FileAnalysis: replace script-layer http file analysis.

Other misc: - Remove HTTP::MD5 notice. - Add "last_active" field to FileAnalysis::Info record. - Replace "conn_uids", "conn_ids" fields in FileAnalysis::Info record with just a "conns" fields containing full connection records. - The http-methods unit test is failing now, but I think it will be fixed once I change the file handle callback mechanism to use events instead.
2025-10-15 04:58:21 +00:00 · 2013-03-22 16:14:06 -05:00 · 2013-03-22 16:14:06 -05:00 · 71f0e2d276
commit 71f0e2d276
parent 7034785810
61 changed files with 411 additions and 625 deletions
--- a/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.bro
+++ b/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.bro
@ -43,8 +43,9 @@ hook FileAnalysis::policy(trig: FileAnalysis::Trigger, info: FileAnalysis::Info)
 	case FileAnalysis::TRIGGER_DONE:

 		print info$file_id, info$seen_bytes, info$missing_bytes;
-		print info$conn_uids;
-		print info$conn_ids;
+		if ( info?$conns )
+			for ( cid in info$conns )
+				print cid;

 		if ( info?$total_bytes )
 			print "total bytes: " + fmt("%s", info$total_bytes);
--- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/postpone_timeout.bro
+++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/postpone_timeout.bro
@ -55,8 +55,9 @@ hook FileAnalysis::policy(trig: FileAnalysis::Trigger, info: FileAnalysis::Info)
 	case FileAnalysis::TRIGGER_DONE:

 		print info$file_id, info$seen_bytes, info$missing_bytes;
-		print info$conn_uids;
-		print info$conn_ids;
+		if ( info?$conns )
+			for ( cid in info$conns )
+				print cid;

 		if ( info?$total_bytes )
 			print "total bytes: " + fmt("%s", info$total_bytes);
--- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.bro
+++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.bro
@ -48,8 +48,9 @@ hook FileAnalysis::policy(trig: FileAnalysis::Trigger, info: FileAnalysis::Info)
 	case FileAnalysis::TRIGGER_DONE:

 		print info$file_id, info$seen_bytes, info$missing_bytes;
-		print info$conn_uids;
-		print info$conn_ids;
+		if ( info?$conns )
+			for ( cid in info$conns )
+				print cid;

 		if ( info?$total_bytes )
 			print "total bytes: " + fmt("%s", info$total_bytes);
--- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.bro
+++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.bro
@ -43,8 +43,9 @@ hook FileAnalysis::policy(trig: FileAnalysis::Trigger, info: FileAnalysis::Info)
 	case FileAnalysis::TRIGGER_DONE:

 		print info$file_id, info$seen_bytes, info$missing_bytes;
-		print info$conn_uids;
-		print info$conn_ids;
+		if ( info?$conns )
+			for ( cid in info$conns )
+				print cid;

 		if ( info?$total_bytes )
 			print "total bytes: " + fmt("%s", info$total_bytes);
--- a/testing/btest/scripts/base/frameworks/file-analysis/ftp.bro
+++ b/testing/btest/scripts/base/frameworks/file-analysis/ftp.bro
@ -12,7 +12,7 @@ hook FileAnalysis::policy(trig: FileAnalysis::Trigger, info: FileAnalysis::Info)
 	case FileAnalysis::TRIGGER_NEW:
 		print info$file_id, info$seen_bytes, info$missing_bytes;

-		if ( info$source == "ftp-data" )
+		if ( info$source == "FTP_DATA" )
 			{
 			for ( act in actions )
 				FileAnalysis::add_action(info$file_id, act);
@ -34,8 +34,9 @@ hook FileAnalysis::policy(trig: FileAnalysis::Trigger, info: FileAnalysis::Info)

 	case FileAnalysis::TRIGGER_EOF:
 		print info$file_id, info$seen_bytes, info$missing_bytes;
-		print info$conn_uids;
-		print info$conn_ids;
+		if ( info?$conns )
+			for ( cid in info$conns )
+				print cid;

 		if ( info?$total_bytes )
 			print "total bytes: " + fmt("%s", info$total_bytes);
--- a/testing/btest/scripts/base/frameworks/file-analysis/http/get.bro
+++ b/testing/btest/scripts/base/frameworks/file-analysis/http/get.bro
@ -44,8 +44,9 @@ hook FileAnalysis::policy(trig: FileAnalysis::Trigger, info: FileAnalysis::Info)
 	case FileAnalysis::TRIGGER_DONE:

 		print info$file_id, info$seen_bytes, info$missing_bytes;
-		print info$conn_uids;
-		print info$conn_ids;
+		if ( info?$conns )
+			for ( cid in info$conns )
+				print cid;

