TEST_F(TestIBUtilField, AliasBytestr) { const char s1[] = "hello"; const char s2[] = "bye"; ib_field_t *f; const ib_bytestr_t *obs; ib_status_t rc; ib_bytestr_t *bs; uint8_t *copy; copy = (uint8_t *)ib_mm_strdup(MM(), "x"); rc = ib_field_create_bytestr_alias(&f, MM(), IB_S2SL("foo"), copy, 0); ASSERT_EQ(IB_OK, rc); rc = ib_bytestr_dup_nulstr(&bs, MM(), s1); ASSERT_EQ(IB_OK, rc); rc = ib_field_setv(f, bs); ASSERT_EQ(IB_OK, rc); rc = ib_field_value(f, ib_ftype_bytestr_out(&obs)); ASSERT_EQ(IB_OK, rc); ASSERT_EQ(strlen(s1), ib_bytestr_length(obs)); ASSERT_EQ(0, memcmp(s1, ib_bytestr_const_ptr(obs), ib_bytestr_length(obs)) ); rc = ib_bytestr_dup_nulstr(&bs, MM(), s2); ASSERT_EQ(IB_OK, rc); rc = ib_field_setv(f, bs); ASSERT_EQ(IB_OK, rc); rc = ib_field_value(f, ib_ftype_bytestr_out(&obs)); ASSERT_EQ(IB_OK, rc); ASSERT_EQ(strlen(s2), ib_bytestr_length(obs)); ASSERT_EQ(0, memcmp(s2, ib_bytestr_const_ptr(obs), ib_bytestr_length(obs)) ); }
/** * Add headers to promote closing if get_mode() returns not @ref RUNNING. * * @sa mode_t * * @param[in] ib IronBee Engine. * @param[in] event The shutdown event. */ void on_response_header_data( IronBee::Engine ib, IronBee::Transaction tx, IronBee::Engine::state_e event, IronBee::ParsedHeader header) const { if (get_mode() != RUNNING) { ib_status_t rc = ib_tx_server_header( tx.ib(), IB_SERVER_RESPONSE, IB_HDR_SET, IB_S2SL("Connection"), IB_S2SL("close")); if (rc != IB_OK) { } } }
ib_parsed_headers_t * ib_parsed_headers_gen( ib_mm_t mm, ... ) { ib_parsed_headers_t *hdrs; va_list ap; ib_status_t rc; rc = ib_parsed_headers_create(&hdrs, mm); if (rc != IB_OK) { return NULL; } va_start(ap, mm); for (;;) { const char *name; const char *value; name = va_arg(ap, const char *); if (name == NULL) { break; } value = va_arg(ap, const char *); if (value == NULL) { break; } /* Allocation errors are fatal. */ rc = ib_parsed_headers_add(hdrs, IB_S2SL(name), IB_S2SL(value)); if (rc != IB_OK) { va_end(ap); return NULL; } } va_end(ap); return hdrs; }
/// @test Test util field library - ib_field_create() ib_field_create() TEST_F(TestIBUtilField, test_field_create) { ib_field_t *f; ib_status_t rc; const char *nulstrval = "TestValue"; ib_num_t numval = 5; ib_bytestr_t *bytestrval; const char *nulout; const char *nulcopy; nulcopy = ib_mm_strdup(MM(), nulstrval); ASSERT_STRNE(NULL, nulcopy); rc = ib_field_create(&f, MM(), IB_S2SL("test_nulstr"), IB_FTYPE_NULSTR, ib_ftype_nulstr_in(nulcopy)); ASSERT_EQ(IB_OK, rc); ASSERT_TRUE(f); ASSERT_EQ(11UL, f->nlen); ASSERT_EQ(0, memcmp("test_nulstr", f->name, 11)); rc = ib_field_value(f, ib_ftype_nulstr_out(&nulout)); ASSERT_EQ(IB_OK, rc); ASSERT_STREQ(nulstrval, nulout); rc = ib_field_create(&f, MM(), IB_S2SL("test_num"), IB_FTYPE_NUM, ib_ftype_num_in(&numval)); ASSERT_EQ(IB_OK, rc); ASSERT_TRUE(f); ASSERT_EQ(8UL, f->nlen); ASSERT_EQ(0, memcmp("test_num", f->name, 8)); rc = ib_bytestr_dup_mem(&bytestrval, MM(), (uint8_t *)nulstrval, strlen(nulstrval)); ASSERT_EQ(IB_OK, rc); ASSERT_TRUE(f); rc = ib_field_create(&f, MM(), IB_S2SL("test_bytestr"), IB_FTYPE_BYTESTR, ib_ftype_bytestr_in(bytestrval)); ASSERT_EQ(IB_OK, rc); ASSERT_TRUE(f); ASSERT_EQ(12UL, f->nlen); ASSERT_EQ(0, memcmp("test_bytestr", f->name, 12)); rc = ib_field_create(&f, MM(), IB_S2SL("test_nulstr_ex"), IB_FTYPE_NULSTR, ib_ftype_nulstr_in(nulstrval)); ASSERT_EQ(IB_OK, rc); ASSERT_TRUE(f); rc = ib_field_create(&f, MM(), IB_S2SL("test_num_ex"), IB_FTYPE_NUM, ib_ftype_num_in(&numval)); ASSERT_EQ(IB_OK, rc); ASSERT_TRUE(f); rc = ib_field_create(&f, MM(), IB_S2SL("test_bytestr_ex"), IB_FTYPE_BYTESTR, ib_ftype_bytestr_in(bytestrval)); ASSERT_EQ(IB_OK, rc); ASSERT_TRUE(f); }
