bsd fix: pipe wc output to xargs

On BSD and Mac, wc -l outputs right justified strings, causing
the check to fail. Passing through xargs is a hack to strip
the white space.

diff --git a/alert-testmyids-not-established/check.sh b/alert-testmyids-not-established/check.sh
index a6cff0ccf851001d55a9cfdd661091aaff0d167d..07286d592e60c52b46b16f85c4ef5c7f3d392127 100755 (executable)
--- a/alert-testmyids-not-established/check.sh
+++ b/alert-testmyids-not-established/check.sh
@@ -3,7 +3,7 @@
 . ../functions.sh
 
 # Should have one fast log entry.
-n=$(cat output/fast.log | wc -l)
+n=$(cat output/fast.log | wc -l | xargs)
 assert_eq 1 "$n" "bad fast.log"
 
 # Should have one eve alert.

diff --git a/alert-testmyids/check.sh b/alert-testmyids/check.sh
index a6cff0ccf851001d55a9cfdd661091aaff0d167d..07286d592e60c52b46b16f85c4ef5c7f3d392127 100755 (executable)
--- a/alert-testmyids/check.sh
+++ b/alert-testmyids/check.sh
@@ -3,7 +3,7 @@
 . ../functions.sh
 
 # Should have one fast log entry.
-n=$(cat output/fast.log | wc -l)
+n=$(cat output/fast.log | wc -l | xargs)
 assert_eq 1 "$n" "bad fast.log"
 
 # Should have one eve alert.

diff --git a/dnp3-dnp3_data-alert/check.sh b/dnp3-dnp3_data-alert/check.sh
index 8620ee1768d600ac857ab6625367cc26ab943fb3..a51df6f864f8285b372846b6232188886d166050 100755 (executable)
--- a/dnp3-dnp3_data-alert/check.sh
+++ b/dnp3-dnp3_data-alert/check.sh
@@ -3,7 +3,7 @@
 . ../functions.sh
 
 # Should have 4 DNP3 data match alerts.
-n=$(grep "DNP3 Data match" output/eve.json | wc -l)
+n=$(grep "DNP3 Data match" output/eve.json | wc -l | xargs)
 assert_eq 4 "$n" "bad event count"
 
 exit 0

diff --git a/dns-json-log/check.sh b/dns-json-log/check.sh
index 0937ee9013f3828c0cd63b708f7c5d5e88f391f4..809c31f288b4c16e4435d0d7c0ab692cd14b7362 100755 (executable)
--- a/dns-json-log/check.sh
+++ b/dns-json-log/check.sh
@@ -1,21 +1,21 @@
 #! /bin/sh
 
 # Expect 9 dns records.
-n=$(cat output/dns.json | jq -c 'select(.event_type == "dns")' | wc -l)
+n=$(cat output/dns.json | jq -c 'select(.event_type == "dns")' | wc -l | xargs)
 if test $n -ne 9; then
     echo "failed: expected 9 dns events, got $n"
     exit 1
 fi
 
 # 4 are queries.
-n=$(cat output/dns.json | jq -c 'select(.event_type == "dns") | select(.dns.type == "query")' | wc -l)
+n=$(cat output/dns.json | jq -c 'select(.event_type == "dns") | select(.dns.type == "query")' | wc -l | xargs)
 if test $n -ne 4; then
     echo "failed: expected 4 dns queries, got $n"
     exit 1
 fi
 
 # 4 are queries.
-n=$(cat output/dns.json | jq -c 'select(.event_type == "dns") | select(.dns.type == "answer")' | wc -l)
+n=$(cat output/dns.json | jq -c 'select(.event_type == "dns") | select(.dns.type == "answer")' | wc -l | xargs)
 if test $n -ne 5; then
     echo "failed: expected 5 dns answers, got $n"
     exit 1

diff --git a/dns-tcp-multirequest-buffer-1/check.sh b/dns-tcp-multirequest-buffer-1/check.sh
index f362dfce1da788bb73ed5419bbd70f8509512596..8a27df75ae665d7fe247b60a5037b93e1bd21b5f 100755 (executable)
--- a/dns-tcp-multirequest-buffer-1/check.sh
+++ b/dns-tcp-multirequest-buffer-1/check.sh
@@ -1,12 +1,12 @@
 #! /bin/sh
 
-count=$(cat output/eve.json | jq -c 'select(.dns.type=="query")' | wc -l)
+count=$(cat output/eve.json | jq -c 'select(.dns.type=="query")' | wc -l | xargs)
 if [ "${count}" -ne 20 ]; then
     echo "error: expected 20 queries, got ${count}"
     exit 1
 fi
 