 		if ( info?$total_bytes )
 			print "total bytes: " + fmt("%s", info$total_bytes);
--- a/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.bro
+++ b/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.bro
@ -54,8 +54,9 @@ hook FileAnalysis::policy(trig: FileAnalysis::Trigger, info: FileAnalysis::Info)
 	case FileAnalysis::TRIGGER_DONE:

 		print info$file_id, info$seen_bytes, info$missing_bytes;
-		print info$conn_uids;
-		print info$conn_ids;
+		if ( info?$conns )
+			for ( cid in info$conns )
+				print cid;

 		if ( info?$total_bytes )
 			print "total bytes: " + fmt("%s", info$total_bytes);
--- a/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.bro
+++ b/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.bro
@ -45,8 +45,9 @@ hook FileAnalysis::policy(trig: FileAnalysis::Trigger, info: FileAnalysis::Info)
 	case FileAnalysis::TRIGGER_DONE:

 		print info$file_id, info$seen_bytes, info$missing_bytes;
-		print info$conn_uids;
-		print info$conn_ids;
+		if ( info?$conns )
+			for ( cid in info$conns )
+				print cid;

 		if ( info?$total_bytes )
 			print "total bytes: " + fmt("%s", info$total_bytes);
--- a/testing/btest/scripts/base/frameworks/file-analysis/http/post.bro
+++ b/testing/btest/scripts/base/frameworks/file-analysis/http/post.bro
@ -42,8 +42,9 @@ hook FileAnalysis::policy(trig: FileAnalysis::Trigger, info: FileAnalysis::Info)
 	case FileAnalysis::TRIGGER_DONE:

 		print info$file_id, info$seen_bytes, info$missing_bytes;
-		print info$conn_uids;
-		print info$conn_ids;
+		if ( info?$conns )
+			for ( cid in info$conns )
+				print cid;

 		if ( info?$total_bytes )
 			print "total bytes: " + fmt("%s", info$total_bytes);
--- a/testing/btest/scripts/base/frameworks/file-analysis/irc.bro
+++ b/testing/btest/scripts/base/frameworks/file-analysis/irc.bro
@ -12,7 +12,7 @@ hook FileAnalysis::policy(trig: FileAnalysis::Trigger, info: FileAnalysis::Info)
 	case FileAnalysis::TRIGGER_NEW:
 		print info$file_id, info$seen_bytes, info$missing_bytes;

-		if ( info$source == "irc-dcc-data" )
+		if ( info$source == "IRC_DATA" )
 			{
 			for ( act in actions )
 				FileAnalysis::add_action(info$file_id, act);
@ -34,8 +34,9 @@ hook FileAnalysis::policy(trig: FileAnalysis::Trigger, info: FileAnalysis::Info)

 	case FileAnalysis::TRIGGER_EOF:
 		print info$file_id, info$seen_bytes, info$missing_bytes;
-		print info$conn_uids;
-		print info$conn_ids;
+		if ( info?$conns )
+			for ( cid in info$conns )
+				print cid;

 		if ( info?$total_bytes )
 			print "total bytes: " + fmt("%s", info$total_bytes);
--- a/testing/btest/scripts/base/frameworks/file-analysis/logging.bro
+++ b/testing/btest/scripts/base/frameworks/file-analysis/logging.bro
@ -55,8 +55,9 @@ hook FileAnalysis::policy(trig: FileAnalysis::Trigger, info: FileAnalysis::Info)
 	case FileAnalysis::TRIGGER_DONE:

 		print info$file_id, info$seen_bytes, info$missing_bytes;
-		print info$conn_uids;
-		print info$conn_ids;
+		if ( info?$conns )
+			for ( cid in info$conns )
+				print cid;

 		if ( info?$total_bytes )
 			print "total bytes: " + fmt("%s", info$total_bytes);
--- a/testing/btest/scripts/base/frameworks/file-analysis/smtp.bro
+++ b/testing/btest/scripts/base/frameworks/file-analysis/smtp.bro
@ -42,8 +42,9 @@ hook FileAnalysis::policy(trig: FileAnalysis::Trigger, info: FileAnalysis::Info)

 	case FileAnalysis::TRIGGER_EOF:
 		print info$file_id, info$seen_bytes, info$missing_bytes;
-		print info$conn_uids;
-		print info$conn_ids;
+		if ( info?$conns )
+			for ( cid in info$conns )
+				print cid;

 		if ( info?$total_bytes )
 			print "total bytes: " + fmt("%s", info$total_bytes);