Use macros to create file analyzer plugin classes.

2025-10-05 16:18:19 +00:00 · 2013-08-22 17:03:50 -05:00 · 2013-08-22 17:03:50 -05:00 · 814d827c44
commit 814d827c44
parent 89ae4ffd05
5 changed files with 37 additions and 107 deletions
--- a/src/file_analysis/analyzer/data_event/Plugin.cc
+++ b/src/file_analysis/analyzer/data_event/Plugin.cc
@ -1,26 +1,8 @@
 #include "plugin/Plugin.h"
-#include "file_analysis/Component.h"

 #include "DataEvent.h"

-namespace plugin { namespace Bro_FileDataEvent {
-
-class Plugin : public plugin::Plugin {
-protected:
-	void InitPreScript()
-		{
-		SetName("Bro::FileDataEvent");
-		SetVersion(-1);
-		SetAPIVersion(BRO_PLUGIN_API_VERSION);
-		SetDynamicPlugin(false);
-
-		SetDescription("Delivers file content via events");
-
-		AddComponent(new ::file_analysis::Component("DATA_EVENT",
-		        ::file_analysis::DataEvent::Instantiate));
-		}
-};
-
-Plugin __plugin;
-
-} }
+BRO_PLUGIN_BEGIN(Bro, FileDataEvent)
+	BRO_PLUGIN_DESCRIPTION("Delivers file content via events");
+	BRO_PLUGIN_FILE_ANALYZER("DATA_EVENT", DataEvent);
+BRO_PLUGIN_END
--- a/src/file_analysis/analyzer/extract/Plugin.cc
+++ b/src/file_analysis/analyzer/extract/Plugin.cc
@ -1,31 +1,10 @@
 #include "plugin/Plugin.h"
-#include "file_analysis/Component.h"

 #include "Extract.h"

-namespace plugin { namespace Bro_FileExtract {
-
-class Plugin : public plugin::Plugin {
-protected:
-	void InitPreScript()
-		{
-		SetName("Bro::FileExtract");
-		SetVersion(-1);
-		SetAPIVersion(BRO_PLUGIN_API_VERSION);
-		SetDynamicPlugin(false);
-
-		SetDescription("Extract file content to local file system");
-
-		AddComponent(new ::file_analysis::Component("EXTRACT",
-		        ::file_analysis::Extract::Instantiate));
-
-		extern std::list<std::pair<const char*, int> > __bif_events_init();
-		AddBifInitFunction(&__bif_events_init);
-		extern std::list<std::pair<const char*, int> > __bif_functions_init();
-		AddBifInitFunction(&__bif_functions_init);
-		}
-};
-
-Plugin __plugin;
-
-} }
+BRO_PLUGIN_BEGIN(Bro, FileExtract)
+	BRO_PLUGIN_DESCRIPTION("Extract file content to local file system");
+	BRO_PLUGIN_FILE_ANALYZER("EXTRACT", Extract);
+	BRO_PLUGIN_BIF_FILE(events);
+	BRO_PLUGIN_BIF_FILE(functions);
+BRO_PLUGIN_END
--- a/src/file_analysis/analyzer/hash/Plugin.cc
+++ b/src/file_analysis/analyzer/hash/Plugin.cc
@ -1,33 +1,11 @@
 #include "plugin/Plugin.h"
-#include "file_analysis/Component.h"

 #include "Hash.h"

-namespace plugin { namespace Bro_FileHash {
-
-class Plugin : public plugin::Plugin {
-protected:
-	void InitPreScript()
-		{
-		SetName("Bro::FileHash");
-		SetVersion(-1);
-		SetAPIVersion(BRO_PLUGIN_API_VERSION);
-		SetDynamicPlugin(false);
-
-		SetDescription("Hash file content");
-
-		AddComponent(new ::file_analysis::Component("MD5",
-		        ::file_analysis::MD5::Instantiate));
-		AddComponent(new ::file_analysis::Component("SHA1",
-		        ::file_analysis::SHA1::Instantiate));
-		AddComponent(new ::file_analysis::Component("SHA256",
-		        ::file_analysis::SHA256::Instantiate));
-
-		extern std::list<std::pair<const char*, int> > __bif_events_init();
-		AddBifInitFunction(&__bif_events_init);
-		}
-};
-
-Plugin __plugin;
-
-} }
+BRO_PLUGIN_BEGIN(Bro, FileHash)
+	BRO_PLUGIN_DESCRIPTION("Hash file content");
+	BRO_PLUGIN_FILE_ANALYZER("MD5", MD5);
+	BRO_PLUGIN_FILE_ANALYZER("SHA1", SHA1);
+	BRO_PLUGIN_FILE_ANALYZER("SHA256", SHA256);
+	BRO_PLUGIN_BIF_FILE(events);
+BRO_PLUGIN_END
--- a/src/file_analysis/analyzer/unified2/Plugin.cc
+++ b/src/file_analysis/analyzer/unified2/Plugin.cc
@ -2,34 +2,11 @@

 #include "plugin/Plugin.h"

-#include "file_analysis/Component.h"
-
 #include "Unified2.h"

-namespace plugin { namespace Bro_Unified2 {
-
-class Plugin : public plugin::Plugin {
-protected:
-	void InitPreScript()
-		{
-		SetName("Bro::Unified2");
-		SetVersion(-1);
-		SetAPIVersion(BRO_PLUGIN_API_VERSION);
-		SetDynamicPlugin(false);
-
-		SetDescription("Analyze Unified2 alert files.");
-
-		AddComponent(new ::file_analysis::Component("UNIFIED2",
-		        ::file_analysis::Unified2::Instantiate));
-
-		extern std::list<std::pair<const char*, int> > __bif_events_init();
-		AddBifInitFunction(&__bif_events_init);
-
-		extern std::list<std::pair<const char*, int> > __bif_types_init();
-		AddBifInitFunction(&__bif_types_init);
-		}
-};
-
-Plugin __plugin;
-
-} }
+BRO_PLUGIN_BEGIN(Bro, Unified2)
+	BRO_PLUGIN_DESCRIPTION("Analyze Unified2 alert files.");
+	BRO_PLUGIN_FILE_ANALYZER("UNIFIED2", Unified2);
+	BRO_PLUGIN_BIF_FILE(events);
+	BRO_PLUGIN_BIF_FILE(types);
+BRO_PLUGIN_END
--- a/src/plugin/Macros.h
+++ b/src/plugin/Macros.h
@ -9,6 +9,7 @@
 #define PLUGIN_MACROS_H

 #include "analyzer/Component.h"
+#include "file_analysis/Component.h"

 /**
 * The current plugin API version. Plugins that won't match this version will
@ -91,6 +92,19 @@
 #define BRO_PLUGIN_ANALYZER(tag, cls) \
 	AddComponent(new ::analyzer::Component(tag, ::analyzer::cls::InstantiateAnalyzer));

+/**
+ * Defines a component implementing a file analyzer.
+ *
+ * @param tag A string with the analyzer's tag. This must be unique across
+ * all loaded analyzers and will translate into a corresponding \c ANALYZER_*
+ * constant at the script-layer.
+ *
+ * @param cls The class that implements the analyzer. It must be derived
+ * (directly or indirectly) from file_analysis::Analyzer.
+ */
+#define BRO_PLUGIN_FILE_ANALYZER(tag, cls) \
+	AddComponent(new ::file_analysis::Component(tag, ::file_analysis::cls::Instantiate));
+
 /**
 * Defines a component implementing a protocol analyzer class that will
 * not be instantiated dynamically. This is for two use-cases: (1) abstract