mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-11-17 18:05:28 +03:00
BeanShell support and documentation
This commit is contained in:
Mihai Pitu
committed by
Felipe Zimmerle
Felipe Zimmerle
parent
e87b970dc5
commit
29f4bd15ea
38
java/ModSecurityLoader/dist/ModSecurityLoaderConfig.xml
vendored
Normal file
38
java/ModSecurityLoader/dist/ModSecurityLoaderConfig.xml
vendored
Normal file
@@ -0,0 +1,38 @@
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||
<ModSecurityLoader>
|
||||
<!--
|
||||
OPTIONAL parameters for loading native libraries from absolute paths. This is an alternitive to specifying
|
||||
-Djava.library.path=/path/to/libs/ variable which is used by the JVM to search libraries.
|
||||
|
||||
zlib1 and libapriconv-1 are Windows only libraries
|
||||
-->
|
||||
|
||||
<init-param>
|
||||
<param-name>zlib1</param-name>
|
||||
<param-value>c:\work\mod_security2\java\libs\zlib1.dll</param-value>
|
||||
</init-param>
|
||||
<init-param>
|
||||
<param-name>libxml2</param-name>
|
||||
<param-value>c:\work\mod_security2\java\libs\libxml2.dll</param-value>
|
||||
</init-param>
|
||||
<init-param>
|
||||
<param-name>libpcre</param-name>
|
||||
<param-value>c:\work\mod_security2\java\libs\pcre.dll</param-value>
|
||||
</init-param>
|
||||
<init-param>
|
||||
<param-name>libapr-1</param-name>
|
||||
<param-value>c:\work\mod_security2\java\libs\libapr-1.dll</param-value>
|
||||
</init-param>
|
||||
<init-param>
|
||||
<param-name>libapriconv-1</param-name>
|
||||
<param-value>c:\work\mod_security2\java\libs\libapriconv-1.dll</param-value>
|
||||
</init-param>
|
||||
<init-param>
|
||||
<param-name>libaprutil-1</param-name>
|
||||
<param-value>c:\work\mod_security2\java\libs\libaprutil-1.dll</param-value>
|
||||
</init-param>
|
||||
<init-param>
|
||||
<param-name>libModSecurityJNI</param-name>
|
||||
<param-value>c:\work\mod_security2\java\libs\ModSecurityJNI.dll</param-value>
|
||||
</init-param>
|
||||
</ModSecurityLoader>
|
||||
@@ -1,52 +1,120 @@
|
||||
package org.modsecurity.loader;
|
||||
|
||||
import java.io.File;
|
||||
import java.util.HashMap;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import org.w3c.dom.Document;
|
||||
import org.w3c.dom.Element;
|
||||
import org.w3c.dom.Node;
|
||||
import org.w3c.dom.NodeList;
|
||||
|
||||
public class ModSecurityLoader {
|
||||
|
||||
//private static final String MODSECURITYLIBSDIR_PATH = "c:\\work\\mod_security\\java\\libs\\"; //directory with ModSecurity native libraries
|
||||
public static final String CONFIG_FILENAME = "ModSecurityLoaderConfig.xml";
|
||||
private static final String zlibParamName = "zlib1";
|
||||
private static final String libxml2ParamName = "libxml2";
|
||||
private static final String libpcreParamName = "libpcre";
|
||||
private static final String libaprParamName = "libapr-1";
|
||||
private static final String libapriconvParamName = "libapriconv-1";
|
||||
private static final String libaprutilParamName = "libaprutil-1";
|
||||
private static final String libModSecurityJNIParamName = "libModSecurityJNI";
|
||||
|
||||
static {
|
||||
System.out.println("ModSecurity loader static block executed.");
|
||||
// File modSecDir = new File(MODSECURITYLIBSDIR_PATH);
|
||||
