diff --git a/CHANGES b/CHANGES index cdce15ce15..3a925f945d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,27 @@ +3.2.0-dev.36 | 2020-02-14 10:29:36 -0700 + + * broker: include cleanup (Max Kellermann) + + * file_analysis: include cleanup (Max Kellermann) + + * file_analysis/Analyzer: eliminate duplicate constructor (Max Kellermann) + + * probabilistic/Topk: include cleanup (Max Kellermann) + + * digest: eliminate the "Reporter.h" include (Max Kellermann) + + * Val: eliminate the "RE.h" include (Max Kellermann) + + * Val: eliminate the "BroString.h" include (Max Kellermann) + + * Val: eliminate the "CompHash.h" include (Max Kellermann) + + * Val: forward-declare class PDict, reduce includes (Max Kellermann) + + * Val: eliminate the "Scope.h" include (Max Kellermann) + + 3.2.0-dev.25 | 2020-02-13 19:05:56 -0800 * Reset the number of entries in a dict when calling Clear() (Tim Wojtulewicz, Corelight) diff --git a/VERSION b/VERSION index d8d229a7c5..cbe056d2b7 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -3.2.0-dev.25 +3.2.0-dev.36 diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 4d23220ab6..23a36ff508 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -205,6 +205,7 @@ set_source_files_properties(nb_dns.c PROPERTIES COMPILE_FLAGS set(MAIN_SRCS main.cc + digest.cc net_util.cc util.cc module_util.cc diff --git a/src/CompHash.cc b/src/CompHash.cc index ba640d50f8..37ee7e25c9 100644 --- a/src/CompHash.cc +++ b/src/CompHash.cc @@ -3,7 +3,10 @@ #include "zeek-config.h" #include "CompHash.h" +#include "BroString.h" +#include "Dict.h" #include "Val.h" +#include "RE.h" #include "Reporter.h" #include "Func.h" diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index bb44bfb319..f6be03077a 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -31,6 +31,7 @@ #include +#include "BroString.h" #include "Event.h" #include "Net.h" #include "Val.h" diff --git a/src/Discard.cc b/src/Discard.cc index cb279ca580..7ba0d2e7a5 100644 --- a/src/Discard.cc +++ b/src/Discard.cc @@ -6,6 +6,7 @@ #include +#include "BroString.h" #include "Net.h" #include "Func.h" #include "Var.h" diff --git a/src/EventHandler.cc b/src/EventHandler.cc index 9928df9a8b..3f70a81b51 100644 --- a/src/EventHandler.cc +++ b/src/EventHandler.cc @@ -4,6 +4,7 @@ #include "Func.h" #include "Scope.h" #include "NetVar.h" +#include "ID.h" #include "broker/Manager.h" #include "broker/Data.h" diff --git a/src/Frame.cc b/src/Frame.cc index d3ab29f5f5..01bba1a679 100644 --- a/src/Frame.cc +++ b/src/Frame.cc @@ -10,6 +10,7 @@ #include "IntrusivePtr.h" #include "Trigger.h" #include "Val.h" +#include "ID.h" vector g_frame_stack; diff --git a/src/IP.cc b/src/IP.cc index 24ffac2b17..c63344c88c 100644 --- a/src/IP.cc +++ b/src/IP.cc @@ -10,6 +10,7 @@ #include "Type.h" #include "Val.h" #include "Var.h" +#include "BroString.h" #include "Reporter.h" static RecordType* ip4_hdr_type = 0; diff --git a/src/Net.cc b/src/Net.cc index fa9bbd56a2..f3d3f50c2d 100644 --- a/src/Net.cc +++ b/src/Net.cc @@ -30,6 +30,7 @@ extern "C" { #include "Timer.h" #include "Var.h" #include "Reporter.h" +#include "Scope.h" #include "Anon.h" #include "PacketDumper.h" #include "iosource/Manager.h" diff --git a/src/OpaqueVal.cc b/src/OpaqueVal.cc index b522539469..d289d452f6 100644 --- a/src/OpaqueVal.cc +++ b/src/OpaqueVal.cc @@ -3,8 +3,10 @@ #include #include "OpaqueVal.h" +#include "CompHash.h" #include "NetVar.h" #include "Reporter.h" +#include "Scope.h" #include "Desc.h" #include "Var.h" #include "probabilistic/BloomFilter.h" diff --git a/src/Reporter.cc b/src/Reporter.cc index 94ba5302f3..978a0a8a39 100644 --- a/src/Reporter.cc +++ b/src/Reporter.cc @@ -15,6 +15,7 @@ #include "Net.h" #include "Conn.h" #include "Timer.h" +#include "Var.h" // for internal_val() #include "EventHandler.h" #include "plugin/Plugin.h" #include "plugin/Manager.h" diff --git a/src/RuleMatcher.cc b/src/RuleMatcher.cc index 441e41a0b4..520d34109f 100644 --- a/src/RuleMatcher.cc +++ b/src/RuleMatcher.cc @@ -7,6 +7,7 @@ #include "RuleAction.h" #include "RuleCondition.h" +#include "BroString.h" #include "ID.h" #include "IntSet.h" #include "IP.h" diff --git a/src/Stmt.cc b/src/Stmt.cc index 8766a1a75a..39999058ca 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -2,6 +2,7 @@ #include "zeek-config.h" +#include "CompHash.h" #include "Expr.h" #include "Event.h" #include "Frame.h" diff --git a/src/Val.cc b/src/Val.cc index ee706c0996..595c208f8a 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -14,6 +14,9 @@ #include #include "Attr.h" +#include "BroString.h" +#include "CompHash.h" +#include "Dict.h" #include "Net.h" #include "File.h" #include "Func.h" @@ -28,6 +31,7 @@ #include "Conn.h" #include "Reporter.h" #include "IPAddr.h" +#include "Var.h" // for internal_type() #include "broker/Data.h" @@ -363,6 +367,11 @@ void Val::ValDescribeReST(ODesc* d) const #ifdef DEBUG +ID* Val::GetID() const + { + return bound_id ? global_scope()->Lookup(bound_id) : 0; + } + void Val::SetID(ID* id) { delete [] bound_id; @@ -991,6 +1000,26 @@ StringVal::StringVal(const string& s) : Val(TYPE_STRING) val.string_val = new BroString(reinterpret_cast(s.data()), s.length(), 1); } +Val* StringVal::SizeVal() const + { + return val_mgr->GetCount(val.string_val->Len()); + } + +int StringVal::Len() + { + return AsString()->Len(); + } + +const u_char* StringVal::Bytes() + { + return AsString()->Bytes(); + } + +const char* StringVal::CheckString() + { + return AsString()->CheckString(); + } + string StringVal::ToStdString() const { auto* bs = AsString(); @@ -1352,6 +1381,11 @@ void TableVal::RemoveAll() val.table_val->SetDeleteFunc(table_entry_val_delete_func); } +int TableVal::Size() const + { + return AsTable()->Length(); + } + int TableVal::RecursiveSize() const { int n = AsTable()->Length(); @@ -2544,6 +2578,11 @@ unsigned int TableVal::MemoryAllocation() const + table_hash->MemoryAllocation(); } +HashKey* TableVal::ComputeHash(const Val* index) const + { + return table_hash->ComputeHash(index, 1); + } + vector RecordVal::parse_time_records; RecordVal::RecordVal(RecordType* t, bool init_fields) : Val(t) diff --git a/src/Val.h b/src/Val.h index bbb7cc84d6..79172c3f55 100644 --- a/src/Val.h +++ b/src/Val.h @@ -3,13 +3,8 @@ #pragma once #include "Type.h" -#include "Dict.h" -#include "CompHash.h" -#include "BroString.h" #include "Timer.h" -#include "Scope.h" #include "Notifier.h" -#include "RE.h" #include "net_util.h" #include @@ -32,7 +27,11 @@ using std::string; #define UDP_PORT_MASK 0x20000 #define ICMP_PORT_MASK 0x30000 +template class PDict; +class IterCookie; + class Val; +class BroString; class BroFunc; class Func; class BroFile; @@ -60,6 +59,8 @@ class VectorVal; class TableEntryVal; +class RE_Matcher; + typedef union { // Used for bool, int, enum. bro_int_t int_val; @@ -286,10 +287,7 @@ public: #ifdef DEBUG // For debugging, we keep a reference to the global ID to which a // value has been bound *last*. - ID* GetID() const - { - return bound_id ? global_scope()->Lookup(bound_id) : 0; - } + ID* GetID() const; void SetID(ID* id); #endif @@ -549,12 +547,11 @@ public: explicit StringVal(const string& s); StringVal(int length, const char* s); - Val* SizeVal() const override - { return val_mgr->GetCount(val.string_val->Len()); } + Val* SizeVal() const override; - int Len() { return AsString()->Len(); } - const u_char* Bytes() { return AsString()->Bytes(); } - const char* CheckString() { return AsString()->CheckString(); } + int Len(); + const u_char* Bytes(); + const char* CheckString(); // Note that one needs to de-allocate the return value of // ExpandedString() to avoid a memory leak. @@ -700,6 +697,7 @@ protected: }; class CompositeHash; +class HashKey; class Frame; class TableVal : public Val, public notifier::Modifiable { @@ -790,7 +788,7 @@ public: Attributes* Attrs() { return attrs; } // Returns the size of the table. - int Size() const { return AsTable()->Length(); } + int Size() const; int RecursiveSize() const; // Returns the Prefix table used inside the table (if present). @@ -816,8 +814,7 @@ public: timer = 0; } - HashKey* ComputeHash(const Val* index) const - { return table_hash->ComputeHash(index, 1); } + HashKey* ComputeHash(const Val* index) const; notifier::Modifiable* Modifiable() override { return this; } diff --git a/src/analyzer/Analyzer.cc b/src/analyzer/Analyzer.cc index 6d340f11b5..b17d7fd0e8 100644 --- a/src/analyzer/Analyzer.cc +++ b/src/analyzer/Analyzer.cc @@ -7,6 +7,7 @@ #include "binpac.h" #include "analyzer/protocol/pia/PIA.h" +#include "../BroString.h" #include "../Event.h" namespace analyzer { diff --git a/src/analyzer/protocol/ayiya/ayiya-analyzer.pac b/src/analyzer/protocol/ayiya/ayiya-analyzer.pac index 67a74f4444..935e05d749 100644 --- a/src/analyzer/protocol/ayiya/ayiya-analyzer.pac +++ b/src/analyzer/protocol/ayiya/ayiya-analyzer.pac @@ -1,5 +1,6 @@ %extern{ #include "Sessions.h" +#include "Conn.h" %} connection AYIYA_Conn(bro_analyzer: BroAnalyzer) diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index a4868056f6..db072ffeb3 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -9,6 +9,7 @@ #include #include +#include "BroString.h" #include "NetVar.h" #include "Sessions.h" #include "Event.h" diff --git a/src/analyzer/protocol/ftp/FTP.cc b/src/analyzer/protocol/ftp/FTP.cc index 26bb780caa..820a193958 100644 --- a/src/analyzer/protocol/ftp/FTP.cc +++ b/src/analyzer/protocol/ftp/FTP.cc @@ -5,6 +5,7 @@ #include +#include "BroString.h" #include "NetVar.h" #include "Event.h" #include "Base64.h" diff --git a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac index b693f4e792..1ef11e1f90 100644 --- a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac +++ b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac @@ -1,5 +1,6 @@ %extern{ #include "Sessions.h" +#include "BroString.h" %} %code{ diff --git a/src/analyzer/protocol/ident/Ident.cc b/src/analyzer/protocol/ident/Ident.cc index 5b10a19c05..2ccb66dbb9 100644 --- a/src/analyzer/protocol/ident/Ident.cc +++ b/src/analyzer/protocol/ident/Ident.cc @@ -4,6 +4,7 @@ #include +#include "BroString.h" #include "NetVar.h" #include "Ident.h" #include "Event.h" diff --git a/src/analyzer/protocol/login/Login.cc b/src/analyzer/protocol/login/Login.cc index 5bca5930c6..7db2a81155 100644 --- a/src/analyzer/protocol/login/Login.cc +++ b/src/analyzer/protocol/login/Login.cc @@ -6,6 +6,7 @@ #include #include +#include "BroString.h" #include "NetVar.h" #include "RE.h" #include "Reporter.h" diff --git a/src/analyzer/protocol/login/NVT.cc b/src/analyzer/protocol/login/NVT.cc index 0105df59f0..47dfca94fe 100644 --- a/src/analyzer/protocol/login/NVT.cc +++ b/src/analyzer/protocol/login/NVT.cc @@ -5,6 +5,7 @@ #include +#include "BroString.h" #include "NetVar.h" #include "Event.h" #include "Reporter.h" diff --git a/src/analyzer/protocol/mqtt/MQTT.cc b/src/analyzer/protocol/mqtt/MQTT.cc index b11d9c5792..7addafb3f9 100644 --- a/src/analyzer/protocol/mqtt/MQTT.cc +++ b/src/analyzer/protocol/mqtt/MQTT.cc @@ -4,6 +4,7 @@ #include "MQTT.h" #include "Reporter.h" +#include "Scope.h" #include "mqtt_pac.h" using namespace analyzer::MQTT; diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.cc b/src/analyzer/protocol/netbios/NetbiosSSN.cc index 4aedd0d0f0..8fbedf58b6 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.cc +++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc @@ -5,6 +5,7 @@ #include +#include "BroString.h" #include "NetVar.h" #include "Sessions.h" #include "Event.h" diff --git a/src/analyzer/protocol/rpc/MOUNT.cc b/src/analyzer/protocol/rpc/MOUNT.cc index b66bf34206..8cdb3c20e2 100644 --- a/src/analyzer/protocol/rpc/MOUNT.cc +++ b/src/analyzer/protocol/rpc/MOUNT.cc @@ -6,6 +6,7 @@ #include #include +#include "BroString.h" #include "NetVar.h" #include "XDR.h" #include "Event.h" diff --git a/src/analyzer/protocol/rpc/NFS.cc b/src/analyzer/protocol/rpc/NFS.cc index bba3375ec6..eb9aa229ec 100644 --- a/src/analyzer/protocol/rpc/NFS.cc +++ b/src/analyzer/protocol/rpc/NFS.cc @@ -6,6 +6,7 @@ #include #include +#include "BroString.h" #include "NetVar.h" #include "XDR.h" #include "Event.h" diff --git a/src/analyzer/protocol/ssh/ssh-protocol.pac b/src/analyzer/protocol/ssh/ssh-protocol.pac index c0c2a9ab49..1b42a841b7 100644 --- a/src/analyzer/protocol/ssh/ssh-protocol.pac +++ b/src/analyzer/protocol/ssh/ssh-protocol.pac @@ -1,5 +1,9 @@ %include consts.pac +%extern{ +#include "BroString.h" +%} + # Common constructs across SSH1 and SSH2 ######################################## diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index 28f4139225..4ae9305145 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -3,6 +3,7 @@ #include "File.h" #include "analyzer/Analyzer.h" #include "analyzer/protocol/tcp/TCP.h" +#include "BroString.h" #include "Reporter.h" #include "RuleMatcher.h" diff --git a/src/analyzer/protocol/teredo/Teredo.cc b/src/analyzer/protocol/teredo/Teredo.cc index 1214f30e3b..cccb400ef2 100644 --- a/src/analyzer/protocol/teredo/Teredo.cc +++ b/src/analyzer/protocol/teredo/Teredo.cc @@ -5,6 +5,7 @@ #include "IP.h" #include "Reporter.h" #include "Sessions.h" +#include "BroString.h" #include "events.bif.h" diff --git a/src/broker/Data.cc b/src/broker/Data.cc index a659c1c938..8733f1b686 100644 --- a/src/broker/Data.cc +++ b/src/broker/Data.cc @@ -2,6 +2,9 @@ #include "File.h" #include "Desc.h" #include "IntrusivePtr.h" +#include "RE.h" +#include "Var.h" // for internal_type() +#include "Scope.h" #include "module_util.h" #include "3rdparty/doctest.h" #include "broker/data.bif.h" @@ -1170,6 +1173,14 @@ IntrusivePtr bro_broker::DataVal::castTo(BroType* t) return data_to_val(data, t); } +BroType* bro_broker::DataVal::ScriptDataType() + { + if ( ! script_data_type ) + script_data_type = internal_type("Broker::Data"); + + return script_data_type; + } + IMPLEMENT_OPAQUE_VALUE(bro_broker::DataVal) broker::expected bro_broker::DataVal::DoSerialize() const diff --git a/src/broker/Data.h b/src/broker/Data.h index 5d55de56b6..d15613c852 100644 --- a/src/broker/Data.h +++ b/src/broker/Data.h @@ -4,7 +4,6 @@ #include "Reporter.h" #include "Frame.h" #include "Expr.h" -#include "Var.h" // for internal_type() template class IntrusivePtr; @@ -111,13 +110,7 @@ public: // Returns the Bro type that scripts use to represent a Broker data // instance. This may be wrapping the opaque value inside another // type. - static BroType* ScriptDataType() - { - if ( ! script_data_type ) - script_data_type = internal_type("Broker::Data"); - - return script_data_type; - } + static BroType* ScriptDataType(); broker::data data; diff --git a/src/broker/Manager.h b/src/broker/Manager.h index 0cbde06090..284f5a7538 100644 --- a/src/broker/Manager.h +++ b/src/broker/Manager.h @@ -17,11 +17,11 @@ #include #include -#include "NetVar.h" #include "iosource/IOSource.h" #include "logging/WriterBackend.h" class Frame; +class Func; namespace bro_broker { diff --git a/src/broker/Store.cc b/src/broker/Store.cc index 20020375eb..c542ff45c2 100644 --- a/src/broker/Store.cc +++ b/src/broker/Store.cc @@ -1,11 +1,28 @@ #include "Store.h" #include "Desc.h" +#include "Var.h" // for internal_type() #include "broker/Manager.h" namespace bro_broker { OpaqueType* opaque_of_store_handle; +EnumVal* query_status(bool success) + { + static EnumType* store_query_status = nullptr; + static int success_val; + static int failure_val; + + if ( ! store_query_status ) + { + store_query_status = internal_type("Broker::QueryStatus")->AsEnumType(); + success_val = store_query_status->Lookup("Broker", "SUCCESS"); + failure_val = store_query_status->Lookup("Broker", "FAILURE"); + } + + return store_query_status->GetVal(success ? success_val : failure_val); + } + void StoreHandleVal::ValDescribe(ODesc* d) const { //using BifEnum::Broker::BackendType; diff --git a/src/broker/Store.h b/src/broker/Store.h index fd8f0911d5..48c435191e 100644 --- a/src/broker/Store.h +++ b/src/broker/Store.h @@ -2,8 +2,6 @@ #include "broker/store.bif.h" #include "broker/data.bif.h" -#include "Type.h" -#include "Var.h" // for internal_type() #include "OpaqueVal.h" #include "Trigger.h" @@ -20,21 +18,7 @@ extern OpaqueType* opaque_of_store_handle; * @param success whether the query status should be set to success or failure. * @return a Broker::QueryStatus value. */ -inline EnumVal* query_status(bool success) - { - static EnumType* store_query_status = nullptr; - static int success_val; - static int failure_val; - - if ( ! store_query_status ) - { - store_query_status = internal_type("Broker::QueryStatus")->AsEnumType(); - success_val = store_query_status->Lookup("Broker", "SUCCESS"); - failure_val = store_query_status->Lookup("Broker", "FAILURE"); - } - - return store_query_status->GetVal(success ? success_val : failure_val); - } +EnumVal* query_status(bool success); /** * @return a Broker::QueryResult value that has a Broker::QueryStatus indicating diff --git a/src/digest.cc b/src/digest.cc new file mode 100644 index 0000000000..71b14eee53 --- /dev/null +++ b/src/digest.cc @@ -0,0 +1,75 @@ +// See the file "COPYING" in the main distribution directory for copyright. + +/** + * Wrapper and helper functions for MD5/SHA digest algorithms. + */ + +#include "digest.h" + +#include "Reporter.h" + +EVP_MD_CTX* hash_init(HashAlgorithm alg) + { + EVP_MD_CTX* c = EVP_MD_CTX_new(); + const EVP_MD* md; + + switch (alg) + { + case Hash_MD5: +#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW + /* Allow this to work even if FIPS disables it */ + EVP_MD_CTX_set_flags(c, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); +#endif + md = EVP_md5(); + break; + case Hash_SHA1: + md = EVP_sha1(); + break; + case Hash_SHA224: + md = EVP_sha224(); + break; + case Hash_SHA256: + md = EVP_sha256(); + break; + case Hash_SHA384: + md = EVP_sha384(); + break; + case Hash_SHA512: + md = EVP_sha512(); + break; + default: + reporter->InternalError("Unknown hash algorithm passed to hash_init"); + } + + if ( ! EVP_DigestInit_ex(c, md, NULL) ) + reporter->InternalError("EVP_DigestInit failed"); + + return c; + } + +void hash_update(EVP_MD_CTX* c, const void* data, unsigned long len) + { + if ( ! EVP_DigestUpdate(c, data, len) ) + reporter->InternalError("EVP_DigestUpdate failed"); + } + +void hash_final(EVP_MD_CTX* c, u_char* md) + { + if ( ! EVP_DigestFinal(c, md, NULL) ) + reporter->InternalError("EVP_DigestFinal failed"); + + EVP_MD_CTX_free(c); + } + +unsigned char* internal_md5(const unsigned char* data, unsigned long len, unsigned char* out) + { + static unsigned char static_out[MD5_DIGEST_LENGTH]; + + if ( ! out ) + out = static_out; // use static array for return, see OpenSSL man page + + EVP_MD_CTX* c = hash_init(Hash_MD5); + hash_update(c, data, len); + hash_final(c, out); + return out; + } diff --git a/src/digest.h b/src/digest.h index 629ebc0ace..e102828c7c 100644 --- a/src/digest.h +++ b/src/digest.h @@ -10,6 +10,8 @@ #include #include +#include // for u_char + #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) #define EVP_MD_CTX_new EVP_MD_CTX_create #define EVP_MD_CTX_free EVP_MD_CTX_destroy @@ -20,8 +22,6 @@ inline void* EVP_MD_CTX_md_data(const EVP_MD_CTX* ctx) } #endif -#include "Reporter.h" - enum HashAlgorithm { Hash_MD5, Hash_SHA1, Hash_SHA224, Hash_SHA256, Hash_SHA384, Hash_SHA512 }; inline const char* digest_print(const u_char* digest, size_t n) @@ -47,68 +47,10 @@ inline const char* sha256_digest_print(const u_char digest[SHA256_DIGEST_LENGTH] return digest_print(digest, SHA256_DIGEST_LENGTH); } -inline EVP_MD_CTX* hash_init(HashAlgorithm alg) - { - EVP_MD_CTX* c = EVP_MD_CTX_new(); - const EVP_MD* md; +EVP_MD_CTX* hash_init(HashAlgorithm alg); - switch (alg) - { - case Hash_MD5: -#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW - /* Allow this to work even if FIPS disables it */ - EVP_MD_CTX_set_flags(c, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); -#endif - md = EVP_md5(); - break; - case Hash_SHA1: - md = EVP_sha1(); - break; - case Hash_SHA224: - md = EVP_sha224(); - break; - case Hash_SHA256: - md = EVP_sha256(); - break; - case Hash_SHA384: - md = EVP_sha384(); - break; - case Hash_SHA512: - md = EVP_sha512(); - break; - default: - reporter->InternalError("Unknown hash algorithm passed to hash_init"); - } +void hash_update(EVP_MD_CTX* c, const void* data, unsigned long len); - if ( ! EVP_DigestInit_ex(c, md, NULL) ) - reporter->InternalError("EVP_DigestInit failed"); +void hash_final(EVP_MD_CTX* c, u_char* md); - return c; - } - -inline void hash_update(EVP_MD_CTX* c, const void* data, unsigned long len) - { - if ( ! EVP_DigestUpdate(c, data, len) ) - reporter->InternalError("EVP_DigestUpdate failed"); - } - -inline void hash_final(EVP_MD_CTX* c, u_char* md) - { - if ( ! EVP_DigestFinal(c, md, NULL) ) - reporter->InternalError("EVP_DigestFinal failed"); - - EVP_MD_CTX_free(c); - } - -inline unsigned char* internal_md5(const unsigned char* data, unsigned long len, unsigned char* out) - { - static unsigned char static_out[MD5_DIGEST_LENGTH]; - - if ( ! out ) - out = static_out; // use static array for return, see OpenSSL man page - - EVP_MD_CTX* c = hash_init(Hash_MD5); - hash_update(c, data, len); - hash_final(c, out); - return out; - } +unsigned char* internal_md5(const unsigned char* data, unsigned long len, unsigned char* out); diff --git a/src/file_analysis/Analyzer.cc b/src/file_analysis/Analyzer.cc index c04c02f818..963c4a693d 100644 --- a/src/file_analysis/Analyzer.cc +++ b/src/file_analysis/Analyzer.cc @@ -2,6 +2,7 @@ #include "Analyzer.h" #include "Manager.h" +#include "Val.h" file_analysis::ID file_analysis::Analyzer::id_counter = 0; @@ -17,3 +18,13 @@ void file_analysis::Analyzer::SetAnalyzerTag(const file_analysis::Tag& arg_tag) assert(! tag || tag == arg_tag); tag = arg_tag; } + +file_analysis::Analyzer::Analyzer(file_analysis::Tag arg_tag, RecordVal* arg_args, File* arg_file) + : tag(arg_tag), + args(arg_args->Ref()->AsRecordVal()), + file(arg_file), + got_stream_delivery(false), + skip(false) + { + id = ++id_counter; + } diff --git a/src/file_analysis/Analyzer.h b/src/file_analysis/Analyzer.h index 85fb37faa1..029a4df082 100644 --- a/src/file_analysis/Analyzer.h +++ b/src/file_analysis/Analyzer.h @@ -2,11 +2,11 @@ #pragma once -#include "Val.h" -#include "NetVar.h" #include "Tag.h" -#include "file_analysis/file_analysis.bif.h" +#include // for u_char + +class RecordVal; namespace file_analysis { @@ -146,15 +146,7 @@ protected: * tunable options, if any, related to a particular analyzer type. * @param arg_file the file to which the the analyzer is being attached. */ - Analyzer(file_analysis::Tag arg_tag, RecordVal* arg_args, File* arg_file) - : tag(arg_tag), - args(arg_args->Ref()->AsRecordVal()), - file(arg_file), - got_stream_delivery(false), - skip(false) - { - id = ++id_counter; - } + Analyzer(file_analysis::Tag arg_tag, RecordVal* arg_args, File* arg_file); /** * Constructor. Only derived classes are meant to be instantiated. @@ -166,13 +158,8 @@ protected: * @param arg_file the file to which the the analyzer is being attached. */ Analyzer(RecordVal* arg_args, File* arg_file) - : tag(), - args(arg_args->Ref()->AsRecordVal()), - file(arg_file), - got_stream_delivery(false), - skip(false) + : Analyzer({}, arg_args, arg_file) { - id = ++id_counter; } private: diff --git a/src/file_analysis/AnalyzerSet.cc b/src/file_analysis/AnalyzerSet.cc index 4bc49e802d..d3cbe300f1 100644 --- a/src/file_analysis/AnalyzerSet.cc +++ b/src/file_analysis/AnalyzerSet.cc @@ -4,6 +4,9 @@ #include "File.h" #include "Analyzer.h" #include "Manager.h" +#include "CompHash.h" +#include "Val.h" +#include "file_analysis/file_analysis.bif.h" using namespace file_analysis; @@ -106,6 +109,12 @@ bool AnalyzerSet::AddMod::Perform(AnalyzerSet* set) return true; } +void AnalyzerSet::AddMod::Abort() + { + delete a; + delete key; + } + bool AnalyzerSet::Remove(const file_analysis::Tag& tag, RecordVal* args) { return Remove(tag, GetKey(tag, args)); diff --git a/src/file_analysis/AnalyzerSet.h b/src/file_analysis/AnalyzerSet.h index 3f8848d22e..a1960a2e1a 100644 --- a/src/file_analysis/AnalyzerSet.h +++ b/src/file_analysis/AnalyzerSet.h @@ -4,14 +4,17 @@ #include -#include "Analyzer.h" #include "Dict.h" -#include "CompHash.h" -#include "Val.h" #include "Tag.h" +using std::queue; + +class CompositeHash; +class RecordVal; + namespace file_analysis { +class Analyzer; class File; /** @@ -173,7 +176,7 @@ private: : Modification(), a(arg_a), key(arg_key) {} ~AddMod() override {} bool Perform(AnalyzerSet* set) override; - void Abort() override { delete a; delete key; } + void Abort() override; protected: file_analysis::Analyzer* a; diff --git a/src/file_analysis/File.h b/src/file_analysis/File.h index 058de9f153..1580d0f298 100644 --- a/src/file_analysis/File.h +++ b/src/file_analysis/File.h @@ -2,17 +2,22 @@ #pragma once +#include #include #include +#include "analyzer/Tag.h" #include "AnalyzerSet.h" #include "BroString.h" +#include "BroList.h" // for val_list #include "WeirdState.h" using std::string; class Connection; +class RecordType; class RecordVal; +class EventHandlerPtr; namespace file_analysis { diff --git a/src/file_analysis/Manager.cc b/src/file_analysis/Manager.cc index bc55c734e5..36fa76e9f8 100644 --- a/src/file_analysis/Manager.cc +++ b/src/file_analysis/Manager.cc @@ -10,6 +10,7 @@ #include "plugin/Manager.h" #include "analyzer/Manager.h" +#include "file_analysis/file_analysis.bif.h" #include diff --git a/src/file_analysis/Manager.h b/src/file_analysis/Manager.h index 0c4d46e95b..02da6aa182 100644 --- a/src/file_analysis/Manager.h +++ b/src/file_analysis/Manager.h @@ -12,7 +12,7 @@ #include "plugin/ComponentManager.h" -#include "file_analysis/file_analysis.bif.h" +#include "analyzer/Tag.h" using std::map; using std::set; diff --git a/src/file_analysis/analyzer/data_event/DataEvent.cc b/src/file_analysis/analyzer/data_event/DataEvent.cc index 08f31addb3..7614127ea7 100644 --- a/src/file_analysis/analyzer/data_event/DataEvent.cc +++ b/src/file_analysis/analyzer/data_event/DataEvent.cc @@ -5,6 +5,7 @@ #include "DataEvent.h" #include "EventRegistry.h" #include "Event.h" +#include "Func.h" #include "util.h" #include "file_analysis/Manager.h" diff --git a/src/file_analysis/analyzer/data_event/DataEvent.h b/src/file_analysis/analyzer/data_event/DataEvent.h index 9120412665..5027fd78ed 100644 --- a/src/file_analysis/analyzer/data_event/DataEvent.h +++ b/src/file_analysis/analyzer/data_event/DataEvent.h @@ -7,6 +7,7 @@ #include "Val.h" #include "File.h" #include "Analyzer.h" +#include "EventHandler.h" namespace file_analysis { diff --git a/src/file_analysis/analyzer/extract/functions.bif b/src/file_analysis/analyzer/extract/functions.bif index c91f0590bd..bdec388380 100644 --- a/src/file_analysis/analyzer/extract/functions.bif +++ b/src/file_analysis/analyzer/extract/functions.bif @@ -4,6 +4,7 @@ module FileExtract; %%{ #include "file_analysis/Manager.h" +#include "file_analysis/file_analysis.bif.h" %%} ## :zeek:see:`FileExtract::set_limit`. diff --git a/src/file_analysis/analyzer/x509/OCSP.cc b/src/file_analysis/analyzer/x509/OCSP.cc index dd7d378f0d..c861e1bcb5 100644 --- a/src/file_analysis/analyzer/x509/OCSP.cc +++ b/src/file_analysis/analyzer/x509/OCSP.cc @@ -10,6 +10,7 @@ #include "types.bif.h" #include "ocsp_events.bif.h" +#include "file_analysis/File.h" #include "file_analysis/Manager.h" #include diff --git a/src/file_analysis/analyzer/x509/OCSP.h b/src/file_analysis/analyzer/x509/OCSP.h index f3c1465ed1..06ea1dd25a 100644 --- a/src/file_analysis/analyzer/x509/OCSP.h +++ b/src/file_analysis/analyzer/x509/OCSP.h @@ -4,14 +4,14 @@ #include -#include "../File.h" -#include "Analyzer.h" #include "X509Common.h" #include namespace file_analysis { +class File; + class OCSP : public file_analysis::X509Common { public: bool DeliverStream(const u_char* data, uint64_t len) override; diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc index bf9539c9aa..a96f4e2fff 100644 --- a/src/file_analysis/analyzer/x509/X509.cc +++ b/src/file_analysis/analyzer/x509/X509.cc @@ -8,6 +8,7 @@ #include "events.bif.h" #include "types.bif.h" +#include "file_analysis/File.h" #include "file_analysis/Manager.h" #include diff --git a/src/file_analysis/analyzer/x509/X509Common.h b/src/file_analysis/analyzer/x509/X509Common.h index 72f667e6e9..2fd69c17ee 100644 --- a/src/file_analysis/analyzer/x509/X509Common.h +++ b/src/file_analysis/analyzer/x509/X509Common.h @@ -5,16 +5,20 @@ #pragma once -#include "file_analysis/File.h" #include "Analyzer.h" #include #include +class EventHandlerPtr; class Reporter; +class StringVal; namespace file_analysis { +class Tag; +class File; + class X509Common : public file_analysis::Analyzer { public: ~X509Common() override {}; diff --git a/src/iosource/Manager.cc b/src/iosource/Manager.cc index 1161171743..49c0fb50b8 100644 --- a/src/iosource/Manager.cc +++ b/src/iosource/Manager.cc @@ -14,6 +14,7 @@ #include "PktDumper.h" #include "plugin/Manager.h" #include "broker/Manager.h" +#include "NetVar.h" #include "util.h" diff --git a/src/plugin/ComponentManager.h b/src/plugin/ComponentManager.h index 8f146c573e..c8ff1d2791 100644 --- a/src/plugin/ComponentManager.h +++ b/src/plugin/ComponentManager.h @@ -8,6 +8,7 @@ #include "Var.h" // for add_type() #include "Val.h" #include "Reporter.h" +#include "Scope.h" #include "zeekygen/Manager.h" #include "DebugLogger.h" diff --git a/src/probabilistic/Topk.cc b/src/probabilistic/Topk.cc index 97ef572ddd..f76b3f4086 100644 --- a/src/probabilistic/Topk.cc +++ b/src/probabilistic/Topk.cc @@ -8,7 +8,7 @@ #include "CompHash.h" #include "IntrusivePtr.h" #include "Reporter.h" -#include "NetVar.h" +#include "Dict.h" namespace probabilistic { diff --git a/src/probabilistic/Topk.h b/src/probabilistic/Topk.h index bb1e313346..70df145e19 100644 --- a/src/probabilistic/Topk.h +++ b/src/probabilistic/Topk.h @@ -4,12 +4,13 @@ #include #include "Val.h" -#include "CompHash.h" #include "OpaqueVal.h" // This class implements the top-k algorithm. Or - to be more precise - an // interpretation of it. +class CompositeHash; + namespace probabilistic { struct Element; diff --git a/src/supervisor/Supervisor.cc b/src/supervisor/Supervisor.cc index a6193426b2..a1dd2a21d4 100644 --- a/src/supervisor/Supervisor.cc +++ b/src/supervisor/Supervisor.cc @@ -13,7 +13,11 @@ #include #include "iosource/Manager.h" +#include "BroString.h" +#include "Dict.h" +#include "RE.h" #include "Reporter.h" +#include "Scope.h" #include "DebugLogger.h" #include "ID.h" #include "Val.h" diff --git a/src/util.cc b/src/util.cc index b143d0a4ef..6429e1481d 100644 --- a/src/util.cc +++ b/src/util.cc @@ -44,6 +44,7 @@ #endif #include "Desc.h" +#include "Dict.h" #include "digest.h" #include "input.h" #include "Obj.h"