Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 07:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Use type aliases for IntrusivePtr definitions

Browse source
This commit is contained in:
Tim Wojtulewicz 2020-06-24 16:46:34 -04:00
parent f6a251cdac
commit ec9eff0bd5
180 changed files with 2026 additions and 1893 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/file_analysis/Analyzer.cc
View file

@ -19,7 +19,7 @@ void file_analysis::Analyzer::SetAnalyzerTag(const file_analysis::Tag& arg_tag)
}
file_analysis::Analyzer::Analyzer(file_analysis::Tag arg_tag,
zeek::IntrusivePtr<RecordVal> arg_args,
RecordValPtr arg_args,
File* arg_file)
: tag(arg_tag),
args(std::move(arg_args)),
@ -30,7 +30,7 @@ file_analysis::Analyzer::Analyzer(file_analysis::Tag arg_tag,
id = ++id_counter;
}
file_analysis::Analyzer::Analyzer(zeek::IntrusivePtr<RecordVal> arg_args, File* arg_file)
file_analysis::Analyzer::Analyzer(RecordValPtr arg_args, File* arg_file)
: Analyzer({}, std::move(arg_args), arg_file)
{}

10
src/file_analysis/Analyzer.h
View file

@ -7,6 +7,7 @@
#include <sys/types.h> // for u_char
class RecordVal;
using RecordValPtr = zeek::IntrusivePtr<RecordVal>;
namespace file_analysis {
@ -95,7 +96,7 @@ public:
/**
* @return the AnalyzerArgs associated with the analyzer.
*/
const zeek::IntrusivePtr<RecordVal>& GetArgs() const
const RecordValPtr& GetArgs() const
{ return args; }
[[deprecated("Remove in v4.1. Use GetArgs().")]]
@ -151,8 +152,7 @@ protected:
* tunable options, if any, related to a particular analyzer type.
* @param arg_file the file to which the the analyzer is being attached.
*/
Analyzer(file_analysis::Tag arg_tag, zeek::IntrusivePtr<RecordVal> arg_args,
File* arg_file);
Analyzer(file_analysis::Tag arg_tag, RecordValPtr arg_args, File* arg_file);
[[deprecated("Remove in v4.1.. Construct using IntrusivePtr instead.")]]
Analyzer(file_analysis::Tag arg_tag, RecordVal* arg_args, File* arg_file);
@ -166,7 +166,7 @@ protected:
* tunable options, if any, related to a particular analyzer type.
* @param arg_file the file to which the the analyzer is being attached.
*/
Analyzer(zeek::IntrusivePtr<RecordVal> arg_args, File* arg_file);
Analyzer(RecordValPtr arg_args, File* arg_file);
[[deprecated("Remove in v4.1.. Construct using IntrusivePtr instead.")]]
Analyzer(RecordVal* arg_args, File* arg_file);
@ -175,7 +175,7 @@ private:
ID id; /**< Unique instance ID. */
file_analysis::Tag tag; /**< The particular type of the analyzer instance. */
zeek::IntrusivePtr<RecordVal> args; /**< \c AnalyzerArgs val gives tunable analyzer params. */
RecordValPtr args; /**< \c AnalyzerArgs val gives tunable analyzer params. */
File* file; /**< The file to which the analyzer is attached. */
bool got_stream_delivery;
bool skip;

14
src/file_analysis/AnalyzerSet.cc
View file

@ -41,14 +41,14 @@ AnalyzerSet::~AnalyzerSet()
}
Analyzer* AnalyzerSet::Find(const file_analysis::Tag& tag,
zeek::IntrusivePtr<RecordVal> args)
RecordValPtr args)
{
auto key = GetKey(tag, std::move(args));
Analyzer* rval = analyzer_map.Lookup(key.get());
return rval;
}
bool AnalyzerSet::Add(const file_analysis::Tag& tag, zeek::IntrusivePtr<RecordVal> args)
bool AnalyzerSet::Add(const file_analysis::Tag& tag, RecordValPtr args)
{
auto key = GetKey(tag, args);
@ -72,7 +72,7 @@ bool AnalyzerSet::Add(const file_analysis::Tag& tag, zeek::IntrusivePtr<RecordVa
}
Analyzer* AnalyzerSet::QueueAdd(const file_analysis::Tag& tag,
zeek::IntrusivePtr<RecordVal> args)
RecordValPtr args)
{
auto key = GetKey(tag, args);
file_analysis::Analyzer* a = InstantiateAnalyzer(tag, std::move(args));
@ -108,7 +108,7 @@ void AnalyzerSet::AddMod::Abort()
}
bool AnalyzerSet::Remove(const file_analysis::Tag& tag,
zeek::IntrusivePtr<RecordVal> args)
RecordValPtr args)
{
return Remove(tag, GetKey(tag, std::move(args)));
}
@ -140,7 +140,7 @@ bool AnalyzerSet::Remove(const file_analysis::Tag& tag,
}
bool AnalyzerSet::QueueRemove(const file_analysis::Tag& tag,
zeek::IntrusivePtr<RecordVal> args)
RecordValPtr args)
{
auto key = GetKey(tag, std::move(args));
auto rval = analyzer_map.Lookup(key.get());
@ -154,7 +154,7 @@ bool AnalyzerSet::RemoveMod::Perform(AnalyzerSet* set)
}
std::unique_ptr<HashKey> AnalyzerSet::GetKey(const file_analysis::Tag& t,
zeek::IntrusivePtr<RecordVal> args) const
RecordValPtr args) const
{
auto lv = zeek::make_intrusive<ListVal>(zeek::TYPE_ANY);
lv->Append(t.AsVal());
@ -168,7 +168,7 @@ std::unique_ptr<HashKey> AnalyzerSet::GetKey(const file_analysis::Tag& t,
}
file_analysis::Analyzer* AnalyzerSet::InstantiateAnalyzer(const Tag& tag,
zeek::IntrusivePtr<RecordVal> args) const
RecordValPtr args) const
{
auto a = file_mgr->InstantiateAnalyzer(tag, std::move(args), file);

