"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/service_inspectors/http_inspect/http_module.cc" between
snort3-3.1.29.0.tar.gz and snort3-3.1.30.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

http_module.cc  (snort3-3.1.29.0):http_module.cc  (snort3-3.1.30.0)
skipping to change at line 54 skipping to change at line 54
delete params; delete params;
LiteralSearch::cleanup(script_detection_handle); LiteralSearch::cleanup(script_detection_handle);
} }
static const Parameter js_norm_ident_ignore_param[] = static const Parameter js_norm_ident_ignore_param[] =
{ {
{ "ident_name", Parameter::PT_STRING, nullptr, nullptr, "name of the identif ier to ignore" }, { "ident_name", Parameter::PT_STRING, nullptr, nullptr, "name of the identif ier to ignore" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
}; };
static const Parameter js_norm_prop_ignore_param[] =
{
{ "prop_name", Parameter::PT_STRING, nullptr, nullptr, "name of the object p
roperty to ignore" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
const Parameter HttpModule::http_params[] = const Parameter HttpModule::http_params[] =
{ {
{ "request_depth", Parameter::PT_INT, "-1:max53", "-1", { "request_depth", Parameter::PT_INT, "-1:max53", "-1",
"maximum request message body bytes to examine (-1 no limit)" }, "maximum request message body bytes to examine (-1 no limit)" },
{ "response_depth", Parameter::PT_INT, "-1:max53", "-1", { "response_depth", Parameter::PT_INT, "-1:max53", "-1",
"maximum response message body bytes to examine (-1 no limit)" }, "maximum response message body bytes to examine (-1 no limit)" },
{ "unzip", Parameter::PT_BOOL, nullptr, "true", { "unzip", Parameter::PT_BOOL, nullptr, "true",
"decompress gzip and deflate message bodies" }, "decompress gzip and deflate message bodies" },
skipping to change at line 112 skipping to change at line 118
{ "js_norm_max_bracket_depth", Parameter::PT_INT, "1:65535", "256", { "js_norm_max_bracket_depth", Parameter::PT_INT, "1:65535", "256",
"maximum depth of bracket nesting that enhanced JavaScript normalizer will process" }, "maximum depth of bracket nesting that enhanced JavaScript normalizer will process" },
{ "js_norm_max_scope_depth", Parameter::PT_INT, "1:65535", "256", { "js_norm_max_scope_depth", Parameter::PT_INT, "1:65535", "256",
"maximum depth of scope nesting that enhanced JavaScript normalizer will p rocess" }, "maximum depth of scope nesting that enhanced JavaScript normalizer will p rocess" },
{ "js_norm_ident_ignore", Parameter::PT_LIST, js_norm_ident_ignore_param, nu llptr, { "js_norm_ident_ignore", Parameter::PT_LIST, js_norm_ident_ignore_param, nu llptr,
"list of JavaScript ignored identifiers which will not be normalized" }, "list of JavaScript ignored identifiers which will not be normalized" },
{ "js_norm_prop_ignore", Parameter::PT_LIST, js_norm_prop_ignore_param, null
ptr,
"list of JavaScript ignored object properties which will not be normalized
" },
{ "max_javascript_whitespaces", Parameter::PT_INT, "1:65535", "200", { "max_javascript_whitespaces", Parameter::PT_INT, "1:65535", "200",
"maximum consecutive whitespaces allowed within the JavaScript obfuscated data" }, "maximum consecutive whitespaces allowed within the JavaScript obfuscated data" },
{ "bad_characters", Parameter::PT_BIT_LIST, "255", nullptr, { "bad_characters", Parameter::PT_BIT_LIST, "255", nullptr,
"alert when any of specified bytes are present in URI after percent decodi ng" }, "alert when any of specified bytes are present in URI after percent decodi ng" },
{ "ignore_unreserved", Parameter::PT_STRING, "(optional)", nullptr, { "ignore_unreserved", Parameter::PT_STRING, "(optional)", nullptr,
"do not alert when the specified unreserved characters are percent-encoded in a URI." "do not alert when the specified unreserved characters are percent-encoded in a URI."
"Unreserved characters are 0-9, a-z, A-Z, period, underscore, tilde, and m inus." }, "Unreserved characters are 0-9, a-z, A-Z, period, underscore, tilde, and m inus." },
skipping to change at line 296 skipping to change at line 305
params->js_norm_param.max_bracket_depth = val.get_uint32(); params->js_norm_param.max_bracket_depth = val.get_uint32();
} }
else if (val.is("js_norm_max_scope_depth")) else if (val.is("js_norm_max_scope_depth"))
{ {
params->js_norm_param.max_scope_depth = val.get_uint32(); params->js_norm_param.max_scope_depth = val.get_uint32();
} }
else if (val.is("ident_name")) else if (val.is("ident_name"))
{ {
params->js_norm_param.ignored_ids.insert(val.get_string()); params->js_norm_param.ignored_ids.insert(val.get_string());
} }
else if (val.is("prop_name"))
{
params->js_norm_param.ignored_props.insert(val.get_string());
}
else if (val.is("max_javascript_whitespaces")) else if (val.is("max_javascript_whitespaces"))
{ {
params->js_norm_param.max_javascript_whitespaces = val.get_uint16(); params->js_norm_param.max_javascript_whitespaces = val.get_uint16();
} }
else if (val.is("bad_characters")) else if (val.is("bad_characters"))
{ {
val.get_bits(params->uri_param.bad_characters); val.get_bits(params->uri_param.bad_characters);
} }
else if (val.is("ignore_unreserved")) else if (val.is("ignore_unreserved"))
{ {
skipping to change at line 477 skipping to change at line 490
{ {
params->uri_param.unicode_map = new uint8_t[65536]; params->uri_param.unicode_map = new uint8_t[65536];
if (params->uri_param.iis_unicode_map_file.length() == 0) if (params->uri_param.iis_unicode_map_file.length() == 0)
UriNormalizer::load_default_unicode_map(params->uri_param.unicode_ma p); UriNormalizer::load_default_unicode_map(params->uri_param.unicode_ma p);
else else
UriNormalizer::load_unicode_map(params->uri_param.unicode_map, UriNormalizer::load_unicode_map(params->uri_param.unicode_map,
params->uri_param.iis_unicode_map_file.c_str(), params->uri_param.iis_unicode_map_file.c_str(),
params->uri_param.iis_unicode_code_page); params->uri_param.iis_unicode_code_page);
} }
params->js_norm_param.js_norm = new HttpJsNorm(params->uri_param, params->js_norm_param.js_norm = new HttpJsNorm(params->uri_param, params->js
params->js_norm_param.js_norm_bytes_depth, params->js_norm_param.js_iden _norm_param);
tifier_depth,
params->js_norm_param.max_template_nesting, params->js_norm_param.max_br
acket_depth,
params->js_norm_param.max_scope_depth, params->js_norm_param.ignored_ids
);
params->script_detection_handle = script_detection_handle; params->script_detection_handle = script_detection_handle;
prepare_http_header_list(params); prepare_http_header_list(params);
params->mime_decode_conf = new DecodeConfig(); params->mime_decode_conf = new DecodeConfig();
params->mime_decode_conf->set_decompress_pdf(params->decompress_pdf); params->mime_decode_conf->set_decompress_pdf(params->decompress_pdf);
params->mime_decode_conf->set_decompress_swf(params->decompress_swf); params->mime_decode_conf->set_decompress_swf(params->decompress_swf);
params->mime_decode_conf->set_decompress_zip(params->decompress_zip); params->mime_decode_conf->set_decompress_zip(params->decompress_zip);
params->mime_decode_conf->set_decompress_vba(params->decompress_vba); params->mime_decode_conf->set_decompress_vba(params->decompress_vba);
 End of changes. 4 change blocks. 
7 lines changed or deleted 18 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)