is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.
| http_tables.cc (snort3-3.1.28.0) | : | http_tables.cc (snort3-3.1.29.0) |
|---|
| | |
| skipping to change at line 205 | | skipping to change at line 205 |
|---|
| const StrCode HttpMsgHeadShared::transfer_encoding_list[] = | | const StrCode HttpMsgHeadShared::transfer_encoding_list[] = |
| { | | { |
| { TE_CHUNKED, "chunked" }, | | { TE_CHUNKED, "chunked" }, |
| { TE_IDENTITY, "identity" }, | | { TE_IDENTITY, "identity" }, |
| { 0, nullptr } | | { 0, nullptr } |
| }; | | }; |
| | |
| const RuleMap HttpModule::http_events[] = | | const RuleMap HttpModule::http_events[] = |
| { | | { |
| { EVENT_ASCII, "URI has percent-encoding of an unreserv
ed character" }, | | { EVENT_ASCII, "URI has percent-encoding of an unreserv
ed character" }, |
|
| { EVENT_DOUBLE_DECODE, "URI is percent encoded and the result i | | { EVENT_DOUBLE_DECODE, "URI contains double-encoded hexadecimal |
| s percent encoded " | | characters" }, |
| "again" }, | | |
| { EVENT_U_ENCODE, "URI has non-standard %u-style Unicode e
ncoding" }, | | { EVENT_U_ENCODE, "URI has non-standard %u-style Unicode e
ncoding" }, |
| { EVENT_BARE_BYTE, "URI has Unicode encodings containing by
tes that were not " | | { EVENT_BARE_BYTE, "URI has Unicode encodings containing by
tes that were not " |
| "percent-encoded" }, | | "percent-encoded" }, |
| { EVENT_UTF_8, "URI has two-byte or three-byte UTF-8 en
coding" }, | | { EVENT_UTF_8, "URI has two-byte or three-byte UTF-8 en
coding" }, |
| { EVENT_CODE_POINT_IN_URI, "URI has unicode map code point encoding
" }, | | { EVENT_CODE_POINT_IN_URI, "URI has unicode map code point encoding
" }, |
| { EVENT_MULTI_SLASH, "URI path contains consecutive slash cha
racters" }, | | { EVENT_MULTI_SLASH, "URI path contains consecutive slash cha
racters" }, |
|
| { EVENT_BACKSLASH_IN_URI, "backslash character appears in the path
portion of a URI." | | { EVENT_BACKSLASH_IN_URI, "backslash character appears in the path
portion of a URI" |
| }, | | }, |
| { EVENT_SELF_DIR_TRAV, "URI path contains /./ pattern repeating
the current " | | { EVENT_SELF_DIR_TRAV, "URI path contains /./ pattern repeating
the current " |
| "directory" }, | | "directory" }, |
| { EVENT_DIR_TRAV, "URI path contains /../ pattern moving u
p a directory" }, | | { EVENT_DIR_TRAV, "URI path contains /../ pattern moving u
p a directory" }, |
| { EVENT_APACHE_WS, "Tab character in HTTP start line" }, | | { EVENT_APACHE_WS, "Tab character in HTTP start line" }, |
| { EVENT_LF_WITHOUT_CR, "HTTP start line or header line terminat
ed by LF without " | | { EVENT_LF_WITHOUT_CR, "HTTP start line or header line terminat
ed by LF without " |
| "a CR" }, | | "a CR" }, |
| { EVENT_NON_RFC_CHAR, "Normalized URI includes character from
bad_characters " | | { EVENT_NON_RFC_CHAR, "Normalized URI includes character from
bad_characters " |
| "list" }, | | "list" }, |
| { EVENT_OVERSIZE_DIR, "URI path contains a segment that is lon
ger than the " | | { EVENT_OVERSIZE_DIR, "URI path contains a segment that is lon
ger than the " |
| | |
| skipping to change at line 334 | | skipping to change at line 333 |
|---|
| { EVENT_TRUNCATED_MSG_BODY_CHUNK, "HTTP chunked message body was truncated
" }, | | { EVENT_TRUNCATED_MSG_BODY_CHUNK, "HTTP chunked message body was truncated
" }, |
| { EVENT_LONG_SCHEME, "HTTP URI scheme longer than 10 characte
rs" }, | | { EVENT_LONG_SCHEME, "HTTP URI scheme longer than 10 characte
rs" }, |
| { EVENT_HTTP2_UPGRADE_REQUEST, "HTTP/1 client requested HTTP/2 upgrade"
}, | | { EVENT_HTTP2_UPGRADE_REQUEST, "HTTP/1 client requested HTTP/2 upgrade"
}, |
| { EVENT_HTTP2_UPGRADE_RESPONSE, "HTTP/1 server granted HTTP/2 upgrade" }
, | | { EVENT_HTTP2_UPGRADE_RESPONSE, "HTTP/1 server granted HTTP/2 upgrade" }
, |
| { EVENT_JS_BAD_TOKEN, "bad token in JavaScript" }, | | { EVENT_JS_BAD_TOKEN, "bad token in JavaScript" }, |
| { EVENT_JS_OPENING_TAG, "unexpected script opening tag in JavaSc
ript" }, | | { EVENT_JS_OPENING_TAG, "unexpected script opening tag in JavaSc
ript" }, |
| { EVENT_JS_CLOSING_TAG, "unexpected script closing tag in JavaSc
ript" }, | | { EVENT_JS_CLOSING_TAG, "unexpected script closing tag in JavaSc
ript" }, |
| { EVENT_JS_CODE_IN_EXTERNAL, "JavaScript code under the external scri
pt tags" }, | | { EVENT_JS_CODE_IN_EXTERNAL, "JavaScript code under the external scri
pt tags" }, |
| { EVENT_JS_SHORTENED_TAG, "script opening tag in a short form" }, | | { EVENT_JS_SHORTENED_TAG, "script opening tag in a short form" }, |
| { EVENT_JS_IDENTIFIER_OVERFLOW, "max number of unique JavaScript identif
iers reached" }, | | { EVENT_JS_IDENTIFIER_OVERFLOW, "max number of unique JavaScript identif
iers reached" }, |
|
| { EVENT_JS_BRACKET_NEST_OVERFLOW, "JavaScript bracket nesting is over capa
city" }, | | { EVENT_JS_BRACKET_NEST_OVERFLOW, "excessive JavaScript bracket nesting" }
, |
| { EVENT_ACCEPT_ENCODING_CONSECUTIVE_COMMAS, "Consecutive commas in HTTP Acce
pt-Encoding " | | { EVENT_ACCEPT_ENCODING_CONSECUTIVE_COMMAS, "Consecutive commas in HTTP Acce
pt-Encoding " |
| "header" }, | | "header" }, |
| { EVENT_JS_PDU_MISS, "missed PDUs during JavaScript normaliza
tion" }, | | { EVENT_JS_PDU_MISS, "missed PDUs during JavaScript normaliza
tion" }, |
|
| { EVENT_JS_SCOPE_NEST_OVERFLOW, "JavaScript scope nesting is over capaci
ty" }, | | { EVENT_JS_SCOPE_NEST_OVERFLOW, "excessive JavaScript scope nesting" }, |
| { EVENT_INVALID_SUBVERSION, "HTTP/1 version other than 1.0 or 1.1" }
, | | { EVENT_INVALID_SUBVERSION, "HTTP/1 version other than 1.0 or 1.1" }
, |
| { EVENT_VERSION_0, "HTTP version in start line is 0" }, | | { EVENT_VERSION_0, "HTTP version in start line is 0" }, |
| { EVENT_VERSION_HIGHER_THAN_1, "HTTP version in start line is higher th
an 1" }, | | { EVENT_VERSION_HIGHER_THAN_1, "HTTP version in start line is higher th
an 1" }, |
| { EVENT_GZIP_FEXTRA, "HTTP gzip body with the FEXTRA flag set
" }, | | { EVENT_GZIP_FEXTRA, "HTTP gzip body with the FEXTRA flag set
" }, |
| { 0, nullptr } | | { 0, nullptr } |
| }; | | }; |
| | |
| const PegInfo HttpModule::peg_names[PEG_COUNT_MAX+1] = | | const PegInfo HttpModule::peg_names[PEG_COUNT_MAX+1] = |
| { | | { |
| { CountType::SUM, "flows", "HTTP connections inspected" }, | | { CountType::SUM, "flows", "HTTP connections inspected" }, |
| | | |
| End of changes. 4 change blocks. |
|---|
| 6 lines changed or deleted | | 5 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 