Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

enhancements for event-tracing:

Browse source 
- reporting of potentially sensitive constants
  - tracking of unsupported types enabling hand-editing to fix them
  - fixed generation of "unspecified" aggregates
  - fixed generation of IPv6 constants
  - fixed generation when running without a packet source
This commit is contained in:
Vern Paxson 2023-05-08 17:37:53 -07:00 committed by Tim Wojtulewicz
parent db00835797
commit 1419803dbd
2 changed files with 247 additions and 65 deletions
Download patch file Download diff file Expand all files Collapse all files

43
src/EventTrace.h
View file

@ -264,8 +264,16 @@ public:
DeltaVectorCreate(const ValTrace* _vt) : ValDelta(_vt) { }
std::string Generate(ValTraceMgr* vtm) const override;
};
private:
// Captures the notion of creating a value with an unsupported type
// (like "opaque").
class DeltaUnsupportedCreate : public ValDelta
{
public:
DeltaUnsupportedCreate(const ValTrace* _vt) : ValDelta(_vt) { }
std::string Generate(ValTraceMgr* vtm) const override;
};
// Manages the changes to (or creation of) a variable used to represent
@ -385,6 +393,19 @@ public:
// needs to be global (because it's used across multiple events).
bool IsGlobal(const ValPtr& v) const { return globals.count(v.get()) > 0; }
// Returns or sets the "base time" from which eligible times are
// transformed into offsets rather than maintained as absolute
// values.
double GetBaseTime() const { return base_time; }
void SetBaseTime(double bt) { base_time = bt; }
// Returns a Zeek script representation of the given "time" value.
// This might be relative to base_time or might be absolute.
std::string TimeConstant(double t);
// Returns the array of per-type-tag constants.
const auto& GetConstants() const { return constants; }
private:
// Traces the given value, which we may-or-may-not have seen before.
void AddVal(ValPtr v);
@ -404,6 +425,17 @@ private:
// Create and track a script variable associated with the given value.
void TrackVar(const Val* vt);
// Generates a name for a value.
std::string GenValName(const ValPtr& v);
// True if the given value is an unspecified (and empty set,
// table, or vector appearing as a constant rather than an
// already-typed value).
bool IsUnspecifiedAggregate(const ValPtr& v) const;
// True if the given value has an unsupported type.
bool IsUnsupported(const Val* v) const;
// Maps values to their associated traces.
std::unordered_map<const Val*, std::shared_ptr<ValTrace>> val_map;
@ -423,6 +455,15 @@ private:
// to be global.
std::unordered_set<const Val*> globals;
// Indexed by type tag, stores an ordered set of all of the distinct
// representations of constants of that type.
std::array<std::set<std::string>, NUM_TYPES> constants;
// If non-zero, then we've established a "base time" and will report
// time constants as offsets from it (when reasonable, i.e., no
// negative offsets, and base_time can't be too close to 0.0).
double base_time = 0.0;
// The event we're currently tracing.
std::shared_ptr<EventTrace> curr_ev;