16
src/file_analysis/AnalyzerSet.h
View file

@ -9,7 +9,9 @@
#include "Tag.h"
class CompositeHash;
class RecordVal;
using RecordValPtr = zeek::IntrusivePtr<RecordVal>;
namespace file_analysis {
@ -43,7 +45,7 @@ public:
* @param args an \c AnalyzerArgs record.
* @return pointer to an analyzer instance, or a null pointer if not found.
*/
Analyzer* Find(const file_analysis::Tag& tag, zeek::IntrusivePtr<RecordVal> args);
Analyzer* Find(const file_analysis::Tag& tag, RecordValPtr args);
/**
* Attach an analyzer to #file immediately.
@ -51,7 +53,7 @@ public:
* @param args an \c AnalyzerArgs value which specifies an analyzer.
* @return true if analyzer was instantiated/attached, else false.
*/
bool Add(const file_analysis::Tag& tag, zeek::IntrusivePtr<RecordVal> args);
bool Add(const file_analysis::Tag& tag, RecordValPtr args);
/**
* Queue the attachment of an analyzer to #file.
@ -61,7 +63,7 @@ public:
* a null pointer. The caller does *not* take ownership of the memory.
*/
file_analysis::Analyzer* QueueAdd(const file_analysis::Tag& tag,
zeek::IntrusivePtr<RecordVal> args);
RecordValPtr args);
/**
* Remove an analyzer from #file immediately.
@ -69,7 +71,7 @@ public:
* @param args an \c AnalyzerArgs value which specifies an analyzer.
* @return false if analyzer didn't exist and so wasn't removed, else true.
*/
bool Remove(const file_analysis::Tag& tag, zeek::IntrusivePtr<RecordVal> args);
bool Remove(const file_analysis::Tag& tag, RecordValPtr args);
/**
* Queue the removal of an analyzer from #file.
@ -77,7 +79,7 @@ public:
* @param args an \c AnalyzerArgs value which specifies an analyzer.
* @return true if analyzer exists at time of call, else false;
*/
bool QueueRemove(const file_analysis::Tag& tag, zeek::IntrusivePtr<RecordVal> args);
bool QueueRemove(const file_analysis::Tag& tag, RecordValPtr args);
/**
* Perform all queued modifications to the current analyzer set.
@ -111,7 +113,7 @@ protected:
* @return the hash key calculated from \a args
*/
std::unique_ptr<HashKey> GetKey(const file_analysis::Tag& tag,
zeek::IntrusivePtr<RecordVal> args) const;
RecordValPtr args) const;
/**
* Create an instance of a file analyzer.
@ -120,7 +122,7 @@ protected:
* @return a new file analyzer instance.
*/
file_analysis::Analyzer* InstantiateAnalyzer(const file_analysis::Tag& tag,
zeek::IntrusivePtr<RecordVal> args) const;
RecordValPtr args) const;
/**
* Insert an analyzer instance in to the set.

3
src/file_analysis/Component.h
View file

@ -9,6 +9,7 @@
#include "../zeek-config.h"
class RecordVal;
using RecordValPtr = zeek::IntrusivePtr<RecordVal>;
namespace file_analysis {
@ -26,7 +27,7 @@ class Component : public zeek::plugin::Component,
public plugin::TaggedComponent<file_analysis::Tag> {
public:
typedef Analyzer* (*factory_callback)(RecordVal* args, File* file);
using factory_function = Analyzer* (*)(zeek::IntrusivePtr<RecordVal> args, File* file);
using factory_function = Analyzer* (*)(RecordValPtr args, File* file);
/**
* Constructor.

10
src/file_analysis/File.cc
View file

@ -21,7 +21,7 @@
using namespace file_analysis;
static zeek::IntrusivePtr<TableVal> empty_connection_table()
static TableValPtr empty_connection_table()
{
auto tbl_index = zeek::make_intrusive<zeek::TypeList>(zeek::id::conn_id);
tbl_index->Append(zeek::id::conn_id);
@ -30,7 +30,7 @@ static zeek::IntrusivePtr<TableVal> empty_connection_table()
return zeek::make_intrusive<TableVal>(std::move(tbl_type));
}
static zeek::IntrusivePtr<RecordVal> get_conn_id_val(const Connection* conn)
static RecordValPtr get_conn_id_val(const Connection* conn)
{
auto v = zeek::make_intrusive<RecordVal>(zeek::id::conn_id);
v->Assign(0, zeek::make_intrusive<AddrVal>(conn->OrigAddr()));
@ -206,7 +206,7 @@ void File::SetTimeoutInterval(double interval)
bool File::SetExtractionLimit(RecordVal* args, uint64_t bytes)
{ return SetExtractionLimit({zeek::NewRef{}, args}, bytes); }
bool File::SetExtractionLimit(zeek::IntrusivePtr<RecordVal> args, uint64_t bytes)
bool File::SetExtractionLimit(RecordValPtr args, uint64_t bytes)
{
Analyzer* a = analyzers.Find(file_mgr->GetComponentTag("EXTRACT"),
std::move(args));
@ -256,7 +256,7 @@ void File::ScheduleInactivityTimer() const
bool File::AddAnalyzer(file_analysis::Tag tag, RecordVal* args)
{ return AddAnalyzer(tag, {zeek::NewRef{}, args}); }
bool File::AddAnalyzer(file_analysis::Tag tag, zeek::IntrusivePtr<RecordVal> args)
bool File::AddAnalyzer(file_analysis::Tag tag, RecordValPtr args)
{
DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Queuing addition of %s analyzer",
id.c_str(), file_mgr->GetComponentName(tag).c_str());
@ -270,7 +270,7 @@ bool File::AddAnalyzer(file_analysis::Tag tag, zeek::IntrusivePtr<RecordVal> arg
bool File::RemoveAnalyzer(file_analysis::Tag tag, RecordVal* args)
{ return RemoveAnalyzer(tag, {zeek::NewRef{}, args}); }
bool File::RemoveAnalyzer(file_analysis::Tag tag, zeek::IntrusivePtr<RecordVal> args)
bool File::RemoveAnalyzer(file_analysis::Tag tag, RecordValPtr args)
{
DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Queuing remove of %s analyzer",
id.c_str(), file_mgr->GetComponentName(tag).c_str());

