Project

General

Profile

Bug #2881

http.protocol parsing inaccuracy

Added by chris lujan 11 days ago. Updated 2 days ago.

Status:
Assigned
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
low
Label:

Description

Request:

GET /uid=0(root) gid=0(root) groups=0(root)asdf HTTP/1.1
User-Agent: curl/7.29.0
Accept: */*

eve.json output:
"http":{"protocol":"gid=0(root) groups=0(root)asdf HTTP\/1.1"}

It appears that the http.protocol is matching too greedily with the space character and could use something like /\S+$/m instead.

History

#1

Updated by chris lujan 11 days ago

Conversely, the http.url field is only matching up until the first space resulting in something like:

"http":{"url":"/uid=0(root)"}

which leads me to believe those fields are created by splitting the line by spaces.

#2

Updated by Victor Julien 2 days ago

  • Status changed from New to Assigned
  • Assignee set to Philippe Antoine
  • Target version set to TBD
#3

Updated by Victor Julien 2 days ago

I think uri's are not supposed to have spaces, but I think it would be good to address this anyway.

Also available in: Atom PDF