github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-02 14:44:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

documentation additions

Browse Source
This commit is contained in:
Mihai Pitu
2013-08-15 21:18:36 +03:00
parent 395070c4cb
commit 0032971bc7
9 changed files with 107 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurity.java
View File

@@ -22,14 +22,24 @@ public final class ModSecurity {
private long confTime;
static {
//ModSecurityLoader calls System.load() for every native library needed by ModSecurity.
try {
//ModSecurityLoader calls System.load() for every native library needed by ModSecurity
Class.forName("org.modsecurity.loader.ModSecurityLoader");
System.out.println("ModSecurity libraries loaded.");
} catch (ClassNotFoundException ex) {
java.util.logging.Logger.getLogger(ModSecurity.class.getName()).log(java.util.logging.Level.SEVERE,
"ModSecurityLoader was not found, please make sure that you have \"ModSecurityLoader.jar\" in your server lib folder.", ex);
}
//If the ModSecurityLoader is not used, native libraries can be loaded here, however this is bad practice since this will raise UnsatisfiedLinkError if
//ModSecurity is used in multiple webapps. This will also will raise problems when the web-app is redeployed and the server is running.
// System.load("c:\\work\\mod_security\\java\\libs\\zlib1.dll");
// System.load("c:\\work\\mod_security\\java\\libs\\libxml2.dll");
// System.load("c:\\work\\mod_security\\java\\libs\\pcre.dll");
// System.load("c:\\work\\mod_security\\java\\libs\\libapr-1.dll");
// System.load("c:\\work\\mod_security\\java\\libs\\libapriconv-1.dll");
// System.load("c:\\work\\mod_security\\java\\libs\\libaprutil-1.dll");
// System.load("c:\\work\\mod_security\\java\\Debug\\ModSecurityJNI.dll");
}
public ModSecurity(FilterConfig fc, String confFile) throws ServletException {

6
java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurityFilter.java
View File

@@ -1,6 +1,7 @@
package org.modsecurity;
import java.io.IOException;
import java.net.URLDecoder;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
@@ -25,7 +26,6 @@ public class ModSecurityFilter implements Filter {
throw new ServletException("ModSecurity: parameter 'conf' not available in web.xml");
}
modsecurity = new ModSecurity(fc, confFilename);
}
@@ -35,14 +35,14 @@ public class ModSecurityFilter implements Filter {
HttpServletResponse httpResp = (HttpServletResponse) response;
MsHttpTransaction httpTran = new MsHttpTransaction(httpReq, httpResp); //transaction object used by native code
try {
try {
int status = modsecurity.onRequest(modsecurity.getConfFilename(), httpTran, modsecurity.checkModifiedConfig()); //modsecurity reloads only if primary config file is modified
if (status != ModSecurity.DECLINED) {
httpTran.getHttpResponse().sendError(403);
return;
}
//process request
fc.doFilter(httpTran.getMsHttpRequest(), httpTran.getMsHttpResponse());

9
java/ModSecurityTestApp/src/java/org/modsecurity/MsHttpServletRequest.java
View File

@@ -132,17 +132,18 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper {
String contentType = req.getContentType();
bodyBytes = new byte[bytes.length];
System.arraycopy(bytes, 0, bodyBytes, 0, bytes.length);
body = new String(bodyBytes, encoding);
if ((contentType != null) && ((contentType.compareTo("application/x-www-form-urlencoded") == 0) || (contentType.compareTo("application/x-form-urlencoded") == 0))) {
addUrlEncoded(body);
}
}
@Override
public int getContentLength() {
if (bodyBytes == null)
if (bodyBytes == null) {
return req.getContentLength();
}
return bodyBytes.length;
}
@@ -275,7 +276,7 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper {
}
}
}
//test with <£2.00 price
if (flag == 1) {
value = "";
if (startPos != -1) {