19
src/file_analysis/File.h
View file

@ -14,10 +14,15 @@
#include "WeirdState.h"
class Connection;
class RecordVal;
class EventHandlerPtr;
ZEEK_FORWARD_DECLARE_NAMESPACED(RecordType, zeek);
namespace zeek {
using RecordTypePtr = zeek::IntrusivePtr<zeek::RecordType>;
}
class RecordVal;
using RecordValPtr = zeek::IntrusivePtr<RecordVal>;
namespace file_analysis {
@ -39,7 +44,7 @@ public:
/**
* @return the wrapped \c fa_file record value, #val.
*/
const zeek::IntrusivePtr<RecordVal>& ToVal() const
const RecordValPtr& ToVal() const
{ return val; }
[[deprecated("Remove in v4.1. Use ToVal().")]]
@ -75,7 +80,7 @@ public:
* @param bytes new limit.
* @return false if no extraction analyzer is active, else true.
*/
bool SetExtractionLimit(zeek::IntrusivePtr<RecordVal> args, uint64_t bytes);
bool SetExtractionLimit(RecordValPtr args, uint64_t bytes);
[[deprecated("Remove in v4.1. Pass an IntrusivePtr instead.")]]
bool SetExtractionLimit(RecordVal* args, uint64_t bytes);
@ -123,7 +128,7 @@ public:
* @param args an \c AnalyzerArgs value representing a file analyzer.
* @return false if analyzer can't be instantiated, else true.
*/
bool AddAnalyzer(file_analysis::Tag tag, zeek::IntrusivePtr<RecordVal> args);
bool AddAnalyzer(file_analysis::Tag tag, RecordValPtr args);
[[deprecated("Remove in v4.1. Pass an IntrusivePtr instead.")]]
bool AddAnalyzer(file_analysis::Tag tag, RecordVal* args);
@ -134,7 +139,7 @@ public:
* @param args an \c AnalyzerArgs value representing a file analyzer.
* @return true if analyzer was active at time of call, else false.
*/
bool RemoveAnalyzer(file_analysis::Tag tag, zeek::IntrusivePtr<RecordVal> args);
bool RemoveAnalyzer(file_analysis::Tag tag, RecordValPtr args);
[[deprecated("Remove in v4.1. Pass an IntrusivePtr instead.")]]
bool RemoveAnalyzer(file_analysis::Tag tag, RecordVal* args);
@ -338,7 +343,7 @@ protected:
* @return the field offset in #val record corresponding to \a field_name.
*/
static int Idx(const std::string& field_name, const zeek::RecordType* type);
static int Idx(const std::string& field_name, const zeek::IntrusivePtr<zeek::RecordType>& type)
static int Idx(const std::string& field_name, const zeek::RecordTypePtr& type)
{ return Idx(field_name, type.get()); }
/**
@ -348,7 +353,7 @@ protected:
protected:
std::string id; /**< A pretty hash that likely identifies file */
zeek::IntrusivePtr<RecordVal> val; /**< \c fa_file from script layer. */
RecordValPtr val; /**< \c fa_file from script layer. */
FileReassembler* file_reassembler; /**< A reassembler for the file if it's needed. */
uint64_t stream_offset; /**< The offset of the file which has been forwarded. */
uint64_t reassembly_max_buffer; /**< Maximum allowed buffer for reassembly. */

10
src/file_analysis/Manager.cc
View file

@ -263,7 +263,7 @@ bool Manager::SetExtractionLimit(const string& file_id, RecordVal* args,
{ return SetExtractionLimit(file_id, {zeek::NewRef{}, args}, n); }
bool Manager::SetExtractionLimit(const string& file_id,
zeek::IntrusivePtr<RecordVal> args, uint64_t n) const
RecordValPtr args, uint64_t n) const
{
File* file = LookupFile(file_id);
@ -278,7 +278,7 @@ bool Manager::AddAnalyzer(const string& file_id, const file_analysis::Tag& tag,
{ return AddAnalyzer(file_id, tag, {zeek::NewRef{}, args}); }
bool Manager::AddAnalyzer(const string& file_id, const file_analysis::Tag& tag,
zeek::IntrusivePtr<RecordVal> args) const
RecordValPtr args) const
{
File* file = LookupFile(file_id);
@ -293,7 +293,7 @@ bool Manager::RemoveAnalyzer(const string& file_id, const file_analysis::Tag& ta
{ return RemoveAnalyzer(file_id, tag, {zeek::NewRef{}, args}); }
bool Manager::RemoveAnalyzer(const string& file_id, const file_analysis::Tag& tag,
zeek::IntrusivePtr<RecordVal> args) const
RecordValPtr args) const
{
File* file = LookupFile(file_id);
@ -458,7 +458,7 @@ Analyzer* Manager::InstantiateAnalyzer(const Tag& tag, RecordVal* args, File* f)
{ return InstantiateAnalyzer(tag, {zeek::NewRef{}, args}, f); }
Analyzer* Manager::InstantiateAnalyzer(const Tag& tag,
zeek::IntrusivePtr<RecordVal> args,
RecordValPtr args,
File* f) const
{
Component* c = Lookup(tag);
@ -517,7 +517,7 @@ string Manager::DetectMIME(const u_char* data, uint64_t len) const
return *(matches.begin()->second.begin());
}
zeek::IntrusivePtr<VectorVal> file_analysis::GenMIMEMatchesVal(const RuleMatcher::MIME_Matches& m)
VectorValPtr file_analysis::GenMIMEMatchesVal(const RuleMatcher::MIME_Matches& m)
{
static auto mime_matches = zeek::id::find_type<zeek::VectorType>("mime_matches");
static auto mime_match = zeek::id::find_type<zeek::RecordType>("mime_match");

10
src/file_analysis/Manager.h
View file

@ -254,7 +254,7 @@ public:
* else true.
*/
bool SetExtractionLimit(const std::string& file_id,
zeek::IntrusivePtr<RecordVal> args, uint64_t n) const;
RecordValPtr args, uint64_t n) const;
[[deprecated("Remove in v4.1. Pass IntrusivePtr args param instead.")]]
bool SetExtractionLimit(const std::string& file_id, RecordVal* args,
@ -278,7 +278,7 @@ public:
* @return false if the analyzer failed to be instantiated, else true.
*/
bool AddAnalyzer(const std::string& file_id, const file_analysis::Tag& tag,
zeek::IntrusivePtr<RecordVal> args) const;
RecordValPtr args) const;
[[deprecated("Remove in v4.1. Pass IntrusivePtr args param instead.")]]
bool AddAnalyzer(const std::string& file_id, const file_analysis::Tag& tag,
@ -292,7 +292,7 @@ public:
* @return true if the analyzer is active at the time of call, else false.
*/
bool RemoveAnalyzer(const std::string& file_id, const file_analysis::Tag& tag,
zeek::IntrusivePtr<RecordVal> args) const;
RecordValPtr args) const;
[[deprecated("Remove in v4.1. Pass IntrusivePtr args param instead.")]]
bool RemoveAnalyzer(const std::string& file_id, const file_analysis::Tag& tag,
@ -312,7 +312,7 @@ public:
* @param f The file analzer is to be associated with.
* @return The new analyzer instance or null if tag is invalid.
*/
Analyzer* InstantiateAnalyzer(const Tag& tag, zeek::IntrusivePtr<RecordVal> args,
Analyzer* InstantiateAnalyzer(const Tag& tag, RecordValPtr args,
File* f) const;
[[deprecated("Remove in v4.1. Pass in IntrusivePtr args instead.")]]
@ -438,7 +438,7 @@ private:
* Returns a script-layer value corresponding to the \c mime_matches type.
* @param m The MIME match information with which to populate the value.
*/
zeek::IntrusivePtr<VectorVal> GenMIMEMatchesVal(const RuleMatcher::MIME_Matches& m);
VectorValPtr GenMIMEMatchesVal(const RuleMatcher::MIME_Matches& m);
} // namespace file_analysis

4
src/file_analysis/Tag.cc
View file

@ -18,7 +18,7 @@ file_analysis::Tag& file_analysis::Tag::operator=(const file_analysis::Tag& othe
return *this;
}
const zeek::IntrusivePtr<EnumVal>& file_analysis::Tag::AsVal() const
const EnumValPtr& file_analysis::Tag::AsVal() const
{
return ::Tag::AsVal(file_mgr->GetTagType());
}
@ -28,7 +28,7 @@ EnumVal* file_analysis::Tag::AsEnumVal() const
return AsVal().get();
}
file_analysis::Tag::Tag(zeek::IntrusivePtr<EnumVal> val)
file_analysis::Tag::Tag(EnumValPtr val)
: ::Tag(std::move(val))
{ }

4
src/file_analysis/Tag.h
View file

@ -88,7 +88,7 @@ public:
*
* @param etype the script-layer enum type associated with the tag.
*/
const zeek::IntrusivePtr<EnumVal>& AsVal() const;
const EnumValPtr& AsVal() const;
[[deprecated("Remove in v4.1. Use AsVal() instead.")]]
EnumVal* AsEnumVal() const;
@ -116,7 +116,7 @@ protected:
*
* @param val An enum value of script type \c Files::Tag.
*/
explicit Tag(zeek::IntrusivePtr<EnumVal> val);
explicit Tag(EnumValPtr val);
[[deprecated("Remove in v4.1. Construct from IntrusivePtr instead.")]]
explicit Tag(EnumVal* val);

4
src/file_analysis/analyzer/data_event/DataEvent.cc
View file

@ -11,7 +11,7 @@
using namespace file_analysis;
DataEvent::DataEvent(zeek::IntrusivePtr<RecordVal> args, File* file,
DataEvent::DataEvent(RecordValPtr args, File* file,
EventHandlerPtr ce, EventHandlerPtr se)
: file_analysis::Analyzer(file_mgr->GetComponentTag("DATA_EVENT"),
std::move(args), file),
@ -19,7 +19,7 @@ DataEvent::DataEvent(zeek::IntrusivePtr<RecordVal> args, File* file,
{
}
file_analysis::Analyzer* DataEvent::Instantiate(zeek::IntrusivePtr<RecordVal> args,
file_analysis::Analyzer* DataEvent::Instantiate(RecordValPtr args,
File* file)
{
const auto& chunk_val = args->GetField("chunk_event");

4
src/file_analysis/analyzer/data_event/DataEvent.h
View file

@ -43,7 +43,7 @@ public:
* @return the new DataEvent analyzer instance or a null pointer if
* no "chunk_event" or "stream_event" field was specfied in \a args.
*/
static file_analysis::Analyzer* Instantiate(zeek::IntrusivePtr<RecordVal> args,
static file_analysis::Analyzer* Instantiate(RecordValPtr args,
File* file);
protected:
@ -57,7 +57,7 @@ protected:
* @param se pointer to event handler which will be called to receive
* sequential file data.
*/
DataEvent(zeek::IntrusivePtr<RecordVal> args, File* file,
DataEvent(RecordValPtr args, File* file,
EventHandlerPtr ce, EventHandlerPtr se);
private:

4
src/file_analysis/analyzer/entropy/Entropy.cc
View file

@ -9,7 +9,7 @@
using namespace file_analysis;
Entropy::Entropy(zeek::IntrusivePtr<RecordVal> args, File* file)
Entropy::Entropy(RecordValPtr args, File* file)
: file_analysis::Analyzer(file_mgr->GetComponentTag("ENTROPY"),
std::move(args), file)
{
@ -23,7 +23,7 @@ Entropy::~Entropy()
Unref(entropy);
}
file_analysis::Analyzer* Entropy::Instantiate(zeek::IntrusivePtr<RecordVal> args,
file_analysis::Analyzer* Entropy::Instantiate(RecordValPtr args,
File* file)
{
return new Entropy(std::move(args), file);

4
src/file_analysis/analyzer/entropy/Entropy.h
View file

@ -31,7 +31,7 @@ public:
* @return the new Entropy analyzer instance or a null pointer if the
* the "extraction_file" field of \a args wasn't set.
*/
static file_analysis::Analyzer* Instantiate(zeek::IntrusivePtr<RecordVal> args,
static file_analysis::Analyzer* Instantiate(RecordValPtr args,
File* file);
/**
@ -66,7 +66,7 @@ protected:
* @param hv specific hash calculator object.
* @param kind human readable name of the hash algorithm to use.
*/
Entropy(zeek::IntrusivePtr<RecordVal> args, File* file);
Entropy(RecordValPtr args, File* file);
/**
* If some file contents have been seen, finalizes the entropy of them and

8
src/file_analysis/analyzer/extract/Extract.cc
View file

@ -10,7 +10,7 @@
using namespace file_analysis;
Extract::Extract(zeek::IntrusivePtr<RecordVal> args, File* file,
Extract::Extract(RecordValPtr args, File* file,
const std::string& arg_filename, uint64_t arg_limit)
: file_analysis::Analyzer(file_mgr->GetComponentTag("EXTRACT"),
std::move(args), file),
@ -33,8 +33,8 @@ Extract::~Extract()
safe_close(fd);
}
static const zeek::IntrusivePtr<Val>& get_extract_field_val(const zeek::IntrusivePtr<RecordVal>& args,
const char* name)
static const ValPtr& get_extract_field_val(const RecordValPtr& args,
const char* name)
{
const auto& rval = args->GetField(name);
@ -44,7 +44,7 @@ static const zeek::IntrusivePtr<Val>& get_extract_field_val(const zeek::Intrusiv
return rval;
}
file_analysis::Analyzer* Extract::Instantiate(zeek::IntrusivePtr<RecordVal> args, File* file)
file_analysis::Analyzer* Extract::Instantiate(RecordValPtr args, File* file)
{
const auto& fname = get_extract_field_val(args, "extract_filename");
const auto& limit = get_extract_field_val(args, "extract_limit");

4
src/file_analysis/analyzer/extract/Extract.h
View file

@ -47,7 +47,7 @@ public:
* @return the new Extract analyzer instance or a null pointer if the
* the "extraction_file" field of \a args wasn't set.
*/
static file_analysis::Analyzer* Instantiate(zeek::IntrusivePtr<RecordVal> args,
static file_analysis::Analyzer* Instantiate(RecordValPtr args,
File* file);
/**
@ -67,7 +67,7 @@ protected:
* to which the contents of the file will be extracted/written.
* @param arg_limit the maximum allowed file size.
*/
Extract(zeek::IntrusivePtr<RecordVal> args, File* file,
Extract(RecordValPtr args, File* file,
const std::string& arg_filename, uint64_t arg_limit);
private:

2
src/file_analysis/analyzer/hash/Hash.cc
View file

@ -9,7 +9,7 @@
using namespace file_analysis;
Hash::Hash(zeek::IntrusivePtr<RecordVal> args, File* file, HashVal* hv, const char* arg_kind)
Hash::Hash(RecordValPtr args, File* file, HashVal* hv, const char* arg_kind)
: file_analysis::Analyzer(file_mgr->GetComponentTag(to_upper(arg_kind).c_str()),
std::move(args), file),
hash(hv), fed(false), kind(arg_kind)

14
src/file_analysis/analyzer/hash/Hash.h
View file

@ -56,7 +56,7 @@ protected:
* @param hv specific hash calculator object.
* @param kind human readable name of the hash algorithm to use.
*/
Hash(zeek::IntrusivePtr<RecordVal> args, File* file, HashVal* hv, const char* kind);
Hash(RecordValPtr args, File* file, HashVal* hv, const char* kind);
/**
* If some file contents have been seen, finalizes the hash of them and
@ -83,7 +83,7 @@ public:
* @return the new MD5 analyzer instance or a null pointer if there's no
* handler for the "file_hash" event.
*/
static file_analysis::Analyzer* Instantiate(zeek::IntrusivePtr<RecordVal> args,
static file_analysis::Analyzer* Instantiate(RecordValPtr args,
File* file)
{ return file_hash ? new MD5(std::move(args), file) : nullptr; }
@ -94,7 +94,7 @@ protected:
* @param args the \c AnalyzerArgs value which represents the analyzer.
* @param file the file to which the analyzer will be attached.
*/
MD5(zeek::IntrusivePtr<RecordVal> args, File* file)
MD5(RecordValPtr args, File* file)
: Hash(std::move(args), file, new MD5Val(), "md5")
{}
};
@ -112,7 +112,7 @@ public:
* @return the new MD5 analyzer instance or a null pointer if there's no
* handler for the "file_hash" event.
*/
static file_analysis::Analyzer* Instantiate(zeek::IntrusivePtr<RecordVal> args,
static file_analysis::Analyzer* Instantiate(RecordValPtr args,
File* file)
{ return file_hash ? new SHA1(std::move(args), file) : nullptr; }
@ -123,7 +123,7 @@ protected:
* @param args the \c AnalyzerArgs value which represents the analyzer.
* @param file the file to which the analyzer will be attached.
*/
SHA1(zeek::IntrusivePtr<RecordVal> args, File* file)
SHA1(RecordValPtr args, File* file)
: Hash(std::move(args), file, new SHA1Val(), "sha1")
{}
};
@ -141,7 +141,7 @@ public:
* @return the new MD5 analyzer instance or a null pointer if there's no
* handler for the "file_hash" event.
*/
static file_analysis::Analyzer* Instantiate(zeek::IntrusivePtr<RecordVal> args,
static file_analysis::Analyzer* Instantiate(RecordValPtr args,
File* file)
{ return file_hash ? new SHA256(std::move(args), file) : nullptr; }
@ -152,7 +152,7 @@ protected:
* @param args the \c AnalyzerArgs value which represents the analyzer.
* @param file the file to which the analyzer will be attached.
*/
SHA256(zeek::IntrusivePtr<RecordVal> args, File* file)
SHA256(RecordValPtr args, File* file)
: Hash(std::move(args), file, new SHA256Val(), "sha256")
{}
};

2
src/file_analysis/analyzer/pe/PE.cc
View file

@ -3,7 +3,7 @@
using namespace file_analysis;
PE::PE(zeek::IntrusivePtr<RecordVal> args, File* file)
PE::PE(RecordValPtr args, File* file)
: file_analysis::Analyzer(file_mgr->GetComponentTag("PE"), std::move(args),
file)
{

4
src/file_analysis/analyzer/pe/PE.h
View file

@ -15,7 +15,7 @@ class PE : public file_analysis::Analyzer {
public:
~PE();
static file_analysis::Analyzer* Instantiate(zeek::IntrusivePtr<RecordVal> args,
static file_analysis::Analyzer* Instantiate(RecordValPtr args,
File* file)
{ return new PE(std::move(args), file); }
@ -24,7 +24,7 @@ public:
virtual bool EndOfFile();
protected:
PE(zeek::IntrusivePtr<RecordVal> args, File* file);
PE(RecordValPtr args, File* file);
binpac::PE::File* interp;
binpac::PE::MockConnection* conn;
bool done;

8
src/file_analysis/analyzer/pe/pe-analyzer.pac
View file

@ -5,12 +5,12 @@
%}
%header{
zeek::IntrusivePtr<VectorVal> process_rvas(const RVAS* rvas);
zeek::IntrusivePtr<TableVal> characteristics_to_bro(uint32_t c, uint8_t len);
VectorValPtr process_rvas(const RVAS* rvas);
TableValPtr characteristics_to_bro(uint32_t c, uint8_t len);
%}
%code{
zeek::IntrusivePtr<VectorVal> process_rvas(const RVAS* rva_table)
VectorValPtr process_rvas(const RVAS* rva_table)
{
auto rvas = zeek::make_intrusive<VectorVal>(zeek::id::index_vec);
@ -20,7 +20,7 @@ zeek::IntrusivePtr<VectorVal> process_rvas(const RVAS* rva_table)
return rvas;
}
zeek::IntrusivePtr<TableVal> characteristics_to_bro(uint32_t c, uint8_t len)
TableValPtr characteristics_to_bro(uint32_t c, uint8_t len)
{
uint64 mask = (len==16) ? 0xFFFF : 0xFFFFFFFF;
auto char_set = zeek::make_intrusive<TableVal>(zeek::id::count_set);

4
src/file_analysis/analyzer/unified2/Unified2.cc
View file

@ -5,7 +5,7 @@
using namespace file_analysis;
Unified2::Unified2(zeek::IntrusivePtr<RecordVal> args, File* file)
Unified2::Unified2(RecordValPtr args, File* file)
: file_analysis::Analyzer(file_mgr->GetComponentTag("UNIFIED2"), std::move(args), file)
{
interp = new binpac::Unified2::Unified2_Analyzer(this);
@ -16,7 +16,7 @@ Unified2::~Unified2()
delete interp;
}
file_analysis::Analyzer* Unified2::Instantiate(zeek::IntrusivePtr<RecordVal> args, File* file)
file_analysis::Analyzer* Unified2::Instantiate(RecordValPtr args, File* file)
{
return new Unified2(std::move(args), file);
}

5
src/file_analysis/analyzer/unified2/Unified2.h
View file

@ -20,11 +20,10 @@ public:
bool DeliverStream(const u_char* data, uint64_t len) override;
static file_analysis::Analyzer* Instantiate(zeek::IntrusivePtr<RecordVal> args,
File* file);
static file_analysis::Analyzer* Instantiate(RecordValPtr args, File* file);
protected:
Unified2(zeek::IntrusivePtr<RecordVal> args, File* file);
Unified2(RecordValPtr args, File* file);
private:
binpac::Unified2::Unified2_Analyzer* interp;

8
src/file_analysis/analyzer/unified2/unified2-analyzer.pac
View file

@ -8,7 +8,7 @@
%}
%code{
zeek::IntrusivePtr<AddrVal> binpac::Unified2::Flow::unified2_addr_to_bro_addr(std::vector<uint32_t>* a)
AddrValPtr binpac::Unified2::Flow::unified2_addr_to_bro_addr(std::vector<uint32_t>* a)
{
if ( a->size() == 1 )
{
@ -26,7 +26,7 @@ zeek::IntrusivePtr<AddrVal> binpac::Unified2::Flow::unified2_addr_to_bro_addr(st
}
}
zeek::IntrusivePtr<Val> binpac::Unified2::Flow::to_port(uint16_t n, uint8_t p)
ValPtr binpac::Unified2::Flow::to_port(uint16_t n, uint8_t p)
{
TransportProto proto = TRANSPORT_UNKNOWN;
switch ( p ) {
@ -42,8 +42,8 @@ zeek::IntrusivePtr<Val> binpac::Unified2::Flow::to_port(uint16_t n, uint8_t p)
refine flow Flow += {
%member{
zeek::IntrusivePtr<AddrVal> unified2_addr_to_bro_addr(std::vector<uint32_t>* a);
zeek::IntrusivePtr<Val> to_port(uint16_t n, uint8_t p);
AddrValPtr unified2_addr_to_bro_addr(std::vector<uint32_t>* a);
ValPtr to_port(uint16_t n, uint8_t p);
%}
%init{

16
src/file_analysis/analyzer/x509/OCSP.cc
View file

@ -113,19 +113,17 @@ static bool ocsp_add_cert_id(const OCSP_CERTID* cert_id, zeek::Args* vl, BIO* bi
return true;
}
file_analysis::Analyzer* OCSP::InstantiateRequest(zeek::IntrusivePtr<RecordVal> args,
File* file)
file_analysis::Analyzer* OCSP::InstantiateRequest(RecordValPtr args, File* file)
{
return new OCSP(std::move(args), file, true);
}
file_analysis::Analyzer* OCSP::InstantiateReply(zeek::IntrusivePtr<RecordVal> args,
File* file)
file_analysis::Analyzer* OCSP::InstantiateReply(RecordValPtr args, File* file)
{
return new OCSP(std::move(args), file, false);
}
file_analysis::OCSP::OCSP(zeek::IntrusivePtr<RecordVal> args, file_analysis::File* file,
file_analysis::OCSP::OCSP(RecordValPtr args, file_analysis::File* file,
bool arg_request)
: file_analysis::X509Common::X509Common(file_mgr->GetComponentTag("OCSP"),
std::move(args), file),
@ -211,9 +209,9 @@ typedef struct ocsp_basic_response_st {
STACK_OF(X509) *certs;
} OCSP_BASICRESP;
*/
static zeek::IntrusivePtr<StringVal> parse_basic_resp_sig_alg(OCSP_BASICRESP* basic_resp,
BIO* bio, char* buf,
size_t buf_len)
static StringValPtr parse_basic_resp_sig_alg(OCSP_BASICRESP* basic_resp,
BIO* bio, char* buf,
size_t buf_len)
{
int der_basic_resp_len = 0;
unsigned char* der_basic_resp_dat = nullptr;
@ -285,7 +283,7 @@ static zeek::IntrusivePtr<StringVal> parse_basic_resp_sig_alg(OCSP_BASICRESP* ba
return rval;
}
static zeek::IntrusivePtr<Val> parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
static ValPtr parse_basic_resp_data_version(OCSP_BASICRESP* basic_resp)
{
int der_basic_resp_len = 0;
unsigned char* der_basic_resp_dat = nullptr;

6
src/file_analysis/analyzer/x509/OCSP.h
View file

@ -18,13 +18,13 @@ public:
bool Undelivered(uint64_t offset, uint64_t len) override;
bool EndOfFile() override;
static file_analysis::Analyzer* InstantiateRequest(zeek::IntrusivePtr<RecordVal> args,
static file_analysis::Analyzer* InstantiateRequest(RecordValPtr args,
File* file);
static file_analysis::Analyzer* InstantiateReply(zeek::IntrusivePtr<RecordVal> args,
static file_analysis::Analyzer* InstantiateReply(RecordValPtr args,
File* file);
protected:
OCSP(zeek::IntrusivePtr<RecordVal> args, File* file, bool request);
OCSP(RecordValPtr args, File* file, bool request);
private:
void ParseResponse(OCSP_RESPONSE*);

16
src/file_analysis/analyzer/x509/X509.cc
View file

@ -23,7 +23,7 @@
using namespace file_analysis;
file_analysis::X509::X509(zeek::IntrusivePtr<RecordVal> args, file_analysis::File* file)
file_analysis::X509::X509(RecordValPtr args, file_analysis::File* file)
: file_analysis::X509Common::X509Common(file_mgr->GetComponentTag("X509"),
std::move(args), file)
{
@ -113,7 +113,7 @@ bool file_analysis::X509::EndOfFile()
return false;
}
zeek::IntrusivePtr<RecordVal> file_analysis::X509::ParseCertificate(X509Val* cert_val, File* f)
RecordValPtr file_analysis::X509::ParseCertificate(X509Val* cert_val, File* f)
{
::X509* ssl_cert = cert_val->GetCertificate();
@ -340,10 +340,10 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
return;
}
zeek::IntrusivePtr<VectorVal> names;
zeek::IntrusivePtr<VectorVal> emails;
zeek::IntrusivePtr<VectorVal> uris;
zeek::IntrusivePtr<VectorVal> ips;
VectorValPtr names;
VectorValPtr emails;
VectorValPtr uris;
VectorValPtr ips;
bool otherfields = false;
@ -443,7 +443,7 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
GENERAL_NAMES_free(altname);
}
zeek::IntrusivePtr<StringVal> file_analysis::X509::KeyCurve(EVP_PKEY* key)
StringValPtr file_analysis::X509::KeyCurve(EVP_PKEY* key)
{
assert(key != nullptr);
@ -543,7 +543,7 @@ X509Val::~X509Val()
X509_free(certificate);
}
zeek::IntrusivePtr<Val> X509Val::DoClone(CloneState* state)
ValPtr X509Val::DoClone(CloneState* state)
{
auto copy = zeek::make_intrusive<X509Val>();
if ( certificate )

