forked from Annihil/mod_defender
-
Notifications
You must be signed in to change notification settings - Fork 2
/
mod_defender.hpp
196 lines (167 loc) · 5 KB
/
mod_defender.hpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
/**
* \file mod_defender.hpp
* \author Kevin Guillemot
* \version 1.0
* \date 30/03/2018
* \license GPLv3
* \brief Header file of the mod_defender module
*/
#ifndef MOD_DEFENDER_HPP
#define MOD_DEFENDER_HPP
/*************************/
/* Inclusion of .H files */
/*************************/
#include <http_request.h>
#include <http_protocol.h>
#include <http_config.h>
#include <http_log.h>
#include <apr_strings.h>
#include <apr_lib.h>
#include <util_script.h>
#include "RuleParser.h"
#include "RuntimeScanner.hpp"
/*************/
/* Constants */
/*************/
/*---------------------------*/
/* MODULE-part needed macros */
/*---------------------------*/
/**
* Extra Apache 2.4+ C++ module declaration.
* Needed cause of C++ use.
*/
#ifdef APLOG_USE_MODULE
APLOG_USE_MODULE(defender);
#endif
extern module AP_MODULE_DECLARE_DATA defender_module;
/**
* \def MAX_BB_SIZE
* The maximum length of post body processed
*/
#define MAX_BB_SIZE 0x7FFFFFFF
/**
* \def CHUNK_CAPACITY
* The maximum length of a chunk
*/
#define CHUNK_CAPACITY 8192
/**
* \def IF_STATUS_NONE
* The status of the body to be processed
*/
#define IF_STATUS_NONE 0
/**
* \def IF_STATUS_WANTS_TO_RUN
* The status of the body to be processed
*/
#define IF_STATUS_WANTS_TO_RUN 1
/**
* \def IF_STATUS_COMPLETE
* The status of the body to be processed
*/
#define IF_STATUS_COMPLETE 2
/**
* \def SLASHES
* The slash as string, used to urlencode/decode
*/
#define SLASHES "/"
/**************/
/* Structures */
/**************/
/**
* \struct dir_config_t mod_defender.h
* Regroup all server directives in a structure
*/
typedef struct {
RuleParser *parser;
vector<pair<string, string>> tmpCheckRules;
vector<string> tmpBasicRules;
char *loc_path;
apr_file_t *matchlog_file;
apr_file_t *jsonmatchlog_file;
unsigned long requestBodyLimit;
bool libinjection_sql;
bool libinjection_xss;
bool defender;
bool learning;
bool extensive;
bool useenv;
} dir_config_t;
/**
* \struct chunk_t mod_defender.h
* Chunk structure used to save/restore brigades
*/
typedef struct {
char *data;
apr_size_t length;
unsigned int is_permanent;
} chunk_t;
/**
* \struct defender_t mod_defender.h
* Defender structure used to save/restore brigades
*/
typedef struct {
int fixups_done;
int body_error;
const char *body_error_msg;
unsigned int status;
unsigned int started_forwarding;
unsigned int stream_changed;
apr_size_t stream_input_length;
char *stream_input_data;
unsigned int if_seen_eos;
int body_chunk_position;
unsigned int body_chunk_offset;
apr_pool_t *body_pool;
apr_array_header_t *body_chunks;
chunk_t *body_chunk;
apr_size_t body_length;
chunk_t *body_chunk_current;
char *body_buffer;
unsigned int body_should_exist;
unsigned int body_read;
} defender_t;
/**
* \struct defender_config_t mod_defender.h
* Custom definition to hold any configuration data we may need.
*/
typedef struct {
RuntimeScanner *vpRuntimeScanner;
defender_t *def;
} defender_config_t;
/************************/
/* Functions signatures */
/************************/
/**
* \brief Initialize all variables used to forward request body.
* \param def Defender structure.
* \param char** Error message pointer.
* \param r Apache request structure to work on.
* \return apr_status_t Return status code of function.
*/
apr_status_t body_retrieve_start(defender_t *def, char **error_msg, request_rec *r);
/**
* \brief Retrieve stocked chunk of request body and return it.
* \param def Defender structure.
* \param chunk_t** List of chunks to add the chunk onto.
* \param nbytes Chunk max bytes length.
* \param char** Error message pointer.
* \param r Apache request structure to work on.
* \return apr_status_t Return status code of function.
*/
apr_status_t body_retrieve(defender_t *def, chunk_t **chunk, long int nbytes, char **error_msg, request_rec *r);
/**
* \brief Initialize all variables used to forward request body.
* \param def Defender structure.
* \param char** Error message pointer.
* \param r Apache request structure to work on.
* \param body_limit Value of requestBodyLimit directive, to not exceed.
* \return apr_status_t Return status code of function.
*/
apr_status_t read_request_body(defender_t *def, char **error_msg, request_rec *r, unsigned long body_limit);
/**
* \brief Initialize all variables used to forward request body.
* \param data Defender structure, as void*, called by apache hook.
* \return apr_status_t Return status code of function.
*/
apr_status_t body_clear(void *data);
#endif //MOD_DEFENDER_HPP