github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 13:26:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds support for libMaxMind

Browse Source
This commit is contained in:
Felipe Zimmerle 2018-03-21 19:48:52 -03:00
parent 7bff76d794
commit df169ea108
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
20 changed files with 845 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

194
build/libmaxmind.m4 Normal file
View File

@ -0,0 +1,194 @@
dnl Check for MAXMIND Libraries
dnl CHECK_MAXMIND(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
dnl Sets:
dnl MAXMIND_CFLAGS
dnl MAXMIND_LDADD
dnl MAXMIND_LDFLAGS
dnl MAXMIND_LIBS
dnl MAXMIND_VERSION
AC_DEFUN([PROG_MAXMIND], [
# Needed if pkg-config will be used.
AC_REQUIRE([PKG_PROG_PKG_CONFIG])
# Possible names for the maxmind library/package (pkg-config)
MAXMIND_POSSIBLE_LIB_NAMES="libmaxminddb maxminddb maxmind"
# Possible extensions for the library
MAXMIND_POSSIBLE_EXTENSIONS="so la sl dll dylib"
# Possible paths (if pkg-config was not found, proceed with the file lookup)
MAXMIND_POSSIBLE_PATHS="/usr/local/libmaxmind /usr/local/maxmind /usr/local /opt/libmaxmind /opt/maxmind /opt /usr /opt/local/include /opt/local /usr/lib /usr/local/lib /usr/lib64 /usr"
# Variables to be set by this very own script.
MAXMIND_VERSION=""
MAXMIND_CFLAGS=""
MAXMIND_CPPFLAGS=""
MAXMIND_LDADD=""
MAXMIND_LDFLAGS=""
AC_ARG_WITH(
maxmind,
AS_HELP_STRING(
[--with-maxmind=PATH],
[Path to MaxMind (including headers). Use 'no' to disable MaxMind support.]
)
)
# AS_HELP_STRING(
# [--without-maxmind],
# [Complete dsiables MaxMind support]
# )
if test "x${with_maxmind}" == "xno"; then
AC_DEFINE(HAVE_MAXMIND, 0, [Support for MaxMind was disabled by the utilization of --without-maxmind or --with-maxmind=no])
AC_MSG_NOTICE([Support for MaxMind was disabled by the utilization of --without-maxmind or --with-maxmind=no])
MAXMIND_DISABLED=yes
else
if test "x${with_maxmind}" == "xyes"; then
MAXMIND_MANDATORY=yes
AC_MSG_NOTICE([MaxMind support was marked as mandatory by the utilization of --with-maxmind=yes])
fi
# for x in ${MAXMIND_POSSIBLE_LIB_NAMES}; do
# CHECK_FOR_MAXMIND_AT(${x})
# if test -n "${MAXMIND_VERSION}"; then
# break
# fi
# done
# if test "x${with_maxmind}" != "xyes" or test "x${with_maxmind}" == "xyes"; then
if test "x${with_maxmind}" == "x" || test "x${with_maxmind}" == "xyes"; then
# Nothing about MaxMind was informed, using the pkg-config to figure things out.
if test -n "${PKG_CONFIG}"; then
MAXMIND_PKG_NAME=""
for x in ${MAXMIND_POSSIBLE_LIB_NAMES}; do
if ${PKG_CONFIG} --exists ${x}; then
MAXMIND_PKG_NAME="$x"
break
fi
done
fi
AC_MSG_NOTICE([Nothing about MaxMind was informed during the configure phase. Trying to detect it on the platform...])
if test -n "${MAXMIND_PKG_NAME}"; then
# Package was found using the pkg-config scripts
MAXMIND_VERSION="`${PKG_CONFIG} ${MAXMIND_PKG_NAME} --modversion`"
MAXMIND_CFLAGS="`${PKG_CONFIG} ${MAXMIND_PKG_NAME} --cflags`"
MAXMIND_LDADD="`${PKG_CONFIG} ${MAXMIND_PKG_NAME} --libs-only-l`"
MAXMIND_LDFLAGS="`${PKG_CONFIG} ${MAXMIND_PKG_NAME} --libs-only-L --libs-only-other`"
MAXMIND_DISPLAY="${MAXMIND_LDADD}"
else
# If pkg-config did not find anything useful, go over file lookup.
for x in ${MAXMIND_POSSIBLE_PATHS}; do
CHECK_FOR_MAXMIND_AT(${x})
if test -n "${MAXMIND_VERSION}"; then
break
fi
done
fi
fi
if test "x${with_maxmind}" != "x"; then
# An specific path was informed, lets check.
MAXMIND_MANDATORY=yes
CHECK_FOR_MAXMIND_AT(${with_maxmind})
fi
# fi
fi
if test -z "${MAXMIND_DISPLAY}"; then
if test -z "${MAXMIND_MANDATORY}"; then
if test -z "${MAXMIND_DISABLED}"; then
AC_MSG_NOTICE([MaxMind library was not found])
MAXMIND_FOUND=0
else
MAXMIND_FOUND=2
fi
else
AC_MSG_ERROR([MaxMind was explicit requested but it was not found])
MAXMIND_FOUND=-1
fi
else
MAXMIND_FOUND=1
AC_MSG_NOTICE([using MaxMind v${MAXMIND_VERSION}])
MAXMIND_CFLAGS="-DWITH_MAXMIND ${MAXMIND_CFLAGS}"
if ! test "x$MAXMIND_CFLAGS" = "x"; then
MAXMIND_DISPLAY="${MAXMIND_DISPLAY}, ${MAXMIND_CFLAGS}"
fi
AC_SUBST(MAXMIND_VERSION)
AC_SUBST(MAXMIND_LDADD)
AC_SUBST(MAXMIND_LIBS)
AC_SUBST(MAXMIND_LDFLAGS)
AC_SUBST(MAXMIND_CFLAGS)
AC_SUBST(MAXMIND_DISPLAY)
fi
AC_SUBST(MAXMIND_FOUND)
]) # AC_DEFUN [PROG_MAXMIND]
AC_DEFUN([CHECK_FOR_MAXMIND_AT], [
path=$1
for y in ${MAXMIND_POSSIBLE_EXTENSIONS}; do
for z in ${MAXMIND_POSSIBLE_LIB_NAMES}; do
if test -e "${path}/${z}.${y}"; then
maxmind_lib_path="${path}/"
maxmind_lib_name="${z}"
maxmind_lib_file="${maxmind_lib_path}/${z}.${y}"
break
fi
if test -e "${path}/lib${z}.${y}"; then
maxmind_lib_path="${path}/"
maxmind_lib_name="${z}"
maxmind_lib_file="${maxmind_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/lib${z}.${y}"; then
maxmind_lib_path="${path}/lib/"
maxmind_lib_name="${z}"
maxmind_lib_file="${maxmind_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib64/lib${z}.${y}"; then
maxmind_lib_path="${path}/lib64/"
maxmind_lib_name="${z}"
maxmind_lib_file="${maxmind_lib_path}/lib${z}.${y}"
break
fi
if test -e "${path}/lib/x86_64-linux-gnu/lib${z}.${y}"; then
maxmind_lib_path="${path}/lib/x86_64-linux-gnu/"
maxmind_lib_name="${z}"
maxmind_lib_file="${maxmind_lib_path}/lib${z}.${y}"
break
fi
done
if test -n "$maxmind_lib_path"; then
break
fi
done
if test -e "${path}/include/maxminddb.h"; then
maxmind_inc_path="${path}/include"
elif test -e "${path}/maxminddb.h"; then
maxmind_inc_path="${path}"
fi
if test -n "${maxmind_inc_path}" -a -n "${maxmind_lib_path}"; then
AC_MSG_NOTICE([MaxMind headers found at: ${maxmind_inc_path}])
AC_MSG_NOTICE([MaxMind library found at: ${maxmind_lib_file}])
fi
if test -n "${maxmind_lib_path}" -a -n "${maxmind_inc_path}"; then
# TODO: Compile a piece of code to check the version.
MAXMIND_CFLAGS="-I${maxmind_inc_path}"
MAXMIND_LDADD="-l${maxmind_lib_name}"
MAXMIND_LDFLAGS="-L${maxmind_lib_path}"
MAXMIND_DISPLAY="${maxmind_lib_file}, ${maxmind_inc_path}"
fi
]) # AC_DEFUN [CHECK_FOR_MAXMIND_AT]

33
configure.ac
View File

@ -81,6 +81,10 @@ AM_CONDITIONAL([YAJL_VERSION], [test "$YAJL_VERSION" != ""])
PROG_GEOIP
AM_CONDITIONAL([GEOIP_CFLAGS], [test "GEOIP_CFLAGS" != ""])
# Check for MaxMind
PROG_MAXMIND
AM_CONDITIONAL([MAXMIND_CFLAGS], [test "MAXMIND_CFLAGS" != ""])
# Check for LMDB
PROG_LMDB
@ -404,21 +408,26 @@ echo SECLANG_TEST_VERSION
echo " "
echo " Optional dependencies"
## GeoIP
if test "x$GEOIP_FOUND" = "x0"; then
echo " + GeoIP ....not found"
## GeoIP - MaxMind
if test "x$GEOIP_FOUND" = "x0" && test "x$MAXMIND_FOUND" = "x0"; then
echo " + GeoIP/MaxMind ....not found"
fi
if test "x$GEOIP_FOUND" = "x1"; then
echo -n " + GeoIP ....found "
if ! test "x$GEOIP_VERSION" = "x"; then
echo "v${GEOIP_VERSION}"
else
echo ""
if test "x$GEOIP_FOUND" = "x1" || test "x$MAXMIND_FOUND" = "x1"; then
echo -n " + GeoIP/MaxMind ....found "
echo ""
if test "x$MAXMIND_FOUND" = "x1"; then
echo " * (MaxMind) v${MAXMIND_VERSION}"
echo " ${MAXMIND_DISPLAY}"
fi
if test "x$GEOIP_FOUND" = "x1"; then
echo " * (GeoIP) v${GEOIP_VERSION}"
echo " ${GEOIP_DISPLAY}"
fi
echo " ${GEOIP_DISPLAY}"
fi
if test "x$GEOIP_FOUND" = "x2"; then
echo " + GeoIP ....disabled"
if test "x$GEOIP_FOUND" = "x2" && test "x$MAXMIND_FOUND" = "x2"; then
echo " + GeoIP/MaxMind ....disabled"
fi

2
examples/multiprocess_c/Makefile.am
View File

@ -8,6 +8,7 @@ multi_SOURCES = \
multi_LDADD = \
$(SSDEEP_LDADD) \
$(LUA_LDADD) \
$(MAXMIND_LDADD) \
$(GLOBAL_LDADD)
multi_LDFLAGS = \
@ -19,6 +20,7 @@ multi_LDFLAGS = \
-lstdc++ \
$(LUA_LDFLAGS) \
$(SSDEEP_LDFLAGS) \
$(MAXMIND_LDFLAGS) \
$(YAJL_LDFLAGS)
multi_CFLAGS = \

2
examples/reading_logs_via_rule_message/Makefile.am
View File

@ -12,6 +12,7 @@ simple_request_LDADD = \
$(GLOBAL_LDADD) \
$(LIBXML2_LDADD) \
$(LMDB_LDADD) \
$(MAXMIND_LDADD) \
$(LUA_LDADD) \
$(PCRE_LDADD) \
$(SSDEEP_LDADD) \
@ -22,6 +23,7 @@ simple_request_LDFLAGS = \
$(LMDB_LDFLAGS) \
-lpthread \
$(LUA_LDFLAGS) \
$(MAXMIND_LDFLAGS) \
$(SSDEEP_LDFLAGS) \
$(YAJL_LDFLAGS)

3
examples/reading_logs_with_offset/Makefile.am
View File

@ -9,6 +9,7 @@ read_LDADD = \
$(top_builddir)/src/.libs/libmodsecurity.a \
$(CURL_LDADD) \
$(GEOIP_LDADD) \
$(MAXMIND_LDADD) \
$(GLOBAL_LDADD) \
$(LIBXML2_LDADD) \
$(LMDB_LDADD) \
@ -22,6 +23,7 @@ read_LDFLAGS = \
$(LMDB_LDFLAGS) \
$(LUA_LDFLAGS) \
$(SSDEEP_LDFLAGS) \
$(MAXMIND_LDFLAGS) \
$(YAJL_LDFLAGS)
read_CPPFLAGS = \
@ -34,6 +36,7 @@ read_CPPFLAGS = \
-fPIC \
-O3 \
$(GEOIP_CFLAGS) \
$(MAXMIND_CFLAGS) \
$(GLOBAL_CPPFLAGS) \
$(MODSEC_NO_LOGS) \
$(YAJL_CFLAGS) \

3
examples/using_bodies_in_chunks/Makefile.am
View File

@ -9,6 +9,7 @@ simple_request_LDADD = \
$(top_builddir)/src/.libs/libmodsecurity.a \
$(CURL_LDADD) \
$(GEOIP_LDADD) \
$(MAXMIND_LDADD) \
$(GLOBAL_LDADD) \
$(LIBXML2_LDADD) \
$(LMDB_LDADD) \
@ -19,6 +20,7 @@ simple_request_LDADD = \
simple_request_LDFLAGS = \
$(GEOIP_LDFLAGS) \
$(MAXMIND_LDFLAGS) \
$(LMDB_LDFLAGS) \
-lpthread \
$(LUA_LDFLAGS) \
@ -35,6 +37,7 @@ simple_request_CPPFLAGS = \
-fPIC \
-O3 \
$(GEOIP_CFLAGS) \
$(MAXMIND_CFLAGS) \
$(GLOBAL_CPPFLAGS) \
$(MODSEC_NO_LOGS) \
$(YAJL_CFLAGS) \

3
src/Makefile.am
View File

@ -304,6 +304,7 @@ libmodsecurity_la_CPPFLAGS = \
$(LMDB_CFLAGS) \
$(PCRE_CFLAGS) \
$(SSDEEP_CFLAGS) \
$(MAXMIND_CFLAGS) \
$(LUA_CFLAGS) \
$(LIBXML2_CFLAGS)
@ -318,6 +319,7 @@ libmodsecurity_la_LDFLAGS = \
$(LUA_LDFLAGS) \
$(PCRE_LDFLAGS) \
$(SSDEEP_LDFLAGS) \
$(MAXMIND_LDFLAGS) \
$(YAJL_LDFLAGS) \
-version-info @MSC_VERSION_INFO@
@ -332,6 +334,7 @@ libmodsecurity_la_LIBADD = \
../others/libinjection.la \
../others/libmbedtls.la \
$(PCRE_LDADD) \
$(MAXMIND_LDADD) \
$(SSDEEP_LDADD) \
$(YAJL_LDADD)

62
src/operators/geo_lookup.cc
View File

@ -15,7 +15,11 @@
#include "src/operators/geo_lookup.h"
#ifdef WITH_GEOIP
#if WITH_MAXMIND
#include <maxminddb.h>
#endif
#if WITH_GEOIP
#include <GeoIPCity.h>
#endif
@ -35,65 +39,13 @@ bool GeoLookup::evaluate(Transaction *trans, const std::string &exp) {
using std::placeholders::_2;
bool ret = true;
#ifdef WITH_GEOIP
GeoIPRecord *gir;
if (trans) {
ret = Utils::GeoLookup::getInstance().lookup(exp, &gir,
ret = Utils::GeoLookup::getInstance().lookup(exp, trans,
std::bind(&GeoLookup::debug, this, trans, _1, _2));
} else {
ret = Utils::GeoLookup::getInstance().lookup(exp, &gir,
ret = Utils::GeoLookup::getInstance().lookup(exp, NULL,
nullptr);
}
if (ret && gir) {
if (gir->country_code) {
trans->m_variableGeo.set("COUNTRY_CODE",
std::string(gir->country_code), 0);
}
if (gir->country_code3) {
trans->m_variableGeo.set("COUNTRY_CODE3",
std::string(gir->country_code3), 0);
}
if (gir->country_name) {
trans->m_variableGeo.set("COUNTRY_NAME",
std::string(gir->country_name), 0);
}
if (gir->continent_code) {
trans->m_variableGeo.set("COUNTRY_CONTINENT",
std::string(gir->continent_code), 0);
}
if (gir->country_code && gir->region) {
trans->m_variableGeo.set("REGION",
std::string(GeoIP_region_name_by_code(gir->country_code,
gir->region)), 0);
}
if (gir->city) {
trans->m_variableGeo.set("CITY", std::string(gir->city), 0);
}
if (gir->postal_code) {
trans->m_variableGeo.set("POSTAL_CODE",
std::string(gir->postal_code), 0);
}
if (gir->latitude) {
trans->m_variableGeo.set("LATITUDE",
std::to_string(gir->latitude), 0);
}
if (gir->longitude) {
trans->m_variableGeo.set("LONGITUDE",
std::to_string(gir->longitude), 0);
}
if (gir->metro_code) {
trans->m_variableGeo.set("DMA_CODE",
std::to_string(gir->metro_code), 0);
}
if (gir->area_code) {
trans->m_variableGeo.set("AREA_CODE",
std::to_string(gir->area_code), 0);
}
GeoIPRecord_delete(gir);
}
#endif // WITH_GEOIP
return ret;
}