-count=$(cat output/eve.json | jq -c 'select(.dns.type=="answer")' | wc -l)
+count=$(cat output/eve.json | jq -c 'select(.dns.type=="answer")' | wc -l | xargs)
 if [ "${count}" -ne 40 ]; then
     echo "error: expected 40 answers, got ${count}"
     exit 1

diff --git a/dns-tcp-ts-gap/check.sh b/dns-tcp-ts-gap/check.sh
index 4ba1a637d7a26aa5cfc9de6f3573fc1087a185ba..9bdc789f67d4edf25fdf970cf01b97887fbc34d6 100755 (executable)
--- a/dns-tcp-ts-gap/check.sh
+++ b/dns-tcp-ts-gap/check.sh
@@ -8,12 +8,12 @@ log=./output/eve.json
 
 n=$(cat ${log} | \
        jq -c 'select(.event_type == "dns") | select(.dns.type == "query")' | \
-       wc -l)
+       wc -l | xargs)
 assert_eq 2 $n
 
 n=$(cat ${log} | \
        jq -c 'select(.event_type == "dns") | select(.dns.type == "answer")' | \
-       wc -l)
+       wc -l | xargs)
 assert_eq 36 $n
 
 exit 0

diff --git a/dns-udp-dig-a-www-suricata-ids-org/check.sh b/dns-udp-dig-a-www-suricata-ids-org/check.sh
index 5a4dc5dbcaec3ef5c79fe98c0bc2b7f8e1ab99fd..6179a189f8a8a0cf5fad1f3e2ca886ebee31c4ac 100755 (executable)
--- a/dns-udp-dig-a-www-suricata-ids-org/check.sh
+++ b/dns-udp-dig-a-www-suricata-ids-org/check.sh
@@ -2,14 +2,14 @@
 
 . ../functions.sh
 
-n=$(cat output/eve.json | jq -c 'select(.dns.type == "query")' | wc -l)
+n=$(cat output/eve.json | jq -c 'select(.dns.type == "query")' | wc -l | xargs)
 assert_eq 1 $n
 
-n=$(cat output/eve.json | jq -c 'select(.dns.type == "answer")' | wc -l)
+n=$(cat output/eve.json | jq -c 'select(.dns.type == "answer")' | wc -l | xargs)
 assert_eq 3 $n
 
-n=$(cat output/eve.json | jq -c 'select(.dns.rrtype == "CNAME")' | wc -l)
+n=$(cat output/eve.json | jq -c 'select(.dns.rrtype == "CNAME")' | wc -l | xargs)
 assert_eq 1 $n
 
-n=$(cat output/eve.json | jq -c 'select(.dns.rrtype == "A")' | wc -l)
+n=$(cat output/eve.json | jq -c 'select(.dns.rrtype == "A")' | wc -l | xargs)
 assert_eq 3 $n

diff --git a/dns-udp-dns-log-unanswered/check.sh b/dns-udp-dns-log-unanswered/check.sh
index dd031bbe79c5888d7733e387b5290f6adc37ef0d..6bd3a34a35be7a92b4ff81d66c281b48a6c44e62 100755 (executable)
--- a/dns-udp-dns-log-unanswered/check.sh
+++ b/dns-udp-dns-log-unanswered/check.sh
@@ -1,12 +1,12 @@
 #! /bin/sh
 
-n=$(grep Query output/dns.log | wc -l)
+n=$(grep Query output/dns.log | wc -l | xargs)
 if [ "$n" -ne 4 ]; then
     echo "expected 4 queries, found $n"
     exit 1
 fi
 
-n=$(grep Response output/dns.log | wc -l)
+n=$(grep Response output/dns.log | wc -l | xargs)
 if [ "$n" -ne 4 ]; then
     echo "expected 4 responses, found $n"
     exit 1

diff --git a/dns-udp-double-request-response/check.sh b/dns-udp-double-request-response/check.sh
index efb390dca031c8f19a13a656e9e4c4e445ba004a..1fd9f822c58ea7f19dc1a7b0fb4eb72921dd219c 100755 (executable)
--- a/dns-udp-double-request-response/check.sh
+++ b/dns-udp-double-request-response/check.sh
@@ -1,14 +1,14 @@
 #! /bin/sh
 
 # Check queries.
-c=$(cat output/eve.json | jq -c 'select(.dns.type == "query")' | wc -l)
+c=$(cat output/eve.json | jq -c 'select(.dns.type == "query")' | wc -l | xargs)
 if [ "${c}" -ne 2 ]; then
     echo "error: expected 2 DNS queries, got ${c}"
     exit 1
 fi
 
 # Check answer count.
-c=$(cat output/eve.json | jq -c 'select(.dns.type == "answer")' | wc -l)
+c=$(cat output/eve.json | jq -c 'select(.dns.type == "answer")' | wc -l | xargs)
 if [ "${c}" -ne 9 ]; then
     echo "error: expected 9 DNS answers, got ${c}"
     exit 1

diff --git a/dns-udp-unsolicited-response/check.sh b/dns-udp-unsolicited-response/check.sh
index 7bcb97faf640ea1f91c1489c83e038dec8644fbc..02681ab144f6f79941638d8dfbd7b8133b0c11a5 100755 (executable)
--- a/dns-udp-unsolicited-response/check.sh
+++ b/dns-udp-unsolicited-response/check.sh
@@ -1,19 +1,19 @@
 #! /bin/sh
 
 # Check for 1 DNS request.
-n=$(cat output/eve.json | jq -c 'select(.dns.type == "query")' | wc -l)
+n=$(cat output/eve.json | jq -c 'select(.dns.type == "query")' | wc -l | xargs)
 if [ ${n} -ne 1 ]; then
     exit 1
 fi
 
 # Check for 1 DNS response.
-n=$(cat output/eve.json | jq -c 'select(.dns.type == "answer")' | wc -l)
+n=$(cat output/eve.json | jq -c 'select(.dns.type == "answer")' | wc -l | xargs)
 if [ ${n} -ne 2 ]; then
     exit 1
 fi
 
 # Check for one alert.
-n=$(cat output/eve.json | jq -c 'select(.event_type == "alert")' | wc -l)
+n=$(cat output/eve.json | jq -c 'select(.event_type == "alert")' | wc -l | xargs)
 if [ ${n} -ne 1 ]; then
     exit 1
 fi

diff --git a/dns-udp-z-flag-fp/check.sh b/dns-udp-z-flag-fp/check.sh
index 5717a1d28e7ba1b7b669b626a2b81d3aad29ada6..3ac9bfcc7d9034112b123b8739f251aebe4a1000 100755 (executable)
--- a/dns-udp-z-flag-fp/check.sh
+++ b/dns-udp-z-flag-fp/check.sh
@@ -3,5 +3,5 @@
 . ../functions.sh
 
 # Check that there are no events.
-n=$(cat output/fast.log | wc -l)
+n=$(cat output/fast.log | wc -l | xargs)
 assert_eq 0 "$n" "no events expected"

diff --git a/functions.sh b/functions.sh
index f6eb66c24c683d5072de04d8f831cd6a2245852e..abe33f24dfe9d0187ac59e1a9a77cdf30be77fae 100644 (file)
--- a/functions.sh
+++ b/functions.sh
@@ -1,5 +1,5 @@
 jq_count() {
-    cat "$1" | jq -c "$2" | wc -l
+    cat "$1" | jq -c "$2" | wc -l | xargs
 }
 
 assert_eq() {

diff --git a/tls-fingerprint-alert/check.sh b/tls-fingerprint-alert/check.sh
index 49c0bf1020c2fae353f70a5eb243e007fdb7a00a..0ba206050363f0cc8b1010e57236b1809915c96e 100755 (executable)
--- a/tls-fingerprint-alert/check.sh
+++ b/tls-fingerprint-alert/check.sh
@@ -1,7 +1,7 @@
 #! /usr/bin/env bash
 
 # Check for a single alert.
-n=$(cat output/eve.json | jq -c 'select(.event_type == "alert")' | wc -l)
+n=$(cat output/eve.json | jq -c 'select(.event_type == "alert")' | wc -l | xargs)
 if test "${n}" -ne 1; then
     echo "expected 1 event, found ${n}"
     exit 1

diff --git a/tls-json-output-ids/check.sh b/tls-json-output-ids/check.sh
index a7151f4e243521b0186dccd6f978ce433eb72568..43fd6955f1bc649aa51a2423e9937a0a14fd34af 100755 (executable)
--- a/tls-json-output-ids/check.sh
+++ b/tls-json-output-ids/check.sh
@@ -1,7 +1,7 @@
 #! /usr/bin/env bash
 
 # Check for 1 tls event.
-n=$(cat output/eve.json | jq -c 'select(.event_type == "tls")' | wc -l)
+n=$(cat output/eve.json | jq -c 'select(.event_type == "tls")' | wc -l | xargs)
 if test "${n}" -ne 1; then
     echo "expected 1 event, got $n"
     exit 1

diff --git a/tls-json-output-ips/check.sh b/tls-json-output-ips/check.sh
index a7151f4e243521b0186dccd6f978ce433eb72568..43fd6955f1bc649aa51a2423e9937a0a14fd34af 100755 (executable)
--- a/tls-json-output-ips/check.sh
+++ b/tls-json-output-ips/check.sh
@@ -1,7 +1,7 @@
 #! /usr/bin/env bash
 
 # Check for 1 tls event.
-n=$(cat output/eve.json | jq -c 'select(.event_type == "tls")' | wc -l)
+n=$(cat output/eve.json | jq -c 'select(.event_type == "tls")' | wc -l | xargs)
 if test "${n}" -ne 1; then
     echo "expected 1 event, got $n"
     exit 1