Deprecate file analyzer construction methods taking raw RecordVal*

Replaced with versions that instead take IntrusivePtr

NEWS

@@ -218,6 +218,10 @@ Deprecated Functionality
 
 - ``VectorVal::Lookup()`` is deprecated, use ``VectorVal::At()``.
 
+- The file analysis/analyzer API has deprecated methods taking raw
+  ``RecordVal*`` for analyzer arguments and replaced those with methods
+  taking ``IntrusivePtr``.
+
 Zeek 3.1.0
 ==========
 

src/file_analysis/Analyzer.cc

@@ -18,12 +18,28 @@ void file_analysis::Analyzer::SetAnalyzerTag(const file_analysis::Tag& arg_tag)
 	tag = arg_tag;
 	}
 
-file_analysis::Analyzer::Analyzer(file_analysis::Tag arg_tag, RecordVal* arg_args, File* arg_file)
+file_analysis::Analyzer::Analyzer(file_analysis::Tag arg_tag,
+                                  IntrusivePtr<RecordVal> arg_args,
+                                  File* arg_file)
 	: tag(arg_tag),
-	  args({NewRef{}, arg_args}),
+	  args(std::move(arg_args)),
 	  file(arg_file),
 	  got_stream_delivery(false),
 	  skip(false)
 	{
 	id = ++id_counter;
 	}
+
+file_analysis::Analyzer::Analyzer(IntrusivePtr<RecordVal> arg_args, File* arg_file)
+	: Analyzer({}, std::move(arg_args), arg_file)
+	{}
+
+file_analysis::Analyzer::Analyzer(file_analysis::Tag arg_tag,
+                                  RecordVal* arg_args,
+                                  File* arg_file)
+	: Analyzer(arg_tag, {NewRef{}, arg_args}, arg_file)
+	{}
+
+file_analysis::Analyzer::Analyzer(RecordVal* arg_args, File* arg_file)
+	: Analyzer({}, {NewRef{}, arg_args}, arg_file)
+	{}

src/file_analysis/Analyzer.h

@@ -151,6 +151,10 @@ protected:
 	 *        tunable options, if any, related to a particular analyzer type.
 	 * @param arg_file the file to which the the analyzer is being attached.
 	 */
+	Analyzer(file_analysis::Tag arg_tag, IntrusivePtr<RecordVal> arg_args,
+	         File* arg_file);
+
+	[[deprecated("Remove in v4.1..  Construct using IntrusivePtr instead.")]]
 	Analyzer(file_analysis::Tag arg_tag, RecordVal* arg_args, File* arg_file);
 
 	/**
@@ -162,10 +166,10 @@ protected:
 	 *        tunable options, if any, related to a particular analyzer type.
 	 * @param arg_file the file to which the the analyzer is being attached.
 	 */
-	Analyzer(RecordVal* arg_args, File* arg_file)
+	Analyzer(IntrusivePtr<RecordVal> arg_args, File* arg_file);
-	    : Analyzer({}, arg_args, arg_file)
+
-		{
+	[[deprecated("Remove in v4.1..  Construct using IntrusivePtr instead.")]]
-		}
+	Analyzer(RecordVal* arg_args, File* arg_file);
 
 private:
 

src/file_analysis/AnalyzerSet.cc

@@ -177,7 +177,7 @@ HashKey* AnalyzerSet::GetKey(const file_analysis::Tag& t, RecordVal* args) const
 file_analysis::Analyzer* AnalyzerSet::InstantiateAnalyzer(const Tag& tag,
                                                           RecordVal* args) const
 	{
-	file_analysis::Analyzer* a = file_mgr->InstantiateAnalyzer(tag, args, file);
+	auto  a = file_mgr->InstantiateAnalyzer(tag, {NewRef{}, args}, file);
 
 	if ( ! a )
 		{

src/file_analysis/Component.cc

@@ -13,6 +13,15 @@ Component::Component(const std::string& name, factory_callback arg_factory, Tag:
 	  plugin::TaggedComponent<file_analysis::Tag>(subtype)
 	{
 	factory = arg_factory;
+	factory_func = nullptr;
+	}
+
+Component::Component(const std::string& name, factory_function arg_factory, Tag::subtype_t subtype)
+	: plugin::Component(plugin::component::FILE_ANALYZER, name),
+	  plugin::TaggedComponent<file_analysis::Tag>(subtype)
+	{
+	factory = nullptr;
+	factory_func = arg_factory;
 	}
 
 void Component::Initialize()

src/file_analysis/Component.h

@@ -14,6 +14,7 @@ namespace file_analysis {
 
 class File;
 class Analyzer;
+class Manager;
 
 /**
  * Component description for plugins providing file analyzers.
@@ -25,6 +26,7 @@ class Component : public plugin::Component,
                   public plugin::TaggedComponent<file_analysis::Tag> {
 public:
 	typedef Analyzer* (*factory_callback)(RecordVal* args, File* file);
+	using factory_function = Analyzer* (*)(IntrusivePtr<RecordVal> args, File* file);
 
 	/**
 	 * Constructor.
@@ -45,6 +47,9 @@ public:
 	 * analyzer instances can accordingly access it via analyzer::Tag().
 	 * If not used, leave at zero.
 	 */
+	Component(const std::string& name, factory_function factory, Tag::subtype_t subtype = 0);
+
+	[[deprecated("Remove in v4.1.  Use factory_function w/ IntrusivePtr args")]]
 	Component(const std::string& name, factory_callback factory, Tag::subtype_t subtype = 0);
 
 	/**
@@ -62,6 +67,10 @@ public:
 	/**
 	 * Returns the analyzer's factory function.
 	 */
+	factory_function FactoryFunction() const
+		{ return factory_func; }
+
+	[[deprecated("Remove in v4.1.  Use FactoryFunction().")]]
 	factory_callback Factory() const	{ return factory; }
 
 protected:
@@ -71,7 +80,10 @@ protected:
 	void DoDescribe(ODesc* d) const override;
 
 private:
-	factory_callback factory;	// The analyzer's factory callback.
+	friend class file_analysis::Manager;
+
+	factory_callback factory;	// The analyzer's factory callback (deprecated).
+	factory_function factory_func;	// The analyzer's factory callback.
 };
 
 }

src/file_analysis/Manager.cc

@@ -443,6 +443,11 @@ bool Manager::IsDisabled(const analyzer::Tag& tag)
 	}
 
 Analyzer* Manager::InstantiateAnalyzer(const Tag& tag, RecordVal* args, File* f) const
+	{ return InstantiateAnalyzer(tag, {NewRef{}, args}, f); }
+
+Analyzer* Manager::InstantiateAnalyzer(const Tag& tag,
+                                       IntrusivePtr<RecordVal> args,
+                                       File* f) const
 	{
 	Component* c = Lookup(tag);
 
@@ -454,18 +459,22 @@ Analyzer* Manager::InstantiateAnalyzer(const Tag& tag, RecordVal* args, File* f)
 		return nullptr;
 		}
 
-	if ( ! c->Factory() )
+	DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Instantiate analyzer %s",
+	        f->id.c_str(), GetComponentName(tag).c_str());
+
+	Analyzer* a;
+
+	if ( c->factory_func )
+		a = c->factory_func(std::move(args), f);
+	else if ( c->factory )
+		a = c->factory(args.get(), f);
+	else
 		{
 		reporter->InternalWarning("file analyzer %s cannot be instantiated "
 		                          "dynamically", c->CanonicalName().c_str());
 		return nullptr;
 		}
 
-	DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Instantiate analyzer %s",
-		f->id.c_str(), GetComponentName(tag).c_str());
-
-	Analyzer* a = c->Factory()(args, f);
-
 	if ( ! a )
 		reporter->InternalError("file analyzer instantiation failed");
 

src/file_analysis/Manager.h

@@ -300,6 +300,10 @@ public:
 	 * @param f The file analzer is to be associated with.
 	 * @return The new analyzer instance or null if tag is invalid.
 	 */
+	Analyzer* InstantiateAnalyzer(const Tag& tag, IntrusivePtr<RecordVal> args,
+	                              File* f) const;
+
+	[[deprecated("Remove in v4.1.  Pass in IntrusivePtr args instead.")]]
 	Analyzer* InstantiateAnalyzer(const Tag& tag, RecordVal* args, File* f) const;
 
