86 int i, l = 0, n_slash = 0, n_backslash = 0, start_with_slash = 0;
90 int double_slash, reverse_traversal, self_ref_dir;
91 int prem_req_end, param_hiding, cgipm_param;
92 int dos_win_syntax, null_method, tab_sep, http09;
93 char *abs_URI_type, *abs_URI_host;
95 #define URL_CODE_NONE 0 96 #define URL_CODE_HEX 1 97 #define URL_CODE_UTF16 2 98 #define URL_CODE_UTF16MS 3 99 #define URL_CODE_UTF8BAD 4 109 l = path != NULL ? strlen (path) : 0;
110 l += strlen (
name) + (path != NULL);
113 ret = g_malloc0 (l + 1);
117 sprintf (ret,
"%s/%s", path,
name);
123 for (s = ret; *s !=
'\0'; s++)
129 if (kb_item_get_int (
kb,
"NIDS/HTTP/enabled") != 1)
131 ret2 = g_strdup_printf (
"%s %s %s", method, ret, httpver);
136 start_with_slash = (*ret ==
'/');
138 s = kb_item_get_str (
kb,
"NIDS/HTTP/CGIpm_param");
139 cgipm_param = (s != NULL && strcmp (s,
"yes") == 0);
145 for (s = ret; *s !=
'\0' && *s !=
'?'; s++)
148 for (; *s !=
'\0'; s++)
162 s = kb_item_get_str (
kb,
"NIDS/HTTP/self_ref_dir");
163 self_ref_dir = (s != NULL && strcmp (s,
"yes") == 0);
167 ret2 = g_malloc0 (l + 1);
168 for (s = ret, s2 = ret2; *s !=
'\0' && *s !=
'?'; s++)
173 strncpy (s2,
"/./", l);
187 s = kb_item_get_str (
kb,
"NIDS/HTTP/reverse_traversal");
188 reverse_traversal = (s == NULL ? 0 : atoi (s));
190 if (reverse_traversal > 0)
192 l += (reverse_traversal + 4) * n_slash;
193 ret2 = g_malloc0 (l + 1);
195 for (s = ret, s2 = ret2; *s !=
'\0' && *s !=
'?'; s++)
201 for (i = reverse_traversal; i > 0; i--)
202 *s2++ = lrand48 () % 26 +
'a';
203 strncpy (s2,
"/../", l);
217 s = kb_item_get_str (
kb,
"NIDS/HTTP/premature_request_ending");
218 prem_req_end = (s != NULL && strcmp (s,
"yes") == 0);
222 ret2 = g_malloc0 (l + 1);
226 *s++ = lrand48 () % 26 +
'A';
227 for (i = 1; i < 8; i++)
228 *s++ = lrand48 () % 26 +
'a';
230 snprintf (ret2, l,
"/%%20HTTP/1.0%%0d%%0a%s:%%20/../..%s", gizmo, ret);
238 s = kb_item_get_str (
kb,
"NIDS/HTTP/param_hiding");
239 param_hiding = (s != NULL && strcmp (s,
"yes") == 0);
243 ret2 = g_malloc0 (l + 1);
247 for (i = 0; i < 8; i++)
248 *s++ = lrand48 () % 26 +
'a';
250 snprintf (ret2, l,
"/index.htm%%3f%s=/..%s", gizmo, ret);
258 s = kb_item_get_str (
kb,
"NIDS/HTTP/double_slash");
259 double_slash = (s != NULL && strcmp (s,
"yes") == 0);
264 ret2 = g_malloc0 (l + 1);
265 for (s = ret, s2 = ret2; *s !=
'\0' && *s !=
'?'; s++)
284 s = kb_item_get_str (
kb,
"NIDS/HTTP/dos_win_syntax");
285 dos_win_syntax = (s != NULL && strcmp (s,
"yes") == 0);
288 for (s = ret + 1; *s !=
'\0' && *s !=
'?'; s++)
299 s = kb_item_get_str (
kb,
"NIDS/HTTP/URL_encoding");
303 if (strcmp (s,
"Hex") == 0)
305 else if (strcmp (s,
"UTF-16 (double byte)") == 0)
307 else if (strcmp (s,
"UTF-16 (MS %u)") == 0)
309 else if (strcmp (s,
"Incorrect UTF-8") == 0)
314 switch (url_encoding)
320 l = (l - n_slash - n_backslash) * 6 + n_slash + n_backslash;
325 l = (l - n_slash) * 3 + n_slash;
331 ret2 = g_malloc0 (l + 1);
333 for (s = ret, s2 = ret2; *s !=
'\0'; s++)
339 else if (s[0] ==
'%' && isxdigit (s[1]) && isxdigit (s[2]))
346 else if (s[0] ==
'%' && tolower (s[1]) ==
'u' && isxdigit (s[2])
347 && isxdigit (s[3]) && isxdigit (s[4]) && isxdigit (s[5]))
358 sprintf (s2,
"%%u00%02x", *(
unsigned char *) s);
364 sprintf (s2,
"%%00%%%02x", *(
unsigned char *) s);
370 unsigned char c = *(
unsigned char *) s;
371 sprintf (s2,
"%%%02x%%%02x", 0xC0 | (c >> 6), 0x80 | (c & 0x3F));
377 sprintf (s2,
"%%%02x", *(
unsigned char *) s);
392 abs_URI_type = kb_item_get_str (
kb,
"NIDS/HTTP/absolute_URI/type");
393 if (start_with_slash && abs_URI_type != NULL
394 && strcmp (abs_URI_type,
"none") != 0)
396 #ifndef MAXHOSTNAMELEN 397 # define MAXHOSTNAMELEN 64 401 abs_URI_host = kb_item_get_str (
kb,
"NIDS/HTTP/absolute_URI/host");
403 if (abs_URI_host != NULL)
405 if (strcmp (abs_URI_host,
"host name") == 0)
408 strncpy (h, s,
sizeof (h));
409 h[
sizeof (h) - 1] =
'\0';
411 else if (strcmp (abs_URI_host,
"host IP") == 0)
413 struct in6_addr *ptr;
418 strncpy (h, asc,
sizeof (h));
421 h[
sizeof (h) - 1] =
'\0';
423 else if (strcmp (abs_URI_host,
"random name") == 0)
425 for (s2 = h, i = 0; i < 16; i++)
426 *s2++ = lrand48 () % 26 +
'a';
429 else if (strcmp (abs_URI_host,
"random IP") == 0)
430 sprintf (h,
"%d.%d.%d.%d", rand () % 256, rand () % 256,
431 rand () % 256, rand () % 256);
434 l += strlen (h) + strlen (abs_URI_type) + 3;
435 ret2 = g_malloc0 (l + 1);
437 snprintf (ret2, l,
"%s://%s%s", abs_URI_type, h, ret);
446 s = kb_item_get_str (
kb,
"NIDS/HTTP/null_method");
447 null_method = (s != NULL && strcmp (s,
"yes") == 0);
451 ret2 = g_malloc0 (l + 1);
452 strncpy (ret2,
"%00", l);
453 strncpy (ret2 + 3, ret, (l - 3));
458 l += strlen (method) + 1;
460 s = kb_item_get_str (
kb,
"NIDS/HTTP/http09");
461 http09 = (s != NULL && strcmp (s,
"yes") == 0);
464 s = kb_item_get_str (
kb,
"NIDS/HTTP/protocol_string");
465 if (s != NULL && *s !=
'\0')
467 l += strlen (httpver) + 2;
471 s = kb_item_get_str (
kb,
"NIDS/HTTP/tab_separator");
472 tab_sep = (s != NULL && strcmp (s,
"yes") == 0);
473 sep_c = (tab_sep ?
'\t' :
' ');
475 ret2 = g_malloc0 (l + 1);
477 snprintf (ret2, l,
"%s%c%s", method, sep_c, ret);
479 snprintf (ret2, l,
"%s%c%s%c%s", method, sep_c, ret, sep_c, httpver);
void log_legacy_write(const char *format,...)
Legacy function to write a log message.
kb_t plug_get_kb(struct arglist *args)
Top-level KB. This is to be inherited by KB implementations.
char * addr6_as_str(const struct in6_addr *addr6)
struct in6_addr * plug_get_host_ip(struct arglist *desc)
const char * plug_get_hostname(struct arglist *desc)