/src/suricata7/src/app-layer-htp-libhtp.c

Source
/*
 * We are using this file to hold APIs copied from libhtp 0.5.x.
 */

/***************************************************************************
 * Copyright (c) 2009-2010 Open Information Security Foundation
 * Copyright (c) 2010-2013 Qualys, Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 *
 * - Redistributions of source code must retain the above copyright
 *   notice, this list of conditions and the following disclaimer.
 *
 * - Redistributions in binary form must reproduce the above copyright
 *   notice, this list of conditions and the following disclaimer in the
 *   documentation and/or other materials provided with the distribution.
 *
 * - Neither the name of the Qualys, Inc. nor the names of its
 *   contributors may be used to endorse or promote products derived from
 *   this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ***************************************************************************/

/**
 * \file
 *
 * \author Anoop Saldanha <anoopsaldanha@gmail.com>
 *
 * APIs from libhtp 0.5.x.
 */

#include "suricata-common.h"
#include <htp/htp.h>
#include "app-layer-htp-libhtp.h"

/**
 * \brief Generates the normalized uri.
 *
 *        Libhtp doesn't recreate the whole normalized uri and save it.
 *        That duty has now been passed to us.  A lot of this code has been
 *        copied from libhtp.
 *
 *        Keep an eye out on the tx->parsed_uri struct and how the parameters
 *        in it are generated, just in case some modifications are made to
 *        them in the future.
 *
 * \param uri_include_all boolean to indicate if scheme, username/password,
                          hostname and port should be part of the buffer
 */
bstr *SCHTPGenerateNormalizedUri(htp_tx_t *tx, htp_uri_t *uri, int uri_include_all)
{
    if (uri == NULL)
        return NULL;

    // On the first pass determine the length of the final string
    size_t len = 0;

    if (uri_include_all) {
        if (uri->scheme != NULL) {
            len += bstr_len(uri->scheme);
            len += 3; // "://"
        }

        if ((uri->username != NULL) || (uri->password != NULL)) {
            if (uri->username != NULL) {
                len += bstr_len(uri->username);
            }

            len += 1; // ":"

            if (uri->password != NULL) {
                len += bstr_len(uri->password);
            }

            len += 1; // "@"
        }

        if (uri->hostname != NULL) {
            len += bstr_len(uri->hostname);
        }

        if (uri->port != NULL) {
            len += 1; // ":"
            len += bstr_len(uri->port);
        }
    }

    if (uri->path != NULL) {
        len += bstr_len(uri->path);
    }

    if (uri->query != NULL) {
        len += 1; // "?"
        len += bstr_len(uri->query);
    }

    if (uri->fragment != NULL) {
        len += 1; // "#"
        len += bstr_len(uri->fragment);
    }

    // On the second pass construct the string
    /* FIXME in memcap */
    bstr *r = bstr_alloc(len);
    if (r == NULL) {
        return NULL;
    }

    if (uri_include_all) {
        if (uri->scheme != NULL) {
            bstr_add_noex(r, uri->scheme);
            bstr_add_c_noex(r, "://");
        }

        if ((uri->username != NULL) || (uri->password != NULL)) {
            if (uri->username != NULL) {
                bstr_add_noex(r, uri->username);
            }

            bstr_add_c_noex(r, ":");

            if (uri->password != NULL) {
                bstr_add_noex(r, uri->password);
            }

            bstr_add_c_noex(r, "@");
        }

        if (uri->hostname != NULL) {
            bstr_add_noex(r, uri->hostname);
        }

        if (uri->port != NULL) {
            bstr_add_c_noex(r, ":");
            bstr_add_noex(r, uri->port);
        }
    }

    if (uri->path != NULL) {
        bstr_add_noex(r, uri->path);
    }

    if (uri->query != NULL) {
        bstr *query = bstr_dup(uri->query);
        if (query) {
            uint64_t flags = 0;
            htp_urldecode_inplace(tx->cfg, HTP_DECODER_URLENCODED, query, &flags);
            bstr_add_c_noex(r, "?");
            bstr_add_noex(r, query);
            bstr_free(query);
        }
    }

    if (uri->fragment != NULL) {
        bstr_add_c_noex(r, "#");
        bstr_add_noex(r, uri->fragment);
    }

    return r;
}

Line	Count	Source
1		/*
2		* We are using this file to hold APIs copied from libhtp 0.5.x.
3		*/
4
5		/***************************************************************************
6		* Copyright (c) 2009-2010 Open Information Security Foundation
7		* Copyright (c) 2010-2013 Qualys, Inc.
8		* All rights reserved.
9		*
10		* Redistribution and use in source and binary forms, with or without
11		* modification, are permitted provided that the following conditions are
12		* met:
13		*
14		* - Redistributions of source code must retain the above copyright
15		* notice, this list of conditions and the following disclaimer.
16		*
17		* - Redistributions in binary form must reproduce the above copyright
18		* notice, this list of conditions and the following disclaimer in the
19		* documentation and/or other materials provided with the distribution.
20		*
21		* - Neither the name of the Qualys, Inc. nor the names of its
22		* contributors may be used to endorse or promote products derived from
23		* this software without specific prior written permission.
24		*
25		* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26		* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27		* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28		* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29		* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30		* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
31		* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32		* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33		* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34		* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
35		* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36		***************************************************************************/
37
38		/**
39		* \file
40		*
41		* \author Anoop Saldanha <anoopsaldanha@gmail.com>
42		*
43		* APIs from libhtp 0.5.x.
44		*/
45
46		#include "suricata-common.h"
47		#include <htp/htp.h>
48		#include "app-layer-htp-libhtp.h"
49
50		/**
51		* \brief Generates the normalized uri.
52		*
53		* Libhtp doesn't recreate the whole normalized uri and save it.
54		* That duty has now been passed to us. A lot of this code has been
55		* copied from libhtp.
56		*
57		* Keep an eye out on the tx->parsed_uri struct and how the parameters
58		* in it are generated, just in case some modifications are made to
59		* them in the future.
60		*
61		* \param uri_include_all boolean to indicate if scheme, username/password,
62		hostname and port should be part of the buffer
63		*/
64		bstr SCHTPGenerateNormalizedUri(htp_tx_t tx, htp_uri_t *uri, int uri_include_all)
65	190k	{
66	190k	if (uri == NULL)
67	0	return NULL;
68
69		// On the first pass determine the length of the final string
70	190k	size_t len = 0;
71
72	190k	if (uri_include_all) {
73	0	if (uri->scheme != NULL) {
74	0	len += bstr_len(uri->scheme);
75	0	len += 3; // "://"
76	0	}
77
78	0	if ((uri->username != NULL) \|\| (uri->password != NULL)) {
79	0	if (uri->username != NULL) {
80	0	len += bstr_len(uri->username);
81	0	}
82
83	0	len += 1; // ":"
84
85	0	if (uri->password != NULL) {
86	0	len += bstr_len(uri->password);
87	0	}
88
89	0	len += 1; // "@"
90	0	}
91
92	0	if (uri->hostname != NULL) {
93	0	len += bstr_len(uri->hostname);
94	0	}
95
96	0	if (uri->port != NULL) {
97	0	len += 1; // ":"
98	0	len += bstr_len(uri->port);
99	0	}
100	0	}
101
102	190k	if (uri->path != NULL) {
103	118k	len += bstr_len(uri->path);
104	118k	}
105
106	190k	if (uri->query != NULL) {
107	6.69k	len += 1; // "?"
108	6.69k	len += bstr_len(uri->query);
109	6.69k	}
110
111	190k	if (uri->fragment != NULL) {
112	6.67k	len += 1; // "#"
113	6.67k	len += bstr_len(uri->fragment);
114	6.67k	}
115
116		// On the second pass construct the string
117		/* FIXME in memcap */
118	190k	bstr *r = bstr_alloc(len);
119	190k	if (r == NULL) {
120	0	return NULL;
121	0	}
122
123	190k	if (uri_include_all) {
124	0	if (uri->scheme != NULL) {
125	0	bstr_add_noex(r, uri->scheme);
126	0	bstr_add_c_noex(r, "://");
127	0	}
128
129	0	if ((uri->username != NULL) \|\| (uri->password != NULL)) {
130	0	if (uri->username != NULL) {
131	0	bstr_add_noex(r, uri->username);
132	0	}
133
134	0	bstr_add_c_noex(r, ":");
135
136	0	if (uri->password != NULL) {
137	0	bstr_add_noex(r, uri->password);
138	0	}
139
140	0	bstr_add_c_noex(r, "@");
141	0	}
142
143	0	if (uri->hostname != NULL) {
144	0	bstr_add_noex(r, uri->hostname);
145	0	}
146
147	0	if (uri->port != NULL) {
148	0	bstr_add_c_noex(r, ":");
149	0	bstr_add_noex(r, uri->port);
150	0	}
151	0	}
152
153	190k	if (uri->path != NULL) {
154	118k	bstr_add_noex(r, uri->path);
155	118k	}
156
157	190k	if (uri->query != NULL) {
158	6.69k	bstr *query = bstr_dup(uri->query);
159	6.69k	if (query) {
160	6.69k	uint64_t flags = 0;
161	6.69k	htp_urldecode_inplace(tx->cfg, HTP_DECODER_URLENCODED, query, &flags);
162	6.69k	bstr_add_c_noex(r, "?");
163	6.69k	bstr_add_noex(r, query);
164	6.69k	bstr_free(query);
165	6.69k	}
166	6.69k	}
167
168	190k	if (uri->fragment != NULL) {
169	6.67k	bstr_add_c_noex(r, "#");
170	6.67k	bstr_add_noex(r, uri->fragment);
171	6.67k	}
172
173	190k	return r;
174	190k	}

Coverage Report

Created: 2025-11-16 07:09