mirror of
https://github.com/zeek/zeek.git
synced 2025-10-04 23:58:20 +00:00
GH-234: rename Broxygen to Zeexygen along with roles/directives
* All "Broxygen" usages have been replaced in code, documentation, filenames, etc. * Sphinx roles/directives like ":bro:see" are now ":zeek:see" * The "--broxygen" command-line option is now "--zeexygen"
This commit is contained in:
Jon Siwek
parent
5ba46eaa71
commit
aebcb1415d
254 changed files with 2675 additions and 2656 deletions
|
|
@ -1,17 +1,17 @@
|
|||
## This event is generated when a file extraction analyzer is about
|
||||
## to exceed the maximum permitted file size allowed by the
|
||||
## *extract_limit* field of :bro:see:`Files::AnalyzerArgs`.
|
||||
## *extract_limit* field of :zeek:see:`Files::AnalyzerArgs`.
|
||||
## The analyzer is automatically removed from file *f*.
|
||||
##
|
||||
## f: The file.
|
||||
##
|
||||
## args: Arguments that identify a particular file extraction analyzer.
|
||||
## This is only provided to be able to pass along to
|
||||
## :bro:see:`FileExtract::set_limit`.
|
||||
## :zeek:see:`FileExtract::set_limit`.
|
||||
##
|
||||
## limit: The limit, in bytes, the extracted file is about to breach.
|
||||
##
|
||||
## len: The length of the file chunk about to be written.
|
||||
##
|
||||
## .. bro:see:: Files::add_analyzer Files::ANALYZER_EXTRACT
|
||||
## .. zeek:see:: Files::add_analyzer Files::ANALYZER_EXTRACT
|
||||
event file_extraction_limit%(f: fa_file, args: Files::AnalyzerArgs, limit: count, len: count%);
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ module FileExtract;
|
|||
#include "file_analysis/Manager.h"
|
||||
%%}
|
||||
|
||||
## :bro:see:`FileExtract::set_limit`.
|
||||
## :zeek:see:`FileExtract::set_limit`.
|
||||
function FileExtract::__set_limit%(file_id: string, args: any, n: count%): bool
|
||||
%{
|
||||
using BifType::Record::Files::AnalyzerArgs;
|
||||
|
|
|
|||
|
|
@ -7,6 +7,6 @@
|
|||
##
|
||||
## hash: The result of the hashing.
|
||||
##
|
||||
## .. bro:see:: Files::add_analyzer Files::ANALYZER_MD5
|
||||
## .. zeek:see:: Files::add_analyzer Files::ANALYZER_MD5
|
||||
## Files::ANALYZER_SHA1 Files::ANALYZER_SHA256
|
||||
event file_hash%(f: fa_file, kind: string, hash: string%);
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
##
|
||||
## h: The parsed DOS header information.
|
||||
##
|
||||
## .. bro:see:: pe_dos_code pe_file_header pe_optional_header pe_section_header
|
||||
## .. zeek:see:: pe_dos_code pe_file_header pe_optional_header pe_section_header
|
||||
event pe_dos_header%(f: fa_file, h: PE::DOSHeader%);
|
||||
|
||||
## A :abbr:`PE (Portable Executable)` file DOS stub was parsed.
|
||||
|
|
@ -17,7 +17,7 @@ event pe_dos_header%(f: fa_file, h: PE::DOSHeader%);
|
|||
##
|
||||
## code: The DOS stub
|
||||
##
|
||||
## .. bro:see:: pe_dos_header pe_file_header pe_optional_header pe_section_header
|
||||
## .. zeek:see:: pe_dos_header pe_file_header pe_optional_header pe_section_header
|
||||
event pe_dos_code%(f: fa_file, code: string%);
|
||||
|
||||
## A :abbr:`PE (Portable Executable)` file file header was parsed.
|
||||
|
|
@ -29,7 +29,7 @@ event pe_dos_code%(f: fa_file, code: string%);
|
|||
##
|
||||
## h: The parsed file header information.
|
||||
##
|
||||
## .. bro:see:: pe_dos_header pe_dos_code pe_optional_header pe_section_header
|
||||
## .. zeek:see:: pe_dos_header pe_dos_code pe_optional_header pe_section_header
|
||||
event pe_file_header%(f: fa_file, h: PE::FileHeader%);
|
||||
|
||||
## A :abbr:`PE (Portable Executable)` file optional header was parsed.
|
||||
|
|
@ -42,7 +42,7 @@ event pe_file_header%(f: fa_file, h: PE::FileHeader%);
|
|||
##
|
||||
## h: The parsed optional header information.
|
||||
##
|
||||
## .. bro:see:: pe_dos_header pe_dos_code pe_file_header pe_section_header
|
||||
## .. zeek:see:: pe_dos_header pe_dos_code pe_file_header pe_section_header
|
||||
event pe_optional_header%(f: fa_file, h: PE::OptionalHeader%);
|
||||
|
||||
## A :abbr:`PE (Portable Executable)` file section header was parsed.
|
||||
|
|
@ -53,5 +53,5 @@ event pe_optional_header%(f: fa_file, h: PE::OptionalHeader%);
|
|||
##
|
||||
## h: The parsed section header information.
|
||||
##
|
||||
## .. bro:see:: pe_dos_header pe_dos_code pe_file_header pe_optional_header
|
||||
## .. zeek:see:: pe_dos_header pe_dos_code pe_file_header pe_optional_header
|
||||
event pe_section_header%(f: fa_file, h: PE::SectionHeader%);
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
##
|
||||
## cert: The parsed certificate information.
|
||||
##
|
||||
## .. bro:see:: x509_extension x509_ext_basic_constraints
|
||||
## .. zeek:see:: x509_extension x509_ext_basic_constraints
|
||||
## x509_ext_subject_alternative_name x509_parse x509_verify
|
||||
## x509_get_certificate_string x509_ocsp_ext_signed_certificate_timestamp
|
||||
event x509_certificate%(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate%);
|
||||
|
|
@ -25,7 +25,7 @@ event x509_certificate%(f: fa_file, cert_ref: opaque of x509, cert: X509::Certif
|
|||
##
|
||||
## ext: The parsed extension.
|
||||
##
|
||||
## .. bro:see:: x509_certificate x509_ext_basic_constraints
|
||||
## .. zeek:see:: x509_certificate x509_ext_basic_constraints
|
||||
## x509_ext_subject_alternative_name x509_parse x509_verify
|
||||
## x509_get_certificate_string x509_ocsp_ext_signed_certificate_timestamp
|
||||
event x509_extension%(f: fa_file, ext: X509::Extension%);
|
||||
|
|
@ -37,7 +37,7 @@ event x509_extension%(f: fa_file, ext: X509::Extension%);
|
|||
##
|
||||
## ext: The parsed basic constraints extension.
|
||||
##
|
||||
## .. bro:see:: x509_certificate x509_extension
|
||||
## .. zeek:see:: x509_certificate x509_extension
|
||||
## x509_ext_subject_alternative_name x509_parse x509_verify
|
||||
## x509_get_certificate_string x509_ocsp_ext_signed_certificate_timestamp
|
||||
event x509_ext_basic_constraints%(f: fa_file, ext: X509::BasicConstraints%);
|
||||
|
|
@ -51,7 +51,7 @@ event x509_ext_basic_constraints%(f: fa_file, ext: X509::BasicConstraints%);
|
|||
##
|
||||
## ext: The parsed subject alternative name extension.
|
||||
##
|
||||
## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints
|
||||
## .. zeek:see:: x509_certificate x509_extension x509_ext_basic_constraints
|
||||
## x509_parse x509_verify x509_ocsp_ext_signed_certificate_timestamp
|
||||
## x509_get_certificate_string
|
||||
event x509_ext_subject_alternative_name%(f: fa_file, ext: X509::SubjectAlternativeName%);
|
||||
|
|
@ -76,7 +76,7 @@ event x509_ext_subject_alternative_name%(f: fa_file, ext: X509::SubjectAlternati
|
|||
##
|
||||
## signature: signature part of the digitally_signed struct
|
||||
##
|
||||
## .. bro:see:: ssl_extension_signed_certificate_timestamp x509_extension x509_ext_basic_constraints
|
||||
## .. zeek:see:: ssl_extension_signed_certificate_timestamp x509_extension x509_ext_basic_constraints
|
||||
## x509_parse x509_verify x509_ext_subject_alternative_name
|
||||
## x509_get_certificate_string ssl_extension_signed_certificate_timestamp
|
||||
## sct_verify ocsp_request ocsp_request_certificate ocsp_response_status
|
||||
|
|
|
|||
|
|
@ -192,7 +192,7 @@ const EVP_MD* hash_to_evp(int hash)
