Merge remote-tracking branch 'origin/master' into topic/seth/faf-updates

Conflicts: scripts/base/frameworks/files/main.bro scripts/base/init-bare.bro scripts/base/protocols/ftp/file-analysis.bro scripts/base/protocols/http/file-analysis.bro scripts/base/protocols/irc/file-analysis.bro scripts/base/protocols/smtp/file-analysis.bro src/const.bif src/event.bif src/file_analysis/Analyzer.h src/file_analysis/file_analysis.bif
2025-10-11 19:18:19 +00:00 · 2013-07-05 02:13:27 -04:00 · 2013-07-05 02:13:27 -04:00 · 58d133e764
commit 58d133e764
parent 2b48396d23 fefef47f30
555 changed files with 16982 additions and 13190 deletions
--- a/src/file_analysis/analyzer/extract/Extract.cc
+++ b/src/file_analysis/analyzer/extract/Extract.cc
@ -0,0 +1,48 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#include <string>
+
+#include "Extract.h"
+#include "util.h"
+
+using namespace file_analysis;
+
+Extract::Extract(RecordVal* args, File* file, const string& arg_filename)
+    : file_analysis::Analyzer(args, file), filename(arg_filename)
+	{
+	fd = open(filename.c_str(), O_WRONLY | O_CREAT | O_TRUNC, 0666);
+
+	if ( fd < 0 )
+		{
+		fd = 0;
+		char buf[128];
+		strerror_r(errno, buf, sizeof(buf));
+		reporter->Error("cannot open %s: %s", filename.c_str(), buf);
+		}
+	}
+
+Extract::~Extract()
+	{
+	if ( fd )
+		safe_close(fd);
+	}
+
+file_analysis::Analyzer* Extract::Instantiate(RecordVal* args, File* file)
+	{
+	using BifType::Record::Files::AnalyzerArgs;
+	Val* v = args->Lookup(AnalyzerArgs->FieldOffset("extract_filename"));
+
+	if ( ! v )
+		return 0;
+
+	return new Extract(args, file, v->AsString()->CheckString());
+	}
+
+bool Extract::DeliverChunk(const u_char* data, uint64 len, uint64 offset)
+	{
+	if ( ! fd )
+		return false;
+
+	safe_pwrite(fd, data, len, offset);
+	return true;
+	}