Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 23:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Deprecate the internal int/uint types in favor of the cstdint types they were based on

Browse source
This commit is contained in:
Tim Wojtulewicz 2019-07-30 11:38:42 -07:00
parent 18e4976c6c
commit 54752ef9a1
218 changed files with 1331 additions and 1323 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/file_analysis/Analyzer.h
View file

@ -13,7 +13,7 @@ namespace file_analysis {
class File;
typedef uint32 ID;
typedef uint32_t ID;
/**
* Base class for analyzers that can be attached to file_analysis::File objects.
@ -47,7 +47,7 @@ public:
* @return true if the analyzer is still in a valid state to continue
* receiving data/events or false if it's essentially "done".
*/
virtual bool DeliverChunk(const u_char* data, uint64 len, uint64 offset)
virtual bool DeliverChunk(const u_char* data, uint64_t len, uint64_t offset)
{ return true; }
/**
@ -57,7 +57,7 @@ public:
* @return true if the analyzer is still in a valid state to continue
* receiving data/events or false if it's essentially "done".
*/
virtual bool DeliverStream(const u_char* data, uint64 len)
virtual bool DeliverStream(const u_char* data, uint64_t len)
{ return true; }
/**
@ -78,7 +78,7 @@ public:
* @return true if the analyzer is still in a valid state to continue
* receiving data/events or false if it's essentially "done".
*/
virtual bool Undelivered(uint64 offset, uint64 len)
virtual bool Undelivered(uint64_t offset, uint64_t len)
{ return true; }
/**

38
src/file_analysis/File.cc
View file

@ -162,10 +162,10 @@ void File::RaiseFileOverNewConnection(Connection* conn, bool is_orig)
}
}
uint64 File::LookupFieldDefaultCount(int idx) const
uint64_t File::LookupFieldDefaultCount(int idx) const
{
Val* v = val->LookupWithDefault(idx);
uint64 rval = v->AsCount();
uint64_t rval = v->AsCount();
Unref(v);
return rval;
}
@ -211,7 +211,7 @@ void File::SetTimeoutInterval(double interval)
val->Assign(timeout_interval_idx, new Val(interval, TYPE_INTERVAL));
}
bool File::SetExtractionLimit(RecordVal* args, uint64 bytes)
bool File::SetExtractionLimit(RecordVal* args, uint64_t bytes)
{
Analyzer* a = analyzers.Find(file_mgr->GetComponentTag("EXTRACT"), args);
@ -227,13 +227,13 @@ bool File::SetExtractionLimit(RecordVal* args, uint64 bytes)
return true;
}
void File::IncrementByteCount(uint64 size, int field_idx)
void File::IncrementByteCount(uint64_t size, int field_idx)
{
uint64 old = LookupFieldDefaultCount(field_idx);
uint64_t old = LookupFieldDefaultCount(field_idx);
val->Assign(field_idx, val_mgr->GetCount(old + size));
}
void File::SetTotalBytes(uint64 size)
void File::SetTotalBytes(uint64_t size)
{
DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Total bytes %" PRIu64, id.c_str(), size);
val->Assign(total_bytes_idx, val_mgr->GetCount(size));
@ -287,7 +287,7 @@ void File::DisableReassembly()
file_reassembler = 0;
}
void File::SetReassemblyBuffer(uint64 max)
void File::SetReassemblyBuffer(uint64_t max)
{
reassembly_max_buffer = max;
}
@ -332,7 +332,7 @@ void File::InferMetadata()
RuleMatcher::MIME_Matches matches;
const u_char* data = bof_buffer_val->AsString()->Bytes();
uint64 len = bof_buffer_val->AsString()->Len();
uint64_t len = bof_buffer_val->AsString()->Len();
len = min(len, LookupFieldDefaultCount(bof_buffer_size_idx));
file_mgr->DetectMIME(data, len, &matches);
@ -350,12 +350,12 @@ void File::InferMetadata()
return;
}
bool File::BufferBOF(const u_char* data, uint64 len)
bool File::BufferBOF(const u_char* data, uint64_t len)
{
if ( bof_buffer.full )
return false;
uint64 desired_size = LookupFieldDefaultCount(bof_buffer_size_idx);
uint64_t desired_size = LookupFieldDefaultCount(bof_buffer_size_idx);
bof_buffer.chunks.push_back(new BroString(data, len, 0));
bof_buffer.size += len;
@ -374,7 +374,7 @@ bool File::BufferBOF(const u_char* data, uint64 len)
return false;
}
void File::DeliverStream(const u_char* data, uint64 len)
void File::DeliverStream(const u_char* data, uint64_t len)
{
bool bof_was_full = bof_buffer.full;
// Buffer enough data for the BOF buffer
@ -407,7 +407,7 @@ void File::DeliverStream(const u_char* data, uint64 len)
// as it will get delivered on its own.
num_bof_chunks_behind -= 1;
uint64 bytes_delivered = 0;
uint64_t bytes_delivered = 0;
// Catch this analyzer up with the BOF buffer.
for ( int i = 0; i < num_bof_chunks_behind; ++i )
@ -444,7 +444,7 @@ void File::DeliverStream(const u_char* data, uint64 len)
IncrementByteCount(len, seen_bytes_idx);
}
void File::DeliverChunk(const u_char* data, uint64 len, uint64 offset)
void File::DeliverChunk(const u_char* data, uint64_t len, uint64_t offset)
{
// Potentially handle reassembly and deliver to the stream analyzers.
if ( file_reassembler )
@ -452,8 +452,8 @@ void File::DeliverChunk(const u_char* data, uint64 len, uint64 offset)
if ( reassembly_max_buffer > 0 &&
reassembly_max_buffer < file_reassembler->TotalSize() )
{
uint64 current_offset = stream_offset;
uint64 gap_bytes = file_reassembler->Flush();
uint64_t current_offset = stream_offset;
uint64_t gap_bytes = file_reassembler->Flush();
IncrementByteCount(gap_bytes, overflow_bytes_idx);
if ( FileEventAvailable(file_reassembly_overflow) )
@ -520,14 +520,14 @@ void File::DoneWithAnalyzer(Analyzer* analyzer)
done_analyzers.push_back(analyzer);
}
void File::DataIn(const u_char* data, uint64 len, uint64 offset)
void File::DataIn(const u_char* data, uint64_t len, uint64_t offset)
{
analyzers.DrainModifications();
DeliverChunk(data, len, offset);
analyzers.DrainModifications();
}
void File::DataIn(const u_char* data, uint64 len)
void File::DataIn(const u_char* data, uint64_t len)
{
analyzers.DrainModifications();
DeliverChunk(data, len, stream_offset);
@ -573,7 +573,7 @@ void File::EndOfFile()
analyzers.DrainModifications();
}
void File::Gap(uint64 offset, uint64 len)
void File::Gap(uint64_t offset, uint64_t len)
{
DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Gap of size %" PRIu64 " at offset %" PRIu64,
id.c_str(), len, offset);
@ -649,7 +649,7 @@ void File::FileEvent(EventHandlerPtr h, val_list vl)
}
}
bool File::PermitWeird(const char* name, uint64 threshold, uint64 rate,
bool File::PermitWeird(const char* name, uint64_t threshold, uint64_t rate,
double duration)
{
return ::PermitWeird(weird_state, name, threshold, rate, duration);

