]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8284df3)
http: event on request line missing protocol
authorPhilippe Antoine <pantoine@oisf.net>
Mon, 11 Mar 2024 10:18:34 +0000 (11:18 +0100)
committerVictor Julien <victor@inliniac.net>
Sat, 16 Mar 2024 08:29:36 +0000 (09:29 +0100)
Ticket: 6856

rules/http-events.rules patch | blob | blame | history
src/app-layer-htp.c patch | blob | blame | history
src/app-layer-htp.h patch | blob | blame | history

diff --git a/rules/http-events.rules b/rules/http-events.rules
index 8c7763f1b661d49e7843564bdde5d90ce5ed808c..b5cce76bf235c645a0b5a72f94522520ff6b3493 100644 (file)
--- a/rules/http-events.rules
+++ b/rules/http-events.rules
@@ -91,4 +91,6 @@ alert http any any -> any any (msg:"SURICATA HTTP failed protocol change"; flow:
 
 #alert http any any -> any any (msg:"SURICATA HTTP request chunk extension"; flow:established; app-layer-event:http.request_chunk_extension; classtype:protocol-command-decode; sid:2221054; rev:1;)
 
-# next sid 2221055
+alert http any any -> any any (msg:"SURICATA HTTP request missing protocol"; flow:established,to_server; app-layer-event:http.request_line_missing_protocol; classtype:protocol-command-decode; sid:2221055; rev:1;)
+
+# next sid 2221056
diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c
index f8e6e9e8de0689bf01a38a0146aa2ac8a220ac74..1b4d31c841c80d74ca2e42dade097707f38217d2 100644 (file)
--- a/src/app-layer-htp.c
+++ b/src/app-layer-htp.c
@@ -167,6 +167,7 @@ SCEnumCharMap http_decoder_event_table[] = {
 
     { "RANGE_INVALID", HTTP_DECODER_EVENT_RANGE_INVALID },
     { "REQUEST_CHUNK_EXTENSION", HTTP_DECODER_EVENT_REQUEST_CHUNK_EXTENSION },
+    { "REQUEST_LINE_MISSING_PROTOCOL", HTTP_DECODER_EVENT_REQUEST_LINE_MISSING_PROTOCOL },
 
     /* suricata warnings/errors */
     { "MULTIPART_GENERIC_ERROR", HTTP_DECODER_EVENT_MULTIPART_GENERIC_ERROR },
@@ -642,6 +643,7 @@ struct {
     { "Ambiguous response C-L value",
             HTTP_DECODER_EVENT_DUPLICATE_CONTENT_LENGTH_FIELD_IN_RESPONSE },
     { "Request chunk extension", HTTP_DECODER_EVENT_REQUEST_CHUNK_EXTENSION },
+    { "Request line: missing protocol", HTTP_DECODER_EVENT_REQUEST_LINE_MISSING_PROTOCOL },
 };
 
 #define HTP_ERROR_MAX (sizeof(htp_errors) / sizeof(htp_errors[0]))
diff --git a/src/app-layer-htp.h b/src/app-layer-htp.h
index a61121db595cd8300acfcc0b6ec1ec3f7e45121a..f3a5aedaab51dd489be759adb78768854ed0100d 100644 (file)
--- a/src/app-layer-htp.h
+++ b/src/app-layer-htp.h
@@ -128,6 +128,7 @@ enum {
 
     HTTP_DECODER_EVENT_RANGE_INVALID,
     HTTP_DECODER_EVENT_REQUEST_CHUNK_EXTENSION,
+    HTTP_DECODER_EVENT_REQUEST_LINE_MISSING_PROTOCOL,
 
     /* suricata errors/warnings */
     HTTP_DECODER_EVENT_MULTIPART_GENERIC_ERROR,
Mirror of https://github.com/OISF/suricata.git