Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 09:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Refactor how file analysis actions are tracked.

Browse source 
The Info record now uses a "table[ActionArgs] of ActionResults", which
allows for simultaneous actions of a given type as long as other args
(fields in the ActionArgs record) are different.
This commit is contained in:
Jon Siwek 2013-02-25 16:35:42 -06:00
parent 4b30cc2e24
commit 691622b3aa
13 changed files with 233 additions and 158 deletions
Download patch file Download diff file Expand all files Collapse all files

44
src/file_analysis/Hash.h
View file

@ -26,61 +26,51 @@ public:
protected:
Hash(Info* arg_info, ActionTag arg_tag, HashVal* hv);
Hash(RecordVal* args, Info* info, HashVal* hv, const char* field);
void Finalize();
virtual int GetResultFieldOffset() const = 0;
HashVal* hash;
int result_field_idx;
};
class MD5 : public Hash {
public:
static Action* Instantiate(const RecordVal* args, Info* info)
{ return new MD5(info); }
static Action* Instantiate(RecordVal* args, Info* info)
{ return new MD5(args, info); }
protected:
MD5(Info* arg_info)
: Hash(arg_info, BifEnum::FileAnalysis::ACTION_MD5, new MD5Val()) {}
virtual int GetResultFieldOffset() const
{ return BifType::Record::FileAnalysis::ActionResults->
FieldOffset("md5"); }
MD5(RecordVal* args, Info* info)
: Hash(args, info, new MD5Val(), "md5")
{}
};
class SHA1 : public Hash {
public:
static Action* Instantiate(const RecordVal* args, Info* info)
{ return new SHA1(info); }
static Action* Instantiate(RecordVal* args, Info* info)
{ return new SHA1(args, info); }
protected:
SHA1(Info* arg_info)
: Hash(arg_info, BifEnum::FileAnalysis::ACTION_SHA1, new SHA1Val()) {}
virtual int GetResultFieldOffset() const
{ return BifType::Record::FileAnalysis::ActionResults->
FieldOffset("sha1"); }
SHA1(RecordVal* args, Info* info)
: Hash(args, info, new SHA1Val(), "sha1")
{}
};
class SHA256 : public Hash {
public:
static Action* Instantiate(const RecordVal* args, Info* info)
{ return new SHA256(info); }
static Action* Instantiate(RecordVal* args, Info* info)
{ return new SHA256(args, info); }
protected:
SHA256(Info* arg_info)
: Hash(arg_info, BifEnum::FileAnalysis::ACTION_SHA256, new SHA256Val()) {}
virtual int GetResultFieldOffset() const
{ return BifType::Record::FileAnalysis::ActionResults->
FieldOffset("sha256"); }
SHA256(RecordVal* args, Info* info)
: Hash(args, info, new SHA256Val(), "sha256")
{}
};
} // namespace file_analysis