30
src/file_analysis/File.h
View file

@ -65,7 +65,7 @@ public:
* @param bytes new limit.
* @return false if no extraction analyzer is active, else true.
*/
bool SetExtractionLimit(RecordVal* args, uint64 bytes);
bool SetExtractionLimit(RecordVal* args, uint64_t bytes);
/**
* @return value of the "id" field from #val record.
@ -86,7 +86,7 @@ public:
* Set "total_bytes" field of #val record to \a size.
* @param size the new value of the "total_bytes" field.
*/
void SetTotalBytes(uint64 size);
void SetTotalBytes(uint64_t size);
/**
* @return true if file analysis is complete for the file, else false.
@ -131,14 +131,14 @@ public:
* @param len number of bytes in the data chunk.
* @param offset number of bytes from start of file at which chunk occurs.
*/
void DataIn(const u_char* data, uint64 len, uint64 offset);
void DataIn(const u_char* data, uint64_t len, uint64_t offset);
/**
* Pass in sequential data and deliver to attached analyzers.
* @param data pointer to start of a chunk of file data.
* @param len number of bytes in the data chunk.
*/
void DataIn(const u_char* data, uint64 len);
void DataIn(const u_char* data, uint64_t len);
/**
* Inform attached analyzers about end of file being seen.
@ -150,7 +150,7 @@ public:
* @param offset number of bytes in to file at which missing chunk starts.
* @param len length in bytes of the missing chunk of file data.
*/
void Gap(uint64 offset, uint64 len);
void Gap(uint64_t offset, uint64_t len);
/**
* @param h pointer to an event handler.
@ -203,7 +203,7 @@ public:
* Whether to permit a weird to carry on through the full reporter/weird
* framework.
*/
bool PermitWeird(const char* name, uint64 threshold, uint64 rate,
bool PermitWeird(const char* name, uint64_t threshold, uint64_t rate,
double duration);
protected:
@ -243,7 +243,7 @@ protected:
* @param size number of bytes by which to increment.
* @param field_idx the index of the field in \c fa_file to increment.
*/
void IncrementByteCount(uint64 size, int field_idx);
void IncrementByteCount(uint64_t size, int field_idx);
/**
* Wrapper to RecordVal::LookupWithDefault for the field in #val at index
@ -251,7 +251,7 @@ protected:
* @param idx the index of a field of type "count" in \c fa_file.
* @return the value of the field, which may be it &default.
*/
uint64 LookupFieldDefaultCount(int idx) const;
uint64_t LookupFieldDefaultCount(int idx) const;
/**
* Wrapper to RecordVal::LookupWithDefault for the field in #val at index
@ -267,7 +267,7 @@ protected:
* @param len number of bytes in the data chunk.
* @return true if buffering is still required, else false
*/
bool BufferBOF(const u_char* data, uint64 len);
bool BufferBOF(const u_char* data, uint64_t len);
/**
* Does metadata inference (e.g. mime type detection via file
@ -291,17 +291,17 @@ protected:
/**
* Set a maximum allowed bytes of memory for file reassembly for this file.
*/
void SetReassemblyBuffer(uint64 max);
void SetReassemblyBuffer(uint64_t max);
/**
* Perform stream-wise delivery for analyzers that need it.
*/
void DeliverStream(const u_char* data, uint64 len);
void DeliverStream(const u_char* data, uint64_t len);
/**
* Perform chunk-wise delivery for analyzers that need it.
*/
void DeliverChunk(const u_char* data, uint64 len, uint64 offset);
void DeliverChunk(const u_char* data, uint64_t len, uint64_t offset);
/**
* Lookup a record field index/offset by name.
@ -320,8 +320,8 @@ protected:
string id; /**< A pretty hash that likely identifies file */
RecordVal* val; /**< \c fa_file from script layer. */
FileReassembler* file_reassembler; /**< A reassembler for the file if it's needed. */
uint64 stream_offset; /**< The offset of the file which has been forwarded. */
uint64 reassembly_max_buffer; /**< Maximum allowed buffer for reassembly. */
uint64_t stream_offset; /**< The offset of the file which has been forwarded. */
uint64_t reassembly_max_buffer; /**< Maximum allowed buffer for reassembly. */
bool did_metadata_inference; /**< Whether the metadata inference has already been attempted. */
bool reassembly_enabled; /**< Whether file stream reassembly is needed. */
bool postpone_timeout; /**< Whether postponing timeout is requested. */
@ -335,7 +335,7 @@ protected:
{ for ( size_t i = 0; i < chunks.size(); ++i ) delete chunks[i]; }
bool full;
uint64 size;
uint64_t size;
BroString::CVec chunks;
} bof_buffer; /**< Beginning of file buffer. */

20
src/file_analysis/FileReassembler.cc
View file

@ -7,7 +7,7 @@ namespace file_analysis {
class File;
FileReassembler::FileReassembler(File *f, uint64 starting_offset)
FileReassembler::FileReassembler(File *f, uint64_t starting_offset)
: Reassembler(starting_offset, REASSEM_FILE), the_file(f), flushing(false)
{
}
@ -21,7 +21,7 @@ FileReassembler::~FileReassembler()
{
}
uint64 FileReassembler::Flush()
uint64_t FileReassembler::Flush()
{
if ( flushing )
return 0;
@ -30,7 +30,7 @@ uint64 FileReassembler::Flush()
{
// This is expected to call back into FileReassembler::Undelivered().
flushing = true;
uint64 rval = TrimToSeq(last_block->upper);
uint64_t rval = TrimToSeq(last_block->upper);
flushing = false;
return rval;
}
@ -38,13 +38,13 @@ uint64 FileReassembler::Flush()
return 0;
}
uint64 FileReassembler::FlushTo(uint64 sequence)
uint64_t FileReassembler::FlushTo(uint64_t sequence)
{
if ( flushing )
return 0;
flushing = true;
uint64 rval = TrimToSeq(sequence);
uint64_t rval = TrimToSeq(sequence);
flushing = false;
last_reassem_seq = sequence;
return rval;
@ -61,7 +61,7 @@ void FileReassembler::BlockInserted(DataBlock* start_block)
{
if ( b->seq == last_reassem_seq )
{ // New stuff.
uint64 len = b->Size();
uint64_t len = b->Size();
last_reassem_seq += len;
the_file->DeliverStream(b->block, len);
}
@ -71,7 +71,7 @@ void FileReassembler::BlockInserted(DataBlock* start_block)
TrimToSeq(last_reassem_seq);
}
void FileReassembler::Undelivered(uint64 up_to_seq)
void FileReassembler::Undelivered(uint64_t up_to_seq)
{
// If we have blocks that begin below up_to_seq, deliver them.
DataBlock* b = blocks;
@ -89,8 +89,8 @@ void FileReassembler::Undelivered(uint64 up_to_seq)
// Block is beyond what we need to process at this point.
break;
uint64 gap_at_seq = last_reassem_seq;
uint64 gap_len = b->seq - last_reassem_seq;
uint64_t gap_at_seq = last_reassem_seq;
uint64_t gap_len = b->seq - last_reassem_seq;
the_file->Gap(gap_at_seq, gap_len);
last_reassem_seq += gap_len;
BlockInserted(b);
@ -106,7 +106,7 @@ void FileReassembler::Undelivered(uint64 up_to_seq)
}
}
void FileReassembler::Overlap(const u_char* b1, const u_char* b2, uint64 n)
void FileReassembler::Overlap(const u_char* b1, const u_char* b2, uint64_t n)
{
// Not doing anything here yet.
}

10
src/file_analysis/FileReassembler.h
View file

@ -14,7 +14,7 @@ class File;
class FileReassembler : public Reassembler {
public:
FileReassembler(File* f, uint64 starting_offset);
FileReassembler(File* f, uint64_t starting_offset);
~FileReassembler() override;
void Done();
@ -29,7 +29,7 @@ public:
* appropriate.
* @return the number of new bytes now detected as gaps in the file.
*/
uint64 Flush();
uint64_t Flush();
/**
* Discards all contents of the reassembly buffer up to a given sequence
@ -38,7 +38,7 @@ public:
* @param sequence the sequence number to flush until.
* @return the number of new bytes now detected as gaps in the file.
*/
uint64 FlushTo(uint64 sequence);
uint64_t FlushTo(uint64_t sequence);
/**
* @return whether the reassembler is currently is the process of flushing
@ -50,9 +50,9 @@ public:
protected:
FileReassembler();
void Undelivered(uint64 up_to_seq) override;
void Undelivered(uint64_t up_to_seq) override;
void BlockInserted(DataBlock* b) override;
void Overlap(const u_char* b1, const u_char* b2, uint64 n) override;
void Overlap(const u_char* b1, const u_char* b2, uint64_t n) override;
File* the_file;
bool flushing;

20
src/file_analysis/Manager.cc
View file

@ -91,7 +91,7 @@ string Manager::HashHandle(const string& handle) const
if ( salt.empty() )
salt = BifConst::Files::salt->CheckString();
uint64 hash[2];
uint64_t hash[2];
string msg(handle + salt);
internal_md5(reinterpret_cast<const u_char*>(msg.data()), msg.size(),
@ -118,7 +118,7 @@ void Manager::SetHandle(const string& handle)
current_file_id = HashHandle(handle);
}
string Manager::DataIn(const u_char* data, uint64 len, uint64 offset,
string Manager::DataIn(const u_char* data, uint64_t len, uint64_t offset,
analyzer::Tag tag, Connection* conn, bool is_orig,
const string& precomputed_id, const string& mime_type)
{
@ -148,7 +148,7 @@ string Manager::DataIn(const u_char* data, uint64 len, uint64 offset,
return id;
}
string Manager::DataIn(const u_char* data, uint64 len, analyzer::Tag tag,
string Manager::DataIn(const u_char* data, uint64_t len, analyzer::Tag tag,
Connection* conn, bool is_orig, const string& precomputed_id,
const string& mime_type)
{
@ -174,7 +174,7 @@ string Manager::DataIn(const u_char* data, uint64 len, analyzer::Tag tag,
return id;
}
void Manager::DataIn(const u_char* data, uint64 len, const string& file_id,
void Manager::DataIn(const u_char* data, uint64_t len, const string& file_id,
const string& source)
{
File* file = GetFile(file_id, 0, analyzer::Tag::Error, false, false,
@ -206,7 +206,7 @@ void Manager::EndOfFile(const string& file_id)
RemoveFile(file_id);
}
string Manager::Gap(uint64 offset, uint64 len, analyzer::Tag tag,
string Manager::Gap(uint64_t offset, uint64_t len, analyzer::Tag tag,
Connection* conn, bool is_orig, const string& precomputed_id)
{
string id = precomputed_id.empty() ? GetFileID(tag, conn, is_orig) : precomputed_id;
@ -219,7 +219,7 @@ string Manager::Gap(uint64 offset, uint64 len, analyzer::Tag tag,
return id;
}
string Manager::SetSize(uint64 size, analyzer::Tag tag, Connection* conn,
string Manager::SetSize(uint64_t size, analyzer::Tag tag, Connection* conn,
bool is_orig, const string& precomputed_id)
{
string id = precomputed_id.empty() ? GetFileID(tag, conn, is_orig) : precomputed_id;
@ -275,7 +275,7 @@ bool Manager::DisableReassembly(const string& file_id)
return true;
}
bool Manager::SetReassemblyBuffer(const string& file_id, uint64 max)
bool Manager::SetReassemblyBuffer(const string& file_id, uint64_t max)
{
File* file = LookupFile(file_id);
@ -287,7 +287,7 @@ bool Manager::SetReassemblyBuffer(const string& file_id, uint64 max)
}
bool Manager::SetExtractionLimit(const string& file_id, RecordVal* args,
uint64 n) const
uint64_t n) const
{
File* file = LookupFile(file_id);
@ -502,7 +502,7 @@ Analyzer* Manager::InstantiateAnalyzer(Tag tag, RecordVal* args, File* f) const
return a;
}
RuleMatcher::MIME_Matches* Manager::DetectMIME(const u_char* data, uint64 len,
RuleMatcher::MIME_Matches* Manager::DetectMIME(const u_char* data, uint64_t len,
RuleMatcher::MIME_Matches* rval) const
{
if ( ! magic_state )
@ -513,7 +513,7 @@ RuleMatcher::MIME_Matches* Manager::DetectMIME(const u_char* data, uint64 len,
return rval;
}
string Manager::DetectMIME(const u_char* data, uint64 len) const
string Manager::DetectMIME(const u_char* data, uint64_t len) const
{
RuleMatcher::MIME_Matches matches;
DetectMIME(data, len, &matches);

