From e1f52a1cf24fc79d85591b79d27a8acd56808bbf Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <fcosta@trustwave.com>
Date: Sat, 10 Jun 2017 09:17:21 -0300
Subject: [PATCH] Adds using bodies in chunks example

---
 examples/Makefile.am                          |   5 +-
 examples/using_bodies_in_chunks/Makefile.am   |  41 +++
 examples/using_bodies_in_chunks/example.conf  |   3 +
 .../using_bodies_in_chunks/simple_request.cc  | 243 ++++++++++++++++++
 4 files changed, 290 insertions(+), 2 deletions(-)
 create mode 100644 examples/using_bodies_in_chunks/Makefile.am
 create mode 100644 examples/using_bodies_in_chunks/example.conf
 create mode 100644 examples/using_bodies_in_chunks/simple_request.cc

diff --git a/examples/Makefile.am b/examples/Makefile.am
index 669fb01e..609cb93e 100644
--- a/examples/Makefile.am
+++ b/examples/Makefile.am
@@ -3,10 +3,11 @@ ACLOCAL_AMFLAGS = -I build
 
 
 SUBDIRS = \
-	simple_example_using_c \
 	multiprocess_c \
 	reading_logs_with_offset \
-	reading_logs_via_rule_message
+	reading_logs_via_rule_message \
+	simple_example_using_c \
+	using_bodies_in_chunks
 
 pkginclude_HEADERS = \
 	reading_logs_via_rule_message/reading_logs_via_rule_message.h
diff --git a/examples/using_bodies_in_chunks/Makefile.am b/examples/using_bodies_in_chunks/Makefile.am
new file mode 100644
index 00000000..e52a0a2e
--- /dev/null
+++ b/examples/using_bodies_in_chunks/Makefile.am
@@ -0,0 +1,41 @@
+
+
+noinst_PROGRAMS = simple_request
+
+simple_request_SOURCES = \
+	simple_request.cc
+
+simple_request_LDADD = \
+	$(top_builddir)/src/.libs/libmodsecurity.a \
+	-lpthread \
+	$(CURL_LDADD) \
+	$(GEOIP_LDFLAGS) $(GEOIP_LDADD) \
+	$(PCRE_LDADD) \
+	$(YAJL_LDFLAGS) $(YAJL_LDADD) \
+	$(LMDB_LDFLAGS) $(LMDB_LDADD) \
+	$(LIBXML2_LDADD) \
+	$(GLOBAL_LDADD)
+
+
+simple_request_CPPFLAGS = \
+	$(GLOBAL_CFLAGS) \
+	-std=c++11 \
+	-I$(top_builddir)/headers \
+	-I$(top_builddir) \
+	-g \
+	-I../others \
+	-fPIC \
+	-O3 \
+	$(GEOIP_CFLAGS) \
+	$(GLOBAL_CPPFLAGS) \
+	$(MODSEC_NO_LOGS) \
+	$(YAJL_CFLAGS) \
+	$(LMDB_CFLAGS) \
+	$(PCRE_CFLAGS) \
+	$(LIBXML2_CFLAGS)
+
+
+MAINTAINERCLEANFILES = \
+	Makefile.in
+
+
diff --git a/examples/using_bodies_in_chunks/example.conf b/examples/using_bodies_in_chunks/example.conf
new file mode 100644
index 00000000..56de526b
--- /dev/null
+++ b/examples/using_bodies_in_chunks/example.conf
@@ -0,0 +1,3 @@
+SecDebugLog /dev/stdout
+SecDebugLogLevel 9
+SecRule RESPONSE_BODY "/soap:Body" "id:1,phase:5,deny"
diff --git a/examples/using_bodies_in_chunks/simple_request.cc b/examples/using_bodies_in_chunks/simple_request.cc
new file mode 100644
index 00000000..fab738ab
--- /dev/null
+++ b/examples/using_bodies_in_chunks/simple_request.cc
@@ -0,0 +1,243 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <string>
+#include <memory>
+
+#include <unistd.h>
+
+#include <modsecurity/modsecurity.h>
+#include <modsecurity/rules.h>
+#include <modsecurity/rule_message.h>
+
+
+
+char request_uri[] = "/test.pl?param1=test&para2=test2";
+
+char request_body_first[] = "" \
+    "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n\r" \
+    "<soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " \
+    "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" ";
+char request_body_second[] = "" \
+    "xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">\n\r" \
+    "  <soap:Body>\n\r" \
+    "  <EnlightenResponse xmlns=\"http://clearforest.com/\">\n\r" \
+    "  <EnlightenResult>string</EnlightenResult>\n\r";
+char request_body_third[] = "" \
+    "  </EnlightenResponse>\n\r" \
+    "  </soap:Body>\n\r" \
+    "</soap:Envelope>\n\r";
+
+
+char response_body_first[] = "" \
+    "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n\r" \
+    "<soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " \
+    "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" ";
+char response_body_second[] = "" \
+    "xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">\n\r" \
+    "  <soap:Body>\n\r" \
+    "  <EnlightenResponse xmlns=\"http://clearforest.com/\">\n\r" \
+    "  <EnlightenResult>string</EnlightenResult>\n\r";
+char response_body_third[] = "" \
+    "  </EnlightenResponse>\n\r" \
+    "  </soap:Body>\n\r" \
+    "</soap:Envelope>\n\r";
+
+char ip[] = "200.249.12.31";
+
+static void logCb(void *data, const void *ruleMessagev) {
+    if (ruleMessagev == NULL) {
+        std::cout << "I've got a call but the message was null ;(";
+        std::cout << std::endl;
+        return;
+    }
+
+    const modsecurity::RuleMessage *ruleMessage = \
+        reinterpret_cast<const modsecurity::RuleMessage *>(ruleMessagev);
+
+    std::cout << "Rule Id: " << std::to_string(ruleMessage->m_ruleId);
+    std::cout << " phase: " << std::to_string(ruleMessage->m_phase);
+    std::cout << std::endl;
+    if (ruleMessage->m_isDisruptive) {
+        std::cout << " * Disruptive action: ";
+        std::cout << modsecurity::RuleMessage::log(ruleMessage);
+        std::cout << std::endl;
+        std::cout << " ** %d is meant to be informed by the webserver.";
+        std::cout << std::endl;
+    } else {
+        std::cout << " * Match, but no disruptive action: ";
+        std::cout << modsecurity::RuleMessage::log(ruleMessage);
+        std::cout << std::endl;
+    }
+}
+
+
+int main(int argc, char **argv) {
+    modsecurity::ModSecurity *modsec;
+    modsecurity::Rules *rules;
+    modsecurity::ModSecurityIntervention it;
+
+    *argv++;
+    if (*argv == NULL) {
+        *argv--;
+        std::cout << "Use " << *argv << " test-case-file.conf";
+        std::cout << std::endl << std::endl;
+        return -1;
+    }
+
+    std::string rules_arg(*argv);
+
+    /**
+     * ModSecurity initial setup
+     *
+     */
+    modsec = new modsecurity::ModSecurity();
+    modsec->setConnectorInformation("ModSecurity-test v0.0.1-alpha" \
+        " (ModSecurity test)");
+    modsec->setServerLogCb(logCb, modsecurity::RuleMessageLogProperty
+        | modsecurity::IncludeFullHighlightLogProperty);
+
+    /**
+     * loading the rules....
+     *
+     */
+    rules = new modsecurity::Rules();
+    if (rules->loadFromUri(rules_arg.c_str()) < 0) {
+        std::cout << "Problems loading the rules..." << std::endl;
+        std::cout << rules->m_parserError.str() << std::endl;
+        return -1;
+    }
+
+
+    /**
+     * We are going to have a transaction
+     *
+     */
+    modsecurity::Transaction *modsecTransaction = \
+        new modsecurity::Transaction(modsec, rules, NULL);
+    // TODO: verify if there is any disruptive action.
+
+    /**
+     * Initial connection setup
+     *
+     */
+    modsecTransaction->processConnection(ip, 12345, "127.0.0.1", 80);
+    // TODO: verify if there is any disruptive action.
+
+    /**
+     * Finally we've got the URI
+     *
+     */
+    modsecTransaction->processURI(request_uri, "GET", "1.1");
+    // TODO: verify if there is any disruptive action.
+
+    /**
+     * Lets add our request headers.
+     *
+     */
+    modsecTransaction->addRequestHeader("Host",
+        "net.tutsplus.com");
+    // TODO: verify if there is any disruptive action.
+
+    /**
+     * No other reuqest header to add, let process it.
+     *
+     */
+    modsecTransaction->processRequestHeaders();
+    // TODO: verify if there is any disruptive action.
+
+    /**
+     * There is a request body to be informed...
+     *
+     */
+    modsecTransaction->appendRequestBody(
+        (const unsigned char*)request_body_first,
+        strlen((const char*)request_body_first));
+    // TODO: verify if there is any disruptive action.
+
+    modsecTransaction->appendRequestBody(
+        (const unsigned char*)request_body_second,
+        strlen((const char*)request_body_second));
+    // TODO: verify if there is any disruptive action.
+
+    modsecTransaction->appendRequestBody(
+        (const unsigned char*)request_body_third,
+        strlen((const char*)request_body_third));
+    // TODO: verify if there is any disruptive action.
+
+    /**
+     * Request body is there ;) lets process it.
+     *
+     */
+    modsecTransaction->processRequestBody();
+    // TODO: verify if there is any disruptive action.
+
+    /**
+     * The webserver is giving back the response headers.
+     */
+    modsecTransaction->addResponseHeader("HTTP/1.1",
+        "200 OK");
+    // TODO: verify if there is any disruptive action.
+
+    /**
+     * The response headers are filled in, lets process.
+     *
+     */
+    modsecTransaction->processResponseHeaders(200, "HTTP 1.2");
+    // TODO: verify if there is any disruptive action.
+
+    /**
+     * It is time to let modsec aware of the response body
+     *
+     */
+    modsecTransaction->appendResponseBody(
+        (const unsigned char*)response_body_first,
+        strlen((const char*)response_body_first));
+    // TODO: verify if there is any disruptive action.
+
+    modsecTransaction->appendResponseBody(
+        (const unsigned char*)response_body_second,
+        strlen((const char*)response_body_second));
+    // TODO: verify if there is any disruptive action.
+
+    modsecTransaction->appendResponseBody(
+        (const unsigned char*)response_body_third,
+        strlen((const char*)response_body_third));
+    // TODO: verify if there is any disruptive action.
+
+    /**
+     * Finally, lets have the response body processed.
+     *
+     */
+    modsecTransaction->processResponseBody();
+    // TODO: verify if there is any disruptive action.
+
+    /**
+     * Keeping track of everything: saving the logs.
+     *
+     */
+    modsecTransaction->processLogging();
+    // TODO: verify if there is any disruptive action.
+
+
+    /**
+     * cleanup.
+     */
+    delete modsecTransaction;
+    delete rules;
+    delete modsec;
+}