Added CI.

corelight · Nov 29, 2021 · a94eb5f · a94eb5f
1 parent 1128d01
commit a94eb5f
Show file tree

Hide file tree

Showing 12 changed files with 132 additions and 35 deletions.
diff --git a/.cmake-format.json b/.cmake-format.json
@@ -0,0 +1,26 @@
+{
+  "parse": {
+    "additional_commands": {
+        "spicy_add_analyzer": {
+            "kwargs": {
+                "NAME": "*",
+                "PACKAGE_NAME": "*",
+                "SOURCES": "*",
+                "SCRIPTS": "*"
+            }
+        }
+    }
+  },
+  "format": {
+    "line_width": 100,
+    "tab_size": 4,
+    "separate_ctrl_name_with_space": true,
+    "max_subgroups_hwrap": 3
+  },
+  "markup": {
+    "enable_markup": false
+  },
+  "lint": {
+      "disabled_codes": ["C0103"]
+  }
+}
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
@@ -0,0 +1,32 @@
+name: Check
+
+on:
+  pull_request:
+  push:
+    branches: [master]
+
+jobs:
+  Check:
+    runs-on: ubuntu-latest
+    container: zeekurity/spicy
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Prepare
+        env:
+          PATH: /usr/local/bin:/opt/cmake/bin:/opt/spicy/bin:/opt/zeek/bin:/opt/zeek/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+        run: |
+          rm -f $(zkg config state_dir)/logs/*.log
+          # Manually install spicy-plugin until the image contains a zkg version with a fix for https://github.com/zeek/package-manager/issues/106 (>=zkg-2.12.0).
+          zkg -vvvvv install --force --skiptests spicy-plugin
+      - name: Install
+        env:
+          PATH: /usr/local/bin:/opt/cmake/bin:/opt/spicy/bin:/opt/zeek/bin:/opt/zeek/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+        run: |
+          git clean -fd
+          zkg -vvvvv install --force .
+
+      - name: Show logs
+        if: always()
+        run: |
+          tail -n 1000000 $(zkg config state_dir)/logs/*.log
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
@@ -0,0 +1,14 @@
+name: pre-commit
+
+on:
+  pull_request:
+  push:
+    branches: [master]
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-python@v2
+    - uses: pre-commit/[email protected]
diff --git a/.mdlrc b/.mdlrc
@@ -0,0 +1 @@
+rules "~MD033", "~MD013", "~MD046", "~MD010"
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,23 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.0.1
+  hooks:
+  - id: trailing-whitespace
+  - id: end-of-file-fixer
+  - id: check-yaml
+  - id: check-added-large-files
+
+- repo: https://github.com/markdownlint/markdownlint
+  rev: v0.11.0
+  hooks:
+  - id: markdownlint
+
+- repo: https://github.com/cheshirekow/cmake-format-precommit
+  rev: v0.6.13
+  hooks:
+  - id: cmake-format
+  - id: cmake-lint
+
+exclude: '^tests/baseline'
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -10,7 +10,7 @@ spicy_require_version("1.2.0")
 spicy_plugin_require_version("0.99.0")
 zeek_require_version("3.0.0")
 
-if ( NOT CMAKE_BUILD_TYPE )
+if (NOT CMAKE_BUILD_TYPE)
     # Default to release build.
     set(CMAKE_BUILD_TYPE "Release" CACHE STRING "")
 endif ()

diff --git a/Readme.md b/Readme.md
@@ -1,14 +1,16 @@
 # zeek-spicy-wireguard
 
 This package provides a Spicy based Wireguard protocol analyzer
-for Zeek.  
+for Zeek.
 
 You must install [Spicy](https://docs.zeek.org/projects/spicy/en/latest/)
 to use this package.
 