/// @test Test util field library - ib_field_from_string() TEST_F(TestIBUtilField, test_field_from_string) { ib_field_t *f; ib_status_t rc; ib_num_t fnum; ib_float_t ffloat; const char *fnulstr; rc = ib_field_from_string(MM(), IB_S2SL("test_num"), "11", &f); ASSERT_EQ(IB_OK, rc); ASSERT_TRUE(f); ASSERT_EQ(IB_FTYPE_NUM, f->type); ASSERT_EQ(IB_OK, ib_field_value(f, ib_ftype_num_out(&fnum))); ASSERT_EQ(11, fnum); rc = ib_field_from_string(MM(), IB_S2SL("test_num"), "-11", &f); ASSERT_EQ(IB_OK, rc); ASSERT_TRUE(f); ASSERT_EQ(IB_FTYPE_NUM, f->type); ASSERT_EQ(IB_OK, ib_field_value(f, ib_ftype_num_out(&fnum))); ASSERT_EQ(-11, fnum); rc = ib_field_from_string(MM(), IB_S2SL("test_float"), "1.0", &f); ASSERT_EQ(IB_OK, rc); ASSERT_TRUE(f); ASSERT_EQ(IB_FTYPE_FLOAT, f->type); ASSERT_EQ(IB_OK, ib_field_value(f, ib_ftype_float_out(&ffloat))); ASSERT_EQ(1.0, ffloat); rc = ib_field_from_string(MM(), IB_S2SL("test_num"), "-1.0", &f); ASSERT_EQ(IB_OK, rc); ASSERT_TRUE(f); ASSERT_EQ(IB_FTYPE_FLOAT, f->type); ASSERT_EQ(IB_OK, ib_field_value(f, ib_ftype_float_out(&ffloat))); ASSERT_EQ(-1.0, ffloat); rc = ib_field_from_string(MM(), IB_S2SL("test_str"), "x", &f); ASSERT_EQ(IB_OK, rc); ASSERT_TRUE(f); ASSERT_EQ(IB_FTYPE_NULSTR, f->type); ASSERT_EQ(IB_OK, ib_field_value(f, ib_ftype_nulstr_out(&fnulstr))); ASSERT_STREQ("x", fnulstr); rc = ib_field_from_string(MM(), IB_S2SL("test_str"), "-1.1x", &f); ASSERT_EQ(IB_OK, rc); ASSERT_TRUE(f); ASSERT_EQ(IB_FTYPE_NULSTR, f->type); ASSERT_EQ(IB_OK, ib_field_value(f, ib_ftype_nulstr_out(&fnulstr))); ASSERT_STREQ("-1.1x", fnulstr); }
int ib_bytestr_index_of_c( const ib_bytestr_t *haystack, const char *needle ) { const uint8_t* haystack_data = ib_bytestr_const_ptr(haystack); const char *found; /* Let ib_strstr() do the heavy lifting */ found = ib_strstr( (const char *)haystack_data, ib_bytestr_length(haystack), IB_S2SL(needle) ); /* Return the offset (or -1) */ if (found != NULL) { return found - (const char *)haystack_data; } else { return -1; } }
virtual void SetUp() { ib_status_t rc; const char *s1 = "string 1"; const char *s2 = "string 2"; BaseTransactionFixture::SetUp(); configureIronBee(); performTx(); ib_mm_t mm = ib_engine_mm_main_get(ib_engine); char* str1 = (char *)ib_mm_alloc(mm, (strlen(s1)+1)); if (str1 == NULL) { throw std::runtime_error("Could not allocate string 1."); } strcpy(str1, s1); char* str2 = (char *)ib_mm_alloc(mm, (strlen(s2)+1)); if (str1 == NULL) { throw std::runtime_error("Could not allocate string 2."); } strcpy(str2, s2); // Create field 1. rc = ib_field_create(&field1, mm, IB_S2SL("field1"), IB_FTYPE_NULSTR, ib_ftype_nulstr_in(str1)); if (rc != IB_OK) { throw std::runtime_error("Could not initialize field1."); } // Create field 2. rc = ib_field_create(&field2, mm, IB_S2SL("field2"), IB_FTYPE_NULSTR, ib_ftype_nulstr_in(str2)); if (rc != IB_OK) { throw std::runtime_error("Could