Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Move various elements into ID.h and zeek::id namespace

Browse source 
* A handful of generic/useful/common global type pointers that used
  to be in NetVar.h

* Lookup functions that used to be Var.h
This commit is contained in:
Jon Siwek 2020-05-12 18:08:52 -07:00
parent 9210d443d3
commit a5762c12cc
84 changed files with 578 additions and 568 deletions
Download patch file Download diff file Expand all files Collapse all files

46
src/file_analysis/File.cc
View file

@ -23,16 +23,16 @@ using namespace file_analysis;
static Val* empty_connection_table()
{
auto tbl_index = make_intrusive<TypeList>(zeek::vars::conn_id);
tbl_index->Append(zeek::vars::conn_id);
auto tbl_index = make_intrusive<TypeList>(zeek::id::conn_id);
tbl_index->Append(zeek::id::conn_id);
auto tbl_type = make_intrusive<TableType>(std::move(tbl_index),
zeek::vars::connection);
zeek::id::connection);
return new TableVal(std::move(tbl_type));
}
static IntrusivePtr<RecordVal> get_conn_id_val(const Connection* conn)
{
auto v = make_intrusive<RecordVal>(zeek::vars::conn_id);
auto v = make_intrusive<RecordVal>(zeek::id::conn_id);
v->Assign(0, make_intrusive<AddrVal>(conn->OrigAddr()));
v->Assign(1, val_mgr->Port(ntohs(conn->OrigPort()), conn->ConnTransport()));
v->Assign(2, make_intrusive<AddrVal>(conn->RespAddr()));
@ -62,22 +62,22 @@ void File::StaticInit()
if ( id_idx != -1 )
return;
id_idx = Idx("id", zeek::vars::fa_file);
parent_id_idx = Idx("parent_id", zeek::vars::fa_file);
source_idx = Idx("source", zeek::vars::fa_file);
is_orig_idx = Idx("is_orig", zeek::vars::fa_file);
conns_idx = Idx("conns", zeek::vars::fa_file);
last_active_idx = Idx("last_active", zeek::vars::fa_file);
seen_bytes_idx = Idx("seen_bytes", zeek::vars::fa_file);
total_bytes_idx = Idx("total_bytes", zeek::vars::fa_file);
missing_bytes_idx = Idx("missing_bytes", zeek::vars::fa_file);
overflow_bytes_idx = Idx("overflow_bytes", zeek::vars::fa_file);
timeout_interval_idx = Idx("timeout_interval", zeek::vars::fa_file);
bof_buffer_size_idx = Idx("bof_buffer_size", zeek::vars::fa_file);
bof_buffer_idx = Idx("bof_buffer", zeek::vars::fa_file);
meta_mime_type_idx = Idx("mime_type", zeek::vars::fa_metadata);
meta_mime_types_idx = Idx("mime_types", zeek::vars::fa_metadata);
meta_inferred_idx = Idx("inferred", zeek::vars::fa_metadata);
id_idx = Idx("id", zeek::id::fa_file);
parent_id_idx = Idx("parent_id", zeek::id::fa_file);
source_idx = Idx("source", zeek::id::fa_file);
is_orig_idx = Idx("is_orig", zeek::id::fa_file);
conns_idx = Idx("conns", zeek::id::fa_file);
last_active_idx = Idx("last_active", zeek::id::fa_file);
seen_bytes_idx = Idx("seen_bytes", zeek::id::fa_file);
total_bytes_idx = Idx("total_bytes", zeek::id::fa_file);
missing_bytes_idx = Idx("missing_bytes", zeek::id::fa_file);
overflow_bytes_idx = Idx("overflow_bytes", zeek::id::fa_file);
timeout_interval_idx = Idx("timeout_interval", zeek::id::fa_file);
bof_buffer_size_idx = Idx("bof_buffer_size", zeek::id::fa_file);
bof_buffer_idx = Idx("bof_buffer", zeek::id::fa_file);
meta_mime_type_idx = Idx("mime_type", zeek::id::fa_metadata);
meta_mime_types_idx = Idx("mime_types", zeek::id::fa_metadata);
meta_inferred_idx = Idx("inferred", zeek::id::fa_metadata);
}
File::File(const std::string& file_id, const std::string& source_name, Connection* conn,
@ -91,7 +91,7 @@ File::File(const std::string& file_id, const std::string& source_name, Connectio
DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Creating new File object", file_id.c_str());
val = new RecordVal(zeek::vars::fa_file);
val = new RecordVal(zeek::id::fa_file);
val->Assign(id_idx, make_intrusive<StringVal>(file_id.c_str()));
SetSource(source_name);
@ -295,7 +295,7 @@ bool File::SetMime(const std::string& mime_type)
if ( ! FileEventAvailable(file_sniff) )
return false;
auto meta = make_intrusive<RecordVal>(zeek::vars::fa_metadata);
auto meta = make_intrusive<RecordVal>(zeek::id::fa_metadata);
meta->Assign(meta_mime_type_idx, make_intrusive<StringVal>(mime_type));
meta->Assign(meta_inferred_idx, val_mgr->False());
@ -328,7 +328,7 @@ void File::InferMetadata()
len = std::min(len, LookupFieldDefaultCount(bof_buffer_size_idx));
file_mgr->DetectMIME(data, len, &matches);
auto meta = make_intrusive<RecordVal>(zeek::vars::fa_metadata);
auto meta = make_intrusive<RecordVal>(zeek::id::fa_metadata);
if ( ! matches.empty() )
{

7
src/file_analysis/Manager.cc
View file

@ -3,7 +3,6 @@
#include "Manager.h"
#include "File.h"
#include "Analyzer.h"
#include "Var.h"
#include "Event.h"
#include "UID.h"
#include "digest.h"
@ -432,7 +431,7 @@ string Manager::GetFileID(const analyzer::Tag& tag, Connection* c, bool is_orig)
bool Manager::IsDisabled(const analyzer::Tag& tag)
{
if ( ! disabled )
disabled = zeek::lookup_const("Files::disable")->AsTableVal();
disabled = zeek::id::lookup_const("Files::disable")->AsTableVal();
auto index = val_mgr->Count(bool(tag));
auto yield = disabled->Lookup(index.get());
@ -499,8 +498,8 @@ string Manager::DetectMIME(const u_char* data, uint64_t len) const
IntrusivePtr<VectorVal> file_analysis::GenMIMEMatchesVal(const RuleMatcher::MIME_Matches& m)
{
static auto mime_matches = zeek::lookup_type<VectorType>("mime_matches");
static auto mime_match = zeek::lookup_type<RecordType>("mime_match");
static auto mime_matches = zeek::id::lookup_type<VectorType>("mime_matches");
static auto mime_match = zeek::id::lookup_type<RecordType>("mime_match");
auto rval = make_intrusive<VectorVal>(mime_matches);
for ( RuleMatcher::MIME_Matches::const_iterator it = m.begin();

2
src/file_analysis/analyzer/entropy/Entropy.cc
View file

@ -60,7 +60,7 @@ void Entropy::Finalize()
montepi = scc = ent = mean = chisq = 0.0;
entropy->Get(&ent, &chisq, &mean, &montepi, &scc);
static auto entropy_test_result = zeek::lookup_type<RecordType>("entropy_test_result");
static auto entropy_test_result = zeek::id::lookup_type<RecordType>("entropy_test_result");
auto ent_result = make_intrusive<RecordVal>(entropy_test_result);
ent_result->Assign(0, make_intrusive<Val>(ent, TYPE_DOUBLE));
ent_result->Assign(1, make_intrusive<Val>(chisq, TYPE_DOUBLE));

4
src/file_analysis/analyzer/pe/pe-analyzer.pac
View file

@ -11,7 +11,7 @@ VectorVal* process_rvas(const RVAS* rvas);
%code{
VectorVal* process_rvas(const RVAS* rva_table)
{
auto rvas = make_intrusive<VectorVal>(zeek::vars::index_vec);
auto rvas = make_intrusive<VectorVal>(zeek::id::index_vec);
for ( uint16 i=0; i < rva_table->rvas()->size(); ++i )
rvas->Assign(i, val_mgr->Count((*rva_table->rvas())[i]->size()));
@ -26,7 +26,7 @@ refine flow File += {
function characteristics_to_bro(c: uint32, len: uint8): TableVal
%{
uint64 mask = (len==16) ? 0xFFFF : 0xFFFFFFFF;
TableVal* char_set = new TableVal(zeek::vars::count_set);
TableVal* char_set = new TableVal(zeek::id::count_set);
for ( uint16 i=0; i < len; ++i )
{
if ( ((c >> i) & 0x1) == 1 )

2
src/file_analysis/analyzer/x509/OCSP.cc
View file

@ -634,7 +634,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
//ocsp_resp_record->Assign(7, make_intrusive<StringVal>(len, buf));
//BIO_reset(bio);
certs_vector = new VectorVal(zeek::lookup_type<VectorType>("x509_opaque_vector"));
certs_vector = new VectorVal(zeek::id::lookup_type<VectorType>("x509_opaque_vector"));
vl.emplace_back(AdoptRef{}, certs_vector);
#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)

8
src/file_analysis/analyzer/x509/X509.cc
View file

@ -367,21 +367,21 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
{
case GEN_DNS:
if ( names == nullptr )
names = new VectorVal(zeek::vars::string_vec);
names = new VectorVal(zeek::id::string_vec);
names->Assign(names->Size(), bs);
break;
case GEN_URI:
if ( uris == nullptr )
uris = new VectorVal(zeek::vars::string_vec);
uris = new VectorVal(zeek::id::string_vec);
uris->Assign(uris->Size(), bs);
break;
case GEN_EMAIL:
if ( emails == nullptr )
emails = new VectorVal(zeek::vars::string_vec);
emails = new VectorVal(zeek::id::string_vec);
emails->Assign(emails->Size(), bs);
break;
@ -391,7 +391,7 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
else if ( gen->type == GEN_IPADD )
{
if ( ips == nullptr )
ips = new VectorVal(zeek::lookup_type<VectorType>("addr_vec"));
ips = new VectorVal(zeek::id::lookup_type<VectorType>("addr_vec"));
uint32_t* addr = (uint32_t*) gen->d.ip->data;

2
src/file_analysis/analyzer/x509/functions.bif
View file

@ -556,7 +556,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str
}
int num_certs = sk_X509_num(chain);
chainVector = new VectorVal(zeek::lookup_type<VectorType>("x509_opaque_vector"));
chainVector = new VectorVal(zeek::id::lookup_type<VectorType>("x509_opaque_vector"));
for ( int i = 0; i < num_certs; i++ )
{