/** * Parses Cookie request header in v0 format. * * @param[in] connp * @return HTP_OK on success, HTP_ERROR on error */ htp_status_t htp_parse_cookies_v0(htp_connp_t *connp) { htp_header_t *cookie_header = htp_table_get_c(connp->in_tx->request_headers, "cookie"); if (cookie_header == NULL) return HTP_OK; // Create a new table to store cookies connp->in_tx->request_cookies = htp_table_create(4); if (connp->in_tx->request_cookies == NULL) return HTP_ERROR; unsigned char *data = bstr_ptr(cookie_header->value); size_t len = bstr_len(cookie_header->value); size_t pos = 0; while (pos < len) { // Ignore whitespace at the beginning while ((pos < len) && (isspace((int)data[pos]))) pos++; if (pos == len) return HTP_OK; size_t start = pos; // Find the end of the cookie while ((pos < len) && (data[pos] != ';')) pos++; if (htp_parse_single_cookie_v0(connp, data + start, pos - start) != HTP_OK) { return HTP_ERROR; } // Go over the semicolon if (pos != len) pos++; } return HTP_OK; }
/** * Determines protocol number from a textual representation (i.e., "HTTP/1.1"). This * function will only understand a properly formatted protocol information. It does * not try to be flexible. * * @param[in] protocol * @return Protocol version or PROTOCOL_UNKNOWN. */ int htp_parse_protocol(bstr *protocol) { if (protocol == NULL) { return HTP_PROTOCOL_UNKNOWN; } // TODO This function uses a very strict approach to parsing, whereas // browsers will typically be more flexible, allowing whitespace // before and after the forward slash, as well as allowing leading // zeroes in the numbers. We should be able to parse such malformed // content correctly (but emit a warning). if (bstr_len(protocol) == 8) { unsigned char *ptr = bstr_ptr(protocol); if ((ptr[0] == 'H') && (ptr[1] == 'T') && (ptr[2] == 'T') && (ptr[3] == 'P') && (ptr[4] == '/') && (ptr[6] == '.')) { // Check the version numbers if (ptr[5] == '0') { if (ptr[7] == '9') { return HTP_PROTOCOL_0_9; } } else if (ptr[5] == '1') { if (ptr[7] == '0') { return HTP_PROTOCOL_1_0; } else if (ptr[7] == '1') { return HTP_PROTOCOL_1_1; } } } } return HTP_PROTOCOL_UNKNOWN; }
/** * Generic request line parser. * * @param connp * @return HTP_OK or HTP_ERROR */ int htp_parse_request_line_generic(htp_connp_t *connp) { htp_tx_t *tx = connp->in_tx; unsigned char *data = (unsigned char *)bstr_ptr(tx->request_line); size_t len = bstr_len(tx->request_line); size_t pos = 0; // The request method starts at the beginning of the // line and ends with the first whitespace character. while ((pos < len) && (!htp_is_space(data[pos]))) { pos++; } // No, we don't care if the method is empty. tx->request_method = bstr_memdup((char *)data, pos); if (tx->request_method == NULL) { return HTP_ERROR; } tx->request_method_number = htp_convert_method_to_number(tx->request_method); // Ignore whitespace after request method. The RFC allows // for only one SP, but then suggests any number of SP and HT // should be permitted. while ((pos < len) && (isspace(data[pos]))) { pos++; } size_t start = pos; // The URI ends with the first whitespace. while ((pos < len) && (!htp_is_space(data[pos]))) { pos++; } tx->request_uri = bstr_memdup((char *)data + start, pos - start); if (tx->request_uri == NULL) { return HTP_ERROR; } // Ignore whitespace after URI while ((pos < len) && (htp_is_space(data[pos]))) { pos++; } // Is there protocol information available? if (pos == len) { // No, this looks like a HTTP/0.9 request. tx->protocol_is_simple = 1; return HTP_OK; } // The protocol information spreads until the end of the line. tx->request_protocol = bstr_memdup((char *)data + pos, len - pos); if (tx->request_protocol == NULL) { return HTP_ERROR; } tx->request_protocol_number = htp_parse_protocol(tx->request_protocol); return HTP_OK; }
TEST(BstrTest, Alloc) { bstr *p1; p1 = bstr_alloc(10); EXPECT_EQ(10, bstr_size(p1)); EXPECT_EQ(0, bstr_len(p1)); bstr_free(p1); }
static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv, const int list_id) { SCEnter(); InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id); if (buffer->inspect == NULL) { htp_tx_t *tx = (htp_tx_t *)txv; HtpTxUserData *tx_ud = htp_tx_get_user_data(tx); if (tx_ud == NULL || tx_ud->request_uri_normalized == NULL) { SCLogDebug("no tx_id or uri"); return NULL; } const uint32_t data_len = bstr_len(tx_ud->request_uri_normalized); const uint8_t *data = bstr_ptr(tx_ud->request_uri_normalized); InspectionBufferSetup(buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } return buffer; }
void cwmsg_addelem_80211_add_wlan(struct cwmsg *cwmsg,struct cwwlan *wlan) { uint16_t capab=htons(wlan->capab); uint16_t keylen=htons(wlan->key_length); cwmsg_vaddelem(cwmsg,CW_ELEM_80211_ADD_WLAN, &wlan->rid,1, &wlan->wid,1, &capab,2, &wlan->key_index,1, &wlan->key_status,1, &keylen,2, wlan->key,wlan->key_length, wlan->group_tsc,6, &wlan->qos,1, &wlan->auth_type,1, &wlan->mac_mode,1, &wlan->tunnel_mode,1, &wlan->suppress_ssid,1, bstr_data(wlan->ssid),bstr_len(wlan->ssid), NULL ); }
TEST(BstrTest, CharAtEnd) { bstr *str = bstr_dup_mem("ABCDEFGHIJKL\000NOPQRSTUVWXYZ", 20); EXPECT_EQ('T', bstr_char_at_end(str, 0)); EXPECT_EQ('\000', bstr_char_at_end(str, 7)); EXPECT_EQ(-1, bstr_char_at_end(str, bstr_len(str))); bstr_free(str); }
/* Another special case callback. This one takes a htp_file_data_t pointer. */ int htpy_request_file_data_callback(htp_file_data_t *file_data) { long i; PyObject *res; PyObject *arglist; PyObject *data_key, *data_val; PyObject *filename_key, *filename_val; PyObject *tmpname_key, *tmpname_val; PyObject *dict = PyDict_New(); if (!dict) { PyErr_SetString(htpy_error, "Unable to create dictionary."); return HTP_ERROR; } data_key = Py_BuildValue("s", "data"); data_val = Py_BuildValue("s#", file_data->data, file_data->len); if (!data_key || !data_val) { Py_DECREF(dict); return HTP_ERROR; } if (PyDict_SetItem(dict, data_key, data_val) == -1) { Py_DECREF(dict); return HTP_ERROR; } if (file_data->file->filename) { filename_key = Py_BuildValue("s", "filename"); filename_val = Py_BuildValue("s#", bstr_ptr(file_data->file->filename), bstr_len(file_data->file->filename)); if (PyDict_SetItem(dict, filename_key, filename_val) == -1) { Py_DECREF(dict); return HTP_ERROR; } } if (file_data->file->tmpname) { tmpname_key = Py_BuildValue("s", "tmpname"); tmpname_val = Py_BuildValue("s", file_data->file->tmpname); if (PyDict_SetItem(dict, tmpname_key, tmpname_val) == -1) { Py_DECREF(dict); return HTP_ERROR; } } arglist = Py_BuildValue("(O)", dict); if (!arglist) return HTP_ERROR; res = PyObject_CallObject(request_file_data_callback, arglist); Py_DECREF(arglist); if (PyErr_Occurred() != NULL) { PyErr_PrintEx(0); return HTP_ERROR; } i = PyInt_AsLong(res); Py_DECREF(res); return((int) i); }