4
src/parser/seclang-parser.cc
View File

@ -2438,10 +2438,10 @@ namespace yy {
driver.error(yystack_[1].location, ss.str());
YYERROR;
}
if (GeoLookup::getInstance().setDataBase(file) == false) {
if (GeoLookup::getInstance().setDataBase(file, &err) == false) {
std::stringstream ss;
ss << "Failed to load the GeoDB from: ";
ss << file;
ss << file << ". " << err;
driver.error(yystack_[1].location, ss.str());
YYERROR;
}

4
src/parser/seclang-parser.yy
View File

@ -1557,10 +1557,10 @@ expression:
driver.error(@0, ss.str());
YYERROR;
}
if (GeoLookup::getInstance().setDataBase(file) == false) {
if (GeoLookup::getInstance().setDataBase(file, &err) == false) {
std::stringstream ss;
ss << "Failed to load the GeoDB from: ";
ss << file;
ss << file << ". " << err;
driver.error(@0, ss.str());
YYERROR;
}

252
src/utils/geo_lookup.cc
View File

@ -23,33 +23,81 @@
#include <iostream>
#include "src/utils/geo_lookup.h"
#ifdef WITH_GEOIP
#if WITH_MAXMIND
#include <maxminddb.h>
#elif WITH_GEOIP
#include <GeoIPCity.h>
#endif // WITH_GEOIP
#endif
namespace modsecurity {
namespace Utils {
GeoLookup::~GeoLookup() {
#ifdef WITH_GEOIP
cleanUp();
#endif // WITH_GEOIP
}
#ifdef WITH_GEOIP
void GeoLookup::cleanUp() {
if (m_gi != NULL) {
#ifdef WITH_MAXMIND
if (m_version == VERSION_MAXMIND) {
MMDB_close(&mmdb);
}
#endif
#ifdef WITH_GEOIP
if (m_version == VERSION_GEOIP && m_gi != NULL) {
GeoIP_delete(m_gi);
m_gi = NULL;
}
#endif
m_version = NOT_LOADED;
}
bool GeoLookup::setDataBase(const std::string& filePath) {
m_gi = GeoIP_open(filePath.c_str(), GEOIP_INDEX_CACHE);
if (m_gi == NULL) {
bool GeoLookup::setDataBase(const std::string& filePath,
std::string *err) {
std::string intMax;
std::string intGeo;
#ifdef WITH_MAXMIND
int status = MMDB_open(filePath.c_str(), MMDB_MODE_MMAP, &mmdb);
if (status != MMDB_SUCCESS) {
intMax.assign("libMaxMind: Can't open: " + std::string(MMDB_strerror(status)) + ".");
} else {
m_version = VERSION_MAXMIND;
}
#endif
#ifdef WITH_GEOIP
if (m_version == NOT_LOADED) {
m_gi = GeoIP_open(filePath.c_str(), GEOIP_INDEX_CACHE);
if (m_gi == NULL) {
intGeo.append("GeoIP: Can't open: " + filePath + ".");
} else {
m_version = VERSION_GEOIP;
}
}
#endif
if (m_version == NOT_LOADED) {
err->assign("Can't open: " + filePath + ". ");
err->append("Support enabled for:");
#ifdef WITH_MAXMIND
err->append(" libMaxMind");
#endif
#ifdef WITH_GEOIP
err->append(" GeoIP");
#endif
err->append(".");
if (intMax.size() > 0) {
err->append(" " + intMax);
}
if (intGeo.size() > 0) {
err->append(" " + intGeo);
}
return false;
}
@ -57,25 +105,195 @@ bool GeoLookup::setDataBase(const std::string& filePath) {
}
bool GeoLookup::lookup(const std::string& target, GeoIPRecord **gir,
bool GeoLookup::lookup(const std::string& target, Transaction *trans,
std::function<bool(int, std::string)> debug) {
if (m_gi == NULL) {
if (m_version == NOT_LOADED) {
if (debug) {
debug(4, "GeoIP: Database is not open. " \
debug(4, "Database is not open. " \
"Use: SecGeoLookupDb directive.");
}
return false;
}
*gir = GeoIP_record_by_name(m_gi, target.c_str());
if (*gir == NULL) {
return false;
#ifdef WITH_MAXMIND
if (m_version == VERSION_MAXMIND) {
int gai_error, mmdb_error;
MMDB_lookup_result_s r;
int status;
r = MMDB_lookup_string(&mmdb, target.c_str(), &gai_error, &mmdb_error);
if (gai_error) {
if (debug) {
debug(4, "MaxMind: Error from getaddrinfo for: " +
target + ". " + gai_strerror(gai_error));
}
return false;
}
if (mmdb_error != MMDB_SUCCESS) {
if (debug) {
debug(4, "MaxMind: Got an error from libmaxminddb: " +
std::string(MMDB_strerror(mmdb_error)));
}
return false;
}
if (!r.found_entry) {
return false;
} else {
MMDB_entry_data_s entry_data;
status = MMDB_get_value(&r.entry, &entry_data,
"country", "iso_code", NULL);
if (status == MMDB_SUCCESS && entry_data.has_data) {
trans->m_variableGeo.set("COUNTRY_CODE",
std::string(entry_data.utf8_string,
entry_data.data_size), 0);
}
status = MMDB_get_value(&r.entry, &entry_data,
"country", "names", "en", NULL);
if (status == MMDB_SUCCESS && entry_data.has_data) {
trans->m_variableGeo.set("COUNTRY_NAME",
std::string(entry_data.utf8_string,
entry_data.data_size), 0);
}
status = MMDB_get_value(&r.entry, &entry_data,
"continent", "names", "en", NULL);
if (status == MMDB_SUCCESS && entry_data.has_data) {
trans->m_variableGeo.set("COUNTRY_CONTINENT",
std::string(entry_data.utf8_string,
entry_data.data_size), 0);
}
status = MMDB_get_value(&r.entry, &entry_data,
"city", "names", "en", NULL);
if (status == MMDB_SUCCESS && entry_data.has_data) {
trans->m_variableGeo.set("CITY",
std::string(entry_data.utf8_string,
entry_data.data_size), 0);
}
status = MMDB_get_value(&r.entry, &entry_data,
"postal", "code", NULL);
if (status == MMDB_SUCCESS && entry_data.has_data) {
trans->m_variableGeo.set("POSTAL_CODE",
std::string(entry_data.utf8_string,
entry_data.data_size), 0);
}
status = MMDB_get_value(&r.entry, &entry_data,
"location", "latitude", NULL);
if (status == MMDB_SUCCESS && entry_data.has_data) {
trans->m_variableGeo.set("LATITUDE",
std::to_string(entry_data.double_value), 0);
}
status = MMDB_get_value(&r.entry, &entry_data,
"location", "longitude", NULL);
if (status == MMDB_SUCCESS && entry_data.has_data) {
trans->m_variableGeo.set("LONGITUDE",
std::to_string(entry_data.double_value), 0);
}
/*
status = MMDB_get_value(&r.entry, &entry_data,
NULL);
if (status == MMDB_SUCCESS && entry_data.has_data) {
trans->m_variableGeo.set("COUNTRY_CODE3",
std::string(entry_data.utf8_string), 0);
}
status = MMDB_get_value(&r.entry, &entry_data,
NULL);
if (status == MMDB_SUCCESS && entry_data.has_data) {
trans->m_variableGeo.set("REGION",
std::string(entry_data.utf8_string), 0);
}
status = MMDB_get_value(&r.entry, &entry_data,
NULL);
if (status == MMDB_SUCCESS && entry_data.has_data) {
trans->m_variableGeo.set("DMA_CODE",
std::string(entry_data.utf8_string), 0);
}
status = MMDB_get_value(&r.entry, &entry_data,
NULL);
if (status == MMDB_SUCCESS && entry_data.has_data) {
trans->m_variableGeo.set("AREA_CODE",
std::string(entry_data.utf8_string), 0);
}
*/
}
}
#endif
#ifdef WITH_GEOIP
if (m_version == VERSION_GEOIP) {
GeoIPRecord *gir;
gir = GeoIP_record_by_name(m_gi, target.c_str());
if (gir == NULL) {
return false;
}
if (trans) {
if (gir->country_code) {
trans->m_variableGeo.set("COUNTRY_CODE",
std::string(gir->country_code), 0);
}
if (gir->country_code3) {
trans->m_variableGeo.set("COUNTRY_CODE3",
std::string(gir->country_code3), 0);
}
if (gir->country_name) {
trans->m_variableGeo.set("COUNTRY_NAME",
std::string(gir->country_name), 0);
}
if (gir->continent_code) {
trans->m_variableGeo.set("COUNTRY_CONTINENT",
std::string(gir->continent_code), 0);
}
if (gir->country_code && gir->region) {
trans->m_variableGeo.set("REGION",
std::string(GeoIP_region_name_by_code(gir->country_code,
gir->region)), 0);
}
if (gir->city) {
trans->m_variableGeo.set("CITY", std::string(gir->city), 0);
}
if (gir->postal_code) {
trans->m_variableGeo.set("POSTAL_CODE",
std::string(gir->postal_code), 0);
}
if (gir->latitude) {
trans->m_variableGeo.set("LATITUDE",
std::to_string(gir->latitude), 0);
}
if (gir->longitude) {
trans->m_variableGeo.set("LONGITUDE",
std::to_string(gir->longitude), 0);
}
if (gir->metro_code) {
trans->m_variableGeo.set("DMA_CODE",
std::to_string(gir->metro_code), 0);
}
if (gir->area_code) {
trans->m_variableGeo.set("AREA_CODE",
std::to_string(gir->area_code), 0);
}
}
GeoIPRecord_delete(gir);
}
#endif
return true;
}
#endif // WITH_GEOIP
} // namespace Utils

