Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 01:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/seth/faf-updates'

Browse source 
* origin/topic/seth/faf-updates: (27 commits)
  Undoing the FTP tests I updated earlier.
  Update the last two btest FAF tests.
  File analysis fixes and test updates.
  Fix a bug with getting analyzer tags.
  A few test updates.
  Some tests work now (at least they all don't fail anymore!)
  Forgot a file.
  Added protocol description functions that provide a super compressed log representation.
  Fix a bug where orig file information in http wasn't working right.
  Added mime types to http.log
  Clean up queued but unused file_over_new_connections event args.
  Add jar files to the default MHR lookups.
  Adding CAB files for MHR checking.
  Improve malware hash registry script.
  Fix a small issue with finding smtp entities.
  Added support for files to the notice framework.
  Make the custom libmagic database a git submodule.
  Add an is_orig parameter to file_over_new_connection event.
  Make magic for emitting application/msword mime type less strict.
  Disable more libmagic builtin checks that override the magic database.
  ...

Conflicts:
	doc/scripts/DocSourcesList.cmake
	scripts/base/init-bare.bro
	scripts/test-all-policy.bro
	testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
This commit is contained in:
Robin Sommer 2013-07-29 14:21:52 -07:00
commit 984e9793db
196 changed files with 1548 additions and 5033 deletions
Download patch file Download diff file Expand all files Collapse all files

16
src/util.cc
View file

@ -1593,12 +1593,26 @@ void operator delete[](void* v)
#endif
// Being selective of which components of MAGIC_NO_CHECK_BUILTIN are actually
// known to be problematic, but keeping rest of libmagic's builtin checks.
#define DISABLE_LIBMAGIC_BUILTIN_CHECKS ( \
/* MAGIC_NO_CHECK_COMPRESS | */ \
/* MAGIC_NO_CHECK_TAR | */ \
/* MAGIC_NO_CHECK_SOFT | */ \
/* MAGIC_NO_CHECK_APPTYPE | */ \
/* MAGIC_NO_CHECK_ELF | */ \
/* MAGIC_NO_CHECK_TEXT | */ \
MAGIC_NO_CHECK_CDF | \
MAGIC_NO_CHECK_TOKENS \
/* MAGIC_NO_CHECK_ENCODING */ \
)
void bro_init_magic(magic_t* cookie_ptr, int flags)
{
if ( ! cookie_ptr || *cookie_ptr )
return;
*cookie_ptr = magic_open(flags|MAGIC_NO_CHECK_TOKENS);
*cookie_ptr = magic_open(flags|DISABLE_LIBMAGIC_BUILTIN_CHECKS);
// Use our custom database for mime types, but the default database
// from libmagic for the verbose file type.