mirror of
https://github.com/zeek/zeek.git
synced 2025-10-07 17:18:20 +00:00
migration to using new differentiated methods for setting record fields
This commit is contained in:
Vern Paxson
parent
4213245633
commit
62bab66114
74 changed files with 982 additions and 988 deletions
|
|
@ -92,12 +92,12 @@ File::File(const std::string& file_id, const std::string& source_name, Connectio
|
|||
DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Creating new File object", file_id.c_str());
|
||||
|
||||
val = make_intrusive<RecordVal>(id::fa_file);
|
||||
val->Assign(id_idx, make_intrusive<StringVal>(file_id.c_str()));
|
||||
val->Assign(id_idx, file_id);
|
||||
SetSource(source_name);
|
||||
|
||||
if ( conn )
|
||||
{
|
||||
val->Assign(is_orig_idx, val_mgr->Bool(is_orig));
|
||||
val->Assign(is_orig_idx, is_orig);
|
||||
UpdateConnectionFields(conn, is_orig);
|
||||
}
|
||||
|
||||
|
|
@ -115,7 +115,7 @@ File::~File()
|
|||
|
||||
void File::UpdateLastActivityTime()
|
||||
{
|
||||
val->Assign(last_active_idx, make_intrusive<TimeVal>(run_state::network_time));
|
||||
val->AssignTime(last_active_idx, run_state::network_time);
|
||||
}
|
||||
|
||||
double File::GetLastActivityTime() const
|
||||
|
|
@ -190,7 +190,7 @@ std::string File::GetSource() const
|
|||
|
||||
void File::SetSource(const std::string& source)
|
||||
{
|
||||
val->Assign(source_idx, make_intrusive<StringVal>(source.c_str()));
|
||||
val->Assign(source_idx, source);
|
||||
}
|
||||
|
||||
double File::GetTimeoutInterval() const
|
||||
|
|
@ -200,7 +200,7 @@ double File::GetTimeoutInterval() const
|
|||
|
||||
void File::SetTimeoutInterval(double interval)
|
||||
{
|
||||
val->Assign(timeout_interval_idx, make_intrusive<IntervalVal>(interval));
|
||||
val->AssignInterval(timeout_interval_idx, interval);
|
||||
}
|
||||
|
||||
bool File::SetExtractionLimit(RecordValPtr args, uint64_t bytes)
|
||||
|
|
@ -223,13 +223,13 @@ bool File::SetExtractionLimit(RecordValPtr args, uint64_t bytes)
|
|||
void File::IncrementByteCount(uint64_t size, int field_idx)
|
||||
{
|
||||
uint64_t old = LookupFieldDefaultCount(field_idx);
|
||||
val->Assign(field_idx, val_mgr->Count(old + size));
|
||||
val->Assign(field_idx, old + size);
|
||||
}
|
||||
|
||||
void File::SetTotalBytes(uint64_t size)
|
||||
{
|
||||
DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Total bytes %" PRIu64, id.c_str(), size);
|
||||
val->Assign(total_bytes_idx, val_mgr->Count(size));
|
||||
val->Assign(total_bytes_idx, size);
|
||||
}
|
||||
|
||||
bool File::IsComplete() const
|
||||
|
|
@ -298,8 +298,8 @@ bool File::SetMime(const std::string& mime_type)
|
|||
return false;
|
||||
|
||||
auto meta = make_intrusive<RecordVal>(id::fa_metadata);
|
||||
meta->Assign(meta_mime_type_idx, make_intrusive<StringVal>(mime_type));
