Merge remote-tracking branch 'origin/master' into topic/seth/faf-updates

Conflicts: scripts/base/frameworks/files/main.bro scripts/base/init-bare.bro scripts/base/protocols/ftp/file-analysis.bro scripts/base/protocols/http/file-analysis.bro scripts/base/protocols/irc/file-analysis.bro scripts/base/protocols/smtp/file-analysis.bro src/const.bif src/event.bif src/file_analysis/Analyzer.h src/file_analysis/file_analysis.bif
2025-10-15 21:18:20 +00:00 · 2013-07-05 02:13:27 -04:00 · 2013-07-05 02:13:27 -04:00 · 58d133e764
commit 58d133e764
parent 2b48396d23 fefef47f30
555 changed files with 16982 additions and 13190 deletions
--- a/testing/scripts/diff-canonifier-external
+++ b/testing/scripts/diff-canonifier-external
@ -4,6 +4,7 @@

 `dirname $0`/diff-remove-timestamps \
    | `dirname $0`/diff-remove-uids \
+    | `dirname $0`/diff-remove-file-ids \
    | `dirname $0`/diff-remove-x509-names \
    | `dirname $0`/diff-canon-notice-policy \
    | `dirname $0`/diff-sort
--- a/testing/scripts/diff-remove-file-ids
+++ b/testing/scripts/diff-remove-file-ids
@ -0,0 +1,33 @@
+#! /usr/bin/awk -f
+#
+# A diff canonifier that removes all file IDs from file_analysis.log
+
+BEGIN {
+    FS="\t";
+    OFS="\t";
+    process = 0;
+    }
+
+$1 == "#path" && $2 == "file_analysis" {
+    process = 1;
+    }
+
+process && column1 > 0 && column2 > 0 {
+    $column1 = "XXXXXXXXXXX";
+    $column2 = "XXXXXXXXXXX";
+    }
+
+/^#/ {
+    for ( i = 0; i < NF; ++i ) {
+        if ( $i == "id" )
+            column1 = i - 1;
+
+        if ( $i == "parent_id" )
+            column2 = i - 1;
+        }
+    }
+
+{ print }
+
+
+
--- a/testing/scripts/file-analysis-test.bro
+++ b/testing/scripts/file-analysis-test.bro
@ -8,23 +8,35 @@ global test_get_file_name: function(f: fa_file): string =

 global test_print_file_data_events: bool = F &redef;

+global file_count: count = 0;
+
+global file_map: table[string] of count;
+
+function canonical_file_name(f: fa_file): string
+	{
+	return fmt("file #%d", file_map[f$id]);
+	}
+
 event file_chunk(f: fa_file, data: string, off: count)
 	{
 	if ( test_print_file_data_events )
-		print "file_chunk", f$id, |data|, off, data;
+		print "file_chunk", canonical_file_name(f), |data|, off, data;
 	}

 event file_stream(f: fa_file, data: string)
 	{
 	if ( test_print_file_data_events )
-		print "file_stream", f$id, |data|, data;
+		print "file_stream", canonical_file_name(f), |data|, data;
 	}

 event file_new(f: fa_file)
 	{
 	print "FILE_NEW";

-	print f$id, f$seen_bytes, f$missing_bytes;
+	file_map[f$id] = file_count;
+	++file_count;
+
+	print canonical_file_name(f), f$seen_bytes, f$missing_bytes;

 	if ( test_file_analysis_source == "" ||
 	     f$source == test_file_analysis_source )
@ -72,7 +84,7 @@ event file_gap(f: fa_file, offset: count, len: count)
 event file_state_remove(f: fa_file)
 	{
 	print "FILE_STATE_REMOVE";
-	print f$id, f$seen_bytes, f$missing_bytes;
+	print canonical_file_name(f), f$seen_bytes, f$missing_bytes;
 	if ( f?$conns )
 		for ( cid in f$conns )
 			print cid;