recog 2.3.23 → 3.0.1

data/features/data/failing_banners_fingerprints.xml

@@ -1,20 +0,0 @@
-<?xml version="1.0"?>
-<fingerprints>
-  <fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-$">
-    <example>=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-</example>
-    <description>Older Pure-FTPd versions</description>
-    <param pos="0" name="service.family" value="Pure-FTPd"/>
-    <param pos="0" name="service.product" value="Pure-FTPd"/>
-    <param pos="1" name="service.version"/>
-  </fingerprint>
-  <fingerprint pattern="^(\S+) FTP Server \(Solaris (\S+)\) ready\.?$" flags="REG_ICASE">
-    <description>SunOS/Solaris</description>
-    <example>example.com FTP server (Solaris 5.7) ready.</example>
-    <param pos="0" name="os.vendor" value="Sun"/>
-    <param pos="0" name="os.family" value="Solaris"/>
-    <param pos="0" name="os.product" value="Solaris"/>
-    <param pos="0" name="os.device" value="General"/>
-    <param pos="1" name="host.name"/>
-    <param pos="2" name="os.version"/>
-  </fingerprint>
-</fingerprints>

data/features/data/matching_banners_fingerprints.xml

@@ -1,23 +0,0 @@
-<?xml version="1.0"?>
-<fingerprints protocol="ftp" database_type="service">
-  <fingerprint pattern="^-{10} Welcome to Pure-FTPd (.*)-{10}$">
-    <example>---------- Welcome to Pure-FTPd ----------</example>
-    <description>Pure-FTPd
-      Config data can be zero or more of: [privsep] [TLS]
-      </description>
-    <param pos="1" name="pureftpd.config"/>
-    <param pos="0" name="service.family" value="Pure-FTPd"/>
-    <param pos="0" name="service.product" value="Pure-FTPd"/>
-    <param pos="0" name="service.protocol" value="ftp"/>
-  </fingerprint>
-  <fingerprint pattern="^(\S+) FTP Server \(SunOS (\S+)\) ready\.?$" flags="REG_ICASE">
-    <description>SunOS/Solaris</description>
-    <example>example.com FTP server (SunOS 5.7) ready.</example>
-    <param pos="0" name="os.vendor" value="Sun"/>
-    <param pos="0" name="os.family" value="Solaris"/>
-    <param pos="0" name="os.product" value="Solaris"/>
-    <param pos="0" name="os.device" value="General"/>
-    <param pos="1" name="host.name"/>
-    <param pos="2" name="os.version"/>
-  </fingerprint>
-</fingerprints>

data/features/data/multiple_banners_fingerprints.xml

@@ -1,32 +0,0 @@
-<?xml version="1.0"?>
-<fingerprints>
-  <fingerprint pattern="FTP">
-    <example>---- FTP Stuff ----</example>
-    <example>FTP server</example>
-    <description>Generic FTP,
-      Checks for the existence of the word FTP in the line
-    </description>
-    <!-- Asserting nothing -->
-  </fingerprint>
-  <fingerprint pattern="^-{10} Welcome to Pure-FTPd (.*)-{10}$">
-    <example>---------- Welcome to Pure-FTPd ----------</example>
-    <description>Pure-FTPd
-      Config data can be zero or more of: [privsep] [TLS]
-    </description>
-    <param pos="1" name="pureftpd.config"/>
-    <param pos="0" name="service.family" value="Pure-FTPd"/>
-    <param pos="0" name="service.product" value="Pure-FTPd"/>
-    <param pos="0" name="service.protocol" value="ftp"/>
-  </fingerprint>
-  <fingerprint pattern="^(\S+) FTP Server \(SunOS (\S+)\) ready\.?$" flags="REG_ICASE">
-    <description>SunOS/Solaris</description>
-    <example>example.com FTP server (SunOS 5.7) ready.</example>
-    <param pos="0" name="service.protocol" value="ftp"/>
-    <param pos="0" name="os.vendor" value="Sun"/>
-    <param pos="0" name="os.family" value="Solaris"/>
-    <param pos="0" name="os.product" value="Solaris"/>
-    <param pos="0" name="os.device" value="General"/>
-    <param pos="1" name="host.name"/>
-    <param pos="2" name="os.version"/>
-  </fingerprint>
-</fingerprints>

data/features/data/no_tests.xml

@@ -1,3 +0,0 @@
-<?xml version="1.0"?>
-<fingerprints>
-</fingerprints>

data/features/data/sample_banner.txt

@@ -1,2 +0,0 @@
----------- Welcome to Pure-FTPd [privsep] [TLS] ----------
-polaris FTP server (SunOS 5.8) ready.

data/features/data/schema_failure.xml

@@ -1,4 +0,0 @@
-<?xml version="1.0"?>
-<fingerprints>
-    <fingerprint name="foo"/>
-</fingerprints>

data/features/data/successful_tests.xml

@@ -1,18 +0,0 @@
-<?xml version="1.0"?>
-<fingerprints>
-   <fingerprint pattern="^Cisco-SIPGateway/IOS-([\d\.x]+)$">
-      <description>Cisco SIPGateway</description>
-      <example os.version="12.x">Cisco-SIPGateway/IOS-12.x</example>
-      <param pos="0" name="os.vendor" value="Cisco"/>
-      <param pos="0" name="os.product" value="IOS"/>
-      <param pos="1" name="os.version"/>
-   </fingerprint>
-   <fingerprint pattern="^bar ([\d.]+)$">
-     <description>bar test</description>
-     <example os.version="1.0" >bar 1.0</example>
-     <example os.version="2.0" >bar 2.0</example>
-     <example os.version="2.1" >bar 2.1</example>
-     <param pos="1" name="os.version" />
-     <param pos="0" name="os.name" value="Bar" />
-   </fingerprint>
-</fingerprints>

data/features/data/tests_with_failures.xml

@@ -1,26 +0,0 @@
-<?xml version="1.0"?>
-<fingerprints>
-   <fingerprint pattern="^foo$">
-     <description>foo test</description>
-     <!-- Fail: doesn't match -->
-     <example>bar</example>
-   </fingerprint>
-   <fingerprint pattern="^This matches$">
-     <!-- Warn: no name -->
-     <!-- Fail: doesn't match -->
-     <example>This almost matches</example>
-   </fingerprint>
-   <fingerprint pattern="^(\S+) ([\d.]+)$">
-     <description>bar test</description>
-     <!-- Fail: expected os.version doesn't match the capture group -->
-     <example os.version="5.0" >bar 1.0</example>
-     <param pos="2" name="os.version" />
-     <param pos="1" name="os.name" value="Bar" />
-   </fingerprint>
-  <fingerprint pattern="^(\S+) ([\d.]+)$">
-    <description>example with untested parameter</description>
-    <!-- Fail: missing example test os.version parameter -->
-    <example>bar 1.0</example>
-    <param pos="1" name="os.version" />
-  </fingerprint>
-</fingerprints>

data/features/data/tests_with_warnings.xml

@@ -1,17 +0,0 @@
-<?xml version="1.0"?>
-<fingerprints>
-  <fingerprint pattern="^-{10} Welcome to Pure-FTPd (.*)-{10}$">
-    <example pureftpd.config="">---------- Welcome to Pure-FTPd ----------</example>
-    <description>Pure-FTPd</description>
-    <param pos="1" name="pureftpd.config"/>
-    <param pos="0" name="service.family" value="Pure-FTPd"/>
-    <param pos="0" name="service.product" value="Pure-FTPd"/>
-  </fingerprint>
-  <fingerprint pattern="^-{10} Welcome to Pure-FTPd (.*)-{10}$">
-    <!-- should warn with no examples -->
-    <description>Pure-FTPd</description>
-    <param pos="1" name="pureftpd.config"/>
-    <param pos="0" name="service.family" value="Pure-FTPd"/>
-    <param pos="0" name="service.product" value="Pure-FTPd"/>
-  </fingerprint>
-</fingerprints>

