Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Move file analyzers to new plugin infrastructure.

Browse source
This commit is contained in:
Jon Siwek 2013-06-10 15:50:18 -05:00
parent f2574636b6
commit 7c7b6214a6
41 changed files with 559 additions and 172 deletions
Download patch file Download diff file Expand all files Collapse all files

48
src/file_analysis/Extract.cc
View file

@ -1,48 +0,0 @@
// See the file "COPYING" in the main distribution directory for copyright.
#include <string>
#include "Extract.h"
#include "util.h"
using namespace file_analysis;
Extract::Extract(RecordVal* args, File* file, const string& arg_filename)
: file_analysis::Analyzer(args, file), filename(arg_filename)
{
fd = open(filename.c_str(), O_WRONLY | O_CREAT | O_TRUNC, 0666);
if ( fd < 0 )
{
fd = 0;
char buf[128];
strerror_r(errno, buf, sizeof(buf));
reporter->Error("cannot open %s: %s", filename.c_str(), buf);
}
}
Extract::~Extract()
{
if ( fd )
safe_close(fd);
}
file_analysis::Analyzer* Extract::Instantiate(RecordVal* args, File* file)
{
using BifType::Record::FileAnalysis::AnalyzerArgs;
Val* v = args->Lookup(AnalyzerArgs->FieldOffset("extract_filename"));
if ( ! v )
return 0;
return new Extract(args, file, v->AsString()->CheckString());
}
bool Extract::DeliverChunk(const u_char* data, uint64 len, uint64 offset)
{
if ( ! fd )
return false;
safe_pwrite(fd, data, len, offset);
return true;
}