Adds support to @ipMatch operator

2025-08-14 05:45:59 +03:00 · 2015-07-30 20:57:23 -03:00 · 2015-07-30 20:57:23 -03:00 · f811ec6518
commit f811ec6518
parent bf0169b528
8 changed files with 1402 additions and 14 deletions
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -99,7 +99,9 @@ ACTIONS = \
 UTILS = \
 	utils/geo_lookup.cc \
 	utils/https_client.cc \
+	utils/ip_tree.cc \
 	utils/md5.cc \
+	utils/msc_tree.cc \
 	utils/sha1.cc


--- a/src/operators/ip_match.cc
+++ b/src/operators/ip_match.cc
@ -15,29 +15,32 @@

 #include "operators/ip_match.h"

+#include <string.h>
 #include <string>

+#include "utils/msc_tree.h"
 #include "operators/operator.h"

 namespace ModSecurity {
 namespace operators {

-bool IpMatch::evaluate(Assay *assay) {
-    /**
-     * @todo Implement the operator IpMatch.
-     *       Reference: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#ipmatch
-     */

-    return true;
+bool IpMatch::init(const char **error) {
+    std::string e("");
+    bool res = m_tree.addFromBuffer(param, &e);
+
+    if (res == false) {
+        *error = e.c_str();
+    }
+
+    return res;
 }


-IpMatch::IpMatch(std::string op, std::string param,
-    bool negation)
-    : Operator() {
-    this->op = op;
-    this->param = param;
+bool IpMatch::evaluate(Assay *assay, const std::string &input) {
+    return m_tree.contains(input);
 }

+
 }  // namespace operators
 }  // namespace ModSecurity
--- a/src/operators/ip_match.h
+++ b/src/operators/ip_match.h
@ -19,6 +19,7 @@
 #include <string>

 #include "operators/operator.h"
+#include "utils/ip_tree.h"

 #ifdef __cplusplus
 namespace ModSecurity {
@ -27,8 +28,15 @@ namespace operators {
 class IpMatch : public Operator {
 public:
    /** @ingroup ModSecurity_Operator */
-    IpMatch(std::string o, std::string p, bool i);
-    bool evaluate(Assay *assay);
+    IpMatch(std::string op, std::string param, bool negation)
+        : Operator(op, param, negation) { }
+
+    bool evaluate(Assay *assay, const std::string &input);
+
+    bool init(const char **error);
+
+ private:
+    Utils::IpTree m_tree;
 };

 }  // namespace operators
--- a/src/utils/ip_tree.cc
+++ b/src/utils/ip_tree.cc
@ -0,0 +1,121 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "utils/ip_tree.h"
+
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <string>
+
+#include <fstream>
+#include <iostream>
+
+#include "utils/geo_lookup.h"
+
+namespace ModSecurity {
+namespace Utils {
+
+void IpTree::postOrderTraversal(TreeNode *node) {
+    if (node == NULL) {
+        return;
+    }
+
+    postOrderTraversal(node->left);
+    postOrderTraversal(node->right);
+
+    if (node->netmasks) {
+        delete node->netmasks;
+        node->netmasks = NULL;
+    }
+    if (node->prefix) {
+        if (node->prefix->buffer) {
+            delete node->prefix->buffer;
+            node->prefix->buffer = NULL;
+        }
+        if (node->prefix->prefix_data) {
+            delete node->prefix->prefix_data;
+            node->prefix->prefix_data = NULL;
+        }
+        delete node->prefix;
+        node->prefix = NULL;
+    }
+    delete node;
+    node = NULL;
+}
+
+IpTree::~IpTree() {
+    if (m_tree != NULL) {
+        if (m_tree->ipv4_tree != NULL) {
+            // Tree_traversal: Post-order to delete all the items.
+            postOrderTraversal(m_tree->ipv4_tree->head);
+            delete m_tree->ipv4_tree;
+            m_tree->ipv4_tree = NULL;
+        }
+        if (m_tree->ipv6_tree != NULL) {
+            // Tree_traversal: Post-order to delete all the items.
+            postOrderTraversal(m_tree->ipv6_tree->head);
+            delete m_tree->ipv6_tree;
+            m_tree->ipv6_tree = NULL;
+        }
+
+        delete m_tree;
+        m_tree = NULL;
+    }
+}
+
+
+bool IpTree::addFromBuffer(const std::string& buffer, std::string *error) {
+    char *error_msg = NULL;
+    std::stringstream ss;
+    std::string line;
+    ss << buffer;
+    int res = 0;
+
+    for (std::string line; std::getline(ss, line); ) {
+        res = ip_tree_from_param(buffer.c_str(), &m_tree, &error_msg);
+        if (res != 0) {
+            if (error_msg != NULL) {
+                error->assign(error_msg);
+            }
+            return false;
+        }
+    }
+
+    return true;
+}
+
+
+bool IpTree::contains(const std::string& ip) {
+    int res = 0;
+    char *error_msg = NULL;
+
+    res = tree_contains_ip(m_tree, ip.c_str(), &error_msg);
+
+    if (res < 0) {
+        return false;
+    }
+
+    if (res > 0) {
+        return true;
+    }
+
+    return false;
+}
+
+
+}  // namespace Utils
+}  // namespace ModSecurity
--- a/src/utils/ip_tree.h
+++ b/src/utils/ip_tree.h
@ -0,0 +1,50 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <iostream>
+#include <fstream>
+#include <string>
+#include <functional>
+
+#include <GeoIPCity.h>
+
+#ifndef SRC_UTILS_IP_TREE_H_
+#define SRC_UTILS_IP_TREE_H_
+
+#include "modsecurity/assay.h"
+#include "utils/msc_tree.h"
+
+namespace ModSecurity {
+namespace Utils {
+
+
+class IpTree {
+ public:
+    IpTree()
+        : m_tree(NULL) { }
+    ~IpTree();
+
+    bool contains(const std::string &ip);
+    bool addFromBuffer(const std::string& buffer, std::string *error);
+    void postOrderTraversal(TreeNode *node);
+ private:
+    TreeRoot *m_tree;
+};
+
+
+}  // namespace Utils
+}  // namespace ModSecurity
+
+#endif  // SRC_UTILS_IP_TREE_H_
--- a/src/utils/msc_tree.cc
+++ b/src/utils/msc_tree.cc
--- a/src/utils/msc_tree.h
+++ b/src/utils/msc_tree.h
@ -0,0 +1,104 @@
+/*
+* ModSecurity for Apache 2.x, http://www.modsecurity.org/
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+*
+* You may not use this file except in compliance with
+* the License.  You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* If any of the files related to licensing are missing or if you have any
+* other questions related to licensing please contact Trustwave Holdings, Inc.
+* directly using the email address security@modsecurity.org.
+*/
+
+
+/*
+ *
+ * TODO: This is an improved copy of the ModSecurity 2.9 file, this may need
+ * some other enhancements and/or fixes.
+ *
+ */
+
+#ifndef SRC_UTILS_MSC_TREE_H_
+#define SRC_UTILS_MSC_TREE_H_
+
+
+typedef struct CPTData CPTData;
+typedef struct TreePrefix TreePrefix;
+typedef struct TreeNode TreeNode;
+typedef struct CPTTree CPTTree;
+typedef struct TreeRoot TreeRoot;
+
+#define IPV4_TREE 0x1
+#define IPV6_TREE 0x2
+
+#define IPV4_LEN 0x20
+#define IPV6_LEN 0x80
+
+#define TREE_CHECK(x, y) ((x) & (y))
+#define MASK_BITS(x) ((x + 1) * 8)
+#define SHIFT_LEFT_MASK(x) ((-1) << (x))
+#define SHIFT_RIGHT_MASK(x,y) ((x) >> (y))
+
+#define NETMASK_256 0x100
+#define NETMASK_128 0x80
+#define NETMASK_64  0x40
+#define NETMASK_32 0x20
+#define NETMASK_16 0x10
+#define NETMASK_8  0x8
+#define NETMASK_4  0x4
+#define NETMASK_2  0x2
+
+#define FALSE 0
+#define TRUE 1
+
+extern "C" {
+
+struct CPTData {
+    unsigned char netmask;
+    struct CPTData *next;
+};
+
+struct TreePrefix {
+    unsigned char *buffer;
+    unsigned int bitlen;
+    CPTData *prefix_data;
+};
+
+struct TreeNode {
+    unsigned int bit;
+    int count;
+    unsigned char *netmasks;
+    TreePrefix *prefix;
+    struct TreeNode *left, *right;
+    struct TreeNode *parent;
+};
+
+struct CPTTree {
+    int count;
+    TreeNode *head;
+};
+
+struct TreeRoot {
+    CPTTree *ipv4_tree;
+    CPTTree *ipv6_tree;
+};
+
+CPTTree *CPTCreateRadixTree();
+TreeNode *CPTIpMatch(unsigned char *ipdata, CPTTree *tree, int type);
+TreeNode *TreeAddIP(const char *buffer, CPTTree *tree, int type);
+
+unsigned char is_netmask_v4(char *ip_strv4);
+
+unsigned char is_netmask_v6(char *ip_strv6);
+
+/** @ingroup ModSecurity_Legacy */
+int tree_contains_ip(TreeRoot *rtree,
+    const char *value, char **error_msg);
+
+int ip_tree_from_param(const char *param, TreeRoot **rtree, char **error_msg);
+int create_radix_tree(TreeRoot **rtree, char **error_msg);
+}
+
+#endif  // SRC_UTILS_MSC_TREE_H_
--- a/test/unit/unit.cc
+++ b/test/unit/unit.cc
@ -122,7 +122,6 @@ int main(int argc, char **argv) {
        }
        delete vec;
    }
-
 }