jb_set_string(js, "app_proto", AppProtoToString(p->flow->alproto));
- /* Open the fileinfo object. */
- jb_open_object(js, "fileinfo");
-
- size_t filename_size = ff->name_len * 2 + 1;
- char filename_string[filename_size];
- BytesToStringBuffer(ff->name, ff->name_len, filename_string, filename_size);
- jb_set_string(js, "filename", filename_string);
-
- jb_open_array(js, "sid");
- for (uint32_t i = 0; ff->sid != NULL && i < ff->sid_cnt; i++) {
- jb_append_uint(js, ff->sid[i]);
- }
- jb_close(js);
-
-#ifdef HAVE_MAGIC
- if (ff->magic)
- jb_set_string(js, "magic", (char *)ff->magic);
-#endif
- jb_set_bool(js, "gaps", ff->flags & FILE_HAS_GAPS);
- switch (ff->state) {
- case FILE_STATE_CLOSED:
- jb_set_string(js, "state", "CLOSED");
-#ifdef HAVE_NSS
- if (ff->flags & FILE_MD5) {
- size_t x;
- int i;
- char str[256];
- for (i = 0, x = 0; x < sizeof(ff->md5); x++) {
- i += snprintf(&str[i], 255-i, "%02x", ff->md5[x]);
- }
- jb_set_string(js, "md5", str);
- }
- if (ff->flags & FILE_SHA1) {
- size_t x;
- int i;
- char str[256];
- for (i = 0, x = 0; x < sizeof(ff->sha1); x++) {
- i += snprintf(&str[i], 255-i, "%02x", ff->sha1[x]);
- }
- jb_set_string(js, "sha1", str);
- }
-#endif
- break;
- case FILE_STATE_TRUNCATED:
- JB_SET_STRING(js, "state", "TRUNCATED");
- break;
- case FILE_STATE_ERROR:
- JB_SET_STRING(js, "state", "ERROR");
- break;
- default:
- JB_SET_STRING(js, "state", "UNKNOWN");
- break;
- }
-
-#ifdef HAVE_NSS
- if (ff->flags & FILE_SHA256) {
- size_t x;
- int i;
- char str[256];
- for (i = 0, x = 0; x < sizeof(ff->sha256); x++) {
- i += snprintf(&str[i], 255-i, "%02x", ff->sha256[x]);
- }
- jb_set_string(js, "sha256", str);
- }
-#endif
-
- jb_set_bool(js, "stored", stored ? true : false);
- if (ff->flags & FILE_STORED) {
- jb_set_uint(js, "file_id", ff->file_store_id);
- }
- jb_set_uint(js, "size", FileTrackedSize(ff));
- if (ff->end > 0) {
- jb_set_uint(js, "start", ff->start);
- jb_set_uint(js, "end", ff->end);
- }
- jb_set_uint(js, "tx_id", ff->txid);
-
- /* Close fileinfo object */
- jb_close(js);
+ JsonFileInfo(js, ff, stored);
/* xff header */
if (have_xff_ip && xff_cfg->flags & XFF_EXTRADATA) {
return SCJsonString(tmpbuf);
}
+void JsonFileInfo(JsonBuilder *js, const File *ff, const bool stored)
+{
+ /* Open the fileinfo object. */
+ jb_open_object(js, "fileinfo");
+
+ size_t filename_size = ff->name_len * 2 + 1;
+ char filename_string[filename_size];
+ BytesToStringBuffer(ff->name, ff->name_len, filename_string, filename_size);
+ jb_set_string(js, "filename", filename_string);
+
+ jb_open_array(js, "sid");
+ for (uint32_t i = 0; ff->sid != NULL && i < ff->sid_cnt; i++) {
+ jb_append_uint(js, ff->sid[i]);
+ }
+ jb_close(js);
+
+#ifdef HAVE_MAGIC
+ if (ff->magic)
+ jb_set_string(js, "magic", (char *)ff->magic);
+#endif
+ jb_set_bool(js, "gaps", ff->flags & FILE_HAS_GAPS);
+ switch (ff->state) {
+ case FILE_STATE_CLOSED:
+ jb_set_string(js, "state", "CLOSED");
+#ifdef HAVE_NSS
+ if (ff->flags & FILE_MD5) {
+ size_t x;
+ int i;
+ char str[256];
+ for (i = 0, x = 0; x < sizeof(ff->md5); x++) {
+ i += snprintf(&str[i], 255-i, "%02x", ff->md5[x]);
+ }
+ jb_set_string(js, "md5", str);
+ }
+ if (ff->flags & FILE_SHA1) {
+ size_t x;
+ int i;
+ char str[256];
+ for (i = 0, x = 0; x < sizeof(ff->sha1); x++) {
+ i += snprintf(&str[i], 255-i, "%02x", ff->sha1[x]);
+ }
+ jb_set_string(js, "sha1", str);
+ }
+#endif
+ break;
+ case FILE_STATE_TRUNCATED:
+ JB_SET_STRING(js, "state", "TRUNCATED");
+ break;
+ case FILE_STATE_ERROR:
+ JB_SET_STRING(js, "state", "ERROR");
+ break;
+ default:
+ JB_SET_STRING(js, "state", "UNKNOWN");
+ break;
+ }
+
+#ifdef HAVE_NSS
+ if (ff->flags & FILE_SHA256) {
+ size_t x;
+ int i;
+ char str[256];
+ for (i = 0, x = 0; x < sizeof(ff->sha256); x++) {
+ i += snprintf(&str[i], 255-i, "%02x", ff->sha256[x]);
+ }
+ jb_set_string(js, "sha256", str);
+ }
+#endif
+
+ if (stored) {
+ jb_set_bool(js, "stored", true);
+ jb_set_uint(js, "file_id", ff->file_store_id);
+ } else {
+ jb_set_bool(js, "stored", false);
+ }
+
+ jb_set_uint(js, "size", FileTrackedSize(ff));
+ if (ff->end > 0) {
+ jb_set_uint(js, "start", ff->start);
+ jb_set_uint(js, "end", ff->end);
+ }
+ jb_set_uint(js, "tx_id", ff->txid);
+
+ /* Close fileinfo object */
+ jb_close(js);
+}
+
static void JsonAddPacketvars(const Packet *p, json_t *js_vars)
{
if (p == NULL || p->pktvar == NULL) {
void CreateJSONFlowId(json_t *js, const Flow *f);
void CreateEveFlowId(JsonBuilder *js, const Flow *f);
void JsonTcpFlags(uint8_t flags, json_t *js);
+void JsonFileInfo(JsonBuilder *js, const File *file, const bool stored);
void EveTcpFlags(uint8_t flags, JsonBuilder *js);
void JsonPacket(const Packet *p, json_t *js, unsigned long max_length);
void EvePacket(const Packet *p, JsonBuilder *js, unsigned long max_length);
projects / thirdparty / suricata.git / commitdiff
