Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 15:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Reformat Zeek in Spicy style

Browse source 
This largely copies over Spicy's `.clang-format` configuration file. The
one place where we deviate is header include order since Zeek depends on
headers being included in a certain order.
This commit is contained in:
Benjamin Bannier 2023-10-10 21:13:34 +02:00
parent 7b8e7ed72c
commit f5a76c1aed
786 changed files with 131714 additions and 153609 deletions
Download patch file Download diff file Expand all files Collapse all files

501
src/Reporter.h
View file

@ -14,8 +14,7 @@
#include "zeek/ZeekList.h"
#include "zeek/net_util.h"
namespace zeek
{
namespace zeek {
class Connection;
class EventHandlerPtr;
@ -24,340 +23,314 @@ class StringVal;
class IPAddr;
class Reporter;
template <class T> class IntrusivePtr;
template<class T>
class IntrusivePtr;
using RecordValPtr = IntrusivePtr<RecordVal>;
using StringValPtr = IntrusivePtr<StringVal>;
namespace detail
{
namespace detail {
class AssertStmt;
class Location;
class Expr;
} // namespace detail
} // namespace detail
namespace analyzer
{
namespace analyzer {
class Analyzer;
}
namespace file_analysis
{
}
namespace file_analysis {
class File;
}
}
// One cannot raise this exception directly, go through the
// Reporter's methods instead.
class ReporterException
{
class ReporterException {
protected:
friend class Reporter;
ReporterException() { }
};
friend class Reporter;
ReporterException() {}
};
class InterpreterException : public ReporterException
{
class InterpreterException : public ReporterException {
protected:
friend class Reporter;
friend class detail::AssertStmt;
InterpreterException() { }
};
friend class Reporter;
friend class detail::AssertStmt;
InterpreterException() {}
};
#define FMT_ATTR __attribute__((format(printf, 2, 3))) // sic! 1st is "this" I guess.
class Reporter
{
class Reporter {
public:
using IPPair = std::pair<IPAddr, IPAddr>;
using ConnTuple = std::tuple<IPAddr, IPAddr, uint32_t, uint32_t, TransportProto>;
using WeirdCountMap = std::unordered_map<std::string, uint64_t>;
using WeirdFlowMap = std::map<IPPair, WeirdCountMap>;
using WeirdConnTupleMap = std::map<ConnTuple, WeirdCountMap>;
using WeirdSet = std::unordered_set<std::string>;
using IPPair = std::pair<IPAddr, IPAddr>;
using ConnTuple = std::tuple<IPAddr, IPAddr, uint32_t, uint32_t, TransportProto>;
using WeirdCountMap = std::unordered_map<std::string, uint64_t>;
using WeirdFlowMap = std::map<IPPair, WeirdCountMap>;
using WeirdConnTupleMap = std::map<ConnTuple, WeirdCountMap>;
using WeirdSet = std::unordered_set<std::string>;
Reporter(bool abort_on_scripting_errors);
~Reporter();
Reporter(bool abort_on_scripting_errors);
~Reporter();
// Initialize reporter-specific options that are defined in script-layer.
void InitOptions();
// Initialize reporter-specific options that are defined in script-layer.
void InitOptions();
// Report an informational message, nothing that needs specific
// attention.
void Info(const char* fmt, ...) FMT_ATTR;
// Report an informational message, nothing that needs specific
// attention.
void Info(const char* fmt, ...) FMT_ATTR;
// Report a warning that may indicate a problem.
void Warning(const char* fmt, ...) FMT_ATTR;
// Report a warning that may indicate a problem.
void Warning(const char* fmt, ...) FMT_ATTR;
// Report a non-fatal error. Processing proceeds normally after the error
// has been reported.
void Error(const char* fmt, ...) FMT_ATTR;
// Report a non-fatal error. Processing proceeds normally after the error
// has been reported.
void Error(const char* fmt, ...) FMT_ATTR;
// Returns the number of errors reported so far.
int Errors() { return errors; }
// Returns the number of errors reported so far.
int Errors() { return errors; }
// Report a fatal error. Zeek will terminate after the message has been
// reported.
[[noreturn]] void FatalError(const char* fmt, ...) FMT_ATTR;
// Report a fatal error. Zeek will terminate after the message has been
// reported.
[[noreturn]] void FatalError(const char* fmt, ...) FMT_ATTR;
// Report a fatal error. Zeek will terminate after the message has been
// reported and always generate a core dump.
[[noreturn]] void FatalErrorWithCore(const char* fmt, ...) FMT_ATTR;
// Report a fatal error. Zeek will terminate after the message has been
// reported and always generate a core dump.
[[noreturn]] void FatalErrorWithCore(const char* fmt, ...) FMT_ATTR;
// Report a runtime error in evaluating a Zeek script expression. This
// function will not return but raise an InterpreterException.
[[noreturn]] void ExprRuntimeError(const detail::Expr* expr, const char* fmt, ...)
__attribute__((format(printf, 3, 4)));
// Report a runtime error in evaluating a Zeek script expression. This
// function will not return but raise an InterpreterException.
[[noreturn]] void ExprRuntimeError(const detail::Expr* expr, const char* fmt, ...)
__attribute__((format(printf, 3, 4)));
// Report a runtime error in evaluating a Zeek script expression. This
// function will not return but raise an InterpreterException.
[[noreturn]] void RuntimeError(const detail::Location* location, const char* fmt, ...)
__attribute__((format(printf, 3, 4)));
// Report a runtime error in evaluating a Zeek script expression. This
// function will not return but raise an InterpreterException.
[[noreturn]] void RuntimeError(const detail::Location* location, const char* fmt, ...)
__attribute__((format(printf, 3, 4)));
// Report a rutnime warning in evaluating a Zeek script expression.
void ExprRuntimeWarning(const detail::Expr* expr, const char* fmt, ...)
__attribute__((format(printf, 3, 4)));
// Report a rutnime warning in evaluating a Zeek script expression.
void ExprRuntimeWarning(const detail::Expr* expr, const char* fmt, ...) __attribute__((format(printf, 3, 4)));
// Report a runtime error in executing a compiled script. This
// function will not return but raise an InterpreterException.
[[noreturn]] void CPPRuntimeError(const char* fmt, ...) __attribute__((format(printf, 2, 3)));
// Report a runtime error in executing a compiled script. This
// function will not return but raise an InterpreterException.
[[noreturn]] void CPPRuntimeError(const char* fmt, ...) __attribute__((format(printf, 2, 3)));
// Report a traffic weirdness, i.e., an unexpected protocol situation
// that may lead to incorrectly processing a connection.
void Weird(const char* name, const char* addl = "",
const char* source = ""); // Raises net_weird().
void Weird(file_analysis::File* f, const char* name, const char* addl = "",
const char* source = ""); // Raises file_weird().
void Weird(Connection* conn, const char* name, const char* addl = "",
const char* source = ""); // Raises conn_weird().
void Weird(RecordValPtr conn_id, StringValPtr uid, const char* name, const char* addl = "",
const char* source = ""); // Raises expired_conn_weird().
void Weird(const IPAddr& orig, const IPAddr& resp, const char* name, const char* addl = "",
const char* source = ""); // Raises flow_weird().
// Report a traffic weirdness, i.e., an unexpected protocol situation
// that may lead to incorrectly processing a connection.
void Weird(const char* name, const char* addl = "",
const char* source = ""); // Raises net_weird().
void Weird(file_analysis::File* f, const char* name, const char* addl = "",
const char* source = ""); // Raises file_weird().
void Weird(Connection* conn, const char* name, const char* addl = "",
const char* source = ""); // Raises conn_weird().
void Weird(RecordValPtr conn_id, StringValPtr uid, const char* name, const char* addl = "",
const char* source = ""); // Raises expired_conn_weird().
void Weird(const IPAddr& orig, const IPAddr& resp, const char* name, const char* addl = "",
const char* source = ""); // Raises flow_weird().
// Report a deprecation. The message should contain a version.
void Deprecation(std::string_view msg, const detail::Location* loc1 = nullptr,
const detail::Location* loc2 = nullptr);
// Report a deprecation. The message should contain a version.
void Deprecation(std::string_view msg, const detail::Location* loc1 = nullptr,
const detail::Location* loc2 = nullptr);
// Whether or not deprecations are logged when calling Deprecation()
void SetIgnoreDeprecations(bool arg) { ignore_deprecations = arg; }
// Whether or not deprecations are logged when calling Deprecation()
void SetIgnoreDeprecations(bool arg) { ignore_deprecations = arg; }
// Syslog a message. This methods does nothing if we're running
// offline from a trace.
void Syslog(const char* fmt, ...) FMT_ATTR;
// Syslog a message. This methods does nothing if we're running
// offline from a trace.
void Syslog(const char* fmt, ...) FMT_ATTR;
// Report about a potential internal problem. Zeek will continue
// normally.
void InternalWarning(const char* fmt, ...) FMT_ATTR;
// Report about a potential internal problem. Zeek will continue
// normally.
void InternalWarning(const char* fmt, ...) FMT_ATTR;
// Report an internal program error. Zeek will terminate with a core
// dump after the message has been reported.
[[noreturn]] void InternalError(const char* fmt, ...) FMT_ATTR;
// Report an internal program error. Zeek will terminate with a core
// dump after the message has been reported.
[[noreturn]] void InternalError(const char* fmt, ...) FMT_ATTR;
// Report an analyzer error. That analyzer will be set to not process
// any further input, but Zeek otherwise continues normally.
void AnalyzerError(analyzer::Analyzer* a, const char* fmt, ...)
__attribute__((format(printf, 3, 4)));
;
// Report an analyzer error. That analyzer will be set to not process
// any further input, but Zeek otherwise continues normally.
void AnalyzerError(analyzer::Analyzer* a, const char* fmt, ...) __attribute__((format(printf, 3, 4)));
;
// Toggle whether non-fatal messages should be reported through the
// scripting layer rather on standard output. Fatal errors are always
// reported via stderr.
void ReportViaEvents(bool arg_via_events) { via_events = arg_via_events; }
// Toggle whether non-fatal messages should be reported through the
// scripting layer rather on standard output. Fatal errors are always
// reported via stderr.
void ReportViaEvents(bool arg_via_events) { via_events = arg_via_events; }
// Associates the given location with subsequent output. We create a
// stack of location so that the most recent is always the one that
// will be assumed to be the current one. The pointer must remain
// valid until the location is popped.
void PushLocation(const detail::Location* location)
{
locations.push_back(
std::pair<const detail::Location*, const detail::Location*>(location, 0));
}
// Associates the given location with subsequent output. We create a
// stack of location so that the most recent is always the one that
// will be assumed to be the current one. The pointer must remain
// valid until the location is popped.
void PushLocation(const detail::Location* location) {
locations.push_back(std::pair<const detail::Location*, const detail::Location*>(location, 0));
}
void PushLocation(const detail::Location* loc1, const detail::Location* loc2)
{
locations.push_back(
std::pair<const detail::Location*, const detail::Location*>(loc1, loc2));
}
void PushLocation(const detail::Location* loc1, const detail::Location* loc2) {
locations.push_back(std::pair<const detail::Location*, const detail::Location*>(loc1, loc2));
}
// Removes the top-most location information from stack.
void PopLocation() { locations.pop_back(); }
// Removes the top-most location information from stack.
void PopLocation() { locations.pop_back(); }
// Signals that we're entering processing an error handler event.
void BeginErrorHandler() { ++in_error_handler; }
// Signals that we're entering processing an error handler event.
void BeginErrorHandler() { ++in_error_handler; }
// Signals that we're done processing an error handler event.
void EndErrorHandler() { --in_error_handler; }
// Signals that we're done processing an error handler event.
void EndErrorHandler() { --in_error_handler; }
/**
* Reset/cleanup state tracking for a "net" weird.
*/
void ResetNetWeird(const std::string& name);
/**
* Reset/cleanup state tracking for a "net" weird.
*/
void ResetNetWeird(const std::string& name);
/**
* Reset/cleanup state tracking for a "flow" weird.
*/
void ResetFlowWeird(const IPAddr& orig, const IPAddr& resp);
/**
* Reset/cleanup state tracking for a "flow" weird.
*/
void ResetFlowWeird(const IPAddr& orig, const IPAddr& resp);
/**
* Reset/cleanup state tracking for a "expired conn" weird.
*/
void ResetExpiredConnWeird(const ConnTuple& id);
/**
* Reset/cleanup state tracking for a "expired conn" weird.
*/
void ResetExpiredConnWeird(const ConnTuple& id);
/**
* Return the total number of weirds generated (counts weirds before
* any rate-limiting occurs).
*/
uint64_t GetWeirdCount() const { return weird_count; }
/**
* Return the total number of weirds generated (counts weirds before
* any rate-limiting occurs).
*/
uint64_t GetWeirdCount() const { return weird_count; }
/**
* Return number of weirds generated per weird type/name (counts weirds
* before any rate-limiting occurs).
