github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Loader improvement & request wrapper fix

Browse Source
This commit is contained in:
Mihai Pitu 2013-08-28 17:54:24 +03:00 committed by Felipe Zimmerle
parent 5e98205ccc
commit 8a0e3d0e9f
7 changed files with 108 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
java/ModSecurityLoader/dist/ModSecurityLoader.jar vendored
View File

Binary file not shown.

BIN
java/ModSecurityTestApp/dist/ModSecurityTestApp.war vendored
View File

Binary file not shown.

81
java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurity.java
View File

@ -18,41 +18,46 @@ public final class ModSecurity {
private long confTime;
private static boolean libsLoaded = false;
private void loadNativeLibs(String zlibPath,
String libxml2Path,
String libpcrePath,
String libaprPath,
String libapriconvPath,
String libaprutilPath,
String libModSecurityPath) {
private void loadNativeLibs(String zlibPath,
String libxml2Path,
String libpcrePath,
String libaprPath,
String libapriconvPath,
String libaprutilPath,
String libModSecurityPath) {
if (!libsLoaded) {
libsLoaded = true;
//ModSecurityLoader calls System.load() for every native library needed by ModSecurity.
// try {
// Class.forName("org.modsecurity.loader.ModSecurityLoader");
// } catch (ClassNotFoundException ex) {
// java.util.logging.Logger.getLogger(ModSecurity.class.getName()).log(java.util.logging.Level.SEVERE,
// "ModSecurityLoader was not found, please make sure that you have \"ModSecurityLoader.jar\" in your server lib folder.", ex);
// }
//If the ModSecurityLoader is not used, native libraries can be loaded here, however this is bad practice since this will raise UnsatisfiedLinkError if
//ModSecurity is used in multiple webapps. This will also will raise problems when the web-app is redeployed and the server is running.
try {
loadLib("zlib1", zlibPath);
} catch (UnsatisfiedLinkError ex) {
boolean loaderFound = false;
// try {
// Class.forName("org.modsecurity.loader.ModSecurityLoader");
// loaderFound = true;
// } catch (ClassNotFoundException ex) {
// //java.util.logging.Logger.getLogger(ModSecurity.class.getName()).log(java.util.logging.Level.SEVERE,
// // "ModSecurityLoader was not found, please make sure that you have \"ModSecurityLoader.jar\" in your server lib folder.", ex);
// } catch (NoClassDefFoundError ex) {
// }
if (!loaderFound) {
//If the ModSecurityLoader is not used, native libraries can be loaded here, however this is bad practice since this will raise UnsatisfiedLinkError if
//ModSecurity is used in multiple webapps. This will also will raise problems when the web-app is redeployed and the server is running.
try {
loadLib("zlib1", zlibPath);
} catch (UnsatisfiedLinkError err) {
}
loadLib("xml2", libxml2Path);
loadLib("pcre", libpcrePath);
loadLib("apr-1", libaprPath);
try {
loadLib("apriconv-1", libapriconvPath);
} catch (UnsatisfiedLinkError err) {
}
loadLib("aprutil-1", libaprutilPath);
loadLib("ModSecurityJNI", libModSecurityPath);
}
loadLib("xml2", libxml2Path);
loadLib("pcre", libpcrePath);
loadLib("apr-1", libaprPath);
try {
loadLib("apriconv-1", libapriconvPath);
} catch (UnsatisfiedLinkError ex) {
}
loadLib("aprutil-1", libaprutilPath);
loadLib("ModSecurityJNI", libModSecurityPath);
}
}
private void loadLib(String name, String absolutePath) throws UnsatisfiedLinkError {
try {
System.load(absolutePath);
@ -73,15 +78,15 @@ public final class ModSecurity {
}
}
public ModSecurity(FilterConfig fc,
String confFile,
String zlibPath,
String libxml2Path,
String libpcrePath,
String libaprPath,
String libapriconvPath,
String libaprutilPath,
String libModSecurityPath) throws ServletException {
public ModSecurity(FilterConfig fc,
String confFile,
String zlibPath,
String libxml2Path,
String libpcrePath,
String libaprPath,
String libapriconvPath,
String libaprutilPath,
String libModSecurityPath) throws ServletException {
loadNativeLibs(zlibPath, libxml2Path, libpcrePath, libaprPath, libapriconvPath, libaprutilPath, libModSecurityPath);
this.filterConfig = fc;

