Actions
Feature #4362
closedHTTP BasicAuth Support
Effort:
low
Difficulty:
low
Label:
Beginner, Python
Description
Current suricata-update does not allow HTTP Basic Authentication, nevertheless syntax is correct:
add-source --http-header "Authorization: Basic dXNlcjE6cGFzc3dvcmQx"
...
<Error> -- Header not set as it does not meet the criteria
This is since is_header_clean(header) does not allow any whitespaces in header values, but we have one between `Basic` and `dXNlcjE6cGFzc3dvcmQx`.
def is_header_clean(header):
...
name, val = header[0].strip(), header[1].strip()
if re.match( r"^[\w-]+$", name) and re.match(r"^[\w-]+$", val):
return True
return False
Fix this by allowing whitespaces in the entire HTTP header (v1) or just allow whitespace between `Basic` and `dXNlcjE6cGFzc3dvcmQx` (v2).
See:
- HTTP BasicAuth Support v1: https://github.com/OISF/suricata-update/pull/272
- HTTP BasicAuth Support v2: https://github.com/OISF/suricata-update/pull/273
Updated by Andreas Dolp almost 4 years ago
Squashed all changes in "HTTP BasicAuth Support final": https://github.com/OISF/suricata-update/pull/274
Updated by Jason Ish over 3 years ago
- Status changed from New to Closed
- Target version set to 1.3.0
Actions