mirror of
https://github.com/zeek/zeek.git
synced 2025-10-03 23:28:20 +00:00
Deprecate Val(double, TypeTag) ctor, add TimeVal/DoubleVal subclasses
This also updates all usages of the deprecated Val ctor to use either IntervalVal, TimeVal, or DoubleVal ctors. The reason for doing away with the old constructor is that using it with TYPE_INTERVAL isn't strictly correct since there exists a more specific subclass, IntervalVal, with overriden ValDescribe() method that ought to be used to print such values in a more descriptive way.
This commit is contained in:
Jon Siwek
parent
a431f6b45d
commit
5b4313b593
76 changed files with 847 additions and 782 deletions
|
|
@ -115,7 +115,7 @@ File::~File()
|
|||
|
||||
void File::UpdateLastActivityTime()
|
||||
{
|
||||
val->Assign(last_active_idx, make_intrusive<Val>(network_time, TYPE_TIME));
|
||||
val->Assign(last_active_idx, make_intrusive<TimeVal>(network_time));
|
||||
}
|
||||
|
||||
double File::GetLastActivityTime() const
|
||||
|
|
@ -200,7 +200,7 @@ double File::GetTimeoutInterval() const
|
|||
|
||||
void File::SetTimeoutInterval(double interval)
|
||||
{
|
||||
val->Assign(timeout_interval_idx, make_intrusive<Val>(interval, TYPE_INTERVAL));
|
||||
val->Assign(timeout_interval_idx, make_intrusive<IntervalVal>(interval));
|
||||
}
|
||||
|
||||
bool File::SetExtractionLimit(RecordVal* args, uint64_t bytes)
|
||||
|
|
|
|||
|
|
@ -64,11 +64,11 @@ void Entropy::Finalize()
|
|||
|
||||
static auto entropy_test_result = zeek::id::find_type<RecordType>("entropy_test_result");
|
||||
auto ent_result = make_intrusive<RecordVal>(entropy_test_result);
|
||||
ent_result->Assign(0, make_intrusive<Val>(ent, TYPE_DOUBLE));
|
||||
ent_result->Assign(1, make_intrusive<Val>(chisq, TYPE_DOUBLE));
|
||||
ent_result->Assign(2, make_intrusive<Val>(mean, TYPE_DOUBLE));
|
||||
ent_result->Assign(3, make_intrusive<Val>(montepi, TYPE_DOUBLE));
|
||||
ent_result->Assign(4, make_intrusive<Val>(scc, TYPE_DOUBLE));
|
||||
ent_result->Assign<DoubleVal>(0, ent);
|
||||
ent_result->Assign<DoubleVal>(1, chisq);
|
||||
ent_result->Assign<DoubleVal>(2, mean);
|
||||
ent_result->Assign<DoubleVal>(3, montepi);
|
||||
ent_result->Assign<DoubleVal>(4, scc);
|
||||
|
||||
mgr.Enqueue(file_entropy,
|
||||
GetFile()->ToVal(),
|
||||
|
|
|
|||
|
|
@ -98,7 +98,7 @@ refine flow File += {
|
|||
{
|
||||
auto fh = make_intrusive<RecordVal>(zeek::BifType::Record::PE::FileHeader);
|
||||
fh->Assign(0, val_mgr->Count(${h.Machine}));
|
||||
fh->Assign(1, make_intrusive<Val>(static_cast<double>(${h.TimeDateStamp}), TYPE_TIME));
|
||||
fh->Assign(1, make_intrusive<TimeVal>(static_cast<double>(${h.TimeDateStamp})));
|
||||
fh->Assign(2, val_mgr->Count(${h.PointerToSymbolTable}));
|
||||
fh->Assign(3, val_mgr->Count(${h.NumberOfSymbols}));
|
||||
fh->Assign(4, val_mgr->Count(${h.SizeOfOptionalHeader}));
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ refine flow Flow += {
|
|||
auto ids_event = make_intrusive<RecordVal>(zeek::BifType::Record::Unified2::IDSEvent);
|
||||
ids_event->Assign(0, val_mgr->Count(${ev.sensor_id}));
|
||||
ids_event->Assign(1, val_mgr->Count(${ev.event_id}));
|
||||
ids_event->Assign(2, make_intrusive<Val>(ts_to_double(${ev.ts}), TYPE_TIME));
|
||||
ids_event->Assign(2, make_intrusive<TimeVal>(ts_to_double(${ev.ts})));
|
||||
ids_event->Assign(3, val_mgr->Count(${ev.signature_id}));
|
||||
ids_event->Assign(4, val_mgr->Count(${ev.generator_id}));
|
||||
ids_event->Assign(5, val_mgr->Count(${ev.signature_revision}));
|
||||
|
|
@ -100,7 +100,7 @@ refine flow Flow += {
|
|||
auto ids_event = make_intrusive<RecordVal>(zeek::BifType::Record::Unified2::IDSEvent);
|
||||
ids_event->Assign(0, val_mgr->Count(${ev.sensor_id}));
|
||||
ids_event->Assign(1, val_mgr->Count(${ev.event_id}));
|
||||
ids_event->Assign(2, make_intrusive<Val>(ts_to_double(${ev.ts}), TYPE_TIME));
|
||||
ids_event->Assign(2, make_intrusive<TimeVal>(ts_to_double(${ev.ts})));
|
||||
ids_event->Assign(3, val_mgr->Count(${ev.signature_id}));
|
||||
ids_event->Assign(4, val_mgr->Count(${ev.generator_id}));
|
||||
ids_event->Assign(5, val_mgr->Count(${ev.signature_revision}));
|
||||
|
|
@ -132,7 +132,7 @@ refine flow Flow += {
|
|||
packet->Assign(0, val_mgr->Count(${pkt.sensor_id}));
|
||||
packet->Assign(1, val_mgr->Count(${pkt.event_id}));
|
||||
packet->Assign(2, val_mgr->Count(${pkt.event_second}));
|
||||
packet->Assign(3, make_intrusive<Val>(ts_to_double(${pkt.packet_ts}), TYPE_TIME));
|
||||
packet->Assign(3, make_intrusive<TimeVal>(ts_to_double(${pkt.packet_ts})));
|
||||
packet->Assign(4, val_mgr->Count(${pkt.link_type}));
|
||||
packet->Assign(5, to_stringval(${pkt.packet_data}));
|
||||
|
||||
|
|
|
|||
|
|
@ -518,7 +518,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
|
|||
produced_at = OCSP_resp_get0_produced_at(basic_resp);
|
||||
#endif
|
||||
|
||||
vl.emplace_back(make_intrusive<Val>(GetTimeFromAsn1(produced_at, GetFile(), reporter), TYPE_TIME));
|
||||
vl.emplace_back(make_intrusive<TimeVal>(GetTimeFromAsn1(produced_at, GetFile(), reporter)));
|
||||
|
||||
// responses
|
||||
|
||||
|
|
@ -566,7 +566,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
|
|||
// revocation time and reason if revoked
|
||||
if ( status == V_OCSP_CERTSTATUS_REVOKED )
|
||||
{
|
||||
rvl.emplace_back(make_intrusive<Val>(GetTimeFromAsn1(revoke_time, GetFile(), reporter), TYPE_TIME));
|
||||
rvl.emplace_back(make_intrusive<TimeVal>(GetTimeFromAsn1(revoke_time, GetFile(), reporter)));
|
||||
|
||||
if ( reason != OCSP_REVOKED_STATUS_NOSTATUS )
|
||||
{
|
||||
|
|
@ -578,19 +578,19 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
|
|||
}
|
||||
else
|
||||
{
|
||||
rvl.emplace_back(make_intrusive<Val>(0.0, TYPE_TIME));
|
||||
rvl.emplace_back(make_intrusive<TimeVal>(0.0));
|
||||
rvl.emplace_back(make_intrusive<StringVal>(0, ""));
|
||||
}
|
||||
|
||||
if ( this_update )
|
||||
rvl.emplace_back(make_intrusive<Val>(GetTimeFromAsn1(this_update, GetFile(), reporter), TYPE_TIME));
|
||||
rvl.emplace_back(make_intrusive<TimeVal>(GetTimeFromAsn1(this_update, GetFile(), reporter)));
|
||||
else
|
||||
rvl.emplace_back(make_intrusive<Val>(0.0, TYPE_TIME));
|
||||
rvl.emplace_back(make_intrusive<TimeVal>(0.0));
|
||||
|
||||
if ( next_update )
|
||||
rvl.emplace_back(make_intrusive<Val>(GetTimeFromAsn1(next_update, GetFile(), reporter), TYPE_TIME));
|
||||
rvl.emplace_back(make_intrusive<TimeVal>(GetTimeFromAsn1(next_update, GetFile(), reporter)));
|
||||
else
|
||||
rvl.emplace_back(make_intrusive<Val>(0.0, TYPE_TIME));
|
||||
rvl.emplace_back(make_intrusive<TimeVal>(0.0));
|
||||
|
||||
if ( ocsp_response_certificate )
|
||||
mgr.Enqueue(ocsp_response_certificate, std::move(rvl));
|
||||
|
|
|
|||
|
|
@ -158,8 +158,8 @@ IntrusivePtr<RecordVal> file_analysis::X509::ParseCertificate(X509Val* cert_val,
|
|||
pX509Cert->Assign(3, make_intrusive<StringVal>(len, buf));
|
||||
BIO_free(bio);
|
||||
|
||||
pX509Cert->Assign(5, make_intrusive<Val>(GetTimeFromAsn1(X509_get_notBefore(ssl_cert), f, reporter), TYPE_TIME));
|
||||
pX509Cert->Assign(6, make_intrusive<Val>(GetTimeFromAsn1(X509_get_notAfter(ssl_cert), f, reporter), TYPE_TIME));
|
||||
pX509Cert->Assign(5, make_intrusive<TimeVal>(GetTimeFromAsn1(X509_get_notBefore(ssl_cert), f, reporter)));
|
||||
pX509Cert->Assign(6, make_intrusive<TimeVal>(GetTimeFromAsn1(X509_get_notAfter(ssl_cert), f, reporter)));
|
||||
|
||||
// we only read 255 bytes because byte 256 is always 0.
|
||||
// if the string is longer than 255, that will be our null-termination,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue