mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 22:58:20 +00:00
Merge remote-tracking branch 'origin/topic/jsiwek/bit-1368' into topic/seth/more-file-type-ident-fixes
Conflicts: src/file_analysis/File.cc testing/btest/Baseline/plugins.hooks/output
This commit is contained in:
Seth Hall
commit
038e4c24f6
35 changed files with 269 additions and 192 deletions
|
|
@ -484,16 +484,19 @@ event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priori
|
|||
add f$info$rx_hosts[f$is_orig ? cid$resp_h : cid$orig_h];
|
||||
}
|
||||
|
||||
event file_mime_type(f: fa_file, mime_type: string) &priority=10
|
||||
event file_metadata_inferred(f: fa_file, meta: inferred_file_metadata) &priority=10
|
||||
{
|
||||
set_info(f);
|
||||
|
||||
f$info$mime_type = mime_type;
|
||||
if ( ! meta?$mime_type )
|
||||
return;
|
||||
|
||||
f$info$mime_type = meta$mime_type;
|
||||
|
||||
if ( analyze_by_mime_type_automatically &&
|
||||
mime_type in mime_type_to_analyzers )
|
||||
meta$mime_type in mime_type_to_analyzers )
|
||||
{
|
||||
local analyzers = mime_type_to_analyzers[mime_type];
|
||||
local analyzers = mime_type_to_analyzers[meta$mime_type];
|
||||
for ( a in analyzers )
|
||||
{
|
||||
add f$info$analyzers[Files::analyzer_name(a)];
|
||||
|
|
|
|||
|
|
@ -414,6 +414,14 @@ type fa_file: record {
|
|||
bof_buffer: string &optional;
|
||||
} &redef;
|
||||
|
||||
## Metadata that's been inferred about a particular file.
|
||||
type inferred_file_metadata: record {
|
||||
## The strongest matching mime type if one was discovered.
|
||||
mime_type: string &optional;
|
||||
## All matching mime types if any were discovered.
|
||||
mime_types: mime_matches &optional;
|
||||
};
|
||||
|
||||
## Fields of a SYN packet.
|
||||
##
|
||||
## .. bro:see:: connection_SYN_packet
|
||||
|
|
|
|||
|
|
@ -63,10 +63,13 @@ event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priori
|
|||
f$ftp = ftp;
|
||||
}
|
||||
|
||||
event file_mime_type(f: fa_file, mime_type: string) &priority=5
|
||||
event file_metadata_inferred(f: fa_file, meta: inferred_file_metadata) &priority=5
|
||||
{
|
||||
if ( ! f?$ftp )
|
||||
return;
|
||||
|
||||
f$ftp$mime_type = mime_type;
|
||||
if ( ! meta?$mime_type )
|
||||
return;
|
||||
|
||||
f$ftp$mime_type = meta$mime_type;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -93,24 +93,27 @@ event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priori
|
|||
}
|
||||
}
|
||||
|
||||
event file_mime_type(f: fa_file, mime_type: string) &priority=5
|
||||
event file_metadata_inferred(f: fa_file, meta: inferred_file_metadata) &priority=5
|
||||
{
|
||||
if ( ! f?$http || ! f?$is_orig )
|
||||
return;
|
||||
|
||||
if ( ! meta?$mime_type )
|
||||
return;
|
||||
|
||||
if ( f$is_orig )
|
||||
{
|
||||
if ( ! f$http?$orig_mime_types )
|
||||
f$http$orig_mime_types = string_vec(mime_type);
|
||||
f$http$orig_mime_types = string_vec(meta$mime_type);
|
||||
else
|
||||
f$http$orig_mime_types[|f$http$orig_mime_types|] = mime_type;
|
||||
f$http$orig_mime_types[|f$http$orig_mime_types|] = meta$mime_type;
|
||||
}
|
||||
else
|
||||
{
|
||||
if ( ! f$http?$resp_mime_types )
|
||||
f$http$resp_mime_types = string_vec(mime_type);
|
||||
f$http$resp_mime_types = string_vec(meta$mime_type);
|
||||
else
|
||||
f$http$resp_mime_types[|f$http$resp_mime_types|] = mime_type;
|
||||
f$http$resp_mime_types[|f$http$resp_mime_types|] = meta$mime_type;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -42,8 +42,8 @@ event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priori
|
|||
f$irc = irc;
|
||||
}
|
||||
|
||||
event file_mime_type(f: fa_file, mime_type: string) &priority=5
|
||||
event file_metadata_inferred(f: fa_file, meta: inferred_file_metadata) &priority=5
|
||||
{
|
||||
if ( f?$irc )
|
||||
f$irc$dcc_mime_type = mime_type;
|
||||
}
|
||||
if ( f?$irc && meta?$mime_type )
|
||||
f$irc$dcc_mime_type = meta$mime_type;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue