18 12:27:18 2021 -0600 Formatting commit 7957242 Author: SG <13872653+mmguero@users.noreply.github.com> Date: Tue May 18 12:24:38 2021 -0600 something in 51ec8fd broke something, this branch is debugging it commit 8bed45b Merge: d86336c 6696428 Author: SG <13872653+mmguero@users.noreply.github.com> Date: Tue May 18 12:21:58 2021 -0600 Merge remote-tracking branch 'mmguero-dev/main' into topic/ldapdebug commit d86336c Author: SG <13872653+mmguero@users.noreply.github.com> Date: Tue May 18 12:06:38 2021 -0600 something in 51ec8fd broke something, this branch is debugging it commit 292186c Author: SG <13872653+mmguero@users.noreply.github.com> Date: Tue May 18 11:59:45 2021 -0600 something in 51ec8fd broke something, this branch is debugging it
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.