Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

ASCII logger now escapes non-printable characters.

Browse source 
Closes #450.
This commit is contained in:
Robin Sommer 2011-06-01 22:33:44 -07:00
parent 09083b8992
commit 5c0704eec8
5 changed files with 69 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

56
src/Desc.cc
View file

@ -207,41 +207,71 @@ void ODesc::Indent()
}
}
static const char hex_chars[] = "0123456789ABCDEF";
static const char hex_chars[] = "0123456789abcdef";
static const char* find_first_unprintable(ODesc* d, const char* bytes, unsigned int n)
{
if ( d->IsBinary() )
return 0;
while ( n-- )
{
if ( ! isprint(*bytes) )
return bytes;
++bytes;
}
return 0;
}
void ODesc::AddBytes(const void* bytes, unsigned int n)
{
if ( ! escape )
return AddBytesRaw(bytes, n);
const char* s = (const char*) bytes;
const char* e = (const char*) bytes + n;
while ( s < e )
{
const char* t = (const char*) memchr(s, escape[0], e - s);
const char* t1 = escape ? (const char*) memchr(s, escape[0], e - s) : e;
const char* t2 = find_first_unprintable(this, s, t1 ? e - t1 : e - s);
if ( ! t )
if ( t2 && (t2 < t1 || ! t1) )
{
AddBytesRaw(s, t2 - s);
char hex[6] = "\\x00";
hex[2] = hex_chars[((*t2) & 0xf0) >> 4];
hex[3] = hex_chars[(*t2) & 0x0f];
AddBytesRaw(hex, sizeof(hex));
s = t2 + 1;
continue;
}
if ( ! escape )
break;
if ( memcmp(t, escape, escape_len) != 0 )
if ( ! t1 )
break;
AddBytesRaw(s, t - s);
if ( memcmp(t1, escape, escape_len) != 0 )
break;
AddBytesRaw(s, t1 - s);
for ( int i = 0; i < escape_len; ++i )
{
char hex[5] = "\\x00";
hex[2] = hex_chars[(*t) >> 4];
hex[3] = hex_chars[(*t) & 0x0f];
hex[2] = hex_chars[((*t1) & 0xf0) >> 4];
hex[3] = hex_chars[(*t1) & 0x0f];
AddBytesRaw(hex, sizeof(hex));
++t;
++t1;
}
s = t;
s = t1;
}
AddBytesRaw(s, e - s);
if ( s < e )
AddBytesRaw(s, e - s);
}
void ODesc::AddBytesRaw(const void* bytes, unsigned int n)

2
src/LogWriterAscii.cc
View file

@ -223,7 +223,7 @@ bool LogWriterAscii::DoWrite(int num_fields, const LogField* const * fields,
return false;
}
desc.Add("\n");
desc.AddRaw("\n", 1);
if ( fwrite(desc.Bytes(), desc.Len(), 1, file) != 1 )
{

BIN
testing/btest/Baseline/logging.ascii-binary/ssh.log Normal file
View file

Binary file not shown.

BIN
testing/btest/Baseline/logging.ascii-escape/ssh.log
View file

Binary file not shown.

25
testing/btest/logging/ascii-binary.bro Normal file
View file

@ -0,0 +1,25 @@
#
# @TEST-EXEC: bro %INPUT
# @TEST-EXEC: btest-diff ssh.log
module SSH;
export {
redef enum Log::ID += { SSH };
type Log: record {
data: string;
data2: string;
} &log;
}
redef LogAscii::separator = "|";
event bro_init()
{
Log::create_stream(SSH, [$columns=Log]);
Log::write(SSH, [$data="abc\n\xffdef", $data2="DATA2"]);
Log::write(SSH, [$data="abc|\xffdef", $data2="DATA2"]);
Log::write(SSH, [$data="abc\xff|def", $data2="DATA2"]);
}