Support explicit disabling of file analyzers

src/file_analysis/AnalyzerSet.cc

@@ -175,6 +175,11 @@ file_analysis::Analyzer* AnalyzerSet::InstantiateAnalyzer(const Tag& tag,
 
 	if ( ! a )
 		{
+		auto c = file_mgr->Lookup(tag);
+
+		if ( c && ! c->Enabled() )
+			return nullptr;
+
 		reporter->Error("[%s] Failed file analyzer %s instantiation",
 		                file->GetID().c_str(),
 		                file_mgr->GetComponentName(tag).c_str());

src/file_analysis/Component.cc

@@ -8,11 +8,12 @@
 
 namespace zeek::file_analysis {
 
-Component::Component(const std::string& name, factory_function arg_factory, Tag::subtype_t subtype)
+Component::Component(const std::string& name, factory_function arg_factory, Tag::subtype_t subtype, bool arg_enabled)
 	: plugin::Component(plugin::component::FILE_ANALYZER, name),
 	  plugin::TaggedComponent<file_analysis::Tag>(subtype)
 	{
 	factory_func = arg_factory;
+	enabled = arg_enabled;
 	}
 
 void Component::Initialize()
@@ -31,7 +32,10 @@ void Component::DoDescribe(ODesc* d) const
 		{
 		d->Add("ANALYZER_");
 		d->Add(CanonicalName());
+		d->Add(", ");
 		}
+
+	d->Add(enabled ? "enabled" : "disabled");
 	}
 
 } // namespace zeek::file_analysis

src/file_analysis/Component.h

@@ -48,8 +48,12 @@ public:
 	 * analyzer::Tag that the manager associates with this analyzer, and
 	 * analyzer instances can accordingly access it via analyzer::Tag().
 	 * If not used, leave at zero.
+	 *
+	 * @param enabled If false the analyzer starts out as disabled and
+	 * hence won't be used. It can still be enabled later via the
+	 * manager, including from script-land.
 	 */
-	Component(const std::string& name, factory_function factory, Tag::subtype_t subtype = 0);
+	Component(const std::string& name, factory_function factory, Tag::subtype_t subtype = 0, bool enabled = true);
 
 	/**
 	 * Destructor.
@@ -69,6 +73,20 @@ public:
 	factory_function FactoryFunction() const
 		{ return factory_func; }
 
+	/**
+	 * Returns true if the analyzer is currently enabled and hence
+	 * available for use.
+	 */
+	bool Enabled() const	{ return enabled; }
+
+	/**
+	 * Enables or disables this analyzer.
+	 *
+	 * @param arg_enabled True to enabled, false to disable.
+	 *
+	 */
+	void SetEnabled(bool arg_enabled)	{ enabled = arg_enabled; }
+
 protected:
 	/**
 	  * Overriden from plugin::Component.
@@ -79,6 +97,7 @@ private:
 	friend class Manager;
 
 	factory_function factory_func;	// The analyzer's factory callback.
+	bool enabled;	// True if the analyzer is enabled.
 };
 
 } // namespace zeek::file_analysis

src/file_analysis/Manager.cc

@@ -458,6 +458,13 @@ Analyzer* Manager::InstantiateAnalyzer(const Tag& tag,
 		return nullptr;
 		}
 
+	if ( ! c->Enabled() )
+		{
+		DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Skip instantiation of disabled analyzer %s",
+		        f->id.c_str(), GetComponentName(tag).c_str());
+		return nullptr;
+		}
+
 	DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Instantiate analyzer %s",
 	        f->id.c_str(), GetComponentName(tag).c_str());
 

src/file_analysis/file_analysis.bif

@@ -38,6 +38,37 @@ function Files::__set_reassembly_buffer%(file_id: string, max: count%): bool
 	return zeek::val_mgr->Bool(result);
 	%}
 
+## :zeek:see:`Files::enable_analyzer`.
+function Files::__enable_analyzer%(tag: Files::Tag%) : bool
+	%{
+	auto c = zeek::file_mgr->Lookup(tag->AsEnumVal());
+
+	if ( ! c )
+		return zeek::val_mgr->False();
+
+	c->SetEnabled(true);
+	return zeek::val_mgr->True();
+	%}
+
+## :zeek:see:`Files::disable_analyzer`.
+function Files::__disable_analyzer%(tag: Files::Tag%) : bool
+	%{
+	auto c = zeek::file_mgr->Lookup(tag->AsEnumVal());
+
+	if ( ! c )
+		return zeek::val_mgr->False();
+
+	c->SetEnabled(false);
+	return zeek::val_mgr->True();
+	%}
+
+## :zeek:see:`Files::analyzer_enabled`.
+function Files::__analyzer_enabled%(tag: Files::Tag%) : bool
+	%{
+	auto c = zeek::file_mgr->Lookup(tag->AsEnumVal());
+	return zeek::val_mgr->Bool(c && c->Enabled());
+	%}
+
 ## :zeek:see:`Files::add_analyzer`.
 function Files::__add_analyzer%(file_id: string, tag: Files::Tag, args: any%): bool
 	%{