Very first commit: libmodsecurity

Check the README.md file for further information about the libmodsecurity.

headers/modsecurity/assay.h

@@ -0,0 +1,208 @@
+/**
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#ifdef __cplusplus
+#include <ctime>
+#include <iostream>
+#include <list>
+#include <iomanip>
+#include <string>
+#include <sstream>
+#include <unordered_map>
+#include <fstream>
+#include <vector>
+#endif
+
+#include <stdlib.h>
+#include <stddef.h>
+
+#ifndef HEADERS_MODSECURITY_ASSAY_H_
+#define HEADERS_MODSECURITY_ASSAY_H_
+
+#ifndef __cplusplus
+typedef struct Assay_t Assay;
+typedef struct Rules_t Rules;
+#endif
+
+#include "modsecurity/intervention.h"
+
+
+
+#ifdef __cplusplus
+
+namespace ModSecurity {
+
+class ModSecurity;
+class Assay;
+class Rules;
+namespace actions {
+class Action;
+}
+namespace operators {
+class Operator;
+}
+
+class ModSecurityHeader {
+ public:
+    ModSecurityHeader(char *key, char *value)
+        : _key(key),
+        _value(value)
+        { }
+
+    char *_key;
+    char *_value;
+};
+
+
+class ModSecurityCollectionsVariables :
+    public std::unordered_map<std::string,
+        std::unordered_map<std::string, std::string>> {
+ public:
+};
+
+
+class ModSecurityStringVariables :
+    public std::unordered_map<std::string, std::string> {
+ public:
+};
+
+/** @ingroup ModSecurity_CPP_API */
+class Assay {
+ public:
+    Assay(ModSecurity *assay, Rules *rules);
+    ~Assay();
+
+    /** TODO: Should be an structure that fits an IP address */
+    int processConnection(char *ip);
+    int processURI(char *uri);
+
+
+    int processRequestHeaders();
+    int addRequestHeader(const std::string& key, const std::string& value);
+    int addRequestHeader(const unsigned char *key, const unsigned char *value);
+    int addRequestHeader(const unsigned char *key, size_t len_key,
+        const unsigned char *value, size_t len_value);
+
+    int processRequestBody();
+    int appendRequestBody(const unsigned char *body, size_t size);
+
+    int processResponseHeaders();
+    int addResponseHeader(const std::string& key, const std::string& value);
+    int addResponseHeader(const unsigned char *key, const unsigned char *value);
+    int addResponseHeader(const unsigned char *key, size_t len_key,
+        const unsigned char *value, size_t len_value);
+
+    int processResponseBody();
+    int appendResponseBody(const unsigned char *body, size_t size);
+
+    int processLogging();
+
+    ModSecurityIntervention *intervention();
+
+    void cleanup();
+
+    const char *getResponseBody();
+    int getResponseBodyLenth();
+
+    std::string resolve_variable(std::string);
+
+    void store_variable(std::string, std::string);
+    void store_variable(std::string,
+        std::unordered_map<std::string, std::string>);
+
+    ModSecurityStringVariables m_variables_strings;
+
+    void debug(int, std::string);
+    std::vector<actions::Action *> actions;
+
+ private:
+    std::ofstream myfile;
+    Rules *m_rules;
+    char *m_ipAddress;
+    char *m_uri;
+    std::ostringstream m_requestBody;
+    std::ostringstream m_responseBody;
+    ModSecurityCollectionsVariables m_variables_collections;
+};
+
+
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** @ingroup ModSecurity_C_API */
+Assay *msc_new_assay(ModSecurity *ms, Rules *rules);
+
+/** @ingroup ModSecurity_C_API */
+int msc_process_connection(Assay *assay, char *ip);
+
+/** @ingroup ModSecurity_C_API */
+int msc_process_request_headers(Assay *assay);
+
+/** @ingroup ModSecurity_C_API */
+int msc_add_request_header(Assay *assay, const unsigned char *key,
+    const unsigned char *value);
+
+/** @ingroup ModSecurity_C_API */
+int msc_add_n_request_header(Assay *assay, const unsigned char *key,
+    size_t len_key, const unsigned char *value, size_t len_value);
+
+/** @ingroup ModSecurity_C_API */
+int msc_process_request_body(Assay *assay);
+
+/** @ingroup ModSecurity_C_API */
+int msc_append_request_body(Assay *assay,
+    const unsigned char *body, size_t size);
+
+/** @ingroup ModSecurity_C_API */
+int msc_process_response_headers(Assay *assay);
+/** @ingroup ModSecurity_C_API */
+int msc_add_response_header(Assay *assay, const unsigned char *key,
+    const unsigned char *value);
+/** @ingroup ModSecurity_C_API */
+int msc_add_n_response_header(Assay *assay, const unsigned char *key,
+    size_t len_key, const unsigned char *value, size_t len_value);
+
+/** @ingroup ModSecurity_C_API */
+int msc_process_response_body(Assay *assay);
+/** @ingroup ModSecurity_C_API */
+int msc_append_response_body(Assay *assay,
+    const unsigned char *body, size_t size);
+
+/** @ingroup ModSecurity_C_API */
+int msc_process_uri(Assay *assay, char *uri);
+/** @ingroup ModSecurity_C_API */
+const char *msc_get_response_body(Assay *assay);
+/** @ingroup ModSecurity_C_API */
+int msc_get_response_body_length(Assay *assay);
+
+/** @ingroup ModSecurity_C_API */
+void msc_assay_cleanup(Assay *assay);
+
+/** @ingroup ModSecurity_C_API */
+ModSecurityIntervention *msc_intervention(Assay *assay);
+
+/** @ingroup ModSecurity_C_API */
+int msc_process_logging(Assay *assay);
+
+#ifdef __cplusplus
+}
+}  // namespace ModSecurity
+#endif
+
+
+#endif  // HEADERS_MODSECURITY_ASSAY_H_

headers/modsecurity/debug_log.h

@@ -0,0 +1,68 @@
+/**
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#ifdef __cplusplus
+#include <iostream>
+#include <fstream>
+#include <string>
+#endif
+
+#ifndef HEADERS_MODSECURITY_DEBUG_LOG_H_
+#define HEADERS_MODSECURITY_DEBUG_LOG_H_
+
+
+#ifndef __cplusplus
+typedef struct DebugLog_t DebugLog;
+#endif
+
+#ifdef __cplusplus
+
+namespace ModSecurity {
+
+/** @ingroup ModSecurity_CPP_API */
+class DebugLog : public std::ofstream {
+ public:
+    /*
+    static ModSecurityDebugLog& instance() {
+        static ModSecurityDebugLog i;
+        return i;
+    }
+    */
+    DebugLog()
+        : m_is_configured(false),
+        m_debug_level(0) { }
+
+    bool setOutputFile(const std::string& file);
+    virtual bool write_log(int level, const std::string& data);
+    bool setDebugLevel(int level);
+    bool isConfigured();
+
+
+
+    virtual DebugLog *new_instance();
+
+ private:
+        /*
+        ModSecurityDebugLog(ModSecurityDebugLog const&);
+        void operator=(ModSecurityDebugLog const&);
+        */
+        int m_debug_level;
+        bool m_is_configured;
+};
+
+}  // namespace ModSecurity
+#endif
+
+#endif  // HEADERS_MODSECURITY_DEBUG_LOG_H_

headers/modsecurity/intervention.h

@@ -0,0 +1,34 @@
+/**
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#ifndef HEADERS_MODSECURITY_INTERVENTION_H_
+#define HEADERS_MODSECURITY_INTERVENTION_H_
+
+#ifdef __cplusplus
+namespace ModSecurity {
+#endif
+
+typedef struct ModSecurityIntervention_t {
+    int status;
+    int pause;
+    char *url;
+    char *log;
+} ModSecurityIntervention;
+
+#ifdef __cplusplus
+}  // namespace ModSecurity
+#endif
+
+#endif  // HEADERS_MODSECURITY_INTERVENTION_H_

headers/modsecurity/modsecurity.h

@@ -0,0 +1,219 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+/** @file modsecurity.h Main ModSecurity header file */
+
+/** @mainpage ModSecurity - open source, cross platform web application firewall
+ *
+ * Example Usage:
+ * @code
+ *
+ * using ModSecurity::ModSecurity;
+ * using ModSecurity::Rules;
+ * using ModSecurity::Assay;
+ *
+ * ModSecurity *modsec;
+ * ModSecurity::Rules *rules;
+ *
+ * modsec = new ModSecurity();
+ * rules = new Rules();
+ * rules->loadFromUri(rules_file);
+ *
+ * Assay *modsecAssay = new Assay(modsec, rules);
+ * modsecAssay->processConnection("127.0.0.1");
+ *
+ * if (modsecAssay->intervention()) {
+ *     std::cout << "There is an intervention" << std::endl;
+ * }
+ *
+ * ...      
+ *
+ * @endcode
+ * 
+ */
+
+/**
+ * @defgroup ModSecurity_C_API ModSecurity C API
+ *
+ * This is the ModSecurity C API description
+ *
+ * At this page you can get information on how the extend your C
+ * application, by embedding ModSecurity.
+ *
+ */
+
+
+/**
+ * @defgroup ModSecurity_CPP_API ModSecurity CPP API
+ *
+ * This is the ModSecurity CPP API description.
+ *
+ * At this page you can get information on how the extend your CPP
+ * application, by embedding ModSecurity.
+ *
+ */
+
+
+/**
+ * @defgroup ModSecurity_Operator ModSecurity Operators
+ *
+ * SecLanguage operator
+ */
+
+
+#ifdef __cplusplus
+#include <ctime>
+#include <iostream>
+#endif
+
+
+#ifndef HEADERS_MODSECURITY_MODSECURITY_H_
+#define HEADERS_MODSECURITY_MODSECURITY_H_
+
+
+#ifndef __cplusplus
+typedef struct ModSecurity_t ModSecurity;
+#endif
+
+
+#include "modsecurity/intervention.h"
+#include "modsecurity/assay.h"
+#include "modsecurity/debug_log.h"
+#include "modsecurity/rules.h"
+
+
+
+#define MODSECURITY_MAJOR "3"
+#define MODSECURITY_MINOR "0"
+#define MODSECURITY_PATCHLEVEL "0"
+
+
+#define MODSECURITY_VERSION MODSECURITY_MAJOR "." \
+    MODSECURITY_MINOR "." MODSECURITY_PATCHLEVEL
+
+
+#ifdef __cplusplus
+namespace ModSecurity {
+
+/* few forwarded declarations */
+namespace actions {
+class Action;
+}
+namespace operators {
+class Operators;
+}
+class Rule;
+
+/** @ingroup ModSecurity_CPP_API */
+class ModSecurity {
+ public:
+    ModSecurity();
+    ~ModSecurity() { }
+
+    /**
+     *
+     * The Phases enumerator consists in mapping the different stages of a
+     * given request. ModSecurity is expected to inspect data based on those
+     * "phases". If your module/application use this in a different order, it
+     * will lead ModSecurity to act in an unexpected behavior.
+     *
+     * It is mandatory to call all the phases, even if you don't have this
+     * phases segmented in your end.
+     *
+     */
+    enum Phases {
+    /**
+     *
+     * The connection is the very first information that ModSecurity can
+     * inspect. It is expected to happens before the virtual host name be
+     * resolved. This phase is expected to happen immediately after a
+     * connection is established.
+     *
+     */
+     ConnectionPhase,
+    /**
+     *
+     * The "URI" phase happens just after the web server (or any other
+     * application that you may use with ModSecurity) have the acknowledgement
+     * of the full request URI.
+     *
+     */
+     UriPhase,
+    /**
+     *
+     * The "RequestHeaders" phase happens when the server has all the
+     * information about the headers. Notice however, that it is expected to
+     * happen prior to the reception of the request body (if any).
+     *
+     */
+     RequestHeadersPhase,
+    /**
+     *
+     * At the "RequestHeaders" phase, ModSecurity is expected to inspect the
+     * content of a request body, that does not happens when the server has all
+     * the content but prior to that, when the body transmission started.
+     * ModSecurity can ask the webserver to block (or make any other disruptive
+     * action) while the client is still transmitting the data.
+     *
+     */
+     RequestBodyPhase,
+    /**
+     *
+     * The "ResponseHeaders" happens just before all the response headers are
+     * ready to be delivery to the client.
+     *
+     */
+     ResponseHeadersPhase,
+    /**
+     *
+     * Same as "RequestBody" the "ResponseBody" phase perform a stream
+     * inspection which may result in a disruptive action.
+     *
+     */
+     ResponseBodyPhase,
+    /**
+     *
+     * The last phase is the logging phase. At this phase ModSecurity will
+     * generate the internal logs, there is no need to hold the request at
+     * this point as this phase does not produce any kind of action.
+     *
+     */
+     LoggingPhase,
+    /**
+     * Just a marking for the expected number of phases.
+     * 
+     */
+     NUMBER_OF_PHASES,
+    };
+};
+
+
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** @ingroup ModSecurity_C_API */
+ModSecurity *msc_init();
+
+#ifdef __cplusplus
+}
+
+
+}  // namespace ModSecurity
+#endif
+
+#endif  // HEADERS_MODSECURITY_MODSECURITY_H_