data/features/match.feature

@@ -1,36 +0,0 @@
-Feature: Match
-  @no-clobber
-  Scenario: Finds matches
-    When I run `recog_match matching_banners_fingerprints.xml sample_banner.txt`
-    Then it should pass with:
-      """
-      MATCH: {"matched"=>"Pure-FTPd Config data can be zero or more of: [privsep] [TLS]", "pureftpd.config"=>"[privsep] [TLS] ", "service.family"=>"Pure-FTPd", "service.product"=>"Pure-FTPd", "service.protocol"=>"ftp", "fingerprint_db"=>"matching_banners_fingerprints", "data"=>"---------- Welcome to Pure-FTPd [privsep] [TLS] ----------"}
-      MATCH: {"matched"=>"SunOS/Solaris", "os.vendor"=>"Sun", "os.family"=>"Solaris", "os.product"=>"Solaris", "os.device"=>"General", "host.name"=>"polaris", "os.version"=>"5.8", "service.protocol"=>"ftp", "fingerprint_db"=>"matching_banners_fingerprints", "data"=>"polaris FTP server (SunOS 5.8) ready."}
-      """
-
-  @no-clobber
-  Scenario: Fails at finding matches
-    When I run `recog_match failing_banners_fingerprints.xml sample_banner.txt`
-    Then it should pass with:
-      """
-      FAIL: ---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
-      FAIL: polaris FTP server (SunOS 5.8) ready
-      """
-
-  @no-clobber
-  Scenario: Finds multiple matches
-    When I run `recog_match multiple_banners_fingerprints.xml sample_banner.txt --multi-match`
-    Then it should pass with:
-      """
-      MATCHES: {"matched"=>"Generic FTP, Checks for the existence of the word FTP in the line", "service.protocol"=>"", "fingerprint_db"=>"multiple_banners_fingerprints", "data"=>"---------- Welcome to Pure-FTPd [privsep] [TLS] ----------"},{"matched"=>"Pure-FTPd Config data can be zero or more of: [privsep] [TLS]", "pureftpd.config"=>"[privsep] [TLS] ", "service.family"=>"Pure-FTPd", "service.product"=>"Pure-FTPd", "service.protocol"=>"ftp", "fingerprint_db"=>"multiple_banners_fingerprints", "data"=>"---------- Welcome to Pure-FTPd [privsep] [TLS] ----------"}
-      MATCHES: {"matched"=>"Generic FTP, Checks for the existence of the word FTP in the line", "service.protocol"=>"", "fingerprint_db"=>"multiple_banners_fingerprints", "data"=>"polaris FTP server (SunOS 5.8) ready."},{"matched"=>"SunOS/Solaris", "service.protocol"=>"ftp", "os.vendor"=>"Sun", "os.family"=>"Solaris", "os.product"=>"Solaris", "os.device"=>"General", "host.name"=>"polaris", "os.version"=>"5.8", "fingerprint_db"=>"multiple_banners_fingerprints", "data"=>"polaris FTP server (SunOS 5.8) ready."}
-      """
-
-  @no-clobber
-  Scenario: Finds first matches using no-multi-match flag
-    When I run `recog_match multiple_banners_fingerprints.xml sample_banner.txt --no-multi-match`
-    Then it should pass with:
-    """
-    MATCH: {"matched"=>"Generic FTP, Checks for the existence of the word FTP in the line", "service.protocol"=>"", "fingerprint_db"=>"multiple_banners_fingerprints", "data"=>"---------- Welcome to Pure-FTPd [privsep] [TLS] ----------"}
-    MATCH: {"matched"=>"Generic FTP, Checks for the existence of the word FTP in the line", "service.protocol"=>"", "fingerprint_db"=>"multiple_banners_fingerprints", "data"=>"polaris FTP server (SunOS 5.8) ready."}
-    """

data/features/support/aruba.rb

@@ -1,3 +0,0 @@
-Aruba.configure do |config|
-  config.working_directory = 'features/data'
-end

data/features/support/env.rb

@@ -1,6 +0,0 @@
-require 'aruba/cucumber'
-
-Before do
-  @dirs = ["features/data"]
-  @aruba_timeout_seconds = 30
-end

data/features/support/hooks.rb

@@ -1,9 +0,0 @@
-require "cucumber/platform"
-
-Before "@requires-ruby-platform-java" do
- skip_this_scenario unless Cucumber::JRUBY
-end
-  
-Before "@unsupported-on-platform-java" do
- skip_this_scenario if Cucumber::JRUBY
-end

