|
Packit Service |
384592 |
/*
|
|
Packit Service |
384592 |
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
|
Packit Service |
384592 |
* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
|
Packit Service |
384592 |
*
|
|
Packit Service |
384592 |
* You may not use this file except in compliance with
|
|
Packit Service |
384592 |
* the License. You may obtain a copy of the License at
|
|
Packit Service |
384592 |
*
|
|
Packit Service |
384592 |
* http://www.apache.org/licenses/LICENSE-2.0
|
|
Packit Service |
384592 |
*
|
|
Packit Service |
384592 |
* If any of the files related to licensing are missing or if you have any
|
|
Packit Service |
384592 |
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
|
Packit Service |
384592 |
* directly using the email address security@modsecurity.org.
|
|
Packit Service |
384592 |
*/
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* This is just an example on how to make an extension to allow custom
|
|
Packit Service |
384592 |
* request body parsing. This just describes how to do this externally
|
|
Packit Service |
384592 |
* and you should look more at on e of the internal parsers to see
|
|
Packit Service |
384592 |
* the full potential.
|
|
Packit Service |
384592 |
*
|
|
Packit Service |
384592 |
* This module defines "EXAMPLE" and can be enabled with a rule like this:
|
|
Packit Service |
384592 |
*
|
|
Packit Service |
384592 |
* SecAction "phase:1,pass,nolog,ctl:requestBodyProcessor=EXAMPLE"
|
|
Packit Service |
384592 |
*
|
|
Packit Service |
384592 |
* See these for real parsers:
|
|
Packit Service |
384592 |
* msc_reqbody.c
|
|
Packit Service |
384592 |
* msc_multipart.c
|
|
Packit Service |
384592 |
* msc_xml.c
|
|
Packit Service |
384592 |
*/
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#include "httpd.h"
|
|
Packit Service |
384592 |
#include "http_core.h"
|
|
Packit Service |
384592 |
#include "http_config.h"
|
|
Packit Service |
384592 |
#include "http_log.h"
|
|
Packit Service |
384592 |
#include "http_protocol.h"
|
|
Packit Service |
384592 |
#include "ap_config.h"
|
|
Packit Service |
384592 |
#include "apr_optional.h"
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#include "modsecurity.h"
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
typedef struct example_ctx {
|
|
Packit Service |
384592 |
unsigned long length;
|
|
Packit Service |
384592 |
} example_ctx;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/**
|
|
Packit Service |
384592 |
* This function will be invoked to initialize the processor. This is
|
|
Packit Service |
384592 |
* probably only needed for streaming parsers that must create a context.
|
|
Packit Service |
384592 |
*/
|
|
Packit Service |
384592 |
static int example_init(modsec_rec *msr, char **error_msg)
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
if (error_msg == NULL) return -1;
|
|
Packit Service |
384592 |
*error_msg = NULL;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
ap_log_error(APLOG_MARK, APLOG_INFO | APLOG_NOERRNO, 0, NULL,
|
|
Packit Service |
384592 |
"mod_reqbody_example: init()");
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
msr->reqbody_processor_ctx = apr_pcalloc(msr->mp, sizeof(example_ctx));
|
|
Packit Service |
384592 |
if (msr->reqbody_processor_ctx == NULL) {
|
|
Packit Service |
384592 |
/* Set error message and return -1 if unsuccessful */
|
|
Packit Service |
384592 |
*error_msg = apr_pstrdup(msr->mp, "failed to create example requbody processor context");
|
|
Packit Service |
384592 |
return -1;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* Return 1 on success */
|
|
Packit Service |
384592 |
return 1;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/**
|
|
Packit Service |
384592 |
* This function will be invoked whenever the ModSecurity has data to
|
|
Packit Service |
384592 |
* be processed. You probably at least need to increment the no_files
|
|
Packit Service |
384592 |
* length, but otherwise this is only useful for a streaming parser.
|
|
Packit Service |
384592 |
*/
|
|
Packit Service |
384592 |
static int example_process(modsec_rec *msr,
|
|
Packit Service |
384592 |
const char *buf, unsigned int size, char **error_msg)
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
example_ctx *ctx = (example_ctx *)msr->reqbody_processor_ctx;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if (error_msg == NULL) return -1;
|
|
Packit Service |
384592 |
*error_msg = NULL;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
ap_log_error(APLOG_MARK, APLOG_INFO | APLOG_NOERRNO, 0, NULL,
|
|
Packit Service |
384592 |
"mod_reqbody_example: process()");
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* Need to increment the no_files length if this is not an uploaded file.
