Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Deprecate file analyzer construction methods taking raw RecordVal*

Browse source 
Replaced with versions that instead take IntrusivePtr
This commit is contained in:
Jon Siwek 2020-05-22 16:13:15 -07:00
parent ecb7c7c27e
commit 57a6069cd1
26 changed files with 164 additions and 79 deletions
Download patch file Download diff file Expand all files Collapse all files

4
NEWS
View file

@ -218,6 +218,10 @@ Deprecated Functionality
- ``VectorVal::Lookup()`` is deprecated, use ``VectorVal::At()``.
- The file analysis/analyzer API has deprecated methods taking raw
``RecordVal*`` for analyzer arguments and replaced those with methods
taking ``IntrusivePtr``.
Zeek 3.1.0
==========

20
src/file_analysis/Analyzer.cc
View file

@ -18,12 +18,28 @@ void file_analysis::Analyzer::SetAnalyzerTag(const file_analysis::Tag& arg_tag)
tag = arg_tag;
}
file_analysis::Analyzer::Analyzer(file_analysis::Tag arg_tag, RecordVal* arg_args, File* arg_file)
file_analysis::Analyzer::Analyzer(file_analysis::Tag arg_tag,
IntrusivePtr<RecordVal> arg_args,
File* arg_file)
: tag(arg_tag),
args({NewRef{}, arg_args}),
args(std::move(arg_args)),
file(arg_file),
got_stream_delivery(false),
skip(false)
{
id = ++id_counter;
}
file_analysis::Analyzer::Analyzer(IntrusivePtr<RecordVal> arg_args, File* arg_file)
: Analyzer({}, std::move(arg_args), arg_file)
{}
file_analysis::Analyzer::Analyzer(file_analysis::Tag arg_tag,
RecordVal* arg_args,
File* arg_file)
: Analyzer(arg_tag, {NewRef{}, arg_args}, arg_file)
{}
file_analysis::Analyzer::Analyzer(RecordVal* arg_args, File* arg_file)
: Analyzer({}, {NewRef{}, arg_args}, arg_file)
{}

12
src/file_analysis/Analyzer.h
View file

@ -151,6 +151,10 @@ protected:
* tunable options, if any, related to a particular analyzer type.
* @param arg_file the file to which the the analyzer is being attached.
*/
Analyzer(file_analysis::Tag arg_tag, IntrusivePtr<RecordVal> arg_args,
File* arg_file);
[[deprecated("Remove in v4.1.. Construct using IntrusivePtr instead.")]]
Analyzer(file_analysis::Tag arg_tag, RecordVal* arg_args, File* arg_file);
/**
@ -162,10 +166,10 @@ protected:
* tunable options, if any, related to a particular analyzer type.
* @param arg_file the file to which the the analyzer is being attached.
*/
Analyzer(RecordVal* arg_args, File* arg_file)
: Analyzer({}, arg_args, arg_file)
{
}
Analyzer(IntrusivePtr<RecordVal> arg_args, File* arg_file);
[[deprecated("Remove in v4.1.. Construct using IntrusivePtr instead.")]]
Analyzer(RecordVal* arg_args, File* arg_file);
private:

2
src/file_analysis/AnalyzerSet.cc
View file

@ -177,7 +177,7 @@ HashKey* AnalyzerSet::GetKey(const file_analysis::Tag& t, RecordVal* args) const
file_analysis::Analyzer* AnalyzerSet::InstantiateAnalyzer(const Tag& tag,
RecordVal* args) const
{
file_analysis::Analyzer* a = file_mgr->InstantiateAnalyzer(tag, args, file);
auto a = file_mgr->InstantiateAnalyzer(tag, {NewRef{}, args}, file);
if ( ! a )
{

9
src/file_analysis/Component.cc
View file

@ -13,6 +13,15 @@ Component::Component(const std::string& name, factory_callback arg_factory, Tag:
plugin::TaggedComponent<file_analysis::Tag>(subtype)
{
factory = arg_factory;
factory_func = nullptr;
}
Component::Component(const std::string& name, factory_function arg_factory, Tag::subtype_t subtype)
: plugin::Component(plugin::component::FILE_ANALYZER, name),
plugin::TaggedComponent<file_analysis::Tag>(subtype)
{
factory = nullptr;
factory_func = arg_factory;
}
void Component::Initialize()

14
src/file_analysis/Component.h
View file

@ -14,6 +14,7 @@ namespace file_analysis {
class File;
class Analyzer;
class Manager;
/**
* Component description for plugins providing file analyzers.
@ -25,6 +26,7 @@ class Component : public plugin::Component,
public plugin::TaggedComponent<file_analysis::Tag> {
public:
typedef Analyzer* (*factory_callback)(RecordVal* args, File* file);
using factory_function = Analyzer* (*)(IntrusivePtr<RecordVal> args, File* file);
/**
* Constructor.
@ -45,6 +47,9 @@ public:
* analyzer instances can accordingly access it via analyzer::Tag().
* If not used, leave at zero.
*/
Component(const std::string& name, factory_function factory, Tag::subtype_t subtype = 0);
[[deprecated("Remove in v4.1. Use factory_function w/ IntrusivePtr args")]]
Component(const std::string& name, factory_callback factory, Tag::subtype_t subtype = 0);
/**
@ -62,6 +67,10 @@ public:
/**
* Returns the analyzer's factory function.
*/
factory_function FactoryFunction() const
{ return factory_func; }
[[deprecated("Remove in v4.1. Use FactoryFunction().")]]
factory_callback Factory() const { return factory; }
protected:
@ -71,7 +80,10 @@ protected:
void DoDescribe(ODesc* d) const override;
private:
factory_callback factory; // The analyzer's factory callback.
friend class file_analysis::Manager;
factory_callback factory; // The analyzer's factory callback (deprecated).
factory_function factory_func; // The analyzer's factory callback.
};
}

21
src/file_analysis/Manager.cc
View file

@ -443,6 +443,11 @@ bool Manager::IsDisabled(const analyzer::Tag& tag)
}
Analyzer* Manager::InstantiateAnalyzer(const Tag& tag, RecordVal* args, File* f) const
{ return InstantiateAnalyzer(tag, {NewRef{}, args}, f); }
Analyzer* Manager::InstantiateAnalyzer(const Tag& tag,
IntrusivePtr<RecordVal> args,
File* f) const
{
Component* c = Lookup(tag);
@ -454,18 +459,22 @@ Analyzer* Manager::InstantiateAnalyzer(const Tag& tag, RecordVal* args, File* f)
return nullptr;
}
if ( ! c->Factory() )
DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Instantiate analyzer %s",
f->id.c_str(), GetComponentName(tag).c_str());
Analyzer* a;
if ( c->factory_func )
a = c->factory_func(std::move(args), f);
else if ( c->factory )
a = c->factory(args.get(), f);
else
{
reporter->InternalWarning("file analyzer %s cannot be instantiated "
"dynamically", c->CanonicalName().c_str());
return nullptr;
}
DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Instantiate analyzer %s",
f->id.c_str(), GetComponentName(tag).c_str());
Analyzer* a = c->Factory()(args, f);
if ( ! a )
reporter->InternalError("file analyzer instantiation failed");

4
src/file_analysis/Manager.h
View file

@ -300,6 +300,10 @@ public:
* @param f The file analzer is to be associated with.
* @return The new analyzer instance or null if tag is invalid.
*/
Analyzer* InstantiateAnalyzer(const Tag& tag, IntrusivePtr<RecordVal> args,
File* f) const;
[[deprecated("Remove in v4.1. Pass in IntrusivePtr args instead.")]]
Analyzer* InstantiateAnalyzer(const Tag& tag, RecordVal* args, File* f) const;
/**

9
src/file_analysis/analyzer/data_event/DataEvent.cc
View file

@ -11,15 +11,16 @@
using namespace file_analysis;
DataEvent::DataEvent(RecordVal* args, File* file,
DataEvent::DataEvent(IntrusivePtr<RecordVal> args, File* file,
EventHandlerPtr ce, EventHandlerPtr se)
: file_analysis::Analyzer(file_mgr->GetComponentTag("DATA_EVENT"),
args, file),
std::move(args), file),
chunk_event(ce), stream_event(se)
{
}
file_analysis::Analyzer* DataEvent::Instantiate(RecordVal* args, File* file)
file_analysis::Analyzer* DataEvent::Instantiate(IntrusivePtr<RecordVal> args,
File* file)
{
const auto& chunk_val = args->GetField("chunk_event");
const auto& stream_val = args->GetField("stream_event");
@ -35,7 +36,7 @@ file_analysis::Analyzer* DataEvent::Instantiate(RecordVal* args, File* file)
if ( stream_val )
stream = event_registry->Lookup(stream_val->AsFunc()->Name());
return new DataEvent(args, file, chunk, stream);
return new DataEvent(std::move(args), file, chunk, stream);
}
bool DataEvent::DeliverChunk(const u_char* data, uint64_t len, uint64_t offset)