/** * \brief Do the http_method content inspection for a signature. * * \param de_ctx Detection engine context. * \param det_ctx Detection engine thread context. * \param s Signature to inspect. * \param f Flow. * \param flags App layer flags. * \param state App layer state. * * \retval 0 No match. * \retval 1 Match. */ int DetectEngineInspectHttpMethod(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Signature *s, Flow *f, uint8_t flags, void *alstate) { SCEnter(); int r = 0; HtpState *htp_state = NULL; htp_tx_t *tx = NULL; int idx; FLOWLOCK_RDLOCK(f); htp_state = (HtpState *)alstate; if (htp_state == NULL) { SCLogDebug("no HTTP state"); goto end; } if (htp_state->connp == NULL || htp_state->connp->conn == NULL) { SCLogDebug("HTP state has no conn(p)"); goto end; } idx = AppLayerTransactionGetInspectId(f); if (idx == -1) { goto end; } int size = (int)list_size(htp_state->connp->conn->transactions); for (; idx < size; idx++) { tx = list_get(htp_state->connp->conn->transactions, idx); if (tx == NULL || tx->request_method == NULL) continue; det_ctx->buffer_offset = 0; det_ctx->discontinue_matching = 0; det_ctx->inspection_recursion_counter = 0; r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_lists[DETECT_SM_LIST_HMDMATCH], f, (uint8_t *)bstr_ptr(tx->request_method), bstr_len(tx->request_method), DETECT_ENGINE_CONTENT_INSPECTION_MODE_HMD, NULL); //r = DoInspectHttpMethod(de_ctx, det_ctx, s, s->sm_lists[DETECT_SM_LIST_HMDMATCH], //(uint8_t *)bstr_ptr(tx->request_method), //bstr_len(tx->request_method)); if (r == 1) { break; } } end: FLOWLOCK_UNLOCK(f); SCReturnInt(r); }
TEST(BstrTest, AdjustLen) { bstr *p1 = bstr_dup_c("abcdef"); bstr_adjust_len(p1, 3); EXPECT_EQ(3, bstr_len(p1)); EXPECT_EQ(0, bstr_cmp_c(p1,"abc")); bstr_free(p1); }
TEST(BstrTest, DupC) { bstr *p1; p1 = bstr_dup_c("arfarf"); EXPECT_EQ(6, bstr_size(p1)); EXPECT_EQ(6, bstr_len(p1)); EXPECT_EQ(0, memcmp("arfarf", bstr_ptr(p1), 6)); bstr_free(p1); }
TEST(BstrTest, ExpandLocal) { bstr *p1; bstr *p2; p1 = bstr_alloc(10); p2 = bstr_expand(p1, 100); ASSERT_NE(reinterpret_cast<bstr*>(NULL), p2); EXPECT_EQ(100, bstr_size(p2)); EXPECT_EQ(0, bstr_len(p2)); bstr_free(p2); }
TEST(BstrTest, Chop) { bstr *p1 = bstr_dup_c("abcdef"); bstr *p2 = bstr_alloc(10); bstr_chop(p1); EXPECT_EQ(0, bstr_cmp_c(p1,"abcde")); bstr_chop(p2); EXPECT_EQ(0, bstr_len(p2)); bstr_free(p1); bstr_free(p2); }
TEST(BstrTest, DupEx) { bstr *p1; bstr *p2; p1 = bstr_dup_c("0123456789abcdefghijkl"); p2 = bstr_dup_ex(p1, 4, 10); EXPECT_EQ(10, bstr_size(p2)); EXPECT_EQ(10, bstr_len(p2)); EXPECT_EQ(0, memcmp("456789abcd", bstr_ptr(p2),10)); bstr_free(p1); bstr_free(p2); }
static int HttpGetRequestUriNormalized(lua_State *luastate) { if (!(LuaStateNeedProto(luastate, ALPROTO_HTTP))) return LuaCallbackError(luastate, "error: protocol not http"); htp_tx_t *tx = LuaStateGetTX(luastate); if (tx == NULL) return LuaCallbackError(luastate, "internal error: no tx"); HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(tx); if (htud == NULL) return LuaCallbackError(luastate, "no htud in tx"); if (htud->request_uri_normalized == NULL || bstr_ptr(htud->request_uri_normalized) == NULL || bstr_len(htud->request_uri_normalized) == 0) return LuaCallbackError(luastate, "no normalized uri"); return LuaPushStringBuffer(luastate, bstr_ptr(htud->request_uri_normalized), bstr_len(htud->request_uri_normalized)); }
static void LogFileMetaGetHost(FILE *fp, Packet *p, File *ff) { HtpState *htp_state = (HtpState *)p->flow->alstate; if (htp_state != NULL) { htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid); if (tx != NULL && tx->request_hostname != NULL) { PrintRawJsonFp(fp, (uint8_t *)bstr_ptr(tx->request_hostname), bstr_len(tx->request_hostname)); return; } } fprintf(fp, "<unknown>"); }
static void LogFilestoreMetaGetUri(FILE *fp, Packet *p, File *ff) { HtpState *htp_state = (HtpState *)p->flow->alstate; if (htp_state != NULL) { htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, ff->txid); if (tx != NULL && tx->request_uri_normalized != NULL) { PrintRawUriFp(fp, (uint8_t *)bstr_ptr(tx->request_uri_normalized), bstr_len(tx->request_uri_normalized)); return; } } fprintf(fp, "<unknown>"); }
/** * \brief Do the content inspection & validation for a signature * * \param de_ctx Detection engine context * \param det_ctx Detection engine thread context * \param s Signature to inspect * \param sm SigMatch to inspect * \param f Flow * \param flags app layer flags * \param state App layer state * * \retval 0 no match. * \retval 1 match. * \retval 2 Sig can't match. */ int DetectEngineInspectHttpResponseLine(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id) { htp_tx_t *tx = (htp_tx_t *)txv; if (tx->response_line == NULL) { if (AppLayerParserGetStateProgress(IPPROTO_TCP, ALPROTO_HTTP, txv, flags) > HTP_RESPONSE_LINE) return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; else return DETECT_ENGINE_INSPECT_SIG_NO_MATCH; } det_ctx->discontinue_matching = 0; det_ctx->buffer_offset = 0; det_ctx->inspection_recursion_counter = 0; #if 0 PrintRawDataFp(stdout, (uint8_t *)bstr_ptr(tx->response_line), bstr_len(tx->response_line)); #endif /* run the inspection against the buffer */ int r = DetectEngineContentInspection(de_ctx, det_ctx, s, s->sm_lists[DETECT_SM_LIST_HTTP_RESLINEMATCH], f, bstr_ptr(tx->response_line), bstr_len(tx->response_line), 0, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, NULL); if (r == 1) { return DETECT_ENGINE_INSPECT_SIG_MATCH; } else { return DETECT_ENGINE_INSPECT_SIG_CANT_MATCH; } }
/* * XXX: Not sure I like mucking around in the transaction to get the status, * but I'm not sure of a better way. */ static PyObject *htpy_connp_get_response_status_string(PyObject *self, PyObject *args) { PyObject *ret; htp_tx_t *tx = NULL; tx = htp_list_get(((htpy_connp *) self)->connp->conn->transactions, htp_list_size(((htpy_connp *) self)->connp->conn->transactions) - 1); if (!tx) { PyErr_SetString(htpy_error, "Missing transaction."); return NULL; } ret = Py_BuildValue("s#", bstr_ptr(tx->response_status), bstr_len(tx->response_status)); return ret; }
static void LogFilestoreMetaGetReferer(FILE *fp, Packet *p, File *ff) { HtpState *htp_state = (HtpState *)p->flow->alstate; if (htp_state != NULL) { htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, ff->txid); if (tx != NULL) { table_t *headers; headers = tx->request_headers; htp_header_t *h = NULL; table_iterator_reset(headers); while (table_iterator_next(headers, (void **)&h) != NULL) { if (bstr_len(h->name) >= 7 && SCMemcmpLowercase((uint8_t *)"referer", (uint8_t *)bstr_ptr(h->name), bstr_len(h->name)) == 0) { PrintRawUriFp(fp, (uint8_t *)bstr_ptr(h->value), bstr_len(h->value)); return; } } } } fprintf(fp, "<unknown>"); }
/** * Parses Basic Authorization request header. * * @param[in] connp * @param[in] auth_header */ int htp_parse_authorization_basic(htp_connp_t *connp, htp_header_t *auth_header) { unsigned char *data = bstr_ptr(auth_header->value); size_t len = bstr_len(auth_header->value); size_t pos = 5; // Ignore whitespace while ((pos < len) && (isspace((int) data[pos]))) pos++; if (pos == len) return HTP_ERROR; // Decode base64-encoded data bstr *decoded = htp_base64_decode_mem(data + pos, len - pos); if (decoded == NULL) return HTP_ERROR; // Now extract the username and password int i = bstr_index_of_c(decoded, ":"); if (i == -1) { bstr_free(decoded); return HTP_ERROR; } connp->in_tx->request_auth_username = bstr_dup_ex(decoded, 0, i); if (connp->in_tx->request_auth_username == NULL) { bstr_free(decoded); return HTP_ERROR; } connp->in_tx->request_auth_password = bstr_dup_ex(decoded, i + 1, bstr_len(decoded) - i - 1); if (connp->in_tx->request_auth_password) { bstr_free(decoded); bstr_free(connp->in_tx->request_auth_username); return HTP_ERROR; } bstr_free(decoded); return HTP_OK; }
int DetectEngineRunHttpUAMpm(DetectEngineThreadCtx *det_ctx, Flow *f, HtpState *htp_state, uint8_t flags) { htp_tx_t *tx = NULL; uint32_t cnt = 0; int idx; /* we need to lock because the buffers are not actually true buffers * but are ones that point to a buffer given by libhtp */ FLOWLOCK_RDLOCK(f); if (htp_state == NULL) { SCLogDebug("no HTTP state"); goto end; } if (htp_state->connp == NULL || htp_state->connp->conn == NULL) { SCLogDebug("HTP state has no conn(p)"); goto end; } idx = AppLayerTransactionGetInspectId(f); if (idx == -1) { goto end; } int size = (int)list_size(htp_state->connp->conn->transactions); for (; idx < size; idx++) { tx = list_get(htp_state->connp->conn->transactions, idx); if (tx == NULL) continue; htp_header_t *h = (htp_header_t *)table_getc(tx->request_headers, "User-Agent"); if (h == NULL) { SCLogDebug("HTTP user agent header not present in this request"); continue; } cnt += HttpUAPatternSearch(det_ctx, (uint8_t *)bstr_ptr(h->value), bstr_len(h->value), flags); } end: FLOWLOCK_UNLOCK(f); return cnt; }
/** * Extract one request header. A header can span multiple lines, in * which case they will be folded into one before parsing is attempted. * * @param[in] connp * @param[in] data * @param[in] len * @return HTP_OK or HTP_ERROR */ htp_status_t htp_process_request_header_generic(htp_connp_t *connp, unsigned char *data, size_t len) { // Create a new header structure. htp_header_t *h = calloc(1, sizeof (htp_header_t)); if (h == NULL) return HTP_ERROR; // Now try to parse the header. if (htp_parse_request_header_generic(connp, h, data, len) != HTP_OK) { free(h); return HTP_ERROR; } #ifdef HTP_DEBUG fprint_bstr(stderr, "Header name", h->name); fprint_bstr(stderr, "Header value", h->value); #endif // Do we already have a header with the same name? htp_header_t *h_existing = htp_table_get(connp->in_tx->request_headers, h->name); if (h_existing != NULL) { // TODO Do we want to have a list of the headers that are // allowed to be combined in this way? // Add to the existing header. bstr *new_value = bstr_expand(h_existing->value, bstr_len(h_existing->value) + 2 + bstr_len(h->value)); if (new_value == NULL) { bstr_free(h->name); bstr_free(h->value); free(h); return HTP_ERROR; } h_existing->value = new_value; bstr_add_mem_noex(h_existing->value, ", ", 2); bstr_add_noex(h_existing->value, h->value); // The new header structure is no longer needed. bstr_free(h->name); bstr_free(h->value); free(h); // Keep track of repeated same-name headers. h_existing->flags |= HTP_FIELD_REPEATED; } else { // Add as a new header. htp_table_add(connp->in_tx->request_headers, h->name, h); } return HTP_OK; }
static int HttpGetRequestUriRaw(lua_State *luastate) { if (!(LuaStateNeedProto(luastate, ALPROTO_HTTP))) return LuaCallbackError(luastate, "error: protocol not http"); htp_tx_t *tx = LuaStateGetTX(luastate); if (tx == NULL) return LuaCallbackError(luastate, "internal error: no tx"); if (tx->request_uri == NULL) return LuaCallbackError(luastate, "no request uri"); return LuaPushStringBuffer(luastate, bstr_ptr(tx->request_uri), bstr_len(tx->request_uri)); }
