Allow File analyzers to direcly pass mime type.

This makes it much easier for protocols where the mime type is known in advance like, for example, TLS. We now do no longer have to perform deep script-level magic.
2025-10-02 14:48:21 +00:00 · 2017-02-10 12:34:23 -08:00 · 2017-02-10 12:34:23 -08:00 · 9fd7816501
commit 9fd7816501
parent 1b19ab78b6
12 changed files with 89 additions and 26 deletions
--- a/src/file_analysis/Manager.h
+++ b/src/file_analysis/Manager.h
@ -93,6 +93,12 @@ public:
 	 *        or false if is being sent in the opposite direction.
 	 * @param precomputed_file_id may be set to a previous return value in order to
 	 *        bypass costly file handle lookups.
+	 * @param mime_type may be set to the mime type of the file, if already known due
+	 *        to the protocol. This is, e.g., the case in TLS connections where X.509
+	 *        certificates are passed as files; here the type of the file is set by
+	 *        the protocol. If this parameter is give, mime type detection will be
+	 *        disabled.
+	 *        This parameter is only used for the first bit of data for each file.
 	 * @return a unique file ID string which, in certain contexts, may be
 	 *         cached and passed back in to a subsequent function call in order
 	 *         to avoid costly file handle lookups (which have to go through
@ -101,7 +107,8 @@ public:
 	 */
 	std::string DataIn(const u_char* data, uint64 len, uint64 offset,
 	                   analyzer::Tag tag, Connection* conn, bool is_orig,
-	                   const std::string& precomputed_file_id = "");
+	                   const std::string& precomputed_file_id = "",
+	                   const std::string& mime_type = "");

 	/**
 	 * Pass in sequential file data.
@ -113,6 +120,12 @@ public:
 	 *        or false if is being sent in the opposite direction.
 	 * @param precomputed_file_id may be set to a previous return value in order to
 	 *        bypass costly file handle lookups.
+	 * @param mime_type may be set to the mime type of the file, if already known due
+	 *        to the protocol. This is, e.g., the case in TLS connections where X.509
+	 *        certificates are passed as files; here the type of the file is set by
+	 *        the protocol. If this parameter is give, mime type detection will be
+	 *        disabled.
+	 *        This parameter is only used for the first bit of data for each file.
 	 * @return a unique file ID string which, in certain contexts, may be
 	 *         cached and passed back in to a subsequent function call in order
 	 *         to avoid costly file handle lookups (which have to go through
@ -121,7 +134,8 @@ public:
 	 */
 	std::string DataIn(const u_char* data, uint64 len, analyzer::Tag tag,
 	                   Connection* conn, bool is_orig,
-	                   const std::string& precomputed_file_id = "");
+	                   const std::string& precomputed_file_id = "",
+	                   const std::string& mime_type = "");

 	/**
 	 * Pass in sequential file data from external source (e.g. input framework).