github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-21 03:26:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

Java test WebApp

Browse Source
This commit is contained in:
Mihai Pitu
2013-07-05 14:22:20 +01:00
committed by Felipe Zimmerle
parent a6c1627987
commit b9080aad18
11 changed files with 731 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ModSecurityTestApp/src/conf/MANIFEST.MF Normal file
View File

@@ -0,0 +1,2 @@
Manifest-Version: 1.0

126
java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurity.java Normal file
View File

@@ -0,0 +1,126 @@
package org.modsecurity;
import java.io.File;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public final class ModSecurity {
public static final int DONE = -2;
public static final int DECLINED = -1;
public static final int OK = 0;
//From build/classes: >"c:\Program Files\Java\jdk1.7.0_05\bin\javah.exe" -classpath c:\work\apache-tomcat-7.0.39\lib\servlet-api.jar;. org.modsecurity.ModSecurity
private FilterConfig filterConfig;
private String confFilename;
private long confTime;
private final static String pathToLib = "c:\\work\\mod_security\\java\\Debug\\";
static {
try {
//TODO: bad practice, native libraries should be loaded in server's classloader
System.load("c:\\work\\mod_security\\java\\libs\\zlib1.dll");
System.load("c:\\work\\mod_security\\java\\libs\\libxml2.dll");
System.load("c:\\work\\mod_security\\java\\libs\\pcre.dll");
System.load("c:\\work\\mod_security\\java\\libs\\libapr-1.dll");
System.load("c:\\work\\mod_security\\java\\libs\\libapriconv-1.dll");
System.load("c:\\work\\mod_security\\java\\libs\\libaprutil-1.dll");
System.load("c:\\work\\mod_security\\java\\Debug\\ModSecurityJNI.dll");
} catch (UnsatisfiedLinkError err) {
err.printStackTrace();
}
//java.lang.reflect.Field loadedLibraries = ClassLoader.class.getDeclaredField("loadedLibraryNames");
//loadedLibraries.setAccessible(true);
//final Vector<String> libraries = (Vector<String>) loadedLibraries.get(ClassLoader.getSystemClassLoader());
}
public ModSecurity(FilterConfig fc, String confFile) throws ServletException {
this.filterConfig = fc;
this.confFilename = confFile;
confTime = new File(confFilename).lastModified();
this.initialize();
filterConfig.getServletContext().log("ModSecurity started.");
}
private native int initialize();
public native int destroy();
public native int onRequest(String config, ServletRequest request, HttpServletRequest httprequest, String requestID, boolean reloadConfig);
public native int onResponse(ServletResponse response, HttpServletResponse htttpResponse, String requestID);
public static String[][] getHttpRequestHeaders(HttpServletRequest req) {
ArrayList<String> aList = Collections.list(req.getHeaderNames());
String[][] result = new String[aList.size()][2];
for (int i = 0; i < aList.size(); i++) {
result[i][0] = aList.get(i);
result[i][1] = req.getHeader(aList.get(i));
}
return result;
}
public static String[][] getHttpResponseHeaders(HttpServletResponse resp) {
Collection<String> headerNames = resp.getHeaderNames();
String[][] result = new String[headerNames.size()][2];
int i = 0;
for (String headerName : headerNames) {
result[i][0] = headerName;
result[i][1] = resp.getHeader(headerName);
i++;
}
return result;
}
public static boolean isIPv6(String addr) {
try {
InetAddress inetAddress = InetAddress.getByName(addr);
if (inetAddress instanceof Inet6Address) {
return true;
} else {
return false;
}
} catch (UnknownHostException ex) {
return false;
}
}
public void log(int level, String msg) {
//if (level == 1) {
filterConfig.getServletContext().log(msg);
//}
}
public boolean checkModifiedConfig() {
if (new File(confFilename).lastModified() > confTime) {
return true;
} else {
return false;
}
}
public String getAppPath() {
return filterConfig.getServletContext().getContextPath();
}
public String getConfFilename() {
return this.confFilename;
}
}

58
java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurityFilter.java Normal file
View File

@@ -0,0 +1,58 @@
package org.modsecurity;
import java.io.IOException;
import java.util.UUID;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
*
* Docs: http://docs.oracle.com/javaee/6/tutorial/doc/bnagb.html
*/
public class ModSecurityFilter implements Filter {
ModSecurity modsecurity;
@Override
public void init(FilterConfig fc) throws ServletException {
String confFilename = fc.getInitParameter("conf");
if (confFilename == null) {
throw new ServletException("ModSecurity: parameter 'conf' not available in web.xml");
} else {
confFilename = fc.getServletContext().getRealPath(confFilename);
}
modsecurity = new ModSecurity(fc, confFilename);
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain fc) throws IOException, ServletException {
HttpServletRequest httpReq = (HttpServletRequest) request;
HttpServletResponse httpResp = (HttpServletResponse) response;
String requestID = UUID.randomUUID().toString();
int status = modsecurity.onRequest(modsecurity.getConfFilename(), request, httpReq, requestID, modsecurity.checkModifiedConfig());
if (status != ModSecurity.DECLINED) {
return;
}
fc.doFilter(request, response);
status = modsecurity.onResponse(response, httpResp, requestID);
}
@Override
public void destroy() {
if (modsecurity != null) {
modsecurity.destroy();
}
}
}