Fix CI for building against main version of Spicy

.github/workflows/check.yml

@@ -10,8 +10,8 @@ jobs:
     strategy:
       matrix:
         version:
-          - zeek:5.0
           - zeek:6.0
+          - zeek:6.2
           - zeek-dev:latest
 
       fail-fast: false

tests/analyzer/basic.zeek

@@ -2,12 +2,15 @@
 
 # @TEST-EXEC: zeek -r ${TRACES}/http-post.pcap frameworks/files/hash-all-files %INPUT
 # @TEST-EXEC: cat files.log | sed 's/SHA1,MD5/MD5,SHA1/g' >files.log.tmp && mv -f files.log.tmp files.log
-# @TEST-EXEC: zeek-cut -C ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service history <conn.log >conn.log2 && mv conn.log2 conn.log
-# @TEST-EXEC: zeek-cut -C fuid source depth analyzers mime_type filename total_bytes <files.log >files.log.tmp && mv files.log.tmp files.log
+#
+# Drop fields which are incompatible between zeek-6.0 and dev version.
+# @TEST-EXEC: zeek-cut -C -n fuid <conn.log >conn.log2 && mv conn.log2 conn.log
+# @TEST-EXEC: zeek-cut -C -n orig_fuids resp_fuids <http.log >http.log.tmp && mv http.log.tmp http.log
+# @TEST-EXEC: zeek-cut -C -n fuid parent_fuid <files.log >files.log.tmp && mv files.log.tmp files.log
+#
 # @TEST-EXEC: btest-diff conn.log
-# Skip baselining of fuids on pre-6.0 versions (fuids stopped being canonified with 6.0).
-# @TEST-EXEC: zeek -b -e 'exit(Version::at_least("6.0") ? 1 : 0)' || btest-diff http.log
-# @TEST-EXEC: zeek -b -e 'exit(Version::at_least("6.0") ? 1 : 0)' || btest-diff files.log
+# @TEST-EXEC: btest-diff http.log
+# @TEST-EXEC: btest-diff files.log
 #
 # @TEST-DOC: Test HTTP analyzer with small trace.
 

tests/baseline/analyzer.basic/conn.log

@@ -6,7 +6,7 @@
 #unset_field	-
 #path	conn
 #open XXXX-XX-XX-XX-XX-XX
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	history
-#types	time	string	addr	port	addr	port	enum	string	string
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
+#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
 #close XXXX-XX-XX-XX-XX-XX
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	141.142.228.5	53595	54.243.55.129	80	tcp	http	ShADadFf
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	141.142.228.5	53595	54.243.55.129	80	tcp	http	0.068875	160	519	SF	F	F	0	ShADadFf	8	588	6	839	-

tests/baseline/analyzer.basic/files.log

@@ -6,8 +6,8 @@
 #unset_field	-
 #path	files
 #open XXXX-XX-XX-XX-XX-XX
-#fields	fuid	source	depth	analyzers	mime_type	filename	total_bytes
-#types	string	string	count	set[string]	string	string	count
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	source	depth	analyzers	mime_type	filename	duration	local_orig	is_orig	seen_bytes	total_bytes	missing_bytes	overflow_bytes	timedout	md5	sha1	sha256	extracted	extracted_cutoff	extracted_size
+#types	time	string	addr	port	addr	port	string	count	set[string]	string	string	interval	bool	bool	count	count	count	count	bool	string	string	string	string	bool	count
 #close XXXX-XX-XX-XX-XX-XX
-FM47gX3vI5ofQPm1li	HTTP	0	MD5,SHA1	text/plain	-	11
-FZjUS57tUkGFTibv3	HTTP	0	MD5,SHA1	text/json	-	366
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	141.142.228.5	53595	54.243.55.129	80	HTTP	0	MD5,SHA1	text/plain	-	0.000000	F	T	11	11	0	0	F	5eb63bbbe01eeed093cb22bb8f5acdc3	2aae6c35c94fcfb415dbe95f408b9ce91ee846ed	-	-	-	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	141.142.228.5	53595	54.243.55.129	80	HTTP	0	MD5,SHA1	text/json	-	0.000000	F	F	366	366	0	0	F	c9337794df612aeaa901dcf9fa446bca	6a1582672c203210c6d18d700322060b676365e7	-	-	-	-

tests/baseline/analyzer.basic/http.log

@@ -6,7 +6,7 @@
 #unset_field	-
 #path	http
 #open XXXX-XX-XX-XX-XX-XX
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	version	user_agent	origin	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	tags	username	password	proxied	orig_fuids	orig_filenames	orig_mime_types	resp_fuids	resp_filenames	resp_mime_types
-#types	time	string	addr	port	addr	port	count	string	string	string	string	string	string	string	count	count	count	string	count	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	version	user_agent	origin	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	tags	username	password	proxied	orig_filenames	orig_mime_types	resp_filenames	resp_mime_types
+#types	time	string	addr	port	addr	port	count	string	string	string	string	string	string	string	count	count	count	string	count	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]
 #close XXXX-XX-XX-XX-XX-XX
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	141.142.228.5	53595	54.243.55.129	80	1	POST	httpbin.org	/post	-	1.1	curl/7.29.0	-	11	366	200	OK	-	-	(empty)	-	-	-	FM47gX3vI5ofQPm1li	-	text/plain	FZjUS57tUkGFTibv3	-	text/json
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	141.142.228.5	53595	54.243.55.129	80	1	POST	httpbin.org	/post	-	1.1	curl/7.29.0	-	11	366	200	OK	-	-	(empty)	-	-	-	-	text/plain	-	text/json