From: Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Date: Fri, 17 Jul 2020 22:28:05 +0000 (+0000)
Subject: Merge pull request #2328 in SNORT/snort3 from ~KAMURTHI/snort3:http_url_matching... 
X-Git-Tag: 3.0.2-3~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9dcaf3ee9119534ec48033e4f59c5a7b1c1dbc39;p=thirdparty%2Fsnort3.git

Merge pull request #2328 in SNORT/snort3 from ~KAMURTHI/snort3:http_url_matching to master

Squashed commit of the following:

commit 891166234fa3e831efbad4cdfc3cff4ea7210cf7
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date:   Thu Jul 9 16:12:37 2020 -0400

    appid: For http traffic, if payload cannot be detected, set it to unknown.
---

diff --git a/src/network_inspectors/appid/appid_http_session.cc b/src/network_inspectors/appid/appid_http_session.cc
index 45527687d..67d0327f4 100644
--- a/src/network_inspectors/appid/appid_http_session.cc
+++ b/src/network_inspectors/appid/appid_http_session.cc
@@ -590,7 +590,8 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction,
 
         /* Scan Via Header for squid */
         const std::string* via = meta_data[MISC_VIA_FID];
-        if ( !asd.get_tp_payload_app_id() and !payload.get_id() and (asd.scan_flags & SCAN_HTTP_VIA_FLAG) and via )
+        if ( !asd.get_tp_payload_app_id() and payload.get_id() <= APP_ID_NONE and
+            (asd.scan_flags & SCAN_HTTP_VIA_FLAG) and via )
         {
             AppId payload_id = http_matchers.get_appid_by_pattern(via->c_str(), via->size(),
                 nullptr);
@@ -632,7 +633,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction,
     // Scan Content-Type Header for multimedia types and scan contents
     const std::string* content_type = meta_data[RSP_CONTENT_TYPE_FID];
     if ( (asd.scan_flags & SCAN_HTTP_CONTENT_TYPE_FLAG)
-         and content_type and !asd.get_tp_payload_app_id() and !payload.get_id())
+         and content_type and !asd.get_tp_payload_app_id() and payload.get_id() <= APP_ID_NONE)
     {
         AppId payload_id = http_matchers.get_appid_by_content_type(content_type->c_str(),
             content_type->size());
@@ -714,7 +715,8 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction,
         }
     }
     if (payload.get_id() <=APP_ID_NONE and is_payload_processed and
-        asd.service.get_id()== APP_ID_HTTP2)
+        (asd.service.get_id()== APP_ID_HTTP2 or (asd.service.get_id()== APP_ID_HTTP and
+        asd.is_tp_appid_available())))
         set_payload(APP_ID_UNKNOWN, change_bits);
 
     asd.clear_http_flags();
diff --git a/src/network_inspectors/appid/test/appid_http_session_test.cc b/src/network_inspectors/appid/test/appid_http_session_test.cc
index 3cf94db5d..3ee5faa0b 100644
--- a/src/network_inspectors/appid/test/appid_http_session_test.cc
+++ b/src/network_inspectors/appid/test/appid_http_session_test.cc
@@ -133,6 +133,11 @@ bool AppIdSession::is_payload_appid_set() const
     return true;
 }
 
+bool AppIdSession::is_tp_appid_available() const
+{
+    return true;
+}
+
 // AppIdDebug mock functions
 void AppIdDebug::activate(const uint32_t*, const uint32_t*, uint16_t,
     uint16_t, IpProtocol, const int, uint16_t, const AppIdSession*, bool)