24
src/file_analysis/Manager.h
View file

@ -105,7 +105,7 @@ public:
* the \c get_file_handle script-layer event). An empty string
* indicates the associate file is not going to be analyzed further.
*/
std::string DataIn(const u_char* data, uint64 len, uint64 offset,
std::string DataIn(const u_char* data, uint64_t len, uint64_t offset,
analyzer::Tag tag, Connection* conn, bool is_orig,
const std::string& precomputed_file_id = "",
const std::string& mime_type = "");
@ -132,7 +132,7 @@ public:
* the \c get_file_handle script-layer event). An empty string
* indicates the associated file is not going to be analyzed further.
*/
std::string DataIn(const u_char* data, uint64 len, analyzer::Tag tag,
std::string DataIn(const u_char* data, uint64_t len, analyzer::Tag tag,
Connection* conn, bool is_orig,
const std::string& precomputed_file_id = "",
const std::string& mime_type = "");
@ -146,7 +146,7 @@ public:
* in human-readable form where the file input is coming from (e.g.
* a local file path).
*/
void DataIn(const u_char* data, uint64 len, const string& file_id,
void DataIn(const u_char* data, uint64_t len, const string& file_id,
const string& source);
/**
@ -187,7 +187,7 @@ public:
* the \c get_file_handle script-layer event). An empty string
* indicates the associate file is not going to be analyzed further.
*/
std::string Gap(uint64 offset, uint64 len, analyzer::Tag tag,
std::string Gap(uint64_t offset, uint64_t len, analyzer::Tag tag,
Connection* conn, bool is_orig,
const std::string& precomputed_file_id = "");
@ -206,7 +206,7 @@ public:
* the \c get_file_handle script-layer event). An empty string
* indicates the associate file is not going to be analyzed further.
*/
std::string SetSize(uint64 size, analyzer::Tag tag, Connection* conn,
std::string SetSize(uint64_t size, analyzer::Tag tag, Connection* conn,
bool is_orig, const std::string& precomputed_file_id = "");
/**
@ -240,7 +240,7 @@ public:
/**
* Set the reassembly for a file in bytes.
*/
bool SetReassemblyBuffer(const string& file_id, uint64 max);
bool SetReassemblyBuffer(const string& file_id, uint64_t max);
/**
* Sets a limit on the maximum size allowed for extracting the file
@ -253,7 +253,7 @@ public:
* else true.
*/
bool SetExtractionLimit(const string& file_id, RecordVal* args,
uint64 n) const;
uint64_t n) const;
/**
* Try to retrieve a file that's being analyzed, using its identifier/hash.
@ -312,7 +312,7 @@ public:
* @return Set of all matching file magic signatures, which may be
* an object allocated by the method if \a rval is a null pointer.
*/
RuleMatcher::MIME_Matches* DetectMIME(const u_char* data, uint64 len,
RuleMatcher::MIME_Matches* DetectMIME(const u_char* data, uint64_t len,
RuleMatcher::MIME_Matches* rval) const;
/**
@ -322,15 +322,15 @@ public:
* @returns The MIME type string of the strongest file magic signature
* match, or an empty string if nothing matched.
*/
std::string DetectMIME(const u_char* data, uint64 len) const;
std::string DetectMIME(const u_char* data, uint64_t len) const;
uint64 CurrentFiles()
uint64_t CurrentFiles()
{ return id_map.Length(); }
uint64 MaxFiles()
uint64_t MaxFiles()
{ return id_map.MaxLength(); }
uint64 CumulativeFiles()
uint64_t CumulativeFiles()
{ return id_map.NumCumulativeInserts(); }
protected:

