diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index b7a2b1b80c..02887b38a5 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -454,6 +454,18 @@ type connection: record { inner_vlan: int &optional; }; +## Arguments given to Zeek from the command line. In order to use this, Zeek +## must use the "--" command line argument, then give the script name immediately +## after the double hyphens and the provide the arguments after that. For example: +## +## zeek --bare-mode -- myscript.zeek -a -b -c +## +## To use Zeek as an executable interpreter, include a line at the top of a script +## like the following and make the script executable: +## +## #!/usr/local/zeek/bin/zeek -- +const zeek_script_args: vector of string = vector(); + ## Default amount of time a file can be inactive before the file analysis ## gives up and discards any internal state related to the file. option default_file_timeout_interval: interval = 2 mins; diff --git a/src/NetVar.cc b/src/NetVar.cc index dfc52e0ea4..b8985456ae 100644 --- a/src/NetVar.cc +++ b/src/NetVar.cc @@ -30,6 +30,8 @@ zeek::VectorType* index_vec; zeek::VectorType* mime_matches; zeek::RecordType* mime_match; +zeek::VectorVal* zeek_script_args; + zeek::RecordType* socks_address; zeek::TableVal* tcp_reassembler_ports_orig; diff --git a/src/Options.cc b/src/Options.cc index a9e4f40db7..cdc99993d1 100644 --- a/src/Options.cc +++ b/src/Options.cc @@ -5,6 +5,7 @@ #include "Options.h" #include +#include #include @@ -186,8 +187,48 @@ Options parse_cmdline(int argc, char** argv) } else { - for ( auto i = 0; i < argc; ++i ) - zeek_args.emplace_back(argv[i]); + if ( argc > 1 ) + { + auto endsWith = [](const std::string& str, const std::string& suffix) + { + return str.size() >= suffix.size() && 0 == str.compare(str.size()-suffix.size(), suffix.size(), suffix); + }; + + auto i = 0; + for ( ; i < argc && ! endsWith(argv[i], "--"); ++i ) + { + zeek_args.emplace_back(argv[i]); + } + + // If a script is invoked with Zeek as the interpreter, the arguments provided + // directly in the interpreter line of the script won't be broken apart in the + // argv on Linux so we split it up here. + if ( endsWith(argv[i], "--") && zeek_args.size() == 1 ) + { + std::istringstream iss(argv[i]); + for ( std::string s; iss >> s; ) + { + if ( ! endsWith(s, "--") ) + { + zeek_args.emplace_back(s); + } + } + } + + if ( i < argc ) + { + // There is an additional increment here to skip over the "--" if it was found. + if ( endsWith(argv[i], "--") ) + ++i; + + // The first argument after the double hyphens in implicitly a script name. + rval.scripts_to_load.emplace_back(argv[i++]); + + // If there are more argument, grab them for script arguments + for ( ; i < argc; ++i ) + rval.script_args.emplace_back(argv[i]); + } + } } constexpr struct option long_opts[] = { diff --git a/src/Options.h b/src/Options.h index d70e37d65c..3f949e675f 100644 --- a/src/Options.h +++ b/src/Options.h @@ -74,6 +74,8 @@ struct Options { std::set plugins_to_load; std::vector scripts_to_load; std::vector script_options_to_set; + + std::vector script_args; }; /** diff --git a/src/zeek-setup.cc b/src/zeek-setup.cc index 600597988d..2b6a4e37e4 100644 --- a/src/zeek-setup.cc +++ b/src/zeek-setup.cc @@ -660,6 +660,16 @@ SetupResult setup(int argc, char** argv, Options* zopts) init_net_var(); run_bif_initializers(); + // Assign the script_args for command line processing in Zeek scripts. + if ( ! options.script_args.empty() ) + { + auto script_args_val = zeek::id::find_val("zeek_script_args")->AsVectorVal(); + for ( const string& script_arg: options.script_args ) + { + script_args_val->Assign(script_args_val->Size(), zeek::make_intrusive(script_arg)); + } + } + // Must come after plugin activation (and also after hash // initialization). binpac::FlowBuffer::Policy flowbuffer_policy;