not initialize field2."); } /* Create rule 1 */ rc = ib_rule_create(ib_engine, ib_context_engine(ib_engine), __FILE__, __LINE__, true, &rule1); if (rc != IB_OK) { throw std::runtime_error("Could not create rule1."); } rc = ib_rule_set_id(ib_engine, rule1, "rule1"); if (rc != IB_OK) { throw std::runtime_error("Could not set ID for rule1."); } /* Create the rule execution object #1 */ memset(&rule_exec1, 0, sizeof(rule_exec1)); rule_exec1.ib = ib_engine; rule_exec1.tx = ib_tx; rule_exec1.rule = rule1; /* Create rule 2 */ rc = (ib_rule_create(ib_engine, ib_context_engine(ib_engine), __FILE__, __LINE__, true, &rule2)); if (rc != IB_OK) { throw std::runtime_error("Could not create rule2."); } rc = ib_rule_set_id(ib_engine, rule2, "rule2"); if (rc != IB_OK) { throw std::runtime_error("Could not set ID for rule2."); } rule2->flags |= IB_RULE_FLAG_CAPTURE; /* Create the rule execution object #1 */ memset(&rule_exec2, 0, sizeof(rule_exec2)); rule_exec2.ib = ib_engine; rule_exec2.tx = ib_tx; rule_exec2.rule = rule2; }
TEST_F(PcreModuleTest, test_pcre_operator) { ib_field_t *outfield; ib_num_t result; ib_field_t *capture; const ib_operator_t *op; ib_operator_inst_t *opinst; ASSERT_EQ(IB_OK, ib_operator_lookup(ib_engine, IB_S2SL("pcre"), &op)); // Create the operator instance. ASSERT_EQ( IB_OK, ib_operator_inst_create( &opinst, ib_engine_mm_main_get(ib_engine), ib_context_main(ib_engine), op, IB_OP_CAPABILITY_NONE, "string\\s2" ) ); // Attempt to match. ASSERT_EQ( IB_OK, ib_operator_inst_execute( opinst, rule_exec1.tx, field1, NULL, &result ) ); // We should fail. ASSERT_FALSE(result); // Attempt to match again. ASSERT_EQ( IB_OK, ib_operator_inst_execute( opinst, rule_exec1.tx, field2, NULL, &result ) ); // This time we should succeed. ASSERT_TRUE(result); // Should be no capture set */ outfield = getTarget1(IB_TX_CAPTURE":0"); ASSERT_FALSE(outfield); // Create the operator instance. ASSERT_EQ( IB_OK, ib_operator_inst_create( &opinst, ib_engine_mm_main_get(ib_engine), ib_context_main(ib_engine), op, IB_OP_CAPABILITY_NONE, "(string 2)" ) ); // Attempt to match. ASSERT_EQ( IB_OK, ib_operator_inst_execute( opinst, rule_exec1.tx, field1, NULL, &result ) ); // We should fail. ASSERT_FALSE(result); // Attempt to match again. ASSERT_EQ( IB_OK, ib_operator_inst_execute( opinst, rule_exec1.tx, field2, NULL, &result ) ); // This time we should succeed. ASSERT_TRUE(result); // Should be no capture (CAPTURE flag not set for rule 1) outfield = getTarget1(IB_TX_CAPTURE":0"); ASSERT_FALSE(outfield); // Create the operator instance. ASSERT_EQ( IB_OK, ib_operator_inst_create( &opinst, ib_engine_mm_main_get(ib_engine), ib_context_main(ib_engine), op, IB_OP_CAPABILITY_NONE, "(string 2)" ) ); ASSERT_EQ(IB_OK, ib_capture_acquire( rule_exec2.tx, NULL, &capture)); // Attempt to match again. ASSERT_EQ( IB_OK, ib_operator_inst_execute( opinst, rule_exec1.tx, field2, capture, &result ) ); // This time we should succeed. ASSERT_TRUE(result); // Should be a capture (CAPTURE flag is set for rule 2) outfield = getTarget1(IB_TX_CAPTURE":0"); ASSERT_TRUE(outfield); }
TEST_F(PcreModuleTest, test_load_module) { const ib_operator_t *op; ASSERT_EQ(IB_OK, ib_operator_lookup(ib_engine, IB_S2SL("pcre"), &op)); }
