Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Sanity-check the method passed into ActiveHTTP.

Browse source 
Reported by Pierre Gaulon.
This commit is contained in:
Robin Sommer 2021-09-17 12:23:33 +02:00
parent ce143d78b0
commit 47c35190a4
3 changed files with 18 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

18
scripts/base/utils/active-http.zeek
View file

@ -78,6 +78,19 @@ function request2curl(r: Request, bodyfile: string, headersfile: string): string
function request(req: Request): ActiveHTTP::Response function request(req: Request): ActiveHTTP::Response
{ {
local resp: Response;
resp$code = 0;
resp$msg = "";
resp$body = "";
resp$headers = table();
# Sanity-check the method parameter as it will go directly into our command line.
if ( req$method != /[A-Za-z]+/ )
{
Reporter::error(fmt("There was an illegal method specified with ActiveHTTP (\"%s\").", req$method));
return resp;
}
local tmpfile = "/tmp/zeek-activehttp-" + unique_id(""); local tmpfile = "/tmp/zeek-activehttp-" + unique_id("");
local bodyfile = fmt("%s_body", tmpfile); local bodyfile = fmt("%s_body", tmpfile);
local headersfile = fmt("%s_headers", tmpfile); local headersfile = fmt("%s_headers", tmpfile);
@ -85,11 +98,6 @@ function request(req: Request): ActiveHTTP::Response
local cmd = request2curl(req, bodyfile, headersfile); local cmd = request2curl(req, bodyfile, headersfile);
local stdin_data = req?$client_data ? req$client_data : ""; local stdin_data = req?$client_data ? req$client_data : "";
local resp: Response;
resp$code = 0;
resp$msg = "";
resp$body = "";
resp$headers = table();
return when ( local result = Exec::run([$cmd=cmd, $stdin=stdin_data, $read_files=set(bodyfile, headersfile)]) ) return when ( local result = Exec::run([$cmd=cmd, $stdin=stdin_data, $read_files=set(bodyfile, headersfile)]) )
{ {
# If there is no response line then nothing else will work either. # If there is no response line then nothing else will work either.

3
testing/btest/Baseline/scripts.base.utils.active-http/output
View file

@ -1,4 +1,5 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[Content-type] = text/plain [Content-type] = text/plain
[Content-type] = text/plain [Content-type] = text/plain
[Date] = July 22, 2013, [Date] = July 22, 2013,
@ -7,5 +8,7 @@
[Server] = 1.0, [Server] = 1.0,
test1, [code=200, msg=OK\x0d, body=It works!, headers={ test1, [code=200, msg=OK\x0d, body=It works!, headers={
test2, [code=200, msg=OK\x0d, body=, headers={ test2, [code=200, msg=OK\x0d, body=, headers={
test3, [code=0, msg=, body=, headers={
}]
}] }]
}] }]

3
testing/btest/scripts/base/utils/active-http.test
View file

@ -17,7 +17,7 @@ function check_exit_condition()
{ {
c += 1; c += 1;
if ( c == 2 ) if ( c == 3 )
terminate(); terminate();
} }
@ -39,4 +39,5 @@ event zeek_init()
{ {
test_request("test1", [$url="127.0.0.1:32123"]); test_request("test1", [$url="127.0.0.1:32123"]);
test_request("test2", [$url="127.0.0.1:32123/empty", $method="POST"]); test_request("test2", [$url="127.0.0.1:32123/empty", $method="POST"]);
test_request("test3", [$url="127.0.0.1:32123", $method="POST 123"]); # will be rejected and not execute request
} }