/**
* Invoked at the end of every transaction.
*
* @param connp
*/
int callback_response(htp_connp_t *connp) {
stream_data *sd = (stream_data *)htp_connp_get_user_data(connp);
char *x = bstr_util_strdup_to_c(connp->out_tx->request_line);
fprintf(stdout, "[#%d/%d] %s\n", sd->id, sd->req_count, x);
free(x);
sd->req_count++;
}
TEST(BstrTest, DupToC) {
char *c;
bstr *str = bstr_dup_mem("ABCDEFGHIJKL\000NOPQRSTUVWXYZ", 20);
c = bstr_util_memdup_to_c("1234\0006789", 9);
EXPECT_STREQ("1234\\06789", c);
free(c);
c = bstr_util_strdup_to_c(str);
EXPECT_STREQ("ABCDEFGHIJKL\\0NOPQRST", c);
free(c);
bstr_free(str);
}
static json_t *LogFileMetaGetHost(const Packet *p, const File *ff) {
HtpState *htp_state = (HtpState *)p->flow->alstate;
json_t *js = NULL;
if (htp_state != NULL) {
htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid);
if (tx != NULL && tx->request_hostname != NULL) {
char *s = bstr_util_strdup_to_c(tx->request_hostname);
if (s != NULL) {
js = json_string(s);
SCFree(s);
}
return js;
}
}
return json_string("<unknown>");
}
static json_t *LogFileMetaGetUri(const Packet *p, const File *ff) {
HtpState *htp_state = (HtpState *)p->flow->alstate;
json_t *js = NULL;
if (htp_state != NULL) {
htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid);
if (tx != NULL) {
HtpTxUserData *tx_ud = htp_tx_get_user_data(tx);
if (tx_ud->request_uri_normalized != NULL) {
char *s = bstr_util_strdup_to_c(tx_ud->request_uri_normalized);
if (s != NULL) {
js = json_string(s);
SCFree(s);
}
}
return js;
}
}
return json_string("<unknown>");
}
static json_t *LogFileMetaGetUserAgent(const Packet *p, const File *ff) {
HtpState *htp_state = (HtpState *)p->flow->alstate;
json_t *js = NULL;
if (htp_state != NULL) {
htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid);
if (tx != NULL) {
htp_header_t *h = NULL;
h = (htp_header_t *)htp_table_get_c(tx->request_headers,
"User-Agent");
if (h != NULL) {
char *s = bstr_util_strdup_to_c(h->value);
if (s != NULL) {
js = json_string(s);
SCFree(s);
}
return js;
}
}
}
return json_string("<unknown>");
}
static PyObject *htpy_connp_get_uri(PyObject *self, PyObject *args) {
htp_uri_t *uri;
int fail = 0;
PyObject *key, *val;
PyObject *ret = PyDict_New();
if (!ret) {
PyErr_SetString(htpy_error, "Unable to create new dictionary.");
return NULL;
}
/* Empty tx? That's odd. */
if (!((htpy_connp *) self)->connp->in_tx)
Py_RETURN_NONE;
if (!((htpy_connp *) self)->connp->in_tx->parsed_uri)
Py_RETURN_NONE;
uri = ((htpy_connp *) self)->connp->in_tx->parsed_uri;
if (uri->scheme) {
key = Py_BuildValue("s", "scheme");
val = Py_BuildValue("s", bstr_util_strdup_to_c(uri->scheme));
if (!key || !val)
fail = 1;
if (PyDict_SetItem(ret, key, val) == -1)
fail = 1;
Py_XDECREF(key);
Py_XDECREF(val);
}
if (uri->username) {
key = Py_BuildValue("s", "username");
val = Py_BuildValue("s", bstr_util_strdup_to_c(uri->username));
if (!key || !val)
fail = 1;
if (PyDict_SetItem(ret, key, val) == -1)
fail = 1;
Py_XDECREF(key);
Py_XDECREF(val);
}
if (uri->password) {
key = Py_BuildValue("s", "password");
val = Py_BuildValue("s", bstr_util_strdup_to_c(uri->password));
if (!key || !val)
fail = 1;
if (PyDict_SetItem(ret, key, val) == -1)
fail = 1;
Py_XDECREF(key);
Py_XDECREF(val);
}
if (uri->hostname) {
key = Py_BuildValue("s", "hostname");
val = Py_BuildValue("s", bstr_util_strdup_to_c(uri->hostname));
if (!key || !val)
fail = 1;
if (PyDict_SetItem(ret, key, val) == -1)
fail = 1;
Py_XDECREF(key);
Py_XDECREF(val);
}
if (uri->port) {
key = Py_BuildValue("s", "port");
val = Py_BuildValue("s", bstr_util_strdup_to_c(uri->port));
if (!key || !val)
fail = 1;
if (PyDict_SetItem(ret, key, val) == -1)
fail = 1;
Py_XDECREF(key);
Py_XDECREF(val);
}
if (uri->port_number) {
key = Py_BuildValue("s", "port_number");
val = Py_BuildValue("i", uri->port_number);
if (!key || !val)
fail = 1;
if (PyDict_SetItem(ret, key, val) == -1)
fail = 1;
Py_XDECREF(key);
Py_XDECREF(val);
}
if (uri->path) {
key = Py_BuildValue("s", "path");
val = Py_BuildValue("s", bstr_util_strdup_to_c(uri->path));
if (!key || !val)
fail = 1;
if (PyDict_SetItem(ret, key, val) == -1)
fail = 1;
Py_XDECREF(key);
Py_XDECREF(val);
}
if (uri->query) {
key = Py_BuildValue("s", "query");
val = Py_BuildValue("s", bstr_util_strdup_to_c(uri->query));
if (!key || !val)
fail = 1;
if (PyDict_SetItem(ret, key, val) == -1)
fail = 1;
Py_XDECREF(key);
Py_XDECREF(val);
}
if (uri->fragment) {
key = Py_BuildValue("s", "fragment");
val = Py_BuildValue("s", bstr_util_strdup_to_c(uri->fragment));
if (!key || !val)
fail = 1;
if (PyDict_SetItem(ret, key, val) == -1)
fail = 1;
Py_XDECREF(key);
Py_XDECREF(val);
}
// Exception should be set by Py_BuildValue or PyDict_SetItem failing.