// File[] flibs = modSecDir.listFiles();
|
||||
// loadLib(flibs, "zlib1");
|
||||
// loadLib(flibs, "libxml2");
|
||||
// loadLib(flibs, "pcre");
|
||||
// loadLib(flibs, "libapr-1");
|
||||
// loadLib(flibs, "libapriconv-1");
|
||||
// loadLib(flibs, "libaprutil-1");
|
||||
// loadLib(flibs, "ModSecurityJNI");
|
||||
//System.out.println("ModSecurity loader static block executed.");
|
||||
|
||||
//alternative load, this requires native libraries to be in java.library.path, you can set it
|
||||
//by specifying server VM start-up option: -Djava.library.path=path/to/libs/
|
||||
//try load native libraries from config file with native libs paths, otherwise get paths from the
|
||||
// server VM start-up option: -Djava.library.path=path/to/libs/
|
||||
HashMap<String, String> libPaths = new HashMap<String, String>();
|
||||
try {
|
||||
System.loadLibrary("zlib1"); //needed for libxml2 in Windows
|
||||
} catch(UnsatisfiedLinkError ex) {
|
||||
}
|
||||
System.loadLibrary("libxml2");
|
||||
System.loadLibrary("pcre");
|
||||
System.loadLibrary("libapr-1");
|
||||
try {
|
||||
System.loadLibrary("libapriconv-1");
|
||||
} catch(UnsatisfiedLinkError ex) { //needed for libaprutil-1 in Windows
|
||||
}
|
||||
System.loadLibrary("libaprutil-1");
|
||||
System.loadLibrary("ModSecurityJNI");
|
||||
|
||||
System.out.println("ModSecurity native libraries loaded.");
|
||||
}
|
||||
Document dom;
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
dom = db.parse(CONFIG_FILENAME);
|
||||
|
||||
private static void loadLib(File[] files, String lib) {
|
||||
for (int i = 0; i < files.length; i++) {
|
||||
if (files[i].getName().startsWith(lib)) {
|
||||
System.load(files[i].getAbsolutePath());
|
||||
break;
|
||||
Element doc = dom.getDocumentElement();
|
||||
|
||||
NodeList nl = doc.getElementsByTagName("init-param");
|
||||
|
||||
for (int i = 0; i < nl.getLength(); i++) {
|
||||
String key = null;
|
||||
String value = null;
|
||||
|
||||
Node initParam = nl.item(i);
|
||||
|
||||
NodeList keyNl = ((Element) initParam).getElementsByTagName("param-name");
|
||||
if (keyNl.getLength() > 0 && keyNl.item(0).hasChildNodes()) {
|
||||
key = keyNl.item(0).getFirstChild().getNodeValue();
|
||||
}
|
||||
|
||||
NodeList valNl = ((Element) initParam).getElementsByTagName("param-value");
|
||||
if (valNl.getLength() > 0 && valNl.item(0).hasChildNodes()) {
|
||||
value = valNl.item(0).getFirstChild().getNodeValue();
|
||||
}
|
||||
|
||||
if (key != null && value != null) {
|
||||
libPaths.put(key, value);
|
||||
}
|
||||
}
|
||||
} catch (Exception ex) {
|
||||
}
|
||||
|
||||
if (!libPaths.containsKey(zlibParamName)) {
|
||||
libPaths.put(zlibParamName, null);
|
||||
}
|
||||
if (!libPaths.containsKey(libxml2ParamName)) {
|
||||
libPaths.put(libxml2ParamName, null);
|
||||
}
|
||||
if (!libPaths.containsKey(libpcreParamName)) {
|
||||
libPaths.put(libpcreParamName, null);
|
||||
}
|
||||
if (!libPaths.containsKey(libaprParamName)) {
|
||||
libPaths.put(libaprParamName, null);
|
||||
}
|
||||
if (!libPaths.containsKey(libapriconvParamName)) {
|
||||
libPaths.put(libapriconvParamName, null);
|
||||
}
|
||||
if (!libPaths.containsKey(libaprutilParamName)) {
|
||||
