[
https://bro-tracker.atlassian.net/browse/BIT-988?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Seth Hall updated BIT-988:
--------------------------
Resolution: Fixed
Status: Closed (was: Open)
Functionality removed in favor of FAF
> Bug in HTTP body extraction
> ---------------------------
>
> Key: BIT-988
> URL: https://bro-tracker.atlassian.net/browse/BIT-988
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: git/master
> Reporter: Matthias Vallentin
> Assignee: Seth Hall
> Labels: file-analysis
> Fix For: 2.2
>
>
> There exists a bug in HTTP body extraction that prevents certain bodies from
> being dumped, even though having set
> {noformat}
> redef extract_file_types = /.*/;
> {noformat}
> This happens presumably because Bro does not figure out the correct MIME type
> and does not set {{c$http$mime_type}}. It results in this check failing:
> {noformat}
> if ( c$http?$mime_type && extract_file_types in c$http$mime_type )
> {
> c$http$extract_file = T;
> }
> {noformat}
> On a related note, I also find missing responses to HTTP POST requests which
> I assume come from the same issues.
> I have a trace that I could attach, but wanted to make sure it's worth the
> effort in face of the upcoming file analysis framework, or if we plan on
> pushing a 2.1 hotfix for this.
--
This message was sent by Atlassian JIRA
(v6.2-OD-01#6204)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
