From: Philippe Antoine <pantoine@oisf.net>
Date: Mon, 11 Mar 2024 10:18:34 +0000 (+0100)
Subject: http: event on request line missing protocol
X-Git-Tag: suricata-8.0.0-beta1~1631
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=45bb936187352898036ba3732318cb36ee9e3cbf;p=thirdparty%2Fsuricata.git

http: event on request line missing protocol

Ticket: 6856
---

diff --git a/rules/http-events.rules b/rules/http-events.rules
index 8c7763f1b6..b5cce76bf2 100644
--- a/rules/http-events.rules
+++ b/rules/http-events.rules
@@ -91,4 +91,6 @@ alert http any any -> any any (msg:"SURICATA HTTP failed protocol change"; flow:
 
 #alert http any any -> any any (msg:"SURICATA HTTP request chunk extension"; flow:established; app-layer-event:http.request_chunk_extension; classtype:protocol-command-decode; sid:2221054; rev:1;)
 
-# next sid 2221055
+alert http any any -> any any (msg:"SURICATA HTTP request missing protocol"; flow:established,to_server; app-layer-event:http.request_line_missing_protocol; classtype:protocol-command-decode; sid:2221055; rev:1;)
+
+# next sid 2221056
diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c
index f8e6e9e8de..1b4d31c841 100644
--- a/src/app-layer-htp.c
+++ b/src/app-layer-htp.c
@@ -167,6 +167,7 @@ SCEnumCharMap http_decoder_event_table[] = {
 
     { "RANGE_INVALID", HTTP_DECODER_EVENT_RANGE_INVALID },
     { "REQUEST_CHUNK_EXTENSION", HTTP_DECODER_EVENT_REQUEST_CHUNK_EXTENSION },
+    { "REQUEST_LINE_MISSING_PROTOCOL", HTTP_DECODER_EVENT_REQUEST_LINE_MISSING_PROTOCOL },
 
     /* suricata warnings/errors */
     { "MULTIPART_GENERIC_ERROR", HTTP_DECODER_EVENT_MULTIPART_GENERIC_ERROR },
@@ -642,6 +643,7 @@ struct {
     { "Ambiguous response C-L value",
             HTTP_DECODER_EVENT_DUPLICATE_CONTENT_LENGTH_FIELD_IN_RESPONSE },
     { "Request chunk extension", HTTP_DECODER_EVENT_REQUEST_CHUNK_EXTENSION },
+    { "Request line: missing protocol", HTTP_DECODER_EVENT_REQUEST_LINE_MISSING_PROTOCOL },
 };
 
 #define HTP_ERROR_MAX (sizeof(htp_errors) / sizeof(htp_errors[0]))
diff --git a/src/app-layer-htp.h b/src/app-layer-htp.h
index a61121db59..f3a5aedaab 100644
--- a/src/app-layer-htp.h
+++ b/src/app-layer-htp.h
@@ -128,6 +128,7 @@ enum {
 
     HTTP_DECODER_EVENT_RANGE_INVALID,
     HTTP_DECODER_EVENT_REQUEST_CHUNK_EXTENSION,
+    HTTP_DECODER_EVENT_REQUEST_LINE_MISSING_PROTOCOL,
 
     /* suricata errors/warnings */
     HTTP_DECODER_EVENT_MULTIPART_GENERIC_ERROR,