Changed behavior of var-extraction-uri.zeek from policy/protocol/http to extract only the URI parameter names. Do not include the path in the first parameter name. Only extract uri vars if parameters actually exist.

VERSION

@@ -1 +1 @@
-8.1.0-dev.50
+8.1.0-dev.51

scripts/policy/protocols/http/var-extraction-uri.zeek

@@ -13,5 +13,9 @@ redef record Info += {
 event http_request(c: connection, method: string, original_URI: string,
                    unescaped_URI: string, version: string) &priority=2
 	{
-	c$http$uri_vars = extract_keys(original_URI, /&/);
+	local param_parts = split_string1(original_URI, /\?/);
+	if ( |param_parts| > 1 )
+		{
+		c$http$uri_vars = extract_keys(param_parts[1], /&/);
+		}
 	}

testing/btest/Baseline/scripts.policy.protocols.http.var-extraction-uri/http-reduced.log

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+/response-headers?Content-Type=application/octet-stream; charset=UTF-8&Content-Disposition=attachment; filename="test.json"	Content-Type,Content-Disposition

testing/btest/scripts/policy/protocols/http/var-extraction-uri.zeek

@@ -0,0 +1,5 @@
+# @TEST-EXEC: zeek -r ${TRACES}/http/http-filename.pcap %INPUT
+# @TEST-EXEC: zeek-cut uri uri_vars <http.log > http-reduced.log
+# @TEST-EXEC: btest-diff http-reduced.log
+
+@load policy/protocols/http/var-extraction-uri

testing/external/commit-hash.zeek-testing

@@ -1 +1 @@
-6dafc6fd68d9821f33b7f8f4d7d4d877b5827ae3
+4b4c64d059f8ca4903637f0e00aabb819f3ba5e9

testing/external/commit-hash.zeek-testing-private

@@ -1 +1 @@
-1edbd3ae959471e8573c9edc0374235727970710
+7eaae517ec96a5218d35a4800bec9df1079b6de6