 	/**

src/file_analysis/analyzer/data_event/DataEvent.cc

@@ -11,15 +11,16 @@
 
 using namespace file_analysis;
 
-DataEvent::DataEvent(RecordVal* args, File* file,
+DataEvent::DataEvent(IntrusivePtr<RecordVal> args, File* file,
                      EventHandlerPtr ce, EventHandlerPtr se)
     : file_analysis::Analyzer(file_mgr->GetComponentTag("DATA_EVENT"),
-	                          args, file),
+	                          std::move(args), file),
 	chunk_event(ce), stream_event(se)
 	{
 	}
 
-file_analysis::Analyzer* DataEvent::Instantiate(RecordVal* args, File* file)
+file_analysis::Analyzer* DataEvent::Instantiate(IntrusivePtr<RecordVal> args,
+                                                File* file)
 	{
 	const auto& chunk_val = args->GetField("chunk_event");
 	const auto& stream_val = args->GetField("stream_event");
@@ -35,7 +36,7 @@ file_analysis::Analyzer* DataEvent::Instantiate(RecordVal* args, File* file)
 	if ( stream_val )
 		stream = event_registry->Lookup(stream_val->AsFunc()->Name());
 
-	return new DataEvent(args, file, chunk, stream);
+	return new DataEvent(std::move(args), file, chunk, stream);
 	}
 
 bool DataEvent::DeliverChunk(const u_char* data, uint64_t len, uint64_t offset)

src/file_analysis/analyzer/data_event/DataEvent.h

@@ -43,7 +43,8 @@ public:
 	 * @return the new DataEvent analyzer instance or a null pointer if
 	 *         no "chunk_event" or "stream_event" field was specfied in \a args.
 	 */
-	static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file);
+	static file_analysis::Analyzer* Instantiate(IntrusivePtr<RecordVal> args,
+	                                            File* file);
 
 protected:
 
@@ -56,7 +57,7 @@ protected:
 	 * @param se pointer to event handler which will be called to receive
 	 *        sequential file data.
 	 */
-	DataEvent(RecordVal* args, File* file,
+	DataEvent(IntrusivePtr<RecordVal> args, File* file,
 	          EventHandlerPtr ce, EventHandlerPtr se);
 
 private:

src/file_analysis/analyzer/entropy/Entropy.cc

@@ -9,8 +9,9 @@
 
 using namespace file_analysis;
 
-Entropy::Entropy(RecordVal* args, File* file)
+Entropy::Entropy(IntrusivePtr<RecordVal> args, File* file)
-    : file_analysis::Analyzer(file_mgr->GetComponentTag("ENTROPY"), args, file)
+    : file_analysis::Analyzer(file_mgr->GetComponentTag("ENTROPY"),
+                              std::move(args), file)
 	{
 	//entropy->Init();
 	entropy = new EntropyVal;
@@ -22,9 +23,10 @@ Entropy::~Entropy()
 	Unref(entropy);
 	}
 
-file_analysis::Analyzer* Entropy::Instantiate(RecordVal* args, File* file)
+file_analysis::Analyzer* Entropy::Instantiate(IntrusivePtr<RecordVal> args,
+                                              File* file)
 	{
-	return new Entropy(args, file);
+	return new Entropy(std::move(args), file);
 	}
 
 bool Entropy::DeliverStream(const u_char* data, uint64_t len)

src/file_analysis/analyzer/entropy/Entropy.h

@@ -31,7 +31,8 @@ public:
 	 * @return the new Entropy analyzer instance or a null pointer if the
 	 *         the "extraction_file" field of \a args wasn't set.
 	 */
-	static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file);
+	static file_analysis::Analyzer* Instantiate(IntrusivePtr<RecordVal> args,
+	                                            File* file);
 