data/features/verify.feature

@@ -1,112 +0,0 @@
-Feature: Verify
-  @no-clobber
-  Scenario: No tests
-    When I run `recog_verify no_tests.xml`
-    Then it should pass with exactly:
-      """
-      no_tests.xml: SUMMARY: Test completed with 0 successful, 0 warnings, and 0 failures
-      """
-
-  @no-clobber
-  Scenario: Successful tests
-    When I run `recog_verify successful_tests.xml`
-    Then it should pass with exactly:
-      """
-      successful_tests.xml: SUMMARY: Test completed with 4 successful, 0 warnings, and 0 failures
-      """
-
-  @no-clobber
-  Scenario: Tests with warnings, warnings disabled
-    When I run `recog_verify --no-warnings tests_with_warnings.xml`
-    Then it should pass with exactly:
-      """
-      tests_with_warnings.xml: SUMMARY: Test completed with 1 successful, 0 warnings, and 0 failures
-      """
- 
-  # These tests vary due to line numbering issues in Nokogiri, so there are different versions
-  # of the same test depending on the ruby runtime. Nokogiri uses libxml under CRuby, and a custom
-  # java-based parser under JRuby. The Java-based parser only approximates line numbers, which are
-  # typically off if XML prolog or comments are present.
-  #
-  # See https://github.com/sparklemotion/nokogiri/issues/2380
-  @no-clobber
-  @unsupported-on-platform-java
-  Scenario: Tests with warnings, warnings enabled (CRuby)
-    When I run `recog_verify tests_with_warnings.xml`
-    Then it should fail with:
-      """
-      tests_with_warnings.xml:10: WARN: 'Pure-FTPd' has no test cases
-      tests_with_warnings.xml: SUMMARY: Test completed with 1 successful, 1 warnings, and 0 failures
-      """
-    And the exit status should be 1
- 
-  # JRuby 9.2.20.1 and 9.3.3.0 differ in how they parse XML, where the latter is more close to libxml
-  # and Nokogiri. We use a regex test to match results from both versions.
-  @no-clobber
-  @requires-ruby-platform-java
-  Scenario: Tests with warnings, warnings enabled (JRuby)
-    When I run `recog_verify tests_with_warnings.xml`
-    Then it should fail with regex:
-      """
-      tests_with_warnings.xml:\d+: WARN: 'Pure-FTPd' has no test cases
-      tests_with_warnings.xml: SUMMARY: Test completed with 1 successful, 1 warnings, and 0 failures
-      """
-    And the exit status should be 1
-
-  @no-clobber
-  @unsupported-on-platform-java
-  Scenario: Tests with failures (CRuby)
-    When I run `recog_verify tests_with_failures.xml`
-    Then it should fail with:
-      """
-      tests_with_failures.xml:3: FAIL: 'foo test' failed to match "bar" with (?-mix:^foo$)'
-      tests_with_failures.xml:8: FAIL: '' failed to match "This almost matches" with (?-mix:^This matches$)'
-      tests_with_failures.xml:13: FAIL: 'bar test's os.name is a non-zero pos but specifies a value of 'Bar'
-      tests_with_failures.xml:13: FAIL: 'bar test' failed to find expected capture group os.version '5.0'. Result was 1.0
-      tests_with_failures.xml:20: FAIL: 'example with untested parameter' is missing an example that checks for parameter 'os.version' which is derived from a capture group
-      tests_with_failures.xml: SUMMARY: Test completed with 1 successful, 0 warnings, and 5 failures
-      """
-    And the exit status should be 5
- 
-  # JRuby 9.2.20.1 and 9.3.3.0 differ in how they parse XML, where the latter is more close to libxml
-  # and Nokogiri. We use a regex test to match results from both versions.
-  @no-clobber
-  @requires-ruby-platform-java
-  Scenario: Tests with failures (JRuby)
-    When I run `recog_verify tests_with_failures.xml`
-    Then it should fail with regex:
-      """
-      tests_with_failures.xml:\d+: FAIL: 'foo test' failed to match "bar" with \(\?-mix:\^foo\$\)'
-      tests_with_failures.xml:\d+: FAIL: '' failed to match "This almost matches" with \(\?-mix:\^This matches\$\)'
-      tests_with_failures.xml:\d+: FAIL: 'bar test's os\.name is a non-zero pos but specifies a value of 'Bar'
-      tests_with_failures.xml:\d+: FAIL: 'bar test' failed to find expected capture group os\.version '5\.0'. Result was 1\.0
-      tests_with_failures.xml:\d+: FAIL: 'example with untested parameter' is missing an example that checks for parameter 'os\.version' which is derived from a capture group
-      tests_with_failures.xml: SUMMARY: Test completed with 1 successful, 0 warnings, and 5 failures
-      """
-    And the exit status should be 5
-
-  @no-clobber
-  @unsupported-on-platform-java
-  Scenario: recog_verify produces XML errors from the XSD with a malformed XML document (CRuby)
-    When I run `recog_verify --schema-location ../../xml/fingerprints.xsd schema_failure.xml`
-    Then it should fail with:
-      """
-      schema_failure.xml:3: FAIL: 3:0: ERROR: Element 'fingerprint', attribute 'name': The attribute 'name' is not allowed.
-      schema_failure.xml:3: FAIL: 3:0: ERROR: Element 'fingerprint': The attribute 'pattern' is required but missing.
-      schema_failure.xml:3: FAIL: 3:0: ERROR: Element 'fingerprint': Missing child element(s). Expected is ( description ).
-      schema_failure.xml: SUMMARY: Test completed with 0 successful, 0 warnings, and 3 failures
-      """
-    And the exit status should be 3
-
-  @no-clobber
-  @requires-ruby-platform-java
-  Scenario: recog_verify produces XML errors from the XSD with a malformed XML document (JRuby)
-    When I run `recog_verify --schema_location ../../xml/fingerprints.xsd schema_failure.xml`
-    Then it should fail with:
-      """
-      schema_failure.xml:-1: FAIL: -1:-1: ERROR: cvc-complex-type.3.2.2: Attribute 'name' is not allowed to appear in element 'fingerprint'.
-      schema_failure.xml:-1: FAIL: -1:-1: ERROR: cvc-complex-type.4: Attribute 'pattern' must appear on element 'fingerprint'.
-      schema_failure.xml:-1: FAIL: -1:-1: ERROR: cvc-complex-type.2.4.b: The content of element 'fingerprint' is not complete. One of '{description}' is expected.
-      schema_failure.xml: SUMMARY: Test completed with 0 successful, 0 warnings, and 3 failures
-      """
-    And the exit status should be 3

