##! Internal functions and types used by the logging framework.

module FileAnalysis;

%%{
#include "file_analysis/Manager.h"
%%}

type AnalyzerArgs: record;

## An enumeration of various file analysis actions that can be taken.
enum Analyzer %{

	## Extract a file to local filesystem
	ANALYZER_EXTRACT,

	## Calculate an MD5 digest of the file's contents.
	ANALYZER_MD5,

	## Calculate an SHA1 digest of the file's contents.
	ANALYZER_SHA1,

	## Calculate an SHA256 digest of the file's contents.
	ANALYZER_SHA256,

	## Deliver the file contents to the script-layer in an event.
	ANALYZER_DATA_EVENT,
%}

## :bro:see:`FileAnalysis::postpone_timeout`.
function FileAnalysis::__postpone_timeout%(file_id: string%): bool
	%{
	using file_analysis::FileID;
	bool result = file_mgr->PostponeTimeout(FileID(file_id->CheckString()));
	return new Val(result, TYPE_BOOL);
	%}

## :bro:see:`FileAnalysis::set_timeout_interval`.
function FileAnalysis::__set_timeout_interval%(file_id: string, t: interval%): bool
	%{
	using file_analysis::FileID;
	bool result = file_mgr->SetTimeoutInterval(FileID(file_id->CheckString()),
	                                           t);
	return new Val(result, TYPE_BOOL);
	%}

## :bro:see:`FileAnalysis::add_analyzer`.
function FileAnalysis::__add_analyzer%(file_id: string, args: any%): bool
	%{
	using file_analysis::FileID;
	using BifType::Record::FileAnalysis::AnalyzerArgs;
	RecordVal* rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs);
	bool result = file_mgr->AddAnalyzer(FileID(file_id->CheckString()), rv);
	Unref(rv);
	return new Val(result, TYPE_BOOL);
	%}

## :bro:see:`FileAnalysis::remove_analyzer`.
function FileAnalysis::__remove_analyzer%(file_id: string, args: any%): bool
	%{
	using file_analysis::FileID;
	using BifType::Record::FileAnalysis::AnalyzerArgs;
	RecordVal* rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs);
	bool result = file_mgr->RemoveAnalyzer(FileID(file_id->CheckString()), rv);
	Unref(rv);
	return new Val(result, TYPE_BOOL);
	%}

## :bro:see:`FileAnalysis::stop`.
function FileAnalysis::__stop%(file_id: string%): bool
	%{
	using file_analysis::FileID;
	bool result = file_mgr->IgnoreFile(FileID(file_id->CheckString()));
	return new Val(result, TYPE_BOOL);
	%}

## :bro:see:`FileAnalysis::data_stream`.
function FileAnalysis::__data_stream%(source: string, data: string%): any
	%{
	file_mgr->DataIn(data->Bytes(), data->Len(), source->CheckString());
	return 0;
	%}

## :bro:see:`FileAnalysis::data_chunk`.
function FileAnalysis::__data_chunk%(source: string, data: string,
                                     offset: count%): any
	%{
	file_mgr->DataIn(data->Bytes(), data->Len(), offset, source->CheckString());
	return 0;
	%}

## :bro:see:`FileAnalysis::gap`.
function FileAnalysis::__gap%(source: string, offset: count, len: count%): any
	%{
	file_mgr->Gap(offset, len, source->CheckString());
	return 0;
	%}

## :bro:see:`FileAnalysis::set_size`.
function FileAnalysis::__set_size%(source: string, size: count%): any
	%{
	file_mgr->SetSize(size, source->CheckString());
	return 0;
	%}

## :bro:see:`FileAnalysis::eof`.
function FileAnalysis::__eof%(source: string%): any
	%{
	file_mgr->EndOfFile(source->CheckString());
	return 0;
	%}

module GLOBAL;

## For use within a :bro:see:`get_file_handle` handler to set a unique
## identifier to associate with the current input to the file analysis
## framework.  Using an empty string for the handle signifies that the
## input will be ignored/discarded.
##
## handle: A string that uniquely identifies a file.
##
## .. bro:see:: get_file_handle
function set_file_handle%(handle: string%): any
	%{
	file_mgr->SetHandle(handle->CheckString());
	return 0;
	%}