mirror of
https://github.com/zeek/zeek.git
synced 2025-10-15 21:18:20 +00:00
Add MD5/SHA1/SHA256 file analysis hashing actions.
This commit is contained in:
Jon Siwek
parent
ceb471fb36
commit
85410a7657
11 changed files with 271 additions and 42 deletions
|
|
@ -29,6 +29,11 @@ public:
|
|||
*/
|
||||
FileID GetFileID() const { return file_id; }
|
||||
|
||||
/**
|
||||
* @return record val of the "action_results" field from #val record.
|
||||
*/
|
||||
RecordVal* Results() const;
|
||||
|
||||
/**
|
||||
* @return the string which uniquely identifies the file.
|
||||
*/
|
||||
|
|
@ -67,13 +72,13 @@ public:
|
|||
* Attaches an action. Only one action per type can be attached at a time.
|
||||
* @return true if the action was attached, else false.
|
||||
*/
|
||||
bool AddAction(EnumVal* act, RecordVal* args);
|
||||
bool AddAction(ActionTag act, RecordVal* args);
|
||||
|
||||
/**
|
||||
* Removes an action.
|
||||
* @return true if the action was removed, else false.
|
||||
*/
|
||||
bool RemoveAction(EnumVal* act);
|
||||
bool RemoveAction(ActionTag act);
|
||||
|
||||
/**
|
||||
* Pass in non-sequential data and deliver to attached actions/analyzers.
|
||||
|
|
@ -99,6 +104,8 @@ protected:
|
|||
|
||||
friend class Manager;
|
||||
|
||||
typedef map<ActionTag, Action*> ActionMap;
|
||||
|
||||
/**
|
||||
* Constructor; only file_analysis::Manager should be creating these.
|
||||
*/
|
||||
|
|
@ -128,16 +135,19 @@ protected:
|
|||
*/
|
||||
double LookupFieldDefaultInterval(int idx) const;
|
||||
|
||||
/**
|
||||
* Removes an action.
|
||||
* @return true if the action was removed, else false.
|
||||
*/
|
||||
bool RemoveAction(const ActionMap::iterator& it);
|
||||
|
||||
FileID file_id; /**< A pretty hash that likely identifies file*/
|
||||
string unique; /**< A string that uniquely identifies file */
|
||||
RecordVal* val; /**< \c FileAnalysis::Info from script layer. */
|
||||
double last_activity_time; /**< Time of last activity. */
|
||||
bool postpone_timeout; /**< Whether postponing timeout is requested. */
|
||||
bool need_reassembly; /**< Whether file stream reassembly is needed. */
|
||||
|
||||
typedef map<int, Action*> ActionMap;
|
||||
|
||||
ActionMap actions;
|
||||
ActionMap actions; /**< Actions/analysis to perform on file. */
|
||||
|
||||
/**
|
||||
* @return the field offset in #val record corresponding to \a field_name.
|
||||
|
|
@ -161,6 +171,7 @@ protected:
|
|||
static int timeout_interval_idx;
|
||||
static int actions_idx;
|
||||
static int action_args_idx;
|
||||
static int action_results_idx;
|
||||
};
|
||||
|
||||
} // namespace file_analysis
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue