Move Reporter to zeek namespace

2025-10-03 07:08:19 +00:00 · 2020-07-20 10:57:36 -07:00 · 2020-07-20 10:57:36 -07:00 · bfab224d7c
commit bfab224d7c
parent 7cedd94ee7
132 changed files with 1010 additions and 987 deletions
--- a/src/file_analysis/AnalyzerSet.cc
+++ b/src/file_analysis/AnalyzerSet.cc
@ -162,7 +162,7 @@ std::unique_ptr<HashKey> AnalyzerSet::GetKey(const file_analysis::Tag& t,
 	auto key = analyzer_hash->MakeHashKey(*lv, true);

 	if ( ! key )
-		reporter->InternalError("AnalyzerArgs type mismatch");
+		zeek::reporter->InternalError("AnalyzerArgs type mismatch");

 	return key;
 	}
@ -174,9 +174,9 @@ file_analysis::Analyzer* AnalyzerSet::InstantiateAnalyzer(const Tag& tag,

 	if ( ! a )
 		{
-		reporter->Error("[%s] Failed file analyzer %s instantiation",
-		                file->GetID().c_str(),
-		                file_mgr->GetComponentName(tag).c_str());
+		zeek::reporter->Error("[%s] Failed file analyzer %s instantiation",
+		                      file->GetID().c_str(),
+		                      file_mgr->GetComponentName(tag).c_str());
 		return nullptr;
 		}

--- a/src/file_analysis/File.cc
+++ b/src/file_analysis/File.cc
@ -175,8 +175,8 @@ int File::Idx(const std::string& field, const zeek::RecordType* type)
 	int rval = type->FieldOffset(field.c_str());

 	if ( rval < 0 )
-		reporter->InternalError("Unknown %s field: %s", type->GetName().c_str(),
-		                        field.c_str());
+		zeek::reporter->InternalError("Unknown %s field: %s", type->GetName().c_str(),
+		                              field.c_str());

 	return rval;
 	}
--- a/src/file_analysis/Manager.cc
+++ b/src/file_analysis/Manager.cc
@ -465,9 +465,9 @@ Analyzer* Manager::InstantiateAnalyzer(const Tag& tag,

 	if ( ! c )
 		{
-		reporter->InternalWarning(
-		            "unknown file analyzer instantiation request: %s",
-		            tag.AsString().c_str());
+		zeek::reporter->InternalWarning(
+			"unknown file analyzer instantiation request: %s",
+			tag.AsString().c_str());
 		return nullptr;
 		}

@ -482,13 +482,13 @@ Analyzer* Manager::InstantiateAnalyzer(const Tag& tag,
 		a = c->factory(args.get(), f);
 	else
 		{
-		reporter->InternalWarning("file analyzer %s cannot be instantiated "
-		                          "dynamically", c->CanonicalName().c_str());
+		zeek::reporter->InternalWarning("file analyzer %s cannot be instantiated "
+		                                "dynamically", c->CanonicalName().c_str());
 		return nullptr;
 		}

 	if ( ! a )
-		reporter->InternalError("file analyzer instantiation failed");
+		zeek::reporter->InternalError("file analyzer instantiation failed");

 	a->SetAnalyzerTag(tag);

@ -500,7 +500,7 @@ zeek::detail::RuleMatcher::MIME_Matches* Manager::DetectMIME(
 	zeek::detail::RuleMatcher::MIME_Matches* rval) const
 	{
 	if ( ! magic_state )
-		reporter->InternalError("file magic signature state not initialized");
+		zeek::reporter->InternalError("file magic signature state not initialized");

 	rval = zeek::detail::rule_matcher->Match(magic_state, data, len, rval);
 	zeek::detail::rule_matcher->ClearFileMagicState(magic_state);
--- a/src/file_analysis/analyzer/extract/Extract.cc
+++ b/src/file_analysis/analyzer/extract/Extract.cc
@ -23,7 +23,7 @@ Extract::Extract(zeek::RecordValPtr args, File* file,
 		fd = 0;
 		char buf[128];
 		bro_strerror_r(errno, buf, sizeof(buf));
-		reporter->Error("cannot open %s: %s", filename.c_str(), buf);
+		zeek::reporter->Error("cannot open %s: %s", filename.c_str(), buf);
 		}
 	}

@ -39,7 +39,7 @@ static const zeek::ValPtr& get_extract_field_val(const zeek::RecordValPtr& args,
 	const auto& rval = args->GetField(name);

 	if ( ! rval )
-		reporter->Error("File extraction analyzer missing arg field: %s", name);
+		zeek::reporter->Error("File extraction analyzer missing arg field: %s", name);

 	return rval;
 	}
--- a/src/file_analysis/analyzer/x509/OCSP.cc
+++ b/src/file_analysis/analyzer/x509/OCSP.cc
@ -79,7 +79,7 @@ static bool ocsp_add_cert_id(const OCSP_CERTID* cert_id, zeek::Args* vl, BIO* bi

 	if ( ! res )
 		{
-		reporter->Weird("OpenSSL failed to get OCSP_CERTID info");
+		zeek::reporter->Weird("OpenSSL failed to get OCSP_CERTID info");
 		vl->emplace_back(zeek::val_mgr->EmptyString());
 		vl->emplace_back(zeek::val_mgr->EmptyString());
 		vl->emplace_back(zeek::val_mgr->EmptyString());
@ -154,7 +154,7 @@ bool file_analysis::OCSP::EndOfFile()

 		if (!req)
 			{
-			reporter->Weird(GetFile(), "openssl_ocsp_request_parse_error");
+			zeek::reporter->Weird(GetFile(), "openssl_ocsp_request_parse_error");
 			return false;
 			}

@ -167,7 +167,7 @@ bool file_analysis::OCSP::EndOfFile()

 		if (!resp)
 			{
-			reporter->Weird(GetFile(), "openssl_ocsp_response_parse_error");
+			zeek::reporter->Weird(GetFile(), "openssl_ocsp_response_parse_error");
 			return false;
 			}

@ -506,7 +506,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
 		}
 	else
 		{
-		reporter->Weird("OpenSSL failed to get OCSP responder id");
+		zeek::reporter->Weird("OpenSSL failed to get OCSP responder id");
 		vl.emplace_back(zeek::val_mgr->EmptyString());
 		}

@ -517,7 +517,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
 	produced_at = OCSP_resp_get0_produced_at(basic_resp);
 #endif

-	vl.emplace_back(zeek::make_intrusive<zeek::TimeVal>(GetTimeFromAsn1(produced_at, GetFile(), reporter)));
+	vl.emplace_back(zeek::make_intrusive<zeek::TimeVal>(GetTimeFromAsn1(produced_at, GetFile(), zeek::reporter)));

 	// responses

@ -557,7 +557,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
 		                             const_cast<OCSP_CERTID*>(cert_id),
 		                             &status, &reason, &revoke_time,
 		                             &this_update, &next_update) )
-			reporter->Weird("OpenSSL failed to find status of OCSP response");
+			zeek::reporter->Weird("OpenSSL failed to find status of OCSP response");

 		const char* cert_status_str = OCSP_cert_status_str(status);
 		rvl.emplace_back(zeek::make_intrusive<zeek::StringVal>(strlen(cert_status_str), cert_status_str));
@ -565,7 +565,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
 		// revocation time and reason if revoked
 		if ( status == V_OCSP_CERTSTATUS_REVOKED )
 			{
-			rvl.emplace_back(zeek::make_intrusive<zeek::TimeVal>(GetTimeFromAsn1(revoke_time, GetFile(), reporter)));
+			rvl.emplace_back(zeek::make_intrusive<zeek::TimeVal>(GetTimeFromAsn1(revoke_time, GetFile(), zeek::reporter)));

 			if ( reason != OCSP_REVOKED_STATUS_NOSTATUS )
 				{
@ -582,12 +582,12 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
 			}

 		if ( this_update )
-			rvl.emplace_back(zeek::make_intrusive<zeek::TimeVal>(GetTimeFromAsn1(this_update, GetFile(), reporter)));
+			rvl.emplace_back(zeek::make_intrusive<zeek::TimeVal>(GetTimeFromAsn1(this_update, GetFile(), zeek::reporter)));
 		else
 			rvl.emplace_back(zeek::make_intrusive<zeek::TimeVal>(0.0));

 		if ( next_update )
-			rvl.emplace_back(zeek::make_intrusive<zeek::TimeVal>(GetTimeFromAsn1(next_update, GetFile(), reporter)));
+			rvl.emplace_back(zeek::make_intrusive<zeek::TimeVal>(GetTimeFromAsn1(next_update, GetFile(), zeek::reporter)));
 		else
 			rvl.emplace_back(zeek::make_intrusive<zeek::TimeVal>(0.0));

@ -638,7 +638,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
 			if (this_cert)
 				certs_vector->Assign(i, zeek::make_intrusive<file_analysis::X509Val>(this_cert));
 			else
-				reporter->Weird("OpenSSL returned null certificate");
+				zeek::reporter->Weird("OpenSSL returned null certificate");
 			}
 	  }

--- a/src/file_analysis/analyzer/x509/X509.cc
+++ b/src/file_analysis/analyzer/x509/X509.cc
@ -75,7 +75,7 @@ bool file_analysis::X509::EndOfFile()
 	::X509* ssl_cert = d2i_X509(NULL, &cert_char, cert_data.size());
 	if ( ! ssl_cert )
 		{
-		reporter->Weird(GetFile(), "x509_cert_parse_error");
+		zeek::reporter->Weird(GetFile(), "x509_cert_parse_error");
 		return false;
 		}

@ -160,8 +160,8 @@ zeek::RecordValPtr file_analysis::X509::ParseCertificate(X509Val* cert_val, File
 	pX509Cert->Assign(3, zeek::make_intrusive<zeek::StringVal>(len, buf));
 	BIO_free(bio);

-	pX509Cert->Assign(5, zeek::make_intrusive<zeek::TimeVal>(GetTimeFromAsn1(X509_get_notBefore(ssl_cert), f, reporter)));
-	pX509Cert->Assign(6, zeek::make_intrusive<zeek::TimeVal>(GetTimeFromAsn1(X509_get_notAfter(ssl_cert), f, reporter)));
+	pX509Cert->Assign(5, zeek::make_intrusive<zeek::TimeVal>(GetTimeFromAsn1(X509_get_notBefore(ssl_cert), f, zeek::reporter)));
+	pX509Cert->Assign(6, zeek::make_intrusive<zeek::TimeVal>(GetTimeFromAsn1(X509_get_notAfter(ssl_cert), f, zeek::reporter)));

 	// we only read 255 bytes because byte 256 is always 0.
 	// if the string is longer than 255, that will be our null-termination,
@ -306,7 +306,7 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex)
 		}

 	else
-		reporter->Weird(GetFile(), "x509_invalid_basic_constraint");
+		zeek::reporter->Weird(GetFile(), "x509_invalid_basic_constraint");
 	}

 void file_analysis::X509::ParseExtensionsSpecific(X509_EXTENSION* ex, bool global, ASN1_OBJECT* ext_asn, const char* oid)
@ -336,7 +336,7 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
 	GENERAL_NAMES *altname = (GENERAL_NAMES*)X509V3_EXT_d2i(ext);
 	if ( ! altname )
 		{
-		reporter->Weird(GetFile(), "x509_san_parse_error");
+		zeek::reporter->Weird(GetFile(), "x509_san_parse_error");
 		return;
 		}

@ -356,7 +356,7 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
 			{
 			if ( ASN1_STRING_type(gen->d.ia5) != V_ASN1_IA5STRING )
 				{
-				reporter->Weird(GetFile(), "x509_san_non_string");
+				zeek::reporter->Weird(GetFile(), "x509_san_non_string");
 				continue;
 				}

@ -407,14 +407,14 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)

 				else
 					{
-					reporter->Weird(GetFile(), "x509_san_ip_length", fmt("%d", gen->d.ip->length));
+					zeek::reporter->Weird(GetFile(), "x509_san_ip_length", fmt("%d", gen->d.ip->length));
 					continue;
 					}
 			}

 		else
 			{
-			// reporter->Error("Subject alternative name contained unsupported fields. fuid %s", GetFile()->GetID().c_str());
+			// zeek::reporter->Error("Subject alternative name contained unsupported fields. fuid %s", GetFile()->GetID().c_str());
 			// This happens quite often - just mark it
 			otherfields = true;
 			continue;
@ -524,7 +524,7 @@ unsigned int file_analysis::X509::KeyLength(EVP_PKEY *key)
 		return 0; // unknown public key type
 	}

-	reporter->InternalError("cannot be reached");
+	zeek::reporter->InternalError("cannot be reached");
 	}

 X509Val::X509Val(::X509* arg_certificate) : OpaqueVal(x509_opaque_type)
--- a/src/file_analysis/analyzer/x509/X509Common.cc
+++ b/src/file_analysis/analyzer/x509/X509Common.cc
@ -25,12 +25,12 @@ X509Common::X509Common(const file_analysis::Tag& arg_tag,
 static void EmitWeird(const char* name, File* file, const char* addl = "")
 	{
 	if ( file )
-		reporter->Weird(file, name, addl);
+		zeek::reporter->Weird(file, name, addl);
 	else
-		reporter->Weird(name);
+		zeek::reporter->Weird(name);
 	}

-double X509Common::GetTimeFromAsn1(const ASN1_TIME* atime, File* f, Reporter* reporter)
+double X509Common::GetTimeFromAsn1(const ASN1_TIME* atime, File* f, zeek::Reporter* reporter)
 	{
 	time_t lResult = 0;

@ -205,7 +205,7 @@ void file_analysis::X509Common::ParseSignedCertificateTimestamps(X509_EXTENSION*
 	ASN1_OCTET_STRING* inner = d2i_ASN1_OCTET_STRING(NULL, (const unsigned char**) &ext_val_copy, ext_val->length);
 	if ( !inner )
 		{
-		reporter->Error("X509::ParseSignedCertificateTimestamps could not parse inner octet string");
+		zeek::reporter->Error("X509::ParseSignedCertificateTimestamps could not parse inner octet string");
 		return;
 		}

