path normalization won't happen if uri is double encoded.
If you have a double encoded path and it manages to double decode the path correctly, the path normalization on the double decoded path doesn't happen.
Updated by Anoop Saldanha over 11 years ago
1. I think the patch written previously to double decode irrespective of profile though right code-wise, may not right wrt behaviour-wise. The feature to double-decode should be profile specific. If a specific server profile requires it, it will double decode or else not.
On the other hand we should make make all libhtp configurable options available in the conf for users to customize, this includes the option to double-decode.
2. The feature/code to double-decode double-encoded characters should be updated to libhtp upstream, rather than have it in suricata's callback. This lets libhtp handle it based on the config(cfg)/profile settings.
Updated by Victor Julien over 11 years ago
Are we aware of any HTTP server that does double(+) decoding by default?
If not, I'm thinking we should modify the callback to detect double decoding and set a warning. Then for 1.4 we can modify libhtp to support per cfg double decoding.