removes all redundant whitespaces and line terminators from the JavaScript
syntax point of view (between identifier and punctuator, between identifier and
operator, etc.) according to ECMAScript 5.1 standard.
+Additionally, it performs normalization of JavaScript identifiers making a
+substitution of unique names with unified names representation: a0 -> z9999.
+The identifiers are variables and function names.
The normalized data is available through the script_data rule option.
This is currently experimental and still under development.
+===== js_norm_identifier_depth
+
+js_norm_identifier_depth = N {0 : 260000} will set a number of unique
+JavaScript identifiers to normalize. When the depth is reached, a built-in
+alert is generated. It's implemented per HTTP transaction (request/response),
+so the context of identifier substitutions is shared between all the scripts in
+the payload. By default, the value is set to 260000, which is the max allowed
+number of unique identifiers. The generated names are in the range from
+a0 to z9999. Thus, the number of unique identifiers cannot be greater than
+26 * 10000 = 260000. This option takes effect only if js_normalization_depth is
+set to a non-zero value, enabling the enhanced normalizer.
+This is currently experimental and still under development.
+
===== xff_headers
This configuration supports defining custom x-forwarded-for type headers. In a
projects / thirdparty / snort3.git / commitdiff
