Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 01:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

file_analysis: Implement AnalyzerViolation() for file_analysis/Analyzer

Browse source 
Add a test parsing a malformed PE file showing that analyzer_violation_info
is raised with the fa_file object set.

It could be interesting to pass through an optional connection if one
exists, but access is provided through f$conns, too.
This commit is contained in:
Arne Welzel 2022-08-31 18:07:18 +02:00
parent bc8fd5a4c6
commit d5cd023dff
10 changed files with 145 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/file_analysis/analyzer/pe/PE.cc
View file

@ -30,6 +30,7 @@ bool PE::DeliverStream(const u_char* data, uint64_t len)
}
catch ( const binpac::Exception& e )
{
AnalyzerViolation(util::fmt("Binpac exception: %s", e.c_msg()));
return false;
}