github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 07:56:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

Loader improvement & request wrapper fix

Browse Source
This commit is contained in:
Mihai Pitu 2013-08-28 17:54:24 +03:00 committed by Felipe Zimmerle
parent 5e98205ccc
commit 8a0e3d0e9f
7 changed files with 108 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
java/ModSecurityLoader/dist/ModSecurityLoader.jar vendored
View File

Binary file not shown.

BIN
java/ModSecurityTestApp/dist/ModSecurityTestApp.war vendored
View File

Binary file not shown.

13
java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurity.java
View File

@ -28,30 +28,35 @@ public final class ModSecurity {
if (!libsLoaded) { if (!libsLoaded) {
libsLoaded = true; libsLoaded = true;
//ModSecurityLoader calls System.load() for every native library needed by ModSecurity. //ModSecurityLoader calls System.load() for every native library needed by ModSecurity.
boolean loaderFound = false;
// try { // try {
// Class.forName("org.modsecurity.loader.ModSecurityLoader"); // Class.forName("org.modsecurity.loader.ModSecurityLoader");
// loaderFound = true;
// } catch (ClassNotFoundException ex) { // } catch (ClassNotFoundException ex) {
// java.util.logging.Logger.getLogger(ModSecurity.class.getName()).log(java.util.logging.Level.SEVERE, // //java.util.logging.Logger.getLogger(ModSecurity.class.getName()).log(java.util.logging.Level.SEVERE,
// "ModSecurityLoader was not found, please make sure that you have \"ModSecurityLoader.jar\" in your server lib folder.", ex); // // "ModSecurityLoader was not found, please make sure that you have \"ModSecurityLoader.jar\" in your server lib folder.", ex);
// } catch (NoClassDefFoundError ex) {
// } // }
if (!loaderFound) {
//If the ModSecurityLoader is not used, native libraries can be loaded here, however this is bad practice since this will raise UnsatisfiedLinkError if //If the ModSecurityLoader is not used, native libraries can be loaded here, however this is bad practice since this will raise UnsatisfiedLinkError if
//ModSecurity is used in multiple webapps. This will also will raise problems when the web-app is redeployed and the server is running. //ModSecurity is used in multiple webapps. This will also will raise problems when the web-app is redeployed and the server is running.
try { try {
loadLib("zlib1", zlibPath); loadLib("zlib1", zlibPath);
} catch (UnsatisfiedLinkError ex) { } catch (UnsatisfiedLinkError err) {
} }
loadLib("xml2", libxml2Path); loadLib("xml2", libxml2Path);
loadLib("pcre", libpcrePath); loadLib("pcre", libpcrePath);
loadLib("apr-1", libaprPath); loadLib("apr-1", libaprPath);
try { try {
loadLib("apriconv-1", libapriconvPath); loadLib("apriconv-1", libapriconvPath);
} catch (UnsatisfiedLinkError ex) { } catch (UnsatisfiedLinkError err) {
} }
loadLib("aprutil-1", libaprutilPath); loadLib("aprutil-1", libaprutilPath);
loadLib("ModSecurityJNI", libModSecurityPath); loadLib("ModSecurityJNI", libModSecurityPath);
} }
} }
}
private void loadLib(String name, String absolutePath) throws UnsatisfiedLinkError { private void loadLib(String name, String absolutePath) throws UnsatisfiedLinkError {
try { try {

1
java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurityFilter.java
View File

@ -43,6 +43,7 @@ public class ModSecurityFilter implements Filter {
MsHttpTransaction httpTran = new MsHttpTransaction(httpReq, httpResp); //transaction object used by native code MsHttpTransaction httpTran = new MsHttpTransaction(httpReq, httpResp); //transaction object used by native code
try { try {
//onRequest is responsable of calling MsHttpServletRequest.readBody
int status = modsecurity.onRequest(modsecurity.getConfFilename(), httpTran, modsecurity.checkModifiedConfig()); //modsecurity reloads only if primary config file is modified int status = modsecurity.onRequest(modsecurity.getConfFilename(), httpTran, modsecurity.checkModifiedConfig()); //modsecurity reloads only if primary config file is modified
if (status != ModSecurity.DECLINED) { if (status != ModSecurity.DECLINED) {