5
src/file_analysis/analyzer/data_event/DataEvent.h
View file

@ -43,7 +43,8 @@ public:
* @return the new DataEvent analyzer instance or a null pointer if
* no "chunk_event" or "stream_event" field was specfied in \a args.
*/
static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file);
static file_analysis::Analyzer* Instantiate(IntrusivePtr<RecordVal> args,
File* file);
protected:
@ -56,7 +57,7 @@ protected:
* @param se pointer to event handler which will be called to receive
* sequential file data.
*/
DataEvent(RecordVal* args, File* file,
DataEvent(IntrusivePtr<RecordVal> args, File* file,
EventHandlerPtr ce, EventHandlerPtr se);
private:

10
src/file_analysis/analyzer/entropy/Entropy.cc
View file

@ -9,8 +9,9 @@
using namespace file_analysis;
Entropy::Entropy(RecordVal* args, File* file)
: file_analysis::Analyzer(file_mgr->GetComponentTag("ENTROPY"), args, file)
Entropy::Entropy(IntrusivePtr<RecordVal> args, File* file)
: file_analysis::Analyzer(file_mgr->GetComponentTag("ENTROPY"),
std::move(args), file)
{
//entropy->Init();
entropy = new EntropyVal;
@ -22,9 +23,10 @@ Entropy::~Entropy()
Unref(entropy);
}
file_analysis::Analyzer* Entropy::Instantiate(RecordVal* args, File* file)
file_analysis::Analyzer* Entropy::Instantiate(IntrusivePtr<RecordVal> args,
File* file)
{
return new Entropy(args, file);
return new Entropy(std::move(args), file);
}
bool Entropy::DeliverStream(const u_char* data, uint64_t len)

5
src/file_analysis/analyzer/entropy/Entropy.h
View file

@ -31,7 +31,8 @@ public:
* @return the new Entropy analyzer instance or a null pointer if the
* the "extraction_file" field of \a args wasn't set.
*/
static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file);
static file_analysis::Analyzer* Instantiate(IntrusivePtr<RecordVal> args,
File* file);
/**
* Calculate entropy of next chunk of file contents.
@ -65,7 +66,7 @@ protected:
* @param hv specific hash calculator object.
* @param kind human readable name of the hash algorithm to use.
*/
Entropy(RecordVal* args, File* file);
Entropy(IntrusivePtr<RecordVal> args, File* file);
/**
* If some file contents have been seen, finalizes the entropy of them and

14
src/file_analysis/analyzer/extract/Extract.cc
View file

@ -10,9 +10,10 @@
using namespace file_analysis;
Extract::Extract(RecordVal* args, File* file, const std::string& arg_filename,
uint64_t arg_limit)
: file_analysis::Analyzer(file_mgr->GetComponentTag("EXTRACT"), args, file),
Extract::Extract(IntrusivePtr<RecordVal> args, File* file,
const std::string& arg_filename, uint64_t arg_limit)
: file_analysis::Analyzer(file_mgr->GetComponentTag("EXTRACT"),
std::move(args), file),
filename(arg_filename), limit(arg_limit), depth(0)
{
fd = open(filename.c_str(), O_WRONLY | O_CREAT | O_TRUNC | O_APPEND, 0666);
@ -32,7 +33,8 @@ Extract::~Extract()
safe_close(fd);
}
static const IntrusivePtr<Val>& get_extract_field_val(RecordVal* args, const char* name)
static const IntrusivePtr<Val>& get_extract_field_val(const IntrusivePtr<RecordVal>& args,
const char* name)
{
const auto& rval = args->GetField(name);
@ -42,7 +44,7 @@ static const IntrusivePtr<Val>& get_extract_field_val(RecordVal* args, const cha
return rval;
}
file_analysis::Analyzer* Extract::Instantiate(RecordVal* args, File* file)
file_analysis::Analyzer* Extract::Instantiate(IntrusivePtr<RecordVal> args, File* file)
{
const auto& fname = get_extract_field_val(args, "extract_filename");
const auto& limit = get_extract_field_val(args, "extract_limit");
@ -50,7 +52,7 @@ file_analysis::Analyzer* Extract::Instantiate(RecordVal* args, File* file)
if ( ! fname || ! limit )
return nullptr;
return new Extract(args, file, fname->AsString()->CheckString(),
return new Extract(std::move(args), file, fname->AsString()->CheckString(),
limit->AsCount());
}

