Merge in SNORT/snort3 from ~ADMAMOLE/snort3:new_field_for_raw_body_w_depth to master
Squashed commit of the following:
commit
ecfe918412a0ac3914b649f5f4eb8d8d57d88a62
Author: Adrian Mamolea <admamole@cisco.com>
Date: Wed May 4 15:59:54 2022 -0400
http_inspect: added field for raw_body
void HttpMsgBody::analyze()
{
+ const int32_t raw_body_length =
+ (msg_text.length() <= session_data->detect_depth_remaining[source_id]) ?
+ msg_text.length() : session_data->detect_depth_remaining[source_id];
+
+ if (raw_body_length > 0)
+ raw_body.set(raw_body_length, msg_text.start());
+ else
+ raw_body.set(STAT_NO_SOURCE);
+
uint32_t& partial_inspected_octets = session_data->partial_inspected_octets[source_id];
// When there have been partial inspections we focus on the part of the message we have not
bool detection_required() const override { return (detect_data.length() > 0); }
HttpMsgBody* get_body() override { return this; }
const Field& get_classic_client_body();
+ const Field& get_raw_body() { return raw_body; }
const Field& get_decomp_vba_data();
const Field& get_norm_js_data();
const Field& get_detect_data() { return detect_data; }
// In order of generation
Field msg_text_new;
Field decoded_body;
+ Field raw_body; // request_depth or response_depth applied
Field decompressed_file_body;
Field cumulative_data;
Field js_norm_body;
}
case HTTP_BUFFER_RAW_BODY:
{
- return (get_body() != nullptr) ? get_body()->msg_text : Field::FIELD_NULL;
+ return (get_body() != nullptr) ? get_body()->get_raw_body() : Field::FIELD_NULL;
}
case HTTP_BUFFER_RAW_HEADER:
case HTTP_BUFFER_RAW_TRAILER:
projects / thirdparty / snort3.git / commitdiff