18
src/file_analysis/analyzer/x509/X509.h
View file

@ -86,9 +86,9 @@ public:
* @param Returns the new record value and passes ownership to
* caller.
*/
static zeek::IntrusivePtr<RecordVal> ParseCertificate(X509Val* cert_val, File* file = nullptr);
static RecordValPtr ParseCertificate(X509Val* cert_val, File* file = nullptr);
static file_analysis::Analyzer* Instantiate(zeek::IntrusivePtr<RecordVal> args,
static file_analysis::Analyzer* Instantiate(RecordValPtr args,
File* file)
{ return new X509(std::move(args), file); }
@ -117,17 +117,17 @@ public:
/**
* Sets the table[string] that used as the certificate cache inside of Zeek.
*/
static void SetCertificateCache(zeek::IntrusivePtr<TableVal> cache)
static void SetCertificateCache(TableValPtr cache)
{ certificate_cache = std::move(cache); }
/**
* Sets the callback when a certificate cache hit is encountered
*/
static void SetCertificateCacheHitCallback(zeek::IntrusivePtr<Func> func)
static void SetCertificateCacheHitCallback(FuncPtr func)
{ cache_hit_callback = std::move(func); }
protected:
X509(zeek::IntrusivePtr<RecordVal> args, File* file);
X509(RecordValPtr args, File* file);
private:
void ParseBasicConstraints(X509_EXTENSION* ex);
@ -137,12 +137,12 @@ private:
std::string cert_data;
// Helpers for ParseCertificate.
static zeek::IntrusivePtr<StringVal> KeyCurve(EVP_PKEY* key);
static StringValPtr KeyCurve(EVP_PKEY* key);
static unsigned int KeyLength(EVP_PKEY *key);
/** X509 stores associated with global script-layer values */
inline static std::map<Val*, X509_STORE*> x509_stores = std::map<Val*, X509_STORE*>();
inline static zeek::IntrusivePtr<TableVal> certificate_cache = nullptr;
inline static zeek::IntrusivePtr<Func> cache_hit_callback = nullptr;
inline static TableValPtr certificate_cache = nullptr;
inline static FuncPtr cache_hit_callback = nullptr;
};
/**
@ -170,7 +170,7 @@ public:
*
* @return A cloned X509Val.
*/
zeek::IntrusivePtr<Val> DoClone(CloneState* state) override;
ValPtr DoClone(CloneState* state) override;
/**
* Destructor.

4
src/file_analysis/analyzer/x509/X509Common.cc
View file

@ -17,7 +17,7 @@
using namespace file_analysis;
X509Common::X509Common(const file_analysis::Tag& arg_tag,
zeek::IntrusivePtr<RecordVal> arg_args, File* arg_file)
RecordValPtr arg_args, File* arg_file)
: file_analysis::Analyzer(arg_tag, std::move(arg_args), arg_file)
{
}
@ -298,7 +298,7 @@ void file_analysis::X509Common::ParseExtension(X509_EXTENSION* ex, const EventHa
ParseExtensionsSpecific(ex, global, ext_asn, oid);
}
zeek::IntrusivePtr<StringVal> file_analysis::X509Common::GetExtensionFromBIO(BIO* bio, File* f)
StringValPtr file_analysis::X509Common::GetExtensionFromBIO(BIO* bio, File* f)
{
BIO_flush(bio);
ERR_clear_error();

8
src/file_analysis/analyzer/x509/X509Common.h
View file

@ -12,9 +12,11 @@
class EventHandlerPtr;
class Reporter;
class StringVal;
template <class T> class IntrusivePtr;
class StringVal;
using StringValPtr = zeek::IntrusivePtr<StringVal>;
namespace file_analysis {
class Tag;
@ -35,13 +37,13 @@ public:
*
* @return The X509 extension value.
*/
static zeek::IntrusivePtr<StringVal> GetExtensionFromBIO(BIO* bio, File* f = nullptr);
static StringValPtr GetExtensionFromBIO(BIO* bio, File* f = nullptr);
static double GetTimeFromAsn1(const ASN1_TIME* atime, File* f, Reporter* reporter);
protected:
X509Common(const file_analysis::Tag& arg_tag,
zeek::IntrusivePtr<RecordVal> arg_args, File* arg_file);
RecordValPtr arg_args, File* arg_file);
void ParseExtension(X509_EXTENSION* ex, const EventHandlerPtr& h, bool global);
void ParseSignedCertificateTimestamps(X509_EXTENSION* ext);

8
src/file_analysis/analyzer/x509/functions.bif
View file

@ -11,7 +11,7 @@
#include <openssl/err.h>
// construct an error record
static zeek::IntrusivePtr<RecordVal> x509_result_record(uint64_t num, const char* reason, zeek::IntrusivePtr<Val> chainVector = nullptr)
static RecordValPtr x509_result_record(uint64_t num, const char* reason, ValPtr chainVector = nullptr)
{
auto rrecord = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::X509::Result);
@ -215,7 +215,7 @@ function x509_get_certificate_string%(cert: opaque of x509, pem: bool &default=F
## x509_get_certificate_string x509_verify
function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_certs: table_string_of_string, verify_time: time &default=network_time()%): X509::Result
%{
zeek::IntrusivePtr<RecordVal> rval;
RecordValPtr rval;
X509_STORE* ctx = ::file_analysis::X509::GetRootStore(root_certs->AsTableVal());
if ( ! ctx )
return x509_result_record(-1, "Problem initializing root store");
@ -542,7 +542,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str
int result = X509_verify_cert(csc);
zeek::IntrusivePtr<VectorVal> chainVector;
VectorValPtr chainVector;
if ( result == 1 ) // we have a valid chain. try to get it...
{
@ -761,7 +761,7 @@ sct_verify_err:
* 1 -> issuer name
* 2 -> pubkey
*/
zeek::IntrusivePtr<StringVal> x509_entity_hash(file_analysis::X509Val *cert_handle, unsigned int hash_alg, unsigned int type)
StringValPtr x509_entity_hash(file_analysis::X509Val *cert_handle, unsigned int hash_alg, unsigned int type)
{
assert(cert_handle);