diff --git a/NEWS b/NEWS index bda8f5718e..bb8e6e3ebf 100644 --- a/NEWS +++ b/NEWS @@ -218,6 +218,10 @@ Deprecated Functionality - ``VectorVal::Lookup()`` is deprecated, use ``VectorVal::At()``. +- The file analysis/analyzer API has deprecated methods taking raw + ``RecordVal*`` for analyzer arguments and replaced those with methods + taking ``IntrusivePtr``. + Zeek 3.1.0 ========== diff --git a/src/file_analysis/Analyzer.cc b/src/file_analysis/Analyzer.cc index 6ede6a969b..27066ba826 100644 --- a/src/file_analysis/Analyzer.cc +++ b/src/file_analysis/Analyzer.cc @@ -18,12 +18,28 @@ void file_analysis::Analyzer::SetAnalyzerTag(const file_analysis::Tag& arg_tag) tag = arg_tag; } -file_analysis::Analyzer::Analyzer(file_analysis::Tag arg_tag, RecordVal* arg_args, File* arg_file) +file_analysis::Analyzer::Analyzer(file_analysis::Tag arg_tag, + IntrusivePtr arg_args, + File* arg_file) : tag(arg_tag), - args({NewRef{}, arg_args}), + args(std::move(arg_args)), file(arg_file), got_stream_delivery(false), skip(false) { id = ++id_counter; } + +file_analysis::Analyzer::Analyzer(IntrusivePtr arg_args, File* arg_file) + : Analyzer({}, std::move(arg_args), arg_file) + {} + +file_analysis::Analyzer::Analyzer(file_analysis::Tag arg_tag, + RecordVal* arg_args, + File* arg_file) + : Analyzer(arg_tag, {NewRef{}, arg_args}, arg_file) + {} + +file_analysis::Analyzer::Analyzer(RecordVal* arg_args, File* arg_file) + : Analyzer({}, {NewRef{}, arg_args}, arg_file) + {} diff --git a/src/file_analysis/Analyzer.h b/src/file_analysis/Analyzer.h index 2426a7f7a1..fe0b2bf521 100644 --- a/src/file_analysis/Analyzer.h +++ b/src/file_analysis/Analyzer.h @@ -151,6 +151,10 @@ protected: * tunable options, if any, related to a particular analyzer type. * @param arg_file the file to which the the analyzer is being attached. */ + Analyzer(file_analysis::Tag arg_tag, IntrusivePtr arg_args, + File* arg_file); + + [[deprecated("Remove in v4.1.. Construct using IntrusivePtr instead.")]] Analyzer(file_analysis::Tag arg_tag, RecordVal* arg_args, File* arg_file); /** @@ -162,10 +166,10 @@ protected: * tunable options, if any, related to a particular analyzer type. * @param arg_file the file to which the the analyzer is being attached. */ - Analyzer(RecordVal* arg_args, File* arg_file) - : Analyzer({}, arg_args, arg_file) - { - } + Analyzer(IntrusivePtr arg_args, File* arg_file); + + [[deprecated("Remove in v4.1.. Construct using IntrusivePtr instead.")]] + Analyzer(RecordVal* arg_args, File* arg_file); private: diff --git a/src/file_analysis/AnalyzerSet.cc b/src/file_analysis/AnalyzerSet.cc index d196a2515e..a5abef9437 100644 --- a/src/file_analysis/AnalyzerSet.cc +++ b/src/file_analysis/AnalyzerSet.cc @@ -177,7 +177,7 @@ HashKey* AnalyzerSet::GetKey(const file_analysis::Tag& t, RecordVal* args) const file_analysis::Analyzer* AnalyzerSet::InstantiateAnalyzer(const Tag& tag, RecordVal* args) const { - file_analysis::Analyzer* a = file_mgr->InstantiateAnalyzer(tag, args, file); + auto a = file_mgr->InstantiateAnalyzer(tag, {NewRef{}, args}, file); if ( ! a ) { diff --git a/src/file_analysis/Component.cc b/src/file_analysis/Component.cc index 3ed707313e..b2a55ce53d 100644 --- a/src/file_analysis/Component.cc +++ b/src/file_analysis/Component.cc @@ -13,6 +13,15 @@ Component::Component(const std::string& name, factory_callback arg_factory, Tag: plugin::TaggedComponent(subtype) { factory = arg_factory; + factory_func = nullptr; + } + +Component::Component(const std::string& name, factory_function arg_factory, Tag::subtype_t subtype) + : plugin::Component(plugin::component::FILE_ANALYZER, name), + plugin::TaggedComponent(subtype) + { + factory = nullptr; + factory_func = arg_factory; } void Component::Initialize() diff --git a/src/file_analysis/Component.h b/src/file_analysis/Component.h index e63a4db248..1bf5efe7ff 100644 --- a/src/file_analysis/Component.h +++ b/src/file_analysis/Component.h @@ -14,6 +14,7 @@ namespace file_analysis { class File; class Analyzer; +class Manager; /** * Component description for plugins providing file analyzers. @@ -25,6 +26,7 @@ class Component : public plugin::Component, public plugin::TaggedComponent { public: typedef Analyzer* (*factory_callback)(RecordVal* args, File* file); + using factory_function = Analyzer* (*)(IntrusivePtr args, File* file); /** * Constructor. @@ -45,6 +47,9 @@ public: * analyzer instances can accordingly access it via analyzer::Tag(). * If not used, leave at zero. */ + Component(const std::string& name, factory_function factory, Tag::subtype_t subtype = 0); + + [[deprecated("Remove in v4.1. Use factory_function w/ IntrusivePtr args")]] Component(const std::string& name, factory_callback factory, Tag::subtype_t subtype = 0); /** @@ -62,6 +67,10 @@ public: /** * Returns the analyzer's factory function. */ + factory_function FactoryFunction() const + { return factory_func; } + + [[deprecated("Remove in v4.1. Use FactoryFunction().")]] factory_callback Factory() const { return factory; } protected: @@ -71,7 +80,10 @@ protected: void DoDescribe(ODesc* d) const override; private: - factory_callback factory; // The analyzer's factory callback. + friend class file_analysis::Manager; + + factory_callback factory; // The analyzer's factory callback (deprecated). + factory_function factory_func; // The analyzer's factory callback. }; } diff --git a/src/file_analysis/Manager.cc b/src/file_analysis/Manager.cc index 3c09498a4b..b8c643809e 100644 --- a/src/file_analysis/Manager.cc +++ b/src/file_analysis/Manager.cc @@ -443,6 +443,11 @@ bool Manager::IsDisabled(const analyzer::Tag& tag) } Analyzer* Manager::InstantiateAnalyzer(const Tag& tag, RecordVal* args, File* f) const + { return InstantiateAnalyzer(tag, {NewRef{}, args}, f); } + +Analyzer* Manager::InstantiateAnalyzer(const Tag& tag, + IntrusivePtr args, + File* f) const { Component* c = Lookup(tag); @@ -454,18 +459,22 @@ Analyzer* Manager::InstantiateAnalyzer(const Tag& tag, RecordVal* args, File* f) return nullptr; } - if ( ! c->Factory() ) + DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Instantiate analyzer %s", + f->id.c_str(), GetComponentName(tag).c_str()); + + Analyzer* a; + + if ( c->factory_func ) + a = c->factory_func(std::move(args), f); + else if ( c->factory ) + a = c->factory(args.get(), f); + else { reporter->InternalWarning("file analyzer %s cannot be instantiated " - "dynamically", c->CanonicalName().c_str()); + "dynamically", c->CanonicalName().c_str()); return nullptr; } - DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Instantiate analyzer %s", - f->id.c_str(), GetComponentName(tag).c_str()); - - Analyzer* a = c->Factory()(args, f); - if ( ! a ) reporter->InternalError("file analyzer instantiation failed"); diff --git a/src/file_analysis/Manager.h b/src/file_analysis/Manager.h index 8d619d04bd..5086ab6e39 100644 --- a/src/file_analysis/Manager.h +++ b/src/file_analysis/Manager.h @@ -300,6 +300,10 @@ public: * @param f The file analzer is to be associated with. * @return The new analyzer instance or null if tag is invalid. */ + Analyzer* InstantiateAnalyzer(const Tag& tag, IntrusivePtr args, + File* f) const; + + [[deprecated("Remove in v4.1. Pass in IntrusivePtr args instead.")]] Analyzer* InstantiateAnalyzer(const Tag& tag, RecordVal* args, File* f) const; /** diff --git a/src/file_analysis/analyzer/data_event/DataEvent.cc b/src/file_analysis/analyzer/data_event/DataEvent.cc index 619605b34a..04175723af 100644 --- a/src/file_analysis/analyzer/data_event/DataEvent.cc +++ b/src/file_analysis/analyzer/data_event/DataEvent.cc @@ -11,15 +11,16 @@ using namespace file_analysis; -DataEvent::DataEvent(RecordVal* args, File* file, +DataEvent::DataEvent(IntrusivePtr args, File* file, EventHandlerPtr ce, EventHandlerPtr se) : file_analysis::Analyzer(file_mgr->GetComponentTag("DATA_EVENT"), - args, file), + std::move(args), file), chunk_event(ce), stream_event(se) { } -file_analysis::Analyzer* DataEvent::Instantiate(RecordVal* args, File* file) +file_analysis::Analyzer* DataEvent::Instantiate(IntrusivePtr args, + File* file) { const auto& chunk_val = args->GetField("chunk_event"); const auto& stream_val = args->GetField("stream_event"); @@ -35,7 +36,7 @@ file_analysis::Analyzer* DataEvent::Instantiate(RecordVal* args, File* file) if ( stream_val ) stream = event_registry->Lookup(stream_val->AsFunc()->Name()); - return new DataEvent(args, file, chunk, stream); + return new DataEvent(std::move(args), file, chunk, stream); } bool DataEvent::DeliverChunk(const u_char* data, uint64_t len, uint64_t offset) diff --git a/src/file_analysis/analyzer/data_event/DataEvent.h b/src/file_analysis/analyzer/data_event/DataEvent.h index 5027fd78ed..c1dd1ab64b 100644 --- a/src/file_analysis/analyzer/data_event/DataEvent.h +++ b/src/file_analysis/analyzer/data_event/DataEvent.h @@ -43,7 +43,8 @@ public: * @return the new DataEvent analyzer instance or a null pointer if * no "chunk_event" or "stream_event" field was specfied in \a args. */ - static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file); + static file_analysis::Analyzer* Instantiate(IntrusivePtr args, + File* file); protected: @@ -56,7 +57,7 @@ protected: * @param se pointer to event handler which will be called to receive * sequential file data. */ - DataEvent(RecordVal* args, File* file, + DataEvent(IntrusivePtr args, File* file, EventHandlerPtr ce, EventHandlerPtr se); private: diff --git a/src/file_analysis/analyzer/entropy/Entropy.cc b/src/file_analysis/analyzer/entropy/Entropy.cc index 401a9020d6..443a97b729 100644 --- a/src/file_analysis/analyzer/entropy/Entropy.cc +++ b/src/file_analysis/analyzer/entropy/Entropy.cc @@ -9,8 +9,9 @@ using namespace file_analysis; -Entropy::Entropy(RecordVal* args, File* file) - : file_analysis::Analyzer(file_mgr->GetComponentTag("ENTROPY"), args, file) +Entropy::Entropy(IntrusivePtr args, File* file) + : file_analysis::Analyzer(file_mgr->GetComponentTag("ENTROPY"), + std::move(args), file) { //entropy->Init(); entropy = new EntropyVal; @@ -22,9 +23,10 @@ Entropy::~Entropy() Unref(entropy); } -file_analysis::Analyzer* Entropy::Instantiate(RecordVal* args, File* file) +file_analysis::Analyzer* Entropy::Instantiate(IntrusivePtr args, + File* file) { - return new Entropy(args, file); + return new Entropy(std::move(args), file); } bool Entropy::DeliverStream(const u_char* data, uint64_t len) diff --git a/src/file_analysis/analyzer/entropy/Entropy.h b/src/file_analysis/analyzer/entropy/Entropy.h index d316291a5f..2f65f1aa56 100644 --- a/src/file_analysis/analyzer/entropy/Entropy.h +++ b/src/file_analysis/analyzer/entropy/Entropy.h @@ -31,7 +31,8 @@ public: * @return the new Entropy analyzer instance or a null pointer if the * the "extraction_file" field of \a args wasn't set. */ - static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file); + static file_analysis::Analyzer* Instantiate(IntrusivePtr args, + File* file); /** * Calculate entropy of next chunk of file contents. @@ -65,7 +66,7 @@ protected: * @param hv specific hash calculator object. * @param kind human readable name of the hash algorithm to use. */ - Entropy(RecordVal* args, File* file); + Entropy(IntrusivePtr args, File* file); /** * If some file contents have been seen, finalizes the entropy of them and diff --git a/src/file_analysis/analyzer/extract/Extract.cc b/src/file_analysis/analyzer/extract/Extract.cc index 2ba8e7926d..869c8e8724 100644 --- a/src/file_analysis/analyzer/extract/Extract.cc +++ b/src/file_analysis/analyzer/extract/Extract.cc @@ -10,9 +10,10 @@ using namespace file_analysis; -Extract::Extract(RecordVal* args, File* file, const std::string& arg_filename, - uint64_t arg_limit) - : file_analysis::Analyzer(file_mgr->GetComponentTag("EXTRACT"), args, file), +Extract::Extract(IntrusivePtr args, File* file, + const std::string& arg_filename, uint64_t arg_limit) + : file_analysis::Analyzer(file_mgr->GetComponentTag("EXTRACT"), + std::move(args), file), filename(arg_filename), limit(arg_limit), depth(0) { fd = open(filename.c_str(), O_WRONLY | O_CREAT | O_TRUNC | O_APPEND, 0666); @@ -32,7 +33,8 @@ Extract::~Extract() safe_close(fd); } -static const IntrusivePtr& get_extract_field_val(RecordVal* args, const char* name) +static const IntrusivePtr& get_extract_field_val(const IntrusivePtr& args, + const char* name) { const auto& rval = args->GetField(name); @@ -42,7 +44,7 @@ static const IntrusivePtr& get_extract_field_val(RecordVal* args, const cha return rval; } -file_analysis::Analyzer* Extract::Instantiate(RecordVal* args, File* file) +file_analysis::Analyzer* Extract::Instantiate(IntrusivePtr args, File* file) { const auto& fname = get_extract_field_val(args, "extract_filename"); const auto& limit = get_extract_field_val(args, "extract_limit"); @@ -50,7 +52,7 @@ file_analysis::Analyzer* Extract::Instantiate(RecordVal* args, File* file) if ( ! fname || ! limit ) return nullptr; - return new Extract(args, file, fname->AsString()->CheckString(), + return new Extract(std::move(args), file, fname->AsString()->CheckString(), limit->AsCount()); } diff --git a/src/file_analysis/analyzer/extract/Extract.h b/src/file_analysis/analyzer/extract/Extract.h index 5d2cd5b10b..c51e2e1a80 100644 --- a/src/file_analysis/analyzer/extract/Extract.h +++ b/src/file_analysis/analyzer/extract/Extract.h @@ -47,7 +47,8 @@ public: * @return the new Extract analyzer instance or a null pointer if the * the "extraction_file" field of \a args wasn't set. */ - static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file); + static file_analysis::Analyzer* Instantiate(IntrusivePtr args, + File* file); /** * Sets the maximum allowed extracted file size. A value of zero means @@ -66,8 +67,8 @@ protected: * to which the contents of the file will be extracted/written. * @param arg_limit the maximum allowed file size. */ - Extract(RecordVal* args, File* file, const std::string& arg_filename, - uint64_t arg_limit); + Extract(IntrusivePtr args, File* file, + const std::string& arg_filename, uint64_t arg_limit); private: std::string filename; diff --git a/src/file_analysis/analyzer/hash/Hash.cc b/src/file_analysis/analyzer/hash/Hash.cc index 99187d243d..011b6ef443 100644 --- a/src/file_analysis/analyzer/hash/Hash.cc +++ b/src/file_analysis/analyzer/hash/Hash.cc @@ -9,8 +9,10 @@ using namespace file_analysis; -Hash::Hash(RecordVal* args, File* file, HashVal* hv, const char* arg_kind) - : file_analysis::Analyzer(file_mgr->GetComponentTag(to_upper(arg_kind).c_str()), args, file), hash(hv), fed(false), kind(arg_kind) +Hash::Hash(IntrusivePtr args, File* file, HashVal* hv, const char* arg_kind) + : file_analysis::Analyzer(file_mgr->GetComponentTag(to_upper(arg_kind).c_str()), + std::move(args), file), + hash(hv), fed(false), kind(arg_kind) { hash->Init(); } diff --git a/src/file_analysis/analyzer/hash/Hash.h b/src/file_analysis/analyzer/hash/Hash.h index 903fc7d6f7..190152d1c3 100644 --- a/src/file_analysis/analyzer/hash/Hash.h +++ b/src/file_analysis/analyzer/hash/Hash.h @@ -56,7 +56,7 @@ protected: * @param hv specific hash calculator object. * @param kind human readable name of the hash algorithm to use. */ - Hash(RecordVal* args, File* file, HashVal* hv, const char* kind); + Hash(IntrusivePtr args, File* file, HashVal* hv, const char* kind); /** * If some file contents have been seen, finalizes the hash of them and @@ -83,8 +83,9 @@ public: * @return the new MD5 analyzer instance or a null pointer if there's no * handler for the "file_hash" event. */ - static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file) - { return file_hash ? new MD5(args, file) : nullptr; } + static file_analysis::Analyzer* Instantiate(IntrusivePtr args, + File* file) + { return file_hash ? new MD5(std::move(args), file) : nullptr; } protected: @@ -93,8 +94,8 @@ protected: * @param args the \c AnalyzerArgs value which represents the analyzer. * @param file the file to which the analyzer will be attached. */ - MD5(RecordVal* args, File* file) - : Hash(args, file, new MD5Val(), "md5") + MD5(IntrusivePtr args, File* file) + : Hash(std::move(args), file, new MD5Val(), "md5") {} }; @@ -111,8 +112,9 @@ public: * @return the new MD5 analyzer instance or a null pointer if there's no * handler for the "file_hash" event. */ - static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file) - { return file_hash ? new SHA1(args, file) : nullptr; } + static file_analysis::Analyzer* Instantiate(IntrusivePtr args, + File* file) + { return file_hash ? new SHA1(std::move(args), file) : nullptr; } protected: @@ -121,8 +123,8 @@ protected: * @param args the \c AnalyzerArgs value which represents the analyzer. * @param file the file to which the analyzer will be attached. */ - SHA1(RecordVal* args, File* file) - : Hash(args, file, new SHA1Val(), "sha1") + SHA1(IntrusivePtr args, File* file) + : Hash(std::move(args), file, new SHA1Val(), "sha1") {} }; @@ -139,8 +141,9 @@ public: * @return the new MD5 analyzer instance or a null pointer if there's no * handler for the "file_hash" event. */ - static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file) - { return file_hash ? new SHA256(args, file) : nullptr; } + static file_analysis::Analyzer* Instantiate(IntrusivePtr args, + File* file) + { return file_hash ? new SHA256(std::move(args), file) : nullptr; } protected: @@ -149,8 +152,8 @@ protected: * @param args the \c AnalyzerArgs value which represents the analyzer. * @param file the file to which the analyzer will be attached. */ - SHA256(RecordVal* args, File* file) - : Hash(args, file, new SHA256Val(), "sha256") + SHA256(IntrusivePtr args, File* file) + : Hash(std::move(args), file, new SHA256Val(), "sha256") {} }; diff --git a/src/file_analysis/analyzer/pe/PE.cc b/src/file_analysis/analyzer/pe/PE.cc index 20ecadc3bf..0962f51dfa 100644 --- a/src/file_analysis/analyzer/pe/PE.cc +++ b/src/file_analysis/analyzer/pe/PE.cc @@ -3,8 +3,9 @@ using namespace file_analysis; -PE::PE(RecordVal* args, File* file) - : file_analysis::Analyzer(file_mgr->GetComponentTag("PE"), args, file) +PE::PE(IntrusivePtr args, File* file) + : file_analysis::Analyzer(file_mgr->GetComponentTag("PE"), std::move(args), + file) { conn = new binpac::PE::MockConnection(this); interp = new binpac::PE::File(conn); diff --git a/src/file_analysis/analyzer/pe/PE.h b/src/file_analysis/analyzer/pe/PE.h index 3a1c9befc0..87a82825f4 100644 --- a/src/file_analysis/analyzer/pe/PE.h +++ b/src/file_analysis/analyzer/pe/PE.h @@ -15,15 +15,16 @@ class PE : public file_analysis::Analyzer { public: ~PE(); - static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file) - { return new PE(args, file); } + static file_analysis::Analyzer* Instantiate(IntrusivePtr args, + File* file) + { return new PE(std::move(args), file); } virtual bool DeliverStream(const u_char* data, uint64_t len); virtual bool EndOfFile(); protected: - PE(RecordVal* args, File* file); + PE(IntrusivePtr args, File* file); binpac::PE::File* interp; binpac::PE::MockConnection* conn; bool done; diff --git a/src/file_analysis/analyzer/unified2/Unified2.cc b/src/file_analysis/analyzer/unified2/Unified2.cc index d14ee340e9..e9b14373c6 100644 --- a/src/file_analysis/analyzer/unified2/Unified2.cc +++ b/src/file_analysis/analyzer/unified2/Unified2.cc @@ -5,8 +5,8 @@ using namespace file_analysis; -Unified2::Unified2(RecordVal* args, File* file) - : file_analysis::Analyzer(file_mgr->GetComponentTag("UNIFIED2"), args, file) +Unified2::Unified2(IntrusivePtr args, File* file) + : file_analysis::Analyzer(file_mgr->GetComponentTag("UNIFIED2"), std::move(args), file) { interp = new binpac::Unified2::Unified2_Analyzer(this); } @@ -16,9 +16,9 @@ Unified2::~Unified2() delete interp; } -file_analysis::Analyzer* Unified2::Instantiate(RecordVal* args, File* file) +file_analysis::Analyzer* Unified2::Instantiate(IntrusivePtr args, File* file) { - return new Unified2(args, file); + return new Unified2(std::move(args), file); } bool Unified2::DeliverStream(const u_char* data, uint64_t len) diff --git a/src/file_analysis/analyzer/unified2/Unified2.h b/src/file_analysis/analyzer/unified2/Unified2.h index 8184861b22..b65c25e0a1 100644 --- a/src/file_analysis/analyzer/unified2/Unified2.h +++ b/src/file_analysis/analyzer/unified2/Unified2.h @@ -20,10 +20,11 @@ public: bool DeliverStream(const u_char* data, uint64_t len) override; - static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file); + static file_analysis::Analyzer* Instantiate(IntrusivePtr args, + File* file); protected: - Unified2(RecordVal* args, File* file); + Unified2(IntrusivePtr args, File* file); private: binpac::Unified2::Unified2_Analyzer* interp; diff --git a/src/file_analysis/analyzer/x509/OCSP.cc b/src/file_analysis/analyzer/x509/OCSP.cc index 91c1535ec6..b11d7c6970 100644 --- a/src/file_analysis/analyzer/x509/OCSP.cc +++ b/src/file_analysis/analyzer/x509/OCSP.cc @@ -112,18 +112,23 @@ static bool ocsp_add_cert_id(const OCSP_CERTID* cert_id, zeek::Args* vl, BIO* bi return true; } -file_analysis::Analyzer* OCSP::InstantiateRequest(RecordVal* args, File* file) +file_analysis::Analyzer* OCSP::InstantiateRequest(IntrusivePtr args, + File* file) { - return new OCSP(args, file, true); + return new OCSP(std::move(args), file, true); } -file_analysis::Analyzer* OCSP::InstantiateReply(RecordVal* args, File* file) +file_analysis::Analyzer* OCSP::InstantiateReply(IntrusivePtr args, + File* file) { - return new OCSP(args, file, false); + return new OCSP(std::move(args), file, false); } -file_analysis::OCSP::OCSP(RecordVal* args, file_analysis::File* file, bool arg_request) - : file_analysis::X509Common::X509Common(file_mgr->GetComponentTag("OCSP"), args, file), request(arg_request) +file_analysis::OCSP::OCSP(IntrusivePtr args, file_analysis::File* file, + bool arg_request) + : file_analysis::X509Common::X509Common(file_mgr->GetComponentTag("OCSP"), + std::move(args), file), + request(arg_request) { } diff --git a/src/file_analysis/analyzer/x509/OCSP.h b/src/file_analysis/analyzer/x509/OCSP.h index 06ea1dd25a..c3cec77cec 100644 --- a/src/file_analysis/analyzer/x509/OCSP.h +++ b/src/file_analysis/analyzer/x509/OCSP.h @@ -18,11 +18,13 @@ public: bool Undelivered(uint64_t offset, uint64_t len) override; bool EndOfFile() override; - static file_analysis::Analyzer* InstantiateRequest(RecordVal* args, File* file); - static file_analysis::Analyzer* InstantiateReply(RecordVal* args, File* file); + static file_analysis::Analyzer* InstantiateRequest(IntrusivePtr args, + File* file); + static file_analysis::Analyzer* InstantiateReply(IntrusivePtr args, + File* file); protected: - OCSP(RecordVal* args, File* file, bool request); + OCSP(IntrusivePtr args, File* file, bool request); private: void ParseResponse(OCSP_RESPONSE*); diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc index 58946c7618..8ad24921ef 100644 --- a/src/file_analysis/analyzer/x509/X509.cc +++ b/src/file_analysis/analyzer/x509/X509.cc @@ -21,8 +21,9 @@ using namespace file_analysis; -file_analysis::X509::X509(RecordVal* args, file_analysis::File* file) - : file_analysis::X509Common::X509Common(file_mgr->GetComponentTag("X509"), args, file) +file_analysis::X509::X509(IntrusivePtr args, file_analysis::File* file) + : file_analysis::X509Common::X509Common(file_mgr->GetComponentTag("X509"), + std::move(args), file) { cert_data.clear(); } diff --git a/src/file_analysis/analyzer/x509/X509.h b/src/file_analysis/analyzer/x509/X509.h index 98370977c4..092ac9aa94 100644 --- a/src/file_analysis/analyzer/x509/X509.h +++ b/src/file_analysis/analyzer/x509/X509.h @@ -88,8 +88,9 @@ public: */ static IntrusivePtr ParseCertificate(X509Val* cert_val, File* file = nullptr); - static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file) - { return new X509(args, file); } + static file_analysis::Analyzer* Instantiate(IntrusivePtr args, + File* file) + { return new X509(std::move(args), file); } /** * Retrieves OpenSSL's representation of an X509 certificate store @@ -126,7 +127,7 @@ public: { cache_hit_callback = std::move(func); } protected: - X509(RecordVal* args, File* file); + X509(IntrusivePtr args, File* file); private: void ParseBasicConstraints(X509_EXTENSION* ex); diff --git a/src/file_analysis/analyzer/x509/X509Common.cc b/src/file_analysis/analyzer/x509/X509Common.cc index 723786f42c..e30ac06f7c 100644 --- a/src/file_analysis/analyzer/x509/X509Common.cc +++ b/src/file_analysis/analyzer/x509/X509Common.cc @@ -16,8 +16,9 @@ using namespace file_analysis; -X509Common::X509Common(const file_analysis::Tag& arg_tag, RecordVal* arg_args, File* arg_file) - : file_analysis::Analyzer(arg_tag, arg_args, arg_file) +X509Common::X509Common(const file_analysis::Tag& arg_tag, + IntrusivePtr arg_args, File* arg_file) + : file_analysis::Analyzer(arg_tag, std::move(arg_args), arg_file) { } diff --git a/src/file_analysis/analyzer/x509/X509Common.h b/src/file_analysis/analyzer/x509/X509Common.h index 5276329e55..a7c9254d0b 100644 --- a/src/file_analysis/analyzer/x509/X509Common.h +++ b/src/file_analysis/analyzer/x509/X509Common.h @@ -40,7 +40,8 @@ public: static double GetTimeFromAsn1(const ASN1_TIME* atime, File* f, Reporter* reporter); protected: - X509Common(const file_analysis::Tag& arg_tag, RecordVal* arg_args, File* arg_file); + X509Common(const file_analysis::Tag& arg_tag, + IntrusivePtr arg_args, File* arg_file); void ParseExtension(X509_EXTENSION* ex, const EventHandlerPtr& h, bool global); void ParseSignedCertificateTimestamps(X509_EXTENSION* ext);