github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-18 18:30:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Response headers & body

Browse Source
This commit is contained in:
Mihai Pitu
2013-07-26 15:14:21 +03:00
committed by Felipe Zimmerle
parent 8f3b3eb468
commit 1637bcb774
8 changed files with 189 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurity.java
View File

@@ -4,16 +4,13 @@ import java.io.File;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
*
* @author Mihai Pitu
*/
public final class ModSecurity {
public static final int DONE = -2;
@@ -54,34 +51,7 @@ public final class ModSecurity {
public native int onRequest(String config, MsHttpTransaction httpTran, boolean reloadConfig);
public native int onResponse(ServletResponse response, HttpServletResponse htttpResponse, String requestID);
public static String[][] getHttpRequestHeaders(HttpServletRequest req) {
ArrayList<String> aList = Collections.list(req.getHeaderNames());
String[][] result = new String[aList.size()][2];
for (int i = 0; i < aList.size(); i++) {
result[i][0] = aList.get(i);
result[i][1] = req.getHeader(aList.get(i));
}
return result;
}
public static String[][] getHttpResponseHeaders(HttpServletResponse resp) {
Collection<String> headerNames = resp.getHeaderNames();
String[][] result = new String[headerNames.size()][2];
int i = 0;
for (String headerName : headerNames) {
result[i][0] = headerName;
result[i][1] = resp.getHeader(headerName);
i++;
}
return result;
}
public native int onResponse(MsHttpTransaction httpTran);
public static boolean isIPv6(String addr) {
try {

13
java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurityFilter.java
View File

@@ -1,8 +1,6 @@
package org.modsecurity;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.util.UUID;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
@@ -14,7 +12,7 @@ import javax.servlet.http.HttpServletResponse;
/**
*
* Docs: http://docs.oracle.com/javaee/6/tutorial/doc/bnagb.html
* @author Mihai Pitu
*/
public class ModSecurityFilter implements Filter {
@@ -36,18 +34,19 @@ public class ModSecurityFilter implements Filter {
public void doFilter(ServletRequest request, ServletResponse response, FilterChain fc) throws IOException, ServletException {
HttpServletRequest httpReq = (HttpServletRequest) request;
HttpServletResponse httpResp = (HttpServletResponse) response;
MsHttpTransaction httpTran = new MsHttpTransaction(httpReq, httpResp);
MsHttpTransaction httpTran = new MsHttpTransaction(httpReq, httpResp); //transaction object used by native code
try {
int status = modsecurity.onRequest(modsecurity.getConfFilename(), httpTran, modsecurity.checkModifiedConfig());
int status = modsecurity.onRequest(modsecurity.getConfFilename(), httpTran, modsecurity.checkModifiedConfig()); //modsecurity reloads only if primary config file is modified
if (status != ModSecurity.DECLINED) {
return;
}
//BufferedInputStream buf = new BufferedInputStream(httpReqWrapper.getInputStream());
//process request
fc.doFilter(httpTran.getMsHttpRequest(), httpTran.getMsHttpResponse());
//status = modsecurity.onResponse(response, httpResp, requestID);
status = modsecurity.onResponse(httpTran);
} finally {
httpTran.destroy();

23
java/ModSecurityTestApp/src/java/org/modsecurity/MsHttpServletRequest.java
View File

@@ -16,6 +16,8 @@ import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Hashtable;
@@ -26,12 +28,12 @@ import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.DefaultFileItem;
import org.apache.commons.fileupload.DiskFileUpload;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileUploadException;
public class MsHttpServletRequest extends HttpServletRequestWrapper {
public final static int BODY_NOTYETREAD = 0;
@@ -79,7 +81,23 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper {
bodyFile.delete();
}
}
public static String[][] getHttpRequestHeaders(HttpServletRequest req) {
ArrayList<String> aList = Collections.list(req.getHeaderNames());
String[][] result = new String[aList.size()][2];
try {
for (int i = 0; i < aList.size(); i++) {
result[i][0] = aList.get(i);
result[i][1] = req.getHeader(aList.get(i));
}
} catch (Exception ex) {
}
return result;
}
public String getTmpPath() {
return tmpPath;
}
@@ -113,7 +131,9 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper {
}
public void readBody(int maxContentLength) throws IOException, ServletException {
String contentType = req.getContentType();
if ((contentType != null) && (contentType.startsWith("multipart/form-data"))) {
readBodyMultipart(maxContentLength);
} else {
@@ -202,6 +222,7 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper {
}
}
/**
* Parses the given URL-encoded string and adds the parameters to the
* request parameter list.

30
java/ModSecurityTestApp/src/java/org/modsecurity/MsHttpServletResponse.java
View File

@@ -1,5 +1,6 @@
package org.modsecurity;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.text.DateFormat;
@@ -114,6 +115,22 @@ public class MsHttpServletResponse extends HttpServletResponseWrapper {
destroyed = true;
}
public static String[][] getHttpResponseHeaders(HttpServletResponse resp) {
Collection<String> headerNames = resp.getHeaderNames();
String[][] result = new String[headerNames.size()][2];
try {
int i = 0;
for (String headerName : headerNames) {
result[i][0] = headerName;
result[i][1] = resp.getHeader(headerName);
i++;
}
} catch (Exception ex) {
}
return result;
}
public String getBody() {
if (msWriter != null) {
return msWriter.toString();
@@ -178,6 +195,19 @@ public class MsHttpServletResponse extends HttpServletResponseWrapper {
}
}
public ByteArrayInputStream getByteArrayStream() throws Exception {
ByteArrayInputStream stream = null;
if (msOutputStream == null) {
MsWriter writer = ((MsWriter) this.getWriter());
stream = new ByteArrayInputStream(new String(writer.toCharArray()).getBytes());
} else if (msWriter == null) {
stream = new ByteArrayInputStream(((MsOutputStream) this.getOutputStream()).toByteArray());
} else {
}
return stream;
}
@Override
public void setCharacterEncoding(String charset) {
if (interceptMode != INTERCEPT_ON) {

5
java/ModSecurityTestApp/src/java/org/modsecurity/MsOutputStream.java
View File

@@ -1,5 +1,6 @@
package org.modsecurity;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.ByteArrayOutputStream;
import java.io.UnsupportedEncodingException;
@@ -37,6 +38,10 @@ public class MsOutputStream extends ServletOutputStream {
public byte[] toByteArray() {
return buffer.toByteArray();
}
public ByteArrayInputStream getByteArrayStream() {
return new ByteArrayInputStream(buffer.toByteArray());
}
public void reset() {
buffer.reset();