|
||||
meta->Assign(meta_inferred_idx, val_mgr->False());
|
||||
meta->Assign(meta_mime_type_idx, mime_type);
|
||||
meta->Assign(meta_inferred_idx, false);
|
||||
|
||||
FileEvent(file_sniff, {val, std::move(meta)});
|
||||
return true;
|
||||
|
|
@ -317,7 +317,7 @@ void File::InferMetadata()
|
|||
return;
|
||||
|
||||
String* bs = concatenate(bof_buffer.chunks);
|
||||
val->Assign<StringVal>(bof_buffer_idx, bs);
|
||||
val->Assign(bof_buffer_idx, bs);
|
||||
bof_buffer_val = val->GetField(bof_buffer_idx).get();
|
||||
}
|
||||
|
||||
|
|
@ -334,7 +334,7 @@ void File::InferMetadata()
|
|||
|
||||
if ( ! matches.empty() )
|
||||
{
|
||||
meta->Assign<StringVal>(meta_mime_type_idx,
|
||||
meta->Assign(meta_mime_type_idx,
|
||||
*(matches.begin()->second.begin()));
|
||||
meta->Assign(meta_mime_types_idx,
|
||||
file_analysis::GenMIMEMatchesVal(matches));
|
||||
|
|
@ -361,7 +361,7 @@ bool File::BufferBOF(const u_char* data, uint64_t len)
|
|||
if ( bof_buffer.size > 0 )
|
||||
{
|
||||
String* bs = concatenate(bof_buffer.chunks);
|
||||
val->Assign(bof_buffer_idx, make_intrusive<StringVal>(bs));
|
||||
val->Assign(bof_buffer_idx, bs);
|
||||
}
|
||||
|
||||
return false;
|
||||
|
|
|
|||
|
|
@ -524,8 +524,8 @@ VectorValPtr GenMIMEMatchesVal(const zeek::detail::RuleMatcher::MIME_Matches& m)
|
|||
for ( set<string>::const_iterator it2 = it->second.begin();
|
||||
it2 != it->second.end(); ++it2 )
|
||||
{
|
||||
element->Assign(0, val_mgr->Int(it->first));
|
||||
element->Assign(1, make_intrusive<StringVal>(*it2));
|
||||
element->Assign(0, it->first);
|
||||
element->Assign(1, *it2);
|
||||
}
|
||||
|
||||
rval->Assign(rval->Size(), std::move(element));
|
||||
|
|
|
|||
|
|
@ -63,11 +63,11 @@ void Entropy::Finalize()
|
|||
|
||||
static auto entropy_test_result = id::find_type<RecordType>("entropy_test_result");
|
||||
auto ent_result = make_intrusive<RecordVal>(entropy_test_result);
|
||||
ent_result->Assign<DoubleVal>(0, ent);
|
||||
ent_result->Assign<DoubleVal>(1, chisq);
|
||||
ent_result->Assign<DoubleVal>(2, mean);
|
||||
ent_result->Assign<DoubleVal>(3, montepi);
|
||||
ent_result->Assign<DoubleVal>(4, scc);
|
||||
ent_result->Assign(0, ent);
|
||||
ent_result->Assign(1, chisq);
|
||||
ent_result->Assign(2, mean);
|
||||
ent_result->Assign(3, montepi);
|
||||
ent_result->Assign(4, scc);
|
||||
|
||||
event_mgr.Enqueue(file_entropy,
|
||||
GetFile()->ToVal(),
|
||||
|
|
|
|||
|
|
@ -49,22 +49,22 @@ refine flow File += {
|
|||
{
|
||||
auto dh = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::PE::DOSHeader);
|
||||
dh->Assign(0, zeek::make_intrusive<zeek::StringVal>(${h.signature}.length(), (const char*) ${h.signature}.data()));
|
||||
dh->Assign(1, zeek::val_mgr->Count(${h.UsedBytesInTheLastPage}));
|
