[Bro-Commits] [git/bro] master: Adapting the HTTP request line parsing to only accept methods consisting of letters [A-Za-z]. (5751046)

One of the things I found when I turned this on in production was a Microsoft product that was using some custom HTTP methods: CCM_POST and BITS_POST. I'd say add underscore to this as well, maybe even hyphen.

If we want to take this further, the HTTP/1.1 and HTTP/1.0 RFCs say that the request method must be a token. Tokens are defined as:

      token = 1*<any CHAR except CTLs or separators>
      separators = "(" | ")" | "<" | ">" | "@"
                     > "," | ";" | ":" | "\" | <">
                     > "/" | "[" | "]" | "?" | "="
                     > "{" | "}" | SP | HT

Thoughts?

  --Vlad

I was wondering about that as well but I looked at the predefined
methods in http/main.bro and didn't see them there, so they are
already triggering a weird. On the other hand, I like the idea of
following the RFC definition of a token there, that makes kind of
sense. :slight_smile: And the MIME code already has a corresponding get_token()
function. I'll take a look at that later.

Robin