Merge remote-tracking branch 'origin/topic/seth/add-file-lookup-functions'

* origin/topic/seth/add-file-lookup-functions: Functions for retrieving files by their id. BIT-1887 #merged
2025-10-14 12:38:20 +00:00 · 2018-01-12 09:45:26 -08:00 · 2018-01-12 09:45:26 -08:00 · 762e3c9f12
commit 762e3c9f12
parent 89ef5a7b7d 7cb6cf24a6
5 changed files with 84 additions and 8 deletions
--- a/src/file_analysis/Manager.h
+++ b/src/file_analysis/Manager.h
@ -256,6 +256,14 @@ public:
 	bool SetExtractionLimit(const string& file_id, RecordVal* args,
 	                        uint64 n) const;

+	/**
+	 * Try to retrieve a file that's being analyzed, using its identifier/hash.
+	 * @param file_id the file identifier/hash.
+	 * @return the File object mapped to \a file_id, or a null pointer if no
+	 *         mapping exists.
+	 */
+	File* LookupFile(const string& file_id) const;
+
 	/**
 	 * Queue attachment of an analzer to the file identifier.  Multiple
 	 * analyzers of a given type can be attached per file identifier at a time
@ -355,14 +363,6 @@ protected:
 	              bool is_orig = false, bool update_conn = true,
 	              const char* source_name = 0);

-	/**
-	 * Try to retrieve a file that's being analyzed, using its identifier/hash.
-	 * @param file_id the file identifier/hash.
-	 * @return the File object mapped to \a file_id, or a null pointer if no
-	 *         mapping exists.
-	 */
-	File* LookupFile(const string& file_id) const;
-
 	/**
 	 * Evaluate timeout policy for a file and remove the File object mapped to
 	 * \a file_id if needed.
--- a/src/file_analysis/file_analysis.bif
+++ b/src/file_analysis/file_analysis.bif
@ -71,6 +71,28 @@ function Files::__analyzer_name%(tag: Files::Tag%) : string
 	return new StringVal(file_mgr->GetComponentName(tag));
 	%}

+## :bro:see:`Files::file_exists`.
+function Files::__file_exists%(fuid: string%): bool
+	%{
+	if ( file_mgr->LookupFile(fuid->CheckString()) != nullptr )
+		return new Val(true, TYPE_BOOL);
+	else
+		return new Val(false, TYPE_BOOL);
+	%}
+
+## :bro:see:`Files::lookup_file`.
+function Files::__lookup_file%(fuid: string%): fa_file
+	%{
+	auto f = file_mgr->LookupFile(fuid->CheckString());
+	if ( f != nullptr )
+		{
+		return f->GetVal()->Ref();
+		}
+	
+	reporter->Error("file ID %s not a known file", fuid->CheckString());
+	return 0;
+	%}
+
 module GLOBAL;

 ## For use within a :bro:see:`get_file_handle` handler to set a unique