mirror of
https://github.com/zeek/zeek.git
synced 2025-10-07 00:58:19 +00:00
Merge remote-tracking branch 'origin/master' into topic/robin/dynamic-plugins-2.3
(Never good to name a branch after version anticipated to include it ...)
This commit is contained in:
Robin Sommer
commit
bbd409d274
542 changed files with 18136 additions and 5621 deletions
|
|
@ -11,6 +11,7 @@
|
|||
#include "Val.h"
|
||||
#include "Type.h"
|
||||
#include "Event.h"
|
||||
#include "RuleMatcher.h"
|
||||
|
||||
#include "analyzer/Analyzer.h"
|
||||
#include "analyzer/Manager.h"
|
||||
|
|
@ -53,6 +54,7 @@ int File::timeout_interval_idx = -1;
|
|||
int File::bof_buffer_size_idx = -1;
|
||||
int File::bof_buffer_idx = -1;
|
||||
int File::mime_type_idx = -1;
|
||||
int File::mime_types_idx = -1;
|
||||
|
||||
void File::StaticInit()
|
||||
{
|
||||
|
|
@ -73,6 +75,7 @@ void File::StaticInit()
|
|||
bof_buffer_size_idx = Idx("bof_buffer_size");
|
||||
bof_buffer_idx = Idx("bof_buffer");
|
||||
mime_type_idx = Idx("mime_type");
|
||||
mime_types_idx = Idx("mime_types");
|
||||
}
|
||||
|
||||
File::File(const string& file_id, Connection* conn, analyzer::Tag tag,
|
||||
|
|
@ -104,7 +107,6 @@ File::~File()
|
|||
DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Destroying File object", id.c_str());
|
||||
Unref(val);
|
||||
|
||||
// Queue may not be empty in the case where only content gaps were seen.
|
||||
while ( ! fonc_queue.empty() )
|
||||
{
|
||||
delete_vals(fonc_queue.front().second);
|
||||
|
|
@ -288,20 +290,16 @@ bool File::BufferBOF(const u_char* data, uint64 len)
|
|||
|
||||
bool File::DetectMIME(const u_char* data, uint64 len)
|
||||
{
|
||||
const char* mime = bro_magic_buffer(magic_mime_cookie, data, len);
|
||||
RuleMatcher::MIME_Matches matches;
|
||||
len = min(len, LookupFieldDefaultCount(bof_buffer_size_idx));
|
||||
file_mgr->DetectMIME(data, len, &matches);
|
||||
|
||||
if ( mime )
|
||||
{
|
||||
// strip off charset
|
||||
const char* mime_end = strchr(mime, ';');
|
||||
if ( matches.empty() )
|
||||
return false;
|
||||
|
||||
StringVal* mime_val = mime_end ?
|
||||
new StringVal(mime_end - mime, mime) :
|
||||
new StringVal(mime);
|
||||
|
||||
val->Assign(mime_type_idx, mime_val);
|
||||
DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Detected MIME type %s", id.c_str(), mime_val->CheckString());
|
||||
}
|
||||
val->Assign(mime_type_idx,
|
||||
new StringVal(*(matches.begin()->second.begin())));
|
||||
val->Assign(mime_types_idx, file_analysis::GenMIMEMatchesVal(matches));
|
||||
|
||||
return true;
|
||||
}
|
||||
|
|
@ -484,20 +482,27 @@ void File::FileEvent(EventHandlerPtr h)
|
|||
FileEvent(h, vl);
|
||||
}
|
||||
|
||||
static void flush_file_event_queue(queue<pair<EventHandlerPtr, val_list*> >& q)
|
||||
{
|
||||
while ( ! q.empty() )
|
||||
{
|
||||
pair<EventHandlerPtr, val_list*> p = q.front();
|
||||
mgr.QueueEvent(p.first, p.second);
|
||||
q.pop();
|
||||
}
|
||||
}
|
||||
|
||||
void File::FileEvent(EventHandlerPtr h, val_list* vl)
|
||||
{
|
||||
if ( h == file_state_remove )
|
||||
flush_file_event_queue(fonc_queue);
|
||||
|
||||
mgr.QueueEvent(h, vl);
|
||||
|
||||
if ( h == file_new )
|
||||
{
|
||||
did_file_new_event = true;
|
||||
|
||||
while ( ! fonc_queue.empty() )
|
||||
{
|
||||
pair<EventHandlerPtr, val_list*> p = fonc_queue.front();
|
||||
mgr.QueueEvent(p.first, p.second);
|
||||
fonc_queue.pop();
|
||||
}
|
||||
flush_file_event_queue(fonc_queue);
|
||||
}
|
||||
|
||||
if ( h == file_new || h == file_timeout || h == file_extraction_limit )
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue