From: Mike Stepanek (mstepane) <mstepane@cisco.com>
Date: Wed, 18 May 2022 11:33:23 +0000 (+0000)
Subject: Pull request #3424: JS Normalizer: check content decoding
X-Git-Tag: 3.1.30.0~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0e89275f7d14bddbbab5ef5a1b31a75fcfb4212b;p=thirdparty%2Fsnort3.git

Pull request #3424: JS Normalizer: check content decoding

Merge in SNORT/snort3 from ~OSHUMEIK/snort3:js_content_encoding to master

Squashed commit of the following:

commit 4fc6db8e507415d6feb50ae8691f0daba6492b8d
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Sun May 15 23:24:24 2022 +0300

    http_inspect: avoid sending compressed data to JS normalizer
---

diff --git a/src/service_inspectors/http_inspect/http_msg_body.cc b/src/service_inspectors/http_inspect/http_msg_body.cc
index 3aa4b0269..c45690bce 100644
--- a/src/service_inspectors/http_inspect/http_msg_body.cc
+++ b/src/service_inspectors/http_inspect/http_msg_body.cc
@@ -396,6 +396,9 @@ void HttpMsgBody::do_enhanced_js_normalization(const Field& input, Field& output
     auto http_header = get_header(source_id);
     auto normalizer = params->js_norm_param.js_norm;
 
+    if ((*infractions & INF_UNKNOWN_ENCODING) or (*infractions & INF_UNSUPPORTED_ENCODING))
+        return;
+
     if (session_data->is_pdu_missed())
     {
         *infractions += INF_JS_PDU_MISS;