Pull request #3321: US 670672: O365: Add capability to identify microsoft headers...

Merge in SNORT/snort3 from ~MDAGON/snort3:tenant to master

Squashed commit of the following:

commit f96fc2a190605055565dd5e7d616884cde125c25
Author: Maya Dagon <mdagon@cisco.com>
Date:   Thu Mar 24 11:23:57 2022 -0400

    http_inspect: support headers Restrict-Access-To-Tenants, Restrict-Access-Context

diff --git a/src/service_inspectors/http_inspect/http_enum.h b/src/service_inspectors/http_inspect/http_enum.h
index 7e28b3fcdd191d73c4a1b529dcf0f0fdae12c54d..6c6df742382235389a1d819b1a57fbc915f8866e 100755 (executable)
--- a/src/service_inspectors/http_inspect/http_enum.h
+++ b/src/service_inspectors/http_inspect/http_enum.h
@@ -140,6 +140,7 @@ enum TransferEncoding { TE__OTHER=1, TE_CHUNKED, TE_IDENTITY };
 enum Upgrade { UP__OTHER=1, UP_H2C, UP_H2, UP_HTTP20 };
 
 // Every header we have ever heard of
+// Note: when making changes here also update NormalizedHeader::header_norms
 enum HeaderId { HEAD__NOT_COMPUTE=-14, HEAD__PROBLEMATIC=-12, HEAD__NOT_PRESENT=-11, HEAD__OTHER=1,
     HEAD_CACHE_CONTROL, HEAD_CONNECTION, HEAD_DATE, HEAD_PRAGMA, HEAD_TRAILER, HEAD_COOKIE,
     HEAD_SET_COOKIE, HEAD_TRANSFER_ENCODING, HEAD_UPGRADE, HEAD_VIA, HEAD_WARNING, HEAD_ACCEPT,
@@ -152,7 +153,8 @@ enum HeaderId { HEAD__NOT_COMPUTE=-14, HEAD__PROBLEMATIC=-12, HEAD__NOT_PRESENT=
     HEAD_CONTENT_LENGTH, HEAD_CONTENT_LOCATION, HEAD_CONTENT_MD5, HEAD_CONTENT_RANGE,
     HEAD_CONTENT_TYPE, HEAD_EXPIRES, HEAD_LAST_MODIFIED, HEAD_X_FORWARDED_FOR, HEAD_TRUE_CLIENT_IP,
     HEAD_X_WORKING_WITH, HEAD_CONTENT_TRANSFER_ENCODING, HEAD_MIME_VERSION, HEAD_PROXY_AGENT,
-    HEAD_CONTENT_DISPOSITION, HEAD_HTTP2_SETTINGS, HEAD__MAX_VALUE };
+    HEAD_CONTENT_DISPOSITION, HEAD_HTTP2_SETTINGS, HEAD_RESTRICT_ACCESS_TO_TENANTS,
+    HEAD_RESTRICT_ACCESS_CONTEXT, HEAD__MAX_VALUE };
 
 // All the infractions we might find while parsing and analyzing a message
 enum Infraction

diff --git a/src/service_inspectors/http_inspect/http_normalized_header.cc b/src/service_inspectors/http_inspect/http_normalized_header.cc
index 3448fcfb7889c2ecc79339f398cb089cc4195f6c..53d5c0969b30dbb6cfeee0858b11873653e4d73e 100644 (file)
--- a/src/service_inspectors/http_inspect/http_normalized_header.cc
+++ b/src/service_inspectors/http_inspect/http_normalized_header.cc
@@ -163,6 +163,8 @@ const NormalizedHeader::HeaderNormalizer* const NormalizedHeader::header_norms[H
     &NORMALIZER_BASIC,      // HEAD_PROXY_AGENT
     &NORMALIZER_BASIC,      // HEAD_CONTENT_DISPOSITION
     &NORMALIZER_TOKEN_LIST, // HEAD_HTTP2_SETTINGS
+    &NORMALIZER_BASIC,      // HEAD_RESTRICT_ACCESS_TO_TENANTS
+    &NORMALIZER_BASIC,      // HEAD_RESTRICT_ACCESS_CONTEXT
     &NORMALIZER_BASIC,      // HEAD__MAX_VALUE
     &NORMALIZER_BASIC,      // HEAD_CUSTOM_XFF_HEADER
     &NORMALIZER_BASIC,      // HEAD_CUSTOM_XFF_HEADER

