1 //-------------------------------------------------------------------------- 2 // Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. 3 // 4 // This program is free software; you can redistribute it and/or modify it 5 // under the terms of the GNU General Public License Version 2 as published 6 // by the Free Software Foundation. You may not use, modify or distribute 7 // this program under any other version of the GNU General Public License. 8 // 9 // This program is distributed in the hope that it will be useful, but 10 // WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 // General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License along 15 // with this program; if not, write to the Free Software Foundation, Inc., 16 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 17 //-------------------------------------------------------------------------- 18 // http_tables.cc author Tom Peters <thopeter@cisco.com> 19 20 #ifdef HAVE_CONFIG_H 21 #include "config.h" 22 #endif 23 24 #include "http_enum.h" 25 #include "http_msg_header.h" 26 #include "http_msg_request.h" 27 28 using namespace HttpEnums; 29 using namespace snort; 30 31 const StrCode HttpMsgRequest::method_list[] = 32 { 33 { METH_OPTIONS, "OPTIONS" }, 34 { METH_GET, "GET" }, 35 { METH_HEAD, "HEAD" }, 36 { METH_POST, "POST" }, 37 { METH_PUT, "PUT" }, 38 { METH_DELETE, "DELETE" }, 39 { METH_TRACE, "TRACE" }, 40 { METH_CONNECT, "CONNECT" }, 41 { METH_PROPFIND, "PROPFIND" }, 42 { METH_PROPPATCH, "PROPPATCH" }, 43 { METH_MKCOL, "MKCOL" }, 44 { METH_COPY, "COPY" }, 45 { METH_MOVE, "MOVE" }, 46 { METH_LOCK, "LOCK" }, 47 { METH_UNLOCK, "UNLOCK" }, 48 { METH_VERSION_CONTROL, "VERSION-CONTROL" }, 49 { METH_REPORT, "REPORT" }, 50 { METH_CHECKOUT, "CHECKOUT" }, 51 { METH_CHECKIN, "CHECKIN" }, 52 { METH_UNCHECKOUT, "UNCHECKOUT" }, 53 { METH_MKWORKSPACE, "MKWORKSPACE" }, 54 { METH_UPDATE, "UPDATE" }, 55 { METH_LABEL, "LABEL" }, 56 { METH_MERGE, "MERGE" }, 57 { METH_BASELINE_CONTROL, "BASELINE-CONTROL" }, 58 { METH_MKACTIVITY, "MKACTIVITY" }, 59 { METH_ORDERPATCH, "ORDERPATCH" }, 60 { METH_ACL, "ACL" }, 61 { METH_PATCH, "PATCH" }, 62 { METH_SEARCH, "SEARCH" }, 63 { METH_BCOPY, "BCOPY" }, 64 { METH_BDELETE, "BDELETE" }, 65 { METH_BMOVE, "BMOVE" }, 66 { METH_BPROPFIND, "BPROPFIND" }, 67 { METH_BPROPPATCH, "BPROPPATCH" }, 68 { METH_NOTIFY, "NOTIFY" }, 69 { METH_POLL, "POLL" }, 70 { METH_SUBSCRIBE, "SUBSCRIBE" }, 71 { METH_UNSUBSCRIBE, "UNSUBSCRIBE" }, 72 { METH_X_MS_ENUMATTS, "X-MS-ENUMATTS" }, 73 { METH_BIND, "BIND" }, 74 { METH_LINK, "LINK" }, 75 { METH_MKCALENDAR, "MKCALENDAR" }, 76 { METH_MKREDIRECTREF, "MKREDIRECTREF" }, 77 { METH_REBIND, "REBIND" }, 78 { METH_UNBIND, "UNBIND" }, 79 { METH_UNLINK, "UNLINK" }, 80 { METH_UPDATEREDIRECTREF, "UPDATEREDIRECTREF" }, 81 { 0, nullptr } 82 }; 83 84 const StrCode HttpMsgHeadShared::header_list[] = 85 { 86 { HEAD_CACHE_CONTROL, "cache-control" }, 87 { HEAD_CONNECTION, "connection" }, 88 { HEAD_DATE, "date" }, 89 { HEAD_PRAGMA, "pragma" }, 90 { HEAD_TRAILER, "trailer" }, 91 { HEAD_COOKIE, "cookie" }, 92 { HEAD_SET_COOKIE, "set-cookie" }, 93 { HEAD_TRANSFER_ENCODING, "transfer-encoding" }, 94 { HEAD_UPGRADE, "upgrade" }, 95 { HEAD_VIA, "via" }, 96 { HEAD_WARNING, "warning" }, 97 { HEAD_ACCEPT, "accept" }, 98 { HEAD_ACCEPT_CHARSET, "accept-charset" }, 99 { HEAD_ACCEPT_ENCODING, "accept-encoding" }, 100 { HEAD_ACCEPT_LANGUAGE, "accept-language" }, 101 { HEAD_AUTHORIZATION, "authorization" }, 102 { HEAD_EXPECT, "expect" }, 103 { HEAD_FROM, "from" }, 104 { HEAD_HOST, "host" }, 105 { HEAD_IF_MATCH, "if-match" }, 106 { HEAD_IF_MODIFIED_SINCE, "if-modified-since" }, 107 { HEAD_IF_NONE_MATCH, "if-none-match" }, 108 { HEAD_IF_RANGE, "if-range" }, 109 { HEAD_IF_UNMODIFIED_SINCE, "if-unmodified-since" }, 110 { HEAD_MAX_FORWARDS, "max-forwards" }, 111 { HEAD_PROXY_AUTHORIZATION, "proxy-authorization" }, 112 { HEAD_RANGE, "range" }, 113 { HEAD_REFERER, "referer" }, 114 { HEAD_TE, "te" }, 115 { HEAD_USER_AGENT, "user-agent" }, 116 { HEAD_ACCEPT_RANGES, "accept-ranges" }, 117 { HEAD_AGE, "age" }, 118 { HEAD_ETAG, "etag" }, 119 { HEAD_LOCATION, "location" }, 120 { HEAD_PROXY_AUTHENTICATE, "proxy-authenticate" }, 121 { HEAD_RETRY_AFTER, "retry-after" }, 122 { HEAD_SERVER, "server" }, 123 { HEAD_VARY, "vary" }, 124 { HEAD_WWW_AUTHENTICATE, "www-authenticate" }, 125 { HEAD_ALLOW, "allow" }, 126 { HEAD_CONTENT_ENCODING, "content-encoding" }, 127 { HEAD_CONTENT_LANGUAGE, "content-language" }, 128 { HEAD_CONTENT_LENGTH, "content-length" }, 