Merge remote-tracking branch 'origin/topic/seth/unified2-analyzer'

BIT-1054 #merged * origin/topic/seth/unified2-analyzer: Fixes in case a packet isn't seen that matches an event. Finished work on unified2 analyzer. Fixed some tests. Working unified2 analyzer. Unified2 file analyzer updated to new plugin style. Adding the unified2 analyzer. Conflicts: testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
2025-10-12 03:28:19 +00:00 · 2013-08-13 18:36:53 -07:00 · 2013-08-13 18:36:53 -07:00 · 83eae53f54
commit 83eae53f54
parent d4820cd43b e0de1a2d00
25 changed files with 809 additions and 8 deletions
--- a/src/file_analysis/analyzer/unified2/Unified2.h
+++ b/src/file_analysis/analyzer/unified2/Unified2.h
@ -0,0 +1,38 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#ifndef FILE_ANALYSIS_UNIFIED2_H
+#define FILE_ANALYSIS_UNIFIED2_H
+
+#include <string>
+
+#include "Val.h"
+#include "File.h"
+#include "Analyzer.h"
+#include "unified2_pac.h"
+
+namespace file_analysis {
+
+/**
+ * An analyzer to extract content of files from local disk.
+ */
+class Unified2 : public file_analysis::Analyzer {
+public:
+	virtual ~Unified2();
+
+	virtual bool DeliverStream(const u_char* data, uint64 len);
+
+	static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file);
+
+protected:
+	Unified2(RecordVal* args, File* file);
+
+private:
+	binpac::Unified2::Unified2_Analyzer* interp;
+
+	string filename;
+	int fd;
+};
+
+} // namespace file_analysis
+
+#endif