BIT-1926: add unit tests for misc. HTTP patches

2025-10-12 03:28:19 +00:00 · 2018-05-08 15:12:12 -05:00 · 2018-05-08 15:12:12 -05:00 · 1f777b57b8
commit 1f777b57b8
parent e5d5cf9ff1
12 changed files with 63 additions and 1 deletions
--- a/15
+++ b/15
@ -1,4 +1,19 @@

+2.5-565 | 2018-05-08 15:29:53 -0500
+
+  * BIT-1926: add unit tests for misc. HTTP patches (Corelight)
+
+  * Fix case insensitive HTTP/MIME header name comparisons
+    (Jeffrey Bencteux)
+
+  * Don't use chunked mode Transfer-Encoding with HTTP/1.0 (Jeffrey Bencteux)
+
+  * Fix handling of HTTP body length when Content-Range length differs
+    from Content-Length. (Jeffrey Bencteux)
+
+  * Decode 'x-gzip' HTTP Content-Encoding the same as 'gzip'
+    (Jeffrey Bencteux)
+
 2.5-559 | 2018-05-08 11:23:28 -0700

  * Add test for dump_current_packet bif. (Johanna Amann)
--- a/2
+++ b/2
@ -1 +1 @@
-2.5-559
+2.5-565
--- a/testing/btest/Baseline/scripts.base.protocols.http.content-range-less-than-len/http.log
+++ b/testing/btest/Baseline/scripts.base.protocols.http.content-range-less-than-len/http.log
@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	http
+#open	2018-05-08-20-04-16
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	version	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	tags	username	password	proxied	orig_fuids	orig_filenames	orig_mime_types	resp_fuids	resp_filenames	resp_mime_types
+#types	time	string	addr	port	addr	port	count	string	string	string	string	string	string	count	count	count	string	count	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]
+1523627611.747988	CHhAvVGS1DHFjwGM9	127.0.0.1	58128	127.0.0.1	80	1	GET	localhost	/	-	1.1	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0	0	33	206	ok	-	-	(empty)	-	-	-	-	-	-	FE5OS23mJkGTBhF8ig	-	text/plain
+#close	2018-05-08-20-04-17
--- a/testing/btest/Baseline/scripts.base.protocols.http.content-range-less-than-len/weird.log
+++ b/testing/btest/Baseline/scripts.base.protocols.http.content-range-less-than-len/weird.log
@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#open	2018-05-08-20-04-16
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1523627611.748118	CHhAvVGS1DHFjwGM9	127.0.0.1	58128	127.0.0.1	80	HTTP_range_not_matching_len	-	F	bro
+#close	2018-05-08-20-04-17
--- a/testing/btest/Baseline/scripts.base.protocols.http.fake-content-length/http.log
+++ b/testing/btest/Baseline/scripts.base.protocols.http.fake-content-length/http.log
@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	http
+#open	2018-05-08-20-10-35
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	version	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	tags	username	password	proxied	orig_fuids	orig_filenames	orig_mime_types	resp_fuids	resp_filenames	resp_mime_types
+#types	time	string	addr	port	addr	port	count	string	string	string	string	string	string	count	count	count	string	count	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]
+1523631796.315381	CHhAvVGS1DHFjwGM9	127.0.0.1	58176	127.0.0.1	80	1	GET	localhost	/	-	1.1	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0	0	14	200	ok	-	-	(empty)	-	-	-	-	-	-	FCcRXl1oyxVr6ipJA8	-	text/plain
+#close	2018-05-08-20-10-35
--- a/testing/btest/Baseline/scripts.base.protocols.http.x-gzip/http.log
+++ b/testing/btest/Baseline/scripts.base.protocols.http.x-gzip/http.log
@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	http
+#open	2018-05-08-19-59-11
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	version	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	tags	username	password	proxied	orig_fuids	orig_filenames	orig_mime_types	resp_fuids	resp_filenames	resp_mime_types
+#types	time	string	addr	port	addr	port	count	string	string	string	string	string	string	count	count	count	string	count	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]
+1473086764.095192	CHhAvVGS1DHFjwGM9	127.0.0.1	54890	127.0.0.1	80	1	GET	localhost	/	-	1.1	Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.6.0	0	19	200	ok	-	-	(empty)	-	-	-	-	-	-	FLWf9w4QphGhQ5XQRa	-	text/plain
+#close	2018-05-08-19-59-11
--- a/testing/btest/Traces/http/content-range-less-than-len.pcap
+++ b/testing/btest/Traces/http/content-range-less-than-len.pcap
--- a/testing/btest/Traces/http/fake-content-length.pcap
+++ b/testing/btest/Traces/http/fake-content-length.pcap
--- a/testing/btest/Traces/http/x-gzip.pcap
+++ b/testing/btest/Traces/http/x-gzip.pcap
--- a/testing/btest/scripts/base/protocols/http/content-range-less-than-len.bro
+++ b/testing/btest/scripts/base/protocols/http/content-range-less-than-len.bro
@ -0,0 +1,3 @@
+# @TEST-EXEC: bro -r $TRACES/http/content-range-less-than-len.pcap
+# @TEST-EXEC: btest-diff http.log
+# @TEST-EXEC: btest-diff weird.log
--- a/testing/btest/scripts/base/protocols/http/fake-content-length.bro
+++ b/testing/btest/scripts/base/protocols/http/fake-content-length.bro
@ -0,0 +1,2 @@
+# @TEST-EXEC: bro -r $TRACES/http/fake-content-length.pcap
+# @TEST-EXEC: btest-diff http.log
--- a/testing/btest/scripts/base/protocols/http/x-gzip.bro
+++ b/testing/btest/scripts/base/protocols/http/x-gzip.bro
@ -0,0 +1,2 @@
+# @TEST-EXEC: bro -r $TRACES/http/x-gzip.pcap
+# @TEST-EXEC: btest-diff http.log
 @ -1 +1 @@
 .5-559
 .5-565