headers/modsecurity/rules.h

@@ -0,0 +1,110 @@
+/**
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#ifdef __cplusplus
+#include <ctime>
+#include <iostream>
+#include <string>
+#include <vector>
+#endif
+
+
+#ifndef HEADERS_MODSECURITY_RULES_H_
+#define HEADERS_MODSECURITY_RULES_H_
+
+#ifndef __cplusplus
+typedef struct Rules_t Rules;
+typedef struct Assay_t Assay;
+#endif
+
+#include "modsecurity/modsecurity.h"
+#include "modsecurity/assay.h"
+#include "modsecurity/debug_log.h"
+
+
+#ifdef __cplusplus
+class Driver;
+
+namespace ModSecurity {
+class Rule;
+
+/** @ingroup ModSecurity_CPP_API */
+class Rules {
+ public:
+    Rules()
+        : m_referenceCount(0),
+        m_custom_debug_log(NULL) { }
+
+    explicit Rules(DebugLog *custom_log)
+        : m_referenceCount(0),
+        m_custom_debug_log(custom_log) { }
+
+    ~Rules() { }
+
+    void incrementReferenceCount(void);
+    void decrementReferenceCount(void);
+
+    /**
+    * FIXME:
+    *
+    * names should follow a patterner
+    *
+    */
+    int loadFromUri(char *uri);
+    int loadRemote(char *key, char *uri);
+    int load(char *rules);
+
+    int merge(Driver *driver);
+    int merge(Rules *rules);
+
+    int evaluate(int phase, Assay *assay);
+
+    std::vector<Rule *> rules[7];  // Number of Phases.
+
+    int sec_rule_engine;
+    int sec_audit_type;
+    bool sec_audit_engine;
+    bool sec_request_body_access;
+    bool sec_response_body_access;
+    std::string audit_log_path;
+    std::string audit_log_parts;
+    std::string debug_log_path;
+    int debug_level;
+    DebugLog *debug_log;
+    void debug(int level, std::string message);
+
+ private:
+    int m_referenceCount;
+    DebugLog *m_custom_debug_log;
+};
+
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+Rules *msc_create_rules_set();
+int msc_rules_merge(Rules *rules_dst, Rules *rules_from);
+int msc_rules_add_remote(Rules *rules, char *key, char *uri);
+int msc_rules_add_file(Rules *rules, char *file);
+int msc_rules_add(Rules *rules, char *plain_rules);
+
+#ifdef __cplusplus
+}
+}  // namespace ModSecurity
+#endif
+
+#endif  // HEADERS_MODSECURITY_RULES_H_