Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 23:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Allow analyzer violations to explicitly set tag.

Browse source 
We could already pass an overriding tag to
`Analyzer::AnalyzerConfirmation()`, but we didn't have that ability
for `AnalyzerViolation`, leading to the two potentially mismatching in
the analyzer they report.
This commit is contained in:
Robin Sommer 2022-04-12 09:34:05 +02:00
parent d29160e9de
commit d2e8c5e887
No known key found for this signature in database
GPG key ID: 6BEDA4DA6B8B23E3
6 changed files with 16 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/packet_analysis/Analyzer.cc
View file

@ -182,7 +182,7 @@ void Analyzer::AnalyzerConfirmation(session::Session* session, zeek::Tag arg_tag
}
void Analyzer::AnalyzerViolation(const char* reason, session::Session* session, const char* data,
int len)
int len, zeek::Tag arg_tag)
{
if ( ! analyzer_violation )
return;
@ -201,7 +201,7 @@ void Analyzer::AnalyzerViolation(const char* reason, session::Session* session,
else
r = make_intrusive<StringVal>(reason);
const auto& tval = tag.AsVal();
const auto& tval = arg_tag ? arg_tag.AsVal() : tag.AsVal();
event_mgr.Enqueue(analyzer_violation, session->GetVal(), tval, val_mgr->Count(0), std::move(r));
}