4
src/file_analysis/analyzer/data_event/DataEvent.cc
View file

@ -37,7 +37,7 @@ file_analysis::Analyzer* DataEvent::Instantiate(RecordVal* args, File* file)
return new DataEvent(args, file, chunk, stream);
}
bool DataEvent::DeliverChunk(const u_char* data, uint64 len, uint64 offset)
bool DataEvent::DeliverChunk(const u_char* data, uint64_t len, uint64_t offset)
{
if ( ! chunk_event ) return true;
@ -50,7 +50,7 @@ bool DataEvent::DeliverChunk(const u_char* data, uint64 len, uint64 offset)
return true;
}
bool DataEvent::DeliverStream(const u_char* data, uint64 len)
bool DataEvent::DeliverStream(const u_char* data, uint64_t len)
{
if ( ! stream_event ) return true;

4
src/file_analysis/analyzer/data_event/DataEvent.h
View file

@ -25,7 +25,7 @@ public:
* @param offset number of bytes from start of file at which chunk occurs.
* @return always true
*/
bool DeliverChunk(const u_char* data, uint64 len, uint64 offset) override;
bool DeliverChunk(const u_char* data, uint64_t len, uint64_t offset) override;
/**
* Generates the event, if any, specified by the "stream_event" field of
@ -34,7 +34,7 @@ public:
* @param len number of bytes in the data chunk.
* @return always true
*/
bool DeliverStream(const u_char* data, uint64 len) override;
bool DeliverStream(const u_char* data, uint64_t len) override;
/**
* Create a new instance of a DataEvent analyzer.

4
src/file_analysis/analyzer/entropy/Entropy.cc
View file

@ -27,7 +27,7 @@ file_analysis::Analyzer* Entropy::Instantiate(RecordVal* args, File* file)
return new Entropy(args, file);
}
bool Entropy::DeliverStream(const u_char* data, uint64 len)
bool Entropy::DeliverStream(const u_char* data, uint64_t len)
{
if ( ! fed )
fed = len > 0;
@ -42,7 +42,7 @@ bool Entropy::EndOfFile()
return false;
}
bool Entropy::Undelivered(uint64 offset, uint64 len)
bool Entropy::Undelivered(uint64_t offset, uint64_t len)
{
return false;
}

4
src/file_analysis/analyzer/entropy/Entropy.h
View file

@ -40,7 +40,7 @@ public:
* @param len number of bytes in the data chunk.
* @return false if the digest is in an invalid state, else true.
*/
bool DeliverStream(const u_char* data, uint64 len) override;
bool DeliverStream(const u_char* data, uint64_t len) override;
/**
* Finalizes the hash and raises a "file_entropy_test" event.
@ -55,7 +55,7 @@ public:
* @param len number of missing bytes.
* @return always false so analyzer will detach from file.
*/
bool Undelivered(uint64 offset, uint64 len) override;
bool Undelivered(uint64_t offset, uint64_t len) override;
protected:

10
src/file_analysis/analyzer/extract/Extract.cc
View file

@ -11,7 +11,7 @@
using namespace file_analysis;
Extract::Extract(RecordVal* args, File* file, const string& arg_filename,
uint64 arg_limit)
uint64_t arg_limit)
: file_analysis::Analyzer(file_mgr->GetComponentTag("EXTRACT"), args, file),
filename(arg_filename), limit(arg_limit), depth(0)
{
@ -54,7 +54,7 @@ file_analysis::Analyzer* Extract::Instantiate(RecordVal* args, File* file)
limit->AsCount());
}
static bool check_limit_exceeded(uint64 lim, uint64 depth, uint64 len, uint64* n)
static bool check_limit_exceeded(uint64_t lim, uint64_t depth, uint64_t len, uint64_t* n)
{
if ( lim == 0 )
{
@ -80,12 +80,12 @@ static bool check_limit_exceeded(uint64 lim, uint64 depth, uint64 len, uint64* n
return false;
}
bool Extract::DeliverStream(const u_char* data, uint64 len)
bool Extract::DeliverStream(const u_char* data, uint64_t len)
{
if ( ! fd )
return false;
uint64 towrite = 0;
uint64_t towrite = 0;
bool limit_exceeded = check_limit_exceeded(limit, depth, len, &towrite);
if ( limit_exceeded && file_extraction_limit )
@ -111,7 +111,7 @@ bool Extract::DeliverStream(const u_char* data, uint64 len)
return ( ! limit_exceeded );
}
bool Extract::Undelivered(uint64 offset, uint64 len)
bool Extract::Undelivered(uint64_t offset, uint64_t len)
{
if ( depth == offset )
{

