Move file_analysis code to zeek namespaces

2025-10-14 20:48:21 +00:00 · 2020-08-01 10:47:36 -07:00 · 2020-08-01 10:47:36 -07:00 · 14408235b8
commit 14408235b8
parent 8411adf9e1
66 changed files with 554 additions and 410 deletions
--- a/src/file_analysis/analyzer/extract/Extract.cc
+++ b/src/file_analysis/analyzer/extract/Extract.cc
@ -8,11 +8,11 @@
 #include "Event.h"
 #include "file_analysis/Manager.h"

-using namespace file_analysis;
+namespace zeek::file_analysis::detail {

-Extract::Extract(zeek::RecordValPtr args, File* file,
+Extract::Extract(zeek::RecordValPtr args, zeek::file_analysis::File* file,
                 const std::string& arg_filename, uint64_t arg_limit)
-    : file_analysis::Analyzer(file_mgr->GetComponentTag("EXTRACT"),
+    : file_analysis::Analyzer(zeek::file_mgr->GetComponentTag("EXTRACT"),
                              std::move(args), file),
      filename(arg_filename), limit(arg_limit), depth(0)
 	{
@ -44,7 +44,8 @@ static const zeek::ValPtr& get_extract_field_val(const zeek::RecordValPtr& args,
 	return rval;
 	}

-file_analysis::Analyzer* Extract::Instantiate(zeek::RecordValPtr args, File* file)
+zeek::file_analysis::Analyzer* Extract::Instantiate(zeek::RecordValPtr args,
+                                                    zeek::file_analysis::File* file)
 	{
 	const auto& fname = get_extract_field_val(args, "extract_filename");
 	const auto& limit = get_extract_field_val(args, "extract_limit");
@ -92,7 +93,7 @@ bool Extract::DeliverStream(const u_char* data, uint64_t len)

 	if ( limit_exceeded && file_extraction_limit )
 		{
-		File* f = GetFile();
+		zeek::file_analysis::File* f = GetFile();
 		f->FileEvent(file_extraction_limit, {
 			f->ToVal(),
 			GetArgs(),
@ -125,3 +126,5 @@ bool Extract::Undelivered(uint64_t offset, uint64_t len)

 	return true;
 	}
+
+} // namespace zeek::file_analysis::detail
--- a/src/file_analysis/analyzer/extract/Extract.h
+++ b/src/file_analysis/analyzer/extract/Extract.h
@ -10,12 +10,12 @@

 #include "analyzer/extract/events.bif.h"

-namespace file_analysis {
+namespace zeek::file_analysis::detail {

 /**
 * An analyzer to extract content of files to local disk.
 */
-class Extract : public file_analysis::Analyzer {
+class Extract : public zeek::file_analysis::Analyzer {
 public:

 	/**
@ -47,8 +47,8 @@ public:
 	 * @return the new Extract analyzer instance or a null pointer if the
 	 *         the "extraction_file" field of \a args wasn't set.
 	 */
-	static file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args,
-	                                            File* file);
+	static zeek::file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args,
+	                                                  zeek::file_analysis::File* file);

 	/**
 	 * Sets the maximum allowed extracted file size.  A value of zero means
@ -67,7 +67,7 @@ protected:
 	 *        to which the contents of the file will be extracted/written.
 	 * @param arg_limit the maximum allowed file size.
 	 */
-	Extract(zeek::RecordValPtr args, File* file,
+	Extract(zeek::RecordValPtr args, zeek::file_analysis::File* file,
 	        const std::string& arg_filename, uint64_t arg_limit);

 private:
@ -77,4 +77,10 @@ private:
 	uint64_t depth;
 };

+} // namespace zeek::file_analysis::detail
+
+namespace file_analysis {
+
+	using Extract [[deprecated("Remove in v4.1. Use zeek::file_analysis::detail::Extract.")]] = zeek::file_analysis::detail::Extract;
+
 } // namespace file_analysis
--- a/src/file_analysis/analyzer/extract/Plugin.cc
+++ b/src/file_analysis/analyzer/extract/Plugin.cc
@ -4,14 +4,13 @@
 #include "plugin/Plugin.h"
 #include "file_analysis/Component.h"

-namespace plugin {
-namespace Zeek_FileExtract {
+namespace zeek::plugin::detail::Zeek_FileExtract {

 class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure() override
 		{
-		AddComponent(new ::file_analysis::Component("EXTRACT", ::file_analysis::Extract::Instantiate));
+		AddComponent(new zeek::file_analysis::Component("EXTRACT", zeek::file_analysis::detail::Extract::Instantiate));

 		zeek::plugin::Configuration config;
 		config.name = "Zeek::FileExtract";
@ -20,5 +19,4 @@ public:
 		}
 } plugin;

-}
-}
+} // namespace zeek::plugin::detail::Zeek_FileExtract
--- a/src/file_analysis/analyzer/extract/functions.bif
+++ b/src/file_analysis/analyzer/extract/functions.bif
@ -12,8 +12,8 @@ function FileExtract::__set_limit%(file_id: string, args: any, n: count%): bool
 	%{
 	using zeek::BifType::Record::Files::AnalyzerArgs;
 	auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs);
-	bool result = file_mgr->SetExtractionLimit(file_id->CheckString(),
-	                                           std::move(rv), n);
+	bool result = zeek::file_mgr->SetExtractionLimit(file_id->CheckString(),
+	                                                 std::move(rv), n);
 	return zeek::val_mgr->Bool(result);
 	%}