Merge remote-tracking branch 'origin/topic/jsiwek/smtp-refactor'

- While updating, I did some further work on the branch. - New function in the base/utils/files for extracting filenames from content-dispositions. - New script for entity excerpt extraction if you aren't interested in full extraction. The data goes a log field too. - Some renaming and reorganization of types. - Updated tests to work with new code. * origin/topic/jsiwek/smtp-refactor: Make the doc.coverage test happy. SMTP script refactor. (addresses #509) Conflicts: doc/scripts/DocSourcesList.cmake policy/protocols/smtp/__load__.bro policy/protocols/smtp/base/__load__.bro
2025-10-02 14:48:21 +00:00 · 2011-08-10 13:34:31 -04:00 · 2011-08-10 13:34:31 -04:00 · adc486c673
commit adc486c673
parent 78e69a0bc8 31622bd35f
17 changed files with 720 additions and 141 deletions
--- a/scripts/base/utils/files.bro
+++ b/scripts/base/utils/files.bro
@ -12,4 +12,15 @@ function generate_extraction_filename(prefix: string, c: connection, suffix: str
 		conn_info = fmt("%s_%s", conn_info, suffix);
 		
 	return conn_info;
-	}
+	}
+	
+## For CONTENT-DISPOSITION headers, this function can be used to extract 
+## the filename.
+function extract_filename_from_content_disposition(data: string): string
+	{
+	local filename = sub(data, /^.*[fF][iI][lL][eE][nN][aA][mM][eE]=/, "");
+	# Remove quotes around the filename if they are there.
+	if ( /^\"/ in filename )
+		filename =  split_n(filename, /\"/, F, 2)[2];
+	return filename;
+	}