zeek/testing/btest/scripts/base/protocols/http/http-no-crlf.zeek at f2d54db694d4d2eec23026183c47c1e168fb278c - Mirror/zeek - git.uphillsecurity.com: We code.

Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00

Arne Welzel 38e226bf75 http: Prevent script errors when http$current_entity is not set

The current_entity tracking in HTTP assumes that client/server never
send HTTP entities at the same time. The attached pcap (generated
artificially) violates this and triggers:

    1663698249.307259 expression error in <...>base/protocols/http/./entities.zeek, line 89: field value missing (HTTP::c$http$current_entity)

For the http-no-crlf test, include weird.log as baseline. Now that weird is
@load'ed from http, it is actually created and seems to make sense
to btest-diff it, too.

2022-09-26 10:18:24 +02:00

9 lines

295 B

Text

Raw Blame History

 # This tests that the HTTP analyzer handles HTTP with no CRLF at end correctly.
 # @TEST-EXEC: zeek -b -r $TRACES/http/no_crlf.pcap %INPUT
 # @TEST-EXEC: btest-diff conn.log
 # @TEST-EXEC: btest-diff http.log
 # @TEST-EXEC: btest-diff weird.log
 @load base/protocols/conn
 @load base/protocols/http