data/identifiers/README.md

@@ -1,70 +0,0 @@
-# Recog: Identifiers
-
-This directory contains lists of standard identifiers for mapping Recog matches.
-The goal is define a standard set of constants to represent known software,
-hardware, vendors, and categories.
-
-This is currently incomplete and will be updated as standardization work moves
-forward.
-
-Fingerprints should use these identifiers whenever possible; if a different name
-or syntax for a given identifier is preferred, this should be implemented in the
-application through a mapping function.
-
-## Lists
-
-### Fields
-
-`fields.txt` defines the various fields (`os.vendor`, etc.) used to assert
-information about a match.
-
-### Vendors
-
-`vendor.txt` defines known vendor names, covering services, operating systems,
-and hardware.
-
-### Operating Systems
-
-`os_architecture.txt` defines known CPU types.
-
-`os_product.txt` defines known operating system names.
-
-`os_family.txt` defines known operating system families.
-
-`os_device.txt` defines known types of devices by function or purpose.
-
-### Hardware
-
-`hw_product.txt` defines known hardware product names.
-
-`hw_family.txt` defines known hardware product families.
-
-`hw_device.txt` defines known types of devices by function or purpose (overlaps
-with `os_device.txt`).
-
-### Services
-
-`service_product.txt` defines known service product names.
-
-`service_family.txt` defines known service product families.
-
-### Software
-
-`software_product.txt` defines known software product names.
-
-`software_family.txt` defines known software product families.
-
-`software_class.txt` defines known types of software by function or purpose.
-
-## Pending Work
-
-* All existing fingerprints should be correlated against these lists to
-  identify mismatches and updated accordingly.
-
-* All net new identifiers from the existing fingerprints should be merged into
-these lists.
-
-* All fingerprint assertions should be enumerated, documented, and standardized
-where possible (`host.mac`, etc).
-
-* Hardware identifiers should be enumerated, consolidated, and standardized.

data/identifiers/fields.txt

@@ -1,105 +0,0 @@
-agilent.serial
-apache.info
-apache.variant
-apache.variant.version
-aptinex.model
-chromecast.capabilities
-chromecast.generation
-cisco.imc_model
-cisco.model
-cookie
-dell.service_tag
-digi.serial_number
-extron.model
-host.domain
-host.ip
-host.mac
-host.mac_eui64
-host.mac_local
-host.name
-host.time
-hw.certainty
-hw.cpe23
-hw.device
-hw.family
-hw.model
-hw.product
-hw.serial_number
-hw.series
-hw.vendor
-hw.version
-imail.eval
-jetty.info
-junction.cookie
-junction.name
-lantronix.serial_number
-lenovo.machine_model
-lenovo.machine_type
-linux.kernel.version
-loadbalancer.poolname
-mdaemon.unregistered
-mercur.os.info
-metainfo.version
-metainfo.version.version
-ms.nttp.version
-notes.build.version
-ntmail.id
-openssh.comment
-openssh.cvepatch
-os.arch
-os.build
-os.certainty
-os.cpe23
-os.device
-os.edition
-os.family
-os.model
-os.product
-os.rev
-os.vendor
-os.version
-os.version.version
-os.version.version.version
-postfix.os.info
-postoffice.build
-postoffice.id
-procurve.model
-proftpd.server.name
-pureftpd.config
-python.version
-qpopper.version
-securetransport.build
-sendmail.config.version
-sendmail.hpux.phne.version
-sendmail.vendor.version
-service.certainty
-service.component.cpe23
-service.component.family
-service.component.product
-service.component.vendor
-service.component.version
-service.cpe23
-service.device
-service.edition
-service.family
-service.node
-service.product
-service.protocol
-service.vendor
-service.version
-service.version.version
-service.version.version.version
-service.version.version.version.version
-siemens.model
-snmp.fpmib.oid.1
-snmp.fpmib.oid.2
-system.time
-system.time.format
-system.time.micros
-system.time.millis
-tandberg.model
-thttpd.mx-patch
-tomcat.info
-unify.model
-wd2go.device_id
-zmailer.ident

data/identifiers/hw_device.txt

@@ -1,86 +0,0 @@
-ADSL Modem
-AV Receiver
-Access Control
-Alarm Panel
-Appliance
-Audio Encoder
-Broadband Router
-Building Automation
-Cable Modem
-Check Scanner
-DOCSIS Cable Modem
-DSL Modem
-DVR
-Data Terminal
-Desktop
-Device
-Device Hub
-Device Server
-Display Controller
-Environment Control
-Ethernet Adapter
-Firewall
-HMI Controller
-Handheld Scanner
-Hypervisor
-IP Camera
-IPS
-IPTV
-Industrial Control
-JTAG Adapter
-KVM
-Laptop
-Light Bulb
-Lights Out Management
-Media Player
-Media Receiver
-Media Server
-Mobile Phone
-Monitoring
-Multifunction Device
-NAS
-Network Appliance
-Network Audio
-Network Management Device
-PLC
-Power Device
-Power Meter
-Power Relay
-Powerline
-Print Server
-Printer
-Relay Controller
-Router
-SD-WAN Appliance
-SIP Device
-SIP Gateway
-Scanner
-Security Appliance
-Sensor
-Smart TV
-Storage
-Storage Appliance
-Support Appliance
-Switch
-Tablet
-Tape Library
-Telecom
-Test Instrument
-Thin Client
-UPS
-VPN
-Video Conference
-Video Conferencing
-Video Decoder
-Video Encoder
-VoIP
-VoIP Gateway
-VoIP Server
-VoIP Switch
-Voice Appliance
-WAP
-WLAN Repeater
-Web Cam
-Whiteboard
-Wireless Controller
-Wireless Presenter