Skip to content

Instantly share code, notes, and snippets.

@grigorescu
Created September 23, 2019 15:09
Show Gist options
  • Save grigorescu/66b02bd47e5235f15ff231f560ced696 to your computer and use it in GitHub Desktop.
Save grigorescu/66b02bd47e5235f15ff231f560ced696 to your computer and use it in GitHub Desktop.
# Test 1
########
# Fails: Incompatible type for set of ID 'DPD::ignore_violations': got 'table', need 'table' (Option::set(Config::ID, Config::val, Config::location))
# @TEST-EXEC: zeek -b %INPUT
@load base/frameworks/config
@load base/frameworks/dpd
event zeek_init()
{
print DPD::ignore_violations;
Config::set_value("DPD::ignore_violations", set());
print DPD::ignore_violations;
}
# @TEST-START-NEXT
# Test 2
########
# Fails: syntax error, at or near "{"
# @TEST-EXEC: zeek -b %INPUT
@load base/frameworks/config
@load base/frameworks/dpd
event zeek_init()
{
print DPD::ignore_violations;
Config::set_value("DPD::ignore_violations", {});
print DPD::ignore_violations;
}
# @TEST-START-NEXT
# Test 3
########
# Works
# @TEST-EXEC: zeek -b %INPUT > out
# @TEST-EXEC: btest-diff out
@load base/frameworks/config
@load base/frameworks/dpd
event zeek_init()
{
print DPD::ignore_violations;
local l = DPD::ignore_violations;
l = set(Analyzer::ANALYZER_SYSLOG);
Config::set_value("DPD::ignore_violations", l);
print DPD::ignore_violations;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment