Merge branch 'master' into topic/jsiwek/faf-cleanup

Conflicts: scripts/base/protocols/ftp/file-analysis.bro scripts/base/protocols/http/file-analysis.bro scripts/base/protocols/irc/file-analysis.bro scripts/base/protocols/smtp/file-analysis.bro src/file_analysis/File.cc src/file_analysis/File.h src/file_analysis/Manager.cc src/file_analysis/Manager.h testing/btest/Baseline/scripts.base.frameworks.file-analysis.logging/file_analysis.log testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-0.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-1.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-2.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-3.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-BTsa70Ua9x7-1.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-BTsa70Ua9x7.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-Rqjkzoroau4-0.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-Rqjkzoroau4.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-VLQvJybrm38-2.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-VLQvJybrm38.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-zrfwSs9K1yk-3.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-zrfwSs9K1yk.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp.log testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http-item-BFymS6bFgT3-0.dat testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http-item-BFymS6bFgT3.dat testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http-item.dat testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http.log testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc-dcc-item-wqKMAamJVSb-0.dat testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc-dcc-item-wqKMAamJVSb.dat testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc-dcc-item.dat testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-0.dat testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-1.dat testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-Ltd7QO7jEv3-1.dat testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-Ltd7QO7jEv3.dat testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-cwR7l6Zctxb-0.dat testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-cwR7l6Zctxb.dat testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log testing/btest/scripts/base/protocols/ftp/ftp-extract.bro testing/btest/scripts/base/protocols/http/http-extract-files.bro testing/btest/scripts/base/protocols/irc/dcc-extract.test testing/btest/scripts/base/protocols/smtp/mime-extract.test
2025-10-02 06:38:20 +00:00 · 2013-06-07 15:44:36 -05:00 · 2013-06-07 15:44:36 -05:00 · f2574636b6
commit f2574636b6
parent 9c86a3ee0e 203df4fa6b
517 changed files with 15571 additions and 12637 deletions
--- a/testing/scripts/diff-canonifier-external
+++ b/testing/scripts/diff-canonifier-external
@ -4,6 +4,7 @@

 `dirname $0`/diff-remove-timestamps \
    | `dirname $0`/diff-remove-uids \
+    | `dirname $0`/diff-remove-file-ids \
    | `dirname $0`/diff-remove-x509-names \
    | `dirname $0`/diff-canon-notice-policy \
    | `dirname $0`/diff-sort
--- a/testing/scripts/diff-remove-file-ids
+++ b/testing/scripts/diff-remove-file-ids
@ -0,0 +1,33 @@
+#! /usr/bin/awk -f
+#
+# A diff canonifier that removes all file IDs from file_analysis.log
+
+BEGIN {
+    FS="\t";
+    OFS="\t";
+    process = 0;
+    }
+
+$1 == "#path" && $2 == "file_analysis" {
+    process = 1;
+    }
+
+process && column1 > 0 && column2 > 0 {
+    $column1 = "XXXXXXXXXXX";
+    $column2 = "XXXXXXXXXXX";
+    }
+
+/^#/ {
+    for ( i = 0; i < NF; ++i ) {
+        if ( $i == "id" )
+            column1 = i - 1;
+
+        if ( $i == "parent_id" )
+            column2 = i - 1;
+        }
+    }
+
+{ print }
+
+
+
--- a/testing/scripts/file-analysis-test.bro
+++ b/testing/scripts/file-analysis-test.bro
@ -8,23 +8,35 @@ global test_get_file_name: function(f: fa_file): string =

 global test_print_file_data_events: bool = F &redef;

+global file_count: count = 0;
+
+global file_map: table[string] of count;
+
+function canonical_file_name(f: fa_file): string
+	{
+	return fmt("file #%d", file_map[f$id]);
+	}
+
 event file_chunk(f: fa_file, data: string, off: count)
 	{
 	if ( test_print_file_data_events )
-		print "file_chunk", f$id, |data|, off, data;
+		print "file_chunk", canonical_file_name(f), |data|, off, data;
 	}

 event file_stream(f: fa_file, data: string)
 	{
 	if ( test_print_file_data_events )
-		print "file_stream", f$id, |data|, data;
+		print "file_stream", canonical_file_name(f), |data|, data;
 	}

 event file_new(f: fa_file)
 	{
 	print "FILE_NEW";

-	print f$id, f$seen_bytes, f$missing_bytes;
+	file_map[f$id] = file_count;
+	++file_count;
+
+	print canonical_file_name(f), f$seen_bytes, f$missing_bytes;

 	if ( test_file_analysis_source == "" ||
 	     f$source == test_file_analysis_source )
@ -72,7 +84,7 @@ event file_gap(f: fa_file, offset: count, len: count)
 event file_state_remove(f: fa_file)
 	{
 	print "FILE_STATE_REMOVE";
-	print f$id, f$seen_bytes, f$missing_bytes;
+	print canonical_file_name(f), f$seen_bytes, f$missing_bytes;
 	if ( f?$conns )
 		for ( cid in f$conns )
 			print cid;