search

simsong / bulk_extractor

This is the development tree. Production downloads are at:
https://github.com/simsong/bulk_extractor/releases
Other
1.04k stars 184 forks source link

PHASE_ENABLED unused #406

Closed jonstewart closed 1 year ago

jonstewart commented 1 year ago

One of the phase enum values is PHASE_ENABLED and there’s some logic for handling it in bulk_extractor… but as far as I can determine, no scanner handles that enum value. So, it’s hard to reason about it from example usage in the scanners.

What does it signify, especially vis a vis PHASE_INIT2? Is that a useful distinction or should it be deleted?

simsong commented 1 year ago

THe idea was we wanted to have a single init for each scanner (PHASE_INIT), and then an init for each thread (PHASE_INIT2). ENABLED is called only for the scanners that are enabled. It's all described here:

https://github.com/simsong/be20_api/blob/1c0bdaa14248c81e1d163a28e44dace4b1d266d9/scanner_params.h#L147

simsong commented 1 year ago

It is used in the be20_api: https://github.com/simsong/be20_api/search?q=PHASE_ENABLED It's just not used currently in any scanners.

simsong commented 1 year ago

I'm going to close, but please re-open if you think something should be done.

jonstewart commented 1 year ago

I think I have a sense of it now. The enums represent the progression of a scanner through a state machine. However — and please confirm —the scanner function, eg scan_foo(), does not get called for every state. For example, while the scanner’s phase is set to PHASE_ENABLED at a certain point, scan_foo() is never called during this phase. Is that true?The docs indicate that PHASE_INIT2 is called on the main thread — I am assuming that’s for a scanner to perform setup work whereas the first INIT is just for self-reporting basic scanner metadata to enable the CLI etc.On Apr 13, 2023, at 9:20 PM, Simson L. Garfinkel @.***> wrote: Closed #406 as completed.

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: @.***>

simsong commented 1 year ago

It's important to remember that the scanner doesn't have a phase; the scanner is a piece of code. The INIT and INIT2 allow it to create per-scanner global state*, and per-thread global state.

current_phase in the scanner_set is set to PHASE_ENABLED after the enabled commands are figured out: https://github.com/simsong/be20_api/blob/1c0bdaa14248c81e1d163a28e44dace4b1d266d9/scanner_set.cpp#L561