mirror of
https://github.com/zeek/zeek.git
synced 2025-10-05 16:18:19 +00:00
Merge remote-tracking branch 'origin/master' into topic/johanna/hash-unification
This commit is contained in:
Johanna Amann
commit
04ed125941
257 changed files with 4534 additions and 4025 deletions
|
|
@ -34,9 +34,9 @@ static RecordVal* get_conn_id_val(const Connection* conn)
|
|||
{
|
||||
RecordVal* v = new RecordVal(conn_id);
|
||||
v->Assign(0, make_intrusive<AddrVal>(conn->OrigAddr()));
|
||||
v->Assign(1, val_mgr->GetPort(ntohs(conn->OrigPort()), conn->ConnTransport()));
|
||||
v->Assign(1, val_mgr->Port(ntohs(conn->OrigPort()), conn->ConnTransport()));
|
||||
v->Assign(2, make_intrusive<AddrVal>(conn->RespAddr()));
|
||||
v->Assign(3, val_mgr->GetPort(ntohs(conn->RespPort()), conn->ConnTransport()));
|
||||
v->Assign(3, val_mgr->Port(ntohs(conn->RespPort()), conn->ConnTransport()));
|
||||
return v;
|
||||
}
|
||||
|
||||
|
|
@ -97,7 +97,7 @@ File::File(const std::string& file_id, const std::string& source_name, Connectio
|
|||
|
||||
if ( conn )
|
||||
{
|
||||
val->Assign(is_orig_idx, val_mgr->GetBool(is_orig));
|
||||
val->Assign(is_orig_idx, val_mgr->Bool(is_orig));
|
||||
UpdateConnectionFields(conn, is_orig);
|
||||
}
|
||||
|
||||
|
|
@ -145,7 +145,7 @@ bool File::UpdateConnectionFields(Connection* conn, bool is_orig)
|
|||
return false;
|
||||
}
|
||||
|
||||
conns->AsTableVal()->Assign(idx, conn->BuildConnVal());
|
||||
conns->AsTableVal()->Assign(idx, conn->ConnVal());
|
||||
Unref(idx);
|
||||
return true;
|
||||
}
|
||||
|
|
@ -156,8 +156,8 @@ void File::RaiseFileOverNewConnection(Connection* conn, bool is_orig)
|
|||
{
|
||||
FileEvent(file_over_new_connection, {
|
||||
IntrusivePtr{NewRef{}, val},
|
||||
IntrusivePtr{AdoptRef{}, conn->BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetBool(is_orig)},
|
||||
conn->ConnVal(),
|
||||
val_mgr->Bool(is_orig),
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
@ -226,13 +226,13 @@ bool File::SetExtractionLimit(RecordVal* args, uint64_t bytes)
|
|||
void File::IncrementByteCount(uint64_t size, int field_idx)
|
||||
{
|
||||
uint64_t old = LookupFieldDefaultCount(field_idx);
|
||||
val->Assign(field_idx, val_mgr->GetCount(old + size));
|
||||
val->Assign(field_idx, val_mgr->Count(old + size));
|
||||
}
|
||||
|
||||
void File::SetTotalBytes(uint64_t size)
|
||||
{
|
||||
DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Total bytes %" PRIu64, id.c_str(), size);
|
||||
val->Assign(total_bytes_idx, val_mgr->GetCount(size));
|
||||
val->Assign(total_bytes_idx, val_mgr->Count(size));
|
||||
}
|
||||
|
||||
bool File::IsComplete() const
|
||||
|
|
@ -301,7 +301,7 @@ bool File::SetMime(const std::string& mime_type)
|
|||
|
||||
auto meta = make_intrusive<RecordVal>(fa_metadata_type);
|
||||
meta->Assign(meta_mime_type_idx, make_intrusive<StringVal>(mime_type));
|
||||
meta->Assign(meta_inferred_idx, val_mgr->GetFalse());
|
||||
meta->Assign(meta_inferred_idx, val_mgr->False());
|
||||
|
||||
FileEvent(file_sniff, {IntrusivePtr{NewRef{}, val}, std::move(meta)});
|
||||
return true;
|
||||
|
|
@ -455,8 +455,8 @@ void File::DeliverChunk(const u_char* data, uint64_t len, uint64_t offset)
|
|||
{
|
||||
FileEvent(file_reassembly_overflow, {
|
||||
IntrusivePtr{NewRef{}, val},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(current_offset)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(gap_bytes)}
|
||||
val_mgr->Count(current_offset),
|
||||
val_mgr->Count(gap_bytes)
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
@ -600,8 +600,8 @@ void File::Gap(uint64_t offset, uint64_t len)
|
|||
{
|
||||
FileEvent(file_gap, {
|
||||
IntrusivePtr{NewRef{}, val},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(offset)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(len)}
|
||||
val_mgr->Count(offset),
|
||||
val_mgr->Count(len)
|
||||
});
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -426,8 +426,8 @@ string Manager::GetFileID(const analyzer::Tag& tag, Connection* c, bool is_orig)
|
|||
|
||||
mgr.Enqueue(get_file_handle,
|
||||
IntrusivePtr{NewRef{}, tagval},
|
||||
IntrusivePtr{AdoptRef{}, c->BuildConnVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetBool(is_orig)}
|
||||
c->ConnVal(),
|
||||
val_mgr->Bool(is_orig)
|
||||
);
|
||||
mgr.Drain(); // need file handle immediately so we don't have to buffer data
|
||||
return current_file_id;
|
||||
|
|
@ -438,9 +438,8 @@ bool Manager::IsDisabled(const analyzer::Tag& tag)
|
|||
if ( ! disabled )
|
||||
disabled = internal_const_val("Files::disable")->AsTableVal();
|
||||
|
||||
Val* index = val_mgr->GetCount(bool(tag));
|
||||
auto yield = disabled->Lookup(index);
|
||||
Unref(index);
|
||||
auto index = val_mgr->Count(bool(tag));
|
||||
auto yield = disabled->Lookup(index.get());
|
||||
|
||||
if ( ! yield )
|
||||
return false;
|
||||
|
|
@ -502,23 +501,23 @@ string Manager::DetectMIME(const u_char* data, uint64_t len) const
|
|||
return *(matches.begin()->second.begin());
|
||||
}
|
||||
|
||||
VectorVal* file_analysis::GenMIMEMatchesVal(const RuleMatcher::MIME_Matches& m)
|
||||
IntrusivePtr<VectorVal> file_analysis::GenMIMEMatchesVal(const RuleMatcher::MIME_Matches& m)
|
||||
{
|
||||
VectorVal* rval = new VectorVal(mime_matches);
|
||||
auto rval = make_intrusive<VectorVal>(mime_matches);
|
||||
|
||||
for ( RuleMatcher::MIME_Matches::const_iterator it = m.begin();
|
||||
it != m.end(); ++it )
|
||||
{
|
||||
RecordVal* element = new RecordVal(mime_match);
|
||||
auto element = make_intrusive<RecordVal>(mime_match);
|
||||
|
||||
for ( set<string>::const_iterator it2 = it->second.begin();
|
||||
it2 != it->second.end(); ++it2 )
|
||||
{
|
||||
element->Assign(0, val_mgr->GetInt(it->first));
|
||||
element->Assign(0, val_mgr->Int(it->first));
|
||||
element->Assign(1, make_intrusive<StringVal>(*it2));
|
||||
}
|
||||
|
||||
rval->Assign(rval->Size(), element);
|
||||
rval->Assign(rval->Size(), std::move(element));
|
||||
}
|
||||
|
||||
return rval;
|
||||
|
|
|
|||
|
|
@ -422,7 +422,7 @@ private:
|
|||
* Returns a script-layer value corresponding to the \c mime_matches type.
|
||||
* @param m The MIME match information with which to populate the value.
|
||||
*/
|
||||
VectorVal* GenMIMEMatchesVal(const RuleMatcher::MIME_Matches& m);
|
||||
IntrusivePtr<VectorVal> GenMIMEMatchesVal(const RuleMatcher::MIME_Matches& m);
|
||||
|
||||
} // namespace file_analysis
|
||||
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ bool DataEvent::DeliverChunk(const u_char* data, uint64_t len, uint64_t offset)
|
|||
mgr.Enqueue(chunk_event,
|
||||
IntrusivePtr{NewRef{}, GetFile()->GetVal()},
|
||||
make_intrusive<StringVal>(new BroString(data, len, false)),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(offset)}
|
||||
val_mgr->Count(offset)
|
||||
);
|
||||
|
||||
return true;
|
||||
|
|
|
|||
|
|
@ -94,8 +94,8 @@ bool Extract::DeliverStream(const u_char* data, uint64_t len)
|
|||
f->FileEvent(file_extraction_limit, {
|
||||
IntrusivePtr{NewRef{}, f->GetVal()},
|
||||
IntrusivePtr{NewRef{}, Args()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(limit)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(len)}
|
||||
val_mgr->Count(limit),
|
||||
val_mgr->Count(len)
|
||||
});
|
||||
|
||||
// Limit may have been modified by a BIF, re-check it.
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ function FileExtract::__set_limit%(file_id: string, args: any, n: count%): bool
|
|||
using BifType::Record::Files::AnalyzerArgs;
|
||||
auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs);
|
||||
bool result = file_mgr->SetExtractionLimit(file_id->CheckString(), rv.get(), n);
|
||||
return val_mgr->GetBool(result);
|
||||
return val_mgr->Bool(result);
|
||||
%}
|
||||
|
||||
module GLOBAL;
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ VectorVal* process_rvas(const RVAS* rva_table)
|
|||
{
|
||||
VectorVal* rvas = new VectorVal(internal_type("index_vec")->AsVectorType());
|
||||
for ( uint16 i=0; i < rva_table->rvas()->size(); ++i )
|
||||
rvas->Assign(i, val_mgr->GetCount((*rva_table->rvas())[i]->size()));
|
||||
rvas->Assign(i, val_mgr->Count((*rva_table->rvas())[i]->size()));
|
||||
|
||||
return rvas;
|
||||
}
|
||||
|
|
@ -30,9 +30,8 @@ refine flow File += {
|
|||
{
|
||||
if ( ((c >> i) & 0x1) == 1 )
|
||||
{
|
||||
Val *ch = val_mgr->GetCount((1<<i)&mask);
|
||||
char_set->Assign(ch, 0);
|
||||
Unref(ch);
|
||||
auto ch = val_mgr->Count((1<<i)&mask);
|
||||
char_set->Assign(ch.get(), 0);
|
||||
}
|
||||
}
|
||||
return char_set;
|
||||
|
|
@ -44,22 +43,22 @@ refine flow File += {
|
|||
{
|
||||
auto dh = make_intrusive<RecordVal>(BifType::Record::PE::DOSHeader);
|
||||
dh->Assign(0, make_intrusive<StringVal>(${h.signature}.length(), (const char*) ${h.signature}.data()));
|
||||
dh->Assign(1, val_mgr->GetCount(${h.UsedBytesInTheLastPage}));
|
||||
dh->Assign(2, val_mgr->GetCount(${h.FileSizeInPages}));
|
||||
dh->Assign(3, val_mgr->GetCount(${h.NumberOfRelocationItems}));
|
||||
dh->Assign(4, val_mgr->GetCount(${h.HeaderSizeInParagraphs}));
|
||||
dh->Assign(5, val_mgr->GetCount(${h.MinimumExtraParagraphs}));
|
||||
dh->Assign(6, val_mgr->GetCount(${h.MaximumExtraParagraphs}));
|
||||
dh->Assign(7, val_mgr->GetCount(${h.InitialRelativeSS}));
|
||||
dh->Assign(8, val_mgr->GetCount(${h.InitialSP}));
|
||||
dh->Assign(9, val_mgr->GetCount(${h.Checksum}));
|
||||
dh->Assign(10, val_mgr->GetCount(${h.InitialIP}));
|
||||
dh->Assign(11, val_mgr->GetCount(${h.InitialRelativeCS}));
|
||||
dh->Assign(12, val_mgr->GetCount(${h.AddressOfRelocationTable}));
|
||||
dh->Assign(13, val_mgr->GetCount(${h.OverlayNumber}));
|
||||
dh->Assign(14, val_mgr->GetCount(${h.OEMid}));
|
||||
dh->Assign(15, val_mgr->GetCount(${h.OEMinfo}));
|
||||
dh->Assign(16, val_mgr->GetCount(${h.AddressOfNewExeHeader}));
|
||||
dh->Assign(1, val_mgr->Count(${h.UsedBytesInTheLastPage}));
|
||||
dh->Assign(2, val_mgr->Count(${h.FileSizeInPages}));
|
||||
dh->Assign(3, val_mgr->Count(${h.NumberOfRelocationItems}));
|
||||
dh->Assign(4, val_mgr->Count(${h.HeaderSizeInParagraphs}));
|
||||
dh->Assign(5, val_mgr->Count(${h.MinimumExtraParagraphs}));
|
||||
dh->Assign(6, val_mgr->Count(${h.MaximumExtraParagraphs}));
|
||||
dh->Assign(7, val_mgr->Count(${h.InitialRelativeSS}));
|
||||
dh->Assign(8, val_mgr->Count(${h.InitialSP}));
|
||||
dh->Assign(9, val_mgr->Count(${h.Checksum}));
|
||||
dh->Assign(10, val_mgr->Count(${h.InitialIP}));
|
||||
dh->Assign(11, val_mgr->Count(${h.InitialRelativeCS}));
|
||||
dh->Assign(12, val_mgr->Count(${h.AddressOfRelocationTable}));
|
||||
dh->Assign(13, val_mgr->Count(${h.OverlayNumber}));
|
||||
dh->Assign(14, val_mgr->Count(${h.OEMid}));
|
||||
dh->Assign(15, val_mgr->Count(${h.OEMinfo}));
|
||||
dh->Assign(16, val_mgr->Count(${h.AddressOfNewExeHeader}));
|
||||
|
||||
mgr.Enqueue(pe_dos_header,
|
||||
IntrusivePtr{NewRef{}, connection()->bro_analyzer()->GetFile()->GetVal()},
|
||||
|
|
@ -93,11 +92,11 @@ refine flow File += {
|
|||
if ( pe_file_header )
|
||||
{
|
||||
auto fh = make_intrusive<RecordVal>(BifType::Record::PE::FileHeader);
|
||||
fh->Assign(0, val_mgr->GetCount(${h.Machine}));
|
||||
fh->Assign(0, val_mgr->Count(${h.Machine}));
|
||||
fh->Assign(1, make_intrusive<Val>(static_cast<double>(${h.TimeDateStamp}), TYPE_TIME));
|
||||
fh->Assign(2, val_mgr->GetCount(${h.PointerToSymbolTable}));
|
||||
fh->Assign(3, val_mgr->GetCount(${h.NumberOfSymbols}));
|
||||
fh->Assign(4, val_mgr->GetCount(${h.SizeOfOptionalHeader}));
|
||||
fh->Assign(2, val_mgr->Count(${h.PointerToSymbolTable}));
|
||||
fh->Assign(3, val_mgr->Count(${h.NumberOfSymbols}));
|
||||
fh->Assign(4, val_mgr->Count(${h.SizeOfOptionalHeader}));
|
||||
fh->Assign(5, characteristics_to_bro(${h.Characteristics}, 16));
|
||||
|
||||
mgr.Enqueue(pe_file_header,
|
||||
|
|
@ -122,31 +121,31 @@ refine flow File += {
|
|||
{
|
||||
auto oh = make_intrusive<RecordVal>(BifType::Record::PE::OptionalHeader);
|
||||
|
||||
oh->Assign(0, val_mgr->GetCount(${h.magic}));
|
||||
oh->Assign(1, val_mgr->GetCount(${h.major_linker_version}));
|
||||
oh->Assign(2, val_mgr->GetCount(${h.minor_linker_version}));
|
||||
oh->Assign(3, val_mgr->GetCount(${h.size_of_code}));
|
||||
oh->Assign(4, val_mgr->GetCount(${h.size_of_init_data}));
|
||||
oh->Assign(5, val_mgr->GetCount(${h.size_of_uninit_data}));
|
||||
oh->Assign(6, val_mgr->GetCount(${h.addr_of_entry_point}));
|
||||
oh->Assign(7, val_mgr->GetCount(${h.base_of_code}));
|
||||
oh->Assign(0, val_mgr->Count(${h.magic}));
|
||||
oh->Assign(1, val_mgr->Count(${h.major_linker_version}));
|
||||
oh->Assign(2, val_mgr->Count(${h.minor_linker_version}));
|
||||
oh->Assign(3, val_mgr->Count(${h.size_of_code}));
|
||||
oh->Assign(4, val_mgr->Count(${h.size_of_init_data}));
|
||||
oh->Assign(5, val_mgr->Count(${h.size_of_uninit_data}));
|
||||
oh->Assign(6, val_mgr->Count(${h.addr_of_entry_point}));
|
||||
oh->Assign(7, val_mgr->Count(${h.base_of_code}));
|
||||
|
||||
if ( ${h.pe_format} != PE32_PLUS )
|
||||
oh->Assign(8, val_mgr->GetCount(${h.base_of_data}));
|
||||
oh->Assign(8, val_mgr->Count(${h.base_of_data}));
|
||||
|
||||
oh->Assign(9, val_mgr->GetCount(${h.image_base}));
|
||||
oh->Assign(10, val_mgr->GetCount(${h.section_alignment}));
|
||||
oh->Assign(11, val_mgr->GetCount(${h.file_alignment}));
|
||||
oh->Assign(12, val_mgr->GetCount(${h.os_version_major}));
|
||||
oh->Assign(13, val_mgr->GetCount(${h.os_version_minor}));
|
||||
oh->Assign(14, val_mgr->GetCount(${h.major_image_version}));
|
||||
oh->Assign(15, val_mgr->GetCount(${h.minor_image_version}));
|
||||
oh->Assign(16, val_mgr->GetCount(${h.minor_subsys_version}));
|
||||
oh->Assign(17, val_mgr->GetCount(${h.minor_subsys_version}));
|
||||
oh->Assign(18, val_mgr->GetCount(${h.size_of_image}));
|
||||
oh->Assign(19, val_mgr->GetCount(${h.size_of_headers}));
|
||||
oh->Assign(20, val_mgr->GetCount(${h.checksum}));
|
||||
oh->Assign(21, val_mgr->GetCount(${h.subsystem}));
|
||||
oh->Assign(9, val_mgr->Count(${h.image_base}));
|
||||
oh->Assign(10, val_mgr->Count(${h.section_alignment}));
|
||||
oh->Assign(11, val_mgr->Count(${h.file_alignment}));
|
||||
oh->Assign(12, val_mgr->Count(${h.os_version_major}));
|
||||
oh->Assign(13, val_mgr->Count(${h.os_version_minor}));
|
||||
oh->Assign(14, val_mgr->Count(${h.major_image_version}));
|
||||
oh->Assign(15, val_mgr->Count(${h.minor_image_version}));
|
||||
oh->Assign(16, val_mgr->Count(${h.minor_subsys_version}));
|
||||
oh->Assign(17, val_mgr->Count(${h.minor_subsys_version}));
|
||||
oh->Assign(18, val_mgr->Count(${h.size_of_image}));
|
||||
oh->Assign(19, val_mgr->Count(${h.size_of_headers}));
|
||||
oh->Assign(20, val_mgr->Count(${h.checksum}));
|
||||
oh->Assign(21, val_mgr->Count(${h.subsystem}));
|
||||
oh->Assign(22, characteristics_to_bro(${h.dll_characteristics}, 16));
|
||||
|
||||
oh->Assign(23, process_rvas(${h.rvas}));
|
||||
|
|
@ -173,14 +172,14 @@ refine flow File += {
|
|||
name_len = first_null - ${h.name}.data();
|
||||
section_header->Assign(0, make_intrusive<StringVal>(name_len, (const char*) ${h.name}.data()));
|
||||
|
||||
section_header->Assign(1, val_mgr->GetCount(${h.virtual_size}));
|
||||
section_header->Assign(2, val_mgr->GetCount(${h.virtual_addr}));
|
||||
section_header->Assign(3, val_mgr->GetCount(${h.size_of_raw_data}));
|
||||
section_header->Assign(4, val_mgr->GetCount(${h.ptr_to_raw_data}));
|
||||
section_header->Assign(5, val_mgr->GetCount(${h.non_used_ptr_to_relocs}));
|
||||
section_header->Assign(6, val_mgr->GetCount(${h.non_used_ptr_to_line_nums}));
|
||||
section_header->Assign(7, val_mgr->GetCount(${h.non_used_num_of_relocs}));
|
||||
section_header->Assign(8, val_mgr->GetCount(${h.non_used_num_of_line_nums}));
|
||||
section_header->Assign(1, val_mgr->Count(${h.virtual_size}));
|
||||
section_header->Assign(2, val_mgr->Count(${h.virtual_addr}));
|
||||
section_header->Assign(3, val_mgr->Count(${h.size_of_raw_data}));
|
||||
section_header->Assign(4, val_mgr->Count(${h.ptr_to_raw_data}));
|
||||
section_header->Assign(5, val_mgr->Count(${h.non_used_ptr_to_relocs}));
|
||||
section_header->Assign(6, val_mgr->Count(${h.non_used_ptr_to_line_nums}));
|
||||
section_header->Assign(7, val_mgr->Count(${h.non_used_num_of_relocs}));
|
||||
section_header->Assign(8, val_mgr->Count(${h.non_used_num_of_line_nums}));
|
||||
section_header->Assign(9, characteristics_to_bro(${h.characteristics}, 32));
|
||||
|
||||
mgr.Enqueue(pe_section_header,
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ refine flow Flow += {
|
|||
}
|
||||
%}
|
||||
|
||||
function to_port(n: uint16, p: uint8): PortVal
|
||||
function to_port(n: uint16, p: uint8): Val
|
||||
%{
|
||||
TransportProto proto = TRANSPORT_UNKNOWN;
|
||||
switch ( p ) {
|
||||
|
|
@ -54,7 +54,7 @@ refine flow Flow += {
|
|||
case 17: proto = TRANSPORT_UDP; break;
|
||||
}
|
||||
|
||||
return val_mgr->GetPort(n, proto);
|
||||
return val_mgr->Port(n, proto)->Ref();
