header_start = http_event->get_referer(header_length);
hsession->set_field(REQ_REFERER_FID, header_start, header_length, change_bits);
hsession->set_is_webdav(http_event->contains_webdav_method());
-
- // FIXIT-M: Should we get request body (may be expensive to copy)?
- // It is not currently set in callback in 2.9.x, only via
- // third-party.
}
else // Response headers.
{
if ( ret < sizeof(tmpstr) )
hsession->set_field(MISC_RESP_CODE_FID, (const uint8_t*)tmpstr, ret, change_bits);
}
-
- // FIXIT-M: Get Location header data.
- // FIXIT-M: Should we get response body (may be expensive to copy)?
- // It is not currently set in callback in 2.9.x, only via
- // third-party.
}
header_start = http_event->get_x_working_with(header_length);
{
if (str and len)
{
+ if (len > HTTP_FIELD_LEN_LIMIT)
+ len = HTTP_FIELD_LEN_LIMIT;
+
delete meta_data[id];
meta_data[id] = new std::string((const char*)str, len);
set_http_change_bits(change_bits, id);
}
if (!meta_data[id])
- meta_data[id] = new std::string((const char*)str, len);
- else
+ meta_data[id] = new std::string((const char*)str,
+ len > HTTP_FIELD_LEN_LIMIT ? HTTP_FIELD_LEN_LIMIT : len);
+ else if (meta_data[id]->size() < HTTP_FIELD_LEN_LIMIT)
{
- std::string* req_body = new std::string(*meta_data[id]);
- delete meta_data[id];
- req_body->append((const char*)str, len);
- meta_data[id] = req_body;
+ size_t remaining = HTTP_FIELD_LEN_LIMIT - meta_data[id]->size();
+ const_cast<std::string*>(meta_data[id])->append((const char*)str,
+ (size_t)len > remaining ? remaining : len);
}
set_http_change_bits(change_bits, id);
set_scan_flags(id);
void AppIdHttpSession::print_field(HttpFieldIds id, const std::string* field)
{
- string field_name;
+ const char* proto;
+ const char* field_name;
+
+ if (!appid_trace_enabled and !(appidDebug and appidDebug->is_active()))
+ return;
if (asd.get_session_flags(APPID_SESSION_SPDY_SESSION))
- field_name = "SPDY ";
+ proto = "SPDY";
else if (asd.get_session_flags(APPID_SESSION_HTTP_SESSION))
- field_name = "HTTP ";
+ proto = "HTTP";
else
// This could be RTMP session; not printing RTMP fields for now
return;
switch (id)
{
case REQ_AGENT_FID:
- field_name += "user agent";
+ field_name = "user agent";
break;
case REQ_HOST_FID:
- field_name += "host";
+ field_name = "host";
break;
case REQ_REFERER_FID:
- field_name += "referer";
+ field_name = "referer";
break;
case REQ_URI_FID:
- field_name += "URI";
+ field_name = "URI";
break;
case REQ_COOKIE_FID:
- field_name += "cookie";
+ field_name = "cookie";
break;
case REQ_BODY_FID:
- field_name += "request body";
+ field_name = "request body";
break;
case RSP_CONTENT_TYPE_FID:
- field_name += "content type";
+ field_name = "content type";
break;
case RSP_LOCATION_FID:
- field_name += "location";
+ field_name = "location";
break;
case MISC_VIA_FID:
- field_name += "via";
+ field_name = "via";
break;
case MISC_RESP_CODE_FID:
- field_name += "response code";
+ field_name = "response code";
break;
case MISC_SERVER_FID:
- field_name += "server";
+ field_name = "server";
break;
case MISC_XWW_FID:
- field_name += "x-working-with";
+ field_name = "x-working-with";
break;
// don't print these fields
}
if (httpx_stream_id >= 0)
- APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "stream %" PRId64 ": %s is %s\n",
- httpx_stream_id, field_name.c_str(), field->c_str());
- else
- APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "%s is %s\n", field_name.c_str(), field->c_str());
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "stream %" PRId64 ": %s %s is %s\n",
+ httpx_stream_id, proto, field_name, field->c_str());
+ else
+ APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "%s %s is %s\n", proto, field_name, field->c_str());
}
#include "appid_types.h"
#include "application_ids.h"
+#define HTTP_FIELD_LEN_LIMIT 2048
+
class AppIdSession;
class ChpMatchDescriptor;
class HttpPatternMatchers;
AppIdSession& asd;
- // FIXIT-M the meta data buffers in this array are only set from
- // third party (tp_appid_utils.cc) and from http inspect
- // (appid_http_event_handler.cc). The set_field functions should
- // only be accessible to those functions/classes, but the process
- // functions in tp_appid_utils.cc are static. Thus the public
- // set_field() functions in AppIdHttpSession. We do need set functions
- // for this array, as old pointers need to be deleted upon set().
const std::string* meta_data[NUM_METADATA_FIELDS] = { };
bool is_webdav = false;
projects / thirdparty / snort3.git / commitdiff