7
src/file_analysis/analyzer/extract/Extract.h
View file

@ -47,7 +47,8 @@ public:
* @return the new Extract analyzer instance or a null pointer if the
* the "extraction_file" field of \a args wasn't set.
*/
static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file);
static file_analysis::Analyzer* Instantiate(IntrusivePtr<RecordVal> args,
File* file);
/**
* Sets the maximum allowed extracted file size. A value of zero means
@ -66,8 +67,8 @@ protected:
* to which the contents of the file will be extracted/written.
* @param arg_limit the maximum allowed file size.
*/
Extract(RecordVal* args, File* file, const std::string& arg_filename,
uint64_t arg_limit);
Extract(IntrusivePtr<RecordVal> args, File* file,
const std::string& arg_filename, uint64_t arg_limit);
private:
std::string filename;

6
src/file_analysis/analyzer/hash/Hash.cc
View file

@ -9,8 +9,10 @@
using namespace file_analysis;
Hash::Hash(RecordVal* args, File* file, HashVal* hv, const char* arg_kind)
: file_analysis::Analyzer(file_mgr->GetComponentTag(to_upper(arg_kind).c_str()), args, file), hash(hv), fed(false), kind(arg_kind)
Hash::Hash(IntrusivePtr<RecordVal> args, File* file, HashVal* hv, const char* arg_kind)
: file_analysis::Analyzer(file_mgr->GetComponentTag(to_upper(arg_kind).c_str()),
std::move(args), file),
hash(hv), fed(false), kind(arg_kind)
{
hash->Init();
}

29
src/file_analysis/analyzer/hash/Hash.h
View file

@ -56,7 +56,7 @@ protected:
* @param hv specific hash calculator object.
* @param kind human readable name of the hash algorithm to use.
*/
Hash(RecordVal* args, File* file, HashVal* hv, const char* kind);
Hash(IntrusivePtr<RecordVal> args, File* file, HashVal* hv, const char* kind);
/**
* If some file contents have been seen, finalizes the hash of them and
@ -83,8 +83,9 @@ public:
* @return the new MD5 analyzer instance or a null pointer if there's no
* handler for the "file_hash" event.
*/
static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file)
{ return file_hash ? new MD5(args, file) : nullptr; }
static file_analysis::Analyzer* Instantiate(IntrusivePtr<RecordVal> args,
File* file)
{ return file_hash ? new MD5(std::move(args), file) : nullptr; }
protected:
@ -93,8 +94,8 @@ protected:
* @param args the \c AnalyzerArgs value which represents the analyzer.
* @param file the file to which the analyzer will be attached.
*/
MD5(RecordVal* args, File* file)
: Hash(args, file, new MD5Val(), "md5")
MD5(IntrusivePtr<RecordVal> args, File* file)
: Hash(std::move(args), file, new MD5Val(), "md5")
{}
};
@ -111,8 +112,9 @@ public:
* @return the new MD5 analyzer instance or a null pointer if there's no
* handler for the "file_hash" event.
*/
static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file)
{ return file_hash ? new SHA1(args, file) : nullptr; }
static file_analysis::Analyzer* Instantiate(IntrusivePtr<RecordVal> args,
File* file)
{ return file_hash ? new SHA1(std::move(args), file) : nullptr; }
protected:
@ -121,8 +123,8 @@ protected:
* @param args the \c AnalyzerArgs value which represents the analyzer.
* @param file the file to which the analyzer will be attached.
*/
SHA1(RecordVal* args, File* file)
: Hash(args, file, new SHA1Val(), "sha1")
SHA1(IntrusivePtr<RecordVal> args, File* file)
: Hash(std::move(args), file, new SHA1Val(), "sha1")
{}
};
@ -139,8 +141,9 @@ public:
* @return the new MD5 analyzer instance or a null pointer if there's no
* handler for the "file_hash" event.
*/
static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file)
{ return file_hash ? new SHA256(args, file) : nullptr; }
static file_analysis::Analyzer* Instantiate(IntrusivePtr<RecordVal> args,
File* file)
{ return file_hash ? new SHA256(std::move(args), file) : nullptr; }
protected:
@ -149,8 +152,8 @@ protected:
* @param args the \c AnalyzerArgs value which represents the analyzer.
* @param file the file to which the analyzer will be attached.
*/
SHA256(RecordVal* args, File* file)
: Hash(args, file, new SHA256Val(), "sha256")
SHA256(IntrusivePtr<RecordVal> args, File* file)
: Hash(std::move(args), file, new SHA256Val(), "sha256")
{}
};

5
src/file_analysis/analyzer/pe/PE.cc
View file

@ -3,8 +3,9 @@
using namespace file_analysis;
PE::PE(RecordVal* args, File* file)
: file_analysis::Analyzer(file_mgr->GetComponentTag("PE"), args, file)
PE::PE(IntrusivePtr<RecordVal> args, File* file)
: file_analysis::Analyzer(file_mgr->GetComponentTag("PE"), std::move(args),
file)
{
conn = new binpac::PE::MockConnection(this);
interp = new binpac::PE::File(conn);

7
src/file_analysis/analyzer/pe/PE.h
View file

@ -15,15 +15,16 @@ class PE : public file_analysis::Analyzer {
public:
~PE();
static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file)
{ return new PE(args, file); }
static file_analysis::Analyzer* Instantiate(IntrusivePtr<RecordVal> args,
File* file)
{ return new PE(std::move(args), file); }
virtual bool DeliverStream(const u_char* data, uint64_t len);
virtual bool EndOfFile();
protected:
PE(RecordVal* args, File* file);
PE(IntrusivePtr<RecordVal> args, File* file);
binpac::PE::File* interp;
binpac::PE::MockConnection* conn;
bool done;

8
src/file_analysis/analyzer/unified2/Unified2.cc
View file

@ -5,8 +5,8 @@
using namespace file_analysis;
Unified2::Unified2(RecordVal* args, File* file)
: file_analysis::Analyzer(file_mgr->GetComponentTag("UNIFIED2"), args, file)
Unified2::Unified2(IntrusivePtr<RecordVal> args, File* file)
: file_analysis::Analyzer(file_mgr->GetComponentTag("UNIFIED2"), std::move(args), file)
{
interp = new binpac::Unified2::Unified2_Analyzer(this);
}
@ -16,9 +16,9 @@ Unified2::~Unified2()
delete interp;
}
file_analysis::Analyzer* Unified2::Instantiate(RecordVal* args, File* file)
file_analysis::Analyzer* Unified2::Instantiate(IntrusivePtr<RecordVal> args, File* file)
{
return new Unified2(args, file);
return new Unified2(std::move(args), file);
}
bool Unified2::DeliverStream(const u_char* data, uint64_t len)

5
src/file_analysis/analyzer/unified2/Unified2.h
View file

@ -20,10 +20,11 @@ public:
bool DeliverStream(const u_char* data, uint64_t len) override;
static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file);
static file_analysis::Analyzer* Instantiate(IntrusivePtr<RecordVal> args,
File* file);
protected:
Unified2(RecordVal* args, File* file);
Unified2(IntrusivePtr<RecordVal> args, File* file);
private:
binpac::Unified2::Unified2_Analyzer* interp;