|
||||
%}
|
||||
|
||||
#function proc_record(rec: Record) : bool
|
||||
|
|
@ -67,19 +67,19 @@ refine flow Flow += {
|
|||
if ( ::unified2_event )
|
||||
{
|
||||
auto ids_event = make_intrusive<RecordVal>(BifType::Record::Unified2::IDSEvent);
|
||||
ids_event->Assign(0, val_mgr->GetCount(${ev.sensor_id}));
|
||||
ids_event->Assign(1, val_mgr->GetCount(${ev.event_id}));
|
||||
ids_event->Assign(0, val_mgr->Count(${ev.sensor_id}));
|
||||
ids_event->Assign(1, val_mgr->Count(${ev.event_id}));
|
||||
ids_event->Assign(2, make_intrusive<Val>(ts_to_double(${ev.ts}), TYPE_TIME));
|
||||
ids_event->Assign(3, val_mgr->GetCount(${ev.signature_id}));
|
||||
ids_event->Assign(4, val_mgr->GetCount(${ev.generator_id}));
|
||||
ids_event->Assign(5, val_mgr->GetCount(${ev.signature_revision}));
|
||||
ids_event->Assign(6, val_mgr->GetCount(${ev.classification_id}));
|
||||
ids_event->Assign(7, val_mgr->GetCount(${ev.priority_id}));
|
||||
ids_event->Assign(3, val_mgr->Count(${ev.signature_id}));
|
||||
ids_event->Assign(4, val_mgr->Count(${ev.generator_id}));
|
||||
ids_event->Assign(5, val_mgr->Count(${ev.signature_revision}));
|
||||
ids_event->Assign(6, val_mgr->Count(${ev.classification_id}));
|
||||
ids_event->Assign(7, val_mgr->Count(${ev.priority_id}));
|
||||
ids_event->Assign(8, unified2_addr_to_bro_addr(${ev.src_ip}));
|
||||
ids_event->Assign(9, unified2_addr_to_bro_addr(${ev.dst_ip}));
|
||||
ids_event->Assign(10, to_port(${ev.src_p}, ${ev.protocol}));
|
||||
ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol}));
|
||||
ids_event->Assign(17, val_mgr->GetCount(${ev.packet_action}));
|
||||
ids_event->Assign(17, val_mgr->Count(${ev.packet_action}));
|
||||
|
||||
mgr.Enqueue(::unified2_event,
|
||||
IntrusivePtr{NewRef{}, connection()->bro_analyzer()->GetFile()->GetVal()},
|
||||
|
|
@ -93,23 +93,23 @@ refine flow Flow += {
|
|||
if ( ::unified2_event )
|
||||
{
|
||||
auto ids_event = make_intrusive<RecordVal>(BifType::Record::Unified2::IDSEvent);
|
||||
ids_event->Assign(0, val_mgr->GetCount(${ev.sensor_id}));
|
||||
ids_event->Assign(1, val_mgr->GetCount(${ev.event_id}));
|
||||
ids_event->Assign(0, val_mgr->Count(${ev.sensor_id}));
|
||||
ids_event->Assign(1, val_mgr->Count(${ev.event_id}));
|
||||
ids_event->Assign(2, make_intrusive<Val>(ts_to_double(${ev.ts}), TYPE_TIME));
|
||||
ids_event->Assign(3, val_mgr->GetCount(${ev.signature_id}));
|
||||
ids_event->Assign(4, val_mgr->GetCount(${ev.generator_id}));
|
||||
ids_event->Assign(5, val_mgr->GetCount(${ev.signature_revision}));
|
||||
ids_event->Assign(6, val_mgr->GetCount(${ev.classification_id}));
|
||||
ids_event->Assign(7, val_mgr->GetCount(${ev.priority_id}));
|
||||
ids_event->Assign(3, val_mgr->Count(${ev.signature_id}));
|
||||
ids_event->Assign(4, val_mgr->Count(${ev.generator_id}));
|
||||
ids_event->Assign(5, val_mgr->Count(${ev.signature_revision}));
|
||||
ids_event->Assign(6, val_mgr->Count(${ev.classification_id}));
|
||||
ids_event->Assign(7, val_mgr->Count(${ev.priority_id}));
|
||||
ids_event->Assign(8, unified2_addr_to_bro_addr(${ev.src_ip}));
|
||||
ids_event->Assign(9, unified2_addr_to_bro_addr(${ev.dst_ip}));
|
||||
ids_event->Assign(10, to_port(${ev.src_p}, ${ev.protocol}));
|
||||
ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol}));
|
||||
ids_event->Assign(12, val_mgr->GetCount(${ev.impact_flag}));
|
||||
ids_event->Assign(13, val_mgr->GetCount(${ev.impact}));
|
||||
ids_event->Assign(14, val_mgr->GetCount(${ev.blocked}));
|
||||
ids_event->Assign(15, val_mgr->GetCount(${ev.mpls_label}));
|
||||
ids_event->Assign(16, val_mgr->GetCount(${ev.vlan_id}));
|
||||
ids_event->Assign(12, val_mgr->Count(${ev.impact_flag}));
|
||||
ids_event->Assign(13, val_mgr->Count(${ev.impact}));
|
||||
ids_event->Assign(14, val_mgr->Count(${ev.blocked}));
|
||||
ids_event->Assign(15, val_mgr->Count(${ev.mpls_label}));
|
||||
ids_event->Assign(16, val_mgr->Count(${ev.vlan_id}));
|
||||
|
||||
mgr.Enqueue(::unified2_event,
|
||||
IntrusivePtr{NewRef{}, connection()->bro_analyzer()->GetFile()->GetVal()},
|
||||
|
|
@ -124,12 +124,12 @@ refine flow Flow += {
|
|||
if ( ::unified2_packet )
|
||||
{
|
||||
auto packet = make_intrusive<RecordVal>(BifType::Record::Unified2::Packet);
|
||||
packet->Assign(0, val_mgr->GetCount(${pkt.sensor_id}));
|
||||
packet->Assign(1, val_mgr->GetCount(${pkt.event_id}));
|
||||
packet->Assign(2, val_mgr->GetCount(${pkt.event_second}));
|
||||
packet->Assign(0, val_mgr->Count(${pkt.sensor_id}));
|
||||
packet->Assign(1, val_mgr->Count(${pkt.event_id}));
|
||||
packet->Assign(2, val_mgr->Count(${pkt.event_second}));
|
||||
packet->Assign(3, make_intrusive<Val>(ts_to_double(${pkt.packet_ts}), TYPE_TIME));
|
||||
packet->Assign(4, val_mgr->GetCount(${pkt.link_type}));
|
||||
packet->Assign(5, bytestring_to_val(${pkt.packet_data}));
|
||||
packet->Assign(4, val_mgr->Count(${pkt.link_type}));
|
||||
packet->Assign(5, to_stringval(${pkt.packet_data}));
|
||||
|
||||
mgr.Enqueue(::unified2_packet,
|
||||
IntrusivePtr{NewRef{}, connection()->bro_analyzer()->GetFile()->GetVal()},
|
||||
|
|
|
|||
|
|
@ -89,10 +89,10 @@ static bool ocsp_add_cert_id(const OCSP_CERTID* cert_id, zeek::Args* vl, BIO* bi
|
|||
if ( ! res )
|
||||
{
|
||||
reporter->Weird("OpenSSL failed to get OCSP_CERTID info");
|
||||
vl->emplace_back(AdoptRef{}, val_mgr->GetEmptyString());
|
||||
vl->emplace_back(AdoptRef{}, val_mgr->GetEmptyString());