diff --git a/src/service_inspectors/http_inspect/http_tables.cc b/src/service_inspectors/http_inspect/http_tables.cc
index 39f1dda20b784d6f68f17544d6526e7c784bd487..72e0c56d9ff3985bc54e5725cf0b30d72c25d437 100755 (executable)
--- a/src/service_inspectors/http_inspect/http_tables.cc
+++ b/src/service_inspectors/http_inspect/http_tables.cc
@@ -83,64 +83,66 @@ const StrCode HttpMsgRequest::method_list[] =
 
 const StrCode HttpMsgHeadShared::header_list[] =
 {
-    { HEAD_CACHE_CONTROL,             "cache-control" },
-    { HEAD_CONNECTION,                "connection" },
-    { HEAD_DATE,                      "date" },
-    { HEAD_PRAGMA,                    "pragma" },
-    { HEAD_TRAILER,                   "trailer" },
-    { HEAD_COOKIE,                    "cookie" },
-    { HEAD_SET_COOKIE,                "set-cookie" },
-    { HEAD_TRANSFER_ENCODING,         "transfer-encoding" },
-    { HEAD_UPGRADE,                   "upgrade" },
-    { HEAD_VIA,                       "via" },
-    { HEAD_WARNING,                   "warning" },
-    { HEAD_ACCEPT,                    "accept" },
-    { HEAD_ACCEPT_CHARSET,            "accept-charset" },
-    { HEAD_ACCEPT_ENCODING,           "accept-encoding" },
-    { HEAD_ACCEPT_LANGUAGE,           "accept-language" },
-    { HEAD_AUTHORIZATION,             "authorization" },
-    { HEAD_EXPECT,                    "expect" },
-    { HEAD_FROM,                      "from" },
-    { HEAD_HOST,                      "host" },
-    { HEAD_IF_MATCH,                  "if-match" },
-    { HEAD_IF_MODIFIED_SINCE,         "if-modified-since" },
-    { HEAD_IF_NONE_MATCH,             "if-none-match" },
-    { HEAD_IF_RANGE,                  "if-range" },
-    { HEAD_IF_UNMODIFIED_SINCE,       "if-unmodified-since" },
-    { HEAD_MAX_FORWARDS,              "max-forwards" },
-    { HEAD_PROXY_AUTHORIZATION,       "proxy-authorization" },
-    { HEAD_RANGE,                     "range" },
-    { HEAD_REFERER,                   "referer" },
-    { HEAD_TE,                        "te" },
-    { HEAD_USER_AGENT,                "user-agent" },
-    { HEAD_ACCEPT_RANGES,             "accept-ranges" },
-    { HEAD_AGE,                       "age" },
-    { HEAD_ETAG,                      "etag" },
-    { HEAD_LOCATION,                  "location" },
-    { HEAD_PROXY_AUTHENTICATE,        "proxy-authenticate" },
-    { HEAD_RETRY_AFTER,               "retry-after" },
-    { HEAD_SERVER,                    "server" },
-    { HEAD_VARY,                      "vary" },
-    { HEAD_WWW_AUTHENTICATE,          "www-authenticate" },
-    { HEAD_ALLOW,                     "allow" },
-    { HEAD_CONTENT_ENCODING,          "content-encoding" },
-    { HEAD_CONTENT_LANGUAGE,          "content-language" },
-    { HEAD_CONTENT_LENGTH,            "content-length" },
-    { HEAD_CONTENT_LOCATION,          "content-location" },
-    { HEAD_CONTENT_MD5,               "content-md5" },
-    { HEAD_CONTENT_RANGE,             "content-range" },
-    { HEAD_CONTENT_TYPE,              "content-type" },
-    { HEAD_EXPIRES,                   "expires" },
-    { HEAD_LAST_MODIFIED,             "last-modified" },
-    { HEAD_X_FORWARDED_FOR,           "x-forwarded-for" },
-    { HEAD_TRUE_CLIENT_IP,            "true-client-ip" },
-    { HEAD_X_WORKING_WITH,            "x-working-with" },
-    { HEAD_CONTENT_TRANSFER_ENCODING, "content-transfer-encoding" },
-    { HEAD_MIME_VERSION,              "mime-version" },
-    { HEAD_PROXY_AGENT,               "proxy-agent" },
-    { HEAD_CONTENT_DISPOSITION,       "content-disposition" },
-    { HEAD_HTTP2_SETTINGS,            "http2-settings" },
-    { 0,                              nullptr }
+    { HEAD_CACHE_CONTROL,              "cache-control" },
+    { HEAD_CONNECTION,                 "connection" },
+    { HEAD_DATE,                       "date" },
+    { HEAD_PRAGMA,                     "pragma" },
+    { HEAD_TRAILER,                    "trailer" },
+    { HEAD_COOKIE,                     "cookie" },
+    { HEAD_SET_COOKIE,                 "set-cookie" },
+    { HEAD_TRANSFER_ENCODING,          "transfer-encoding" },
+    { HEAD_UPGRADE,                    "upgrade" },
+    { HEAD_VIA,                        "via" },
+    { HEAD_WARNING,                    "warning" },
+    { HEAD_ACCEPT,                     "accept" },
+    { HEAD_ACCEPT_CHARSET,             "accept-charset" },
+    { HEAD_ACCEPT_ENCODING,            "accept-encoding" },
+    { HEAD_ACCEPT_LANGUAGE,            "accept-language" },
+    { HEAD_AUTHORIZATION,              "authorization" },
+    { HEAD_EXPECT,                     "expect" },
+    { HEAD_FROM,                       "from" },
+    { HEAD_HOST,                       "host" },
+    { HEAD_IF_MATCH,                   "if-match" },
+    { HEAD_IF_MODIFIED_SINCE,          "if-modified-since" },
+    { HEAD_IF_NONE_MATCH,              "if-none-match" },
+    { HEAD_IF_RANGE,                   "if-range" },
+    { HEAD_IF_UNMODIFIED_SINCE,        "if-unmodified-since" },
+    { HEAD_MAX_FORWARDS,               "max-forwards" },
+    { HEAD_PROXY_AUTHORIZATION,        "proxy-authorization" },
+    { HEAD_RANGE,                      "range" },
+    { HEAD_REFERER,                    "referer" },
+    { HEAD_TE,                         "te" },
+    { HEAD_USER_AGENT,                 "user-agent" },
+    { HEAD_ACCEPT_RANGES,              "accept-ranges" },
+    { HEAD_AGE,                        "age" },
+    { HEAD_ETAG,                       "etag" },
+    { HEAD_LOCATION,                   "location" },
+    { HEAD_PROXY_AUTHENTICATE,         "proxy-authenticate" },
+    { HEAD_RETRY_AFTER,                "retry-after" },
+    { HEAD_SERVER,                     "server" },
+    { HEAD_VARY,                       "vary" },
+    { HEAD_WWW_AUTHENTICATE,           "www-authenticate" },
+    { HEAD_ALLOW,                      "allow" },
+    { HEAD_CONTENT_ENCODING,           "content-encoding" },
+    { HEAD_CONTENT_LANGUAGE,           "content-language" },
+    { HEAD_CONTENT_LENGTH,             "content-length" },
+    { HEAD_CONTENT_LOCATION,           "content-location" },
+    { HEAD_CONTENT_MD5,                "content-md5" },
+    { HEAD_CONTENT_RANGE,              "content-range" },
+    { HEAD_CONTENT_TYPE,               "content-type" },
+    { HEAD_EXPIRES,                    "expires" },
+    { HEAD_LAST_MODIFIED,              "last-modified" },
+    { HEAD_X_FORWARDED_FOR,            "x-forwarded-for" },
+    { HEAD_TRUE_CLIENT_IP,             "true-client-ip" },
+    { HEAD_X_WORKING_WITH,             "x-working-with" },
+    { HEAD_CONTENT_TRANSFER_ENCODING,  "content-transfer-encoding" },
+    { HEAD_MIME_VERSION,               "mime-version" },
+    { HEAD_PROXY_AGENT,                "proxy-agent" },
+    { HEAD_CONTENT_DISPOSITION,        "content-disposition" },
+    { HEAD_HTTP2_SETTINGS,             "http2-settings" },
+    { HEAD_RESTRICT_ACCESS_TO_TENANTS, "restrict-access-to-tenants" },
+    { HEAD_RESTRICT_ACCESS_CONTEXT,    "restrict-access-context" },
+    { 0,                               nullptr }
 };
 
 const StrCode HttpMsgHeadShared::content_code_list[] =