"Fossies" - the Fresh Open Source Software Archive

Member "snort-2.9.17/src/preprocessors/HttpInspect/include/hi_eo_events.h" (16 Oct 2020, 11986 Bytes) of package /linux/misc/snort-2.9.17.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "hi_eo_events.h" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 2.9.16.1_vs_2.9.17.

    1 /****************************************************************************
    2  *
    3  * Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
    4  * Copyright (C) 2003-2013 Sourcefire, Inc.
    5  *
    6  * This program is free software; you can redistribute it and/or modify
    7  * it under the terms of the GNU General Public License Version 2 as
    8  * published by the Free Software Foundation.  You may not use, modify or
    9  * distribute this program under any other version of the GNU General
   10  * Public License.
   11  *
   12  * This program is distributed in the hope that it will be useful,
   13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   15  * GNU General Public License for more details.
   16  *
   17  * You should have received a copy of the GNU General Public License
   18  * along with this program; if not, write to the Free Software
   19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   20  *
   21  ****************************************************************************/
   22 
   23 #ifndef __HI_EO_EVENTS_H__
   24 #define __HI_EO_EVENTS_H__
   25 
   26 #include "hi_include.h"
   27 
   28 /*
   29 **  Client Events
   30 */
   31 typedef enum _HI_CLI_EVENTS 
   32 {
   33     HI_EO_CLIENT_ASCII =       0,
   34     HI_EO_CLIENT_DOUBLE_DECODE  , 
   35     HI_EO_CLIENT_U_ENCODE       , 
   36     HI_EO_CLIENT_BARE_BYTE      , 
   37     /* Base36 is deprecated - leave here so events keep the same number */
   38     HI_EO_CLIENT_BASE36         ,
   39     HI_EO_CLIENT_UTF_8          , 
   40     HI_EO_CLIENT_IIS_UNICODE    , 
   41     HI_EO_CLIENT_MULTI_SLASH    , 
   42     HI_EO_CLIENT_IIS_BACKSLASH  , 
   43     HI_EO_CLIENT_SELF_DIR_TRAV  , 
   44     HI_EO_CLIENT_DIR_TRAV       ,
   45     HI_EO_CLIENT_APACHE_WS      ,
   46     HI_EO_CLIENT_IIS_DELIMITER  ,
   47     HI_EO_CLIENT_NON_RFC_CHAR   ,
   48     HI_EO_CLIENT_OVERSIZE_DIR   ,
   49     HI_EO_CLIENT_LARGE_CHUNK    ,
   50     HI_EO_CLIENT_PROXY_USE      ,
   51     HI_EO_CLIENT_WEBROOT_DIR    ,
   52     HI_EO_CLIENT_LONG_HDR       ,
   53     HI_EO_CLIENT_MAX_HEADERS    ,
   54     HI_EO_CLIENT_MULTIPLE_CONTLEN,
   55     HI_EO_CLIENT_CHUNK_SIZE_MISMATCH,
   56     HI_EO_CLIENT_INVALID_TRUEIP ,
   57     HI_EO_CLIENT_MULTIPLE_HOST_HDRS,
   58     HI_EO_CLIENT_LONG_HOSTNAME  ,
   59     HI_EO_CLIENT_EXCEEDS_SPACES ,
   60     HI_EO_CLIENT_CONSECUTIVE_SMALL_CHUNKS,
   61     HI_EO_CLIENT_UNBOUNDED_POST,
   62     HI_EO_CLIENT_MULTIPLE_TRUEIP_IN_SESSION,
   63     HI_EO_CLIENT_BOTH_TRUEIP_XFF_HDRS,
   64     HI_EO_CLIENT_UNKNOWN_METHOD,
   65     HI_EO_CLIENT_SIMPLE_REQUEST,
   66     HI_EO_CLIENT_UNESCAPED_SPACE_URI,
   67     HI_EO_CLIENT_PIPELINE_MAX,
   68     HI_EO_CLIENT_MULTIPLE_COLON_BETN_KEY_VALUE,
   69     HI_EO_CLIENT_INVALID_RANGE_UNIT_FMT,
   70     HI_EO_CLIENT_RANGE_NON_GET_METHOD,
   71     HI_EO_CLIENT_RANGE_FIELD_ERROR,   
   72     HI_EO_CLIENT_EVENT_NUM
   73 } HI_CLI_EVENTS;
   74 
   75 typedef enum _HI_EVENTS
   76 {
   77     HI_EO_ANOM_SERVER =         0,
   78     HI_EO_SERVER_INVALID_STATCODE,
   79     HI_EO_SERVER_NO_CONTLEN,
   80     HI_EO_SERVER_UTF_NORM_FAIL,
   81     HI_EO_SERVER_UTF7,
   82     HI_EO_SERVER_DECOMPR_FAILED,
   83     HI_EO_SERVER_CONSECUTIVE_SMALL_CHUNKS,
   84     HI_EO_CLISRV_MSG_SIZE_EXCEPTION,
   85     HI_EO_SERVER_JS_OBFUSCATION_EXCD,
   86     HI_EO_SERVER_JS_EXCESS_WS,
   87     HI_EO_SERVER_MIXED_ENCODINGS,
   88     HI_EO_SERVER_SWF_ZLIB_FAILURE,
   89     HI_EO_SERVER_SWF_LZMA_FAILURE,
   90     HI_EO_SERVER_PDF_DEFL_FAILURE,
   91     HI_EO_SERVER_PDF_UNSUP_COMP_TYPE,
   92     HI_EO_SERVER_PDF_CASC_COMP,
   93     HI_EO_SERVER_PDF_PARSE_FAILURE,
   94     HI_EO_SERVER_PROTOCOL_OTHER,
   95     HI_EO_SERVER_MULTIPLE_CONTLEN,
   96     HI_EO_SERVER_MULTIPLE_CONTENT_ENCODING,
   97     HI_EO_SERVER_MULTIPLE_COLON_BETN_KEY_VALUE,
   98     HI_EO_SERVER_INVALID_CHAR_BETN_KEY_VALUE,
   99     HI_EO_CLISRV_INVALID_CHUNKED_ENCODING,
  100     HI_EO_SERVER_PARTIAL_DECOMPRESSION_FAIL,
  101     HI_EO_SERVER_INVALID_HEADER_FOLDING,
  102     HI_EO_SERVER_JUNK_LINE_BEFORE_RESP_HEADER,
  103     HI_EO_SERVER_NO_RESP_HEADER_END,
  104     HI_EO_SERVER_INVALID_CHUNK_SIZE,
  105     HI_EO_SERVER_INVALID_VERSION_RESP_HEADER,
  106     HI_EO_SERVER_INVALID_CONTENT_RANGE_UNIT_FMT,
  107     HI_EO_SERVER_RANGE_FIELD_ERROR,
  108     HI_EO_SERVER_EVENT_NUM
  109 }HI_EVENTS;
  110 
  111 /*
  112 **  These defines are the alert names for each event
  113 */
  114 #define HI_EO_CLIENT_ASCII_STR                          \
  115     "(http_inspect) ASCII ENCODING"
  116 #define HI_EO_CLIENT_DOUBLE_DECODE_STR                  \
  117     "(http_inspect) DOUBLE DECODING ATTACK"
  118 #define HI_EO_CLIENT_U_ENCODE_STR                       \
  119     "(http_inspect) U ENCODING"
  120 #define HI_EO_CLIENT_BARE_BYTE_STR                      \
  121     "(http_inspect) BARE BYTE UNICODE ENCODING"
  122 /* Base36 is deprecated - leave here so events keep the same number */
  123 #define HI_EO_CLIENT_BASE36_STR                         \
  124     "(http_inspect) BASE36 ENCODING"
  125 #define HI_EO_CLIENT_UTF_8_STR                          \
