"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/service_inspectors/http_inspect/http_tables.cc" between
snort3-3.1.28.0.tar.gz and snort3-3.1.29.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

http_tables.cc  (snort3-3.1.28.0):http_tables.cc  (snort3-3.1.29.0)
skipping to change at line 205 skipping to change at line 205
const StrCode HttpMsgHeadShared::transfer_encoding_list[] = const StrCode HttpMsgHeadShared::transfer_encoding_list[] =
{ {
{ TE_CHUNKED, "chunked" }, { TE_CHUNKED, "chunked" },
{ TE_IDENTITY, "identity" }, { TE_IDENTITY, "identity" },
{ 0, nullptr } { 0, nullptr }
}; };
const RuleMap HttpModule::http_events[] = const RuleMap HttpModule::http_events[] =
{ {
{ EVENT_ASCII, "URI has percent-encoding of an unreserv ed character" }, { EVENT_ASCII, "URI has percent-encoding of an unreserv ed character" },
{ EVENT_DOUBLE_DECODE, "URI is percent encoded and the result i { EVENT_DOUBLE_DECODE, "URI contains double-encoded hexadecimal
s percent encoded " characters" },
"again" },
{ EVENT_U_ENCODE, "URI has non-standard %u-style Unicode e ncoding" }, { EVENT_U_ENCODE, "URI has non-standard %u-style Unicode e ncoding" },
{ EVENT_BARE_BYTE, "URI has Unicode encodings containing by tes that were not " { EVENT_BARE_BYTE, "URI has Unicode encodings containing by tes that were not "
"percent-encoded" }, "percent-encoded" },
{ EVENT_UTF_8, "URI has two-byte or three-byte UTF-8 en coding" }, { EVENT_UTF_8, "URI has two-byte or three-byte UTF-8 en coding" },
{ EVENT_CODE_POINT_IN_URI, "URI has unicode map code point encoding " }, { EVENT_CODE_POINT_IN_URI, "URI has unicode map code point encoding " },
{ EVENT_MULTI_SLASH, "URI path contains consecutive slash cha racters" }, { EVENT_MULTI_SLASH, "URI path contains consecutive slash cha racters" },
{ EVENT_BACKSLASH_IN_URI, "backslash character appears in the path portion of a URI." { EVENT_BACKSLASH_IN_URI, "backslash character appears in the path portion of a URI"
}, },
{ EVENT_SELF_DIR_TRAV, "URI path contains /./ pattern repeating the current " { EVENT_SELF_DIR_TRAV, "URI path contains /./ pattern repeating the current "
"directory" }, "directory" },
{ EVENT_DIR_TRAV, "URI path contains /../ pattern moving u p a directory" }, { EVENT_DIR_TRAV, "URI path contains /../ pattern moving u p a directory" },
{ EVENT_APACHE_WS, "Tab character in HTTP start line" }, { EVENT_APACHE_WS, "Tab character in HTTP start line" },
{ EVENT_LF_WITHOUT_CR, "HTTP start line or header line terminat ed by LF without " { EVENT_LF_WITHOUT_CR, "HTTP start line or header line terminat ed by LF without "
"a CR" }, "a CR" },
{ EVENT_NON_RFC_CHAR, "Normalized URI includes character from bad_characters " { EVENT_NON_RFC_CHAR, "Normalized URI includes character from bad_characters "
"list" }, "list" },
{ EVENT_OVERSIZE_DIR, "URI path contains a segment that is lon ger than the " { EVENT_OVERSIZE_DIR, "URI path contains a segment that is lon ger than the "
skipping to change at line 334 skipping to change at line 333
{ EVENT_TRUNCATED_MSG_BODY_CHUNK, "HTTP chunked message body was truncated " }, { EVENT_TRUNCATED_MSG_BODY_CHUNK, "HTTP chunked message body was truncated " },
{ EVENT_LONG_SCHEME, "HTTP URI scheme longer than 10 characte rs" }, { EVENT_LONG_SCHEME, "HTTP URI scheme longer than 10 characte rs" },
{ EVENT_HTTP2_UPGRADE_REQUEST, "HTTP/1 client requested HTTP/2 upgrade" }, { EVENT_HTTP2_UPGRADE_REQUEST, "HTTP/1 client requested HTTP/2 upgrade" },
{ EVENT_HTTP2_UPGRADE_RESPONSE, "HTTP/1 server granted HTTP/2 upgrade" } , { EVENT_HTTP2_UPGRADE_RESPONSE, "HTTP/1 server granted HTTP/2 upgrade" } ,
{ EVENT_JS_BAD_TOKEN, "bad token in JavaScript" }, { EVENT_JS_BAD_TOKEN, "bad token in JavaScript" },
{ EVENT_JS_OPENING_TAG, "unexpected script opening tag in JavaSc ript" }, { EVENT_JS_OPENING_TAG, "unexpected script opening tag in JavaSc ript" },
{ EVENT_JS_CLOSING_TAG, "unexpected script closing tag in JavaSc ript" }, { EVENT_JS_CLOSING_TAG, "unexpected script closing tag in JavaSc ript" },
{ EVENT_JS_CODE_IN_EXTERNAL, "JavaScript code under the external scri pt tags" }, { EVENT_JS_CODE_IN_EXTERNAL, "JavaScript code under the external scri pt tags" },
{ EVENT_JS_SHORTENED_TAG, "script opening tag in a short form" }, { EVENT_JS_SHORTENED_TAG, "script opening tag in a short form" },
{ EVENT_JS_IDENTIFIER_OVERFLOW, "max number of unique JavaScript identif iers reached" }, { EVENT_JS_IDENTIFIER_OVERFLOW, "max number of unique JavaScript identif iers reached" },
{ EVENT_JS_BRACKET_NEST_OVERFLOW, "JavaScript bracket nesting is over capa city" }, { EVENT_JS_BRACKET_NEST_OVERFLOW, "excessive JavaScript bracket nesting" } ,
{ EVENT_ACCEPT_ENCODING_CONSECUTIVE_COMMAS, "Consecutive commas in HTTP Acce pt-Encoding " { EVENT_ACCEPT_ENCODING_CONSECUTIVE_COMMAS, "Consecutive commas in HTTP Acce pt-Encoding "
"header" }, "header" },
{ EVENT_JS_PDU_MISS, "missed PDUs during JavaScript normaliza tion" }, { EVENT_JS_PDU_MISS, "missed PDUs during JavaScript normaliza tion" },
{ EVENT_JS_SCOPE_NEST_OVERFLOW, "JavaScript scope nesting is over capaci ty" }, { EVENT_JS_SCOPE_NEST_OVERFLOW, "excessive JavaScript scope nesting" },
{ EVENT_INVALID_SUBVERSION, "HTTP/1 version other than 1.0 or 1.1" } , { EVENT_INVALID_SUBVERSION, "HTTP/1 version other than 1.0 or 1.1" } ,
{ EVENT_VERSION_0, "HTTP version in start line is 0" }, { EVENT_VERSION_0, "HTTP version in start line is 0" },
{ EVENT_VERSION_HIGHER_THAN_1, "HTTP version in start line is higher th an 1" }, { EVENT_VERSION_HIGHER_THAN_1, "HTTP version in start line is higher th an 1" },
{ EVENT_GZIP_FEXTRA, "HTTP gzip body with the FEXTRA flag set " }, { EVENT_GZIP_FEXTRA, "HTTP gzip body with the FEXTRA flag set " },
{ 0, nullptr } { 0, nullptr }
}; };
const PegInfo HttpModule::peg_names[PEG_COUNT_MAX+1] = const PegInfo HttpModule::peg_names[PEG_COUNT_MAX+1] =
{ {
{ CountType::SUM, "flows", "HTTP connections inspected" }, { CountType::SUM, "flows", "HTTP connections inspected" },
 End of changes. 4 change blocks. 
6 lines changed or deleted 5 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)