-This is a straightforward implementation following https://www.wireguard.com/protocol/
+This is a straightforward implementation following <https://www.wireguard.com/protocol/>
 
-## Example Logs:
+## Wireguard
+
+### Wireguard Logs
 
 ```
 #separator \x09
@@ -36,21 +38,21 @@ This is a straightforward implementation following https://www.wireguard.com/pro
 #close	2021-11-24-18-10-11
 ```
 
-## PCAP Source:
+### Wireguard PCAP Source
 
 - wireguard.pcap (self-made)
 
 This package also detects...
 
-# Tailscale
+## Tailscale
 
 [Tailscale](https://tailscale.com/) is a VPN that modifies the Wireguard protocol
 slightly by adding Tailscale discovery messages.  While the generic Wireguard protocol
 analyzer in this repo will not support this, this protocol analyzer will.
 
 Relevant code section: <https://github.com/tailscale/tailscale/blob/main/disco/disco.go#L32>
 
-## Example Log:
+### Tailscale Logs
 
 ```
 #separator \x09
@@ -65,6 +67,6 @@ Relevant code section: <https://github.com/tailscale/tailscale/blob/main/disco/d
 #close	2021-11-24-18-11-40
 ```
 
-## PCAP Source:
+### Tailscale PCAP Source
 
-- tailscale_linux.pcap (self-made)
+- tailscale_linux.pcap (self-made)
diff --git a/analyzer/analyzer.spicy b/analyzer/analyzer.spicy
@@ -93,4 +93,4 @@ type TSDiscoveryPacket = unit {
 	senderDiscoPub: bytes &size=32;
 	nonce: bytes &size=24;
 	payload: bytes &eod;
-} &byte-order = spicy::ByteOrder::Big;
+} &byte-order = spicy::ByteOrder::Big;
diff --git a/analyzer/dpd.sig b/analyzer/dpd.sig
@@ -8,4 +8,4 @@ signature tailscale_packet {
   ip-proto == udp
   payload /^\x54\x53\xf0\x9f\x92\xac/
   enable "spicy_Tailscale"
-}
+}
diff --git a/analyzer/zeek_analyzer.spicy b/analyzer/zeek_analyzer.spicy
@@ -27,4 +27,4 @@ on zeek_spicy_wireguard::TailscalePacket::%done {
 
 on zeek_spicy_wireguard::TailscalePacket::%error {
 	zeek::reject_protocol("error while parsing Tailscale packet");
-}
+}
diff --git a/cmake/FindSpicyPlugin.cmake b/cmake/FindSpicyPlugin.cmake
@@ -14,50 +14,50 @@
 #     SPICY_PLUGIN_VERSION          Version string of plugin
 #     SPICY_PLUGIN_VERSION_NUMBER   Numerical version number of plugin
 
-function(run_spicycz output)
-     execute_process(COMMAND "${SPICYZ}" ${ARGN}
-        OUTPUT_VARIABLE output_
-        OUTPUT_STRIP_TRAILING_WHITESPACE
-        )
+# Runs `spicyz` with the flags given as second argument and stores the output in the variable named
+# by the first argument.
+function (run_spicycz output)
+    execute_process(COMMAND "${SPICYZ}" ${ARGN} OUTPUT_VARIABLE output_
+                    OUTPUT_STRIP_TRAILING_WHITESPACE)
 
     string(STRIP "${output_}" output_)
     set(${output} "${output_}" PARENT_SCOPE)
 endfunction ()
 
-function(spicy_plugin_require_version version)
+# Checks that the Spicy plugin version it at least the given version.
+function (spicy_plugin_require_version version)
     string(REGEX MATCH "([0-9]*)\.([0-9]*)\.([0-9]*).*" _ ${version})
     math(EXPR version_number "${CMAKE_MATCH_1} * 10000 + ${CMAKE_MATCH_2} * 100 + ${CMAKE_MATCH_3}")
 
-    if ( "${SPICY_PLUGIN_VERSION_NUMBER}" LESS "${version_number}" )
-        message(FATAL_ERROR "Package requires at least Spicy plugin version ${version}, have ${SPICY_PLUGIN_VERSION}")
+    if ("${SPICY_PLUGIN_VERSION_NUMBER}" LESS "${version_number}")
+        message(FATAL_ERROR "Package requires at least Spicy plugin version ${version}, "
+                            "have ${SPICY_PLUGIN_VERSION}")
     endif ()
-endfunction()
+endfunction ()
 
 ###
 ### Main
 ###
 
-if ( NOT SPICYZ )
+if (NOT SPICYZ)
     set(SPICYZ "$ENV{SPICYZ}")
 endif ()
 
-if ( NOT SPICYZ )
-    find_program(spicyz spicyz
-                        HINTS
-                            ${ZEEK_SPICY_ROOT}/bin
-                            ${ZEEK_SPICY_ROOT}/build/bin
-                            $ENV{ZEEK_SPICY_ROOT}/bin
-                            $ENV{ZEEK_SPICY_ROOT}/build/bin
-                            ${PROJECT_SOURCE_DIR}/../../build/bin) # support an in-tree Spicy build
+if (NOT SPICYZ)
+    # Support an in-tree Spicy build.
+    find_program(
+        spicyz spicyz
+        HINTS ${ZEEK_SPICY_ROOT}/bin ${ZEEK_SPICY_ROOT}/build/bin $ENV{ZEEK_SPICY_ROOT}/bin
+              $ENV{ZEEK_SPICY_ROOT}/build/bin ${PROJECT_SOURCE_DIR}/../../build/bin)
     set(SPICYZ "${spicyz}")
 endif ()
 
 message(STATUS "spicyz: ${SPICYZ}")
 
-if ( SPICYZ )
+if (SPICYZ)
     set(SPICYZ "${SPICYZ}" CACHE PATH "" FORCE) # make sure it's in the cache
 
-    run_spicycz(SPICY_PLUGIN_VERSION        "--version")
+    run_spicycz(SPICY_PLUGIN_VERSION "--version")
     run_spicycz(SPICY_PLUGIN_VERSION_NUMBER "--version-number")
     message(STATUS "Zeek plugin version: ${SPICY_PLUGIN_VERSION}")
 
@@ -72,7 +72,7 @@ if ( SPICYZ )
     spicy_print_summary()
 
     include(ZeekSpicyAnalyzerSupport)
-endif()
+endif ()
 
 include(FindPackageHandleStandardArgs)
 find_package_handle_standard_args(SpicyPlugin DEFAULT_MSG SPICYZ ZEEK_FOUND)
diff --git a/zkg.meta b/zkg.meta
@@ -3,7 +3,7 @@ summary = A Wireguard VPN protocol analyzer, based on Spicy.
 description = A Wireguard VPN protocol analyzer, based on Spicy.
 script_dir = analyzer
 plugin_dir = build/spicy-modules
-build_command = unset -v CXX CXXFLAGS LD LDFLAGS && mkdir -p build && cd build && cmake .. && cmake --build .
+build_command = unset -v CXX CXXFLAGS LD LDFLAGS && mkdir -p build && cd build && SPICYZ=%(package_base)s/spicy-plugin/build/bin/spicyz cmake .. && cmake --build .
 test_command = unset -v CXX CXXFLAGS LD LDFLAGS && cd tests && PATH=$(zkg config plugin_dir)/packages/spicy-plugin/bin:$PATH btest -d -j $(nproc)
 
 [template]
@@ -14,4 +14,3 @@ zkg_version = 2.12.0
 [template_vars]
 namespace = zeek_spicy_wireguard
 name = Wireguard
-
-Original file line number
+Diff line change
@@ Expand Up / @@ -27,4 +27,4 @@ on zeek_spicy_wireguard::TailscalePacket::%done { @@
     on zeek_spicy_wireguard::TailscalePacket::%error {
     	zeek::reject_protocol("error while parsing Tailscale packet");
-    }
+    }