http2: app-layer event for userinfo in uri

Ticket: OISF#6426

as per RFC 9113
":authority" MUST NOT include the deprecated userinfo subcomponent
for "http" or "https" schemed URIs.

(cherry picked from commit e3cd0d0)

rules/http2-events.rules

@@ -19,3 +19,4 @@ alert http2 any any -> any any (msg:"SURICATA HTTP2 invalid range header"; flow:
 alert http2 any any -> any any (msg:"SURICATA HTTP2 variable-length integer overflow"; flow:established; app-layer-event:http2.header_integer_overflow; classtype:protocol-command-decode; sid:2290011; rev:1;)
 alert http2 any any -> any any (msg:"SURICATA HTTP2 too many streams"; flow:established; app-layer-event:http2.too_many_streams; classtype:protocol-command-decode; sid:2290012; rev:1;)
 alert http2 any any -> any any (msg:"SURICATA HTTP2 authority host mismatch"; flow:established,to_server; app-layer-event:http2.authority_host_mismatch; classtype:protocol-command-decode; sid:2290013; rev:1;)
+alert http2 any any -> any any (msg:"SURICATA HTTP2 user info in uri"; flow:established,to_server; app-layer-event:http2.userinfo_in_uri; classtype:protocol-command-decode; sid:2290014; rev:1;)

rust/src/http2/http2.rs

@@ -210,6 +210,11 @@ impl HTTP2Transaction {
                 self.decoder.http2_encoding_fromvec(&block.value, dir);
             } else if block.name.eq_ignore_ascii_case(b":authority") {
                 authority = Some(&block.value);
+                if block.value.iter().any(|&x| x == b'@') {
+                    // it is forbidden by RFC 9113 to have userinfo in this field
+                    // when in HTTP1 we can have user:password@domain.com
+                    self.set_event(HTTP2Event::UserinfoInUri);
+                }
             } else if block.name.eq_ignore_ascii_case(b"host") {
                 host = Some(&block.value);
             }
@@ -400,6 +405,7 @@ pub enum HTTP2Event {
     HeaderIntegerOverflow,
     TooManyStreams,
     AuthorityHostMismatch,
+    UserinfoInUri,
 }
 
 pub struct HTTP2DynTable {