json_t *JsonHttpAddMetadata(const Flow *f, uint64_t tx_id)
{
HtpState *htp_state = (HtpState *)FlowGetAppState(f);
if (htp_state) {
htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, tx_id);
if (tx) {
json_t *hjs = json_object();
if (unlikely(hjs == NULL))
return NULL;
JsonHttpLogJSONBasic(hjs, tx);
JsonHttpLogJSONExtended(hjs, tx);
HtpTxUserData *htud = (HtpTxUserData *)htp_tx_get_user_data(tx);
if (htud != NULL) {
BodyPrintableBuffer(hjs, &htud->request_body, "http_request_body_printable");
BodyPrintableBuffer(hjs, &htud->response_body, "http_response_body_printable");
}
return hjs;
}
}
return NULL;
}
获取基础信息
static void JsonHttpLogJSONBasic(json_t *js, htp_tx_t *tx)
{
char *c;
htp_header_t *h_res_head = NULL;
if (tx->response_headers != NULL) {
h_res_head = htp_table_get_c(tx->response_headers, "Content-Type");
}
if (h_res_head != NULL) {
c = bstr_util_strdup_to_c(h_res_head->value);
if (c != NULL) {
json_object_set_new(js, "http_res_type", json_string(c));
SCFree(c);
}
}
/* hostname */
if (tx->request_hostname != NULL)
{
c = bstr_util_strdup_to_c(tx->request_hostname);
if (c != NULL) {
json_object_set_new(js, "hostname", json_string(c));
SCFree(c);
}
}
/* uri */
if (tx->request_uri != NULL)
{
c = bstr_util_strdup_to_c(tx->request_uri);
if (c != NULL) {
json_object_set_new(js, "url", json_string(c));
SCFree(c);
}
}
/* user agent */
htp_header_t *h_user_agent = NULL;
if (tx->request_headers != NULL) {
h_user_agent = htp_table_get_c(tx->request_headers, "user-agent");
}
if (h_user_agent != NULL) {
c = bstr_util_strdup_to_c(h_user_agent->value);
if (c != NULL) {
json_object_set_new(js, "http_user_agent", json_string(c));
SCFree(c);
}
}
/* x-forwarded-for */
htp_header_t *h_x_forwarded_for = NULL;
if (tx->request_headers != NULL) {
h_x_forwarded_for = htp_table_get_c(tx->request_headers, "x-forwarded-for");
}
if (h_x_forwarded_for != NULL) {
c = bstr_util_strdup_to_c(h_x_forwarded_for->value);
if (c != NULL) {
json_object_set_new(js, "xff", json_string(c));
SCFree(c);
}
}
/* content-type */
htp_header_t *h_content_type = NULL;
if (tx->response_headers != NULL) {
h_content_type = htp_table_get_c(tx->response_headers, "content-type");
}
if (h_content_type != NULL) {
char *p;
c = bstr_util_strdup_to_c(h_content_type->value);
if (c != NULL) {
p = strchr(c, ';');
if (p != NULL)
*p = '\0';
json_object_set_new(js, "http_content_type", json_string(c));
SCFree(c);
}
}
}
获取扩展信息
static void JsonHttpLogJSONExtended(json_t *js, htp_tx_t *tx)
{
char *c;
/* referer */
htp_header_t *h_referer = NULL;
if (tx->request_headers != NULL) {
h_referer = htp_table_get_c(tx->request_headers, "referer");
}
if (h_referer != NULL) {
c = bstr_util_strdup_to_c(h_referer->value);
if (c != NULL) {
json_object_set_new(js, "http_refer", json_string(c));
SCFree(c);
}
}
/* method */
if (tx->request_method != NULL) {
c = bstr_util_strdup_to_c(tx->request_method);
if (c != NULL) {
json_object_set_new(js, "http_method", json_string(c));
SCFree(c);
}
}
/* protocol */
if (tx->request_protocol != NULL) {
c = bstr_util_strdup_to_c(tx->request_protocol);
if (c != NULL) {
json_object_set_new(js, "protocol", json_string(c));
SCFree(c);
}
}
/* response status */
if (tx->response_status != NULL) {
c = bstr_util_strdup_to_c(tx->response_status);
if (c != NULL) {
unsigned int val = strtoul(c, NULL, 10);
json_object_set_new(js, "status", json_integer(val));
SCFree(c);
}
htp_header_t *h_location = htp_table_get_c(tx->response_headers, "location");
if (h_location != NULL) {
c = bstr_util_strdup_to_c(h_location->value);
if (c != NULL) {
json_object_set_new(js, "redirect", json_string(c));
SCFree(c);
}
}
}
/* length */
json_object_set_new(js, "length", json_integer(tx->response_message_len));
}