// In trainning mode, to save all request info
void saveRequestInfo(request_rec *r){
	int currentMaxParamsNum = 0;
	apr_off_t getSize = 0;
	apr_off_t postSize = 0;
	Params * getParams = getGetParams(r, &getSize);
	Params * postParams = getPostParms(r, &postSize);
	char * uri = r->uri;
	
	// Update max parameters number for a page
	currentMaxParamsNum = getSize + postSize;
	int maxInDB = select_max_parameter_num(uri);
	if(maxInDB == -1){
		// insert to DB
		insert_max_parameter_num(uri, currentMaxParamsNum);
	}else{
		if(currentMaxParamsNum > maxInDB){
			// update DB value
			update_max_parameter_num(uri, currentMaxParamsNum);
		}
	}
	
	// Save the record into DB
	int i = 0;
	for(i = 0; i< getSize; i++){
		// save get paramether info into DB
		insert_record_len(uri, getParams[i].key, getParams[i].length);
		
		// Update characters set for this parameter
		char * charSet = select_parameters_character_set(uri, getParams[i].key);
		if(charSet == NULL){
			// This is the first time to see this parameter
			insert_parameters(uri, getParams[i].key, 0, 0, 1, getParams[i].val);
		}else{
			// Update char set
			updateCharSet(getParams[i].val, charSet);
			//ap_rprintf(r,"new char set is %s--\n", charSet);
			update_parameters_character_set(uri, getParams[i].key, charSet);
		}
	}
	
	for(i = 0; i< postSize; i++){
		// save post paramether info into DB
		insert_record_len(uri, postParams[i].key, postParams[i].length);
		// Update characters set for this parameter
		char * charSet = select_parameters_character_set(uri, postParams[i].key);
		if(charSet == NULL){
			// This is the first time to see this parameter
			insert_parameters(uri, postParams[i].key, 0, 0, 1, postParams[i].val);
		}else{
			// Update char set
			updateCharSet(postParams[i].val, charSet);
			update_parameters_character_set(uri, postParams[i].key, charSet);
		}
	}
}
Ejemplo n.º 2
0
requestInfo *getRequestInfo(char buf[])
{
	requestInfo *hRequestInfo;
	hRequestInfo = malloc(sizeof(requestInfo));
	
	int requestLen = strlen(buf);

	/* 获取action */
	char *action;
	char *tmpAction;
	action = malloc(sizeof(char) * 4);
	tmpAction = action;

	/* 获取请求的URL */
	char *file;
	char *tmpFile;
	file = malloc(sizeof(char) * 20);
	tmpFile = file;

	int i;
	int space = 0;
	for (i = 0; i < requestLen; i++) {
		
		if (buf[i] == ' ') {
			space++;
		}

		if (space == 0) {
			*action++ = buf[i];
		}

		if (space == 1 && buf[i] != ' ') {
			*file++ = buf[i];
		}
	}
	*action = '\0';
	*file = '\0';
	
	hRequestInfo->method = malloc(sizeof(char) * 4);
	hRequestInfo->file = malloc(sizeof(char) * 20);
	hRequestInfo->method = tmpAction;
	hRequestInfo->file = tmpFile;
	//if (strcmp(hRequestInfo->file, "/") == 0) {
		hRequestInfo->file = "/index.html";
	//} 
	hRequestInfo->paramsList = getGetParams(tmpFile, strlen(tmpFile));
	return hRequestInfo;
}
// In detection mode, do anomaly detection
int detectRequest(request_rec * r){
	int currentMaxParamsNum = 0;
	apr_off_t getSize = 0;
	apr_off_t postSize = 0;
	Params * getParams = getGetParams(r, &getSize);
	Params * postParams = getPostParms(r, &postSize);
	char * uri = r->uri;
	
	// Update max parameters number for a page
	currentMaxParamsNum = getSize + postSize;
	int maxInDB = select_max_parameter_num(uri);
	if(maxInDB == -1){
		// The request is not store in DB, compare it with all pages max
		maxInDB = select_max_parameter_num_all();
		if(maxInDB < currentMaxParamsNum){
			// exceed max parameter number
			return EXCEEDALLMAXNUM;
		}else{
			return PASSDETECTION;
		}
	}
	if(maxInDB < currentMaxParamsNum){
		// exceed max parameter number
		return EXCEEDMAXPARAMNUM;
	}
	
	int i = 0;
	for(i = 0; i< getSize; i++){
		if(!isKnownParams(uri, getParams[i].key)){
			// The parameter is unknow
			ap_rprintf(r,"<H3>Parameter:'%s' is unknown!</H3>",getParams[i].key);
			return UNKNOWNPRARM;
		}
		if(!isParamsLenLegal(uri, getParams[i].key, getParams[i].length)){
			// parameters length is illegal
			ap_rprintf(r,"<H3>Parameter:'%s' length is illegal!</H3>",getParams[i].key);
			return PARAMLENILLEGAL;
		}
		
		if(!allCharSeen(uri, getParams[i].key,getParams[i].val)){
			// Contains no seen characters
			ap_rprintf(r,"<H3>Parameter:'%s' contains illegal characters!</H3>",getParams[i].key);
			return CONTAINSNOSEENCHAR;
		}
	}
	
	for(i = 0; i< postSize; i++){
		if(!isKnownParams(uri, postParams[i].key)){
			// The parameter is unknow
			ap_rprintf(r,"<H3>Parameter:'%s' is unknown!</H3>",postParams[i].key);
			return UNKNOWNPRARM;
		}
		if(!isParamsLenLegal(uri, postParams[i].key, postParams[i].length)){
			// parameters length is illegal
			ap_rprintf(r,"<H3>Parameter:'%s' length is illegal!</H3>",postParams[i].key);
			return PARAMLENILLEGAL;
		}
		
		if(!allCharSeen(uri, postParams[i].key,postParams[i].val)){
			// Contains no seen characters
			ap_rprintf(r,"<H3>Parameter:'%s' contains illegal characters!</H3>",postParams[i].key);
			return CONTAINSNOSEENCHAR;
		}
	}
	
	return PASSDETECTION;
}