3
java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurityFilter.java
View File

@ -43,6 +43,7 @@ public class ModSecurityFilter implements Filter {
MsHttpTransaction httpTran = new MsHttpTransaction(httpReq, httpResp); //transaction object used by native code
try {
//onRequest is responsable of calling MsHttpServletRequest.readBody
int status = modsecurity.onRequest(modsecurity.getConfFilename(), httpTran, modsecurity.checkModifiedConfig()); //modsecurity reloads only if primary config file is modified
if (status != ModSecurity.DECLINED) {
@ -52,7 +53,7 @@ public class ModSecurityFilter implements Filter {
//process request
fc.doFilter(httpTran.getMsHttpRequest(), httpTran.getMsHttpResponse());
status = modsecurity.onResponse(httpTran);
if (status != ModSecurity.OK && status != ModSecurity.DECLINED) {
httpTran.getMsHttpResponse().reset();

21
java/ModSecurityTestApp/src/java/org/modsecurity/MsHttpServletRequest.java
View File

@ -33,7 +33,7 @@ import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileUploadException;
public class MsHttpServletRequest extends HttpServletRequestWrapper {
public final static int BODY_NOTYETREAD = 0;
public final static int BODY_INTERCEPT = 1;
public final static int BODY_DISK = 2;
@ -176,6 +176,7 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper {
}
body = new String(bodyBytes, encoding);
if ((contentType != null) && ((contentType.compareTo("application/x-www-form-urlencoded") == 0) || (contentType.compareTo("application/x-form-urlencoded") == 0))) {
addUrlEncoded(body);
}
@ -459,6 +460,14 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper {
return sis;
}
/**
* Replacement for the ServletRequest.getReader() method.
*/
@Override
public BufferedReader getReader() throws java.io.IOException {
return new BufferedReader(new InputStreamReader(getInputStream(), encoding));
}
/**
* Replacement for the ServletRequest.getParameter() method.
*/
@ -513,6 +522,9 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper {
count++;
}
}
if (count == 0)
return null;
// put them into a String array
String values[] = new String[count];
@ -527,11 +539,4 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper {
return values;
}
/**
* Replacement for the ServletRequest.getReader() method.
*/
@Override
public BufferedReader getReader() throws java.io.IOException {
return new BufferedReader(new InputStreamReader(getInputStream(), encoding));
}
}

22
java/ModSecurityTestApp/web/WEB-INF/web.xml
View File

@ -17,8 +17,6 @@
-->
</init-param>
<!--
OPTIONAL parameters for loading native libraries from absolute paths. This is an alternitive to specifying
-Djava.library.path=/path/to/libs/ variable which is used by the JVM to search libraries.
@ -26,36 +24,34 @@
zlib1 and libapriconv-1 are Windows only libraries
-->
<!--
<init-param>
<param-name>zlib1</param-name>
<param-value>c:\work\zlib1.dll</param-value>
<init-param>
<param-name>zlib1</param-name>
<param-value>c:\work\mod_security\java\libs\zlib1.dll</param-value>
</init-param>
<init-param>
<param-name>libxml2</param-name>
<param-value>/usr/lib/i386-linux-gnu/libxml2.so</param-value>
<param-value>c:\work\mod_security\java\libs\libxml2.dll</param-value>
</init-param>
<init-param>
<param-name>libpcre</param-name>
<param-value>/usr/lib/i386-linux-gnu/libxml2.so</param-value>
<param-value>c:\work\mod_security\java\libs\pcre.dll</param-value>
</init-param>
<init-param>
<param-name>libapr-1</param-name>
<param-value>/usr/lib/libapr-1.so</param-value>
<param-value>c:\work\mod_security\java\libs\libapr-1.dll</param-value>
</init-param>
<init-param>
<param-name>libapriconv-1</param-name>
<param-value>c:\work\zlib1.dll</param-value>
<param-value>c:\work\mod_security\java\libs\libapriconv-1.dll</param-value>
</init-param>
<init-param>
<param-name>libaprutil-1</param-name>
<param-value>/usr/lib/libaprutil-1.so</param-value>
<param-value>c:\work\mod_security\java\libs\libaprutil-1.dll</param-value>
</init-param>
<init-param>
<param-name>libModSecurityJNI</param-name>
<param-value>/usr/lib/libModSecurityJNI.so</param-value>
<param-value>c:\work\mod_security\java\libs\ModSecurityJNI.dll</param-value>
</init-param>
-->
</filter>
<filter-mapping>

