FileAnalysis: libmagic tweaks.

Remove verbose file type detection and automatically strip out charset from mime type.
2025-10-05 08:08:19 +00:00 · 2013-04-11 13:11:46 -05:00 · 2013-04-11 13:11:46 -05:00 · e81f2ae7b0
commit e81f2ae7b0
parent 2fba37e277
23 changed files with 27 additions and 70 deletions
--- a/src/file_analysis/File.cc
+++ b/src/file_analysis/File.cc
@ -45,10 +45,8 @@ int File::overflow_bytes_idx = -1;
 int File::timeout_interval_idx = -1;
 int File::bof_buffer_size_idx = -1;
 int File::bof_buffer_idx = -1;
-int File::file_type_idx = -1;
 int File::mime_type_idx = -1;

-magic_t File::magic = 0;
 magic_t File::magic_mime = 0;

 string File::salt;
@ -69,10 +67,8 @@ void File::StaticInit()
 	timeout_interval_idx = Idx("timeout_interval");
 	bof_buffer_size_idx = Idx("bof_buffer_size");
 	bof_buffer_idx = Idx("bof_buffer");
-	file_type_idx = Idx("file_type");
 	mime_type_idx = Idx("mime_type");

-	bro_init_magic(&magic, MAGIC_NONE);
 	bro_init_magic(&magic_mime, MAGIC_MIME);

 	salt = BifConst::FileAnalysis::salt->CheckString();
@ -247,18 +243,22 @@ bool File::BufferBOF(const u_char* data, uint64 len)
 	return true;
 	}

-bool File::DetectTypes(const u_char* data, uint64 len)
+bool File::DetectMIME(const u_char* data, uint64 len)
 	{
-	const char* desc = bro_magic_buffer(magic, data, len);
 	const char* mime = bro_magic_buffer(magic_mime, data, len);

-	if ( desc )
-		val->Assign(file_type_idx, new StringVal(desc));
-
 	if ( mime )
-		val->Assign(mime_type_idx, new StringVal(mime));
+		{
+		const char* mime_end = strchr(mime, ';');

-	return desc || mime;
+		if ( mime_end )
+			// strip off charset
+			val->Assign(mime_type_idx, new StringVal(mime_end - mime, mime));
+		else
+			val->Assign(mime_type_idx, new StringVal(mime));
+		}
+
+	return mime;
 	}

 void File::ReplayBOF()
@ -276,7 +276,7 @@ void File::ReplayBOF()
 	BroString* bs = concatenate(bof_buffer.chunks);
 	val->Assign(bof_buffer_idx, new StringVal(bs));

-	DetectTypes(bs->Bytes(), bs->Len());
+	DetectMIME(bs->Bytes(), bs->Len());

 	FileEvent(file_new);

@ -291,7 +291,7 @@ void File::DataIn(const u_char* data, uint64 len, uint64 offset)
 	if ( first_chunk )
 		{
 		// TODO: this should all really be delayed until we attempt reassembly
-		DetectTypes(data, len);
+		DetectMIME(data, len);
 		FileEvent(file_new);
 		first_chunk = false;
 		}
@ -326,7 +326,7 @@ void File::DataIn(const u_char* data, uint64 len)

 	if ( missed_bof )
 		{
-		DetectTypes(data, len);
+		DetectMIME(data, len);
 		FileEvent(file_new);
 		missed_bof = false;
 		}
--- a/src/file_analysis/File.h
+++ b/src/file_analysis/File.h
@ -170,11 +170,11 @@ protected:
 	void ReplayBOF();

 	/**
-	 * Does file/mime type detection and assigns types (if available) to
-	 * corresponding fields in #val.
-	 * @return whether a file or mime type was available.
+	 * Does mime type detection and assigns type (if available) to \c mime_type
+	 * field in #val.
+	 * @return whether mime type was available.
 	 */
-	bool DetectTypes(const u_char* data, uint64 len);
+	bool DetectMIME(const u_char* data, uint64 len);

 	FileID id;                 /**< A pretty hash that likely identifies file */
 	string unique;             /**< A string that uniquely identifies file */
@ -207,7 +207,6 @@ protected:
 	 */
 	static void StaticInit();

-	static magic_t magic;
 	static magic_t magic_mime;

 	static string salt;
@ -224,7 +223,6 @@ protected:
 	static int timeout_interval_idx;
 	static int bof_buffer_size_idx;
 	static int bof_buffer_idx;
-	static int file_type_idx;
 	static int mime_type_idx;
 };