github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 03:34:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds support to GeoIP operator and variables.

Browse Source
This commit is contained in:
Felipe Zimmerle
2015-07-20 21:04:21 -03:00
parent 41bf1490b7
commit e189055ec3
17 changed files with 890 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/Makefile.am
View File

@@ -76,7 +76,8 @@ ACTIONS = \
UTILS = \
utils/sha1.cc \
utils/md5.cc
utils/md5.cc \
utils/geo_lookup.cc
libmodsecurity_la_SOURCES = \
parser/seclang-parser.yy \
@@ -113,7 +114,7 @@ libmodsecurity_la_SOURCES = \
operators/verify_cc.cc \
operators/verify_cpf.cc \
operators/verify_ssn.cc \
operators/geolookup.cc \
operators/geo_lookup.cc \
operators/gsblookup.cc \
operators/rsub.cc \
operators/within.cc \
@@ -152,10 +153,10 @@ libmodsecurity_la_CPPFLAGS = \
-O0 \
-I ../headers
libmodsecurity_la_LIBADD = \
@LEXLIB@ \
$(YAJL_LDADD)
$(GEOIP_LDADD) \
$(YAJL_LDADD)
libmodsecurity_la_LDFLAGS = \
-version-info @MSC_VERSION_INFO@

95
src/operators/geo_lookup.cc Normal file
View File

@@ -0,0 +1,95 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include "operators/geo_lookup.h"
#include <GeoIPCity.h>
#include <string>
#include <functional>
#include "operators/operator.h"
#include "utils/geo_lookup.h"
namespace ModSecurity {
namespace operators {
bool GeoLookup::evaluate(Assay *assay, const std::string &exp) {
using std::placeholders::_1;
using std::placeholders::_2;
GeoIPRecord *gir;
bool ret = Utils::GeoLookup::getInstance().lookup(exp, &gir,
std::bind(&GeoLookup::debug, this, assay, _1, _2));
if (ret && gir) {
if (gir->country_code) {
assay->store_variable("GEO:COUNTRY_CODE", gir->country_code);
}
if (gir->country_code3) {
assay->store_variable("GEO:COUNTRY_CODE3", gir->country_code3);
}
if (gir->country_name) {
assay->store_variable("GEO:COUNTRY_NAME", gir->country_name);
}
if (gir->continent_code) {
assay->store_variable("GEO:COUNTRY_CONTINENT",
gir->continent_code);
}
if (gir->country_code && gir->region) {
assay->store_variable("GEO:REGION",
GeoIP_region_name_by_code(gir->country_code, gir->region));
}
if (gir->city) {
assay->store_variable("GEO:CITY", gir->city);
}
if (gir->postal_code) {
assay->store_variable("GEO:POSTAL_CODE", gir->postal_code);
}
if (gir->latitude) {
assay->store_variable("GEO:LATITUDE",
std::to_string(gir->latitude));
}
if (gir->longitude) {
assay->store_variable("GEO:LONGITUDE",
std::to_string(gir->longitude));
}
if (gir->metro_code) {
assay->store_variable("GEO:DMA_CODE",
std::to_string(gir->metro_code));
}
if (gir->area_code) {
assay->store_variable("GEO:AREA_CODE",
std::to_string(gir->area_code));
}
GeoIPRecord_delete(gir);
}
return ret;
}
GeoLookup::GeoLookup(std::string op, std::string param,
bool negation)
: Operator() {
this->op = op;
this->param = param;
}
} // namespace operators
} // namespace ModSecurity

10
src/operators/geolookup.h → src/operators/geo_lookup.h
View File

@@ -1,4 +1,4 @@
/**
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
@@ -13,8 +13,8 @@
*
*/
#ifndef SRC_OPERATORS_GEOLOOKUP_H_
#define SRC_OPERATORS_GEOLOOKUP_H_
#ifndef SRC_OPERATORS_GEO_LOOKUP_H_
#define SRC_OPERATORS_GEO_LOOKUP_H_
#include <string>
@@ -28,7 +28,7 @@ class GeoLookup : public Operator {
public:
/** @ingroup ModSecurity_Operator */
GeoLookup(std::string o, std::string p, bool i);
bool evaluate(Assay *assay);
bool evaluate(Assay *assay, const std::string &exp) override;
};
} // namespace operators
@@ -36,4 +36,4 @@ class GeoLookup : public Operator {
#endif
#endif // SRC_OPERATORS_GEOLOOKUP_H_
#endif // SRC_OPERATORS_GEO_LOOKUP_H_

41
src/operators/geolookup.cc
View File

@@ -1,41 +0,0 @@
/**
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include "operators/geolookup.h"
#include <string>
#include "operators/operator.h"
namespace ModSecurity {
namespace operators {
bool GeoLookup::evaluate(Assay *assay) {
/**
* @todo Implement the operator GeoLookup.
* Reference: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#geolookup
*/
return true;
}
GeoLookup::GeoLookup(std::string op, std::string param,
bool negation)
: Operator() {
this->op = op;
this->param = param;
}
} // namespace operators
} // namespace ModSecurity

8
src/operators/operator.cc
View File

@@ -34,7 +34,7 @@
#include "operators/verify_cc.h"
#include "operators/verify_cpf.h"
#include "operators/verify_ssn.h"
#include "operators/geolookup.h"
#include "operators/geo_lookup.h"
#include "operators/gsblookup.h"
#include "operators/rsub.h"
#include "operators/within.h"
@@ -68,6 +68,12 @@ Operator::Operator() {
}
bool Operator::debug(Assay *assay, int x, std::string a) {
assay->debug(x, a);
return true;
}
Operator::Operator(std::string op, std::string param, bool negation) {
this->op = op;
this->param = param;

1
src/operators/operator.h
View File

@@ -39,6 +39,7 @@ class Operator {
virtual bool evaluate(Assay *assay, const std::string &str);
static Operator *instantiate(std::string op);
protected:
bool debug(Assay *assay, int x, std::string a);
};
} // namespace operators

8
src/parser/seclang-parser.yy
View File

@@ -18,6 +18,7 @@ class Driver;
#include "variable_duration.h"
#include "variable_env.h"
#include "variable_modsec_build.h"
#include "utils/geo_lookup.h"
using ModSecurity::actions::Action;
using ModSecurity::actions::transformations::Transformation;
@@ -27,6 +28,7 @@ using ModSecurity::VariableDuration;
using ModSecurity::VariableEnv;
using ModSecurity::VariableModsecBuild;
using ModSecurity::Rule;
using ModSecurity::Utils::GeoLookup;
}
// The parsing context.
@@ -90,6 +92,8 @@ using ModSecurity::Rule;
%token <std::string> RUN_TIME_VAR_ENV
%token <std::string> RUN_TIME_VAR_BLD
%token <std::string> CONFIG_DIR_GEO_DB
%token <std::string> OPERATOR
%token <std::string> ACTION
%token <std::string> TRANSFORMATION
@@ -238,6 +242,10 @@ expression:
driver.debug_log_path = $1;
}
/* Debug log: end */
| CONFIG_DIR_GEO_DB
{
GeoLookup::getInstance().setDataBase($1);
}
variables:
variables PIPE VARIABLE

6
src/parser/seclang-scanner.ll
View File

@@ -23,6 +23,7 @@ DIRECTIVE SecRule
CONFIG_DIRECTIVE SecRequestBodyLimitAction|SecRequestBodyNoFilesLimit|SecRequestBodyInMemoryLimit|SecRequestBodyLimit|SecPcreMatchLimitRecursion|SecPcreMatchLimit|SecResponseBodyMimeType|SecResponseBodyLimitAction|SecResponseBodyLimit|SecTmpDir|SecDataDir|SecArgumentSeparator|SecCookieFormat|SecStatusEngine
CONFIG_DIR_GEO_DB (?i:SecGeoLookupDb)
CONFIG_DIR_RULE_ENG SecRuleEngine
CONFIG_DIR_REQ_BODY SecRequestBodyAccess
@@ -56,7 +57,7 @@ OPERATORNOARG (?i:@detectSQLi|@detectXSS|@geoLookup|@validateUrlEncoding|@valida
TRANSFORMATION t:(lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim)
VARIABLE (?i:FULL_REQUEST|FILES|AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX)
VARIABLE (?i:FULL_REQUEST|FILES|AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX|GEO)
RUN_TIME_VAR_DUR (?i:DURATION)
RUN_TIME_VAR_ENV (?i:ENV)
RUN_TIME_VAR_BLD (?i:MODSEC_BUILD)
@@ -75,6 +76,7 @@ AUDIT_PARTS [ABCDEFHJKZ]+
CONFIG_VALUE_NUMBER [0-9]+
FREE_TEXT [^\"]+
FREE_TEXT_NEW_LINE [^\"|\n]+
%{
// Code run each time a pattern is matched.
@@ -115,6 +117,8 @@ FREE_TEXT [^\"]+
{RUN_TIME_VAR_ENV}:?{DICT_ELEMENT}? { return yy::seclang_parser::make_RUN_TIME_VAR_ENV(yytext, loc); }
{RUN_TIME_VAR_BLD} { return yy::seclang_parser::make_RUN_TIME_VAR_BLD(yytext, loc); }
%{ /* Geo DB loopkup */ %}
{CONFIG_DIR_GEO_DB}[ ]{FREE_TEXT_NEW_LINE} { return yy::seclang_parser::make_CONFIG_DIR_GEO_DB(strchr(yytext, ' ') + 1, loc); }
{CONFIG_COMPONENT_SIG}[ ]["]{FREE_TEXT}["] { return yy::seclang_parser::make_CONFIG_COMPONENT_SIG(strchr(yytext, ' ') + 2, loc); }

62
src/utils/geo_lookup.cc Normal file
View File

@@ -0,0 +1,62 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <string>
#include <fstream>
#include <iostream>
#include "utils/geo_lookup.h"
#include <GeoIPCity.h>
namespace ModSecurity {
namespace Utils {
bool GeoLookup::setDataBase(std::string file_path) {
m_gi = GeoIP_open(file_path.c_str(), GEOIP_INDEX_CACHE);
if (m_gi == NULL) {
return false;
}
return true;
}
bool GeoLookup::lookup(const std::string& target, GeoIPRecord **gir,
std::function<bool(int, std::string)> debug) {
if (m_gi == NULL) {
debug(4, "GeoIP: Database is not open. Use: SecGeoLookupDb directive.");
return false;
}
*gir = GeoIP_record_by_name(m_gi, target.c_str());
if (*gir == NULL) {
return false;
}
return true;
}
} // namespace Utils
} // namespace ModSecurity

56
src/utils/geo_lookup.h Normal file
View File

@@ -0,0 +1,56 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <iostream>
#include <fstream>
#include <string>
#include <functional>
#include <GeoIPCity.h>
#ifndef SRC_UTILS_GEO_LOOKUP_H_
#define SRC_UTILS_GEO_LOOKUP_H_
#include "modsecurity/assay.h"
namespace ModSecurity {
namespace Utils {
class GeoLookup {
public:
static GeoLookup& getInstance() {
static GeoLookup instance;
return instance;
}
bool setDataBase(std::string file_path);
bool lookup(const std::string& target, GeoIPRecord **georec,
std::function<bool(int, std::string)> callback);
private:
GeoLookup() : m_gi(NULL) {}
GeoLookup(GeoLookup const&);
void operator=(GeoLookup const&);
GeoIP *m_gi;
};
} // namespace Utils
} // namespace ModSecurity
#endif // SRC_UTILS_GEO_LOOKUP_H_