More file analysis updates.

- Recorrected the module name to Files. - Added Files::analyzer_name to get a more readable name for a file analyzer. - Improved and just overall better handled multipart mime transfers in HTTP and SMTP. HTTP now has orig_fuids and resp_fuids log fields since multiple "files" can be transferred with multipart mime in a single request/response pair. SMTP has an fuids field which has file unique IDs for all parts transferred. FTP and IRC have a log field named fuid added because only a single file can be transferred per irc and ftp log line.
2025-10-05 08:08:19 +00:00 · 2013-07-09 11:50:54 -04:00 · 2013-07-09 11:50:54 -04:00 · cdf6b7864e
commit cdf6b7864e
parent 58d133e764
18 changed files with 257 additions and 120 deletions
--- a/src/file_analysis/Manager.cc
+++ b/src/file_analysis/Manager.cc
@ -19,8 +19,8 @@ string Manager::salt;

 Manager::Manager()
 	{
-	tag_enum_type = new EnumType("FileAnalysis::Tag");
-	::ID* id = install_ID("Tag", "FileAnalysis", true, true);
+	tag_enum_type = new EnumType("Files::Tag");
+	::ID* id = install_ID("Tag", "Files", true, true);
 	add_type(id, tag_enum_type, 0, 0);
 	}

@ -42,7 +42,7 @@ void Manager::RegisterAnalyzerComponent(Component* component)
 	{
 	const char* cname = component->CanonicalName();

-	if ( tag_enum_type->Lookup("FileAnalysis", cname) != -1 )
+	if ( tag_enum_type->Lookup("Files", cname) != -1 )
 		reporter->FatalError("File Analyzer %s defined more than once", cname);

 	DBG_LOG(DBG_FILE_ANALYSIS, "Registering analyzer %s (tag %s)",
@ -54,7 +54,7 @@ void Manager::RegisterAnalyzerComponent(Component* component)
 	        component->Tag().AsEnumVal()->InternalInt(), component));

 	string id = fmt("ANALYZER_%s", cname);
-	tag_enum_type->AddName("FileAnalysis", id.c_str(),
+	tag_enum_type->AddName("Files", id.c_str(),
 						   component->Tag().AsEnumVal()->InternalInt(), true);
 	}

--- a/src/file_analysis/analyzer/hash/events.bif
+++ b/src/file_analysis/analyzer/hash/events.bif
@ -7,6 +7,6 @@
 ##
 ## hash: The result of the hashing.
 ##
-## .. bro:see:: FileAnalysis::add_analyzer FileAnalysis::ANALYZER_MD5
-##    FileAnalysis::ANALYZER_SHA1 FileAnalysis::ANALYZER_SHA256
+## .. bro:see:: Files::add_analyzer Files::ANALYZER_MD5
+##    Files::ANALYZER_SHA1 Files::ANALYZER_SHA256
 event file_hash%(f: fa_file, kind: string, hash: string%);
--- a/src/file_analysis/file_analysis.bif
+++ b/src/file_analysis/file_analysis.bif
@ -42,6 +42,12 @@ function Files::__stop%(file_id: string%): bool
 	return new Val(result, TYPE_BOOL);
 	%}

+## :bro:see:`Files::analyzer_name`.
+function Files::__analyzer_name%(tag: Files::Tag%) : string
+	%{
+	return new StringVal(file_mgr->GetAnalyzerName(tag->InternalInt()));
+	%}
+
 module GLOBAL;

 ## For use within a :bro:see:`get_file_handle` handler to set a unique