|
|
Packit Service |
384592 |
* Failing to do this will mess up some other limit checks.
|
|
Packit Service |
384592 |
*/
|
|
Packit Service |
384592 |
msr->msc_reqbody_no_files_length += size;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* Check for an existing context and do something interesting
|
|
Packit Service |
384592 |
* with the chunk of data we have been given.
|
|
Packit Service |
384592 |
*/
|
|
Packit Service |
384592 |
if (ctx != NULL) {
|
|
Packit Service |
384592 |
ctx->length += size;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* Return 1 on success */
|
|
Packit Service |
384592 |
return 1;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/**
|
|
Packit Service |
384592 |
* This function is called to signal the parser that the request body is
|
|
Packit Service |
384592 |
* complete. Here you should do any final parsing. For non-streaming parsers
|
|
Packit Service |
384592 |
* you can parse the data in msr->msc_reqbody_buffer of length
|
|
Packit Service |
384592 |
* msr->msc_reqbody_length. See modsecurity_request_body_end_urlencoded() in
|
|
Packit Service |
384592 |
* msc_reqbody.c for an example of this.
|
|
Packit Service |
384592 |
*/
|
|
Packit Service |
384592 |
static int example_complete(modsec_rec *msr, char **error_msg)
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
example_ctx *ctx = (example_ctx *)msr->reqbody_processor_ctx;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if (error_msg == NULL) return -1;
|
|
Packit Service |
384592 |
*error_msg = NULL;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
ap_log_error(APLOG_MARK, APLOG_INFO | APLOG_NOERRNO, 0, NULL,
|
|
Packit Service |
384592 |
"mod_reqbody_example: complete()");
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
ap_log_error(APLOG_MARK, APLOG_INFO | APLOG_NOERRNO, 0, NULL,
|
|
Packit Service |
384592 |
"mod_reqbody_example: request body length=%lu", ctx->length);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* Return 1 on success */
|
|
Packit Service |
384592 |
return 1;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
static int hook_pre_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_temp) {
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
void (*fn)(const char *name,
|
|
Packit Service |
384592 |
void *fn_init, void *fn_process, void *fn_complete);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* Look for the registration function exported by ModSecurity. */
|
|
Packit Service |
384592 |
fn = APR_RETRIEVE_OPTIONAL_FN(modsec_register_reqbody_processor);
|
|
Packit Service |
384592 |
if (fn) {
|
|
Packit Service |
384592 |
/* Use it to register our new request body parser functions under
|
|
Packit Service |
384592 |
* the name "EXAMPLE".
|
|
Packit Service |
384592 |
*/
|
|
Packit Service |
384592 |
fn("EXAMPLE",
|
|
Packit Service |
384592 |
(void *)example_init,
|
|
Packit Service |
384592 |
(void *)example_process,
|
|
Packit Service |
384592 |
(void *)example_complete);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
else {
|
|
Packit Service |
384592 |
ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, 0, NULL,
|
|
Packit Service |
384592 |
"mod_reqbody_example: Unable to find modsec_register_reqbody_processor.");
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
return OK;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* This is a function to register another function to be called during
|
|
Packit Service |
384592 |
* the Apache configuration process.
|
|
Packit Service |
384592 |
*/
|
|
Packit Service |
384592 |
static void register_hooks(apr_pool_t *p) {
|
|
Packit Service |
384592 |
ap_hook_pre_config(hook_pre_config, NULL, NULL, APR_HOOK_LAST);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* Dispatch list for API hooks */
|
|
Packit Service |
384592 |
module AP_MODULE_DECLARE_DATA reqbody_example_module = {
|
|
Packit Service |
384592 |
STANDARD20_MODULE_STUFF,
|
|
Packit Service |
384592 |
NULL, /* create per-dir config structures */
|
|
Packit Service |
384592 |
NULL, /* merge per-dir config structures */
|
|
Packit Service |
384592 |
NULL, /* create per-server config structures */
|
|
Packit Service |
384592 |
NULL, /* merge per-server config structures */
|
|
Packit Service |
384592 |
NULL, /* table of config file commands */
|
|
Packit Service |
384592 |
register_hooks /* register hooks */
|
|
Packit Service |
384592 |
};
|
|
Packit Service |
384592 |
|