19
java/ModSecurityTestApp/src/java/org/modsecurity/MsHttpServletRequest.java
View File

@ -176,6 +176,7 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper {
} }
body = new String(bodyBytes, encoding); body = new String(bodyBytes, encoding);
if ((contentType != null) && ((contentType.compareTo("application/x-www-form-urlencoded") == 0) || (contentType.compareTo("application/x-form-urlencoded") == 0))) { if ((contentType != null) && ((contentType.compareTo("application/x-www-form-urlencoded") == 0) || (contentType.compareTo("application/x-form-urlencoded") == 0))) {
addUrlEncoded(body); addUrlEncoded(body);
} }
@ -459,6 +460,14 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper {
return sis; return sis;
} }
/**
* Replacement for the ServletRequest.getReader() method.
*/
@Override
public BufferedReader getReader() throws java.io.IOException {
return new BufferedReader(new InputStreamReader(getInputStream(), encoding));
}
/** /**
* Replacement for the ServletRequest.getParameter() method. * Replacement for the ServletRequest.getParameter() method.
*/ */
@ -514,6 +523,9 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper {
} }
} }
if (count == 0)
return null;
// put them into a String array // put them into a String array
String values[] = new String[count]; String values[] = new String[count];
count = 0; count = 0;
@ -527,11 +539,4 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper {
return values; return values;
} }
/**
* Replacement for the ServletRequest.getReader() method.
*/
@Override
public BufferedReader getReader() throws java.io.IOException {
return new BufferedReader(new InputStreamReader(getInputStream(), encoding));
}
} }

18
java/ModSecurityTestApp/web/WEB-INF/web.xml
View File

@ -17,8 +17,6 @@
--> -->
</init-param> </init-param>
<!-- <!--
OPTIONAL parameters for loading native libraries from absolute paths. This is an alternitive to specifying OPTIONAL parameters for loading native libraries from absolute paths. This is an alternitive to specifying
-Djava.library.path=/path/to/libs/ variable which is used by the JVM to search libraries. -Djava.library.path=/path/to/libs/ variable which is used by the JVM to search libraries.
@ -26,36 +24,34 @@
zlib1 and libapriconv-1 are Windows only libraries zlib1 and libapriconv-1 are Windows only libraries
--> -->
<!--
<init-param> <init-param>
<param-name>zlib1</param-name> <param-name>zlib1</param-name>
<param-value>c:\work\zlib1.dll</param-value> <param-value>c:\work\mod_security\java\libs\zlib1.dll</param-value>
</init-param> </init-param>
<init-param> <init-param>
<param-name>libxml2</param-name> <param-name>libxml2</param-name>
<param-value>/usr/lib/i386-linux-gnu/libxml2.so</param-value> <param-value>c:\work\mod_security\java\libs\libxml2.dll</param-value>
</init-param> </init-param>
<init-param> <init-param>
<param-name>libpcre</param-name> <param-name>libpcre</param-name>
<param-value>/usr/lib/i386-linux-gnu/libxml2.so</param-value> <param-value>c:\work\mod_security\java\libs\pcre.dll</param-value>
</init-param> </init-param>
<init-param> <init-param>
<param-name>libapr-1</param-name> <param-name>libapr-1</param-name>
<param-value>/usr/lib/libapr-1.so</param-value> <param-value>c:\work\mod_security\java\libs\libapr-1.dll</param-value>
</init-param> </init-param>
<init-param> <init-param>
<param-name>libapriconv-1</param-name> <param-name>libapriconv-1</param-name>
<param-value>c:\work\zlib1.dll</param-value> <param-value>c:\work\mod_security\java\libs\libapriconv-1.dll</param-value>
</init-param> </init-param>
<init-param> <init-param>
<param-name>libaprutil-1</param-name> <param-name>libaprutil-1</param-name>
<param-value>/usr/lib/libaprutil-1.so</param-value> <param-value>c:\work\mod_security\java\libs\libaprutil-1.dll</param-value>
</init-param> </init-param>
<init-param> <init-param>
<param-name>libModSecurityJNI</param-name> <param-name>libModSecurityJNI</param-name>
<param-value>/usr/lib/libModSecurityJNI.so</param-value> <param-value>c:\work\mod_security\java\libs\ModSecurityJNI.dll</param-value>
</init-param> </init-param>
-->
</filter> </filter>
<filter-mapping> <filter-mapping>