|
||||
vl->emplace_back(AdoptRef{}, val_mgr->GetEmptyString());
|
||||
vl->emplace_back(AdoptRef{}, val_mgr->GetEmptyString());
|
||||
vl->emplace_back(val_mgr->EmptyString());
|
||||
vl->emplace_back(val_mgr->EmptyString());
|
||||
vl->emplace_back(val_mgr->EmptyString());
|
||||
vl->emplace_back(val_mgr->EmptyString());
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -215,8 +215,9 @@ typedef struct ocsp_basic_response_st {
|
|||
STACK_OF(X509) *certs;
|
||||
} OCSP_BASICRESP;
|
||||
*/
|
||||
static StringVal* parse_basic_resp_sig_alg(OCSP_BASICRESP* basic_resp,
|
||||
BIO* bio, char* buf, size_t buf_len)
|
||||
static IntrusivePtr<StringVal> parse_basic_resp_sig_alg(OCSP_BASICRESP* basic_resp,
|
||||
BIO* bio, char* buf,
|
||||
size_t buf_len)
|
||||
{
|
||||
int der_basic_resp_len = 0;
|
||||
unsigned char* der_basic_resp_dat = nullptr;
|
||||
|
|
@ -224,7 +225,7 @@ static StringVal* parse_basic_resp_sig_alg(OCSP_BASICRESP* basic_resp,
|
|||
der_basic_resp_len = i2d_OCSP_BASICRESP(basic_resp, &der_basic_resp_dat);
|
||||
|
||||
if ( der_basic_resp_len <= 0 )
|
||||
return val_mgr->GetEmptyString();
|
||||
return val_mgr->EmptyString();
|
||||
|
||||
const unsigned char* const_der_basic_resp_dat = der_basic_resp_dat;
|
||||
|
||||
|
|
@ -233,13 +234,13 @@ static StringVal* parse_basic_resp_sig_alg(OCSP_BASICRESP* basic_resp,
|
|||
if ( ! bseq )
|
||||
{
|
||||
OPENSSL_free(der_basic_resp_dat);
|
||||
return val_mgr->GetEmptyString();
|
||||
return val_mgr->EmptyString();
|
||||
}
|
||||
|
||||
if ( sk_ASN1_TYPE_num(bseq) < 3 )
|
||||
{
|
||||
OPENSSL_free(der_basic_resp_dat);
|
||||
return val_mgr->GetEmptyString();
|
||||
return val_mgr->EmptyString();
|
||||
}
|
||||
|
||||
auto constexpr sig_alg_idx = 1u;
|
||||
|
|
@ -248,7 +249,7 @@ static StringVal* parse_basic_resp_sig_alg(OCSP_BASICRESP* basic_resp,
|
|||
if ( ASN1_TYPE_get(aseq_type) != V_ASN1_SEQUENCE )
|
||||
{
|
||||
OPENSSL_free(der_basic_resp_dat);
|
||||
return val_mgr->GetEmptyString();
|
||||
return val_mgr->EmptyString();
|
||||
}
|
||||
|
||||
auto aseq_str = aseq_type->value.asn1_string;
|
||||
|
|
@ -260,13 +261,13 @@ static StringVal* parse_basic_resp_sig_alg(OCSP_BASICRESP* basic_resp,
|
|||
if ( ! aseq )
|
||||
{
|
||||
OPENSSL_free(der_basic_resp_dat);
|
||||
return val_mgr->GetEmptyString();
|
||||
return val_mgr->EmptyString();
|
||||
}
|
||||
|
||||
if ( sk_ASN1_TYPE_num(aseq) < 1 )
|
||||
{
|
||||
OPENSSL_free(der_basic_resp_dat);
|
||||
return val_mgr->GetEmptyString();
|
||||
return val_mgr->EmptyString();
|
||||
}
|
||||
|
||||
auto constexpr alg_obj_idx = 0u;
|
||||
|
|
@ -275,20 +276,20 @@ static StringVal* parse_basic_resp_sig_alg(OCSP_BASICRESP* basic_resp,
|
|||
if ( ASN1_TYPE_get(alg_obj_type) != V_ASN1_OBJECT )
|
||||
{
|
||||
OPENSSL_free(der_basic_resp_dat);
|
||||
return val_mgr->GetEmptyString();
|
||||
return val_mgr->EmptyString();
|
||||
}
|
||||
|
||||
auto alg_obj = alg_obj_type->value.object;
|
||||
i2a_ASN1_OBJECT(bio, alg_obj);
|
||||
auto alg_len = BIO_read(bio, buf, buf_len);
|
||||
auto rval = new StringVal(alg_len, buf);
|
||||
auto rval = make_intrusive<StringVal>(alg_len, buf);
|
||||
BIO_reset(bio);
|
||||
|
||||
OPENSSL_free(der_basic_resp_dat);
|
||||
return rval;
|
||||
}
|
||||
|
||||
static Val* parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
|
||||
static IntrusivePtr<Val> parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
|
||||
{
|
||||
int der_basic_resp_len = 0;
|
||||
unsigned char* der_basic_resp_dat = nullptr;
|
||||
|
|
@ -296,7 +297,7 @@ static Val* parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
|
|||
der_basic_resp_len = i2d_OCSP_BASICRESP(basic_resp, &der_basic_resp_dat);
|
||||
|
||||
if ( der_basic_resp_len <= 0 )
|
||||
return val_mgr->GetCount(-1);
|
||||
return val_mgr->Count(-1);
|
||||
|
||||
const unsigned char* const_der_basic_resp_dat = der_basic_resp_dat;
|
||||
|
||||
|
|
@ -305,13 +306,13 @@ static Val* parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
|
|||
if ( ! bseq )
|
||||
{
|
||||
OPENSSL_free(der_basic_resp_dat);
|
||||
return val_mgr->GetCount(-1);
|
||||
return val_mgr->Count(-1);
|
||||
}
|
||||
|
||||
if ( sk_ASN1_TYPE_num(bseq) < 3 )
|
||||
{
|
||||
OPENSSL_free(der_basic_resp_dat);
|
||||
return val_mgr->GetCount(-1);
|
||||
return val_mgr->Count(-1);
|
||||
}
|
||||
|
||||
auto constexpr resp_data_idx = 0u;
|
||||
|
|
@ -320,7 +321,7 @@ static Val* parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
|
|||
if ( ASN1_TYPE_get(dseq_type) != V_ASN1_SEQUENCE )
|
||||
{
|
||||
OPENSSL_free(der_basic_resp_dat);
|
||||
return val_mgr->GetCount(-1);
|
||||
return val_mgr->Count(-1);
|
||||
}
|
||||
|
||||
auto dseq_str = dseq_type->value.asn1_string;
|
||||
|
|
@ -332,13 +333,13 @@ static Val* parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
|
|||
if ( ! dseq )
|
||||
{
|
||||
OPENSSL_free(der_basic_resp_dat);
|
||||
return val_mgr->GetEmptyString();
|
||||
return val_mgr->Count(-1);
|
||||
}
|
||||
|
||||
if ( sk_ASN1_TYPE_num(dseq) < 1 )
|
||||
{
|
||||
OPENSSL_free(der_basic_resp_dat);
|
||||
return val_mgr->GetEmptyString();
|
||||
return val_mgr->Count(-1);
|
||||
}
|
||||
|
||||
/*- ResponseData ::= SEQUENCE {
|
||||
|
|
@ -356,12 +357,12 @@ static Val* parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
|
|||
{
|
||||
OPENSSL_free(der_basic_resp_dat);
|
||||
// Not present, use default value.
|
||||
return val_mgr->GetCount(0);
|
||||
return val_mgr->Count(0);
|
||||
}
|
||||
|
||||
uint64_t asn1_int = ASN1_INTEGER_get(version_type->value.integer);
|
||||
OPENSSL_free(der_basic_resp_dat);
|
||||
return val_mgr->GetCount(asn1_int);
|
||||
return val_mgr->Count(asn1_int);
|
||||
}
|
||||
|
||||
static uint64_t parse_request_version(OCSP_REQUEST* req)
|
||||
|
|
@ -422,7 +423,7 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req)
|
|||
if ( ocsp_request )
|
||||
mgr.Enqueue(ocsp_request,
|
||||
IntrusivePtr{NewRef{}, GetFile()->GetVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(version)}
|
||||
val_mgr->Count(version)
|
||||
);
|
||||
|
||||
BIO *bio = BIO_new(BIO_s_mem());
|
||||
|
|
@ -506,9 +507,9 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
|
|||
vl.emplace_back(AdoptRef{}, status_val);
|
||||
|
||||
#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
vl.emplace_back(AdoptRef{}, val_mgr->GetCount((uint64_t)ASN1_INTEGER_get(resp_data->version)));
|
||||
vl.emplace_back(val_mgr->Count((uint64_t)ASN1_INTEGER_get(resp_data->version)));
|
||||
#else
|
||||
vl.emplace_back(AdoptRef{}, parse_basic_resp_data_version(basic_resp));
|
||||
vl.emplace_back(parse_basic_resp_data_version(basic_resp));
|
||||
#endif
|
||||
|
||||
// responderID
|
||||
|
|
@ -521,7 +522,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
|
|||
else
|
||||
{
|
||||
reporter->Weird("OpenSSL failed to get OCSP responder id");
|
||||
vl.emplace_back(AdoptRef{}, val_mgr->GetEmptyString());
|
||||
vl.emplace_back(val_mgr->EmptyString());
|
||||
}
|
||||
|
||||
// producedAt
|
||||
|
|
@ -625,7 +626,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
|
|||
vl.emplace_back(make_intrusive<StringVal>(len, buf));
|
||||
BIO_reset(bio);
|
||||
#else
|
||||
vl.emplace_back(AdoptRef{}, parse_basic_resp_sig_alg(basic_resp, bio, buf, sizeof(buf)));
|
||||
vl.emplace_back(parse_basic_resp_sig_alg(basic_resp, bio, buf, sizeof(buf)));
|
||||
#endif
|
||||
|
||||
//i2a_ASN1_OBJECT(bio, basic_resp->signature);
|
||||
|
|
|
|||
|
|
@ -79,14 +79,14 @@ bool file_analysis::X509::EndOfFile()
|
|||
X509Val* cert_val = new X509Val(ssl_cert); // cert_val takes ownership of ssl_cert
|
||||
|
||||
// parse basic information into record.
|
||||
RecordVal* cert_record = ParseCertificate(cert_val, GetFile());
|
||||
auto cert_record = ParseCertificate(cert_val, GetFile());
|
||||
|
||||
// and send the record on to scriptland
|
||||
if ( x509_certificate )
|
||||
mgr.Enqueue(x509_certificate,
|
||||
IntrusivePtr{NewRef{}, GetFile()->GetVal()},
|
||||
IntrusivePtr{NewRef{}, cert_val},
|
||||
IntrusivePtr{NewRef{}, cert_record});
|
||||
cert_record);
|
||||
|
||||
// after parsing the certificate - parse the extensions...
|
||||
|
||||
|
|
@ -105,23 +105,22 @@ bool file_analysis::X509::EndOfFile()
|
|||
//
|
||||
// The certificate will be freed when the last X509Val is Unref'd.
|
||||
|
||||
Unref(cert_record); // Unref the RecordVal that we kept around from ParseCertificate
|
||||
Unref(cert_val); // Same for cert_val
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val, File* f)
|
||||
IntrusivePtr<RecordVal> file_analysis::X509::ParseCertificate(X509Val* cert_val, File* f)
|
||||
{
|
||||
::X509* ssl_cert = cert_val->GetCertificate();
|
||||
|
||||
char buf[2048]; // we need a buffer for some of the openssl functions
|
||||
memset(buf, 0, sizeof(buf));
|
||||
|
||||
RecordVal* pX509Cert = new RecordVal(BifType::Record::X509::Certificate);
|
||||
auto pX509Cert = make_intrusive<RecordVal>(BifType::Record::X509::Certificate);
|
||||
BIO *bio = BIO_new(BIO_s_mem());
|
||||
|
||||
pX509Cert->Assign(0, val_mgr->GetCount((uint64_t) X509_get_version(ssl_cert) + 1));
|
||||
pX509Cert->Assign(0, val_mgr->Count((uint64_t) X509_get_version(ssl_cert) + 1));
|
||||
i2a_ASN1_INTEGER(bio, X509_get_serialNumber(ssl_cert));
|
||||
int len = BIO_read(bio, buf, sizeof(buf));
|
||||
pX509Cert->Assign(1, make_intrusive<StringVal>(len, buf));
|
||||
|
|
@ -229,7 +228,7 @@ RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val, File* f)
|
|||
|
||||
unsigned int length = KeyLength(pkey);
|
||||
if ( length > 0 )
|
||||
pX509Cert->Assign(10, val_mgr->GetCount(length));
|
||||
pX509Cert->Assign(10, val_mgr->Count(length));
|
||||
|
||||
EVP_PKEY_free(pkey);
|
||||
}
|
||||
|
|
@ -290,10 +289,10 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex)
|
|||
if ( x509_ext_basic_constraints )
|
||||
{
|
||||
auto pBasicConstraint = make_intrusive<RecordVal>(BifType::Record::X509::BasicConstraints);
|
||||
pBasicConstraint->Assign(0, val_mgr->GetBool(constr->ca));
|
||||
pBasicConstraint->Assign(0, val_mgr->Bool(constr->ca));
|
||||
|
||||
if ( constr->pathlen )
|
||||
pBasicConstraint->Assign(1, val_mgr->GetCount((int32_t) ASN1_INTEGER_get(constr->pathlen)));
|
||||
pBasicConstraint->Assign(1, val_mgr->Count((int32_t) ASN1_INTEGER_get(constr->pathlen)));
|
||||
|
||||
mgr.Enqueue(x509_ext_basic_constraints,
|
||||
IntrusivePtr{NewRef{}, GetFile()->GetVal()},
|
||||
|
|
@ -434,7 +433,7 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
|
|||
if ( ips != nullptr )
|
||||
sanExt->Assign(3, ips);
|
||||
|
||||
sanExt->Assign(4, val_mgr->GetBool(otherfields));
|
||||
sanExt->Assign(4, val_mgr->Bool(otherfields));
|
||||
|
||||
mgr.Enqueue(x509_ext_subject_alternative_name,
|
||||
IntrusivePtr{NewRef{}, GetFile()->GetVal()},
|
||||
|
|
|
|||
|
|
@ -86,7 +86,7 @@ public:
|
|||
* @param Returns the new record value and passes ownership to
|
||||
* caller.
|
||||
*/
|
||||
static RecordVal* ParseCertificate(X509Val* cert_val, File* file = nullptr);
|
||||
static IntrusivePtr<RecordVal> ParseCertificate(X509Val* cert_val, File* file = nullptr);
|
||||
|
||||
static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file)
|
||||
{ return new X509(args, file); }
|
||||
|
|
|
|||
|
|
@ -276,7 +276,7 @@ void file_analysis::X509Common::ParseExtension(X509_EXTENSION* ex, const EventHa
|
|||
pX509Ext->Assign(1, make_intrusive<StringVal>(short_name));
|
||||
|
||||
pX509Ext->Assign(2, make_intrusive<StringVal>(oid));
|
||||
pX509Ext->Assign(3, val_mgr->GetBool(critical));
|
||||
pX509Ext->Assign(3, val_mgr->Bool(critical));
|
||||
pX509Ext->Assign(4, ext_val);
|
||||
|
||||
// send off generic extension event
|
||||
|
|
@ -289,7 +289,7 @@ void file_analysis::X509Common::ParseExtension(X509_EXTENSION* ex, const EventHa
|
|||
if ( h == ocsp_extension )
|
||||
mgr.Enqueue(h, IntrusivePtr{NewRef{}, GetFile()->GetVal()},
|
||||
std::move(pX509Ext),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetBool(global)});
|
||||
val_mgr->Bool(global));
|
||||
else
|
||||
mgr.Enqueue(h, IntrusivePtr{NewRef{}, GetFile()->GetVal()},
|
||||
std::move(pX509Ext));
|
||||
|
|
@ -316,7 +316,7 @@ IntrusivePtr<StringVal> file_analysis::X509Common::GetExtensionFromBIO(BIO* bio,
|
|||
if ( length == 0 )
|
||||
{
|
||||
BIO_free_all(bio);
|
||||
return {AdoptRef{}, val_mgr->GetEmptyString()};
|
||||
return val_mgr->EmptyString();
|
||||
}
|
||||
|
||||
char* buffer = (char*) malloc(length);
|
||||
|
|
|
|||
|
|
@ -11,11 +11,11 @@
|
|||
#include <openssl/err.h>
|
||||
|
||||
// construct an error record
|
||||
RecordVal* x509_result_record(uint64_t num, const char* reason, Val* chainVector = nullptr)
|
||||
IntrusivePtr<RecordVal> x509_result_record(uint64_t num, const char* reason, Val* chainVector = nullptr)
|
||||
{
|
||||
RecordVal* rrecord = new RecordVal(BifType::Record::X509::Result);
|
||||
auto rrecord = make_intrusive<RecordVal>(BifType::Record::X509::Result);
|
||||
|
||||
rrecord->Assign(0, val_mgr->GetInt(num));
|
||||
rrecord->Assign(0, val_mgr->Int(num));
|
||||
rrecord->Assign(1, make_intrusive<StringVal>(reason));
|
||||
if ( chainVector )
|
||||
rrecord->Assign(2, chainVector);
|
||||
|
|
@ -161,7 +161,7 @@ function x509_parse%(cert: opaque of x509%): X509::Certificate
|
|||
function x509_from_der%(der: string%): opaque of x509
|
||||
%{
|
||||
const u_char* data = der->Bytes();
|
||||
return new file_analysis::X509Val(d2i_X509(nullptr, &data, der->Len()));
|
||||
return make_intrusive<file_analysis::X509Val>(d2i_X509(nullptr, &data, der->Len()));
|
||||
%}
|
||||
|
||||
## Returns the string form of a certificate.
|
||||
|
|
@ -192,9 +192,9 @@ function x509_get_certificate_string%(cert: opaque of x509, pem: bool &default=F
|
|||
auto ext_val = file_analysis::X509::GetExtensionFromBIO(bio);
|
||||
|
||||
if ( ! ext_val )
|
||||
ext_val = {AdoptRef{}, val_mgr->GetEmptyString()};
|
||||
ext_val = val_mgr->EmptyString();
|
||||
|
||||
return ext_val.release();
|
||||
return ext_val;
|
||||
%}
|
||||
|
||||
## Verifies an OCSP reply.
|
||||
|
|
@ -215,7 +215,7 @@ function x509_get_certificate_string%(cert: opaque of x509, pem: bool &default=F
|
|||
## x509_get_certificate_string x509_verify
|
||||
function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_certs: table_string_of_string, verify_time: time &default=network_time()%): X509::Result
|
||||
%{
|
||||
RecordVal* rval = 0;
|
||||
IntrusivePtr<RecordVal> rval;
|
||||
X509_STORE* ctx = ::file_analysis::X509::GetRootStore(root_certs->AsTableVal());
|
||||
if ( ! ctx )
|
||||
return x509_result_record(-1, "Problem initializing root store");
|
||||
|
|
@ -578,7 +578,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str
|
|||
|
||||
x509_verify_chainerror:
|
||||
|
||||
RecordVal* rrecord = x509_result_record(X509_STORE_CTX_get_error(csc), X509_verify_cert_error_string(X509_STORE_CTX_get_error(csc)), chainVector);
|
||||
auto rrecord = x509_result_record(X509_STORE_CTX_get_error(csc), X509_verify_cert_error_string(X509_STORE_CTX_get_error(csc)), chainVector);
|
||||
|
||||
X509_STORE_CTX_cleanup(csc);
|
||||
X509_STORE_CTX_free(csc);
|
||||
|
|
@ -623,7 +623,7 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
|
|||
if ( precert && issuer_key_hash->Len() != 32)
|
||||
{
|
||||
reporter->Error("Invalid issuer_key_hash length");
|
||||
return val_mgr->GetFalse();
|
||||
return val_mgr->False();
|
||||
}
|
||||
|
||||
std::string data;
|
||||
|
|
@ -647,7 +647,7 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
|
|||
if ( pos < 0 )
|
||||
{
|
||||
reporter->Error("NID_ct_precert_scts not found");
|
||||
return val_mgr->GetFalse();
|
||||
return val_mgr->False();
|
||||
}
|
||||
#else
|
||||
int num_ext = X509_get_ext_count(x);
|
||||
|
|
@ -742,7 +742,7 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
|
|||
EVP_MD_CTX_destroy(mdctx);
|
||||
EVP_PKEY_free(key);
|
||||
|
||||
return val_mgr->GetBool(success);
|
||||
return val_mgr->Bool(success);
|
||||
|
||||
sct_verify_err:
|
||||
if (mdctx)
|
||||
|
|
@ -751,7 +751,7 @@ sct_verify_err:
|
|||
EVP_PKEY_free(key);
|
||||
|
||||
reporter->Error("%s", errstr.c_str());
|
||||
return val_mgr->GetFalse();
|
||||
return val_mgr->False();
|
||||
%}
|
||||
|
||||
|
||||
|
|
@ -761,7 +761,7 @@ sct_verify_err:
|
|||
* 1 -> issuer name
|
||||
* 2 -> pubkey
|
||||
*/
|
||||
StringVal* x509_entity_hash(file_analysis::X509Val *cert_handle, unsigned int hash_alg, unsigned int type)
|
||||
IntrusivePtr<StringVal> x509_entity_hash(file_analysis::X509Val *cert_handle, unsigned int hash_alg, unsigned int type)
|
||||
{
|
||||
assert(cert_handle);
|
||||
|
||||
|
|
@ -824,7 +824,7 @@ StringVal* x509_entity_hash(file_analysis::X509Val *cert_handle, unsigned int ha
