mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-09-30 03:34:29 +03:00
Adds support to load remote rules
This commit is contained in:
Felipe Zimmerle
106
src/utils/https_client.cc
Normal file
106
src/utils/https_client.cc
Normal file
@@ -0,0 +1,106 @@
|
||||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* If any of the files related to licensing are missing or if you have any
|
||||
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||
* directly using the email address security@modsecurity.org.
|
||||
*
|
||||
*/
|
||||
|
||||
#include "utils/https_client.h"
|
||||
#include "src/config.h"
|
||||
|
||||
#ifdef MSC_WITH_CURL
|
||||
#include <curl/curl.h>
|
||||
#endif
|
||||
|
||||
#include <sys/socket.h>
|
||||
#include <sys/types.h>
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <string>
|
||||
|
||||
#include <fstream>
|
||||
#include <iostream>
|
||||
|
||||
#include "src/unique_id.h"
|
||||
|
||||
namespace ModSecurity {
|
||||
namespace Utils {
|
||||
|
||||
|
||||
size_t HttpsClient::handle(char * data, size_t size, size_t nmemb, void * p) {
|
||||
return static_cast<HttpsClient*>(p)->handle_impl(data, size, nmemb);
|
||||
}
|
||||
|
||||
|
||||
size_t HttpsClient::handle_impl(char* data, size_t size, size_t nmemb) {
|
||||
content.append(data, size * nmemb);
|
||||
return size * nmemb;
|
||||
}
|
||||
|
||||
|
||||
#ifdef MSC_WITH_CURL
|
||||
bool HttpsClient::download(const std::string &uri) {
|
||||
CURL *curl;
|
||||
CURLcode res;
|
||||
std::string uniqueId = "ModSec-unique-id: " + UniqueId::uniqueId();
|
||||
|
||||
curl = curl_easy_init();
|
||||
if (!curl) {
|
||||
error = "Not able to initialize libcurl";
|
||||
return false;
|
||||
}
|
||||
|
||||
struct curl_slist *headers_chunk = NULL;
|
||||
curl_easy_setopt(curl, CURLOPT_URL, uri.c_str());
|
||||
|
||||
headers_chunk = curl_slist_append(headers_chunk, uniqueId.c_str());
|
||||
|
||||
/* Make it TLS 1.x only. */
|
||||
curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
|
||||
|
||||
/* those are the default options, but lets make sure */
|
||||
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
|
||||
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1);
|
||||
|
||||
/* send all data to this function */
|
||||
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, &HttpsClient::handle);
|
||||
|
||||
/* we pass our 'chunk' struct to the callback function */
|
||||
curl_easy_setopt(curl, CURLOPT_WRITEDATA, this);
|
||||
|
||||
curl_easy_setopt(curl, CURLOPT_USERAGENT, "modesecurity3");
|
||||
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers_chunk);
|
||||
|
||||
/* We want Curl to return error in case there is an HTTP error code */
|
||||
curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1);
|
||||
|
||||
res = curl_easy_perform(curl);
|
||||
|
||||
curl_slist_free_all(headers_chunk);
|
||||
|
||||
if (res != CURLE_OK) {
|
||||
error = curl_easy_strerror(res);
|
||||
}
|
||||
|
||||
curl_easy_cleanup(curl);
|
||||
|
||||
return res == CURLE_OK;
|
||||
}
|
||||
#else
|
||||
bool HttpsClient::download(const std::string &uri) {
|
||||
error = "Not compiled with libcurl support";
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
|
||||
} // namespace Utils
|
||||
} // namespace ModSecurity
|
||||
|
||||
55
src/utils/https_client.h
Normal file
55
src/utils/https_client.h
Normal file
@@ -0,0 +1,55 @@
|
||||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* If any of the files related to licensing are missing or if you have any
|
||||
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||
* directly using the email address security@modsecurity.org.
|
||||
*
|
||||
*/
|
||||
|
||||
#ifdef MSC_WITH_CURL
|
||||
#include <curl/curl.h>
|
||||
#endif
|
||||
|
||||
#include <iostream>
|
||||
#include <fstream>
|
||||
#include <string>
|
||||
#include <functional>
|
||||
|
||||
#include <GeoIPCity.h>
|
||||
|
||||
#ifndef SRC_UTILS_HTTPS_CLIENT_H_
|
||||
#define SRC_UTILS_HTTPS_CLIENT_H_
|
||||
|
||||
#include "modsecurity/assay.h"
|
||||
|
||||
namespace ModSecurity {
|
||||
namespace Utils {
|
||||
|
||||
|
||||
class HttpsClient {
|
||||
public:
|
||||
HttpsClient()
|
||||
: content(""),
|
||||
error("") { }
|
||||
|
||||
bool download(const std::string &uri);
|
||||
std::string content;
|
||||
|
||||
static size_t handle(char * data, size_t size, size_t nmemb, void * p);
|
||||
size_t handle_impl(char * data, size_t size, size_t nmemb);
|
||||
|
||||
std::string error;
|
||||
};
|
||||
|
||||
|
||||
} // namespace Utils
|
||||
} // namespace ModSecurity
|
||||
|
||||
#endif // SRC_UTILS_HTTPS_CLIENT_H_
|
||||
Reference in New Issue
Block a user