Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 15:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

X509 caching API change: callback gets entry directly

Browse source 
Suggestion from Jon: now the callback is passed the table-entry
directly. This allows us to skip one lookup.
This commit is contained in:
Johanna Amann 2020-03-12 11:31:13 -07:00
parent 3ed9379b9e
commit e228061f1d
6 changed files with 11 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/file_analysis/analyzer/x509/X509.cc
View file

@ -51,7 +51,8 @@ bool file_analysis::X509::EndOfFile()
hash_final(ctx, buf);
std::string cert_sha256 = sha256_digest_print(buf);
auto index = make_intrusive<StringVal>(cert_sha256);
if ( certificate_cache->Lookup(index.get(), false) )
auto* entry = certificate_cache->Lookup(index.get(), false);
if ( entry )
// in this case, the certificate is in the cache and we do not
// do any further processing here. However, if there is a callback, we execute it.
{
@ -59,8 +60,9 @@ bool file_analysis::X509::EndOfFile()
return false;
// yup, let's call the callback.
val_list vl(2);
val_list vl(3);
vl.push_back(GetFile()->GetVal()->Ref());
vl.push_back(entry->Ref());
vl.push_back(new StringVal(cert_sha256));
IntrusivePtr<Val> v{AdoptRef{}, cache_hit_callback->Call(&vl)};
return false;

2
src/file_analysis/analyzer/x509/functions.bif
View file

@ -916,7 +916,7 @@ function x509_set_certificate_cache%(tbl: string_any_table%) : bool
## callback function if you are sure you will not conflict with the base scripts.
##
## .. zeek:see:: x509_set_certificate_cache
function x509_set_certificate_cache_hit_callback%(f: string_file_hook%) : bool
function x509_set_certificate_cache_hit_callback%(f: string_any_file_hook%) : bool
%{
file_analysis::X509::SetCertificateCacheHitCallback({NewRef{}, f->AsFunc()});