Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing/btest/Traces/http
History
Arne Welzel b57a854633 MIME: Cap nested MIME analysis depth to 100 
OSS-Fuzz managed to produce a MIME multipart message construction with
thousands of nested entities (or that's what Zeek makes out of it anyhow).
Prevent such deep analysis by capping at a nesting depth of 100,
preventing unnecessary resource usage. A new weird named exceeded_mime_max_depth
is reported when this limit is reached.

This change reduces the runtime of the OSS-Fuzz reproducer from ~45 seconds
to ~2.5 seconds.

The test PCAP was produced from a Python script using the email package
and sending the rendered version via POST to a HTTP server.

(cherry picked from commit 997c017df937ea47d999d9724e247c3d0e38e509)
2024-01-19 08:22:50 -07:00
..
100-continue.trace FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
206_example_a.pcap FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
206_example_b.pcap FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
206_example_c.pcap FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
1000-requests-one-dropped-response.pcap.gz http: Prevent request/response de-synchronization and unbounded state growth 2023-08-28 15:02:58 +02:00
basic-auth-with-extra-space.trace Merge branch 'master' of https://github.com/progmboy/zeek 2023-06-27 18:21:34 +02:00
bro.org-filtered.pcap Add script to detect filtered TCP traces, addresses BIT-1119. 2014-01-31 17:04:58 -06:00
bro.org.pcap Add unit tests for new Bro Manual docs. 2014-01-21 16:01:55 -06:00
byteranges.trace FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
concurrent-range-requests-complete.pcap frameworks/notice: Handle fa_file with no or more than a single connection better 2022-12-06 11:17:30 +01:00
concurrent-range-requests.pcap files.log: Unroll and introduce uid and id fields 2022-08-16 17:22:20 +02:00
connect-with-header.trace Fix support for HTTP connect when server adds headers to response. 2015-10-23 13:10:33 -07:00
connect-with-smtp.trace HTTP CONNECT proxy support. 2014-02-12 22:38:59 -05:00
content-range-gap-skip.trace Fix incorrect data delivery skips after gap in HTTP Content-Range. 2014-09-11 14:53:47 -05:00
content-range-gap.trace Fix file analysis placement of data after gap in HTTP Content-Range. 2014-09-11 12:25:43 -05:00
content-range-less-than-len.pcap BIT-1926: add unit tests for misc. HTTP patches 2018-05-08 15:39:27 -05:00
curl_http_09.pcap http: Heuristic around rejecting malformed HTTP/0.9 traffic 2022-11-18 18:19:58 +01:00
deeply-nested-mime.pcap MIME: Cap nested MIME analysis depth to 100 2024-01-19 08:22:50 -07:00
entity_gap.trace Raise http_entity_data in line with data arrival. 2014-09-10 13:20:47 -05:00
entity_gap2.trace Fix issue w/ TCP reassembler not delivering some segments. 2014-09-11 10:47:56 -05:00
fake-content-length.pcap BIT-1926: add unit tests for misc. HTTP patches 2018-05-08 15:39:27 -05:00
flash-version.trace Adding tests for Flash version parsing and plugin detection. 2015-07-30 07:23:14 -07:00
get-gzip.trace FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
get.trace FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
get_nosyn.trace Initial implementation of Lower-Level analyzers 2020-09-23 11:13:25 -07:00
http-09-content-length-confusion.pcap HTTP: Reset reply_message for HTTP/0.9 2023-03-13 14:13:50 +01:00
http-11-request-then-cruft.pcap testing/http: http-11-request-then-cruft 2023-01-26 19:59:39 +01:00
http-bad-content-range-01.pcap HTTP: Make Content-Range parsing more robust 2023-03-13 18:00:39 +01:00
http-bad-request-with-version.trace updated weird message and tests 2016-03-04 18:03:24 -05:00
http-body-match.pcap Merge branch 'topic/xb-anssi/http_signature_body_end_match' of https://github.com/xb-anssi/zeek 2024-01-12 12:49:23 -07:00
http-desync-request-response-5.pcap http: Prevent request/response de-synchronization and unbounded state growth 2023-08-28 15:02:58 +02:00
http-filename.pcap Additional test specifically for the HTTP filename handling. 2016-06-15 01:56:07 -04:00
http-large-gap.pcap Add extract_limit_includes_missing option for file extraction 2023-09-14 12:11:42 -07:00
http-post-large.pcap Add speculative service script. 2019-08-29 11:47:04 +02:00
http_09.pcap http: Heuristic around rejecting malformed HTTP/0.9 traffic 2022-11-18 18:19:58 +01:00
http_large_req_8001.pcap Change HTTP's DPD signatures so that each side can trigger the analyzer on its own. 2020-09-08 07:33:36 +00:00
interleaved-http-entity.pcap http: Prevent script errors when http$current_entity is not set 2022-09-26 10:18:24 +02:00
methods.trace FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
missing-zlib-header.pcap Fixes an issue with missing zlib headers on deflated HTTP content. 2015-05-18 14:30:32 -04:00
multipart-form-data.pcap GH-1100: Fix reported body-length of HTTP messages w/ sub-entities 2020-08-04 14:21:03 -07:00
multipart.trace Fix HTTP multipart body file analysis. 2013-05-21 15:35:22 -05:00
no-uri.pcap GH-977: Improve pcap error handling 2020-06-08 18:11:58 -07:00
no-version.pcap Tweaking how HTTP requests without URIs are handled. 2016-01-15 12:59:11 -08:00
no_crlf.pcap Fix HTTP evasion 2021-07-23 09:28:29 +02:00
percent-end-of-line.pcap Better handling of % at end of line. 2017-07-27 22:04:47 -07:00
pipelined-requests.trace FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
post.trace FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
proxy.pcap Add unit tests for new Bro Manual docs. 2014-01-21 16:01:55 -06:00
putty-upload.pcap intel/seen/file-names: Use file_over_new_connection() 2023-01-10 10:10:28 +01:00
version-mismatch.pcap testing/http: Add pcap extracted from m5-long external test-suite 2023-01-26 19:59:39 +01:00
websocket.pcap HTTP: Recognize and skip upgrade/websocket connections. 2017-08-04 07:04:28 -07:00
x-gzip.pcap BIT-1926: add unit tests for misc. HTTP patches 2018-05-08 15:39:27 -05:00
zero-length-bodies-with-drops.pcap Fix an issue with packet loss in http file reporting. 2015-04-08 13:39:42 -04:00