Remove extraction counter in default file extraction scripts.

scripts/base/protocols/ftp/file-extract.bro

@@ -13,8 +13,6 @@ export {
 	const extraction_prefix = "ftp-item" &redef;
 }
 
-global extract_count: count = 0;
-
 redef record Info += {
 	## On disk file where it was extracted to.
 	extraction_file:       string &log &optional;
@@ -26,8 +24,7 @@ redef record Info += {
 
 function get_extraction_name(f: fa_file): string
 	{
-	local r = fmt("%s-%s-%d.dat", extraction_prefix, f$id, extract_count);
+	local r = fmt("%s-%s.dat", extraction_prefix, f$id);
-	++extract_count;
 	return r;
 	}
 

scripts/base/protocols/http/file-extract.bro

@@ -23,12 +23,9 @@ export {
 	};
 }
 
-global extract_count: count = 0;
-
 function get_extraction_name(f: fa_file): string
 	{
-	local r = fmt("%s-%s-%d.dat", extraction_prefix, f$id, extract_count);
+	local r = fmt("%s-%s.dat", extraction_prefix, f$id);
-	++extract_count;
 	return r;
 	}
 

scripts/base/protocols/irc/dcc-send.bro

@@ -39,8 +39,6 @@ export {
 
 global dcc_expected_transfers: table[addr, port] of Info &read_expire=5mins;
 
-global extract_count: count = 0;
-
 function set_dcc_mime(f: fa_file)
 	{
 	if ( ! f?$conns ) return;
@@ -75,8 +73,7 @@ function set_dcc_extraction_file(f: fa_file, filename: string)
 
 function get_extraction_name(f: fa_file): string
 	{
-	local r = fmt("%s-%s-%d.dat", extraction_prefix, f$id, extract_count);
+	local r = fmt("%s-%s.dat", extraction_prefix, f$id);
-	++extract_count;
 	return r;
 	}
 

scripts/base/protocols/smtp/entities.bro

@@ -66,8 +66,6 @@ export {
 	global log_mime: event(rec: EntityInfo);
 }
 
-global extract_count: count = 0;
-
 event bro_init() &priority=5
 	{
 	Log::create_stream(SMTP::ENTITIES_LOG, [$columns=EntityInfo, $ev=log_mime]);
@@ -90,8 +88,7 @@ function set_session(c: connection, new_entity: bool)
 
 function get_extraction_name(f: fa_file): string
 	{
-	local r = fmt("%s-%s-%d.dat", extraction_prefix, f$id, extract_count);
+	local r = fmt("%s-%s.dat", extraction_prefix, f$id);
-	++extract_count;
 	return r;
 	}
 
@@ -127,7 +124,6 @@ event file_new(f: fa_file) &priority=5
 				                           [$tag=FileAnalysis::ANALYZER_EXTRACT,
 				                            $extract_filename=fname]);
 				extracting = T;
-				++extract_count;
 				}
 
 			c$smtp$current_entity$extraction_file = fname;

testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp.log

@@ -9,13 +9,13 @@
 1329843175.680248	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	anonymous	test	PASV	-	-	-	227	Entering Passive Mode (199,233,217,249,221,90)	(empty)	T	141.142.220.235	199.233.217.249	56666	-
 1329843175.791528	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	anonymous	test	LIST	-	-	-	226	Transfer complete.	(empty)	-	-	-	-	-
 1329843179.815947	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	anonymous	test	PASV	-	-	-	227	Entering Passive Mode (199,233,217,249,221,91)	(empty)	T	141.142.220.235	199.233.217.249	56667	-
-1329843193.984222	arKYeMETxOg	141.142.220.235	37604	199.233.217.249	56666	<ftp-data>	-	-	-	-	-	-	-	(empty)	-	-	-	-	ftp-item-Rqjkzoroau4-0.dat
+1329843193.984222	arKYeMETxOg	141.142.220.235	37604	199.233.217.249	56666	<ftp-data>	-	-	-	-	-	-	-	(empty)	-	-	-	-	ftp-item-Rqjkzoroau4.dat
-1329843193.984222	k6kgXLOoSKl	141.142.220.235	59378	199.233.217.249	56667	<ftp-data>	-	-	-	-	-	-	-	(empty)	-	-	-	-	ftp-item-BTsa70Ua9x7-1.dat
+1329843193.984222	k6kgXLOoSKl	141.142.220.235	59378	199.233.217.249	56667	<ftp-data>	-	-	-	-	-	-	-	(empty)	-	-	-	-	ftp-item-BTsa70Ua9x7.dat
 1329843179.926563	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	anonymous	test	RETR	ftp://199.233.217.249/./robots.txt	text/plain	77	226	Transfer complete.	(empty)	-	-	-	-	-
 1329843194.040188	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	anonymous	test	PORT	141,142,220,235,131,46	-	-	200	PORT command successful.	(empty)	F	199.233.217.249	141.142.220.235	33582	-
 1329843194.095782	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	anonymous	test	LIST	-	-	-	226	Transfer complete.	(empty)	-	-	-	-	-
 1329843197.672179	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	anonymous	test	PORT	141,142,220,235,147,203	-	-	200	PORT command successful.	(empty)	F	199.233.217.249	141.142.220.235	37835	-
-1329843199.968212	nQcgTWjvg4c	199.233.217.249	61920	141.142.220.235	33582	<ftp-data>	-	-	-	-	-	-	-	(empty)	-	-	-	-	ftp-item-VLQvJybrm38-2.dat
+1329843199.968212	nQcgTWjvg4c	199.233.217.249	61920	141.142.220.235	33582	<ftp-data>	-	-	-	-	-	-	-	(empty)	-	-	-	-	ftp-item-VLQvJybrm38.dat
 1329843197.727769	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	anonymous	test	RETR	ftp://199.233.217.249/./robots.txt	text/plain	77	226	Transfer complete.	(empty)	-	-	-	-	-
-1329843200.079930	j4u32Pc5bif	199.233.217.249	61918	141.142.220.235	37835	<ftp-data>	-	-	-	-	-	-	-	(empty)	-	-	-	-	ftp-item-zrfwSs9K1yk-3.dat
+1329843200.079930	j4u32Pc5bif	199.233.217.249	61918	141.142.220.235	37835	<ftp-data>	-	-	-	-	-	-	-	(empty)	-	-	-	-	ftp-item-zrfwSs9K1yk.dat
 #close	2013-04-12-16-32-25

testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http.log

@@ -6,5 +6,5 @@
 #open	2013-03-22-14-38-28
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	table[enum]	string	string	table[string]	string	string	string
-1128727435.634189	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	1	GET	www.icir.org	/	-	Wget/1.10	0	9130	200	OK	-	-	-	(empty)	-	-	-	text/html	-	http-item-BFymS6bFgT3-0.dat
+1128727435.634189	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	1	GET	www.icir.org	/	-	Wget/1.10	0	9130	200	OK	-	-	-	(empty)	-	-	-	text/html	-	http-item-BFymS6bFgT3.dat
 #close	2013-03-22-14-38-28

testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log

@@ -9,5 +9,5 @@
 1311189164.119437	UWkUyAuUGXf	192.168.1.77	57640	66.198.80.67	6667	-	-	NICK	bloed	-	-	-	-	-
 1311189164.119437	UWkUyAuUGXf	192.168.1.77	57640	66.198.80.67	6667	bloed	-	USER	sdkfje	sdkfje Montreal.QC.CA.Undernet.org dkdkrwq	-	-	-	-
 1311189174.474127	UWkUyAuUGXf	192.168.1.77	57640	66.198.80.67	6667	bloed	sdkfje	JOIN	#easymovies	(empty)	-	-	-	-
-1311189316.326025	UWkUyAuUGXf	192.168.1.77	57640	66.198.80.67	6667	bloed	sdkfje	DCC	#easymovies	(empty)	ladyvampress-default(2011-07-07)-OS.zip	42208	FAKE_MIME	irc-dcc-item-wqKMAamJVSb-0.dat
+1311189316.326025	UWkUyAuUGXf	192.168.1.77	57640	66.198.80.67	6667	bloed	sdkfje	DCC	#easymovies	(empty)	ladyvampress-default(2011-07-07)-OS.zip	42208	application/zip	irc-dcc-item-wqKMAamJVSb.dat
 #close	2013-03-27-18-49-16

testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log

@@ -6,7 +6,7 @@
 #open	2013-03-26-20-43-14
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	filename	content_len	mime_type	md5	extraction_file	excerpt
 #types	time	string	addr	port	addr	port	count	string	count	string	string	string	string
-1254722770.692743	arKYeMETxOg	10.10.1.4	1470	74.53.140.153	25	1	-	79	text/plain	-	smtp-entity-cwR7l6Zctxb-0.dat	(empty)
+1254722770.692743	arKYeMETxOg	10.10.1.4	1470	74.53.140.153	25	1	-	79	text/plain	-	smtp-entity-cwR7l6Zctxb.dat	(empty)
 1254722770.692743	arKYeMETxOg	10.10.1.4	1470	74.53.140.153	25	1	-	1918	text/html	-	-	(empty)
-1254722770.692804	arKYeMETxOg	10.10.1.4	1470	74.53.140.153	25	1	NEWS.txt	10823	text/plain	-	smtp-entity-Ltd7QO7jEv3-1.dat	(empty)
+1254722770.692804	arKYeMETxOg	10.10.1.4	1470	74.53.140.153	25	1	NEWS.txt	10823	text/plain	-	smtp-entity-Ltd7QO7jEv3.dat	(empty)
 #close	2013-03-26-20-43-14

testing/btest/scripts/base/protocols/ftp/ftp-extract.bro

@@ -3,10 +3,10 @@
 # @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT
 # @TEST-EXEC: btest-diff conn.log
 # @TEST-EXEC: btest-diff ftp.log
-# @TEST-EXEC: btest-diff ftp-item-Rqjkzoroau4-0.dat
+# @TEST-EXEC: btest-diff ftp-item-Rqjkzoroau4.dat
-# @TEST-EXEC: btest-diff ftp-item-BTsa70Ua9x7-1.dat
+# @TEST-EXEC: btest-diff ftp-item-BTsa70Ua9x7.dat
-# @TEST-EXEC: btest-diff ftp-item-VLQvJybrm38-2.dat
+# @TEST-EXEC: btest-diff ftp-item-VLQvJybrm38.dat
-# @TEST-EXEC: btest-diff ftp-item-zrfwSs9K1yk-3.dat
+# @TEST-EXEC: btest-diff ftp-item-zrfwSs9K1yk.dat
 
 redef FTP::logged_commands += {"LIST"};
 redef FTP::extract_file_types=/.*/;

testing/btest/scripts/base/protocols/http/http-extract-files.bro

@@ -1,5 +1,5 @@
 # @TEST-EXEC: bro -C -r $TRACES/web.trace %INPUT
 # @TEST-EXEC: btest-diff http.log
-# @TEST-EXEC: btest-diff http-item-BFymS6bFgT3-0.dat
+# @TEST-EXEC: btest-diff http-item-BFymS6bFgT3.dat
 
 redef HTTP::extract_file_types += /text\/html/;

testing/btest/scripts/base/protocols/irc/dcc-extract.test

@@ -1,26 +1,10 @@
 # This tests that the contents of a DCC transfer negotiated with IRC can be
-# correctly extracted.  The mime type of the file transferred is normalized
+# correctly extracted.
-# to prevent sensitivity to libmagic version being used.
 
 # @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT
 # @TEST-EXEC: btest-diff irc.log
-# @TEST-EXEC: btest-diff irc-dcc-item-wqKMAamJVSb-0.dat
+# @TEST-EXEC: btest-diff irc-dcc-item-wqKMAamJVSb.dat
 # @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT IRC::extraction_prefix="test"
-# @TEST-EXEC: test -e test-wqKMAamJVSb-0.dat
+# @TEST-EXEC: test -e test-wqKMAamJVSb.dat
 
 redef IRC::extract_file_types=/.*/;
-
-event bro_init()
-	{
-	Log::remove_default_filter(IRC::LOG);
-	Log::add_filter(IRC::LOG, [$name="normalized-mime-types",
-	                           $pred=function(rec: IRC::Info): bool
-		{
-		if ( rec?$dcc_mime_type )
-			{
-			rec$dcc_mime_type = "FAKE_MIME";
-			}
-		return T;
-		}
-	]);
-	}

testing/btest/scripts/base/protocols/smtp/mime-extract.test

@@ -1,10 +1,10 @@
 # @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
 # @TEST-EXEC: btest-diff smtp_entities.log
-# @TEST-EXEC: btest-diff smtp-entity-cwR7l6Zctxb-0.dat
+# @TEST-EXEC: btest-diff smtp-entity-cwR7l6Zctxb.dat
-# @TEST-EXEC: btest-diff smtp-entity-Ltd7QO7jEv3-1.dat
+# @TEST-EXEC: btest-diff smtp-entity-Ltd7QO7jEv3.dat
 # @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT SMTP::extraction_prefix="test"
-# @TEST-EXEC: test -e test-cwR7l6Zctxb-0.dat
+# @TEST-EXEC: test -e test-cwR7l6Zctxb.dat
-# @TEST-EXEC: test -e test-Ltd7QO7jEv3-1.dat
+# @TEST-EXEC: test -e test-Ltd7QO7jEv3.dat
 
 @load base/protocols/smtp