Functions for retrieving files by their id.

There are two new script level functions to query and lookup files from the core by their IDs. These are adding feature parity for similarly named functions for files. The function prototypes are as follows: Files::file_exists(fuid: string): bool Files::lookup_File(fuid: string): fa_file
2025-10-16 05:28:20 +00:00 · 2018-01-09 12:16:17 -05:00 · 2018-01-09 12:16:17 -05:00 · 7cb6cf24a6
commit 7cb6cf24a6
parent 8b28b73124
5 changed files with 107 additions and 31 deletions
--- a/scripts/base/frameworks/files/main.bro
+++ b/scripts/base/frameworks/files/main.bro
@ -135,6 +135,20 @@ export {
 	## The default per-file reassembly buffer size.
 	const reassembly_buffer_size = 524288 &redef;

+	## Lookup to see if a particular file id exists and is still valid.
+	##
+	## fuid: the file id.
+	##
+	## Returns: T if the file uid is known.
+	global file_exists: function(fuid: string): bool;
+
+	## Lookup an :bro:see:`fa_file` record with the file id.
+	##
+	## fuid: the file id.
+	##
+	## Returns: the associated :bro:see:`fa_file` record.
+	global lookup_file: function(fuid: string): fa_file;
+
 	## Allows the file reassembler to be used if it's necessary because the
 	## file is transferred out of order.
 	##
@ -338,6 +352,16 @@ function set_info(f: fa_file)
 		f$info$is_orig = f$is_orig;
 	}

+function file_exists(fuid: string): bool
+	{
+	return __file_exists(fuid);
+	}
+
+function lookup_file(fuid: string): fa_file
+	{
+	return __lookup_file(fuid);
+	}
+
 function set_timeout_interval(f: fa_file, t: interval): bool
 	{
 	return __set_timeout_interval(f$id, t);