12
src/file_analysis/analyzer/extract/Extract.h
View file

@ -31,7 +31,7 @@ public:
* @return false if there was no extraction file open and the data couldn't
* be written, else true.
*/
bool DeliverStream(const u_char* data, uint64 len) override;
bool DeliverStream(const u_char* data, uint64_t len) override;
/**
* Report undelivered bytes.
@ -39,7 +39,7 @@ public:
* @param len number of bytes undelivered.
* @return true
*/
bool Undelivered(uint64 offset, uint64 len) override;
bool Undelivered(uint64_t offset, uint64_t len) override;
/**
* Create a new instance of an Extract analyzer.
@ -55,7 +55,7 @@ public:
* "no limit".
* @param bytes number of bytes allowed to be extracted
*/
void SetLimit(uint64 bytes) { limit = bytes; }
void SetLimit(uint64_t bytes) { limit = bytes; }
protected:
@ -68,13 +68,13 @@ protected:
* @param arg_limit the maximum allowed file size.
*/
Extract(RecordVal* args, File* file, const string& arg_filename,
uint64 arg_limit);
uint64_t arg_limit);
private:
string filename;
int fd;
uint64 limit;
uint64 depth;
uint64_t limit;
uint64_t depth;
};
} // namespace file_analysis

4
src/file_analysis/analyzer/hash/Hash.cc
View file

@ -20,7 +20,7 @@ Hash::~Hash()
Unref(hash);
}
bool Hash::DeliverStream(const u_char* data, uint64 len)
bool Hash::DeliverStream(const u_char* data, uint64_t len)
{
if ( ! hash->IsValid() )
return false;
@ -38,7 +38,7 @@ bool Hash::EndOfFile()
return false;
}
bool Hash::Undelivered(uint64 offset, uint64 len)
bool Hash::Undelivered(uint64_t offset, uint64_t len)
{
return false;
}

4
src/file_analysis/analyzer/hash/Hash.h
View file

@ -31,7 +31,7 @@ public:
* @param len number of bytes in the data chunk.
* @return false if the digest is in an invalid state, else true.
*/
bool DeliverStream(const u_char* data, uint64 len) override;
bool DeliverStream(const u_char* data, uint64_t len) override;
/**
* Finalizes the hash and raises a "file_hash" event.
@ -46,7 +46,7 @@ public:
* @param len number of missing bytes.
* @return always false so analyzer will detach from file.
*/
bool Undelivered(uint64 offset, uint64 len) override;
bool Undelivered(uint64_t offset, uint64_t len) override;
protected:

2
src/file_analysis/analyzer/pe/PE.cc
View file

@ -17,7 +17,7 @@ PE::~PE()
delete conn;
}
bool PE::DeliverStream(const u_char* data, uint64 len)
bool PE::DeliverStream(const u_char* data, uint64_t len)
{
if ( conn->is_done() )
return false;

2
src/file_analysis/analyzer/pe/PE.h
View file

@ -19,7 +19,7 @@ public:
static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file)
{ return new PE(args, file); }
virtual bool DeliverStream(const u_char* data, uint64 len);
virtual bool DeliverStream(const u_char* data, uint64_t len);
virtual bool EndOfFile();

2
src/file_analysis/analyzer/unified2/Unified2.cc
View file

@ -21,7 +21,7 @@ file_analysis::Analyzer* Unified2::Instantiate(RecordVal* args, File* file)
return new Unified2(args, file);
}
bool Unified2::DeliverStream(const u_char* data, uint64 len)
bool Unified2::DeliverStream(const u_char* data, uint64_t len)
{
try
{

2
src/file_analysis/analyzer/unified2/Unified2.h
View file

@ -19,7 +19,7 @@ class Unified2 : public file_analysis::Analyzer {
public:
~Unified2() override;
bool DeliverStream(const u_char* data, uint64 len) override;
bool DeliverStream(const u_char* data, uint64_t len) override;
static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file);

12
src/file_analysis/analyzer/x509/OCSP.cc
View file

@ -135,13 +135,13 @@ file_analysis::OCSP::OCSP(RecordVal* args, file_analysis::File* file, bool arg_r
{
}
bool file_analysis::OCSP::DeliverStream(const u_char* data, uint64 len)
bool file_analysis::OCSP::DeliverStream(const u_char* data, uint64_t len)
{
ocsp_data.append(reinterpret_cast<const char*>(data), len);
return true;
}
bool file_analysis::OCSP::Undelivered(uint64 offset, uint64 len)
bool file_analysis::OCSP::Undelivered(uint64_t offset, uint64_t len)
{
return false;
}
@ -365,7 +365,7 @@ static Val* parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
return val_mgr->GetCount(asn1_int);
}
static uint64 parse_request_version(OCSP_REQUEST* req)
static uint64_t parse_request_version(OCSP_REQUEST* req)
{
int der_req_len = 0;
unsigned char* der_req_dat = nullptr;
@ -414,11 +414,11 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req)
char buf[OCSP_STRING_BUF_SIZE]; // we need a buffer for some of the openssl functions
memset(buf, 0, sizeof(buf));
uint64 version = 0;
uint64_t version = 0;
#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
if ( req->tbsRequest->version )
version = (uint64)ASN1_INTEGER_get(req->tbsRequest->version);
version = (uint64_t)ASN1_INTEGER_get(req->tbsRequest->version);
#else
version = parse_request_version(req);
// TODO: try to parse out general name ?
@ -507,7 +507,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
vl.push_back(status_val);
#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
vl.push_back(val_mgr->GetCount((uint64)ASN1_INTEGER_get(resp_data->version)));
vl.push_back(val_mgr->GetCount((uint64_t)ASN1_INTEGER_get(resp_data->version)));
#else
vl.push_back(parse_basic_resp_data_version(basic_resp));
#endif