|
|||
|
||||
assert( len <= sizeof(md) );
|
||||
|
||||
return new StringVal(len, reinterpret_cast<const char*>(md));
|
||||
return make_intrusive<StringVal>(len, reinterpret_cast<const char*>(md));
|
||||
}
|
||||
%%}
|
||||
|
||||
|
|
@ -902,7 +902,7 @@ function x509_set_certificate_cache%(tbl: string_any_table%) : bool
|
|||
%{
|
||||
file_analysis::X509::SetCertificateCache({NewRef{}, tbl->AsTableVal()});
|
||||
|
||||
return val_mgr->GetTrue();
|
||||
return val_mgr->True();
|
||||
%}
|
||||
|
||||
## This function sets up the callback that is called when an entry is matched against the table set
|
||||
|
|
@ -920,5 +920,5 @@ function x509_set_certificate_cache_hit_callback%(f: string_any_file_hook%) : bo
|
|||
%{
|
||||
file_analysis::X509::SetCertificateCacheHitCallback({NewRef{}, f->AsFunc()});
|
||||
|
||||
return val_mgr->GetTrue();
|
||||
return val_mgr->True();
|
||||
%}
|
||||
|
|
|
|||
|
|
@ -40,11 +40,11 @@ refine connection MockConnection += {
|
|||
|
||||
mgr.Enqueue(x509_ocsp_ext_signed_certificate_timestamp,
|
||||
IntrusivePtr{NewRef{}, bro_analyzer()->GetFile()->GetVal()},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(version)},
|
||||
val_mgr->Count(version),
|
||||
make_intrusive<StringVal>(logid.length(), reinterpret_cast<const char*>(logid.begin())),
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(timestamp)},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(digitally_signed_algorithms->HashAlgorithm())},
|
||||
IntrusivePtr{AdoptRef{}, val_mgr->GetCount(digitally_signed_algorithms->SignatureAlgorithm())},
|
||||
val_mgr->Count(timestamp),
|
||||
val_mgr->Count(digitally_signed_algorithms->HashAlgorithm()),
|
||||
val_mgr->Count(digitally_signed_algorithms->SignatureAlgorithm()),
|
||||
make_intrusive<StringVal>(digitally_signed_signature.length(), reinterpret_cast<const char*>(digitally_signed_signature.begin()))
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -14,28 +14,28 @@ type AnalyzerArgs: record;
|
|||
function Files::__set_timeout_interval%(file_id: string, t: interval%): bool
|
||||
%{
|
||||
bool result = file_mgr->SetTimeoutInterval(file_id->CheckString(), t);
|
||||
return val_mgr->GetBool(result);
|
||||
return val_mgr->Bool(result);
|
||||
%}
|
||||
|
||||
## :zeek:see:`Files::enable_reassembly`.
|
||||
function Files::__enable_reassembly%(file_id: string%): bool
|
||||
%{
|
||||
bool result = file_mgr->EnableReassembly(file_id->CheckString());
|
||||
return val_mgr->GetBool(result);
|
||||
return val_mgr->Bool(result);
|
||||
%}
|
||||
|
||||
## :zeek:see:`Files::disable_reassembly`.
|
||||
function Files::__disable_reassembly%(file_id: string%): bool
|
||||
%{
|
||||
bool result = file_mgr->DisableReassembly(file_id->CheckString());
|
||||
return val_mgr->GetBool(result);
|
||||
return val_mgr->Bool(result);
|
||||
%}
|
||||
|
||||
## :zeek:see:`Files::set_reassembly_buffer_size`.
|
||||
function Files::__set_reassembly_buffer%(file_id: string, max: count%): bool
|
||||
%{
|
||||
bool result = file_mgr->SetReassemblyBuffer(file_id->CheckString(), max);
|
||||
return val_mgr->GetBool(result);
|
||||
return val_mgr->Bool(result);
|
||||
%}
|
||||
|
||||
## :zeek:see:`Files::add_analyzer`.
|
||||
|
|
@ -45,7 +45,7 @@ function Files::__add_analyzer%(file_id: string, tag: Files::Tag, args: any%): b
|
|||
auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs);
|
||||
bool result = file_mgr->AddAnalyzer(file_id->CheckString(),
|
||||
file_mgr->GetComponentTag(tag), rv.get());
|
||||
return val_mgr->GetBool(result);
|
||||
return val_mgr->Bool(result);
|
||||
%}
|
||||
|
||||
## :zeek:see:`Files::remove_analyzer`.
|
||||
|
|
@ -55,29 +55,29 @@ function Files::__remove_analyzer%(file_id: string, tag: Files::Tag, args: any%)
|
|||
auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs);
|
||||
bool result = file_mgr->RemoveAnalyzer(file_id->CheckString(),
|
||||
file_mgr->GetComponentTag(tag) , rv.get());
|
||||
return val_mgr->GetBool(result);
|
||||
return val_mgr->Bool(result);
|
||||
%}
|
||||
|
||||
## :zeek:see:`Files::stop`.
|
||||
function Files::__stop%(file_id: string%): bool
|
||||
%{
|
||||
bool result = file_mgr->IgnoreFile(file_id->CheckString());
|
||||
return val_mgr->GetBool(result);
|
||||
return val_mgr->Bool(result);
|
||||
%}
|
||||
|
||||
## :zeek:see:`Files::analyzer_name`.
|
||||
function Files::__analyzer_name%(tag: Files::Tag%) : string
|
||||
%{
|
||||
return new StringVal(file_mgr->GetComponentName(tag));
|
||||
return make_intrusive<StringVal>(file_mgr->GetComponentName(tag));
|
||||
%}
|
||||
|
||||
## :zeek:see:`Files::file_exists`.
|
||||
function Files::__file_exists%(fuid: string%): bool
|
||||
%{
|
||||
if ( file_mgr->LookupFile(fuid->CheckString()) != nullptr )
|
||||
return val_mgr->GetTrue();
|
||||
return val_mgr->True();
|
||||
else
|
||||
return val_mgr->GetFalse();
|
||||
return val_mgr->False();
|
||||
%}
|
||||
|
||||
## :zeek:see:`Files::lookup_file`.
|
||||
|
|
@ -86,11 +86,11 @@ function Files::__lookup_file%(fuid: string%): fa_file
|
|||
auto f = file_mgr->LookupFile(fuid->CheckString());
|
||||
if ( f != nullptr )
|
||||
{
|
||||
return f->GetVal()->Ref();
|
||||
return IntrusivePtr{NewRef{}, f->GetVal()};
|
||||
}
|
||||
|
||||
reporter->Error("file ID %s not a known file", fuid->CheckString());
|
||||
return 0;
|
||||
return nullptr;
|
||||
%}
|
||||
|
||||
module GLOBAL;
|
||||
|
|
@ -108,5 +108,5 @@ function set_file_handle%(handle: string%): any
|
|||
auto bytes = reinterpret_cast<const char*>(handle->Bytes());
|
||||
auto h = std::string(bytes, handle->Len());
|
||||
file_mgr->SetHandle(h);
|
||||
return 0;
|
||||
return nullptr;
|
||||
%}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue