FileAnalysis: replace script-layer http file analysis.

Other misc: - Remove HTTP::MD5 notice. - Add "last_active" field to FileAnalysis::Info record. - Replace "conn_uids", "conn_ids" fields in FileAnalysis::Info record with just a "conns" fields containing full connection records. - The http-methods unit test is failing now, but I think it will be fixed once I change the file handle callback mechanism to use events instead.
2025-10-10 02:28:21 +00:00 · 2013-03-22 16:14:06 -05:00 · 2013-03-22 16:14:06 -05:00 · 71f0e2d276
commit 71f0e2d276
parent 7034785810
61 changed files with 411 additions and 625 deletions
--- a/testing/btest/scripts/base/protocols/http/http-extract-files.bro
+++ b/testing/btest/scripts/base/protocols/http/http-extract-files.bro
@ -1,5 +1,5 @@
 # @TEST-EXEC: bro -C -r $TRACES/web.trace %INPUT
 # @TEST-EXEC: btest-diff http.log
-# @TEST-EXEC: btest-diff http-item_141.42.64.125:56730-125.190.109.199:80_resp_1.dat
+# @TEST-EXEC: btest-diff http-item-BFymS6bFgT3-0.dat

-redef HTTP::extract_file_types += /text\/html/;
+redef HTTP::extract_file_types += /text\/html/;
--- a/testing/btest/scripts/base/protocols/http/http-mime-and-md5.bro
+++ b/testing/btest/scripts/base/protocols/http/http-mime-and-md5.bro
@ -1,21 +1,6 @@
-# This tests md5 calculation for a specified mime type.  The http.log
-# will normalize mime types other than the target type to prevent sensitivity
-# to varying versions of libmagic.
+# This tests md5 calculation for a specified mime type.

 # @TEST-EXEC: bro -r $TRACES/http/pipelined-requests.trace %INPUT > output
 # @TEST-EXEC: btest-diff http.log

 redef HTTP::generate_md5 += /image\/png/;
-
-event bro_init()
-	{
-	Log::remove_default_filter(HTTP::LOG);
-	Log::add_filter(HTTP::LOG, [$name="normalized-mime-types",
-	                             $pred=function(rec: HTTP::Info): bool
-		{
-		if ( rec?$mime_type && HTTP::generate_md5 != rec$mime_type )
-				rec$mime_type = "FAKE_MIME";
-		return T;
-		}
-	]);
-	}