if (fail) {
Py_DECREF(ret);
return NULL;
}
return ret;
}
/* JSON format logging */
static void JsonHttpLogJSON(JsonHttpLogThread *aft, json_t *js, htp_tx_t *tx)
{
LogHttpFileCtx *http_ctx = aft->httplog_ctx;
json_t *hjs = json_object();
if (hjs == NULL) {
return;
}
char *c;
/* hostname */
if (tx->request_hostname != NULL)
{
c = bstr_util_strdup_to_c(tx->request_hostname);
if (c != NULL) {
json_object_set_new(hjs, "hostname", json_string(c));
SCFree(c);
}
} else {
json_object_set_new(hjs, "hostname", json_string("<unknown>"));
}
/* uri */
if (tx->request_uri != NULL)
{
c = bstr_util_strdup_to_c(tx->request_uri);
if (c != NULL) {
json_object_set_new(hjs, "url", json_string(c));
SCFree(c);
}
}
/* user agent */
htp_header_t *h_user_agent = NULL;
if (tx->request_headers != NULL) {
h_user_agent = htp_table_get_c(tx->request_headers, "user-agent");
}
if (h_user_agent != NULL) {
c = bstr_util_strdup_to_c(h_user_agent->value);
if (c != NULL) {
json_object_set_new(hjs, "http_user_agent", json_string(c));
SCFree(c);
}
} else {
json_object_set_new(hjs, "http_user_agent", json_string("unknown>"));
}
/* x-forwarded-for */
htp_header_t *h_x_forwarded_for = NULL;
if (tx->request_headers != NULL) {
h_x_forwarded_for = htp_table_get_c(tx->request_headers, "x-forwarded-for");
}
if (h_x_forwarded_for != NULL) {
c = bstr_util_strdup_to_c(h_x_forwarded_for->value);
if (c != NULL) {
json_object_set_new(hjs, "xff", json_string(c));
SCFree(c);
}
}
/* content-type */
htp_header_t *h_content_type = NULL;
if (tx->response_headers != NULL) {
h_content_type = htp_table_get_c(tx->response_headers, "content-type");
}
if (h_content_type != NULL) {
char *p;
c = bstr_util_strdup_to_c(h_content_type->value);
if (c != NULL) {
p = strchr(c, ';');
if (p != NULL)
*p = '\0';
json_object_set_new(hjs, "http_content_type", json_string(c));
SCFree(c);
}
}
if (http_ctx->flags & LOG_HTTP_EXTENDED) {
/* referer */
htp_header_t *h_referer = NULL;
if (tx->request_headers != NULL) {
h_referer = htp_table_get_c(tx->request_headers, "referer");
}
if (h_referer != NULL) {
c = bstr_util_strdup_to_c(h_referer->value);
if (c != NULL) {
json_object_set_new(hjs, "http_refer", json_string(c));
SCFree(c);
}
}
/* method */
if (tx->request_method != NULL) {
c = bstr_util_strdup_to_c(tx->request_method);
if (c != NULL) {
json_object_set_new(hjs, "http_method", json_string(c));
SCFree(c);
}
}
/* protocol */
if (tx->request_protocol != NULL) {
c = bstr_util_strdup_to_c(tx->request_protocol);
if (c != NULL) {
json_object_set_new(hjs, "protocol", json_string(c));
SCFree(c);
}
}
/* response status */
if (tx->response_status != NULL) {
c = bstr_util_strdup_to_c(tx->response_status);
if (c != NULL) {
json_object_set_new(hjs, "status", json_string(c));
SCFree(c);
}
htp_header_t *h_location = htp_table_get_c(tx->response_headers, "location");
if (h_location != NULL) {
c = bstr_util_strdup_to_c(h_location->value);
if (c != NULL) {
json_object_set_new(hjs, "redirect", json_string(c));
SCFree(c);
}
}
}
/* length */
json_object_set_new(hjs, "length", json_integer(tx->response_message_len));
}
json_object_set_new(js, "http", hjs);
}