4
src/file_analysis/analyzer/x509/OCSP.h
View file

@ -15,8 +15,8 @@ namespace file_analysis {
class OCSP : public file_analysis::X509Common {
public:
bool DeliverStream(const u_char* data, uint64 len) override;
bool Undelivered(uint64 offset, uint64 len) override;
bool DeliverStream(const u_char* data, uint64_t len) override;
bool Undelivered(uint64_t offset, uint64_t len) override;
bool EndOfFile() override;
static file_analysis::Analyzer* InstantiateRequest(RecordVal* args, File* file);

8
src/file_analysis/analyzer/x509/X509.cc
View file

@ -26,14 +26,14 @@ file_analysis::X509::X509(RecordVal* args, file_analysis::File* file)
cert_data.clear();
}
bool file_analysis::X509::DeliverStream(const u_char* data, uint64 len)
bool file_analysis::X509::DeliverStream(const u_char* data, uint64_t len)
{
// just add it to the data we have so far, since we cannot do anything else anyways...
cert_data.append(reinterpret_cast<const char*>(data), len);
return true;
}
bool file_analysis::X509::Undelivered(uint64 offset, uint64 len)
bool file_analysis::X509::Undelivered(uint64_t offset, uint64_t len)
{
return false;
}
@ -96,7 +96,7 @@ RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val, File* f)
RecordVal* pX509Cert = new RecordVal(BifType::Record::X509::Certificate);
BIO *bio = BIO_new(BIO_s_mem());
pX509Cert->Assign(0, val_mgr->GetCount((uint64) X509_get_version(ssl_cert) + 1));
pX509Cert->Assign(0, val_mgr->GetCount((uint64_t) X509_get_version(ssl_cert) + 1));
i2a_ASN1_INTEGER(bio, X509_get_serialNumber(ssl_cert));
int len = BIO_read(bio, buf, sizeof(buf));
pX509Cert->Assign(1, new StringVal(len, buf));
@ -330,7 +330,7 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
if ( ips == 0 )
ips = new VectorVal(internal_type("addr_vec")->AsVectorType());
uint32* addr = (uint32*) gen->d.ip->data;
uint32_t* addr = (uint32_t*) gen->d.ip->data;
if( gen->d.ip->length == 4 )
ips->Assign(ips->Size(), new AddrVal(*addr));

4
src/file_analysis/analyzer/x509/X509.h
View file

@ -68,8 +68,8 @@ class X509Val;
class X509 : public file_analysis::X509Common {
public:
bool DeliverStream(const u_char* data, uint64 len) override;
bool Undelivered(uint64 offset, uint64 len) override;
bool DeliverStream(const u_char* data, uint64_t len) override;
bool Undelivered(uint64_t offset, uint64_t len) override;
bool EndOfFile() override;
/**

6
src/file_analysis/analyzer/x509/functions.bif
View file

@ -41,7 +41,7 @@ X509_STORE* x509_get_root_store(TableVal* root_certs)
Val* key = idxs->Index(i);
StringVal *sv = root_certs->Lookup(key)->AsStringVal();
assert(sv);
const uint8* data = sv->Bytes();
const uint8_t* data = sv->Bytes();
X509* x = d2i_X509(NULL, &data, sv->Len());
if ( ! x )
{
@ -710,7 +710,7 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
}
unsigned char *cert_out = nullptr;
uint32 cert_length;
uint32_t cert_length;
if ( precert )
{
#if ( OPENSSL_VERSION_NUMBER < 0x10002000L ) || defined(LIBRESSL_VERSION_NUMBER)
@ -724,7 +724,7 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
else
cert_length = i2d_X509(x, &cert_out);
assert( cert_out );
uint32 cert_length_network = htonl(cert_length);
uint32_t cert_length_network = htonl(cert_length);
assert( sizeof(cert_length_network) == 4);
data.append(reinterpret_cast<const char*>(&cert_length_network)+1, 3); // 3 bytes certificate length