mirror of
https://github.com/zeek/zeek.git
synced 2025-10-04 15:48:19 +00:00
Merge branch 'intrusive_ptr' of https://github.com/MaxKellermann/zeek
* 'intrusive_ptr' of https://github.com/MaxKellermann/zeek: (32 commits) Scope: store IntrusivePtr in `local` Scope: pass IntrusivePtr to AddInit() DNS_Mgr: use class IntrusivePtr Scope: use class IntrusivePtr Attr: use class IntrusivePtr Expr: check_and_promote_expr() returns IntrusivePtr Frame: use class IntrusivePtr Val: RecordVal::LookupWithDefault() returns IntrusivePtr Type: RecordType::FieldDefault() returns IntrusivePtr Val: TableVal::Delete() returns IntrusivePtr Type: base_type() returns IntrusivePtr Type: init_type() returns IntrusivePtr Type: merge_types() returns IntrusivePtr Type: use class IntrusivePtr in VectorType Type: use class IntrusivePtr in EnumType Type: use class IntrusivePtr in FileType Type: use class IntrusivePtr in TypeDecl Type: make TypeDecl `final` and the dtor non-`virtual` Type: use class IntrusivePtr in TypeType Type: use class IntrusivePtr in FuncType ...
This commit is contained in:
Jon Siwek
commit
b62727a7fa
108 changed files with 1737 additions and 2067 deletions
|
|
@ -21,8 +21,8 @@ static void analyzer_del_func(void* v)
|
|||
AnalyzerSet::AnalyzerSet(File* arg_file) : file(arg_file)
|
||||
{
|
||||
auto t = make_intrusive<TypeList>();
|
||||
t->Append(file_mgr->GetTagEnumType()->Ref());
|
||||
t->Append(BifType::Record::Files::AnalyzerArgs->Ref());
|
||||
t->Append({NewRef{}, file_mgr->GetTagEnumType()});
|
||||
t->Append({NewRef{}, BifType::Record::Files::AnalyzerArgs});
|
||||
analyzer_hash = new CompositeHash(std::move(t));
|
||||
analyzer_map.SetDeleteFunc(analyzer_del_func);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,20 +23,19 @@ using namespace file_analysis;
|
|||
|
||||
static Val* empty_connection_table()
|
||||
{
|
||||
TypeList* tbl_index = new TypeList(conn_id);
|
||||
tbl_index->Append(conn_id->Ref());
|
||||
TableType* tbl_type = new TableType(tbl_index, connection_type->Ref());
|
||||
Val* rval = new TableVal(tbl_type);
|
||||
Unref(tbl_type);
|
||||
return rval;
|
||||
auto tbl_index = make_intrusive<TypeList>(IntrusivePtr{NewRef{}, conn_id});
|
||||
tbl_index->Append({NewRef{}, conn_id});
|
||||
auto tbl_type = make_intrusive<TableType>(std::move(tbl_index),
|
||||
IntrusivePtr{NewRef{}, connection_type});
|
||||
return new TableVal(std::move(tbl_type));
|
||||
}
|
||||
|
||||
static RecordVal* get_conn_id_val(const Connection* conn)
|
||||
{
|
||||
RecordVal* v = new RecordVal(conn_id);
|
||||
v->Assign(0, new AddrVal(conn->OrigAddr()));
|
||||
v->Assign(0, make_intrusive<AddrVal>(conn->OrigAddr()));
|
||||
v->Assign(1, val_mgr->GetPort(ntohs(conn->OrigPort()), conn->ConnTransport()));
|
||||
v->Assign(2, new AddrVal(conn->RespAddr()));
|
||||
v->Assign(2, make_intrusive<AddrVal>(conn->RespAddr()));
|
||||
v->Assign(3, val_mgr->GetPort(ntohs(conn->RespPort()), conn->ConnTransport()));
|
||||
return v;
|
||||
}
|
||||
|
|
@ -93,7 +92,7 @@ File::File(const string& file_id, const string& source_name, Connection* conn,
|
|||
DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Creating new File object", file_id.c_str());
|
||||
|
||||
val = new RecordVal(fa_file_type);
|
||||
val->Assign(id_idx, new StringVal(file_id.c_str()));
|
||||
val->Assign(id_idx, make_intrusive<StringVal>(file_id.c_str()));
|
||||
SetSource(source_name);
|
||||
|
||||
if ( conn )
|
||||
|
|
@ -117,7 +116,7 @@ File::~File()
|
|||
|
||||
void File::UpdateLastActivityTime()
|
||||
{
|
||||
val->Assign(last_active_idx, new Val(network_time, TYPE_TIME));
|
||||
val->Assign(last_active_idx, make_intrusive<Val>(network_time, TYPE_TIME));
|
||||
}
|
||||
|
||||
double File::GetLastActivityTime() const
|
||||
|
|
@ -165,18 +164,14 @@ void File::RaiseFileOverNewConnection(Connection* conn, bool is_orig)
|
|||
|
||||
uint64_t File::LookupFieldDefaultCount(int idx) const
|
||||
{
|
||||
Val* v = val->LookupWithDefault(idx);
|
||||
uint64_t rval = v->AsCount();
|
||||
Unref(v);
|
||||
return rval;
|
||||
auto v = val->LookupWithDefault(idx);
|
||||
return v->AsCount();
|
||||
}
|
||||
|
||||
double File::LookupFieldDefaultInterval(int idx) const
|
||||
{
|
||||
Val* v = val->LookupWithDefault(idx);
|
||||
double rval = v->AsInterval();
|
||||
Unref(v);
|
||||
return rval;
|
||||
auto v = val->LookupWithDefault(idx);
|
||||
return v->AsInterval();
|
||||
}
|
||||
|
||||
int File::Idx(const string& field, const RecordType* type)
|
||||
|
|
@ -199,7 +194,7 @@ string File::GetSource() const
|
|||
|
||||
void File::SetSource(const string& source)
|
||||
{
|
||||
val->Assign(source_idx, new StringVal(source.c_str()));
|
||||
val->Assign(source_idx, make_intrusive<StringVal>(source.c_str()));
|
||||
}
|
||||
|
||||
double File::GetTimeoutInterval() const
|
||||
|
|
@ -209,7 +204,7 @@ double File::GetTimeoutInterval() const
|
|||
|
||||
void File::SetTimeoutInterval(double interval)
|
||||
{
|
||||
val->Assign(timeout_interval_idx, new Val(interval, TYPE_INTERVAL));
|
||||
val->Assign(timeout_interval_idx, make_intrusive<Val>(interval, TYPE_INTERVAL));
|
||||
}
|
||||
|
||||
bool File::SetExtractionLimit(RecordVal* args, uint64_t bytes)
|
||||
|
|
@ -305,7 +300,7 @@ bool File::SetMime(const string& mime_type)
|
|||
return false;
|
||||
|
||||
RecordVal* meta = new RecordVal(fa_metadata_type);
|
||||
meta->Assign(meta_mime_type_idx, new StringVal(mime_type));
|
||||
meta->Assign(meta_mime_type_idx, make_intrusive<StringVal>(mime_type));
|
||||
meta->Assign(meta_inferred_idx, val_mgr->GetBool(0));
|
||||
|
||||
FileEvent(file_sniff, {val->Ref(), meta});
|
||||
|
|
@ -369,7 +364,7 @@ bool File::BufferBOF(const u_char* data, uint64_t len)
|
|||
if ( bof_buffer.size > 0 )
|
||||
{
|
||||
BroString* bs = concatenate(bof_buffer.chunks);
|
||||
val->Assign(bof_buffer_idx, new StringVal(bs));
|
||||
val->Assign(bof_buffer_idx, make_intrusive<StringVal>(bs));
|
||||
}
|
||||
|
||||
return false;
|
||||
|
|
|
|||
|
|
@ -449,16 +449,13 @@ bool Manager::IsDisabled(const analyzer::Tag& tag)
|
|||
disabled = internal_const_val("Files::disable")->AsTableVal();
|
||||
|
||||
Val* index = val_mgr->GetCount(bool(tag));
|
||||
Val* yield = disabled->Lookup(index);
|
||||
auto yield = disabled->Lookup(index);
