eve/fileinfo: split record creation from writing

Split the building of the fileinfo record from the writing of the record so the building can be called from other code. Specifically the new filestore output which uses fileinfo records as the metadata.
8 years ago · 59bb98afcc
parent c8b6212a97
commit 59bb98afcc
2 changed files with 34 additions and 30 deletions
--- a/src/output-json-file.c
+++ b/src/output-json-file.c
@ -78,19 +78,12 @@ typedef struct JsonFileLogThread_ {
    MemBuffer *buffer;
 } JsonFileLogThread;
-/**
+json_t *JsonBuildFileInfoRecord(const Packet *p, const File *ff)
 *  \internal
 *  \brief Write meta data on a single line json record
 */
 static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const File *ff)
 {
    json_t *js = CreateJSONHeader((Packet *)p, 0, "fileinfo"); //TODO const
    json_t *hjs = NULL;
    if (unlikely(js == NULL))
-        return;
+        return NULL;
    /* reset */
    MemBufferReset(aft->buffer);
    switch (p->flow->alproto) {
        case ALPROTO_HTTP:
@ -124,7 +117,7 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const F
    json_t *fjs = json_object();
    if (unlikely(fjs == NULL)) {
        json_decref(js);
-        return;
+        return NULL;
    }
    char *s = BytesToString(ff->name, ff->name_len);
@ -158,15 +151,6 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const F
                }
                json_object_set_new(fjs, "sha1", json_string(str));
            }
            if (ff->flags & FILE_SHA256) {
                size_t x;
                int i;
                char str[256];
                for (i = 0, x = 0; x < sizeof(ff->sha256); x++) {
                    i += snprintf(&str[i], 255-i, "%02x", ff->sha256[x]);
                }
                json_object_set_new(fjs, "sha256", json_string(str));
            }
 #endif
            break;
        case FILE_STATE_TRUNCATED:
@ -179,6 +163,19 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const F
            json_object_set_new(fjs, "state", json_string("UNKNOWN"));
            break;
    }
 #ifdef HAVE_NSS
    if (ff->flags & FILE_SHA256) {
        size_t x;
        int i;
        char str[256];
        for (i = 0, x = 0; x < sizeof(ff->sha256); x++) {
            i += snprintf(&str[i], 255-i, "%02x", ff->sha256[x]);
        }
        json_object_set_new(fjs, "sha256", json_string(str));
    }
 #endif
    json_object_set_new(fjs, "stored",
                        (ff->flags & FILE_STORED) ? json_true() : json_false());
    if (ff->flags & FILE_STORED) {
@ -189,20 +186,23 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const F
    /* originally just 'file', but due to bug 1127 naming it fileinfo */
    json_object_set_new(js, "fileinfo", fjs);
    OutputJSONBuffer(js, aft->filelog_ctx->file_ctx, &aft->buffer);
    json_object_del(js, "fileinfo");
-    switch (p->flow->alproto) {
+    return js;
-        case ALPROTO_HTTP:
+}
-            json_object_del(js, "http");
+
-            break;
+/**
-        case ALPROTO_SMTP:
+ *  \internal
-            json_object_del(js, "smtp");
+ *  \brief Write meta data on a single line json record
-            json_object_del(js, "email");
+ */
-            break;
+static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const File *ff)
 {
    json_t *js = JsonBuildFileInfoRecord(p, ff);
    if (unlikely(js == NULL)) {
        return;
    }
-    json_object_clear(js);
+    MemBufferReset(aft->buffer);
    OutputJSONBuffer(js, aft->filelog_ctx->file_ctx, &aft->buffer);
    json_decref(js);
 }
--- a/src/output-json-file.h
+++ b/src/output-json-file.h
@ -26,4 +26,8 @@
 void JsonFileLogRegister(void);
 #ifdef HAVE_LIBJANSSON
 json_t *JsonBuildFileInfoRecord(const Packet *p, const File *ff);
 #endif
 #endif /* __OUTPUT_JSON_FILE_H__ */