 	/**
 	 * Calculate entropy of next chunk of file contents.
@@ -65,7 +66,7 @@ protected:
 	 * @param hv specific hash calculator object.
 	 * @param kind human readable name of the hash algorithm to use.
 	 */
-	Entropy(RecordVal* args, File* file);
+	Entropy(IntrusivePtr<RecordVal> args, File* file);
 
 	/**
 	 * If some file contents have been seen, finalizes the entropy of them and

src/file_analysis/analyzer/extract/Extract.cc

@@ -10,9 +10,10 @@
 
 using namespace file_analysis;
 
-Extract::Extract(RecordVal* args, File* file, const std::string& arg_filename,
+Extract::Extract(IntrusivePtr<RecordVal> args, File* file,
-                 uint64_t arg_limit)
+                 const std::string& arg_filename, uint64_t arg_limit)
-    : file_analysis::Analyzer(file_mgr->GetComponentTag("EXTRACT"), args, file),
+    : file_analysis::Analyzer(file_mgr->GetComponentTag("EXTRACT"),
+                              std::move(args), file),
       filename(arg_filename), limit(arg_limit), depth(0)
 	{
 	fd = open(filename.c_str(), O_WRONLY | O_CREAT | O_TRUNC | O_APPEND, 0666);
@@ -32,7 +33,8 @@ Extract::~Extract()
 		safe_close(fd);
 	}
 
-static const IntrusivePtr<Val>& get_extract_field_val(RecordVal* args, const char* name)
+static const IntrusivePtr<Val>& get_extract_field_val(const IntrusivePtr<RecordVal>& args,
+                                                      const char* name)
 	{
 	const auto& rval = args->GetField(name);
 
@@ -42,7 +44,7 @@ static const IntrusivePtr<Val>& get_extract_field_val(RecordVal* args, const cha
 	return rval;
 	}
 
-file_analysis::Analyzer* Extract::Instantiate(RecordVal* args, File* file)
+file_analysis::Analyzer* Extract::Instantiate(IntrusivePtr<RecordVal> args, File* file)
 	{
 	const auto& fname = get_extract_field_val(args, "extract_filename");
 	const auto& limit = get_extract_field_val(args, "extract_limit");
@@ -50,7 +52,7 @@ file_analysis::Analyzer* Extract::Instantiate(RecordVal* args, File* file)
 	if ( ! fname || ! limit )
 		return nullptr;
 
-	return new Extract(args, file, fname->AsString()->CheckString(),
+	return new Extract(std::move(args), file, fname->AsString()->CheckString(),
 	                   limit->AsCount());
 	}
 

src/file_analysis/analyzer/extract/Extract.h

@@ -47,7 +47,8 @@ public:
 	 * @return the new Extract analyzer instance or a null pointer if the
 	 *         the "extraction_file" field of \a args wasn't set.
 	 */
-	static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file);
+	static file_analysis::Analyzer* Instantiate(IntrusivePtr<RecordVal> args,
+	                                            File* file);
 
 	/**
 	 * Sets the maximum allowed extracted file size.  A value of zero means
@@ -66,8 +67,8 @@ protected:
 	 *        to which the contents of the file will be extracted/written.
 	 * @param arg_limit the maximum allowed file size.
 	 */
-	Extract(RecordVal* args, File* file, const std::string& arg_filename,
+	Extract(IntrusivePtr<RecordVal> args, File* file,
-	        uint64_t arg_limit);
+	        const std::string& arg_filename, uint64_t arg_limit);
 
 private:
 	std::string filename;

src/file_analysis/analyzer/hash/Hash.cc

@@ -9,8 +9,10 @@
 
 using namespace file_analysis;
 
-Hash::Hash(RecordVal* args, File* file, HashVal* hv, const char* arg_kind)
+Hash::Hash(IntrusivePtr<RecordVal> args, File* file, HashVal* hv, const char* arg_kind)
-	: file_analysis::Analyzer(file_mgr->GetComponentTag(to_upper(arg_kind).c_str()), args, file), hash(hv), fed(false), kind(arg_kind)
+	: file_analysis::Analyzer(file_mgr->GetComponentTag(to_upper(arg_kind).c_str()),
+	                          std::move(args), file),
+	  hash(hv), fed(false), kind(arg_kind)
 	{
 	hash->Init();
 	}

src/file_analysis/analyzer/hash/Hash.h

@@ -56,7 +56,7 @@ protected:
 	 * @param hv specific hash calculator object.
 	 * @param kind human readable name of the hash algorithm to use.
 	 */
-	Hash(RecordVal* args, File* file, HashVal* hv, const char* kind);
+	Hash(IntrusivePtr<RecordVal> args, File* file, HashVal* hv, const char* kind);
 
 	/**
 	 * If some file contents have been seen, finalizes the hash of them and
@@ -83,8 +83,9 @@ public:
 	 * @return the new MD5 analyzer instance or a null pointer if there's no
 	 *         handler for the "file_hash" event.
 	 */
-	static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file)
+	static file_analysis::Analyzer* Instantiate(IntrusivePtr<RecordVal> args,
-		{ return file_hash ? new MD5(args, file) : nullptr; }
+	                                            File* file)
+		{ return file_hash ? new MD5(std::move(args), file) : nullptr; }
 
 protected:
 
@@ -93,8 +94,8 @@ protected:
 	 * @param args the \c AnalyzerArgs value which represents the analyzer.
 	 * @param file the file to which the analyzer will be attached.
 	 */
-	MD5(RecordVal* args, File* file)
+	MD5(IntrusivePtr<RecordVal> args, File* file)
-		: Hash(args, file, new MD5Val(), "md5")
+		: Hash(std::move(args), file, new MD5Val(), "md5")
 		{}
 };
 
@@ -111,8 +112,9 @@ public:
 	 * @return the new MD5 analyzer instance or a null pointer if there's no
 	 *         handler for the "file_hash" event.
 	 */
-	static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file)
+	static file_analysis::Analyzer* Instantiate(IntrusivePtr<RecordVal> args,
-		{ return file_hash ? new SHA1(args, file) : nullptr; }
+	                                            File* file)
+		{ return file_hash ? new SHA1(std::move(args), file) : nullptr; }
 
 protected:
 
@@ -121,8 +123,8 @@ protected:
 	 * @param args the \c AnalyzerArgs value which represents the analyzer.
 	 * @param file the file to which the analyzer will be attached.
 	 */
-	SHA1(RecordVal* args, File* file)
+	SHA1(IntrusivePtr<RecordVal> args, File* file)
-		: Hash(args, file, new SHA1Val(), "sha1")
+		: Hash(std::move(args), file, new SHA1Val(), "sha1")
 		{}
 };
 
@@ -139,8 +141,9 @@ public:
 	 * @return the new MD5 analyzer instance or a null pointer if there's no
 	 *         handler for the "file_hash" event.
 	 */
-	static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file)
+	static file_analysis::Analyzer* Instantiate(IntrusivePtr<RecordVal> args,
-		{ return file_hash ? new SHA256(args, file) : nullptr; }
+	                                            File* file)
+		{ return file_hash ? new SHA256(std::move(args), file) : nullptr; }
 
 protected:
 
@@ -149,8 +152,8 @@ protected:
 	 * @param args the \c AnalyzerArgs value which represents the analyzer.
 	 * @param file the file to which the analyzer will be attached.
 	 */
-	SHA256(RecordVal* args, File* file)
+	SHA256(IntrusivePtr<RecordVal> args, File* file)
-		: Hash(args, file, new SHA256Val(), "sha256")
+		: Hash(std::move(args), file, new SHA256Val(), "sha256")
 		{}
 };
 

src/file_analysis/analyzer/pe/PE.cc

@@ -3,8 +3,9 @@
 
 using namespace file_analysis;
 
-PE::PE(RecordVal* args, File* file)
+PE::PE(IntrusivePtr<RecordVal> args, File* file)
-    : file_analysis::Analyzer(file_mgr->GetComponentTag("PE"), args, file)
+    : file_analysis::Analyzer(file_mgr->GetComponentTag("PE"), std::move(args),
+                              file)
 	{
 	conn = new binpac::PE::MockConnection(this);
 	interp = new binpac::PE::File(conn);

src/file_analysis/analyzer/pe/PE.h

@@ -15,15 +15,16 @@ class PE : public file_analysis::Analyzer {
 public:
 	~PE();
 
-	static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file)
+	static file_analysis::Analyzer* Instantiate(IntrusivePtr<RecordVal> args,
-		{ return new PE(args, file); }
+	                                            File* file)
+		{ return new PE(std::move(args), file); }
 
 	virtual bool DeliverStream(const u_char* data, uint64_t len);
 
 	virtual bool EndOfFile();
 
 protected:
-	PE(RecordVal* args, File* file);
+	PE(IntrusivePtr<RecordVal> args, File* file);
 	binpac::PE::File* interp;
 	binpac::PE::MockConnection* conn;
 	bool done;

src/file_analysis/analyzer/unified2/Unified2.cc

@@ -5,8 +5,8 @@
 
 using namespace file_analysis;
 
-Unified2::Unified2(RecordVal* args, File* file)
+Unified2::Unified2(IntrusivePtr<RecordVal> args, File* file)
-    : file_analysis::Analyzer(file_mgr->GetComponentTag("UNIFIED2"), args, file)
+    : file_analysis::Analyzer(file_mgr->GetComponentTag("UNIFIED2"), std::move(args), file)
 	{
 	interp = new binpac::Unified2::Unified2_Analyzer(this);
 	}
@@ -16,9 +16,9 @@ Unified2::~Unified2()
 	delete interp;
 	}
 
-file_analysis::Analyzer* Unified2::Instantiate(RecordVal* args, File* file)
+file_analysis::Analyzer* Unified2::Instantiate(IntrusivePtr<RecordVal> args, File* file)
 	{
-	return new Unified2(args, file);
+	return new Unified2(std::move(args), file);
 	}
 
 bool Unified2::DeliverStream(const u_char* data, uint64_t len)

src/file_analysis/analyzer/unified2/Unified2.h

@@ -20,10 +20,11 @@ public:
 
 	bool DeliverStream(const u_char* data, uint64_t len) override;
 
-	static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file);
+	static file_analysis::Analyzer* Instantiate(IntrusivePtr<RecordVal> args,
+	                                            File* file);
 
 protected:
-	Unified2(RecordVal* args, File* file);
+	Unified2(IntrusivePtr<RecordVal> args, File* file);
 
 private:
 	binpac::Unified2::Unified2_Analyzer* interp;

src/file_analysis/analyzer/x509/OCSP.cc

@@ -112,18 +112,23 @@ static bool ocsp_add_cert_id(const OCSP_CERTID* cert_id, zeek::Args* vl, BIO* bi
 	return true;
 	}
 
-file_analysis::Analyzer* OCSP::InstantiateRequest(RecordVal* args, File* file)
+file_analysis::Analyzer* OCSP::InstantiateRequest(IntrusivePtr<RecordVal> args,
+                                                  File* file)
 	{
-	return new OCSP(args, file, true);
+	return new OCSP(std::move(args), file, true);
 	}
 
-file_analysis::Analyzer* OCSP::InstantiateReply(RecordVal* args, File* file)
+file_analysis::Analyzer* OCSP::InstantiateReply(IntrusivePtr<RecordVal> args,
+                                                File* file)
 	{
-	return new OCSP(args, file, false);
+	return new OCSP(std::move(args), file, false);
 	}
 
-file_analysis::OCSP::OCSP(RecordVal* args, file_analysis::File* file, bool arg_request)
+file_analysis::OCSP::OCSP(IntrusivePtr<RecordVal> args, file_analysis::File* file,
-	: file_analysis::X509Common::X509Common(file_mgr->GetComponentTag("OCSP"), args, file), request(arg_request)
+                          bool arg_request)
+	: file_analysis::X509Common::X509Common(file_mgr->GetComponentTag("OCSP"),
+	                                        std::move(args), file),
+	  request(arg_request)
 	{
 	}
 

src/file_analysis/analyzer/x509/OCSP.h

@@ -18,11 +18,13 @@ public:
 	bool Undelivered(uint64_t offset, uint64_t len) override;
 	bool EndOfFile() override;
 
-	static file_analysis::Analyzer* InstantiateRequest(RecordVal* args, File* file);
+	static file_analysis::Analyzer* InstantiateRequest(IntrusivePtr<RecordVal> args,
-	static file_analysis::Analyzer* InstantiateReply(RecordVal* args, File* file);
+	                                                   File* file);
+	static file_analysis::Analyzer* InstantiateReply(IntrusivePtr<RecordVal> args,
+	                                                 File* file);
 
 protected:
-	OCSP(RecordVal* args, File* file, bool request);
+	OCSP(IntrusivePtr<RecordVal> args, File* file, bool request);
 
 private:
 	void ParseResponse(OCSP_RESPONSE*);

src/file_analysis/analyzer/x509/X509.cc

@@ -21,8 +21,9 @@
 
 using namespace file_analysis;
 
-file_analysis::X509::X509(RecordVal* args, file_analysis::File* file)
+file_analysis::X509::X509(IntrusivePtr<RecordVal> args, file_analysis::File* file)
-	: file_analysis::X509Common::X509Common(file_mgr->GetComponentTag("X509"), args, file)
+	: file_analysis::X509Common::X509Common(file_mgr->GetComponentTag("X509"),
+	                                        std::move(args), file)
 	{
 	cert_data.clear();
 	}

src/file_analysis/analyzer/x509/X509.h

@@ -88,8 +88,9 @@ public:
 	 */
 	static IntrusivePtr<RecordVal> ParseCertificate(X509Val* cert_val, File* file = nullptr);
 
-	static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file)
+	static file_analysis::Analyzer* Instantiate(IntrusivePtr<RecordVal> args,
-		{ return new X509(args, file); }
+	                                            File* file)
+		{ return new X509(std::move(args), file); }
 
 	/**
 	 * Retrieves OpenSSL's representation of an X509 certificate store
@@ -126,7 +127,7 @@ public:
 		{ cache_hit_callback = std::move(func); }
 
 protected:
-	X509(RecordVal* args, File* file);
+	X509(IntrusivePtr<RecordVal> args, File* file);
 
 private:
 	void ParseBasicConstraints(X509_EXTENSION* ex);

src/file_analysis/analyzer/x509/X509Common.cc

@@ -16,8 +16,9 @@
 
 using namespace file_analysis;
 
-X509Common::X509Common(const file_analysis::Tag& arg_tag, RecordVal* arg_args, File* arg_file)
+X509Common::X509Common(const file_analysis::Tag& arg_tag,
-	: file_analysis::Analyzer(arg_tag, arg_args, arg_file)
+                       IntrusivePtr<RecordVal> arg_args, File* arg_file)
+	: file_analysis::Analyzer(arg_tag, std::move(arg_args), arg_file)
 	{
 	}
 

src/file_analysis/analyzer/x509/X509Common.h

@@ -40,7 +40,8 @@ public:
 	static double GetTimeFromAsn1(const ASN1_TIME* atime, File* f, Reporter* reporter);
 
 protected:
-	X509Common(const file_analysis::Tag& arg_tag, RecordVal* arg_args, File* arg_file);
+	X509Common(const file_analysis::Tag& arg_tag,
+	           IntrusivePtr<RecordVal> arg_args, File* arg_file);
 
 	void ParseExtension(X509_EXTENSION* ex, const EventHandlerPtr& h, bool global);
 	void ParseSignedCertificateTimestamps(X509_EXTENSION* ext);