Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-12 19:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'Fix_http_build_url' of ssh://github.com/Olerdrive/zeek

Browse source 
I changed the format string of the port to %d and added a test.
This commit is contained in:
Robin Sommer 2019-10-28 09:17:15 +00:00
commit 9d7c9f37d4
5 changed files with 42 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
CHANGES
View file

@ -1,4 +1,12 @@
3.1.0-dev.209 | 2019-10-28 09:17:15 +0000
* Fix HTTP::build_url. (Alexey Mokeev)
* Free memory allocated by glob() in plugin manager. (Arne Welzel)
* Remove always-false condition in plugin manager. (Arne Welzel)
3.1.0-dev.203 | 2019-10-25 10:41:10 -0700 3.1.0-dev.203 | 2019-10-25 10:41:10 -0700
* Change usage of old bro:see directive to zeek:see (Jon Siwek, Corelight) * Change usage of old bro:see directive to zeek:see (Jon Siwek, Corelight)

2
VERSION
View file

@ -1 +1 @@
3.1.0-dev.203 3.1.0-dev.209

8
scripts/base/protocols/http/utils.zeek
View file

@ -55,9 +55,13 @@ function extract_keys(data: string, kv_splitter: pattern): string_vec
function build_url(rec: Info): string function build_url(rec: Info): string
{ {
local uri = rec?$uri ? rec$uri : "/<missed_request>"; local uri = rec?$uri ? rec$uri : "/<missed_request>";
if ( strstr(uri, "://") != 0 )
return uri;
local host = rec?$host ? rec$host : addr_to_uri(rec$id$resp_h); local host = rec?$host ? rec$host : addr_to_uri(rec$id$resp_h);
if ( rec$id$resp_p != 80/tcp ) local resp_p = port_to_count(rec$id$resp_p);
host = fmt("%s:%s", host, rec$id$resp_p); if ( resp_p != 80 )
host = fmt("%s:%d", host, resp_p);
return fmt("%s%s", host, uri); return fmt("%s%s", host, uri);
} }

4
testing/btest/Baseline/scripts.base.protocols.http.build-url/output Normal file
View file

@ -0,0 +1,4 @@
Have: 192.150.187.43/download/CHANGES.bro-aux.txt Expected: 192.150.187.43/download/CHANGES.bro-aux.txt -> SUCCESS
Have: 192.150.187.43:123/download/CHANGES.bro-aux.txt Expected: 192.150.187.43:123/download/CHANGES.bro-aux.txt -> SUCCESS
Have: 192.150.187.43:123/ Expected: 192.150.187.43:123/ -> SUCCESS
Have: http://proxied.host/some/document Expected: http://proxied.host/some/document -> SUCCESS

23
testing/btest/scripts/base/protocols/http/build-url.zeek Normal file
View file

@ -0,0 +1,23 @@
# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT >output
# @TEST-EXEC: btest-diff output
function test(rec: HTTP::Info, expect: string)
{
local result = HTTP::build_url(rec);
print fmt("Have: %s Expected: %s -> %s", result, expect, (result == expect ? "SUCCESS" : "FAIL"));
}
event http_request(c: connection, method: string, original_URI: string, unescaped_URI: string, version: string) &priority=5
{
test(c$http, "192.150.187.43/download/CHANGES.bro-aux.txt");
# We fake some request instances for testing.
c$http$id$resp_p = 123/tcp;
test(c$http, "192.150.187.43:123/download/CHANGES.bro-aux.txt");
c$http$uri = "/";
test(c$http, "192.150.187.43:123/");
c$http$uri = "http://proxied.host/some/document";
test(c$http, "http://proxied.host/some/document");
}