129 { HEAD_CONTENT_LOCATION, "content-location" }, 130 { HEAD_CONTENT_MD5, "content-md5" }, 131 { HEAD_CONTENT_RANGE, "content-range" }, 132 { HEAD_CONTENT_TYPE, "content-type" }, 133 { HEAD_EXPIRES, "expires" }, 134 { HEAD_LAST_MODIFIED, "last-modified" }, 135 { HEAD_X_FORWARDED_FOR, "x-forwarded-for" }, 136 { HEAD_TRUE_CLIENT_IP, "true-client-ip" }, 137 { HEAD_X_WORKING_WITH, "x-working-with" }, 138 { HEAD_CONTENT_TRANSFER_ENCODING, "content-transfer-encoding" }, 139 { HEAD_MIME_VERSION, "mime-version" }, 140 { HEAD_PROXY_AGENT, "proxy-agent" }, 141 { HEAD_CONTENT_DISPOSITION, "content-disposition" }, 142 { HEAD_HTTP2_SETTINGS, "http2-settings" }, 143 { 0, nullptr } 144 }; 145 146 const StrCode HttpMsgHeadShared::content_code_list[] = 147 { 148 { CONTENTCODE_GZIP, "gzip" }, 149 { CONTENTCODE_DEFLATE, "deflate" }, 150 { CONTENTCODE_COMPRESS, "compress" }, 151 { CONTENTCODE_EXI, "exi" }, 152 { CONTENTCODE_PACK200_GZIP, "pack200-gzip" }, 153 { CONTENTCODE_X_GZIP, "x-gzip" }, 154 { CONTENTCODE_X_COMPRESS, "x-compress" }, 155 { CONTENTCODE_IDENTITY, "identity" }, 156 { CONTENTCODE_CHUNKED, "chunked" }, 157 { CONTENTCODE_BR, "br" }, 158 { CONTENTCODE_BZIP2, "bzip2" }, 159 { CONTENTCODE_LZMA, "lzma" }, 160 { CONTENTCODE_PEERDIST, "peerdist" }, 161 { CONTENTCODE_SDCH, "sdch" }, 162 { CONTENTCODE_XPRESS, "xpress" }, 163 { CONTENTCODE_XZ, "xz" }, 164 { 0, nullptr } 165 }; 166 167 const StrCode HttpMsgHeadShared::charset_code_list[] = 168 { 169 { CHARSET_DEFAULT, "charset=utf-8" }, 170 { CHARSET_UTF7, "charset=utf-7" }, 171 { CHARSET_UTF16LE, "charset=utf-16le" }, 172 { CHARSET_UTF16BE, "charset=utf-16be" }, 173 { CHARSET_UTF32LE, "charset=utf-32le" }, 174 { CHARSET_UTF32BE, "charset=utf-32be" }, 175 { 0, nullptr } 176 }; 177 178 const StrCode HttpMsgHeadShared::charset_code_opt_list[] = 179 { 180 { CHARSET_UNKNOWN, "charset=utf-" }, 181 { CHARSET_IRRELEVANT, "charset=" }, 182 { 0, nullptr } 183 }; 184 185 const StrCode HttpMsgHeadShared::upgrade_list[] = 186 { 187 { UP_H2C, "h2c" }, 188 { UP_H2, "h2" }, 189 { UP_HTTP20, "http/2.0" }, 190 { 0, nullptr } 191 }; 192 193 const StrCode HttpMsgHeadShared::transfer_encoding_list[] = 194 { 195 { TE_CHUNKED, "chunked" }, 196 { TE_IDENTITY, "identity" }, 197 { 0, nullptr } 198 }; 199 200 const RuleMap HttpModule::http_events[] = 201 { 202 { EVENT_ASCII, "URI has percent-encoding of an unreserved character" }, 203 { EVENT_DOUBLE_DECODE, "URI is percent encoded and the result is percent encoded " 204 "again" }, 205 { EVENT_U_ENCODE, "URI has non-standard %u-style Unicode encoding" }, 206 { EVENT_BARE_BYTE, "URI has Unicode encodings containing bytes that were not " 207 "percent-encoded" }, 208 { EVENT_UTF_8, "URI has two-byte or three-byte UTF-8 encoding" }, 209 { EVENT_CODE_POINT_IN_URI, "URI has unicode map code point encoding" }, 210 { EVENT_MULTI_SLASH, "URI path contains consecutive slash characters" }, 211 { EVENT_BACKSLASH_IN_URI, "backslash character appears in the path portion of a URI." 212 }, 213 { EVENT_SELF_DIR_TRAV, "URI path contains /./ pattern repeating the current " 214 "directory" }, 215 { EVENT_DIR_TRAV, "URI path contains /../ pattern moving up a directory" }, 216 { EVENT_APACHE_WS, "Tab character in HTTP start line" }, 217 { EVENT_LF_WITHOUT_CR, "HTTP start line or header line terminated by LF without " 218 "a CR" }, 219 { EVENT_NON_RFC_CHAR, "Normalized URI includes character from bad_characters " 220 "list" }, 221 { EVENT_OVERSIZE_DIR, "URI path contains a segment that is longer than the " 222 "oversize_dir_length parameter" }, 223 { EVENT_LARGE_CHUNK, "chunk length exceeds configured maximum_chunk_length" }, 224 { EVENT_WEBROOT_DIR, "URI path includes /../ that goes above the root directory" 225 }, 226 { EVENT_LONG_HDR, "HTTP header line exceeds 4096 bytes" }, 227 { EVENT_MAX_HEADERS, "HTTP message has more than 200 header fields" }, 228 { EVENT_MULTIPLE_CONTLEN, "HTTP message has more than one Content-Length header " 229 "value" }, 230 { EVENT_MULTIPLE_HOST_HDRS, "Host header field appears more than once or has multiple " 231 "values" }, 232 { EVENT_LONG_HOSTNAME, "length of HTTP Host header field value exceeds " 233 "maximum_host_length option" }, 234 { EVENT_UNBOUNDED_POST, "HTTP POST or PUT request without content-length or chunks" 235 }, 236 { EVENT_UNKNOWN_METHOD, "HTTP request method is not known to Snort" }, 237 { EVENT_SIMPLE_REQUEST, "HTTP request uses primitive HTTP format known as HTTP/0.9" 238 }, 239 { EVENT_UNESCAPED_SPACE_URI, "HTTP request URI