Merge pull request #2041 in SNORT/snort3 from ~OZAIKA/snort3:ozaika_asproxy to master

author Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>

Mon, 2 Mar 2020 15:50:11 +0000 (15:50 +0000)

committer Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>

Mon, 2 Mar 2020 15:50:11 +0000 (15:50 +0000)
author Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Mon, 2 Mar 2020 15:50:11 +0000 (15:50 +0000)
committer Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Mon, 2 Mar 2020 15:50:11 +0000 (15:50 +0000)
diff --git a/src/network_inspectors/appid/appid_http_event_handler.cc b/src/network_inspectors/appid/appid_http_event_handler.cc

index 8d8d3724edb9a7f58ca7d08dbce23be9a9024c47..190650583d4807af34c70d1bd87db37774d026a3 100644 (file)
--- a/src/network_inspectors/appid/appid_http_event_handler.cc
+++ b/src/network_inspectors/appid/appid_http_event_handler.cc
@@ -86,8 +86,6 @@ void HttpEventHandler::handle(DataEvent& event, Flow* flow)
          hsession->set_field(REQ_COOKIE_FID, header_start, header_length, change_bits);
          header_start = http_event->get_referer(header_length);
          hsession->set_field(REQ_REFERER_FID, header_start, header_length, change_bits);
-        header_start = http_event->get_x_working_with(header_length);
-        hsession->set_field(MISC_XWW_FID, header_start, header_length, change_bits);
          hsession->set_is_webdav(http_event->contains_webdav_method());
  
          // FIXIT-M: Should we get request body (may be expensive to copy)?
@@ -119,6 +117,13 @@ void HttpEventHandler::handle(DataEvent& event, Flow* flow)
          //      third-party.
      }
  
+    header_start = http_event->get_x_working_with(header_length);
+    if (header_length > 0)
+    {
+        hsession->set_field(MISC_XWW_FID, header_start, header_length, change_bits);
+        asd->scan_flags |= SCAN_HTTP_XWORKINGWITH_FLAG;
+    }
+
      //  The Via header can be in both the request and response.
      header_start = http_event->get_via(header_length);
      if (header_length > 0)
diff --git a/src/network_inspectors/appid/test/appid_http_event_test.cc b/src/network_inspectors/appid/test/appid_http_event_test.cc

index acd5cfb180405c5e4ddd7b8d41488de319ede22a..c54f5218470a0bb9ac745dc29ea443921cd54eea 100644 (file)
--- a/src/network_inspectors/appid/test/appid_http_event_test.cc
+++ b/src/network_inspectors/appid/test/appid_http_event_test.cc
@@ -342,7 +342,7 @@ TEST(appid_http_event, handle_msg_header_user_agent)
  TEST(appid_http_event, handle_msg_header_x_working_with)
  {
      TestData test_data;
-    test_data.scan_flags = 0;
+    test_data.scan_flags = SCAN_HTTP_XWORKINGWITH_FLAG;
      test_data.x_working_with = X_WORKING_WITH;
  
      run_event_handler(test_data);
author	Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
	Mon, 2 Mar 2020 15:50:11 +0000 (15:50 +0000)
committer	Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
	Mon, 2 Mar 2020 15:50:11 +0000 (15:50 +0000)
src/network_inspectors/appid/appid_http_event_handler.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/test/appid_http_event_test.cc		patch \| blob \| blame \| history