|
|||
##
|
||||
## Returns: A X509::Certificate structure.
|
||||
##
|
||||
## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints
|
||||
## .. zeek:see:: x509_certificate x509_extension x509_ext_basic_constraints
|
||||
## x509_ext_subject_alternative_name x509_verify
|
||||
## x509_get_certificate_string
|
||||
function x509_parse%(cert: opaque of x509%): X509::Certificate
|
||||
|
|
@ -213,7 +213,7 @@ function x509_parse%(cert: opaque of x509%): X509::Certificate
|
|||
##
|
||||
## Returns: X509 certificate as a string.
|
||||
##
|
||||
## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints
|
||||
## .. zeek:see:: x509_certificate x509_extension x509_ext_basic_constraints
|
||||
## x509_ext_subject_alternative_name x509_parse x509_verify
|
||||
function x509_get_certificate_string%(cert: opaque of x509, pem: bool &default=F%): string
|
||||
%{
|
||||
|
|
@ -249,7 +249,7 @@ function x509_get_certificate_string%(cert: opaque of x509, pem: bool &default=F
|
|||
## Returns: A record of type X509::Result containing the result code of the
|
||||
## verify operation.
|
||||
##
|
||||
## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints
|
||||
## .. zeek:see:: x509_certificate x509_extension x509_ext_basic_constraints
|
||||
## x509_ext_subject_alternative_name x509_parse
|
||||
## x509_get_certificate_string x509_verify
|
||||
function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_certs: table_string_of_string, verify_time: time &default=network_time()%): X509::Result
|
||||
|
|
@ -536,7 +536,7 @@ x509_ocsp_cleanup:
|
|||
## verify operation. In case of success also returns the full
|
||||
## certificate chain.
|
||||
##
|
||||
## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints
|
||||
## .. zeek:see:: x509_certificate x509_extension x509_ext_basic_constraints
|
||||
## x509_ext_subject_alternative_name x509_parse
|
||||
## x509_get_certificate_string x509_ocsp_verify sct_verify
|
||||
function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_string, verify_time: time &default=network_time()%): X509::Result
|
||||
|
|
@ -646,7 +646,7 @@ x509_verify_chainerror:
|
|||
##
|
||||
## Returns: T if the validation could be performed succesfully, F otherwhise.
|
||||
##
|
||||
## .. bro:see:: ssl_extension_signed_certificate_timestamp
|
||||
## .. zeek:see:: ssl_extension_signed_certificate_timestamp
|
||||
## x509_ocsp_ext_signed_certificate_timestamp
|
||||
## x509_verify
|
||||
function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signature: string, timestamp: count, hash_algorithm: count, issuer_key_hash: string &default=""%): bool
|
||||
|
|
@ -876,7 +876,7 @@ StringVal* x509_entity_hash(file_analysis::X509Val *cert_handle, unsigned int ha
|
|||
##
|
||||
## Returns: The hash as a string.
|
||||
##
|
||||
## .. bro:see:: x509_issuer_name_hash x509_spki_hash
|
||||
## .. zeek:see:: x509_issuer_name_hash x509_spki_hash
|
||||
## x509_verify sct_verify
|
||||
function x509_subject_name_hash%(cert: opaque of x509, hash_alg: count%): string
|
||||
%{
|
||||
|
|
@ -894,7 +894,7 @@ function x509_subject_name_hash%(cert: opaque of x509, hash_alg: count%): string
|
|||
##
|
||||
## Returns: The hash as a string.
|
||||
##
|
||||
## .. bro:see:: x509_subject_name_hash x509_spki_hash
|
||||
## .. zeek:see:: x509_subject_name_hash x509_spki_hash
|
||||
## x509_verify sct_verify
|
||||
function x509_issuer_name_hash%(cert: opaque of x509, hash_alg: count%): string
|
||||
%{
|
||||
|
|
@ -912,7 +912,7 @@ function x509_issuer_name_hash%(cert: opaque of x509, hash_alg: count%): string
|
|||
##
|
||||
## Returns: The hash as a string.
|
||||
##
|
||||
## .. bro:see:: x509_subject_name_hash x509_issuer_name_hash
|
||||
## .. zeek:see:: x509_subject_name_hash x509_issuer_name_hash
|
||||
## x509_verify sct_verify
|
||||
function x509_spki_hash%(cert: opaque of x509, hash_alg: count%): string
|
||||
%{
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
##
|
||||
## req: version: the version of the OCSP request. Typically 0 (Version 1).
|
||||
##
|
||||
## .. bro:see:: ocsp_request_certificate ocsp_response_status
|
||||
## .. zeek:see:: ocsp_request_certificate ocsp_response_status
|
||||
## ocsp_response_bytes ocsp_response_certificate ocsp_extension
|
||||
## x509_ocsp_ext_signed_certificate_timestamp
|
||||
event ocsp_request%(f: fa_file, version: count%);
|
||||
|
|
@ -27,7 +27,7 @@ event ocsp_request%(f: fa_file, version: count%);
|
|||
##
|
||||
## serialNumber: Serial number of the certificate for which the status is requested.
|
||||
##
|
||||
## .. bro:see:: ocsp_request ocsp_response_status
|
||||
## .. zeek:see:: ocsp_request ocsp_response_status
|
||||
## ocsp_response_bytes ocsp_response_certificate ocsp_extension
|
||||
## x509_ocsp_ext_signed_certificate_timestamp
|
||||
event ocsp_request_certificate%(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string%);
|
||||
|
|
@ -41,7 +41,7 @@ event ocsp_request_certificate%(f: fa_file, hashAlgorithm: string, issuerNameHas
|
|||
##
|
||||
## status: The status of the OCSP response (e.g. succesful, malformedRequest, tryLater).
|
||||
##
|
||||
## .. bro:see:: ocsp_request ocsp_request_certificate
|
||||
## .. zeek:see:: ocsp_request ocsp_request_certificate
|
||||
## ocsp_response_bytes ocsp_response_certificate ocsp_extension
|
||||
## x509_ocsp_ext_signed_certificate_timestamp
|
||||
event ocsp_response_status%(f: fa_file, status: string%);
|
||||
|
|
@ -68,7 +68,7 @@ event ocsp_response_status%(f: fa_file, status: string%);
|
|||
## certs: Optional list of certificates that are sent with the OCSP response; these typically
|
||||
## are needed to perform validation of the reply.
|
||||
##
|
||||
## .. bro:see:: ocsp_request ocsp_request_certificate ocsp_response_status
|
||||
## .. zeek:see:: ocsp_request ocsp_request_certificate ocsp_response_status
|
||||
## ocsp_response_certificate ocsp_extension
|
||||
## x509_ocsp_ext_signed_certificate_timestamp
|
||||
event ocsp_response_bytes%(f: fa_file, resp_ref: opaque of ocsp_resp, status: string, version: count, responderId: string, producedAt: time, signatureAlgorithm: string, certs: x509_opaque_vector%);
|
||||
|
|
@ -96,7 +96,7 @@ event ocsp_response_bytes%(f: fa_file, resp_ref: opaque of ocsp_resp, status: st
|
|||
##
|
||||
## nextUpdate: Time next response will be ready; 0 if not supploed.
|
||||
##
|
||||
## .. bro:see:: ocsp_request ocsp_request_certificate ocsp_response_status
|
||||
## .. zeek:see:: ocsp_request ocsp_request_certificate ocsp_response_status
|
||||
## ocsp_response_bytes ocsp_extension
|
||||
## x509_ocsp_ext_signed_certificate_timestamp
|
||||
event ocsp_response_certificate%(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string, certStatus: string, revokeTime: time, revokeReason: string, thisUpdate: time, nextUpdate: time%);
|
||||
|
|
@ -111,7 +111,7 @@ event ocsp_response_certificate%(f: fa_file, hashAlgorithm: string, issuerNameHa
|
|||
## global_resp: T if extension encountered in the global response (in ResponseData),
|
||||
## F when encountered in a SingleResponse.
|
||||
##
|
||||
## .. bro:see:: ocsp_request ocsp_request_certificate ocsp_response_status
|
||||
## .. zeek:see:: ocsp_request ocsp_request_certificate ocsp_response_status
|
||||
## ocsp_response_bytes ocsp_response_certificate
|
||||
## x509_ocsp_ext_signed_certificate_timestamp
|
||||
event ocsp_extension%(f: fa_file, ext: X509::Extension, global_resp: bool%);
|
||||
|
|
|
|||
|
|
@ -8,35 +8,35 @@ module Files;
|
|||
|
||||
type AnalyzerArgs: record;
|
||||
|
||||
## :bro:see:`Files::set_timeout_interval`.
|
||||
## :zeek:see:`Files::set_timeout_interval`.
|
||||
function Files::__set_timeout_interval%(file_id: string, t: interval%): bool
|
||||
%{
|
||||
bool result = file_mgr->SetTimeoutInterval(file_id->CheckString(), t);
|
||||
return val_mgr->GetBool(result);
|
||||
%}
|
||||
|
||||
## :bro:see:`Files::enable_reassembly`.
|
||||
## :zeek:see:`Files::enable_reassembly`.
|
||||
function Files::__enable_reassembly%(file_id: string%): bool
|
||||
%{
|
||||
bool result = file_mgr->EnableReassembly(file_id->CheckString());
|
||||
return val_mgr->GetBool(result);
|
||||
%}
|
||||
|
||||
## :bro:see:`Files::disable_reassembly`.
|
||||
## :zeek:see:`Files::disable_reassembly`.
|
||||
function Files::__disable_reassembly%(file_id: string%): bool
|
||||
%{
|
||||
bool result = file_mgr->DisableReassembly(file_id->CheckString());
|
||||
return val_mgr->GetBool(result);
|
||||
%}
|
||||
|
||||
## :bro:see:`Files::set_reassembly_buffer_size`.
|
||||
## :zeek:see:`Files::set_reassembly_buffer_size`.
|
||||
function Files::__set_reassembly_buffer%(file_id: string, max: count%): bool
|
||||
%{
|
||||
bool result = file_mgr->SetReassemblyBuffer(file_id->CheckString(), max);
|
||||
return val_mgr->GetBool(result);
|
||||
%}
|
||||
|
||||
## :bro:see:`Files::add_analyzer`.
|
||||
## :zeek:see:`Files::add_analyzer`.
|
||||
function Files::__add_analyzer%(file_id: string, tag: Files::Tag, args: any%): bool
|
||||
%{
|
||||
using BifType::Record::Files::AnalyzerArgs;
|
||||
|
|
@ -47,7 +47,7 @@ function Files::__add_analyzer%(file_id: string, tag: Files::Tag, args: any%): b
|
|||
return val_mgr->GetBool(result);
|
||||
%}
|
||||
|
||||
## :bro:see:`Files::remove_analyzer`.
|
||||
## :zeek:see:`Files::remove_analyzer`.
|
||||
function Files::__remove_analyzer%(file_id: string, tag: Files::Tag, args: any%): bool
|
||||
%{
|
||||
using BifType::Record::Files::AnalyzerArgs;
|
||||
|
|
@ -58,20 +58,20 @@ function Files::__remove_analyzer%(file_id: string, tag: Files::Tag, args: any%)
|
|||
return val_mgr->GetBool(result);
|
||||
%}
|
||||
|
||||
## :bro:see:`Files::stop`.
|
||||
## :zeek:see:`Files::stop`.
|
||||
function Files::__stop%(file_id: string%): bool
|
||||
%{
|
||||
bool result = file_mgr->IgnoreFile(file_id->CheckString());
|
||||
return val_mgr->GetBool(result);
|
||||
%}
|
||||
|
||||
## :bro:see:`Files::analyzer_name`.
|
||||
## :zeek:see:`Files::analyzer_name`.
|
||||
function Files::__analyzer_name%(tag: Files::Tag%) : string
|
||||
%{
|
||||
return new StringVal(file_mgr->GetComponentName(tag));
|
||||
%}
|
||||
|
||||
## :bro:see:`Files::file_exists`.
|
||||
## :zeek:see:`Files::file_exists`.
|
||||
function Files::__file_exists%(fuid: string%): bool
|
||||
%{
|
||||
if ( file_mgr->LookupFile(fuid->CheckString()) != nullptr )
|
||||
|
|
@ -80,7 +80,7 @@ function Files::__file_exists%(fuid: string%): bool
|
|||
return val_mgr->GetFalse();
|
||||
%}
|
||||
|
||||
## :bro:see:`Files::lookup_file`.
|
||||
## :zeek:see:`Files::lookup_file`.
|
||||
function Files::__lookup_file%(fuid: string%): fa_file
|
||||
%{
|
||||
auto f = file_mgr->LookupFile(fuid->CheckString());
|
||||
|
|
@ -95,14 +95,14 @@ function Files::__lookup_file%(fuid: string%): fa_file
|
|||
|
||||
module GLOBAL;
|
||||
|
||||
## For use within a :bro:see:`get_file_handle` handler to set a unique
|
||||
## For use within a :zeek:see:`get_file_handle` handler to set a unique
|
||||
## identifier to associate with the current input to the file analysis
|
||||
## framework. Using an empty string for the handle signifies that the
|
||||
## input will be ignored/discarded.
|
||||
##
|
||||
## handle: A string that uniquely identifies a file.
|
||||
##
|
||||
## .. bro:see:: get_file_handle
|
||||
## .. zeek:see:: get_file_handle
|
||||
function set_file_handle%(handle: string%): any
|
||||
%{
|
||||
auto bytes = reinterpret_cast<const char*>(handle->Bytes());
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue