Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 16:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Reformat the world

Browse source
This commit is contained in:
Tim Wojtulewicz 2021-09-16 15:35:39 -07:00
parent 194cb24547
commit b2f171ec69
714 changed files with 35149 additions and 35203 deletions
Download patch file Download diff file Expand all files Collapse all files

319
src/input/readers/sqlite/SQLite.cc
View file

@ -1,46 +1,40 @@
// See the file "COPYING" in the main distribution directory for copyright.
#include "zeek/zeek-config.h"
#include "zeek/input/readers/sqlite/SQLite.h"
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include <fstream>
#include <sstream>
#include "zeek/threading/SerialTypes.h"
#include "zeek/input/readers/sqlite/sqlite.bif.h"
#include "zeek/logging/writers/sqlite/sqlite.bif.h"
#include "zeek/logging/writers/ascii/ascii.bif.h"
#include "zeek/logging/writers/sqlite/sqlite.bif.h"
#include "zeek/threading/SerialTypes.h"
#include "zeek/zeek-config.h"
using zeek::threading::Value;
using zeek::threading::Field;
using zeek::threading::Value;
namespace zeek::input::reader::detail {
SQLite::SQLite(ReaderFrontend *frontend)
: ReaderBackend(frontend),
fields(), num_fields(), mode(), started(), query(), db(), st()
namespace zeek::input::reader::detail
{
set_separator.assign(
(const char*) BifConst::LogSQLite::set_separator->Bytes(),
BifConst::InputSQLite::set_separator->Len()
);
unset_field.assign(
(const char*) BifConst::LogSQLite::unset_field->Bytes(),
BifConst::InputSQLite::unset_field->Len()
);
SQLite::SQLite(ReaderFrontend* frontend)
: ReaderBackend(frontend), fields(), num_fields(), mode(), started(), query(), db(), st()
{
set_separator.assign((const char*)BifConst::LogSQLite::set_separator->Bytes(),
BifConst::InputSQLite::set_separator->Len());
empty_field.assign(
(const char*) BifConst::LogAscii::empty_field->Bytes(),
BifConst::InputSQLite::empty_field->Len()
);
unset_field.assign((const char*)BifConst::LogSQLite::unset_field->Bytes(),
BifConst::InputSQLite::unset_field->Len());
io = new threading::formatter::Ascii(this, threading::formatter::Ascii::SeparatorInfo(
std::string(), set_separator, unset_field, empty_field));
empty_field.assign((const char*)BifConst::LogAscii::empty_field->Bytes(),
BifConst::InputSQLite::empty_field->Len());
io = new threading::formatter::Ascii(
this, threading::formatter::Ascii::SeparatorInfo(std::string(), set_separator, unset_field,
empty_field));
}
SQLite::~SQLite()
@ -72,11 +66,13 @@ bool SQLite::checkError(int code)
return false;
}
bool SQLite::DoInit(const ReaderInfo& info, int arg_num_fields, const threading::Field* const* arg_fields)
bool SQLite::DoInit(const ReaderInfo& info, int arg_num_fields,
const threading::Field* const* arg_fields)
{
if ( sqlite3_threadsafe() == 0 )
{
Error("SQLite reports that it is not threadsafe. Zeek needs a threadsafe version of SQLite. Aborting");
Error("SQLite reports that it is not threadsafe. Zeek needs a threadsafe version of "
"SQLite. Aborting");
return false;
}
@ -101,26 +97,22 @@ bool SQLite::DoInit(const ReaderInfo& info, int arg_num_fields, const threading:
ReaderInfo::config_map::const_iterator it = info.config.find("query");
if ( it == info.config.end() )
{
Error(Fmt("No query specified when setting up SQLite data source %s. Aborting.", info.source));
Error(Fmt("No query specified when setting up SQLite data source %s. Aborting.",
info.source));
return false;
}
else
query = it->second;
if ( checkError(sqlite3_open_v2(
fullpath.c_str(),
&db,
SQLITE_OPEN_READWRITE |
SQLITE_OPEN_NOMUTEX
,
NULL)) )
if ( checkError(sqlite3_open_v2(fullpath.c_str(), &db,
SQLITE_OPEN_READWRITE | SQLITE_OPEN_NOMUTEX, NULL)) )
return false;
num_fields = arg_num_fields;
fields = arg_fields;
// create the prepared select statement that we will re-use forever...
if ( checkError(sqlite3_prepare_v2( db, query.c_str(), query.size()+1, &st, NULL )) )
if ( checkError(sqlite3_prepare_v2(db, query.c_str(), query.size() + 1, &st, NULL)) )
{
return false;
}
@ -132,129 +124,129 @@ bool SQLite::DoInit(const ReaderInfo& info, int arg_num_fields, const threading:
// pos = field position
// subpos = subfield position, only used for port-field
Value* SQLite::EntryToVal(sqlite3_stmt *st, const threading::Field *field, int pos, int subpos)
Value* SQLite::EntryToVal(sqlite3_stmt* st, const threading::Field* field, int pos, int subpos)
{
if ( sqlite3_column_type(st, pos ) == SQLITE_NULL )
if ( sqlite3_column_type(st, pos) == SQLITE_NULL )
return new Value(field->type, field->subtype, false);
Value* val = new Value(field->type, true);
switch ( field->type ) {
case TYPE_ENUM:
case TYPE_STRING:
switch ( field->type )
{
const char *text = (const char*) sqlite3_column_text(st, pos);
int length = sqlite3_column_bytes(st, pos);
char *out = new char[length];
memcpy(out, text, length);
val->val.string_val.length = length;
val->val.string_val.data = out;
break;
}
case TYPE_BOOL:
{
if ( sqlite3_column_type(st, pos) != SQLITE_INTEGER )
{
Error("Invalid data type for boolean - expected Integer");
delete val;
return nullptr;
}
int res = sqlite3_column_int(st, pos);
if ( res == 0 || res == 1 )
val->val.int_val = res;
else
{
Error(Fmt("Invalid value for boolean: %d", res));
delete val;
return nullptr;
}
break;
}
case TYPE_INT:
val->val.int_val = sqlite3_column_int64(st, pos);
break;
case TYPE_DOUBLE:
case TYPE_TIME:
case TYPE_INTERVAL:
val->val.double_val = sqlite3_column_double(st, pos);
break;
case TYPE_COUNT:
val->val.uint_val = sqlite3_column_int64(st, pos);
break;
case TYPE_PORT:
{
val->val.port_val.port = sqlite3_column_int(st, pos);
val->val.port_val.proto = TRANSPORT_UNKNOWN;
if ( subpos != -1 )
{
const char *text = (const char*) sqlite3_column_text(st, subpos);
if ( text == 0 )
Error("Port protocol definition did not contain text");
else
case TYPE_ENUM:
case TYPE_STRING:
{
std::string s(text, sqlite3_column_bytes(st, subpos));
val->val.port_val.proto = io->ParseProto(s);
const char* text = (const char*)sqlite3_column_text(st, pos);
int length = sqlite3_column_bytes(st, pos);
char* out = new char[length];
memcpy(out, text, length);
val->val.string_val.length = length;
val->val.string_val.data = out;
break;
}
}
break;
case TYPE_BOOL:
{
if ( sqlite3_column_type(st, pos) != SQLITE_INTEGER )
{
Error("Invalid data type for boolean - expected Integer");
delete val;
return nullptr;
}
int res = sqlite3_column_int(st, pos);
if ( res == 0 || res == 1 )
val->val.int_val = res;
else
{
Error(Fmt("Invalid value for boolean: %d", res));
delete val;
return nullptr;
}
break;
}
case TYPE_INT:
val->val.int_val = sqlite3_column_int64(st, pos);
break;
case TYPE_DOUBLE:
case TYPE_TIME:
case TYPE_INTERVAL:
val->val.double_val = sqlite3_column_double(st, pos);
break;
case TYPE_COUNT:
val->val.uint_val = sqlite3_column_int64(st, pos);
break;
case TYPE_PORT:
{
val->val.port_val.port = sqlite3_column_int(st, pos);
val->val.port_val.proto = TRANSPORT_UNKNOWN;
if ( subpos != -1 )
{
const char* text = (const char*)sqlite3_column_text(st, subpos);
if ( text == 0 )
Error("Port protocol definition did not contain text");
else
{
std::string s(text, sqlite3_column_bytes(st, subpos));
val->val.port_val.proto = io->ParseProto(s);
}
}
break;
}
case TYPE_SUBNET:
{
const char* text = (const char*)sqlite3_column_text(st, pos);
std::string s(text, sqlite3_column_bytes(st, pos));
int pos = s.find('/');
int width = atoi(s.substr(pos + 1).c_str());
std::string addr = s.substr(0, pos);
val->val.subnet_val.prefix = io->ParseAddr(addr);
val->val.subnet_val.length = width;
break;
}
case TYPE_ADDR:
{
const char* text = (const char*)sqlite3_column_text(st, pos);
std::string s(text, sqlite3_column_bytes(st, pos));
val->val.addr_val = io->ParseAddr(s);
break;
}
case TYPE_TABLE:
case TYPE_VECTOR:
{
const char* text = (const char*)sqlite3_column_text(st, pos);
std::string s(text, sqlite3_column_bytes(st, pos));
delete val;
val = io->ParseValue(s, "", field->type, field->subtype);
break;
}
default:
Error(Fmt("unsupported field format %d", field->type));
delete val;
return nullptr;
}
case TYPE_SUBNET:
{
const char *text = (const char*) sqlite3_column_text(st, pos);
std::string s(text, sqlite3_column_bytes(st, pos));
int pos = s.find('/');
int width = atoi(s.substr(pos+1).c_str());
std::string addr = s.substr(0, pos);
val->val.subnet_val.prefix = io->ParseAddr(addr);
val->val.subnet_val.length = width;
break;
}
case TYPE_ADDR:
{
const char *text = (const char*) sqlite3_column_text(st, pos);
std::string s(text, sqlite3_column_bytes(st, pos));
val->val.addr_val = io->ParseAddr(s);
break;
}
case TYPE_TABLE:
case TYPE_VECTOR:
{
const char *text = (const char*) sqlite3_column_text(st, pos);
std::string s(text, sqlite3_column_bytes(st, pos));
delete val;
val = io->ParseValue(s, "", field->type, field->subtype);
break;
}
default:
Error(Fmt("unsupported field format %d", field->type));
delete val;
return nullptr;
}
return val;
}
bool SQLite::DoUpdate()
{
int numcolumns = sqlite3_column_count(st);
int *mapping = new int [num_fields];
int *submapping = new int [num_fields];
int* mapping = new int[num_fields];
int* submapping = new int[num_fields];
// first set them all to -1
for ( unsigned int i = 0; i < num_fields; ++i )
@ -265,7 +257,7 @@ bool SQLite::DoUpdate()
for ( int i = 0; i < numcolumns; ++i )
{
const char *name = sqlite3_column_name(st, i);
const char* name = sqlite3_column_name(st, i);
for ( unsigned j = 0; j < num_fields; j++ )
{
@ -273,23 +265,28 @@ bool SQLite::DoUpdate()
{
if ( mapping[j] != -1 )
{
Error(Fmt("SQLite statement returns several columns with name %s! Cannot decide which to choose, aborting", name));
delete [] mapping;
delete [] submapping;
Error(Fmt("SQLite statement returns several columns with name %s! Cannot "
"decide which to choose, aborting",
name));
delete[] mapping;
delete[] submapping;
return false;
}
mapping[j] = i;
}
if ( fields[j]->secondary_name != nullptr && strcmp(fields[j]->secondary_name, name) == 0 )
if ( fields[j]->secondary_name != nullptr &&
strcmp(fields[j]->secondary_name, name) == 0 )
{
assert(fields[j]->type == TYPE_PORT);
if ( submapping[j] != -1 )
{
Error(Fmt("SQLite statement returns several columns with name %s! Cannot decide which to choose, aborting", name));
delete [] mapping;
delete [] submapping;
Error(Fmt("SQLite statement returns several columns with name %s! Cannot "
"decide which to choose, aborting",
name));
delete[] mapping;
delete[] submapping;
return false;
}
@ -303,18 +300,18 @@ bool SQLite::DoUpdate()
if ( mapping[i] == -1 )
{
Error(Fmt("Required field %s not found after SQLite statement", fields[i]->name));
delete [] mapping;
delete [] submapping;
delete[] mapping;
delete[] submapping;
return false;
}
}
int errorcode;
while ( ( errorcode = sqlite3_step(st)) == SQLITE_ROW )
while ( (errorcode = sqlite3_step(st)) == SQLITE_ROW )
{
Value** ofields = new Value*[num_fields];
for ( unsigned int j = 0; j < num_fields; ++j)
for ( unsigned int j = 0; j < num_fields; ++j )
{
ofields[j] = EntryToVal(st, fields[j], mapping[j], submapping[j]);
if ( ! ofields[j] )
@ -322,9 +319,9 @@ bool SQLite::DoUpdate()
for ( unsigned int k = 0; k < j; ++k )
delete ofields[k];
delete [] ofields;
delete [] mapping;
delete [] submapping;
delete[] ofields;
delete[] mapping;
delete[] submapping;
return false;
}
}
@ -332,8 +329,8 @@ bool SQLite::DoUpdate()
SendEntry(ofields);
}
delete [] mapping;
delete [] submapping;
delete[] mapping;
delete[] submapping;
if ( checkError(errorcode) ) // check the last error code returned by sqlite
return false;
@ -346,4 +343,4 @@ bool SQLite::DoUpdate()
return true;
}
} // namespace zeek::input::reader::detail
} // namespace zeek::input::reader::detail