Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Refactor common MIME magic matching code.

Browse source 
Put some methods in file_analysis::Manager that can perform the
matching process and return MIME type results.  Also helps to
centralize the management/re-use of a signature matcher object.
This commit is contained in:
Jon Siwek 2014-03-05 10:49:57 -06:00
parent 9ac8110416
commit 0865b152bb
5 changed files with 71 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/file_analysis/File.cc
View file

@ -280,16 +280,12 @@ bool File::BufferBOF(const u_char* data, uint64 len)
bool File::DetectMIME(const u_char* data, uint64 len)
{
static RuleFileMagicState* fms = rule_matcher->InitFileMagic();
rule_matcher->ClearFileMagicState(fms);
RuleMatcher::MIME_Matches matches;
rule_matcher->Match(fms, data, len, &matches);
string strongest_match = file_mgr->DetectMIME(data, len);
if ( matches.empty() )
if ( strongest_match.empty() )
return false;
val->Assign(mime_type_idx, new StringVal(*matches.begin()->second.begin()));
val->Assign(mime_type_idx, new StringVal(strongest_match));
return true;
}