Update baselines for Zeek 6.

(Not exactly pretty but the tests are kind of messy to begin with.)

tests/analyzer/basic.zeek

@@ -1,8 +1,7 @@
 # @TEST-EXEC: zeek -r ${TRACES}/test.pcap frameworks/files/extract-all-files frameworks/files/hash-all-files %INPUT
 # @TEST-EXEC: for i in extract_files/*; do (printf "$i "; wc -c "$i" | awk '{print $1}'); done | sort >extracted.log
-# @TEST-EXEC: for i in files.log extracted.log; do cat $i | sed 's#\(extract-[^-]*\)-[^-]*-#\1-xxx-#g' >$i.tmp && mv $i.tmp $i; done
-#     Don't diff files.log for legacy Zeek 3.x as ordering of "analyzers" has changed
-# @TEST-EXEC: if zeek-version 40000; then btest-diff files.log; fi
+# @TEST-EXEC: for i in files.log extracted.log .stdout; do cat $i | sed 's#\(extract-[^-]*\)-[^-]*-#\1-xxx-#g' | sed 's#F[A-Za-z0-9]\{16,17\}#XXXXXXXXXXXXXXXXX#g' >$i.tmp && mv $i.tmp $i; done
+# @TEST-EXEC: btest-diff files.log
 # @TEST-EXEC: btest-diff .stdout
 # @TEST-EXEC: btest-diff extracted.log
 #

tests/analyzer/descriptor.zeek

@@ -1,8 +1,7 @@
 # @TEST-EXEC: zeek -C -r ${TRACES}/descriptor.pcap frameworks/files/extract-all-files frameworks/files/hash-all-files %INPUT
 # @TEST-EXEC: for i in extract_files/*; do (printf "$i "; wc -c "$i" | awk '{print $1}'); done | sort >extracted.log
-# @TEST-EXEC: for i in files.log extracted.log; do cat $i | sed 's#\(extract-[^-]*\)-[^-]*-#\1-xxx-#g' >$i.tmp && mv $i.tmp $i; done
-#     Don't diff files.log for legacy Zeek 3.x as ordering of "analyzers" has changed
-# @TEST-EXEC: if zeek-version 40000; then btest-diff files.log; fi
+# @TEST-EXEC: for i in files.log extracted.log .stdout; do cat $i | sed 's#\(extract-[^-]*\)-[^-]*-#\1-xxx-#g' | sed 's#F[A-Za-z0-9]\{16,17\}#XXXXXXXXXXXXXXXXX#g' >$i.tmp && mv $i.tmp $i; done
+# @TEST-EXEC: btest-diff files.log
 # @TEST-EXEC: btest-diff .stdout
 # @TEST-EXEC: btest-diff extracted.log
 #

tests/analyzer/nested.zeek

@@ -1,8 +1,7 @@
 # @TEST-EXEC: zeek -Cr ${TRACES}/nested.pcap frameworks/files/extract-all-files frameworks/files/hash-all-files %INPUT
 # @TEST-EXEC: for i in extract_files/*; do (printf "$i "; wc -c "$i" | awk '{print $1}'); done | sort >extracted.log
-# @TEST-EXEC: for i in files.log extracted.log; do cat $i | sed 's#\(extract-[^-]*\)-[^-]*-#\1-xxx-#g' >$i.tmp && mv $i.tmp $i; done
-#     Don't diff files.log for legacy Zeek 3.x as ordering of "analyzers" has changed
-# @TEST-EXEC: if zeek-version 40000; then btest-diff files.log; fi
+# @TEST-EXEC: for i in files.log extracted.log .stdout; do cat $i | sed 's#\(extract-[^-]*\)-[^-]*-#\1-xxx-#g' | sed 's#F[A-Za-z0-9]\{16,17\}#XXXXXXXXXXXXXXXXX#g' >$i.tmp && mv $i.tmp $i; done
+# @TEST-EXEC: btest-diff files.log
 # @TEST-EXEC: btest-diff .stdout
 # @TEST-EXEC: btest-diff extracted.log
 #

tests/baseline/analyzer.basic/files.log

@@ -6,10 +6,10 @@
 #unset_field	-
 #path	files
 #open XXXX-XX-XX-XX-XX-XX
-#fields	ts	fuid	tx_hosts	rx_hosts	conn_uids	source	depth	analyzers	mime_type	filename	duration	local_orig	is_orig	seen_bytes	total_bytes	missing_bytes	overflow_bytes	timedout	parent_fuid	md5	sha1	sha256	extracted	extracted_cutoff	extracted_size	ftime
-#types	time	string	set[addr]	set[addr]	set[string]	string	count	set[string]	string	string	interval	bool	bool	count	count	count	count	bool	string	string	string	string	string	bool	count	time
+#fields	ts	fuid	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	source	depth	analyzers	mime_type	filename	duration	local_orig	is_orig	seen_bytes	total_bytes	missing_bytes	overflow_bytes	timedout	parent_fuid	md5	sha1	sha256	extracted	extracted_cutoff	extracted_size	ftime
+#types	time	string	string	addr	port	addr	port	string	count	set[string]	string	string	interval	bool	bool	count	count	count	count	bool	string	string	string	string	string	bool	count	time
 #close XXXX-XX-XX-XX-XX-XX
-XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	192.150.187.12	192.168.7.120	CHhAvVGS1DHFjwGM9	HTTP	0	SPICY_ZIP,EXTRACT,SHA1,MD5	application/zip	-	0.644241	-	F	129598	129598	0	0	F	-	e97e67328c12b639ff9fa84bfa9aaf27	9cfff9d9672f3e14d6ac49df074cb85f46432366	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	-
-XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	(empty)	(empty)	(empty)	SPICY_ZIP	0	SHA1,MD5,EXTRACT	image/png	test/bro-web-eye-only.png	0.259282	-	F	14739	14734	0	0	F	XXXXXXXXXXXXXXXXX	a996d43b224cef8772977a5605ec706e	daa31a4d9e5e5918876f58a8a8a940ff401b025d	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	XXXXXXXXXX.XXXXXX
-XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	(empty)	(empty)	(empty)	SPICY_ZIP	0	SHA1,MD5,EXTRACT	image/png	test/spicy-logo.png	0.384940	-	F	112322	112196	0	0	F	XXXXXXXXXXXXXXXXX	f2d1a7eb1403e0674ad50006c6773bb3	3c5ed2659000432a42e11b6df95a69c289fe04e3	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	XXXXXXXXXX.XXXXXX
-XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	(empty)	(empty)	(empty)	SPICY_ZIP	0	SHA1,MD5,EXTRACT	-	test/README.md	0.000005	-	F	5294	2146	0	0	F	XXXXXXXXXXXXXXXXX	afcdeb85e51aecc6cef747546058ddab	7e2ada78ae1b5f06750d6f830004e6fee6e66479	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	XXXXXXXXXX.XXXXXX
+XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	CHhAvVGS1DHFjwGM9	192.168.7.120	54454	192.150.187.12	80	HTTP	0	SPICY_ZIP,EXTRACT,SHA1,MD5	application/zip	-	0.644241	F	F	129598	129598	0	0	F	-	e97e67328c12b639ff9fa84bfa9aaf27	9cfff9d9672f3e14d6ac49df074cb85f46432366	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	-
+XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	CHhAvVGS1DHFjwGM9	192.168.7.120	54454	192.150.187.12	80	SPICY_ZIP	0	SHA1,MD5,EXTRACT	image/png	test/bro-web-eye-only.png	0.259282	-	F	14739	14734	0	0	F	XXXXXXXXXXXXXXXXX	a996d43b224cef8772977a5605ec706e	daa31a4d9e5e5918876f58a8a8a940ff401b025d	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	XXXXXXXXXX.XXXXXX
+XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	CHhAvVGS1DHFjwGM9	192.168.7.120	54454	192.150.187.12	80	SPICY_ZIP	0	SHA1,MD5,EXTRACT	image/png	test/spicy-logo.png	0.384940	-	F	112322	112196	0	0	F	XXXXXXXXXXXXXXXXX	f2d1a7eb1403e0674ad50006c6773bb3	3c5ed2659000432a42e11b6df95a69c289fe04e3	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	XXXXXXXXXX.XXXXXX
+XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	CHhAvVGS1DHFjwGM9	192.168.7.120	54454	192.150.187.12	80	SPICY_ZIP	0	SHA1,MD5,EXTRACT	-	test/README.md	0.000005	-	F	5294	2146	0	0	F	XXXXXXXXXXXXXXXXX	afcdeb85e51aecc6cef747546058ddab	7e2ada78ae1b5f06750d6f830004e6fee6e66479	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	XXXXXXXXXX.XXXXXX

tests/baseline/analyzer.descriptor/files.log

@@ -6,8 +6,8 @@
 #unset_field	-
 #path	files
 #open XXXX-XX-XX-XX-XX-XX
-#fields	ts	fuid	tx_hosts	rx_hosts	conn_uids	source	depth	analyzers	mime_type	filename	duration	local_orig	is_orig	seen_bytes	total_bytes	missing_bytes	overflow_bytes	timedout	parent_fuid	md5	sha1	sha256	extracted	extracted_cutoff	extracted_size	ftime
-#types	time	string	set[addr]	set[addr]	set[string]	string	count	set[string]	string	string	interval	bool	bool	count	count	count	count	bool	string	string	string	string	string	bool	count	time
+#fields	ts	fuid	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	source	depth	analyzers	mime_type	filename	duration	local_orig	is_orig	seen_bytes	total_bytes	missing_bytes	overflow_bytes	timedout	parent_fuid	md5	sha1	sha256	extracted	extracted_cutoff	extracted_size	ftime
+#types	time	string	string	addr	port	addr	port	string	count	set[string]	string	string	interval	bool	bool	count	count	count	count	bool	string	string	string	string	string	bool	count	time
 #close XXXX-XX-XX-XX-XX-XX
-XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	(empty)	(empty)	(empty)	SPICY_ZIP	0	SHA1,MD5,EXTRACT	-	test/file.txt	0.000000	-	F	15	15	0	0	F	XXXXXXXXXXXXXXXXX	f62ac84ff9e6229509abcb9ac87b5602	b52b86e9df692a2d639c1b387bf8a48be28ae06f	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	XXXXXXXXXX.XXXXXX
-XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	127.0.0.1	127.0.0.1	ClEkJM2Vm5giqnMf4h	HTTP	0	SPICY_ZIP,EXTRACT,SHA1,MD5	application/zip	-	0.000000	-	F	247	247	0	0	F	-	61d0055c64568b049c6b0dabdffdb125	5a577696c7af86b1a2f0b8e290a5be884f6615e6	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	-
+XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	ClEkJM2Vm5giqnMf4h	127.0.0.1	50531	127.0.0.1	80	HTTP	0	SPICY_ZIP,EXTRACT,SHA1,MD5	application/zip	-	0.000000	T	F	247	247	0	0	F	-	61d0055c64568b049c6b0dabdffdb125	5a577696c7af86b1a2f0b8e290a5be884f6615e6	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	-
+XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	ClEkJM2Vm5giqnMf4h	127.0.0.1	50531	127.0.0.1	80	SPICY_ZIP	0	SHA1,MD5,EXTRACT	-	test/file.txt	0.000000	-	F	15	15	0	0	F	XXXXXXXXXXXXXXXXX	f62ac84ff9e6229509abcb9ac87b5602	b52b86e9df692a2d639c1b387bf8a48be28ae06f	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	XXXXXXXXXX.XXXXXX

tests/baseline/analyzer.nested/files.log

@@ -6,13 +6,13 @@
 #unset_field	-
 #path	files
 #open XXXX-XX-XX-XX-XX-XX
-#fields	ts	fuid	tx_hosts	rx_hosts	conn_uids	source	depth	analyzers	mime_type	filename	duration	local_orig	is_orig	seen_bytes	total_bytes	missing_bytes	overflow_bytes	timedout	parent_fuid	md5	sha1	sha256	extracted	extracted_cutoff	extracted_size	ftime
-#types	time	string	set[addr]	set[addr]	set[string]	string	count	set[string]	string	string	interval	bool	bool	count	count	count	count	bool	string	string	string	string	string	bool	count	time
+#fields	ts	fuid	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	source	depth	analyzers	mime_type	filename	duration	local_orig	is_orig	seen_bytes	total_bytes	missing_bytes	overflow_bytes	timedout	parent_fuid	md5	sha1	sha256	extracted	extracted_cutoff	extracted_size	ftime
+#types	time	string	string	addr	port	addr	port	string	count	set[string]	string	string	interval	bool	bool	count	count	count	count	bool	string	string	string	string	string	bool	count	time
 #close XXXX-XX-XX-XX-XX-XX
-XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	(empty)	(empty)	(empty)	SPICY_ZIP	0	SHA1,MD5,EXTRACT	-	-	0.000000	-	F	0	0	0	0	F	XXXXXXXXXXXXXXXXX	-	-	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	-
-XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	(empty)	(empty)	(empty)	SPICY_ZIP	0	SHA1,MD5,EXTRACT	-	-	0.000000	-	F	0	0	0	0	F	XXXXXXXXXXXXXXXXX	-	-	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	-
-XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	(empty)	(empty)	(empty)	SPICY_ZIP	0	SHA1,MD5,EXTRACT	-	-	0.000000	-	F	0	0	0	0	F	XXXXXXXXXXXXXXXXX	-	-	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	-
-XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	(empty)	(empty)	(empty)	SPICY_ZIP	0	SHA1,MD5,EXTRACT	text/plain	bar/bar.txt	0.000000	-	F	15	10	0	0	F	XXXXXXXXXXXXXXXXX	b794f48dec8c7e1c093c5d74e602e062	c78895764271120c2b33882516e86d4447b6f263	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	XXXXXXXXXX.XXXXXX
-XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	(empty)	(empty)	(empty)	SPICY_ZIP	0	SHA1,MD5,EXTRACT	text/plain	foo/foo.txt	0.000000	-	F	15	10	0	0	F	XXXXXXXXXXXXXXXXX	44a6634c024833519906aa73e750b208	a41bceee4d740eac2b53d9646023c2d6b78ad3dd	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	XXXXXXXXXX.XXXXXX
-XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	(empty)	(empty)	(empty)	SPICY_ZIP	0	SPICY_ZIP,EXTRACT,SHA1,MD5	application/zip	bar<...>/foo.zip	0.000000	-	F	318	318	0	0	F	XXXXXXXXXXXXXXXXX	86a250119e8b0c065b565cda9e9d6534	e97e2496029057f7e59019a7b23ac1d08b7ca0dc	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	XXXXXXXXXX.XXXXXX
-XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	127.0.0.1	127.0.0.1	ClEkJM2Vm5giqnMf4h	HTTP	0	SPICY_ZIP,EXTRACT,SHA1,MD5	application/zip	-	0.000000	-	F	938	938	0	0	F	-	75991ed996d25b62841fdc9e15845dfc	e25eab4e6ca9e95cac0eca9faa3ec04eebf8747b	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	-
+XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	ClEkJM2Vm5giqnMf4h	127.0.0.1	50858	127.0.0.1	80	HTTP	0	SPICY_ZIP,EXTRACT,SHA1,MD5	application/zip	-	0.000000	T	F	938	938	0	0	F	-	75991ed996d25b62841fdc9e15845dfc	e25eab4e6ca9e95cac0eca9faa3ec04eebf8747b	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	-
+XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	ClEkJM2Vm5giqnMf4h	127.0.0.1	50858	127.0.0.1	80	SPICY_ZIP	0	SHA1,MD5,EXTRACT	-	-	0.000000	-	F	0	0	0	0	F	XXXXXXXXXXXXXXXXX	-	-	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	-
+XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	ClEkJM2Vm5giqnMf4h	127.0.0.1	50858	127.0.0.1	80	SPICY_ZIP	0	SHA1,MD5,EXTRACT	-	-	0.000000	-	F	0	0	0	0	F	XXXXXXXXXXXXXXXXX	-	-	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	-
+XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	ClEkJM2Vm5giqnMf4h	127.0.0.1	50858	127.0.0.1	80	SPICY_ZIP	0	SHA1,MD5,EXTRACT	-	-	0.000000	-	F	0	0	0	0	F	XXXXXXXXXXXXXXXXX	-	-	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	-
+XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	ClEkJM2Vm5giqnMf4h	127.0.0.1	50858	127.0.0.1	80	SPICY_ZIP	0	SHA1,MD5,EXTRACT	text/plain	bar/bar.txt	0.000000	-	F	15	10	0	0	F	XXXXXXXXXXXXXXXXX	b794f48dec8c7e1c093c5d74e602e062	c78895764271120c2b33882516e86d4447b6f263	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	XXXXXXXXXX.XXXXXX
+XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	ClEkJM2Vm5giqnMf4h	127.0.0.1	50858	127.0.0.1	80	SPICY_ZIP	0	SHA1,MD5,EXTRACT	text/plain	foo/foo.txt	0.000000	-	F	15	10	0	0	F	XXXXXXXXXXXXXXXXX	44a6634c024833519906aa73e750b208	a41bceee4d740eac2b53d9646023c2d6b78ad3dd	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	XXXXXXXXXX.XXXXXX
+XXXXXXXXXX.XXXXXX	XXXXXXXXXXXXXXXXX	ClEkJM2Vm5giqnMf4h	127.0.0.1	50858	127.0.0.1	80	SPICY_ZIP	0	SPICY_ZIP,EXTRACT,SHA1,MD5	application/zip	bar<...>/foo.zip	0.000000	-	F	318	318	0	0	F	XXXXXXXXXXXXXXXXX	86a250119e8b0c065b565cda9e9d6534	e97e2496029057f7e59019a7b23ac1d08b7ca0dc	-	extract-XXXXXXXXXX.XXXXXX-xxx-XXXXXXXXXXXXXXXXX	F	-	XXXXXXXXXX.XXXXXX