Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 16:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Address feedback

Browse source 
Smaller fixes. I split out the API change of the fallback function into
a separate commit.
This commit is contained in:
Johanna Amann 2020-03-12 11:21:39 -07:00
parent 0a7b358985
commit 3ed9379b9e
4 changed files with 9 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

9
scripts/base/files/x509/main.zeek
View file

@ -214,14 +214,11 @@ event file_hash(f: fa_file, kind: string, hash: string)
if ( ! f?$info || "X509" !in f$info$analyzers || kind != "sha256" ) if ( ! f?$info || "X509" !in f$info$analyzers || kind != "sha256" )
return; return;
if ( caching_required_encounters == 0 ) if ( caching_required_encounters == 0 || hash in certificate_cache )
return; return;
if ( hash !in certificates_encountered ) if ( hash !in certificates_encountered )
certificates_encountered[hash] = 0; certificates_encountered[hash] = 1;
else
certificates_encountered[hash] += 1; certificates_encountered[hash] += 1;
if ( certificates_encountered[hash] < caching_required_encounters )
return;
} }

5
src/file_analysis/analyzer/x509/X509.cc
View file

@ -19,8 +19,6 @@
#include <openssl/opensslconf.h> #include <openssl/opensslconf.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <iostream>
using namespace file_analysis; using namespace file_analysis;
file_analysis::X509::X509(RecordVal* args, file_analysis::File* file) file_analysis::X509::X509(RecordVal* args, file_analysis::File* file)
@ -64,8 +62,7 @@ bool file_analysis::X509::EndOfFile()
val_list vl(2); val_list vl(2);
vl.push_back(GetFile()->GetVal()->Ref()); vl.push_back(GetFile()->GetVal()->Ref());
vl.push_back(new StringVal(cert_sha256)); vl.push_back(new StringVal(cert_sha256));
Val* v = cache_hit_callback->Call(&vl); IntrusivePtr<Val> v{AdoptRef{}, cache_hit_callback->Call(&vl)};
Unref(v);
return false; return false;
} }
} }

4
src/file_analysis/analyzer/x509/X509.h
View file

@ -117,13 +117,13 @@ public:
* Sets the table[string] that used as the certificate cache inside of Zeek. * Sets the table[string] that used as the certificate cache inside of Zeek.
*/ */
static void SetCertificateCache(IntrusivePtr<TableVal> cache) static void SetCertificateCache(IntrusivePtr<TableVal> cache)
{ certificate_cache = cache; } { certificate_cache = std::move(cache); }
/** /**
* Sets the callback when a certificate cache hit is encountered * Sets the callback when a certificate cache hit is encountered
*/ */
static void SetCertificateCacheHitCallback(IntrusivePtr<Func> func) static void SetCertificateCacheHitCallback(IntrusivePtr<Func> func)
{ cache_hit_callback = func; } { cache_hit_callback = std::move(func); }
protected: protected:
X509(RecordVal* args, File* file); X509(RecordVal* args, File* file);

4
src/file_analysis/analyzer/x509/functions.bif
View file

@ -902,7 +902,7 @@ function x509_set_certificate_cache%(tbl: string_any_table%) : bool
%{ %{
file_analysis::X509::SetCertificateCache({NewRef{}, tbl->AsTableVal()}); file_analysis::X509::SetCertificateCache({NewRef{}, tbl->AsTableVal()});
return val_mgr->GetBool(1); return val_mgr->GetTrue();
%} %}
## This function sets up the callback that is called when an entry is matched against the table set ## This function sets up the callback that is called when an entry is matched against the table set
@ -920,5 +920,5 @@ function x509_set_certificate_cache_hit_callback%(f: string_file_hook%) : bool
%{ %{
file_analysis::X509::SetCertificateCacheHitCallback({NewRef{}, f->AsFunc()}); file_analysis::X509::SetCertificateCacheHitCallback({NewRef{}, f->AsFunc()});
return val_mgr->GetBool(1); return val_mgr->GetTrue();
%} %}