From: Victor Julien <vjulien@oisf.net>
Date: Mon, 8 Jan 2024 08:02:15 +0000 (+0100)
Subject: eve/http: use numeric status code by default
X-Git-Tag: suricata-8.0.0-beta1~1849
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9a14d7a723f55ee1c2509673be27c6d98e62f7b9;p=thirdparty%2Fsuricata.git

eve/http: use numeric status code by default

To avoid costly string operations.
---

diff --git a/src/output-json-http.c b/src/output-json-http.c
index 5f44e95557..e49eb5e8a7 100644
--- a/src/output-json-http.c
+++ b/src/output-json-http.c
@@ -288,8 +288,13 @@ static void EveHttpLogJSONExtended(JsonBuilder *js, htp_tx_t *tx)
                 js, "protocol", bstr_ptr(tx->request_protocol), bstr_len(tx->request_protocol));
     }
 
-    /* response status */
-    if (tx->response_status != NULL) {
+    /* response status: from libhtp:
+     * "Response status code, available only if we were able to parse it, HTP_STATUS_INVALID
+     *  otherwise. HTP_STATUS_UNKNOWN until parsing is attempted" .*/
+    const int resp = tx->response_status_number;
+    if (resp > 0) {
+        jb_set_uint(js, "status", (uint32_t)resp);
+    } else if (tx->response_status != NULL) {
         const size_t status_size = bstr_len(tx->response_status) * 2 + 1;
         char status_string[status_size];
         BytesToStringBuffer(bstr_ptr(tx->response_status), bstr_len(tx->response_status),