Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

FileAnalysis: add custom libmagic database.

Browse source 
- It's derived from the magic database of libmagic 5.14, but with most
  everything not related to mime types removed.

- The custom database is always used by default for mime detection, but
  the more verbose file type detection will fall back on the default
  libmagic installation's database.  The result is: mime type strings
  are now guaranteed to be consistent across platforms, but the verbose
  file type descriptions are not.

- The custom database gets installed in $prefix/share/bro/magic, and
  should even be extensible if files with new patterns are added inside
  the directory.

- The search path for the mime magic database can be controlled via
  BROMAGIC environment variable.

- Remove mime_desc field from ftp.log.

- Stop using the mime/file type canonifier with unit tests.

- libmagic >= 5.04 is now a requirement.
This commit is contained in:
Jon Siwek 2013-04-12 11:58:19 -05:00
parent b8c98b8bf7
commit 037d582b0e
106 changed files with 2951 additions and 174 deletions
Download patch file Download diff file Expand all files Collapse all files

22
src/util.cc
View file

@ -864,6 +864,16 @@ const char* bro_path()
return path;
}
const char* bro_magic_path()
{
const char* path = getenv("BROMAGIC");
if ( ! path )
path = BRO_MAGIC_INSTALL_PATH;
return path;
}
const char* bro_prefixes()
{
int len = 1; // room for \0
@ -1560,16 +1570,22 @@ void bro_init_magic(magic_t* cookie_ptr, int flags)
*cookie_ptr = magic_open(flags);
// Use our custom database for mime types, but the default database
// from libmagic for the verbose file type.
const char* database = (flags & MAGIC_MIME) ? bro_magic_path() : 0;
if ( ! *cookie_ptr )
{
const char* err = magic_error(*cookie_ptr);
reporter->Error("can't init libmagic: %s", err ? err : "unknown");
if ( ! err ) err = "unknown";
reporter->InternalError("can't init libmagic: %s", err);
}
else if ( magic_load(*cookie_ptr, 0) < 0 )
else if ( magic_load(*cookie_ptr, database) < 0 )
{
const char* err = magic_error(*cookie_ptr);
reporter->Error("can't load magic file: %s", err ? err : "unknown");
if ( ! err ) err = "unknown";
reporter->InternalError("can't load magic file: %s", err);
magic_close(*cookie_ptr);
*cookie_ptr = 0;
}