From: Eric Leblond <eric@regit.org>
Date: Tue, 28 Apr 2015 11:23:23 +0000 (+0200)
Subject: email-json: export md5sum of body
X-Git-Tag: suricata-3.0RC1~126
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ea311c159424a8a76e2b76875f65e38737e1bc6c;p=thirdparty%2Fsuricata.git

email-json: export md5sum of body

The body_md5 has been added and contain the value of the md5sum
of the body.

This patch is using the state PARSE_DONE on the MIME state to
detect when a message has been completely parsed.
---

diff --git a/src/output-json-email-common.c b/src/output-json-email-common.c
index de8e2568b1..17d4b0ec00 100644
--- a/src/output-json-email-common.c
+++ b/src/output-json-email-common.c
@@ -90,6 +90,20 @@ TmEcode JsonEmailLogJson(JsonEmailLogThread *aft, json_t *js, const Packet *p, F
             SCReturnInt(TM_ECODE_FAILED);
         }
 
+#ifdef HAVE_NSS
+        if (mime_state->md5_ctx && (mime_state->state_flag == PARSE_DONE)) {
+            size_t x;
+            int i;
+            char s[256];
+            if (likely(s != NULL)) {
+                for (i = 0, x = 0; x < sizeof(mime_state->md5); x++) {
+                    i += snprintf(s + i, 255-i, "%02x", mime_state->md5[x]);
+                }
+                json_object_set_new(sjs, "body_md5", json_string(s));
+            }
+        }
+#endif
+
         if ((entity->header_flags & HDR_IS_LOGGED) == 0) {
             MimeDecField *field;
             //printf("email LOG\n");