17
src/file_analysis/analyzer/x509/OCSP.cc
View file

@ -112,18 +112,23 @@ static bool ocsp_add_cert_id(const OCSP_CERTID* cert_id, zeek::Args* vl, BIO* bi
return true;
}
file_analysis::Analyzer* OCSP::InstantiateRequest(RecordVal* args, File* file)
file_analysis::Analyzer* OCSP::InstantiateRequest(IntrusivePtr<RecordVal> args,
File* file)
{
return new OCSP(args, file, true);
return new OCSP(std::move(args), file, true);
}
file_analysis::Analyzer* OCSP::InstantiateReply(RecordVal* args, File* file)
file_analysis::Analyzer* OCSP::InstantiateReply(IntrusivePtr<RecordVal> args,
File* file)
{
return new OCSP(args, file, false);
return new OCSP(std::move(args), file, false);
}
file_analysis::OCSP::OCSP(RecordVal* args, file_analysis::File* file, bool arg_request)
: file_analysis::X509Common::X509Common(file_mgr->GetComponentTag("OCSP"), args, file), request(arg_request)
file_analysis::OCSP::OCSP(IntrusivePtr<RecordVal> args, file_analysis::File* file,
bool arg_request)
: file_analysis::X509Common::X509Common(file_mgr->GetComponentTag("OCSP"),
std::move(args), file),
request(arg_request)
{
}

8
src/file_analysis/analyzer/x509/OCSP.h
View file

@ -18,11 +18,13 @@ public:
bool Undelivered(uint64_t offset, uint64_t len) override;
bool EndOfFile() override;
static file_analysis::Analyzer* InstantiateRequest(RecordVal* args, File* file);
static file_analysis::Analyzer* InstantiateReply(RecordVal* args, File* file);
static file_analysis::Analyzer* InstantiateRequest(IntrusivePtr<RecordVal> args,
File* file);
static file_analysis::Analyzer* InstantiateReply(IntrusivePtr<RecordVal> args,
File* file);
protected:
OCSP(RecordVal* args, File* file, bool request);
OCSP(IntrusivePtr<RecordVal> args, File* file, bool request);
private:
void ParseResponse(OCSP_RESPONSE*);

5
src/file_analysis/analyzer/x509/X509.cc
View file

@ -21,8 +21,9 @@
using namespace file_analysis;
file_analysis::X509::X509(RecordVal* args, file_analysis::File* file)
: file_analysis::X509Common::X509Common(file_mgr->GetComponentTag("X509"), args, file)
file_analysis::X509::X509(IntrusivePtr<RecordVal> args, file_analysis::File* file)
: file_analysis::X509Common::X509Common(file_mgr->GetComponentTag("X509"),
std::move(args), file)
{
cert_data.clear();
}

7
src/file_analysis/analyzer/x509/X509.h
View file

@ -88,8 +88,9 @@ public:
*/
static IntrusivePtr<RecordVal> ParseCertificate(X509Val* cert_val, File* file = nullptr);
static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file)
{ return new X509(args, file); }
static file_analysis::Analyzer* Instantiate(IntrusivePtr<RecordVal> args,
File* file)
{ return new X509(std::move(args), file); }
/**
* Retrieves OpenSSL's representation of an X509 certificate store
@ -126,7 +127,7 @@ public:
{ cache_hit_callback = std::move(func); }
protected:
X509(RecordVal* args, File* file);
X509(IntrusivePtr<RecordVal> args, File* file);
private:
void ParseBasicConstraints(X509_EXTENSION* ex);

5
src/file_analysis/analyzer/x509/X509Common.cc
View file

@ -16,8 +16,9 @@
using namespace file_analysis;
X509Common::X509Common(const file_analysis::Tag& arg_tag, RecordVal* arg_args, File* arg_file)
: file_analysis::Analyzer(arg_tag, arg_args, arg_file)
X509Common::X509Common(const file_analysis::Tag& arg_tag,
IntrusivePtr<RecordVal> arg_args, File* arg_file)
: file_analysis::Analyzer(arg_tag, std::move(arg_args), arg_file)
{
}

3
src/file_analysis/analyzer/x509/X509Common.h
View file

@ -40,7 +40,8 @@ public:
static double GetTimeFromAsn1(const ASN1_TIME* atime, File* f, Reporter* reporter);
protected:
X509Common(const file_analysis::Tag& arg_tag, RecordVal* arg_args, File* arg_file);
X509Common(const file_analysis::Tag& arg_tag,
IntrusivePtr<RecordVal> arg_args, File* arg_file);
void ParseExtension(X509_EXTENSION* ex, const EventHandlerPtr& h, bool global);
void ParseSignedCertificateTimestamps(X509_EXTENSION* ext);