mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
114 lines
3.3 KiB
C++
114 lines
3.3 KiB
C++
##! Internal functions and types used by the file analysis framework.
|
|
|
|
module Files;
|
|
|
|
%%{
|
|
#include "file_analysis/Manager.h"
|
|
#include "file_analysis/File.h"
|
|
#include "Reporter.h"
|
|
%%}
|
|
|
|
type AnalyzerArgs: record;
|
|
|
|
## :zeek:see:`Files::set_timeout_interval`.
|
|
function Files::__set_timeout_interval%(file_id: string, t: interval%): bool
|
|
%{
|
|
bool result = file_mgr->SetTimeoutInterval(file_id->CheckString(), t);
|
|
return val_mgr->Bool(result);
|
|
%}
|
|
|
|
## :zeek:see:`Files::enable_reassembly`.
|
|
function Files::__enable_reassembly%(file_id: string%): bool
|
|
%{
|
|
bool result = file_mgr->EnableReassembly(file_id->CheckString());
|
|
return val_mgr->Bool(result);
|
|
%}
|
|
|
|
## :zeek:see:`Files::disable_reassembly`.
|
|
function Files::__disable_reassembly%(file_id: string%): bool
|
|
%{
|
|
bool result = file_mgr->DisableReassembly(file_id->CheckString());
|
|
return val_mgr->Bool(result);
|
|
%}
|
|
|
|
## :zeek:see:`Files::set_reassembly_buffer_size`.
|
|
function Files::__set_reassembly_buffer%(file_id: string, max: count%): bool
|
|
%{
|
|
bool result = file_mgr->SetReassemblyBuffer(file_id->CheckString(), max);
|
|
return val_mgr->Bool(result);
|
|
%}
|
|
|
|
## :zeek:see:`Files::add_analyzer`.
|
|
function Files::__add_analyzer%(file_id: string, tag: Files::Tag, args: any%): bool
|
|
%{
|
|
using BifType::Record::Files::AnalyzerArgs;
|
|
auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs);
|
|
bool result = file_mgr->AddAnalyzer(file_id->CheckString(),
|
|
file_mgr->GetComponentTag(tag), rv.get());
|
|
return val_mgr->Bool(result);
|
|
%}
|
|
|
|
## :zeek:see:`Files::remove_analyzer`.
|
|
function Files::__remove_analyzer%(file_id: string, tag: Files::Tag, args: any%): bool
|
|
%{
|
|
using BifType::Record::Files::AnalyzerArgs;
|
|
auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs);
|
|
bool result = file_mgr->RemoveAnalyzer(file_id->CheckString(),
|
|
file_mgr->GetComponentTag(tag) , rv.get());
|
|
return val_mgr->Bool(result);
|
|
%}
|
|
|
|
## :zeek:see:`Files::stop`.
|
|
function Files::__stop%(file_id: string%): bool
|
|
%{
|
|
bool result = file_mgr->IgnoreFile(file_id->CheckString());
|
|
return val_mgr->Bool(result);
|
|
%}
|
|
|
|
## :zeek:see:`Files::analyzer_name`.
|
|
function Files::__analyzer_name%(tag: Files::Tag%) : string
|
|
%{
|
|
return make_intrusive<StringVal>(file_mgr->GetComponentName(tag));
|
|
%}
|
|
|
|
## :zeek:see:`Files::file_exists`.
|
|
function Files::__file_exists%(fuid: string%): bool
|
|
%{
|
|
if ( file_mgr->LookupFile(fuid->CheckString()) != nullptr )
|
|
return val_mgr->True();
|
|
else
|
|
return val_mgr->False();
|
|
%}
|
|
|
|
## :zeek:see:`Files::lookup_file`.
|
|
function Files::__lookup_file%(fuid: string%): fa_file
|
|
%{
|
|
auto f = file_mgr->LookupFile(fuid->CheckString());
|
|
if ( f != nullptr )
|
|
{
|
|
return IntrusivePtr{NewRef{}, f->GetVal()};
|
|
}
|
|
|
|
reporter->Error("file ID %s not a known file", fuid->CheckString());
|
|
return nullptr;
|
|
%}
|
|
|
|
module GLOBAL;
|
|
|
|
## For use within a :zeek:see:`get_file_handle` handler to set a unique
|
|
## identifier to associate with the current input to the file analysis
|
|
## framework. Using an empty string for the handle signifies that the
|
|
## input will be ignored/discarded.
|
|
##
|
|
## handle: A string that uniquely identifies a file.
|
|
##
|
|
## .. zeek:see:: get_file_handle
|
|
function set_file_handle%(handle: string%): any
|
|
%{
|
|
auto bytes = reinterpret_cast<const char*>(handle->Bytes());
|
|
auto h = std::string(bytes, handle->Len());
|
|
file_mgr->SetHandle(h);
|
|
return nullptr;
|
|
%}
|
|
|
|
const Files::salt: string;
|