From 57c7cbdb9236338a4eb431a5484cc030448dd164 Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@corelight.com>
Date: Thu, 28 Nov 2019 10:24:48 -0800
Subject: [PATCH] GH-700: add zeek_args() BIF

Provides access to all zeek command-line arguments ("argv").
---
 src/zeek.bif                              | 13 +++++++++++++
 testing/btest/Baseline/bifs.zeek_args/out |  1 +
 testing/btest/bifs/zeek_args.zeek         |  2 ++
 3 files changed, 16 insertions(+)
 create mode 100644 testing/btest/Baseline/bifs.zeek_args/out
 create mode 100644 testing/btest/bifs/zeek_args.zeek

diff --git a/src/zeek.bif b/src/zeek.bif
index 4b1aec875d..1c34e3743e 100644
--- a/src/zeek.bif
+++ b/src/zeek.bif
@@ -23,6 +23,7 @@
 #include "file_analysis/Manager.h"
 #include "iosource/Manager.h"
 #include "iosource/Packet.h"
+#include "IntrusivePtr.h"
 
 using namespace std;
 
@@ -1877,6 +1878,18 @@ function type_name%(t: any%): string
 	return new StringVal(s);
 	%}
 
+## Returns: list of command-line arguments (``argv``) used to run Zeek.
+function zeek_args%(%): string_vec
+	%{
+	auto sv = internal_type("string_vec")->AsVectorType();
+	auto rval = make_intrusive<VectorVal>(sv);
+
+	for ( auto i = 0; i < bro_argc; ++i )
+		rval->Assign(rval->Size(), new StringVal(bro_argv[i]));
+
+	return rval.detach();
+	%}
+
 ## Checks whether Zeek reads traffic from one or more network interfaces (as
 ## opposed to from a network trace in a file). Note that this function returns
 ## true even after Zeek has stopped reading network traffic, for example due to
diff --git a/testing/btest/Baseline/bifs.zeek_args/out b/testing/btest/Baseline/bifs.zeek_args/out
new file mode 100644
index 0000000000..5970dc1510
--- /dev/null
+++ b/testing/btest/Baseline/bifs.zeek_args/out
@@ -0,0 +1 @@
+[zeek, -b, -r, /Users/jsiwek/pro/zeek/zeek/testing/btest/Traces/http/get.trace, -e, print zeek_args()]
diff --git a/testing/btest/bifs/zeek_args.zeek b/testing/btest/bifs/zeek_args.zeek
new file mode 100644
index 0000000000..177db4a358
--- /dev/null
+++ b/testing/btest/bifs/zeek_args.zeek
@@ -0,0 +1,2 @@
+# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace -e 'print zeek_args()' >out
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out