zeek/testing/btest/plugins/file-plugin/src/Foo.cc

#include "Foo.h"

#include <zeek/file_analysis/File.h>
#include <zeek/file_analysis/Manager.h>
#include <algorithm>

#include "events.bif.h"

using namespace btest::plugin::Demo_Foo;

Foo::Foo(zeek::RecordValPtr args, zeek::file_analysis::File* file)
	: zeek::file_analysis::Analyzer(zeek::file_mgr->GetComponentTag("FOO"), std::move(args), file)
	{
	}

zeek::file_analysis::Analyzer* Foo::Instantiate(zeek::RecordValPtr args,
                                                zeek::file_analysis::File* file)
	{
	return new Foo(std::move(args), file);
	}

bool Foo::DeliverStream(const u_char* data, uint64_t len)
	{
	static int i = 0;
	AnalyzerConfirmation();
	zeek::event_mgr.Enqueue(foo_piece, GetFile()->ToVal(),
	                        zeek::make_intrusive<zeek::StringVal>(new zeek::String(data, len, 0)));
	if ( ++i % 5 == 0 )
		{
		uint64_t threshold = 16;
		AnalyzerViolation(zeek::util::fmt("test violation %d", i),
		                  reinterpret_cast<const char*>(data), std::min(len, threshold));
		}

	return true;
	}