json-email-common: can now log same header twice

Multiple events can be applied on a transaction so we may need to
log the same header twice.

The HDR_IS_LOGGED flag was making it impossible. And this system
is usless as email application layer is transaction based.

diff --git a/src/output-json-email-common.c b/src/output-json-email-common.c
index d54b7b4d028ef867b5519b063a790179e6770186..dc628328650ff99df11058292d250fc1c1d98333 100644 (file)
--- a/src/output-json-email-common.c
+++ b/src/output-json-email-common.c
@@ -270,51 +270,73 @@ json_t *JsonEmailLogJsonData(const Flow *f, void *state, void *vtx, uint64_t tx_
         json_object_set_new(sjs, "status",
                             json_string(MimeDecParseStateGetStatus(mime_state)));
 
-        if ((entity->header_flags & HDR_IS_LOGGED) == 0) {
-            MimeDecField *field;
-            //printf("email LOG\n");
-
-            /* From: */
-            field = MimeDecFindField(entity, "from");
-            if (field != NULL) {
-                char *s = BytesToString((uint8_t *)field->value,
-                                        (size_t)field->value_len);
-                if (likely(s != NULL)) {
-                    //printf("From: \"%s\"\n", s);
-                    char * sp = SkipWhiteSpaceTill(s, s + strlen(s));
-                    json_object_set_new(sjs, "from", json_string(sp));
-                    SCFree(s);
-                }
-            }
+        MimeDecField *field;
+        //printf("email LOG\n");
 
-            /* To: */
-            field = MimeDecFindField(entity, "to");
-            if (field != NULL) {
-                json_t *ajs = JsonEmailJsonArrayFromCommaList(field->value, field->value_len);
-                if (ajs) {
-                    json_object_set_new(sjs, "to", ajs);
-                }
+        /* From: */
+        field = MimeDecFindField(entity, "from");
+        if (field != NULL) {
+            char *s = BytesToString((uint8_t *)field->value,
+                                    (size_t)field->value_len);
+            if (likely(s != NULL)) {
+                //printf("From: \"%s\"\n", s);
+                char * sp = SkipWhiteSpaceTill(s, s + strlen(s));
+                json_object_set_new(sjs, "from", json_string(sp));
+                SCFree(s);
             }
+        }
 
-            /* Cc: */
-            field = MimeDecFindField(entity, "cc");
-            if (field != NULL) {
-                json_t *ajs = JsonEmailJsonArrayFromCommaList(field->value, field->value_len);
-                if (ajs) {
-                    json_object_set_new(sjs, "cc", ajs);
-                }
+        /* To: */
+        field = MimeDecFindField(entity, "to");
+        if (field != NULL) {
+            json_t *ajs = JsonEmailJsonArrayFromCommaList(field->value, field->value_len);
+            if (ajs) {
+                json_object_set_new(sjs, "to", ajs);
             }
+        }
 
-            entity->header_flags |= HDR_IS_LOGGED;
+        /* Cc: */
+        field = MimeDecFindField(entity, "cc");
+        if (field != NULL) {
+            json_t *ajs = JsonEmailJsonArrayFromCommaList(field->value, field->value_len);
+            if (ajs) {
+                json_object_set_new(sjs, "cc", ajs);
+            }
+        }
 
-            if (mime_state->stack == NULL || mime_state->stack->top == NULL || mime_state->stack->top->data == NULL)
-                SCReturnPtr(NULL, "json_t");
+        if (mime_state->stack == NULL || mime_state->stack->top == NULL || mime_state->stack->top->data == NULL)
+            SCReturnPtr(NULL, "json_t");
 
-            entity = (MimeDecEntity *)mime_state->stack->top->data;
-            int attch_cnt = 0;
-            int url_cnt = 0;
-            json_t *js_attch = json_array();
-            json_t *js_url = json_array();
+        entity = (MimeDecEntity *)mime_state->stack->top->data;
+        int attch_cnt = 0;
+        int url_cnt = 0;
+        json_t *js_attch = json_array();
+        json_t *js_url = json_array();
+        if (entity->url_list != NULL) {
+            MimeDecUrl *url;
+            for (url = entity->url_list; url != NULL; url = url->next) {
+                char *s = BytesToString((uint8_t *)url->url,
+                                        (size_t)url->url_len);
+                if (s != NULL) {
+                    //printf("URL: \"%s\"\n", s);
+                    json_array_append_new(js_url,
+                                      json_string(s));
+                    SCFree(s);
+                    url_cnt += 1;
+                }
+            }
+        }
+        for (entity = entity->child; entity != NULL; entity = entity->next) {
+            if (entity->ctnt_flags & CTNT_IS_ATTACHMENT) {
+
+                char *s = BytesToString((uint8_t *)entity->filename,
+                                        (size_t)entity->filename_len);
+                //printf("found attachment \"%s\"\n", s);
+                json_array_append_new(js_attch,
+                                      json_string(s));
+                SCFree(s);
+                attch_cnt += 1;
+            }
             if (entity->url_list != NULL) {
                 MimeDecUrl *url;
                 for (url = entity->url_list; url != NULL; url = url->next) {
@@ -329,45 +351,19 @@ json_t *JsonEmailLogJsonData(const Flow *f, void *state, void *vtx, uint64_t tx_
                     }
                 }
             }
-            for (entity = entity->child; entity != NULL; entity = entity->next) {
-                if (entity->ctnt_flags & CTNT_IS_ATTACHMENT) {
-
-                    char *s = BytesToString((uint8_t *)entity->filename,
-                                            (size_t)entity->filename_len);
-                    //printf("found attachment \"%s\"\n", s);
-                    json_array_append_new(js_attch,
-                                          json_string(s));
-                    SCFree(s);
-                    attch_cnt += 1;
-                }
-                if (entity->url_list != NULL) {
-                    MimeDecUrl *url;
-                    for (url = entity->url_list; url != NULL; url = url->next) {
-                        char *s = BytesToString((uint8_t *)url->url,
-                                                (size_t)url->url_len);
-                        if (s != NULL) {
-                            //printf("URL: \"%s\"\n", s);
-                            json_array_append_new(js_url,
-                                              json_string(s));
-                            SCFree(s);
-                            url_cnt += 1;
-                        }
-                    }
-                }
-            }
-            if (attch_cnt > 0) {
-                json_object_set_new(sjs, "attachment", js_attch);
-            } else {
-                json_decref(js_attch);
-            }
-            if (url_cnt > 0) {
-                json_object_set_new(sjs, "url", js_url);
-            } else {
-                json_decref(js_url);
-            }
-//            FLOWLOCK_UNLOCK(p->flow);
-            SCReturnPtr(sjs, "json_t");
         }
+        if (attch_cnt > 0) {
+            json_object_set_new(sjs, "attachment", js_attch);
+        } else {
+            json_decref(js_attch);
+        }
+        if (url_cnt > 0) {
+            json_object_set_new(sjs, "url", js_url);
+        } else {
+            json_decref(js_url);
+        }
+//        FLOWLOCK_UNLOCK(p->flow);
+        SCReturnPtr(sjs, "json_t");
     }
 
     json_decref(sjs);

diff --git a/src/util-decode-mime.h b/src/util-decode-mime.h
index 536c3a0a246a872cefdc3b46e5f63428c4037a76..02b3bb13dd95fbfd5a8670856f30d2fa69ca691f 100644 (file)
--- a/src/util-decode-mime.h
+++ b/src/util-decode-mime.h
@@ -33,9 +33,6 @@
 #include "util-base64.h"
 #include "util-debug.h"
 
-/* Header Flags */
-#define HDR_IS_LOGGED         1
-
 /* Content Flags */
 #define CTNT_IS_MSG           1
 #define CTNT_IS_ENV           2