*/
const WeirdCountMap& GetWeirdsByType() const { return weird_count_by_type; }
/**
* Return number of weirds generated per weird type/name (counts weirds
* before any rate-limiting occurs).
*/
const WeirdCountMap& GetWeirdsByType() const { return weird_count_by_type; }
/**
* Gets the weird sampling whitelist.
*/
const WeirdSet& GetWeirdSamplingWhitelist() const { return weird_sampling_whitelist; }
/**
* Gets the weird sampling whitelist.
*/
const WeirdSet& GetWeirdSamplingWhitelist() const { return weird_sampling_whitelist; }
/**
* Sets the weird sampling whitelist.
*
* @param weird_sampling_whitelist New weird sampling whitelist.
*/
void SetWeirdSamplingWhitelist(WeirdSet weird_sampling_whitelist)
{
this->weird_sampling_whitelist = std::move(weird_sampling_whitelist);
}
/**
* Sets the weird sampling whitelist.
*
* @param weird_sampling_whitelist New weird sampling whitelist.
*/
void SetWeirdSamplingWhitelist(WeirdSet weird_sampling_whitelist) {
this->weird_sampling_whitelist = std::move(weird_sampling_whitelist);
}
/**
* Gets the weird sampling global list.
*/
const WeirdSet& GetWeirdSamplingGlobalList() const { return weird_sampling_global_list; }
/**
* Gets the weird sampling global list.
*/
const WeirdSet& GetWeirdSamplingGlobalList() const { return weird_sampling_global_list; }
/**
* Sets the weird sampling global list.
*
* @param weird_sampling_global list New weird sampling global list.
*/
void SetWeirdSamplingGlobalList(WeirdSet weird_sampling_global_list)
{
this->weird_sampling_global_list = std::move(weird_sampling_global_list);
}
/**
* Sets the weird sampling global list.
*
* @param weird_sampling_global list New weird sampling global list.
*/
void SetWeirdSamplingGlobalList(WeirdSet weird_sampling_global_list) {
this->weird_sampling_global_list = std::move(weird_sampling_global_list);
}
/**
* Gets the current weird sampling threshold.
*
* @return weird sampling threshold.
*/
uint64_t GetWeirdSamplingThreshold() const { return weird_sampling_threshold; }
/**
* Gets the current weird sampling threshold.
*
* @return weird sampling threshold.
*/
uint64_t GetWeirdSamplingThreshold() const { return weird_sampling_threshold; }
/**
* Sets the current weird sampling threshold.
*
* @param weird_sampling_threshold New weird sampling threshold.
*/
void SetWeirdSamplingThreshold(uint64_t weird_sampling_threshold)
{
this->weird_sampling_threshold = weird_sampling_threshold;
}
/**
* Sets the current weird sampling threshold.
*
* @param weird_sampling_threshold New weird sampling threshold.
*/
void SetWeirdSamplingThreshold(uint64_t weird_sampling_threshold) {
this->weird_sampling_threshold = weird_sampling_threshold;
}
/**
* Gets the current weird sampling rate.
*
* @return weird sampling rate.
*/
uint64_t GetWeirdSamplingRate() const { return weird_sampling_rate; }
/**
* Gets the current weird sampling rate.
*
* @return weird sampling rate.
*/
uint64_t GetWeirdSamplingRate() const { return weird_sampling_rate; }
/**
* Sets the weird sampling rate.
*
* @param weird_sampling_rate New weird sampling rate.
*/
void SetWeirdSamplingRate(uint64_t weird_sampling_rate)
{
this->weird_sampling_rate = weird_sampling_rate;
}
/**
* Sets the weird sampling rate.
*
* @param weird_sampling_rate New weird sampling rate.
*/
void SetWeirdSamplingRate(uint64_t weird_sampling_rate) { this->weird_sampling_rate = weird_sampling_rate; }
/**
* Gets the current weird sampling duration.
*
* @return weird sampling duration.
*/
double GetWeirdSamplingDuration() const { return weird_sampling_duration; }
/**
* Gets the current weird sampling duration.
*
* @return weird sampling duration.
*/
double GetWeirdSamplingDuration() const { return weird_sampling_duration; }
/**
* Sets the current weird sampling duration. Please note that
* this will not delete already running timers.
*
* @param weird_sampling_duration New weird sampling duration.
*/
void SetWeirdSamplingDuration(double weird_sampling_duration)
{
this->weird_sampling_duration = weird_sampling_duration;
}
/**
* Sets the current weird sampling duration. Please note that
* this will not delete already running timers.
*
* @param weird_sampling_duration New weird sampling duration.
*/
void SetWeirdSamplingDuration(double weird_sampling_duration) {
this->weird_sampling_duration = weird_sampling_duration;
}
private:
void DoLog(const char* prefix, EventHandlerPtr event, FILE* out, Connection* conn,
ValPList* addl, bool location, bool time, const char* postfix, const char* fmt,
va_list ap) __attribute__((format(printf, 10, 0)));
void DoLog(const char* prefix, EventHandlerPtr event, FILE* out, Connection* conn, ValPList* addl, bool location,
bool time, const char* postfix, const char* fmt, va_list ap) __attribute__((format(printf, 10, 0)));
// WeirdHelper doesn't really have to be variadic, but it calls DoLog
// and that takes va_list anyway.
void WeirdHelper(EventHandlerPtr event, ValPList vl, const char* fmt_name, ...)
__attribute__((format(printf, 4, 5)));
;
void UpdateWeirdStats(const char* name);
inline bool WeirdOnSamplingWhiteList(const char* name)
{
return weird_sampling_whitelist.find(name) != weird_sampling_whitelist.end();
}
inline bool WeirdOnGlobalList(const char* name)
{
return weird_sampling_global_list.find(name) != weird_sampling_global_list.end();
}
bool PermitNetWeird(const char* name);
bool PermitFlowWeird(const char* name, const IPAddr& o, const IPAddr& r);
bool PermitExpiredConnWeird(const char* name, const RecordVal& conn_id);
// WeirdHelper doesn't really have to be variadic, but it calls DoLog
// and that takes va_list anyway.
void WeirdHelper(EventHandlerPtr event, ValPList vl, const char* fmt_name, ...)
__attribute__((format(printf, 4, 5)));
;
void UpdateWeirdStats(const char* name);
inline bool WeirdOnSamplingWhiteList(const char* name) {
return weird_sampling_whitelist.find(name) != weird_sampling_whitelist.end();
}
inline bool WeirdOnGlobalList(const char* name) {
return weird_sampling_global_list.find(name) != weird_sampling_global_list.end();
}
bool PermitNetWeird(const char* name);
bool PermitFlowWeird(const char* name, const IPAddr& o, const IPAddr& r);
bool PermitExpiredConnWeird(const char* name, const RecordVal& conn_id);
enum class PermitWeird
{
Allow,
Deny,
Unknown
};
PermitWeird CheckGlobalWeirdLists(const char* name);
enum class PermitWeird { Allow, Deny, Unknown };
PermitWeird CheckGlobalWeirdLists(const char* name);
bool EmitToStderr(bool flag);
bool EmitToStderr(bool flag);
int errors;
bool via_events;
bool syslog_open;
int in_error_handler;
bool info_to_stderr;
bool warnings_to_stderr;
bool errors_to_stderr;
bool abort_on_scripting_errors = false;
int errors;
bool via_events;
bool syslog_open;
int in_error_handler;
bool info_to_stderr;
bool warnings_to_stderr;
bool errors_to_stderr;
bool abort_on_scripting_errors = false;
std::list<std::pair<const detail::Location*, const detail::Location*>> locations;
std::list<std::pair<const detail::Location*, const detail::Location*>> locations;
uint64_t weird_count;
WeirdCountMap weird_count_by_type;
WeirdCountMap net_weird_state;
WeirdFlowMap flow_weird_state;
WeirdConnTupleMap expired_conn_weird_state;
uint64_t weird_count;
WeirdCountMap weird_count_by_type;
WeirdCountMap net_weird_state;
WeirdFlowMap flow_weird_state;
WeirdConnTupleMap expired_conn_weird_state;
WeirdSet weird_sampling_whitelist;
WeirdSet weird_sampling_global_list;
uint64_t weird_sampling_threshold;
uint64_t weird_sampling_rate;
double weird_sampling_duration;
WeirdSet weird_sampling_whitelist;
WeirdSet weird_sampling_global_list;
uint64_t weird_sampling_threshold;
uint64_t weird_sampling_rate;
double weird_sampling_duration;
bool ignore_deprecations;
};
bool ignore_deprecations;
};
extern Reporter* reporter;
} // namespace zeek
} // namespace zeek