39
src/utils/geo_lookup.h
View File

@ -18,7 +18,10 @@
#include <string>
#include <functional>
#ifdef WITH_GEOIP // WITH_GEOIP
#if WITH_MAXMIND
#include <maxminddb.h>
#endif
#if WITH_GEOIP
#include <GeoIPCity.h>
#endif
@ -30,6 +33,11 @@
namespace modsecurity {
namespace Utils {
enum GeoLookupVersion {
NOT_LOADED,
VERSION_MAXMIND,
VERSION_GEOIP,
};
class GeoLookup {
public:
@ -37,24 +45,31 @@ class GeoLookup {
static GeoLookup instance;
return instance;
}
#ifdef WITH_GEOIP
bool setDataBase(const std::string& filePath);
bool lookup(const std::string& target, GeoIPRecord **georec,
std::function<bool(int, std::string)> callback);
bool setDataBase(const std::string& filePath, std::string *err);
void cleanUp();
#endif // WITH_GEOIP
bool lookup(const std::string& target, Transaction *t,
std::function<bool(int, std::string)> callback);
private:
GeoLookup()
: m_gi(NULL) { }
GeoLookup() :
#if WITH_GEOIP
m_gi(NULL),
#endif
m_version(NOT_LOADED) { }
~GeoLookup();
GeoLookup(GeoLookup const&);
void operator=(GeoLookup const&);
#ifdef WITH_GEOIP
GeoLookupVersion m_version;
#if WITH_MAXMIND
MMDB_s mmdb;
#endif
#if WITH_GEOIP
GeoIP *m_gi;
#else // WITH_GEOIP
void *m_gi;
#endif // WITH_GEOIP
#endif
};

9
test/Makefile.am
View File

@ -43,6 +43,7 @@ unit_tests_LDADD = \
$(top_builddir)/src/.libs/libmodsecurity.a \
$(CURL_LDADD) \
$(GEOIP_LDADD) \
$(MAXMIND_LDADD) \
$(GLOBAL_LDADD) \
$(LIBXML2_LDADD) \
$(LMDB_LDADD) \
@ -54,6 +55,7 @@ unit_tests_LDADD = \
unit_tests_LDFLAG = \
$(GEOIP_LDFLAGS) \
$(MAXMIND_LDFLAGS) \
$(LMDB_LDFLAGS) \
$(LUA_LDFLAGS) \
$(SSDEEP_LDFLAGS) \
@ -70,6 +72,7 @@ unit_tests_CPPFLAGS = \
$(CURL_CFLAGS) \
$(MODSEC_NO_LOGS) \
$(GEOIP_CFLAGS) \
$(MAXMIND_CFLAGS) \
$(GLOBAL_CPPFLAGS) \
$(LMDB_CFLAGS) \
$(PCRE_CFLAGS) \
@ -91,6 +94,7 @@ regression_tests_LDADD = \
$(top_builddir)/src/.libs/libmodsecurity.a \
$(CURL_LDADD) \
$(GEOIP_LDADD) \
$(MAXMIND_LDADD) \
$(GLOBAL_LDADD) \
$(LIBXML2_LDADD) \
$(LMDB_LDADD) \
@ -102,6 +106,7 @@ regression_tests_LDADD = \
regression_tests_LDFLAGS = \
$(GEOIP_LDFLAGS) \
$(MAXMIND_LDFLAGS) \
$(YAJL_LDFLAGS) \
$(LMDB_LDFLAGS) \
$(SSDEEP_LDFLAGS) \
@ -118,6 +123,7 @@ regression_tests_CPPFLAGS = \
$(CURL_CFLAGS) \
$(MODSEC_NO_LOGS) \
$(GEOIP_CFLAGS) \
$(MAXMIND_CFLAGS) \
$(GLOBAL_CPPFLAGS) \
$(LMDB_CFLAGS) \
$(LUA_CFLAGS) \
@ -138,6 +144,7 @@ rules_optimization_LDADD = \
$(top_builddir)/src/.libs/libmodsecurity.a \
$(CURL_LDADD) \
$(GEOIP_LDADD) \
$(MAXMIND_LDADD) \
$(GLOBAL_LDADD) \
$(LIBXML2_LDADD) \
$(LMDB_LDADD) \
@ -148,6 +155,7 @@ rules_optimization_LDADD = \
rules_optimization_LDFLAGS = \
$(GEOIP_LDFLAGS) \
$(MAXMIND_LDFLAGS) \
$(LMDB_LDFLAGS) \
$(LUA_LDFLAGS) \
$(SSDEEP_LDFLAGS) \
@ -163,6 +171,7 @@ rules_optimization_CPPFLAGS = \
$(CURL_CFLAGS) \
$(MODSEC_NO_LOGS) \
$(GEOIP_CFLAGS) \
$(MAXMIND_CFLAGS) \
$(GLOBAL_CPPFLAGS) \
$(LMDB_CFLAGS) \
$(LUA_CFLAGS) \

2
test/benchmark/Makefile.am
View File

@ -9,6 +9,7 @@ benchmark_LDADD = \
$(top_builddir)/src/.libs/libmodsecurity.a \
$(CURL_LDADD) \
$(GEOIP_LDADD) \
$(MAXMIND_LDADD) \
$(PCRE_LDADD) \
$(YAJL_LDADD) \
$(LMDB_LDADD) \
@ -20,6 +21,7 @@ benchmark_LDADD = \
benchmark_LDFLAGS = \
$(top_builddir)/src/.libs/libmodsecurity.a \
$(GEOIP_LDFLAGS) \
$(MAXMIND_LDFLAGS) \
$(YAJL_LDFLAGS) \
$(LMDB_LDFLAGS) \
$(SSDEEP_LDFLAGS) \

2
test/fuzzer/Makefile.am
View File

@ -20,6 +20,7 @@ afl_fuzzer_LDADD = \
$(PCRE_LDADD) \
$(YAJL_LDFLAGS) $(YAJL_LDADD) \
$(LMDB_LDFLAGS) $(LMDB_LDADD) \
$(MAXMIND_LDFLAGS) $(MAXMIND_LDADD) \
$(SSDEEP_LDFLAGS) $(SSDEEP_LDADD) \
$(LUA_LDFLAGS) $(LUA_LDADD) \
$(LIBXML2_LDADD) \
@ -37,6 +38,7 @@ afl_fuzzer_CPPFLAGS = \
-g \
-I$(top_builddir)/headers \
$(GEOIP_CFLAGS) \
$(MAXMIND_CFLAGS) \
$(GLOBAL_CPPFLAGS) \
$(MODSEC_NO_LOGS) \
$(YAJL_CFLAGS) \

11
test/regression/regression.cc
View File

@ -426,9 +426,18 @@ int main(int argc, char **argv) {
int test_number = 0;
#endif
#ifdef WITH_GEOIP
#if defined(WITH_GEOIP) or defined(WITH_MAXMIND)
resources.push_back("geoip-or-maxmind");
#endif
#if defined(WITH_MAXMIND)
resources.push_back("maxmind");
#endif
#if defined(WITH_GEOIP)
resources.push_back("geoip");
#endif
#ifdef WITH_CURL
resources.push_back("curl");
#endif

BIN
test/test-cases/data/geo/GeoLite2-City.mmdb Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 60 MiB

321
test/test-cases/regression/variable-GEO.json
View File

@ -3,7 +3,7 @@
"enabled":1,
"version_min":300000,
"resource":"geoip",
"title":"Testing Variables :: GEO:LONGITUDE",
"title":"Testing Variables :: GEO:LONGITUDE [GeoIP]",
"client":{
"ip":"64.17.254.216",
"port":123
@ -44,8 +44,8 @@
{
"enabled":1,
"version_min":300000,
"resource":"geoip",
"title":"Testing Variables :: GEO:COUNTRY_NAME",
"resource":"maxmind",
"title":"Testing Variables :: GEO:COUNTRY_NAME [maxmind]",
"client":{
"ip":"64.17.254.216",
"port":123
@ -78,7 +78,7 @@
},
"rules":[
"SecRuleEngine On",
"SecGeoLookupDb test-cases\/data\/geo\/GeoIPCity.dat",
"SecGeoLookupDb test-cases\/data\/geo\/GeoLite2-City.mmdb",
"SecRule REMOTE_ADDR \"@geoLookup\" \"id:1,pass,t:trim\"",
"SecRule GEO \"@contains test \" \"id:2,pass,t:trim\""
]
@ -87,7 +87,7 @@
"enabled":1,
"version_min":300000,
"resource":"geoip",
"title":"Testing Variables :: GEO:LATITUDE",
"title":"Testing Variables :: GEO:LATITUDE [GeoIP]",
"client":{
"ip":"64.17.254.216",
"port":123
@ -129,7 +129,7 @@
"enabled":1,
"version_min":300000,
"resource":"geoip",
"title":"Testing Variables :: GEO:COUNTRY_CODE3",
"title":"Testing Variables :: GEO:COUNTRY_CODE3 [GeoIP]",
"client":{
"ip":"64.17.254.216",
"port":123
@ -171,7 +171,7 @@
"enabled":1,
"version_min":300000,
"resource":"geoip",
"title":"Testing Variables :: GEO:COUNTRY_CODE",
"title":"Testing Variables :: GEO:COUNTRY_CODE [GeoIP]",
"client":{
"ip":"64.17.254.216",
"port":123
@ -213,7 +213,7 @@
"enabled":1,
"version_min":300000,
"resource":"geoip",
"title":"Testing Variables :: GEO:COUNTRY_CONTINENT",
"title":"Testing Variables :: GEO:COUNTRY_CONTINENT [GeoIP]",
"client":{
"ip":"64.17.254.216",
"port":123
@ -255,7 +255,7 @@
"enabled":1,
"version_min":300000,
"resource":"geoip",
"title":"Testing Variables :: GEO:AREA_CODE",
"title":"Testing Variables :: GEO:AREA_CODE [GeoIP]",
"client":{
"ip":"64.17.254.216",
"port":123
@ -297,7 +297,7 @@
"enabled":1,
"version_min":300000,
"resource":"geoip",
"title":"Testing Variables :: GEO:DMA_CODE",
"title":"Testing Variables :: GEO:DMA_CODE [GeoIP]",
"client":{
"ip":"64.17.254.216",
"port":123
@ -339,7 +339,7 @@
"enabled":1,
"version_min":300000,
"resource":"geoip",
"title":"Testing Variables :: GEO:POSTAL_CODE",
"title":"Testing Variables :: GEO:POSTAL_CODE [GeoIP]",
"client":{
"ip":"64.17.254.216",
"port":123
@ -381,7 +381,7 @@
"enabled":1,
"version_min":300000,
"resource":"geoip",
"title":"Testing Variables :: GEO:REGION",
"title":"Testing Variables :: GEO:REGION [GeoIP]",
"client":{
"ip":"64.17.254.216",
"port":123
@ -423,7 +423,7 @@
"enabled":1,
"version_min":300000,
"resource":"geoip",
"title":"Testing Variables :: GEO:CITY",
"title":"Testing Variables :: GEO:CITY [GeoIP]",
"client":{
"ip":"64.17.254.216",
"port":123
@ -460,6 +460,301 @@
"SecRule REMOTE_ADDR \"@geoLookup\" \"id:1,pass,t:trim\"",
"SecRule GEO \"@contains test \" \"id:2,pass,t:trim\""
]
},
{
"enabled":1,
"version_min":300000,
"resource":"geoip",
"title":"Testing Variables :: GEO:LONGITUDE [GeoIP]",
"client":{
"ip":"64.17.254.216",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*"
},
"uri":"/?key=value&key=other_value",
"method":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"debug_log":"Target value: \"-118.403999\" \\(Variable: GEO:LONGITUDE\\)"
},
"rules":[
"SecRuleEngine On",
"SecGeoLookupDb test-cases\/data\/geo\/GeoIPCity.dat",
"SecRule REMOTE_ADDR \"@geoLookup\" \"id:1,pass,t:trim\"",
"SecRule GEO \"@contains test \" \"id:2,pass,t:trim\""
]
},
{
"enabled":1,
"version_min":300000,
"resource":"maxmind",
"title":"Testing Variables :: GEO:COUNTRY_NAME [maxmind]",
"client":{
"ip":"64.17.254.216",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*"
},
"uri":"/?key=value&key=other_value",
"method":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"debug_log":"Target value: \"United States\" \\(Variable: GEO:COUNTRY_NAME\\)"
},
"rules":[
"SecRuleEngine On",
"SecGeoLookupDb test-cases\/data\/geo\/GeoLite2-City.mmdb",
"SecRule REMOTE_ADDR \"@geoLookup\" \"id:1,pass,t:trim\"",
"SecRule GEO \"@contains test \" \"id:2,pass,t:trim\""
]
},
{
"enabled":1,
"version_min":300000,
"resource":"maxmind",
"title":"Testing Variables :: GEO:LATITUDE [maxmind]",
"client":{
"ip":"64.17.254.216",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*"
},
"uri":"/?key=value&key=other_value",
"method":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"debug_log":"Target value: \"41.517100\" \\(Variable: GEO:LATITUDE\\)"
},
"rules":[
"SecRuleEngine On",
"SecGeoLookupDb test-cases\/data\/geo\/GeoLite2-City.mmdb",
"SecRule REMOTE_ADDR \"@geoLookup\" \"id:1,pass,t:trim\"",
"SecRule GEO \"@contains test \" \"id:2,pass,t:trim\""
]
},
{
"enabled":1,
"version_min":300000,
"resource":"maxmind",
"title":"Testing Variables :: GEO:COUNTRY_CODE [maxmind]",
"client":{
"ip":"64.17.254.216",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*"
},
"uri":"/?key=value&key=other_value",
"method":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"debug_log":"Target value: \"US\" \\(Variable: GEO:COUNTRY_CODE\\)"
},
"rules":[
"SecRuleEngine On",
"SecGeoLookupDb test-cases\/data\/geo\/GeoLite2-City.mmdb",
"SecRule REMOTE_ADDR \"@geoLookup\" \"id:1,pass,t:trim\"",
"SecRule GEO \"@contains test \" \"id:2,pass,t:trim\""
]
},
{
"enabled":1,
"version_min":300000,
"resource":"maxmind",
"title":"Testing Variables :: GEO:COUNTRY_CONTINENT [maxmind]",
"client":{
"ip":"64.17.254.216",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*"
},
"uri":"/?key=value&key=other_value",
"method":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"debug_log":"Target value: \"North America\" \\(Variable: GEO:COUNTRY_CONTINENT\\)"
},
"rules":[
"SecRuleEngine On",
"SecGeoLookupDb test-cases\/data\/geo\/GeoLite2-City.mmdb",
"SecRule REMOTE_ADDR \"@geoLookup\" \"id:1,pass,t:trim\"",
"SecRule GEO \"@contains test \" \"id:2,pass,t:trim\""
]
},
{
"enabled":1,
"version_min":300000,
"resource":"maxmind",
"title":"Testing Variables :: GEO:POSTAL_CODE [maxmind]",
"client":{
"ip":"64.17.254.216",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*"
},
"uri":"/?key=value&key=other_value",
"method":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"debug_log":"Target value: \"02842\" \\(Variable: GEO:POSTAL_CODE\\)"
},
"rules":[
"SecRuleEngine On",
"SecGeoLookupDb test-cases\/data\/geo\/GeoLite2-City.mmdb",
"SecRule REMOTE_ADDR \"@geoLookup\" \"id:1,pass,t:trim\"",
"SecRule GEO \"@contains test \" \"id:2,pass,t:trim\""
]
},
{
"enabled":1,
"version_min":300000,
"resource":"maxmind",
"title":"Testing Variables :: GEO:CITY [maxmind]",
"client":{
"ip":"64.17.254.216",
"port":123
},
"server":{
"ip":"200.249.12.31",
"port":80
},
"request":{
"headers":{
"Host":"localhost",
"User-Agent":"curl/7.38.0",
"Accept":"*/*"
},
"uri":"/?key=value&key=other_value",
"method":"GET"
},
"response":{
"headers":{
"Date":"Mon, 13 Jul 2015 20:02:41 GMT",
"Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
"Content-Type":"text/html"
},
"body":[
"no need."
]
},
"expected":{
"debug_log":"Target value: \"Middletown\" \\(Variable: GEO:CITY\\)"
},
"rules":[
"SecRuleEngine On",
"SecGeoLookupDb test-cases\/data\/geo\/GeoLite2-City.mmdb",
"SecRule REMOTE_ADDR \"@geoLookup\" \"id:1,pass,t:trim\"",
"SecRule GEO \"@contains test \" \"id:2,pass,t:trim\""
]
}
]

