files/main: No empty file_ids

When an analyzer calls DataIn(), there's a costly callback construct
going through the event queue. If an analyzer does not have a
get_file_handle() handler installed, the produced file_id would
end up empty and ignored. Consequently, the get_file_handle() callback
was invoked for every new DataIn() invocations.

This is surprising and costly. Log a warning when this happens and
instead set a generically generated file handle value instead to
prevent the repeated get_file_handle() invocations.

NEWS

@@ -6,6 +6,13 @@ release. For an exhaustive list of changes, see the ``CHANGES`` file
 Zeek 6.0.0
 ==========
 
+Changed Functionality
+---------------------
+
+- When ``get_file_handle()`` is invoked for an analyzer that did not register
+  an appropriate callback function, log a warning and return a generic handle
+  value based on the analyzer and connection information.
+
 Zeek 5.2.0
 ==========
 

scripts/base/frameworks/files/main.zeek

@@ -513,7 +513,11 @@ function describe(f: fa_file): string
 event get_file_handle(tag: Files::Tag, c: connection, is_orig: bool) &priority=5
 	{
 	if ( tag !in registered_protocols )
+		{
+		Reporter::warning(fmt("get_file_handle() invoked for %s", tag));
+		set_file_handle(fmt("%s-fallback-%s-%s-%s", tag, c$uid, is_orig, network_time()));
 		return;
+		}
 
 	local handler = registered_protocols[tag];
 	set_file_handle(handler$get_file_handle(c, is_orig));