Merge remote-tracking branch 'origin/topic/awelzel/analyzer-module-enable-disable-file-analyzer'

* origin/topic/awelzel/analyzer-module-enable-disable-file-analyzer: analyzer: Add file_analyzer support to enable_analyzer()/disable_analyzer()
2025-10-05 08:08:19 +00:00 · 2022-10-05 13:27:08 +02:00 · 2022-10-05 13:27:08 +02:00 · 6fcbb55ccd
commit 6fcbb55ccd
parent b0b928b305 81fe46f123
8 changed files with 41 additions and 6 deletions
--- a/testing/btest/scripts/base/frameworks/analyzer/disabled-file-analyzers.zeek
+++ b/testing/btest/scripts/base/frameworks/analyzer/disabled-file-analyzers.zeek
@ -0,0 +1,20 @@
+# @TEST-DOC: Add the PE analyzer to Analyzer::disabled_analyzers and ensure no pe.log is created.
+
+# First, cross-check that pe.log is indeed generated.
+# @TEST-EXEC: zeek -b -r $TRACES/pe/pe.trace %INPUT
+# @TEST-EXEC: test -f pe.log
+# @TEST-EXEC: rm *log
+
+# @TEST-EXEC: zeek -b -r $TRACES/pe/pe.trace %INPUT 'Analyzer::disabled_analyzers += { Files::ANALYZER_PE }'
+# @TEST-EXEC: test ! -f pe.log
+# @TEST-EXEC: test -f conn.log
+# @TEST-EXEC: rm *log
+
+# Finally, explicitly enable the analyzer via Analyzer::enable_analyzer() during zeek_init() and expect pe.log to be generated.
+# @TEST-EXEC: zeek -b -r $TRACES/pe/pe.trace %INPUT 'Analyzer::disabled_analyzers += { Files::ANALYZER_PE }' -e 'event zeek_init() { Analyzer::enable_analyzer(Files::ANALYZER_PE); }'
+# @TEST-EXEC: test -f pe.log
+# @TEST-EXEC: test -f conn.log
+
+@load base/protocols/conn
+@load base/protocols/ftp
+@load base/files/pe