"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/service_inspectors/http_inspect/http_cutter.h" between
snort3-3.1.28.0.tar.gz and snort3-3.1.29.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

http_cutter.h  (snort3-3.1.28.0)	:	http_cutter.h  (snort3-3.1.29.0)
skipping to change at line 26		skipping to change at line 26
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.		// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
// http_cutter.h author Tom Peters <thopeter@cisco.com>		// http_cutter.h author Tom Peters <thopeter@cisco.com>
#ifndef HTTP_CUTTER_H		#ifndef HTTP_CUTTER_H
#define HTTP_CUTTER_H		#define HTTP_CUTTER_H
#include <cassert>		#include <cassert>
#include <zlib.h>		#include <zlib.h>
		#include "http_common.h"
#include "http_enum.h"		#include "http_enum.h"
#include "http_event.h"		#include "http_event.h"
#include "http_module.h"		#include "http_module.h"
class HttpFlowData;		class HttpFlowData;
//-------------------------------------------------------------------------		//-------------------------------------------------------------------------
// HttpCutter class and subclasses		// HttpCutter class and subclasses
//-------------------------------------------------------------------------		//-------------------------------------------------------------------------
class HttpCutter		class HttpCutter
{		{
public:		public:
virtual ~HttpCutter() = default;		virtual ~HttpCutter() = default;
virtual HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length,		virtual HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length,
HttpInfractions* infractions, HttpEventGen* events, uint32_t flow_target , bool stretch,		HttpInfractions* infractions, HttpEventGen* events, uint32_t flow_target , bool stretch,
HttpEnums::H2BodyState state) = 0;		HttpCommon::H2BodyState state) = 0;
uint32_t get_num_flush() const { return num_flush; }		uint32_t get_num_flush() const { return num_flush; }
uint32_t get_octets_seen() const { return octets_seen; }		uint32_t get_octets_seen() const { return octets_seen; }
uint32_t get_num_excess() const { return num_crlf; }		uint32_t get_num_excess() const { return num_crlf; }
virtual uint32_t get_num_head_lines() const { return 0; }		virtual uint32_t get_num_head_lines() const { return 0; }
virtual bool get_is_broken_chunk() const { return false; }		virtual bool get_is_broken_chunk() const { return false; }
virtual uint32_t get_num_good_chunks() const { return 0; }		virtual uint32_t get_num_good_chunks() const { return 0; }
virtual void soft_reset() {}		virtual void soft_reset() {}
protected:		protected:
// number of octets processed by previous cut() calls that returned NOT_FOUN D		// number of octets processed by previous cut() calls that returned NOT_FOUN D
uint32_t octets_seen = 0;		uint32_t octets_seen = 0;
uint32_t num_crlf = 0;		uint32_t num_crlf = 0;
uint32_t num_flush = 0;		uint32_t num_flush = 0;
};		};
class HttpStartCutter : public HttpCutter		class HttpStartCutter : public HttpCutter
{		{
public:		public:
HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length,		HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length,
HttpInfractions* infractions, HttpEventGen* events, uint32_t, bool, Http Enums::H2BodyState)		HttpInfractions* infractions, HttpEventGen* events, uint32_t, bool, Http Common::H2BodyState)
override;		override;
protected:		protected:
enum ValidationResult { V_GOOD, V_BAD, V_TBD };		enum ValidationResult { V_GOOD, V_BAD, V_TBD };
private:		private:
static const int MAX_LEADING_WHITESPACE = 20;		static const int MAX_LEADING_WHITESPACE = 20;
virtual ValidationResult validate(uint8_t octet, HttpInfractions*, HttpEvent Gen*) = 0;		virtual ValidationResult validate(uint8_t octet, HttpInfractions*, HttpEvent Gen*) = 0;
bool validated = false;		bool validated = false;
};		};
skipping to change at line 93		skipping to change at line 94
{		{
private:		private:
uint32_t octets_checked = 0;		uint32_t octets_checked = 0;
ValidationResult validate(uint8_t octet, HttpInfractions*, HttpEventGen*) ov erride;		ValidationResult validate(uint8_t octet, HttpInfractions*, HttpEventGen*) ov erride;
};		};
class HttpHeaderCutter : public HttpCutter		class HttpHeaderCutter : public HttpCutter
{		{
public:		public:
HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length,		HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length,
HttpInfractions* infractions, HttpEventGen* events, uint32_t, bool, Http Enums::H2BodyState)		HttpInfractions* infractions, HttpEventGen* events, uint32_t, bool, Http Common::H2BodyState)
override;		override;
uint32_t get_num_head_lines() const override { return num_head_lines; }		uint32_t get_num_head_lines() const override { return num_head_lines; }
private:		private:
enum LineEndState { ZERO, HALF, ONE, THREEHALF };		enum LineEndState { ZERO, HALF, ONE, THREEHALF };
LineEndState state = ONE;		LineEndState state = ONE;
int32_t num_head_lines = 0;		int32_t num_head_lines = 0;
};		};
class HttpBodyCutter : public HttpCutter		class HttpBodyCutter : public HttpCutter
skipping to change at line 140		skipping to change at line 141
{		{
public:		public:
HttpBodyClCutter(int64_t expected_length,		HttpBodyClCutter(int64_t expected_length,
bool accelerated_blocking,		bool accelerated_blocking,
ScriptFinder* finder,		ScriptFinder* finder,
HttpEnums::CompressId compression) :		HttpEnums::CompressId compression) :
HttpBodyCutter(accelerated_blocking, finder, compression),		HttpBodyCutter(accelerated_blocking, finder, compression),
remaining(expected_length)		remaining(expected_length)
{ assert(remaining > 0); }		{ assert(remaining > 0); }
HttpEnums::ScanResult cut(const uint8_t*, uint32_t length, HttpInfractions*, HttpEventGen*,		HttpEnums::ScanResult cut(const uint8_t*, uint32_t length, HttpInfractions*, HttpEventGen*,
uint32_t flow_target, bool stretch, HttpEnums::H2BodyState) override;		uint32_t flow_target, bool stretch, HttpCommon::H2BodyState) override;
private:		private:
int64_t remaining;		int64_t remaining;
};		};
class HttpBodyOldCutter : public HttpBodyCutter		class HttpBodyOldCutter : public HttpBodyCutter
{		{
public:		public:
HttpBodyOldCutter(bool accelerated_blocking, ScriptFinder* finder,		HttpBodyOldCutter(bool accelerated_blocking, ScriptFinder* finder,
HttpEnums::CompressId compression) :		HttpEnums::CompressId compression) :
HttpBodyCutter(accelerated_blocking, finder, compression)		HttpBodyCutter(accelerated_blocking, finder, compression)
{}		{}
HttpEnums::ScanResult cut(const uint8_t*, uint32_t, HttpInfractions*, HttpEv entGen*,		HttpEnums::ScanResult cut(const uint8_t*, uint32_t, HttpInfractions*, HttpEv entGen*,
uint32_t flow_target, bool stretch, HttpEnums::H2BodyState) override;		uint32_t flow_target, bool stretch, HttpCommon::H2BodyState) override;
};		};
class HttpBodyChunkCutter : public HttpBodyCutter		class HttpBodyChunkCutter : public HttpBodyCutter
{		{
public:		public:
HttpBodyChunkCutter(int64_t maximum_chunk_length_, bool accelerated_blocking ,		HttpBodyChunkCutter(int64_t maximum_chunk_length_, bool accelerated_blocking ,
ScriptFinder* finder, HttpEnums::CompressId compression) :		ScriptFinder* finder, HttpEnums::CompressId compression) :
HttpBodyCutter(accelerated_blocking, finder, compression),		HttpBodyCutter(accelerated_blocking, finder, compression),
maximum_chunk_length(maximum_chunk_length_)		maximum_chunk_length(maximum_chunk_length_)
{}		{}
HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length,		HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length,
HttpInfractions* infractions, HttpEventGen* events, uint32_t flow_target , bool stretch,		HttpInfractions* infractions, HttpEventGen* events, uint32_t flow_target , bool stretch,
HttpEnums::H2BodyState) override;		HttpCommon::H2BodyState) override;
bool get_is_broken_chunk() const override { return curr_state == HttpEnums:: CHUNK_BAD; }		bool get_is_broken_chunk() const override { return curr_state == HttpEnums:: CHUNK_BAD; }
uint32_t get_num_good_chunks() const override { return num_good_chunks; }		uint32_t get_num_good_chunks() const override { return num_good_chunks; }
void soft_reset() override { num_good_chunks = 0; HttpBodyCutter::soft_reset (); }		void soft_reset() override { num_good_chunks = 0; HttpBodyCutter::soft_reset (); }
private:		private:
void transition_to_chunk_bad(bool& accelerate_this_packet);		void transition_to_chunk_bad(bool& accelerate_this_packet);
const int64_t maximum_chunk_length;		const int64_t maximum_chunk_length;
uint32_t data_seen = 0;		uint32_t data_seen = 0;
skipping to change at line 196		skipping to change at line 197
class HttpBodyH2Cutter : public HttpBodyCutter		class HttpBodyH2Cutter : public HttpBodyCutter
{		{
public:		public:
HttpBodyH2Cutter(int64_t expected_length, bool accelerated_blocking, ScriptF inder* finder,		HttpBodyH2Cutter(int64_t expected_length, bool accelerated_blocking, ScriptF inder* finder,
HttpEnums::CompressId compression) :		HttpEnums::CompressId compression) :
HttpBodyCutter(accelerated_blocking, finder, compression),		HttpBodyCutter(accelerated_blocking, finder, compression),
expected_body_length(expected_length)		expected_body_length(expected_length)
{}		{}
HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length, HttpInfrac tions*,		HttpEnums::ScanResult cut(const uint8_t* buffer, uint32_t length, HttpInfrac tions*,
HttpEventGen*, uint32_t flow_target, bool stretch, HttpEnums::H2BodyStat e state) override;		HttpEventGen*, uint32_t flow_target, bool stretch, HttpCommon::H2BodySta te state) override;
private:		private:
int64_t expected_body_length;		int64_t expected_body_length;
uint32_t total_octets_scanned = 0;		uint32_t total_octets_scanned = 0;
};		};
#endif		#endif
End of changes. 8 change blocks.
7 lines changed or deleted		8 lines changed or added

---