Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 16:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/src/file_analysis/analyzer/x509/X509Common.h
Jon Siwek 995368e68c Remove variable content from weird names 
This changes many weird names to move non-static content from the
weird name into the "addl" field to help ensure the total number of
weird names is reasonably bounded.  Note the net_weird and flow_weird
events do not have an "addl" parameter, so information may no longer
be available in those cases -- to make it available again we'd need
to either (1) define new events that contain such a parameter, or
(2) change net_weird/flow_weird event signature (which is a breaking
change for user-code at the moment).

Also, the generic handling of binpac exceptions for analyzers which
to not otherwise catch and handle them has been changed from a Weird
to a ProtocolViolation.

Finally, a new "file_weird" event has been added for reporting
weirdness found during file analysis.
2019-04-01 18:30:11 -07:00

46 lines
1.3 KiB
C++
Raw Blame History

// See the file "COPYING" in the main distribution directory for copyright.
// Common base class for the X509 and OCSP analyzer, which share a fair amount of
// code
#ifndef FILE_ANALYSIS_X509_COMMON
#define FILE_ANALYSIS_X509_COMMON
#include "file_analysis/File.h"
#include "Analyzer.h"
#include <openssl/x509.h>
#include <openssl/asn1.h>
namespace file_analysis {
class X509Common : public file_analysis::Analyzer {
public:
~X509Common() override {};
/**
* Retrieve an X509 extension value from an OpenSSL BIO to which it was
* written.
*
* @param bio the OpenSSL BIO to read. It will be freed by the function,
* including when an error occurs.
*
* @param f an associated file, if any (used for error reporting).
*
* @return The X509 extension value.
*/
static StringVal* GetExtensionFromBIO(BIO* bio, File* f = 0);
static double GetTimeFromAsn1(const ASN1_TIME* atime, File* f, Reporter* reporter);
protected:
X509Common(file_analysis::Tag arg_tag, RecordVal* arg_args, File* arg_file);
void ParseExtension(X509_EXTENSION* ex, EventHandlerPtr h, bool global);
void ParseSignedCertificateTimestamps(X509_EXTENSION* ext);
virtual void ParseExtensionsSpecific(X509_EXTENSION* ex, bool, ASN1_OBJECT*, const char*) = 0;
};
}
#endif /* FILE_ANALYSIS_X509_COMMON */
Reference in a new issue View git blame Copy permalink