||||
dh->Assign(2, zeek::val_mgr->Count(${h.FileSizeInPages}));
|
||||
dh->Assign(3, zeek::val_mgr->Count(${h.NumberOfRelocationItems}));
|
||||
dh->Assign(4, zeek::val_mgr->Count(${h.HeaderSizeInParagraphs}));
|
||||
dh->Assign(5, zeek::val_mgr->Count(${h.MinimumExtraParagraphs}));
|
||||
dh->Assign(6, zeek::val_mgr->Count(${h.MaximumExtraParagraphs}));
|
||||
dh->Assign(7, zeek::val_mgr->Count(${h.InitialRelativeSS}));
|
||||
dh->Assign(8, zeek::val_mgr->Count(${h.InitialSP}));
|
||||
dh->Assign(9, zeek::val_mgr->Count(${h.Checksum}));
|
||||
dh->Assign(10, zeek::val_mgr->Count(${h.InitialIP}));
|
||||
dh->Assign(11, zeek::val_mgr->Count(${h.InitialRelativeCS}));
|
||||
dh->Assign(12, zeek::val_mgr->Count(${h.AddressOfRelocationTable}));
|
||||
dh->Assign(13, zeek::val_mgr->Count(${h.OverlayNumber}));
|
||||
dh->Assign(14, zeek::val_mgr->Count(${h.OEMid}));
|
||||
dh->Assign(15, zeek::val_mgr->Count(${h.OEMinfo}));
|
||||
dh->Assign(16, zeek::val_mgr->Count(${h.AddressOfNewExeHeader}));
|
||||
dh->Assign(1, ${h.UsedBytesInTheLastPage});
|
||||
dh->Assign(2, ${h.FileSizeInPages});
|
||||
dh->Assign(3, ${h.NumberOfRelocationItems});
|
||||
dh->Assign(4, ${h.HeaderSizeInParagraphs});
|
||||
dh->Assign(5, ${h.MinimumExtraParagraphs});
|
||||
dh->Assign(6, ${h.MaximumExtraParagraphs});
|
||||
dh->Assign(7, ${h.InitialRelativeSS});
|
||||
dh->Assign(8, ${h.InitialSP});
|
||||
dh->Assign(9, ${h.Checksum});
|
||||
dh->Assign(10, ${h.InitialIP});
|
||||
dh->Assign(11, ${h.InitialRelativeCS});
|
||||
dh->Assign(12, ${h.AddressOfRelocationTable});
|
||||
dh->Assign(13, ${h.OverlayNumber});
|
||||
dh->Assign(14, ${h.OEMid});
|
||||
dh->Assign(15, ${h.OEMinfo});
|
||||
dh->Assign(16, ${h.AddressOfNewExeHeader});
|
||||
|
||||
zeek::event_mgr.Enqueue(pe_dos_header,
|
||||
connection()->zeek_analyzer()->GetFile()->ToVal(),
|
||||
|
|
@ -98,11 +98,11 @@ refine flow File += {
|
|||
if ( pe_file_header )
|
||||
{
|
||||
auto fh = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::PE::FileHeader);
|
||||
fh->Assign(0, zeek::val_mgr->Count(${h.Machine}));
|
||||
fh->Assign(1, zeek::make_intrusive<zeek::TimeVal>(static_cast<double>(${h.TimeDateStamp})));
|
||||
fh->Assign(2, zeek::val_mgr->Count(${h.PointerToSymbolTable}));
|
||||
fh->Assign(3, zeek::val_mgr->Count(${h.NumberOfSymbols}));
|
||||
fh->Assign(4, zeek::val_mgr->Count(${h.SizeOfOptionalHeader}));
|
||||
fh->Assign(0, ${h.Machine});
|
||||
fh->AssignTime(1, double(${h.TimeDateStamp}));
|
||||
fh->Assign(2, ${h.PointerToSymbolTable});
|
||||
fh->Assign(3, ${h.NumberOfSymbols});
|
||||
fh->Assign(4, ${h.SizeOfOptionalHeader});
|
||||
fh->Assign(5, characteristics_to_zeek(${h.Characteristics}, 16));
|
||||
|
||||
zeek::event_mgr.Enqueue(pe_file_header,
|
||||
|
|
@ -127,31 +127,31 @@ refine flow File += {
|
|||
{
|
||||
auto oh = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::PE::OptionalHeader);
|
||||
|
||||
oh->Assign(0, zeek::val_mgr->Count(${h.magic}));
|
||||
oh->Assign(1, zeek::val_mgr->Count(${h.major_linker_version}));
|
||||
oh->Assign(2, zeek::val_mgr->Count(${h.minor_linker_version}));
|
||||
oh->Assign(3, zeek::val_mgr->Count(${h.size_of_code}));
|
||||
oh->Assign(4, zeek::val_mgr->Count(${h.size_of_init_data}));
|
||||
oh->Assign(5, zeek::val_mgr->Count(${h.size_of_uninit_data}));
|
||||
oh->Assign(6, zeek::val_mgr->Count(${h.addr_of_entry_point}));
|
||||
oh->Assign(7, zeek::val_mgr->Count(${h.base_of_code}));
|
||||
oh->Assign(0, ${h.magic});
|
||||
oh->Assign(1, ${h.major_linker_version});
|
||||
oh->Assign(2, ${h.minor_linker_version});
|
||||
oh->Assign(3, ${h.size_of_code});
|
||||
oh->Assign(4, ${h.size_of_init_data});
|
||||
oh->Assign(5, ${h.size_of_uninit_data});
|
||||
oh->Assign(6, ${h.addr_of_entry_point});
|
||||
oh->Assign(7, ${h.base_of_code});
|
||||
|
||||
if ( ${h.pe_format} != PE32_PLUS )
|
||||
oh->Assign(8, zeek::val_mgr->Count(${h.base_of_data}));
|
||||
oh->Assign(8, ${h.base_of_data});
|
||||
|
||||
oh->Assign(9, zeek::val_mgr->Count(${h.image_base}));
|
||||
oh->Assign(10, zeek::val_mgr->Count(${h.section_alignment}));
|
||||
oh->Assign(11, zeek::val_mgr->Count(${h.file_alignment}));
|
||||
oh->Assign(12, zeek::val_mgr->Count(${h.os_version_major}));
|
||||
oh->Assign(13, zeek::val_mgr->Count(${h.os_version_minor}));
|
||||
oh->Assign(14, zeek::val_mgr->Count(${h.major_image_version}));
|
||||
oh->Assign(15, zeek::val_mgr->Count(${h.minor_image_version}));
|
||||
oh->Assign(16, zeek::val_mgr->Count(${h.major_subsys_version}));
|
||||
oh->Assign(17, zeek::val_mgr->Count(${h.minor_subsys_version}));
|
||||
oh->Assign(18, zeek::val_mgr->Count(${h.size_of_image}));
|
||||
oh->Assign(19, zeek::val_mgr->Count(${h.size_of_headers}));
|
||||
oh->Assign(20, zeek::val_mgr->Count(${h.checksum}));
|
||||
oh->Assign(21, zeek::val_mgr->Count(${h.subsystem}));
|
||||
oh->Assign(9, ${h.image_base});
|
||||
oh->Assign(10, ${h.section_alignment});
|
||||
oh->Assign(11, ${h.file_alignment});
|
||||
oh->Assign(12, ${h.os_version_major});
|
||||
oh->Assign(13, ${h.os_version_minor});
|
||||
oh->Assign(14, ${h.major_image_version});
|
||||
oh->Assign(15, ${h.minor_image_version});
|
||||
oh->Assign(16, ${h.major_subsys_version});
|
||||
oh->Assign(17, ${h.minor_subsys_version});
|
||||
oh->Assign(18, ${h.size_of_image});
|
||||
oh->Assign(19, ${h.size_of_headers});
|
||||
oh->Assign(20, ${h.checksum});
|
||||
oh->Assign(21, ${h.subsystem});
|
||||
oh->Assign(22, characteristics_to_zeek(${h.dll_characteristics}, 16));
|
||||
|
||||
oh->Assign(23, process_rvas(${h.rvas}));
|
||||
|
|
@ -178,14 +178,14 @@ refine flow File += {
|
|||
name_len = first_null - ${h.name}.data();
|
||||
section_header->Assign(0, zeek::make_intrusive<zeek::StringVal>(name_len, (const char*) ${h.name}.data()));
|
||||
|
||||
section_header->Assign(1, zeek::val_mgr->Count(${h.virtual_size}));
|
||||
section_header->Assign(2, zeek::val_mgr->Count(${h.virtual_addr}));
|
||||
section_header->Assign(3, zeek::val_mgr->Count(${h.size_of_raw_data}));
|
||||
section_header->Assign(4, zeek::val_mgr->Count(${h.ptr_to_raw_data}));
|
||||
section_header->Assign(5, zeek::val_mgr->Count(${h.non_used_ptr_to_relocs}));
|
||||
section_header->Assign(6, zeek::val_mgr->Count(${h.non_used_ptr_to_line_nums}));
|
||||
section_header->Assign(7, zeek::val_mgr->Count(${h.non_used_num_of_relocs}));
|
||||
section_header->Assign(8, zeek::val_mgr->Count(${h.non_used_num_of_line_nums}));
|
||||
section_header->Assign(1, ${h.virtual_size});
|
||||
section_header->Assign(2, ${h.virtual_addr});
|
||||
section_header->Assign(3, ${h.size_of_raw_data});
|
||||
section_header->Assign(4, ${h.ptr_to_raw_data});
|
||||
section_header->Assign(5, ${h.non_used_ptr_to_relocs});
|
||||
section_header->Assign(6, ${h.non_used_ptr_to_line_nums});
|
||||
section_header->Assign(7, ${h.non_used_num_of_relocs});
|
||||
section_header->Assign(8, ${h.non_used_num_of_line_nums});
|
||||
section_header->Assign(9, characteristics_to_zeek(${h.characteristics}, 32));
|
||||
|
||||
zeek::event_mgr.Enqueue(pe_section_header,
|
||||
|
|
|
|||
|
|
@ -73,19 +73,19 @@ refine flow Flow += {
|
|||
if ( ::unified2_event )
|
||||
{
|
||||
auto ids_event = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::Unified2::IDSEvent);
|
||||
ids_event->Assign(0, zeek::val_mgr->Count(${ev.sensor_id}));
|
||||
ids_event->Assign(1, zeek::val_mgr->Count(${ev.event_id}));
|
||||
ids_event->Assign(2, zeek::make_intrusive<zeek::TimeVal>(ts_to_double(${ev.ts})));
|
||||
ids_event->Assign(3, zeek::val_mgr->Count(${ev.signature_id}));
|
||||
ids_event->Assign(4, zeek::val_mgr->Count(${ev.generator_id}));
|
||||
ids_event->Assign(5, zeek::val_mgr->Count(${ev.signature_revision}));
|
||||
ids_event->Assign(6, zeek::val_mgr->Count(${ev.classification_id}));
|
||||
ids_event->Assign(7, zeek::val_mgr->Count(${ev.priority_id}));
|
||||
ids_event->Assign(0, ${ev.sensor_id});
|
||||
ids_event->Assign(1, ${ev.event_id});
|
||||
ids_event->AssignTime(2, ts_to_double(${ev.ts}));
|
||||
ids_event->Assign(3, ${ev.signature_id});
|
||||
ids_event->Assign(4, ${ev.generator_id});
|
||||
ids_event->Assign(5, ${ev.signature_revision});
|
||||
ids_event->Assign(6, ${ev.classification_id});
|
||||
ids_event->Assign(7, ${ev.priority_id});
|
||||
ids_event->Assign(8, unified2_addr_to_zeek_addr(${ev.src_ip}));
|
||||
ids_event->Assign(9, unified2_addr_to_zeek_addr(${ev.dst_ip}));
|
||||
ids_event->Assign(10, to_port(${ev.src_p}, ${ev.protocol}));
|
||||
ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol}));
|
||||
ids_event->Assign(17, zeek::val_mgr->Count(${ev.packet_action}));
|
||||
ids_event->Assign(17, ${ev.packet_action});
|
||||
|
||||
zeek::event_mgr.Enqueue(::unified2_event,
|
||||
connection()->zeek_analyzer()->GetFile()->ToVal(),
|
||||
|
|
@ -99,23 +99,23 @@ refine flow Flow += {
|
|||
if ( ::unified2_event )
|
||||
{
|
||||
auto ids_event = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::Unified2::IDSEvent);
|
||||
ids_event->Assign(0, zeek::val_mgr->Count(${ev.sensor_id}));
|
||||
ids_event->Assign(1, zeek::val_mgr->Count(${ev.event_id}));
|
||||
ids_event->Assign(2, zeek::make_intrusive<zeek::TimeVal>(ts_to_double(${ev.ts})));
|
||||
ids_event->Assign(3, zeek::val_mgr->Count(${ev.signature_id}));
|
||||
ids_event->Assign(4, zeek::val_mgr->Count(${ev.generator_id}));
|
||||
ids_event->Assign(5, zeek::val_mgr->Count(${ev.signature_revision}));
|
||||
ids_event->Assign(6, zeek::val_mgr->Count(${ev.classification_id}));
|
||||
ids_event->Assign(7, zeek::val_mgr->Count(${ev.priority_id}));
|
||||
ids_event->Assign(0, ${ev.sensor_id});
|
||||
ids_event->Assign(1, ${ev.event_id});
|
||||
ids_event->AssignTime(2, ts_to_double(${ev.ts}));
|
||||
ids_event->Assign(3, ${ev.signature_id});
|
||||
ids_event->Assign(4, ${ev.generator_id});
|
||||
ids_event->Assign(5, ${ev.signature_revision});
|
||||
ids_event->Assign(6, ${ev.classification_id});
|
||||
ids_event->Assign(7, ${ev.priority_id});
|
||||
ids_event->Assign(8, unified2_addr_to_zeek_addr(${ev.src_ip}));
|
||||
ids_event->Assign(9, unified2_addr_to_zeek_addr(${ev.dst_ip}));
|
||||
ids_event->Assign(10, to_port(${ev.src_p}, ${ev.protocol}));
|
||||
ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol}));
|
||||
ids_event->Assign(12, zeek::val_mgr->Count(${ev.impact_flag}));
|
||||
ids_event->Assign(13, zeek::val_mgr->Count(${ev.impact}));
|
||||
ids_event->Assign(14, zeek::val_mgr->Count(${ev.blocked}));
|
||||
ids_event->Assign(15, zeek::val_mgr->Count(${ev.mpls_label}));
|
||||
ids_event->Assign(16, zeek::val_mgr->Count(${ev.vlan_id}));
|
||||
ids_event->Assign(12, ${ev.impact_flag});
|
||||
ids_event->Assign(13, ${ev.impact});
|
||||
ids_event->Assign(14, ${ev.blocked});
|
||||
ids_event->Assign(15, ${ev.mpls_label});
|
||||
ids_event->Assign(16, ${ev.vlan_id});
|
||||
|
||||
zeek::event_mgr.Enqueue(::unified2_event,
|
||||
connection()->zeek_analyzer()->GetFile()->ToVal(),
|
||||
|
|
@ -130,11 +130,11 @@ refine flow Flow += {
|
|||
if ( ::unified2_packet )
|
||||
{
|
||||
auto packet = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::Unified2::Packet);
|
||||
packet->Assign(0, zeek::val_mgr->Count(${pkt.sensor_id}));