has space character that is not " 240 "percent-encoded" }, 241 { EVENT_PIPELINE_MAX, "HTTP connection has more than 100 simultaneous pipelined " 242 "requests that have not been answered" }, 243 { EVENT_INVALID_STATCODE, "invalid status code in HTTP response" }, 244 { EVENT_UTF_NORM_FAIL, "HTTP response has UTF character set that failed to " 245 "normalize" }, 246 { EVENT_UTF7, "HTTP response has UTF-7 character set" }, 247 { EVENT_JS_OBFUSCATION_EXCD, "more than one level of JavaScript obfuscation" }, 248 { EVENT_JS_EXCESS_WS, "consecutive JavaScript whitespaces exceed maximum allowed" 249 }, 250 { EVENT_MIXED_ENCODINGS, "multiple encodings within JavaScript obfuscated data" }, 251 { EVENT_SWF_ZLIB_FAILURE, "SWF file zlib decompression failure" }, 252 { EVENT_SWF_LZMA_FAILURE, "SWF file LZMA decompression failure" }, 253 { EVENT_PDF_DEFL_FAILURE, "PDF file deflate decompression failure" }, 254 { EVENT_PDF_UNSUP_COMP_TYPE, "PDF file unsupported compression type" }, 255 { EVENT_PDF_CASC_COMP, "PDF file with more than one compression applied" }, 256 { EVENT_PDF_PARSE_FAILURE, "PDF file parse failure" }, 257 { EVENT_LOSS_OF_SYNC, "not HTTP traffic or unrecoverable HTTP protocol error" }, 258 { EVENT_CHUNK_ZEROS, "chunk length has excessive leading zeros" }, 259 { EVENT_WS_BETWEEN_MSGS, "white space before or between HTTP messages" }, 260 { EVENT_URI_MISSING, "request message without URI" }, 261 { EVENT_CTRL_IN_REASON, "control character in HTTP response reason phrase" }, 262 { EVENT_IMPROPER_WS, "illegal extra whitespace in start line" }, 263 { EVENT_BAD_VERS, "corrupted HTTP version" }, 264 { EVENT_UNKNOWN_VERS, "HTTP version in start line is not HTTP/1.0 or 1.1" }, 265 { EVENT_BAD_HEADER, "format error in HTTP header" }, 266 { EVENT_CHUNK_OPTIONS, "chunk header options present" }, 267 { EVENT_URI_BAD_FORMAT, "URI badly formatted" }, 268 { EVENT_UNKNOWN_PERCENT, "unrecognized type of percent encoding in URI" }, 269 { EVENT_BROKEN_CHUNK, "HTTP chunk misformatted" }, 270 { EVENT_CHUNK_WHITESPACE, "white space adjacent to chunk length" }, 271 { EVENT_HEAD_NAME_WHITESPACE, "white space within header name" }, 272 { EVENT_GZIP_OVERRUN, "excessive gzip compression" }, 273 { EVENT_GZIP_FAILURE, "gzip decompression failed" }, 274 { EVENT_ZERO_NINE_CONTINUE, "HTTP 0.9 requested followed by another request" }, 275 { EVENT_ZERO_NINE_NOT_FIRST, "HTTP 0.9 request following a normal request" }, 276 { EVENT_BOTH_CL_AND_TE, "message has both Content-Length and Transfer-Encoding" }, 277 { EVENT_BAD_CODE_BODY_HEADER, "status code implying no body combined with Transfer-" 278 "Encoding or nonzero Content-Length" }, 279 { EVENT_BAD_TE_HEADER, "Transfer-Encoding not ending with chunked" }, 280 { EVENT_PADDED_TE_HEADER, "Transfer-Encoding with encodings before chunked" }, 281 { EVENT_MISFORMATTED_HTTP, "misformatted HTTP traffic" }, 282 { EVENT_UNSUPPORTED_ENCODING, "unsupported Content-Encoding used" }, 283 { EVENT_UNKNOWN_ENCODING, "unknown Content-Encoding used" }, 284 { EVENT_STACKED_ENCODINGS, "multiple Content-Encodings applied" }, 285 { EVENT_RESPONSE_WO_REQUEST, "server response before client request" }, 286 { EVENT_FILE_DECOMPR_OVERRUN, "PDF/SWF/ZIP decompression of server response too big" }, 287 { EVENT_BAD_CHAR_IN_HEADER_NAME, "nonprinting character in HTTP message header name" }, 288 { EVENT_BAD_CONTENT_LENGTH, "bad Content-Length value in HTTP header" }, 289 { EVENT_HEADER_WRAPPING, "HTTP header line wrapped" }, 290 { EVENT_CR_WITHOUT_LF, "HTTP header line terminated by CR without a LF" }, 291 { EVENT_CHUNK_BAD_SEP, "chunk terminated by nonstandard separator" }, 292 { EVENT_CHUNK_BARE_LF, "chunk length terminated by LF without CR" }, 293 { EVENT_MULTIPLE_100_RESPONSES, "more than one response with 100 status code" }, 294 { EVENT_UNEXPECTED_100_RESPONSE, "100 status code not in response to Expect header" }, 295 { EVENT_UNKNOWN_1XX_STATUS, "1XX status code other than 100 or 101" }, 296 { EVENT_EXPECT_WITHOUT_BODY, "Expect header sent without a message body" }, 297 { EVENT_CHUNKED_ONE_POINT_ZERO, "HTTP 1.0 message with Transfer-Encoding header" }, 298 { EVENT_CTE_HEADER, "Content-Transfer-Encoding used as HTTP header" }, 299 { EVENT_ILLEGAL_TRAILER, "illegal field in chunked message trailers" }, 300 { EVENT_REPEATED_HEADER, "header field inappropriately appears twice or has two " 301 "values" }, 302 { EVENT_CONTENT_ENCODING_CHUNKED, "invalid value chunked in Content-Encoding header" }, 303 { EVENT_206_WITHOUT_RANGE, "206 response sent to a request without a Range header" }, 304 { EVENT_VERSION_NOT_UPPERCASE, "'HTTP' in version field not all upper case" }, 305 { EVENT_BAD_HEADER_WHITESPACE, "white space embedded in critical header value" }, 306 { EVENT_GZIP_EARLY_END, "gzip compressed data followed by unexpected non-gzip " 307 "data" }, 308 { EVENT_EXCESS_REPEAT_PARAMS, "excessive HTTP parameter key repeats" }, 309 { EVENT_H2_NON_IDENTITY_TE, "HTTP/2 Transfer-Encoding header other than identity" }, 310 { EVENT_H2_DATA_OVERRUNS_CL, "HTTP/2 message body overruns Content-Length header " 311 "value" }, 312 { EVENT_H2_DATA_UNDERRUNS_CL, "HTTP/2 message body smaller than Content-Length header " 313 "value" }, 314 { EVENT_CONNECT_REQUEST_BODY, "HTTP CONNECT request with a message body" }, 315 { EVENT_EARLY_C2S_TRAFFIC_AFTER_CONNECT, "HTTP client-to-server traffic after CONNECT request " 316 "but before CONNECT response" }, 317 { EVENT_200_CONNECT_RESP_WITH_CL, "HTTP CONNECT 2XX response with Content-Length header" }, 318 { EVENT_200_CONNECT_RESP_WITH_TE, "HTTP CONNECT 2XX response with Transfer-Encoding header" }, 319 { EVENT_100_CONNECT_RESP, "HTTP CONNECT response with 1XX status code" }, 320 { EVENT_EARLY_CONNECT_RESPONSE, "HTTP CONNECT response before request message completed" }, 321 { EVENT_MALFORMED_CD_FILENAME, "malformed HTTP Content-Disposition filename parameter" }, 322 { EVENT_TRUNCATED_MSG_BODY_CL, "HTTP Content-Length message body was truncated" }, 323 { EVENT_TRUNCATED_MSG_BODY_CHUNK, "HTTP chunked message body was truncated" }, 324 { EVENT_LONG_SCHEME, "HTTP URI scheme longer than 10 characters" }, 325 { EVENT_HTTP2_UPGRADE_REQUEST, "HTTP/1 client requested HTTP/2 upgrade" }, 326 { EVENT_HTTP2_UPGRADE_RESPONSE, "HTTP/1 server granted HTTP/2 upgrade" }, 327 { EVENT_JS_BAD_TOKEN, "bad token in JavaScript" }, 328 { EVENT_JS_OPENING_TAG, "unexpected script opening tag in JavaScript" }, 329 { EVENT_JS_CLOSING_TAG, "unexpected script closing tag in JavaScript" }, 330 { EVENT_JS_CODE_IN_EXTERNAL, "JavaScript code under the external script tags" }, 331 { EVENT_JS_SHORTENED_TAG, "script opening tag in a short form" }, 332 { EVENT_JS_IDENTIFIER_OVERFLOW, "max number of unique JavaScript identifiers reached" }, 333 { EVENT_JS_BRACKET_NEST_OVERFLOW, "JavaScript bracket nesting is over capacity" }, 334 { EVENT_ACCEPT_ENCODING_CONSECUTIVE_COMMAS, "Consecutive commas in HTTP Accept-Encoding " 335 "header" }, 336 { EVENT_JS_PDU_MISS, "missed PDUs during JavaScript normalization" }, 337 { EVENT_JS_SCOPE_NEST_OVERFLOW, "JavaScript scope nesting is over capacity" }, 338 { 0, nullptr } 339 }; 340 341 const PegInfo HttpModule::peg_names[PEG_COUNT_MAX+1] = 342 { 343 { CountType::SUM, "flows", "HTTP connections inspected" }, 344 { CountType::SUM, "scans", "TCP segments scanned looking for HTTP messages" }, 345 { CountType::SUM, "reassembles", "TCP segments combined into HTTP messages" }, 346 { CountType::SUM, "inspections", "total message sections inspected" }, 347 { CountType::SUM, "requests", "HTTP request messages inspected" }, 348 { CountType::SUM, "responses", "HTTP response messages inspected" }, 349 { CountType::SUM, "get_requests", "GET requests inspected" }, 350 { CountType::SUM, "head_requests", "HEAD requests inspected" }, 351 { CountType::SUM, "post_requests", "POST requests inspected" }, 352 { CountType::SUM, "put_requests", "PUT requests inspected" }, 353 { CountType::SUM, "delete_requests", "DELETE requests inspected" }, 354 { CountType::SUM, "connect_requests", "CONNECT requests inspected" }, 355 { CountType::SUM, "options_requests", "OPTIONS requests inspected" }, 356 { CountType::SUM, "trace_requests", "TRACE requests inspected" }, 357 { CountType::SUM, "other_requests", "other request methods inspected" }, 358 { CountType::SUM, "request_bodies", "POST, PUT, and other requests with message bodies" }, 359 { CountType::SUM, "chunked", "chunked message bodies" }, 360 { CountType::SUM, "uri_normalizations", "URIs needing to be normalization" }, 361 { CountType::SUM, "uri_path", "URIs with path problems" }, 362 { CountType::SUM, "uri_coding", "URIs with character coding problems" }, 363 { CountType::NOW, "concurrent_sessions", "total concurrent http sessions" }, 364 { CountType::MAX, "max_concurrent_sessions", "maximum concurrent http sessions" }, 365 { CountType::SUM, "script_detections", "early inspections of scripts in HTTP responses" }, 366 { CountType::SUM, "partial_inspections", "early inspections done for script detection" }, 367 { CountType::SUM, "excess_parameters", "repeat parameters exceeding max" }, 368 { CountType::SUM, "parameters", "HTTP parameters inspected" }, 369 { CountType::SUM, "connect_tunnel_cutovers", "CONNECT tunnel flow cutovers to wizard" }, 370 { CountType::SUM, "ssl_srch_abandoned_early", "total SSL search abandoned too soon" }, 371 { CountType::SUM, "pipelined_flows", "total HTTP connections containing pipelined requests" }, 372 { CountType::SUM, "pipelined_requests", "total requests placed in a pipeline" }, 373 { CountType::SUM, "total_bytes", "total HTTP data bytes inspected" }, 374 { CountType::SUM, "js_inline_scripts", "total number of inline JavaScripts processed" }, 375 { CountType::SUM, "js_external_scripts", "total number of external JavaScripts processed" }, 376 { CountType::SUM, "js_bytes", "total number of JavaScript bytes processed" }, 377 { CountType::SUM, "js_identifiers", "total number of unique JavaScript identifiers processed" }, 378 { CountType::SUM, "js_identifier_overflows", "total number of unique JavaScript identifier " 379 "limit overflows" }, 380 { CountType::END, nullptr, nullptr } 381 }; 382 383 const int8_t HttpEnums::as_hex[256] = 384 { 385 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 386 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 387 388 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 389 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, -1, -1, -1, -1, -1, -1, 390 391 -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1, 392 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 393 394 -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1, 395 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 396 397 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 398 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 399 400 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 401 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 402 403 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 404 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 405 406 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 407 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 408 }; 409 410 const bool HttpEnums::token_char[256] = 411 { 412 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 413 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 414 415 false, true, false, true, true, true, true, true, false, false, true, true, false, true, true, false, 416 true, true, true, true, true, true, true, true, true, true, false, false, false, false, false, false, 417 418 false, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, 419 true, true, true, true, true, true, true, true, true, true, true, false, false, false, true, true, 420 421 true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, 422 true, true, true, true, true, true, true, true, true, true, true, false, true, false, true, false, 423 424 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 425 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 426 427 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 428 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 429 430 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 431 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 432 433 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 434 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false 435 }; 436 437 // Characters allowed in the scheme portion of a URI: 0-9, a-z, A-Z, plus, minus, and period. 438 const bool HttpEnums::scheme_char[256] = 439 { 440 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 441 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 442 443 false, false, false, false, false, false, false, false, false, false, false, true, false, true, true, false, 444 true, true, true, true, true, true, true, true, true, true, false, false, false, false, false, false, 445 446 false, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, 447 true, true, true, true, true, true, true, true, true, true, true, false, false, false, false, false, 448 449 false, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, 450 true, true, true, true, true, true, true, true, true, true, true, false, false, false, false, false, 451 452 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 453 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 454 455 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 456 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 457 458 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 459 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 460 461 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 462 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false 463 }; 464 465 const bool HttpEnums::is_sp_tab[256] = 466 { 467 false, false, false, false, false, false, false, false, false, true, false, false, false, false, false, false, 468 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 469 470 true, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 471 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 472 473 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 474 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 475 476 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 477 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 478 479 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 480 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 481 482 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 483 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 484 485 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 486 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 487 488 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 489 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false 490 }; 491 492 const bool HttpEnums::is_cr_lf[256] = 493 { 494 false, false, false, false, false, false, false, false, false, false, true, false, false, true, false, false, 495 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 496 497 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 498 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 499 500 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 501 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 502 503 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 504 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 505 506 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 507 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 508 509 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 510 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 511 512 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 513 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 514 515 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 516 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false 517 }; 518 519 const bool HttpEnums::is_sp_tab_lf[256] = 520 { 521 false, false, false, false, false, false, false, false, false, true, true, false, false, false, false, false, 522 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 523 524 true, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 525 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 526 527 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 528 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 529 530 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 531 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 532 533 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 534 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 535 536 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 537 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 538 539 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 540 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 541 542 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 543 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false 544 }; 545 546 const bool HttpEnums::is_sp_tab_cr_lf[256] = 547 { 548 false, false, false, false, false, false, false, false, false, true, true, false, false, true, false, false, 549 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 550 551 true, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 552 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 553 554 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 555 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 556 557 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 558 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 559 560 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 561 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 562 563 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 564 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 565 566 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 567 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 568 569 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 570 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false 571 }; 572 573 const bool HttpEnums::is_sp_tab_cr_lf_vt_ff[256] = 574 { 575 false, false, false, false, false, false, false, false, false, true, true, true, true, true, false, false, 576 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 577 578 true, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 579 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 580 581 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 582 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 583 584 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 585 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 586 587 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 588 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 589 590 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 591 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 592 593 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 594 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 595 596 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 597 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false 598 }; 599 600 const bool HttpEnums::is_sp_tab_quote_dquote[256] = 601 { 602 false, false, false, false, false, false, false, false, false, true, false, false, false, false, false, false, 603 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 604 605 true, false, true, false, false, false, false, true, false, false, false, false, false, false, false, false, 606 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 607 608 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 609 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 610 611 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 612 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 613 614 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 615 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 616 617 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 618 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 619 620 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 621 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 622 623 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 624 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false 625 }; 626 627 const bool HttpEnums::is_sp_comma[256] = 628 { 629 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 630 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 631 632 true, false, false, false, false, false, false, false, false, false, false, false, true, false, false, false, 633 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 634 635 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 636 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 637 638 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 639 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 640 641 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 642 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 643 644 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 645 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 646 647 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 648 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 649 650 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 651 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false 652 }; 653 654 const bool HttpEnums::is_print_char[256] = 655 { 656 false, false, false, false, false, false, false, false, false, true, true, false, false, true, false, false, 657 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 658 659 true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, 660 true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, 661 662 true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, 663 true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, 664 665 true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, 666 true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, false, 667 668 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 669 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 670 671 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 672 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 673 674 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 675 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 676 677 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 678 false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false 679 }; 680 681