44
java/ModSecurityTestApp/web/help.html
View File

@ -128,6 +128,37 @@ sudo cp ./java/.libs/libModSecurityJNI.so /usr/lib/
Include activated_rules\*.conf Include activated_rules\*.conf
--&gt; --&gt;
&lt;/init-param&gt; &lt;/init-param&gt;
&lt;!--
&lt;init-param&gt;
&lt;param-name&gt;zlib1&lt;/param-name&gt;
&lt;param-value&gt;c:\work\mod_security\java\libs\zlib1.dll&lt;/param-value&gt;
&lt;/init-param&gt;
&lt;init-param&gt;
&lt;param-name&gt;libxml2&lt;/param-name&gt;
&lt;param-value&gt;c:\work\mod_security\java\libs\libxml2.dll&lt;/param-value&gt;
&lt;/init-param&gt;
&lt;init-param&gt;
&lt;param-name&gt;libpcre&lt;/param-name&gt;
&lt;param-value&gt;c:\work\mod_security\java\libs\pcre.dll&lt;/param-value&gt;
&lt;/init-param&gt;
&lt;init-param&gt;
&lt;param-name&gt;libapr-1&lt;/param-name&gt;
&lt;param-value&gt;c:\work\mod_security\java\libs\libapr-1.dll&lt;/param-value&gt;
&lt;/init-param&gt;
&lt;init-param&gt;
&lt;param-name&gt;libapriconv-1&lt;/param-name&gt;
&lt;param-value&gt;c:\work\mod_security\java\libs\libapriconv-1.dll&lt;/param-value&gt;
&lt;/init-param&gt;
&lt;init-param&gt;
&lt;param-name&gt;libaprutil-1&lt;/param-name&gt;
&lt;param-value&gt;c:\work\mod_security\java\libs\libaprutil-1.dll&lt;/param-value&gt;
&lt;/init-param&gt;
&lt;init-param&gt
&lt;param-name&gt;libModSecurityJNI&lt;/param-name&gt;
&lt;param-value&gt;c:\work\mod_security\java\libs\ModSecurityJNI.dll&lt;/param-value&gt;
&lt;/init-param&gt;
--&gt;
&lt;/filter&gt; &lt;/filter&gt;
&lt;filter-mapping&gt; &lt;filter-mapping&gt;
@ -158,7 +189,8 @@ sudo cp ./java/.libs/libModSecurityJNI.so /usr/lib/
<p> <p>
You can specify multiple folders for the <span class="code">java.library.path</span> variable by using You can specify multiple folders for the <span class="code">java.library.path</span> variable by using
: (colon) or ; (semi-colon), depending on your environment. Also, the libraries can be loaded using : (colon) or ; (semi-colon), depending on your environment. Also, the libraries can be loaded using
their absolute path using <span class="code">System.load()</span>. their absolute path by uncommenting the <span class="code">init-param</span> elements in the above
filter example.
</p> </p>
</li> </li>
@ -167,8 +199,14 @@ sudo cp ./java/.libs/libModSecurityJNI.so /usr/lib/
<p> <p>
<a class="code" href="../../ModSecurityLoader/dist/ModSecurityLoader.jar">ModSecurityLoader.jar</a> should be placed <a class="code" href="../../ModSecurityLoader/dist/ModSecurityLoader.jar">ModSecurityLoader.jar</a> should be placed
in the Java server library loader folder (for example, in Tomcat 7: <span class="code">$CATALINA_HOME/lib</span>). in the Java server library loader folder (for example, in Tomcat 7: <span class="code">$CATALINA_HOME/lib</span>).
You can build or modify the load directory of <span class="code">ModSecurityLoader</span> from The server has to be started with the VM options:
<span class="code">/mod_security/java/ModSecurityLoader/src/</span>. </p>
<pre class="codecanvas">
-Djava.library.path=/path/to/libraries/folder/
</pre>
<p>
or alternatively by specifying <span class="code">init-param</span> elements with absolute paths
in the <span class="code">ModSecurityLoaderConfig.xml</span> file.
</p> </p>
</li> </li>
</ol> </ol>