[Bro-Dev] [JIRA] (BIT-1338) http response mime types uninitialized in file_over_new_connection event

[Paul Pearce (JIRA)]

Paul Pearce created BIT-1338:
--------------------------------

             Summary: http response mime types uninitialized in file_over_new_connection event
                 Key: BIT-1338
                 URL: https://bro-tracker.atlassian.net/browse/BIT-1338
             Project: Bro Issue Tracker
          Issue Type: Problem
          Components: Bro
    Affects Versions: git/master
            Reporter: Paul Pearce


http resp_mime_types (accessed via: connection$http$resp_mime_types) are no longer initialized during the file_over_new_connection event. This is new behavior between Bro v2.3 and git/master.

The following snippet shows the new behavior on one of the included bro test traces.

{code:bash}
$ bro_v23 -e 'event file_over_new_connection(f: fa_file, c:connection, is_orig:bool){ print c$http?$resp_mime_types; }' -r bro/testing/btest/Traces/http/get.trace 
T

$ bro_git -e 'event file_over_new_connection(f: fa_file, c:connection, is_orig:bool){ print c$http?$resp_mime_types; }' -r bro/testing/btest/Traces/http/get.trace 
F
{code}

It's worth pointing out that ultimately the resp_mime_types field does get set for subsequent events.

{code:bash}
$ bro_v23 -e 'event http_message_done (c: connection, is_orig: bool,  stat: http_message_stat){ if (!is_orig) print c$http?$resp_mime_types; }' -r bro/testing/btest/Traces/http/get.trace 
T

$ bro_git -e 'event http_message_done (c: connection, is_orig: bool,  stat: http_message_stat){ if (!is_orig) print c$http?$resp_mime_types; }' -r bro/testing/btest/Traces/http/get.trace 
T
{code}






--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)