44
java/ModSecurityTestApp/web/help.html
View File

@ -128,6 +128,37 @@ sudo cp ./java/.libs/libModSecurityJNI.so /usr/lib/
Include activated_rules\*.conf
--&gt;
&lt;/init-param&gt;
&lt;!--
&lt;init-param&gt;
&lt;param-name&gt;zlib1&lt;/param-name&gt;
&lt;param-value&gt;c:\work\mod_security\java\libs\zlib1.dll&lt;/param-value&gt;
&lt;/init-param&gt;
&lt;init-param&gt;
&lt;param-name&gt;libxml2&lt;/param-name&gt;
&lt;param-value&gt;c:\work\mod_security\java\libs\libxml2.dll&lt;/param-value&gt;
&lt;/init-param&gt;
&lt;init-param&gt;
&lt;param-name&gt;libpcre&lt;/param-name&gt;
&lt;param-value&gt;c:\work\mod_security\java\libs\pcre.dll&lt;/param-value&gt;
&lt;/init-param&gt;
&lt;init-param&gt;
&lt;param-name&gt;libapr-1&lt;/param-name&gt;
&lt;param-value&gt;c:\work\mod_security\java\libs\libapr-1.dll&lt;/param-value&gt;
&lt;/init-param&gt;
&lt;init-param&gt;
&lt;param-name&gt;libapriconv-1&lt;/param-name&gt;
&lt;param-value&gt;c:\work\mod_security\java\libs\libapriconv-1.dll&lt;/param-value&gt;
&lt;/init-param&gt;
&lt;init-param&gt;
&lt;param-name&gt;libaprutil-1&lt;/param-name&gt;
&lt;param-value&gt;c:\work\mod_security\java\libs\libaprutil-1.dll&lt;/param-value&gt;
&lt;/init-param&gt;
&lt;init-param&gt
&lt;param-name&gt;libModSecurityJNI&lt;/param-name&gt;
&lt;param-value&gt;c:\work\mod_security\java\libs\ModSecurityJNI.dll&lt;/param-value&gt;
&lt;/init-param&gt;
--&gt;
&lt;/filter&gt;
&lt;filter-mapping&gt;
@ -158,7 +189,8 @@ sudo cp ./java/.libs/libModSecurityJNI.so /usr/lib/
<p>
You can specify multiple folders for the <span class="code">java.library.path</span> variable by using
: (colon) or ; (semi-colon), depending on your environment. Also, the libraries can be loaded using
their absolute path using <span class="code">System.load()</span>.
their absolute path by uncommenting the <span class="code">init-param</span> elements in the above
filter example.
</p>
</li>
@ -167,8 +199,14 @@ sudo cp ./java/.libs/libModSecurityJNI.so /usr/lib/
<p>
<a class="code" href="../../ModSecurityLoader/dist/ModSecurityLoader.jar">ModSecurityLoader.jar</a> should be placed
in the Java server library loader folder (for example, in Tomcat 7: <span class="code">$CATALINA_HOME/lib</span>).
You can build or modify the load directory of <span class="code">ModSecurityLoader</span> from
<span class="code">/mod_security/java/ModSecurityLoader/src/</span>.
The server has to be started with the VM options:
</p>
<pre class="codecanvas">
-Djava.library.path=/path/to/libraries/folder/
</pre>
<p>
or alternatively by specifying <span class="code">init-param</span> elements with absolute paths
in the <span class="code">ModSecurityLoaderConfig.xml</span> file.
</p>
</li>
</ol>