  126     "(http_inspect) UTF-8 ENCODING"
  127 #define HI_EO_CLIENT_IIS_UNICODE_STR                    \
  128     "(http_inspect) IIS UNICODE CODEPOINT ENCODING"
  129 #define HI_EO_CLIENT_MULTI_SLASH_STR                    \
  130     "(http_inspect) MULTI_SLASH ENCODING"
  131 #define HI_EO_CLIENT_IIS_BACKSLASH_STR                  \
  132     "(http_inspect) IIS BACKSLASH EVASION"
  133 #define HI_EO_CLIENT_SELF_DIR_TRAV_STR                  \
  134     "(http_inspect) SELF DIRECTORY TRAVERSAL"
  135 #define HI_EO_CLIENT_DIR_TRAV_STR                       \
  136     "(http_inspect) DIRECTORY TRAVERSAL"
  137 #define HI_EO_CLIENT_APACHE_WS_STR                      \
  138     "(http_inspect) APACHE WHITESPACE (TAB)"
  139 #define HI_EO_CLIENT_IIS_DELIMITER_STR                  \
  140     "(http_inspect) NON-RFC HTTP DELIMITER"
  141 #define HI_EO_CLIENT_NON_RFC_CHAR_STR                   \
  142     "(http_inspect) NON-RFC DEFINED CHAR"
  143 #define HI_EO_CLIENT_OVERSIZE_DIR_STR                   \
  144     "(http_inspect) OVERSIZE REQUEST-URI DIRECTORY"
  145 #define HI_EO_CLIENT_LARGE_CHUNK_STR                    \
  146     "(http_inspect) OVERSIZE CHUNK ENCODING"
  147 #define HI_EO_CLIENT_PROXY_USE_STR                      \
  148     "(http_inspect) UNAUTHORIZED PROXY USE DETECTED"
  149 #define HI_EO_CLIENT_WEBROOT_DIR_STR                    \
  150     "(http_inspect) WEBROOT DIRECTORY TRAVERSAL"
  151 #define HI_EO_CLIENT_LONG_HDR_STR                       \
  152     "(http_inspect) LONG HEADER"
  153 #define HI_EO_CLIENT_MAX_HEADERS_STR                    \
  154     "(http_inspect) MAX HEADER FIELDS"
  155 #define HI_EO_CLIENT_MULTIPLE_CONTLEN_STR               \
  156     "(http_inspect) MULTIPLE CONTENT LENGTH"
  157 #define HI_EO_CLIENT_CHUNK_SIZE_MISMATCH_STR            \
  158     "(http_inspect) CHUNK SIZE MISMATCH DETECTED"
  159 #define HI_EO_CLIENT_MULTIPLE_HOST_HDRS_STR             \
  160     "(http_inspect) MULTIPLE HOST HDRS DETECTED"
  161 #define HI_EO_CLIENT_INVALID_TRUEIP_STR                 \
  162     "(http_inspect) INVALID IP IN TRUE-CLIENT-IP/XFF HEADER"
  163 #define HI_EO_CLIENT_LONG_HOSTNAME_STR                  \
  164     "(http_inspect) HOSTNAME EXCEEDS 255 CHARACTERS"
  165 #define HI_EO_CLIENT_EXCEEDS_SPACES_STR                 \
  166     "(http_inspect) HEADER PARSING SPACE SATURATION"
  167 #define HI_EO_CLIENT_CONSECUTIVE_SMALL_CHUNKS_STR       \
  168     "(http_inspect) CLIENT CONSECUTIVE SMALL CHUNK SIZES"
  169 #define HI_EO_CLIENT_UNBOUNDED_POST_STR                 \
  170     "(http_inspect) POST W/O CONTENT-LENGTH OR CHUNKS"
  171 #define HI_EO_CLIENT_MULTIPLE_TRUEIP_IN_SESSION_STR     \
  172     "(http_inspect) MULTIPLE TRUE IPS IN A SESSION"
  173 #define HI_EO_CLIENT_BOTH_TRUEIP_XFF_HDRS_STR           \
  174     "(http_inspect) BOTH TRUE_CLIENT_IP AND XFF HDRS PRESENT"
  175 #define HI_EO_CLIENT_UNKNOWN_METHOD_STR                 \
  176     "(http_inspect) UNKNOWN METHOD"
  177 #define HI_EO_CLIENT_SIMPLE_REQUEST_STR                 \
  178     "(http_inspect) SIMPLE REQUEST"
  179 #define HI_EO_CLIENT_UNESCAPED_SPACE_URI_STR            \
  180     "(http_inspect) UNESCAPED SPACE IN HTTP URI"
  181 #define HI_EO_CLIENT_PIPELINE_MAX_STR                   \
  182     "(http_inspect) TOO MANY PIPELINED REQUESTS"
  183 #define HI_EO_CLIENT_MULTIPLE_COLON_BETN_KEY_VALUE_STR  \
  184     "(http_inspect) MULTIPLE COLON BETWEEN KEY AND VALUE IN HTTP REQUEST HEADER"
  185 #define HI_EO_CLIENT_INVALID_RANGE_UNIT_FMT_STR         \
  186     "(http_inspect) INVALID RANGE UNIT FORMAT"
  187 #define HI_EO_CLIENT_RANGE_NON_GET_METHOD_STR           \
  188     "(http_inspect) RANGE FIELD PRESENT IN NON GET METHOD"
  189 #define HI_EO_CLIENT_RANGE_FIELD_ERROR_STR              \
  190     "(http_inspect) ERROR IN RANGE FIELD OF REQUEST HEADER"
  191 
  192 /*
  193 **  Server Events
  194 */
  195 
  196 #define HI_EO_ANOM_SERVER_STR                           \
  197     "(http_inspect) ANOMALOUS HTTP SERVER ON UNDEFINED HTTP PORT"
  198 #define HI_EO_SERVER_INVALID_STATCODE_STR               \
  199     "(http_inspect) INVALID STATUS CODE IN HTTP RESPONSE"
  200 #define HI_EO_SERVER_NO_CONTLEN_STR                     \
  201     "(http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE"
  202 #define HI_EO_SERVER_UTF_NORM_FAIL_STR                  \
  203     "(http_inspect) HTTP RESPONSE HAS UTF CHARSET WHICH FAILED TO NORMALIZE"
  204 #define HI_EO_SERVER_UTF7_STR                           \
  205     "(http_inspect) HTTP RESPONSE HAS UTF-7 CHARSET"
  206 #define HI_EO_SERVER_DECOMPR_FAILED_STR                 \
  207     "(http_inspect) HTTP RESPONSE GZIP DECOMPRESSION FAILED"
  208 #define HI_EO_SERVER_CONSECUTIVE_SMALL_CHUNKS_STR       \
  209     "(http_inspect) SERVER CONSECUTIVE SMALL CHUNK SIZES"
  210 #define HI_EO_CLISRV_MSG_SIZE_EXCEPTION_STR             \
  211     "(http_inspect) INVALID CONTENT-LENGTH OR CHUNK SIZE"
  212 #define HI_EO_SERVER_JS_OBFUSCATION_EXCD_STR            \
  213     "(http_inspect) JAVASCRIPT OBFUSCATION LEVELS EXCEEDS 1"
  214 #define HI_EO_SERVER_JS_EXCESS_WS_STR                   \
  215     "(http_inspect) JAVASCRIPT WHITESPACES EXCEEDS MAX ALLOWED"
  216 #define HI_EO_SERVER_MIXED_ENCODINGS_STR                \
  217     "(http_inspect) MULTIPLE ENCODINGS WITHIN JAVASCRIPT OBFUSCATED DATA"
  218 #define HI_EO_SERVER_SWF_ZLIB_FAILURE_STR               \
  219     "(http_inspect) HTTP_RESPONSE SWF FILE ZLIB DECOMPRESSION FAILURE"
  220 #define HI_EO_SERVER_SWF_LZMA_FAILURE_STR               \
  221     "(http_inspect) HTTP_RESPONSE SWF FILE LZMA DECOMPRESSION FAILURE"
  222 #define HI_EO_SERVER_PDF_DEFL_FAILURE_STR               \
  223     "(http_inspect) HTTP_RESPONSE PDF FILE DEFLATE DECOMPRESSION FAILURE"
  224 #define HI_EO_SERVER_PDF_UNSUP_COMP_TYPE_STR            \
  225     "(http_inspect) HTTP_RESPONSE PDF FILE UNSUPPORTED COMPRESSION TYPE"
  226 #define HI_EO_SERVER_PDF_CASC_COMP_STR                  \
  227     "(http_inspect) HTTP_RESPONSE PDF FILE CASCADED COMPRESSION"
  228 #define HI_EO_SERVER_PDF_PARSE_FAILURE_STR              \
  229     "(http_inspect) HTTP_RESPONSE PDF FILE PARSE FAILURE"
  230 #define HI_EO_SERVER_PROTOCOL_OTHER_STR         \
  231     "(http_inspect) PROTOCOL-OTHER HTTP server response before client request "
  232 #define HI_EO_SERVER_MULTIPLE_CONTLEN_STR               \
  233     "(http_inspect) MULTIPLE CONTENT LENGTH IN HTTP RESPONSE"
  234 #define HI_EO_SERVER_MULTIPLE_CONTENT_ENCODING_STR      \
  235     "(http_inspect) MULTIPLE CONTENT ENCODING IN HTTP RESPONSE"
  236 #define HI_EO_SERVER_MULTIPLE_COLON_BETN_KEY_VALUE_STR  \
  237     "(http_inspect) MULTIPLE COLON BETWEEN KEY AND VALUE IN HTTP RESPONSE HEADER"
  238 #define HI_EO_SERVER_INVALID_CHAR_BETN_KEY_VALUE_STR  \
  239     "(http_inspect) INVALID CHARACTER BETWEEN KEY AND VALUE IN HTTP RESPONSE HEADER"
  240 #define HI_EO_CLISRV_INVALID_CHUNKED_EXCEPTION_STR \
  241     "(http_inspect) TRANSFER ENCODING:CHUNKED IN HTTP 1.0 REQUEST/RESPONSE HEADER"
  242 #define HI_EO_SERVER_PARTIAL_DECOMPRESSION_FAIL_STR  \
  243     "(http_inspect) HTTP RESPONSE PARTIAL DECOMPRESSION FAILURE"
  244 #define HI_EO_SERVER_INVALID_HEADER_FOLDING_STR \
  245     "(http_inspect) INVALID HEADER FOLDING"
  246 #define HI_EO_SERVER_JUNK_LINE_BEFORE_RESP_HEADER_STR \
  247     "(http_inspect) JUNK LINE BEFORE HTTP RESPONSE HEADER"
  248 #define HI_EO_SERVER_NO_RESP_HEADER_END_STR \
  249     "(http_inspect) NO END OF HEADER IN RESPONSE"
  250 #define HI_EO_SERVER_INVALID_CHUNK_SIZE_STR \
  251     "(http_inspect) INVALID CHUNK SIZE OR CHUNK SIZE FOLLOWED BY JUNK CHARACTERS"
  252 #define HI_EO_SERVER_INVALID_VERSION_RESP_HEADER_STR \
  253     "(http_inspect) INVALID VERSION IN HTTP RESPONSE HEADER"
  254 #define HI_EO_SERVER_INVALID_CONTENT_RANGE_UNIT_FMT_STR \
  255     "(http_inspect) INVALID CONTENT RANGE UNIT FORMAT"
  256 #define HI_EO_SERVER_RANGE_FIELD_ERROR_STR \
  257     "(http_inspect) ERROR IN RANGE FIELD OF RESPONSE HEADER"
  258 
  259 /*
  260 **  Event Priorities
  261 */
  262 #define HI_EO_HIGH_PRIORITY 0
  263 #define HI_EO_MED_PRIORITY  1
  264 #define HI_EO_LOW_PRIORITY  2
  265 
  266 #endif