#include "service_inspectors/http_inspect/http_msg_header.h"
#include "service_inspectors/http_inspect/http_msg_request.h"
+#include "service_inspectors/http_inspect/http_uri.h"
using namespace snort;
const uint8_t* HttpEvent::get_header(unsigned id, uint64_t sub_id, int32_t& length)
{
const Field& field = http_msg_header->get_classic_buffer(id, sub_id, 0);
- if(field.length() > 0)
+ if (field.length() > 0)
{
length = field.length();
return field.start();
return get_header(HttpEnums::HTTP_BUFFER_HEADER, HttpEnums::HEAD_HOST, length);
}
+const uint8_t* HttpEvent::get_uri_host(int32_t &length)
+{
+ const uint8_t* uri_host = get_header(HttpEnums::HTTP_BUFFER_URI, HttpEnums::UC_HOST, length);
+ if (length > 0)
+ return uri_host;
+
+ // If there is no authority in the URI parse the host from the Host header
+ const Field& host_header = http_msg_header->get_classic_buffer(HttpEnums::HTTP_BUFFER_HEADER,
+ HttpEnums::HEAD_HOST, length);
+ if (host_header.length() > 0)
+ {
+ length = HttpUri::find_host_len(host_header);
+ return host_header.start();
+ }
+ else
+ {
+ length = 0;
+ return nullptr;
+ }
+}
+
const uint8_t* HttpEvent::get_location(int32_t& length)
{
return get_header(HttpEnums::HTTP_BUFFER_HEADER, HttpEnums::HEAD_LOCATION,
const uint8_t* get_content_type(int32_t &length);
const uint8_t* get_cookie(int32_t &length);
const uint8_t* get_authority(int32_t &length);
+ const uint8_t* get_uri_host(int32_t &length);
const uint8_t* get_location(int32_t &length);
const uint8_t* get_referer(int32_t &length);
const uint8_t* get_server(int32_t &length);
#include "pub_sub/http_events.h"
#include "service_inspectors/http_inspect/http_common.h"
+#include "service_inspectors/http_inspect/http_field.h"
#include "service_inspectors/http_inspect/http_msg_header.h"
#include "service_inspectors/http_inspect/http_msg_section.h"
-#include "service_inspectors/http_inspect/http_field.h"
+#include "service_inspectors/http_inspect/http_uri.h"
#include <CppUTest/CommandLineTestRunner.h>
#include <CppUTest/TestHarness.h>
Field *out = (Field*)mock().getData("output").getObjectPointer();
return (*out);
}
+int32_t HttpUri::find_host_len(const Field&) { return 0; }
TEST_GROUP(pub_sub_http_event_test)
{
}
}
-void HttpUri::parse_authority()
+int32_t HttpUri::find_host_len(const Field& authority)
{
- if (authority.length() <= 0)
- {
- host.set(STAT_NO_SOURCE);
- port.set(STAT_NO_SOURCE);
- return;
- }
-
int32_t host_len = 0;
-
// IPv6 addresses are surrounded by [] to protect embedded colons
if (authority.start()[0] == '[')
{
for (; (host_len < authority.length()) && (authority.start()[host_len] != ':');
host_len++);
+
+ return host_len;
+}
+
+void HttpUri::parse_authority()
+{
+ if (authority.length() <= 0)
+ {
+ host.set(STAT_NO_SOURCE);
+ port.set(STAT_NO_SOURCE);
+ return;
+ }
+
+ int32_t host_len = find_host_len(authority);
host.set(host_len, authority.start());
if (host.length() < authority.length())
{
const Field& get_norm_fragment() { return fragment_norm; }
const Field& get_norm_classic() { return classic_norm; }
+ static int32_t find_host_len(const Field& authority);
+
private:
const Field uri;