|
||||
Unref(index);
|
||||
|
||||
if ( ! yield )
|
||||
return false;
|
||||
|
||||
bool rval = yield->AsBool();
|
||||
Unref(yield);
|
||||
|
||||
return rval;
|
||||
return yield->AsBool();
|
||||
}
|
||||
|
||||
Analyzer* Manager::InstantiateAnalyzer(const Tag& tag, RecordVal* args, File* f) const
|
||||
|
|
@ -528,7 +525,7 @@ VectorVal* file_analysis::GenMIMEMatchesVal(const RuleMatcher::MIME_Matches& m)
|
|||
it2 != it->second.end(); ++it2 )
|
||||
{
|
||||
element->Assign(0, val_mgr->GetInt(it->first));
|
||||
element->Assign(1, new StringVal(*it2));
|
||||
element->Assign(1, make_intrusive<StringVal>(*it2));
|
||||
}
|
||||
|
||||
rval->Assign(rval->Size(), element);
|
||||
|
|
|
|||
|
|
@ -21,8 +21,8 @@ DataEvent::DataEvent(RecordVal* args, File* file,
|
|||
|
||||
file_analysis::Analyzer* DataEvent::Instantiate(RecordVal* args, File* file)
|
||||
{
|
||||
Val* chunk_val = args->Lookup("chunk_event");
|
||||
Val* stream_val = args->Lookup("stream_event");
|
||||
auto chunk_val = args->Lookup("chunk_event");
|
||||
auto stream_val = args->Lookup("stream_event");
|
||||
|
||||
if ( ! chunk_val && ! stream_val ) return 0;
|
||||
|
||||
|
|
|
|||
|
|
@ -61,11 +61,11 @@ void Entropy::Finalize()
|
|||
entropy->Get(&ent, &chisq, &mean, &montepi, &scc);
|
||||
|
||||
RecordVal* ent_result = new RecordVal(entropy_test_result);
|
||||
ent_result->Assign(0, new Val(ent, TYPE_DOUBLE));
|
||||
ent_result->Assign(1, new Val(chisq, TYPE_DOUBLE));
|
||||
ent_result->Assign(2, new Val(mean, TYPE_DOUBLE));
|
||||
ent_result->Assign(3, new Val(montepi, TYPE_DOUBLE));
|
||||
ent_result->Assign(4, new Val(scc, TYPE_DOUBLE));
|
||||
ent_result->Assign(0, make_intrusive<Val>(ent, TYPE_DOUBLE));
|
||||
ent_result->Assign(1, make_intrusive<Val>(chisq, TYPE_DOUBLE));
|
||||
ent_result->Assign(2, make_intrusive<Val>(mean, TYPE_DOUBLE));
|
||||
ent_result->Assign(3, make_intrusive<Val>(montepi, TYPE_DOUBLE));
|
||||
ent_result->Assign(4, make_intrusive<Val>(scc, TYPE_DOUBLE));
|
||||
|
||||
mgr.QueueEventFast(file_entropy, {
|
||||
GetFile()->GetVal()->Ref(),
|
||||
|
|
|
|||
|
|
@ -32,9 +32,9 @@ Extract::~Extract()
|
|||
safe_close(fd);
|
||||
}
|
||||
|
||||
static Val* get_extract_field_val(RecordVal* args, const char* name)
|
||||
static IntrusivePtr<Val> get_extract_field_val(RecordVal* args, const char* name)
|
||||
{
|
||||
Val* rval = args->Lookup(name);
|
||||
auto rval = args->Lookup(name);
|
||||
|
||||
if ( ! rval )
|
||||
reporter->Error("File extraction analyzer missing arg field: %s", name);
|
||||
|
|
@ -44,8 +44,8 @@ static Val* get_extract_field_val(RecordVal* args, const char* name)
|
|||
|
||||
file_analysis::Analyzer* Extract::Instantiate(RecordVal* args, File* file)
|
||||
{
|
||||
Val* fname = get_extract_field_val(args, "extract_filename");
|
||||
Val* limit = get_extract_field_val(args, "extract_limit");
|
||||
auto fname = get_extract_field_val(args, "extract_filename");
|
||||
auto limit = get_extract_field_val(args, "extract_limit");
|
||||
|
||||
if ( ! fname || ! limit )
|
||||
return 0;
|
||||
|
|
|
|||
|
|
@ -9,12 +9,11 @@ module FileExtract;
