Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 08:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Functions for retrieving files by their id.

Browse source 
There are two new script level functions to query and lookup files
from the core by their IDs.  These are adding feature parity for
similarly named functions for files.  The function prototypes are
as follows:

  Files::file_exists(fuid: string): bool
  Files::lookup_File(fuid: string): fa_file
This commit is contained in:
Seth Hall 2018-01-09 12:16:17 -05:00
parent 8b28b73124
commit 7cb6cf24a6
5 changed files with 107 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

22
src/file_analysis/file_analysis.bif
View file

@ -71,6 +71,28 @@ function Files::__analyzer_name%(tag: Files::Tag%) : string
return new StringVal(file_mgr->GetComponentName(tag));
%}
## :bro:see:`Files::file_exists`.
function Files::__file_exists%(fuid: string%): bool
%{
if ( file_mgr->LookupFile(fuid->CheckString()) != nullptr )
return new Val(true, TYPE_BOOL);
else
return new Val(false, TYPE_BOOL);
%}
## :bro:see:`Files::lookup_file`.
function Files::__lookup_file%(fuid: string%): fa_file
%{
auto f = file_mgr->LookupFile(fuid->CheckString());
if ( f != nullptr )
{
return f->GetVal()->Ref();
}
reporter->Error("file ID %s not a known file", fuid->CheckString());
return 0;
%}
module GLOBAL;
## For use within a :bro:see:`get_file_handle` handler to set a unique