/** * If there is any data left in the inbound data chunk, this function will preserve * it for later consumption. The maximum amount accepted for buffering is controlled * by htp_config_t::field_limit_hard. * * @param[in] connp * @return HTP_OK, or HTP_ERROR on fatal failure. */ static htp_status_t htp_connp_req_buffer(htp_connp_t *connp) { if (connp->in_current_data == NULL) return HTP_OK; unsigned char *data = connp->in_current_data + connp->in_current_consume_offset; size_t len = connp->in_current_read_offset - connp->in_current_consume_offset; if (len == 0) return HTP_OK; // Check the hard (buffering) limit. size_t newlen = connp->in_buf_size + len; // When calculating the size of the buffer, take into account the // space we're using for the request header buffer. if (connp->in_header != NULL) { newlen += bstr_len(connp->in_header); } if (newlen > connp->in_tx->cfg->field_limit_hard) { htp_log(connp, HTP_LOG_MARK, HTP_LOG_ERROR, 0, "Request buffer over the limit: size %zd limit %zd.", newlen, connp->in_tx->cfg->field_limit_hard); return HTP_ERROR; } // Copy the data remaining in the buffer. if (connp->in_buf == NULL) { connp->in_buf = malloc(len); if (connp->in_buf == NULL) return HTP_ERROR; memcpy(connp->in_buf, data, len); connp->in_buf_size = len; } else { size_t newsize = connp->in_buf_size + len; unsigned char *newbuf = realloc(connp->in_buf, newsize); if (newbuf == NULL) return HTP_ERROR; connp->in_buf = newbuf; memcpy(connp->in_buf + connp->in_buf_size, data, len); connp->in_buf_size = newsize; } // Reset the consumer position. connp->in_current_consume_offset = connp->in_current_read_offset; return HTP_OK; }
static void LogFilestoreMetaGetUri(FILE *fp, const Packet *p, const File *ff) { HtpState *htp_state = (HtpState *)p->flow->alstate; if (htp_state != NULL) { htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid); if (tx != NULL) { HtpTxUserData *tx_ud = htp_tx_get_user_data(tx); if (tx_ud->request_uri_normalized != NULL) { PrintRawUriFp(fp, bstr_ptr(tx_ud->request_uri_normalized), bstr_len(tx_ud->request_uri_normalized)); } return; } } fprintf(fp, "<unknown>"); }
void append_message(std::ostream & o, const char *label, const char *expected, bstr *actual) { o << label << " missmatch: "; if (expected != NULL) { o << "'" << expected << "'"; } else { o << "<NULL>"; } o << " != "; if (actual != NULL) { o << "'"; o.write((const char *)bstr_ptr(actual), bstr_len(actual)); o << "'"; } else { o << "<NULL>"; } o << std:: endl; }
static void LogFileMetaGetUserAgent(FILE *fp, Packet *p, File *ff) { HtpState *htp_state = (HtpState *)p->flow->alstate; if (htp_state != NULL) { htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid); if (tx != NULL) { htp_header_t *h = NULL; h = (htp_header_t *)htp_table_get_c(tx->request_headers, "User-Agent"); if (h != NULL) { PrintRawJsonFp(fp, (uint8_t *)bstr_ptr(h->value), bstr_len(h->value)); return; } } } fprintf(fp, "<unknown>"); }
static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx, const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv, const int list_id) { InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id); if (buffer->inspect == NULL) { htp_tx_t *tx = (htp_tx_t *)txv; if (unlikely(tx->request_line == NULL)) { return NULL; } const uint32_t data_len = bstr_len(tx->request_line); const uint8_t *data = bstr_ptr(tx->request_line); InspectionBufferSetup(buffer, data, data_len); InspectionBufferApplyTransforms(buffer, transforms); } return buffer; }
/** * Parses Digest Authorization request header. * * @param[in] connp * @param[in] auth_header */ int htp_parse_authorization_digest(htp_connp_t *connp, htp_header_t *auth_header) { // Extract the username int i = bstr_index_of_c(auth_header->value, "username="******"') { connp->in_tx->request_auth_username = htp_extract_quoted_string_as_bstr(data + pos, len - pos, NULL); } else { return HTP_ERROR; } return HTP_OK; }