|
|||
|
||||
## :zeek:see:`FileExtract::set_limit`.
|
||||
function FileExtract::__set_limit%(file_id: string, args: any, n: count%): bool
|
||||
%{
|
||||
%{
|
||||
using BifType::Record::Files::AnalyzerArgs;
|
||||
RecordVal* rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs);
|
||||
bool result = file_mgr->SetExtractionLimit(file_id->CheckString(), rv, n);
|
||||
Unref(rv);
|
||||
return val_mgr->GetBool(result);
|
||||
%}
|
||||
auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs);
|
||||
bool result = file_mgr->SetExtractionLimit(file_id->CheckString(), rv.get(), n);
|
||||
return val_mgr->GetBool(result);
|
||||
%}
|
||||
|
||||
module GLOBAL;
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ refine flow File += {
|
|||
function characteristics_to_bro(c: uint32, len: uint8): TableVal
|
||||
%{
|
||||
uint64 mask = (len==16) ? 0xFFFF : 0xFFFFFFFF;
|
||||
TableVal* char_set = new TableVal(internal_type("count_set")->AsTableType());
|
||||
TableVal* char_set = new TableVal({NewRef{}, internal_type("count_set")->AsTableType()});
|
||||
for ( uint16 i=0; i < len; ++i )
|
||||
{
|
||||
if ( ((c >> i) & 0x1) == 1 )
|
||||
|
|
@ -43,7 +43,7 @@ refine flow File += {
|
|||
if ( pe_dos_header )
|
||||
{
|
||||
RecordVal* dh = new RecordVal(BifType::Record::PE::DOSHeader);
|
||||
dh->Assign(0, new StringVal(${h.signature}.length(), (const char*) ${h.signature}.data()));
|
||||
dh->Assign(0, make_intrusive<StringVal>(${h.signature}.length(), (const char*) ${h.signature}.data()));
|
||||
dh->Assign(1, val_mgr->GetCount(${h.UsedBytesInTheLastPage}));
|
||||
dh->Assign(2, val_mgr->GetCount(${h.FileSizeInPages}));
|
||||
dh->Assign(3, val_mgr->GetCount(${h.NumberOfRelocationItems}));
|
||||
|
|
@ -97,7 +97,7 @@ refine flow File += {
|
|||
{
|
||||
RecordVal* fh = new RecordVal(BifType::Record::PE::FileHeader);
|
||||
fh->Assign(0, val_mgr->GetCount(${h.Machine}));
|
||||
fh->Assign(1, new Val(static_cast<double>(${h.TimeDateStamp}), TYPE_TIME));
|
||||
fh->Assign(1, make_intrusive<Val>(static_cast<double>(${h.TimeDateStamp}), TYPE_TIME));
|
||||
fh->Assign(2, val_mgr->GetCount(${h.PointerToSymbolTable}));
|
||||
fh->Assign(3, val_mgr->GetCount(${h.NumberOfSymbols}));
|
||||
fh->Assign(4, val_mgr->GetCount(${h.SizeOfOptionalHeader}));
|
||||
|
|
@ -176,7 +176,7 @@ refine flow File += {
|
|||
name_len = ${h.name}.length();
|
||||
else
|
||||
name_len = first_null - ${h.name}.data();
|
||||
section_header->Assign(0, new StringVal(name_len, (const char*) ${h.name}.data()));
|
||||
section_header->Assign(0, make_intrusive<StringVal>(name_len, (const char*) ${h.name}.data()));
|
||||
|
||||
section_header->Assign(1, val_mgr->GetCount(${h.virtual_size}));
|
||||
section_header->Assign(2, val_mgr->GetCount(${h.virtual_addr}));
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ refine flow Flow += {
|
|||
RecordVal* ids_event = new RecordVal(BifType::Record::Unified2::IDSEvent);
|
||||
ids_event->Assign(0, val_mgr->GetCount(${ev.sensor_id}));
|
||||
ids_event->Assign(1, val_mgr->GetCount(${ev.event_id}));
|
||||
ids_event->Assign(2, new Val(ts_to_double(${ev.ts}), TYPE_TIME));
|
||||
ids_event->Assign(2, make_intrusive<Val>(ts_to_double(${ev.ts}), TYPE_TIME));
|
||||
ids_event->Assign(3, val_mgr->GetCount(${ev.signature_id}));
