Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/http: wish - optional turning off fixLength #34890

Closed
govcert-ch opened this issue Oct 14, 2019 · 1 comment
Closed

net/http: wish - optional turning off fixLength #34890

govcert-ch opened this issue Oct 14, 2019 · 1 comment

Comments

@govcert-ch
Copy link

@govcert-ch govcert-ch commented Oct 14, 2019

No bug, just an idea/wish, Go version 1.13

In malware research, it is essential to be able to examine server responses in an unmodified form - it is common that malware CC servers reply with an error status code, but still embed essential data in its body (403 is notorious) that the malware interprets. Malware researchers sometimes write trackers that emulate certain malwares. These emulations mostly works fine with the current net/http client in Go, but it currently throws away the body completely if the server returns a status code 1xx, 204, or 304 - this occurs in transfer.go, fixLength and bodyAllowedForStatus functions. Of course this is RFC conforming, but malware authors could use this as a way to hide CC responses such that Go client would not see the body. So it would be nice to have a kind of raw support for such cases, maybe as an additional "bodyRaw" field.

@bradfitz
Copy link
Contributor

@bradfitz bradfitz commented Oct 14, 2019

While it sounds like you're doing fun stuff, we're (un)fortunately not going to complicate the API for a few specialized users.

You can either locally fork the net/http package, or just use the lower-level primitives (do your own TCP dials + use net/http.ReadResponse, etc.)

@bradfitz bradfitz closed this Oct 14, 2019
@golang golang locked and limited conversation to collaborators Oct 13, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants