#!/usr/bin/perl

# load_inc_fields.pl, distributed as part of Snortsnarf v020516.1
# Author: James Hoagland, Silicon Defense (hoagland@SiliconDefense.com)
# copyright (c) 2000 by Silicon Defense (http://www.silicondefense.com/)
# Released under GNU General Public License, see the COPYING file included
# with the distribution or http://www.silicondefense.com/software/snortsnarf/
# for details.

# load_inc_fields.pl is a Pipeline module to load the contents of an
#   incident with a give name into form fields
# pipeline args: incident name, incident database file path
# side effect: for each incident field found, sets a like-named form field to the value.  Also loaded are incident name (stored in 'name' field), incident creator ('creator'), labeled set name ('event-set-name'), labeled set db path ('event-set-loc'), and creation time string ('created')

# Please send complaints, kudos, and especially improvements and bugfixes to
# hoagland@SiliconDefense.com.  As described in GNU General Public License, no
# warranty is expressed for this program.

sub process {
    require "sisr_utils.pl";
    require "inc_xml.pl";
    my ($input)= shift;
    @_ == 2 || (&reporterr("load_inc_fields.pl takes 2 arguments (inc name,inc file), but got:".join(' ',@_),0) && return 0);
    
    my ($incname,$file)= &arg_to_val($input,@_);

    my $tree= &load_XML_tree($file);
    my $inc= &find_incident_named($tree,$incname);
    my %attrs=&incident_attrs($inc);
    foreach (keys %attrs) {
        my $fld= $_;
        $fld =~ tr/-/_/;
        $input->param($fld,$attrs{$_});
    }
    my($fldsref,$notesref)= &incident_fields_and_notes($inc);
    
    my $fld;
    my($name,$descr,$text);
    foreach $fld (@{$fldsref}) {
        ($name,$descr,$text)= &get_incident_text_field_info($fld);
        $input->param($name,$text);
    }
}

\&process;

# $Id: load_inc_fields.pl,v 1.11 2001/10/18 18:23:25 jim Exp $