|
||||
packet->Assign(1, zeek::val_mgr->Count(${pkt.event_id}));
|
||||
packet->Assign(2, zeek::val_mgr->Count(${pkt.event_second}));
|
||||
packet->Assign(3, zeek::make_intrusive<zeek::TimeVal>(ts_to_double(${pkt.packet_ts})));
|
||||
packet->Assign(4, zeek::val_mgr->Count(${pkt.link_type}));
|
||||
packet->Assign(0, ${pkt.sensor_id});
|
||||
packet->Assign(1, ${pkt.event_id});
|
||||
packet->Assign(2, ${pkt.event_second});
|
||||
packet->AssignTime(3, ts_to_double(${pkt.packet_ts}));
|
||||
packet->Assign(4, ${pkt.link_type});
|
||||
packet->Assign(5, to_stringval(${pkt.packet_data}));
|
||||
|
||||
zeek::event_mgr.Enqueue(::unified2_packet,
|
||||
|
|
|
|||
|
|
@ -124,7 +124,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val,
|
|||
auto pX509Cert = make_intrusive<RecordVal>(BifType::Record::X509::Certificate);
|
||||
BIO *bio = BIO_new(BIO_s_mem());
|
||||
|
||||
pX509Cert->Assign(0, val_mgr->Count((uint64_t) X509_get_version(ssl_cert) + 1));
|
||||
pX509Cert->Assign(0, uint64_t(X509_get_version(ssl_cert) + 1));
|
||||
i2a_ASN1_INTEGER(bio, X509_get_serialNumber(ssl_cert));
|
||||
int len = BIO_read(bio, buf, sizeof(buf));
|
||||
pX509Cert->Assign(1, make_intrusive<StringVal>(len, buf));
|
||||
|
|
@ -161,8 +161,8 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val,
|
|||
pX509Cert->Assign(3, make_intrusive<StringVal>(len, buf));
|
||||
BIO_free(bio);
|
||||
|
||||
pX509Cert->Assign(5, make_intrusive<TimeVal>(GetTimeFromAsn1(X509_get_notBefore(ssl_cert), f, reporter)));
|
||||
pX509Cert->Assign(6, make_intrusive<TimeVal>(GetTimeFromAsn1(X509_get_notAfter(ssl_cert), f, reporter)));
|
||||
pX509Cert->AssignTime(5, GetTimeFromAsn1(X509_get_notBefore(ssl_cert), f, reporter));
|
||||
pX509Cert->AssignTime(6, GetTimeFromAsn1(X509_get_notAfter(ssl_cert), f, reporter));
|
||||
|
||||
// we only read 255 bytes because byte 256 is always 0.
|
||||
// if the string is longer than 255, that will be our null-termination,
|
||||
|
|
@ -172,7 +172,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val,
|
|||
if ( ! i2t_ASN1_OBJECT(buf, 255, algorithm) )
|
||||
buf[0] = 0;
|
||||
|
||||
pX509Cert->Assign(7, make_intrusive<StringVal>(buf));
|
||||
pX509Cert->Assign(7, buf);
|
||||
|
||||
// Special case for RDP server certificates. For some reason some (all?) RDP server
|
||||
// certificates like to specify their key algorithm as md5WithRSAEncryption, which
|
||||
|
|
@ -194,25 +194,25 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val,
|
|||
if ( ! i2t_ASN1_OBJECT(buf, 255, OBJ_nid2obj(X509_get_signature_nid(ssl_cert))) )
|
||||
buf[0] = 0;
|
||||
|
||||
pX509Cert->Assign(8, make_intrusive<StringVal>(buf));
|
||||
pX509Cert->Assign(8, buf);
|
||||
|
||||
// Things we can do when we have the key...
|
||||
EVP_PKEY *pkey = X509_extract_key(ssl_cert);
|
||||
if ( pkey != NULL )
|
||||
{
|
||||
if ( EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA )
|
||||
pX509Cert->Assign(9, make_intrusive<StringVal>("dsa"));
|
||||
pX509Cert->Assign(9, "dsa");
|
||||
|
||||
else if ( EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA )
|
||||
{
|
||||
pX509Cert->Assign(9, make_intrusive<StringVal>("rsa"));
|
||||
pX509Cert->Assign(9, "rsa");
|
||||
|
||||
const BIGNUM *e;
|
||||
RSA_get0_key(EVP_PKEY_get0_RSA(pkey), NULL, &e, NULL);
|
||||
char *exponent = BN_bn2dec(e);
|
||||
if ( exponent != NULL )
|
||||
{
|
||||
pX509Cert->Assign(11, make_intrusive<StringVal>(exponent));
|
||||
pX509Cert->Assign(11, exponent);
|
||||
OPENSSL_free(exponent);
|
||||
exponent = NULL;
|
||||
}
|
||||
|
|
@ -220,7 +220,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val,
|
|||
#ifndef OPENSSL_NO_EC
|
||||
else if ( EVP_PKEY_base_id(pkey) == EVP_PKEY_EC )
|
||||
{
|
||||
pX509Cert->Assign(9, make_intrusive<StringVal>("ecdsa"));
|
||||
pX509Cert->Assign(9, "ecdsa");
|
||||
pX509Cert->Assign(12, KeyCurve(pkey));
|
||||
}
|
||||
#endif
|
||||
|
|
@ -232,7 +232,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val,
|
|||
|
||||
unsigned int length = KeyLength(pkey);
|
||||
if ( length > 0 )
|
||||
pX509Cert->Assign(10, val_mgr->Count(length));
|
||||
pX509Cert->Assign(10, length);
|
||||
|
||||
EVP_PKEY_free(pkey);
|
||||
}
|
||||
|
|
@ -292,10 +292,10 @@ void X509::ParseBasicConstraints(X509_EXTENSION* ex)
|
|||
if ( x509_ext_basic_constraints )
|
||||
{
|
||||
auto pBasicConstraint = make_intrusive<RecordVal>(BifType::Record::X509::BasicConstraints);
|
||||
pBasicConstraint->Assign(0, val_mgr->Bool(constr->ca));
|
||||
pBasicConstraint->Assign(0, constr->ca);
|
||||
|
||||
if ( constr->pathlen )
|
||||
pBasicConstraint->Assign(1, val_mgr->Count((int32_t) ASN1_INTEGER_get(constr->pathlen)));
|
||||
pBasicConstraint->Assign(1, int32_t(ASN1_INTEGER_get(constr->pathlen)));
|
||||
|
||||
event_mgr.Enqueue(x509_ext_basic_constraints,
|
||||
GetFile()->ToVal(),
|
||||
|
|
@ -436,7 +436,7 @@ void X509::ParseSAN(X509_EXTENSION* ext)
|
|||
if ( ips != nullptr )
|
||||
sanExt->Assign(3, ips);
|
||||
|
||||
sanExt->Assign(4, val_mgr->Bool(otherfields));
|
||||
sanExt->Assign(4, otherfields);
|
||||
|
||||
event_mgr.Enqueue(x509_ext_subject_alternative_name,
|
||||
GetFile()->ToVal(),
|
||||
|
|
|
|||
|
|
@ -273,13 +273,13 @@ void X509Common::ParseExtension(X509_EXTENSION* ex, const EventHandlerPtr& h, bo
|
|||
ext_val = make_intrusive<StringVal>(0, "");
|
||||
|
||||
auto pX509Ext = make_intrusive<RecordVal>(BifType::Record::X509::Extension);
|
||||
pX509Ext->Assign(0, make_intrusive<StringVal>(name));
|
||||
pX509Ext->Assign(0, name);
|
||||
|
||||
if ( short_name and strlen(short_name) > 0 )
|
||||
pX509Ext->Assign(1, make_intrusive<StringVal>(short_name));
|
||||
pX509Ext->Assign(1, short_name);
|
||||
|
||||
pX509Ext->Assign(2, make_intrusive<StringVal>(oid));
|
||||
pX509Ext->Assign(3, val_mgr->Bool(critical));
|
||||
pX509Ext->Assign(2, oid);
|
||||
pX509Ext->Assign(3, critical);
|
||||
pX509Ext->Assign(4, ext_val);
|
||||
|
||||
// send off generic extension event
|
||||
|
|
|
|||
|
|
@ -16,8 +16,8 @@ static zeek::RecordValPtr x509_result_record(uint64_t num, const char* reason, z
|
|||
{
|
||||
auto rrecord = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::X509::Result);
|
||||
|
||||
rrecord->Assign(0, zeek::val_mgr->Int(num));
|
||||
rrecord->Assign(1, zeek::make_intrusive<zeek::StringVal>(reason));
|
||||
rrecord->Assign(0, num);
|
||||
rrecord->Assign(1, reason);
|
||||
if ( chainVector )
|
||||
rrecord->Assign(2, std::move(chainVector));
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue