Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/http: wish - optional turning off fixLength #34890

Closed
govcert-ch opened this issue Oct 14, 2019 · 1 comment
Closed

net/http: wish - optional turning off fixLength #34890

govcert-ch opened this issue Oct 14, 2019 · 1 comment

Comments

@govcert-ch
Copy link

@govcert-ch govcert-ch commented Oct 14, 2019

No bug, just an idea/wish, Go version 1.13

In malware research, it is essential to be able to examine server responses in an unmodified form - it is common that malware CC servers reply with an error status code, but still embed essential data in its body (403 is notorious) that the malware interprets. Malware researchers sometimes write trackers that emulate certain malwares. These emulations mostly works fine with the current net/http client in Go, but it currently throws away the body completely if the server returns a status code 1xx, 204, or 304 - this occurs in transfer.go, fixLength and bodyAllowedForStatus functions. Of course this is RFC conforming, but malware authors could use this as a way to hide CC responses such that Go client would not see the body. So it would be nice to have a kind of raw support for such cases, maybe as an additional "bodyRaw" field.

@bradfitz

This comment has been minimized.

Copy link
Member

@bradfitz bradfitz commented Oct 14, 2019

While it sounds like you're doing fun stuff, we're (un)fortunately not going to complicate the API for a few specialized users.

You can either locally fork the net/http package, or just use the lower-level primitives (do your own TCP dials + use net/http.ReadResponse, etc.)

@bradfitz bradfitz closed this Oct 14, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.