@ -219,7 +219,7 @@ void file_analysis::X509Common::ParseSignedCertificateTimestamps(X509_EXTENSION*
 	catch( const binpac::Exception& e )
 		{
 		// throw a warning or sth
-		reporter->Error("X509::ParseSignedCertificateTimestamps could not parse SCT");
+		zeek::reporter->Error("X509::ParseSignedCertificateTimestamps could not parse SCT");
 		}

 	ASN1_OCTET_STRING_free(inner);
@ -325,7 +325,7 @@ zeek::StringValPtr file_analysis::X509Common::GetExtensionFromBIO(BIO* bio, File
 		{
 		// Just emit an error here and try to continue instead of aborting
 		// because it's unclear the length value is very reliable.
-		reporter->Error("X509::GetExtensionFromBIO malloc(%d) failed", length);
+		zeek::reporter->Error("X509::GetExtensionFromBIO malloc(%d) failed", length);
 		BIO_free_all(bio);
 		return nullptr;
 		}
--- a/src/file_analysis/analyzer/x509/X509Common.h
+++ b/src/file_analysis/analyzer/x509/X509Common.h
@ -11,8 +11,8 @@
 #include <openssl/asn1.h>

 class EventHandlerPtr;
-class Reporter;

+ZEEK_FORWARD_DECLARE_NAMESPACED(Reporter, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(StringVal, zeek);

 namespace zeek {
@ -42,7 +42,7 @@ public:
 	 */
 	static zeek::StringValPtr GetExtensionFromBIO(BIO* bio, File* f = nullptr);

-	static double GetTimeFromAsn1(const ASN1_TIME* atime, File* f, Reporter* reporter);
+	static double GetTimeFromAsn1(const ASN1_TIME* atime, File* f, zeek::Reporter* reporter);

 protected:
 	X509Common(const file_analysis::Tag& arg_tag,
--- a/src/file_analysis/analyzer/x509/functions.bif
+++ b/src/file_analysis/analyzer/x509/functions.bif
@ -225,7 +225,7 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c
 	zeek::VectorVal *certs_vec = certs->AsVectorVal();
 	if ( certs_vec->Size() < 1 )
 		{
-		reporter->Error("No certificates given in vector");
+		zeek::reporter->Error("No certificates given in vector");
 		return x509_result_record(-1, "no certificates");
 		}

@ -511,7 +511,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str
 	zeek::VectorVal *certs_vec = certs->AsVectorVal();
 	if ( ! certs_vec || certs_vec->Size() < 1 )
 		{
-		reporter->Error("No certificates given in vector");
+		zeek::reporter->Error("No certificates given in vector");
 		return x509_result_record(-1, "no certificates");
 		}

@ -551,7 +551,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str

 		if ( ! chain )
 			{
-			reporter->Error("Encountered valid chain that could not be resolved");
+			zeek::reporter->Error("Encountered valid chain that could not be resolved");
 			sk_X509_pop_free(chain, X509_free);
 			goto x509_verify_chainerror;
 			}
@ -568,7 +568,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str
 				chainVector->Assign(i, zeek::make_intrusive<file_analysis::X509Val>(currcert));
 			else
 				{
-				reporter->InternalWarning("OpenSSL returned null certificate");
+				zeek::reporter->InternalWarning("OpenSSL returned null certificate");
 				sk_X509_pop_free(chain, X509_free);
 				goto x509_verify_chainerror;
 				}
@ -623,7 +623,7 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
 	bool precert = issuer_key_hash->Len() > 0;
 	if ( precert && issuer_key_hash->Len() != 32)
 		{
-		reporter->Error("Invalid issuer_key_hash length");
+		zeek::reporter->Error("Invalid issuer_key_hash length");
 		return zeek::val_mgr->False();
 		}

@ -647,7 +647,7 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
 		int pos = X509_get_ext_by_NID(x, NID_ct_precert_scts, -1);
 		if ( pos < 0 )
 			{
-			reporter->Error("NID_ct_precert_scts not found");
+			zeek::reporter->Error("NID_ct_precert_scts not found");
 			return zeek::val_mgr->False();
 			}
 #else
@ -751,7 +751,7 @@ sct_verify_err:
 	if (key)
 		EVP_PKEY_free(key);

-	reporter->Error("%s", errstr.c_str());
+	zeek::reporter->Error("%s", errstr.c_str());
 	return zeek::val_mgr->False();
 	%}

@ -768,7 +768,7 @@ zeek::StringValPtr x509_entity_hash(file_analysis::X509Val *cert_handle, unsigne

 	if ( type > 2 )
 		{
-		reporter->InternalError("Unknown type in x509_entity_hash");
+		zeek::reporter->InternalError("Unknown type in x509_entity_hash");
 		return nullptr;
 		}