|
||||
ids_event->Assign(4, val_mgr->GetCount(${ev.generator_id}));
|
||||
ids_event->Assign(5, val_mgr->GetCount(${ev.signature_revision}));
|
||||
|
|
@ -97,7 +97,7 @@ refine flow Flow += {
|
|||
RecordVal* ids_event = new RecordVal(BifType::Record::Unified2::IDSEvent);
|
||||
ids_event->Assign(0, val_mgr->GetCount(${ev.sensor_id}));
|
||||
ids_event->Assign(1, val_mgr->GetCount(${ev.event_id}));
|
||||
ids_event->Assign(2, new Val(ts_to_double(${ev.ts}), TYPE_TIME));
|
||||
ids_event->Assign(2, make_intrusive<Val>(ts_to_double(${ev.ts}), TYPE_TIME));
|
||||
ids_event->Assign(3, val_mgr->GetCount(${ev.signature_id}));
|
||||
ids_event->Assign(4, val_mgr->GetCount(${ev.generator_id}));
|
||||
ids_event->Assign(5, val_mgr->GetCount(${ev.signature_revision}));
|
||||
|
|
@ -131,7 +131,7 @@ refine flow Flow += {
|
|||
packet->Assign(0, val_mgr->GetCount(${pkt.sensor_id}));
|
||||
packet->Assign(1, val_mgr->GetCount(${pkt.event_id}));
|
||||
packet->Assign(2, val_mgr->GetCount(${pkt.event_second}));
|
||||
packet->Assign(3, new Val(ts_to_double(${pkt.packet_ts}), TYPE_TIME));
|
||||
packet->Assign(3, make_intrusive<Val>(ts_to_double(${pkt.packet_ts}), TYPE_TIME));
|
||||
packet->Assign(4, val_mgr->GetCount(${pkt.link_type}));
|
||||
packet->Assign(5, bytestring_to_val(${pkt.packet_data}));
|
||||
|
||||
|
|
|
|||
|
|
@ -32,9 +32,9 @@ using namespace file_analysis;
|
|||
|
||||
#define OCSP_STRING_BUF_SIZE 2048
|
||||
|
||||
static Val* get_ocsp_type(RecordVal* args, const char* name)
|
||||
static IntrusivePtr<Val> get_ocsp_type(RecordVal* args, const char* name)
|
||||
{
|
||||
Val* rval = args->Lookup(name);
|
||||
auto rval = args->Lookup(name);
|
||||
|
||||
if ( ! rval )
|
||||
reporter->Error("File extraction analyzer missing arg field: %s", name);
|
||||
|
|
@ -624,7 +624,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
|
|||
|
||||
//i2a_ASN1_OBJECT(bio, basic_resp->signature);
|
||||
//len = BIO_read(bio, buf, sizeof(buf));
|
||||
//ocsp_resp_record->Assign(7, new StringVal(len, buf));
|
||||
//ocsp_resp_record->Assign(7, make_intrusive<StringVal>(len, buf));
|
||||
//BIO_reset(bio);
|
||||
|
||||
certs_vector = new VectorVal(internal_type("x509_opaque_vector")->AsVectorType());
|
||||
|
|
@ -644,7 +644,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
|
|||
::X509 *this_cert = X509_dup(helper_sk_X509_value(certs, i));
|
||||
//::X509 *this_cert = X509_dup(sk_X509_value(certs, i));
|
||||
if (this_cert)
|
||||
certs_vector->Assign(i, new file_analysis::X509Val(this_cert));
|
||||
certs_vector->Assign(i, make_intrusive<file_analysis::X509Val>(this_cert));
|
||||
else
|
||||
reporter->Weird("OpenSSL returned null certificate");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ bool file_analysis::X509::EndOfFile()
|
|||
hash_final(ctx, buf);
|
||||
std::string cert_sha256 = sha256_digest_print(buf);
|
||||
auto index = make_intrusive<StringVal>(cert_sha256);
|
||||
auto* entry = certificate_cache->Lookup(index.get(), false);
|
||||
auto entry = certificate_cache->Lookup(index.get(), false);
|
||||
if ( entry )
|
||||
// in this case, the certificate is in the cache and we do not
|
||||
// do any further processing here. However, if there is a callback, we execute it.
|
||||
|
|
@ -62,9 +62,9 @@ bool file_analysis::X509::EndOfFile()
|
|||
|
||||
val_list vl(3);
|
||||
vl.push_back(GetFile()->GetVal()->Ref());
|
||||
vl.push_back(entry->Ref());
|
||||
vl.push_back(entry.release());
|
||||
vl.push_back(new StringVal(cert_sha256));
|
||||
IntrusivePtr<Val> v{AdoptRef{}, cache_hit_callback->Call(&vl)};
|
||||
cache_hit_callback->Call(&vl);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -126,12 +126,12 @@ RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val, File* f)
|
|||
pX509Cert->Assign(0, val_mgr->GetCount((uint64_t) X509_get_version(ssl_cert) + 1));
|
||||
i2a_ASN1_INTEGER(bio, X509_get_serialNumber(ssl_cert));
|
||||
int len = BIO_read(bio, buf, sizeof(buf));
|
||||
pX509Cert->Assign(1, new StringVal(len, buf));
|
||||
pX509Cert->Assign(1, make_intrusive<StringVal>(len, buf));
|
||||
BIO_reset(bio);
|
||||
|
||||
X509_NAME_print_ex(bio, X509_get_subject_name(ssl_cert), 0, XN_FLAG_RFC2253);
|
||||
len = BIO_gets(bio, buf, sizeof(buf));
|
||||
pX509Cert->Assign(2, new StringVal(len, buf));
|
||||
pX509Cert->Assign(2, make_intrusive<StringVal>(len, buf));
|
||||
BIO_reset(bio);
|
||||
|
||||
X509_NAME *subject_name = X509_get_subject_name(ssl_cert);
|
||||
|
|
@ -151,17 +151,17 @@ RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val, File* f)
|
|||
// we found a common name
|
||||
ASN1_STRING_print(bio, X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subject_name, namepos)));
|
||||
len = BIO_gets(bio, buf, sizeof(buf));
|
||||
pX509Cert->Assign(4, new StringVal(len, buf));
|
||||
pX509Cert->Assign(4, make_intrusive<StringVal>(len, buf));
|
||||
BIO_reset(bio);
|
||||
}
|
||||
|
||||
X509_NAME_print_ex(bio, X509_get_issuer_name(ssl_cert), 0, XN_FLAG_RFC2253);
|
||||
len = BIO_gets(bio, buf, sizeof(buf));
|
||||
pX509Cert->Assign(3, new StringVal(len, buf));
|
||||
pX509Cert->Assign(3, make_intrusive<StringVal>(len, buf));
|
||||
BIO_free(bio);
|
||||
|
||||
pX509Cert->Assign(5, new Val(GetTimeFromAsn1(X509_get_notBefore(ssl_cert), f, reporter), TYPE_TIME));
|
||||
pX509Cert->Assign(6, new Val(GetTimeFromAsn1(X509_get_notAfter(ssl_cert), f, reporter), TYPE_TIME));
|
||||
pX509Cert->Assign(5, make_intrusive<Val>(GetTimeFromAsn1(X509_get_notBefore(ssl_cert), f, reporter), TYPE_TIME));
|
||||
pX509Cert->Assign(6, make_intrusive<Val>(GetTimeFromAsn1(X509_get_notAfter(ssl_cert), f, reporter), TYPE_TIME));
|
||||
|
||||
// we only read 255 bytes because byte 256 is always 0.
|
||||
// if the string is longer than 255, that will be our null-termination,
|
||||
|
|
@ -171,7 +171,7 @@ RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val, File* f)
|
|||
if ( ! i2t_ASN1_OBJECT(buf, 255, algorithm) )
|
||||
buf[0] = 0;
|
||||
|
||||
pX509Cert->Assign(7, new StringVal(buf));
|
||||
pX509Cert->Assign(7, make_intrusive<StringVal>(buf));
|
||||
|
||||
// Special case for RDP server certificates. For some reason some (all?) RDP server
|
||||
// certificates like to specify their key algorithm as md5WithRSAEncryption, which
|
||||
|
|
@ -193,25 +193,25 @@ RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val, File* f)
|
|||
if ( ! i2t_ASN1_OBJECT(buf, 255, OBJ_nid2obj(X509_get_signature_nid(ssl_cert))) )
|
||||
buf[0] = 0;
|
||||
|
||||
pX509Cert->Assign(8, new StringVal(buf));
|
||||
pX509Cert->Assign(8, make_intrusive<StringVal>(buf));
|
||||
|
||||
// Things we can do when we have the key...
|
||||
EVP_PKEY *pkey = X509_extract_key(ssl_cert);
|
||||
if ( pkey != NULL )
|
||||
{
|
||||
if ( EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA )
|
||||
pX509Cert->Assign(9, new StringVal("dsa"));
|
||||
pX509Cert->Assign(9, make_intrusive<StringVal>("dsa"));
|
||||
|
||||
else if ( EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA )
|
||||
{
|
||||
pX509Cert->Assign(9, new StringVal("rsa"));
|
||||
pX509Cert->Assign(9, make_intrusive<StringVal>("rsa"));
|
||||
|
||||
const BIGNUM *e;
|
||||
RSA_get0_key(EVP_PKEY_get0_RSA(pkey), NULL, &e, NULL);
|
||||
char *exponent = BN_bn2dec(e);
|
||||
if ( exponent != NULL )
|
||||
{
|
||||
pX509Cert->Assign(11, new StringVal(exponent));
|
||||
pX509Cert->Assign(11, make_intrusive<StringVal>(exponent));
|
||||
OPENSSL_free(exponent);
|
||||
exponent = NULL;
|
||||
}
|
||||
|
|
@ -219,7 +219,7 @@ RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val, File* f)
|
|||
#ifndef OPENSSL_NO_EC
|
||||
else if ( EVP_PKEY_base_id(pkey) == EVP_PKEY_EC )
|
||||
{
|
||||
pX509Cert->Assign(9, new StringVal("ecdsa"));
|
||||
pX509Cert->Assign(9, make_intrusive<StringVal>("ecdsa"));
|
||||
pX509Cert->Assign(12, KeyCurve(pkey));
|
||||
}
|
||||
#endif
|
||||
|
|
@ -401,10 +401,10 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
|
|||
uint32_t* addr = (uint32_t*) gen->d.ip->data;
|
||||
|
||||
if( gen->d.ip->length == 4 )
|
||||
ips->Assign(ips->Size(), new AddrVal(*addr));
|
||||
ips->Assign(ips->Size(), make_intrusive<AddrVal>(*addr));
|
||||
|
||||
else if ( gen->d.ip->length == 16 )
|
||||
ips->Assign(ips->Size(), new AddrVal(addr));
|
||||
ips->Assign(ips->Size(), make_intrusive<AddrVal>(addr));
|
||||
|
||||
else
|
||||
{
|
||||
|
|
@ -545,9 +545,9 @@ X509Val::~X509Val()
|
|||
X509_free(certificate);
|
||||
}
|
||||
|
||||
Val* X509Val::DoClone(CloneState* state)
|
||||
IntrusivePtr<Val> X509Val::DoClone(CloneState* state)
|
||||
{
|
||||
auto copy = new X509Val();
|
||||
auto copy = make_intrusive<X509Val>();
|
||||
if ( certificate )
|
||||
copy->certificate = X509_dup(certificate);
|
||||
|
||||
|
|
|
|||
|
|
@ -169,7 +169,7 @@ public:
|
|||
*
|
||||
* @return A cloned X509Val.
|
||||
*/
|
||||
Val* DoClone(CloneState* state) override;
|
||||
IntrusivePtr<Val> DoClone(CloneState* state) override;
|
||||
|
||||
/**
|
||||
* Destructor.
|
||||
|
|
|
|||
|
|
@ -263,12 +263,12 @@ void file_analysis::X509Common::ParseExtension(X509_EXTENSION* ex, const EventHa
|
|||
ext_val = new StringVal(0, "");
|
||||
|
||||
RecordVal* pX509Ext = new RecordVal(BifType::Record::X509::Extension);
|
||||
pX509Ext->Assign(0, new StringVal(name));
|
||||
pX509Ext->Assign(0, make_intrusive<StringVal>(name));
|
||||
|
||||
if ( short_name and strlen(short_name) > 0 )
|
||||
pX509Ext->Assign(1, new StringVal(short_name));
|
||||
pX509Ext->Assign(1, make_intrusive<StringVal>(short_name));
|
||||
|
||||
pX509Ext->Assign(2, new StringVal(oid));
|
||||
pX509Ext->Assign(2, make_intrusive<StringVal>(oid));
|
||||
pX509Ext->Assign(3, val_mgr->GetBool(critical));
|
||||
pX509Ext->Assign(4, ext_val);
|
||||
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ RecordVal* x509_result_record(uint64_t num, const char* reason, Val* chainVector
|
|||
RecordVal* rrecord = new RecordVal(BifType::Record::X509::Result);
|
||||
|
||||
rrecord->Assign(0, val_mgr->GetInt(num));
|
||||
rrecord->Assign(1, new StringVal(reason));
|
||||
rrecord->Assign(1, make_intrusive<StringVal>(reason));
|
||||
if ( chainVector )
|
||||
rrecord->Assign(2, chainVector);
|
||||
|
||||
|
|
@ -564,7 +564,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str
|
|||
|
||||
if ( currcert )
|
||||
// X509Val takes ownership of currcert.
|
||||
chainVector->Assign(i, new file_analysis::X509Val(currcert));
|
||||
chainVector->Assign(i, make_intrusive<file_analysis::X509Val>(currcert));
|
||||
else
|
||||
{
|
||||
reporter->InternalWarning("OpenSSL returned null certificate");
|
||||
|
|
|
|||
|
|
@ -42,10 +42,9 @@ function Files::__set_reassembly_buffer%(file_id: string, max: count%): bool
|
|||
function Files::__add_analyzer%(file_id: string, tag: Files::Tag, args: any%): bool
|
||||
%{
|
||||
using BifType::Record::Files::AnalyzerArgs;
|
||||
RecordVal* rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs);
|
||||
auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs);
|
||||
bool result = file_mgr->AddAnalyzer(file_id->CheckString(),
|
||||
file_mgr->GetComponentTag(tag), rv);
|
||||
Unref(rv);
|
||||
file_mgr->GetComponentTag(tag), rv.get());
|
||||
return val_mgr->GetBool(result);
|
||||
%}
|
||||
|
||||
|
|
@ -53,10 +52,9 @@ function Files::__add_analyzer%(file_id: string, tag: Files::Tag, args: any%): b
|
|||
function Files::__remove_analyzer%(file_id: string, tag: Files::Tag, args: any%): bool
|
||||
%{
|
||||
using BifType::Record::Files::AnalyzerArgs;
|
||||
RecordVal* rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs);
|
||||
auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs);
|
||||
bool result = file_mgr->RemoveAnalyzer(file_id->CheckString(),
|
||||
file_mgr->GetComponentTag(tag) , rv);
|
||||
Unref(rv);
|
||||
file_mgr->GetComponentTag(tag) , rv.get());
|
||||
return val_mgr->GetBool(result);
|
||||
%}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue