mirror of
https://github.com/zeek/zeek.git
synced 2025-10-14 20:48:21 +00:00
ea01a1be30
The Plugin.cc file is now just a standard class, with the interface changed a bit to make it more easy to write. However, there're still some conventions that one must follow to make everything work (like using the right namespace structure). This commit also includes the option to compile built-in plugins dynamically instead of statically by adding SET(BRO_PLUGIN_BUILD_DYNAMIC TRUE) to their CMake config. This hasn't been tested much yet, and I'm still undecided if it's somethign we would want to do by default--but we could now if wanted. :) Also some minor other cleanup of plugin APIs and built infrastructure. All tested on MacOS only currently.
56 lines
1.5 KiB
Text
56 lines
1.5 KiB
Text
|
|
%%{
|
|
#include "analyzer/protocol/http/HTTP.h"
|
|
%%}
|
|
|
|
## Skips the data of the HTTP entity.
|
|
##
|
|
## c: The HTTP connection.
|
|
##
|
|
## is_orig: If true, the client data is skipped, and the server data otherwise.
|
|
##
|
|
## .. bro:see:: skip_smtp_data
|
|
function skip_http_entity_data%(c: connection, is_orig: bool%): any
|
|
%{
|
|
analyzer::ID id = mgr.CurrentAnalyzer();
|
|
if ( id )
|
|
{
|
|
analyzer::Analyzer* ha = c->FindAnalyzer(id);
|
|
|
|
if ( ha )
|
|
{
|
|
if ( ha->IsAnalyzer("HTTP") )
|
|
static_cast<analyzer::http::HTTP_Analyzer*>(ha)->SkipEntityData(is_orig);
|
|
else
|
|
reporter->Error("non-HTTP analyzer associated with connection record");
|
|
}
|
|
else
|
|
reporter->Error("could not find analyzer for skip_http_entity_data");
|
|
|
|
}
|
|
else
|
|
reporter->Error("no analyzer associated with connection record");
|
|
|
|
return 0;
|
|
%}
|
|
|
|
## Unescapes all characters in a URI (decode every ``%xx`` group).
|
|
##
|
|
## URI: The URI to unescape.
|
|
##
|
|
## Returns: The unescaped URI with all ``%xx`` groups decoded.
|
|
##
|
|
## .. note::
|
|
##
|
|
## Unescaping reserved characters may cause loss of information.
|
|
## :rfc:`2396`: A URI is always in an "escaped" form, since escaping or
|
|
## unescaping a completed URI might change its semantics. Normally, the
|
|
## only time escape encodings can safely be made is when the URI is
|
|
## being created from its component parts.
|
|
function unescape_URI%(URI: string%): string
|
|
%{
|
|
const u_char* line = URI->Bytes();
|
|
const u_char* const line_end = line + URI->Len();
|
|
|
|
return new StringVal(analyzer::http::unescape_URI(line, line_end, 0));
|
|
%}
|