Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

ASCII logger now escapes non-printable characters.

Browse source 
Closes #450.
This commit is contained in:
Robin Sommer 2011-06-01 22:33:44 -07:00
parent 09083b8992
commit 5c0704eec8
5 changed files with 69 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

56
src/Desc.cc
View file

@ -207,41 +207,71 @@ void ODesc::Indent()
} }
} }
static const char hex_chars[] = "0123456789ABCDEF"; static const char hex_chars[] = "0123456789abcdef";
static const char* find_first_unprintable(ODesc* d, const char* bytes, unsigned int n)
{
if ( d->IsBinary() )
return 0;
while ( n-- )
{
if ( ! isprint(*bytes) )
return bytes;
++bytes;
}
return 0;
}
void ODesc::AddBytes(const void* bytes, unsigned int n) void ODesc::AddBytes(const void* bytes, unsigned int n)
{ {
if ( ! escape )
return AddBytesRaw(bytes, n);
const char* s = (const char*) bytes; const char* s = (const char*) bytes;
const char* e = (const char*) bytes + n; const char* e = (const char*) bytes + n;
while ( s < e ) while ( s < e )
{ {
const char* t = (const char*) memchr(s, escape[0], e - s); const char* t1 = escape ? (const char*) memchr(s, escape[0], e - s) : e;
const char* t2 = find_first_unprintable(this, s, t1 ? e - t1 : e - s);
if ( ! t ) if ( t2 && (t2 < t1 || ! t1) )
{
AddBytesRaw(s, t2 - s);
char hex[6] = "\\x00";
hex[2] = hex_chars[((*t2) & 0xf0) >> 4];
hex[3] = hex_chars[(*t2) & 0x0f];
AddBytesRaw(hex, sizeof(hex));
s = t2 + 1;
continue;
}
if ( ! escape )
break; break;
if ( memcmp(t, escape, escape_len) != 0 ) if ( ! t1 )
break; break;
AddBytesRaw(s, t - s); if ( memcmp(t1, escape, escape_len) != 0 )
break;
AddBytesRaw(s, t1 - s);
for ( int i = 0; i < escape_len; ++i ) for ( int i = 0; i < escape_len; ++i )
{ {
char hex[5] = "\\x00"; char hex[5] = "\\x00";
hex[2] = hex_chars[(*t) >> 4]; hex[2] = hex_chars[((*t1) & 0xf0) >> 4];
hex[3] = hex_chars[(*t) & 0x0f]; hex[3] = hex_chars[(*t1) & 0x0f];
AddBytesRaw(hex, sizeof(hex)); AddBytesRaw(hex, sizeof(hex));
++t; ++t1;
} }
s = t; s = t1;
} }
AddBytesRaw(s, e - s); if ( s < e )
AddBytesRaw(s, e - s);
} }
void ODesc::AddBytesRaw(const void* bytes, unsigned int n) void ODesc::AddBytesRaw(const void* bytes, unsigned int n)

2
src/LogWriterAscii.cc
View file

@ -223,7 +223,7 @@ bool LogWriterAscii::DoWrite(int num_fields, const LogField* const * fields,
return false; return false;
} }
desc.Add("\n"); desc.AddRaw("\n", 1);
if ( fwrite(desc.Bytes(), desc.Len(), 1, file) != 1 ) if ( fwrite(desc.Bytes(), desc.Len(), 1, file) != 1 )
{ {

BIN
testing/btest/Baseline/logging.ascii-binary/ssh.log Normal file
View file

Binary file not shown.

BIN
testing/btest/Baseline/logging.ascii-escape/ssh.log
View file

Binary file not shown.

25
testing/btest/logging/ascii-binary.bro Normal file
View file

@ -0,0 +1,25 @@
#
# @TEST-EXEC: bro %INPUT
# @TEST-EXEC: btest-diff ssh.log
module SSH;
export {
redef enum Log::ID += { SSH };
type Log: record {
data: string;
data2: string;
} &log;
}
redef LogAscii::separator = "|";
event bro_init()
{
Log::create_stream(SSH, [$columns=Log]);
Log::write(SSH, [$data="abc\n\xffdef", $data2="DATA2"]);
Log::write(SSH, [$data="abc|\xffdef", $data2="DATA2"]);
Log::write(SSH, [$data="abc\xff|def", $data2="DATA2"]);
}