Add concept of "parent" tag namespaces

This allows us to create an EnumType that groups all of the analyzer tag values into a single type, while still having the existing types that split them up. We can then use this for certain events that benefit from taking all of the tag types at once.
2025-10-09 18:18:19 +00:00 · 2021-10-01 12:54:27 -07:00 · 2021-10-01 12:54:27 -07:00 · a7d3cb48ef
commit a7d3cb48ef
parent 7d66f4252f
12 changed files with 147 additions and 21 deletions
--- a/testing/btest/scripts/base/frameworks/analyzer/tags.zeek
+++ b/testing/btest/scripts/base/frameworks/analyzer/tags.zeek
@ -0,0 +1,36 @@
+# @TEST-EXEC: zeek %INPUT > output
+# @TEST-EXEC: btest-diff output
+
+# Validate that we can pass the individual Tag types into functions that
+# take both their own Tag type as well the AllAnalyzers type.
+
+global test2: function(a: Analyzer::Tag);
+global test3: function(a: PacketAnalyzer::Tag);
+global test4: function(a: Files::Tag);
+
+function test1(a: AllAnalyzers::Tag) {
+    print "all", a;
+}
+
+function test2(a: Analyzer::Tag) {
+    print "analyzer", a;
+}
+
+function test3(a: PacketAnalyzer::Tag) {
+    print "packet analyzer", a;
+}
+
+function test4(a: Files::Tag) {
+    print "file analyzer", a;
+}
+
+event zeek_init() {
+    test1(Analyzer::ANALYZER_DNS);
+    test2(Analyzer::ANALYZER_DNS);
+
+    test1(PacketAnalyzer::ANALYZER_UDP);
+    test3(PacketAnalyzer::ANALYZER_UDP);
+
+    test1(Files::ANALYZER_X509);
+    test4(Files::ANALYZER_X509);
+}