11
test/unit/unit.cc
View File

@ -122,9 +122,18 @@ int main(int argc, char **argv) {
ModSecurityTest<UnitTest> test;
ModSecurityTestResults<UnitTest> results;
#ifdef WITH_GEOIP
#if defined(WITH_GEOIP) or defined(WITH_MAXMIND)
resources.push_back("geoip-or-maxmind");
#endif
#if defined(WITH_MAXMIND)
resources.push_back("maxmind");
#endif
#if defined(WITH_GEOIP)
resources.push_back("geoip");
#endif
#ifdef WITH_CURL
resources.push_back("curl");
#endif

3
tools/rules-check/Makefile.am
View File

@ -9,6 +9,7 @@ modsec_rules_check_LDADD = \
$(top_builddir)/src/.libs/libmodsecurity.a \
$(CURL_LDADD) \
$(GEOIP_LDADD) \
$(MAXMIND_LDADD) \
$(GLOBAL_LDADD) \
$(LIBXML2_LDADD) \
$(LMDB_LDADD) \
@ -19,6 +20,7 @@ modsec_rules_check_LDADD = \
modsec_rules_check_LDFLAGS = \
$(GEOIP_LDFLAGS) \
$(MAXMIND_LDFLAGS) \
$(LDFLAGS) \
$(LMDB_LDFLAGS) \
$(LUA_LDFLAGS) \
@ -31,6 +33,7 @@ modsec_rules_check_CPPFLAGS = \
$(GLOBAL_CPPFLAGS) \
$(PCRE_CFLAGS) \
$(LMDB_CFLAGS) \
$(MAXMIND_CFLAGS) \
$(LIBXML2_CFLAGS)
MAINTAINERCLEANFILES = \