libPaths.put(libaprutilParamName, null);
|
||||
}
|
||||
if (!libPaths.containsKey(libModSecurityJNIParamName)) {
|
||||
libPaths.put(libModSecurityJNIParamName, null);
|
||||
}
|
||||
|
||||
try {
|
||||
loadLib("zlib1", libPaths.get(zlibParamName));
|
||||
} catch (UnsatisfiedLinkError err) {
|
||||
}
|
||||
loadLib("xml2", libPaths.get(libxml2ParamName));
|
||||
loadLib("pcre", libPaths.get(libpcreParamName));
|
||||
loadLib("apr-1", libPaths.get(libaprParamName));
|
||||
try {
|
||||
loadLib("apriconv-1", libPaths.get(libapriconvParamName));
|
||||
} catch (UnsatisfiedLinkError err) {
|
||||
}
|
||||
loadLib("aprutil-1", libPaths.get(libaprutilParamName));
|
||||
loadLib("ModSecurityJNI", libPaths.get(libModSecurityJNIParamName));
|
||||
}
|
||||
|
||||
private static void loadLib(String name, String absolutePath) throws UnsatisfiedLinkError {
|
||||
try {
|
||||
System.load(absolutePath);
|
||||
return;
|
||||
} catch (NullPointerException ex) {
|
||||
} catch (UnsatisfiedLinkError ex) {
|
||||
throw ex;
|
||||
}
|
||||
try {
|
||||
System.loadLibrary(name);
|
||||
return;
|
||||
} catch (UnsatisfiedLinkError ex) {
|
||||
}
|
||||
try {
|
||||
System.loadLibrary("lib" + name);
|
||||
} catch (UnsatisfiedLinkError ex) {
|
||||
throw ex;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
public static void main(String[] args) {
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
BIN
java/ModSecurityTestApp/dist/ModSecurityTestApp.war
vendored
BIN
java/ModSecurityTestApp/dist/ModSecurityTestApp.war
vendored
Binary file not shown.
@@ -39,7 +39,7 @@
|
||||
</p>
|
||||
|
||||
<br />
|
||||
<h2>Installation</h2>
|
||||
<h2 id="installation">Installation</h2>
|
||||
<p>
|
||||
First you need to choose whether to download and compile ModSecurity from the project's version control web-site:
|
||||
<a href="https://github.com/SpiderLabs/ModSecurity">github.com/SpiderLabs/ModSecurity</a> or using pre-compiled binaries from
|
||||
@@ -212,6 +212,30 @@ sudo cp ./java/.libs/libModSecurityJNI.so /usr/lib/
|
||||
</ol>
|
||||
|
||||
<br/>
|
||||
|
||||
<h2 id="beanshell">BeanShell scripting with ModSecurity</h2>
|
||||
<p>
|
||||
You can use <a href="http://www.beanshell.org/">BeanShell</a> scripts in <span class="code">SecRule</span>
|
||||
ModSecurity directives using the <span class="code">exec</span> action. First you need to put the
|
||||
<span class="code">bsh.jar</span> file (which can be downloaded from <a href="http://www.beanshell.org/download.html">beanshell.org</a>)
|
||||
into the current directory of your server (for example <span class="code">$CATALINA_HOME/bin</span> in Tomcat).
|
||||
An example of an <span class="code">exec</span> can be the following:
|
||||
</p>
|
||||
|
||||
<pre class="codecanvas">
|
||||
<code>
|
||||
SecAction "setenv:msg=%{rule.msg},exec:/usr/local/apache/conf/beanshell_script.bsh"
|
||||
</code>
|
||||
</pre>
|
||||
<p>
|
||||
The environment variable set in the <span class="code">SecAction</span> can be accessed in BeanShell scripts
|
||||
using:
|
||||
</p>
|
||||
<pre class="codecanvas">
|
||||
<code>
|
||||
System.getenv("msg");
|
||||
</code>
|
||||
</pre>
|
||||
<br/>
|
||||
<br/>
|
||||
</td>
|
||||
|
||||
Reference in New Issue
Block a user