mirror of
https://github.com/openappsec/openappsec.git
synced 2025-06-28 16:41:02 +03:00
112 lines
3.8 KiB
C++
Executable File
112 lines
3.8 KiB
C++
Executable File
// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
#pragma once
|
|
#include <vector>
|
|
#include <map>
|
|
#include <cereal/types/vector.hpp>
|
|
#include <cereal/types/map.hpp>
|
|
#include "debug.h"
|
|
|
|
USE_DEBUG_FLAG(D_WAAP);
|
|
|
|
// used to load trusted sources policy
|
|
namespace Waap {
|
|
namespace TrustedSources {
|
|
|
|
enum TrustedSourceType {
|
|
UNKNOWN,
|
|
SOURCE_IP,
|
|
X_FORWARDED_FOR,
|
|
COOKIE_OAUTH2_PROXY,
|
|
SM_USER
|
|
};
|
|
|
|
class Identifer
|
|
{
|
|
public:
|
|
Identifer();
|
|
|
|
template <typename _A>
|
|
void serialize(_A& ar) {
|
|
std::string temp;
|
|
ar(cereal::make_nvp("sourceIdentifier", temp),
|
|
cereal::make_nvp("value", value));
|
|
identitySource = convertSourceIdentifierToEnum(temp);
|
|
if (identitySource == UNKNOWN)
|
|
{
|
|
dbgDebug(D_WAAP) << "loaded " << temp << " from policy is not a recognized source identifier";
|
|
}
|
|
}
|
|
|
|
static TrustedSourceType convertSourceIdentifierToEnum(std::string identifierType);
|
|
|
|
TrustedSourceType identitySource;
|
|
std::string value;
|
|
};
|
|
|
|
class SourcesIdentifers
|
|
{
|
|
public:
|
|
template <typename _A>
|
|
void serialize(_A& ar) {
|
|
std::vector<Identifer> identifiers;
|
|
ar(cereal::make_nvp("sourcesIdentifiers", identifiers),
|
|
cereal::make_nvp("numOfSources", m_minSources));
|
|
for (auto identifier : identifiers)
|
|
{
|
|
if (identifier.identitySource != UNKNOWN)
|
|
{
|
|
m_identifiersMap[identifier.identitySource].push_back(identifier.value);
|
|
m_trustedTypes.insert(identifier.identitySource);
|
|
}
|
|
}
|
|
}
|
|
|
|
bool isCidrMatch(const std::string &source, const TrustedSourceType &type) const;
|
|
bool isRegexMatch(const std::string &source, const TrustedSourceType& type) const;
|
|
size_t getNumOfSources() const;
|
|
const std::set<TrustedSourceType>& getTrustedTypes();
|
|
|
|
inline bool operator!=(const SourcesIdentifers& other) const;
|
|
private:
|
|
std::map<TrustedSourceType, std::vector<std::string>> m_identifiersMap;
|
|
std::set<TrustedSourceType> m_trustedTypes;
|
|
size_t m_minSources;
|
|
};
|
|
|
|
class TrustedSourcesParameter
|
|
{
|
|
public:
|
|
template <typename _A>
|
|
TrustedSourcesParameter(_A& ar) {
|
|
ar(cereal::make_nvp("trustedSources", m_identifiers));
|
|
}
|
|
|
|
TrustedSourcesParameter();
|
|
|
|
template <class Archive>
|
|
void serialize(Archive& ar) {
|
|
ar(cereal::make_nvp("trustedSources", m_identifiers));
|
|
}
|
|
bool isSourceTrusted(std::string source, TrustedSourceType srcType);
|
|
size_t getNumOfSources();
|
|
std::set<TrustedSourceType> getTrustedTypes();
|
|
bool operator==(const TrustedSourcesParameter &other) const;
|
|
bool operator!=(const TrustedSourcesParameter& other) const;
|
|
private:
|
|
std::vector<SourcesIdentifers> m_identifiers;
|
|
};
|
|
}
|
|
}
|