/* Called when module is loaded. */ static ib_status_t geoip_init(ib_engine_t *ib, ib_module_t *m, void *cbdata) { ib_status_t rc; GeoIP *geoip_db = NULL; module_data_t *mod_data; mod_data = ib_mpool_calloc(ib_engine_pool_main_get(ib), sizeof(*mod_data), 1); if (mod_data == NULL) { return IB_EALLOC; } ib_log_debug(ib, "Initializing default GeoIP database..."); geoip_db = GeoIP_new(GEOIP_MMAP_CACHE); if (geoip_db == NULL) { ib_log_debug(ib, "Failed to initialize GeoIP database."); return IB_EUNKNOWN; } ib_log_debug(ib, "Initializing GeoIP database complete."); ib_log_debug(ib, "Registering handler..."); /* Store off pointer to our module data structure */ mod_data->geoip_db = geoip_db; /* And point the generic module data at it */ m->data = mod_data; rc = ib_hook_tx_register(ib, handle_context_tx_event, geoip_lookup, mod_data); if (rc != IB_OK) { ib_log_debug( ib, "Failed to register tx hook: %s", ib_status_to_string(rc)); return rc; } ib_log_debug(ib, "Done registering handler."); rc = ib_var_source_register( &(mod_data->geoip_source), ib_engine_var_config_get(ib), IB_S2SL("GEOIP"), IB_PHASE_NONE, IB_PHASE_NONE ); if (rc != IB_OK) { ib_log_warning(ib, "GeoIP failed to register \"GEOIP\" var: %s", ib_status_to_string(rc) ); /* Continue */ } if (rc != IB_OK) { ib_log_debug(ib, "Failed to load GeoIP module."); return rc; } geoip_directive_map[0].cbdata_cb = mod_data; ib_log_debug(ib, "GeoIP module loaded."); return IB_OK; }
///@test Test util field library - ib_field_dyn_register_get() TEST_F(TestIBUtilField, test_dyn_field) { ib_field_t *dynf; ib_field_t *cdynf; ib_status_t rc; const char *fval; /* Create a field with no initial value. */ rc = ib_field_create_dynamic( &dynf, MM(), IB_S2SL("test_dynf"), IB_FTYPE_NULSTR, dyn_get, (void *)"dynf_get", dyn_set, (void *)"dynf_set" ); ASSERT_EQ(IB_OK, rc); ASSERT_TRUE(dynf); ASSERT_EQ(9UL, dynf->nlen); ASSERT_EQ(0, memcmp("test_dynf", dynf->name, 9)); /* Get the value from the dynamic field. */ rc = ib_field_value_ex(dynf, ib_ftype_nulstr_out(&fval), (void *)"fetch1", 6 ); ASSERT_EQ(IB_OK, rc); ASSERT_TRUE(fval); ASSERT_EQ( std::string("testval_dynf_get_fetch1_call01"), fval ); /* Get the value from the dynamic field again. */ rc = ib_field_value_ex(dynf, ib_ftype_nulstr_out(&fval), (void *)"fetch2", 6 ); ASSERT_EQ(IB_OK, rc); ASSERT_TRUE(fval); ASSERT_EQ( std::string("testval_dynf_get_fetch2_call02"), fval ); /* Set */ rc = ib_field_setv_ex(dynf, (void *)"val1", (void *)"set1", 4); ASSERT_EQ(IB_OK, rc); ASSERT_EQ(std::string("testval_dynf_set_set1_val1_call03"), g_dyn_call_val); /* Reset call counter. */ g_dyn_call_count = 0; /* Create another field with no initial value. */ rc = ib_field_create_dynamic( &cdynf, MM(), IB_S2SL("test_cdynf"), IB_FTYPE_NULSTR, dyn_get_cached, (void *)("cdynf_get"), dyn_set, NULL ); ASSERT_EQ(IB_OK, rc); ASSERT_TRUE(cdynf); ASSERT_EQ(10UL, cdynf->nlen); ASSERT_EQ(0, memcmp("test_cdynf", cdynf->name, 10)); /* Get the value from the dynamic field. */ rc = ib_field_value_ex(cdynf, ib_ftype_nulstr_out(&fval), (void *)"fetch1", 6 ); ASSERT_EQ(IB_OK, rc); ASSERT_TRUE(fval); ASSERT_EQ( std::string("testval_cdynf_get_fetch1_call01"), fval ); /* Get the value from the dynamic field again. */ rc = ib_field_value_ex(cdynf, ib_ftype_nulstr_out(&fval), NULL, 0 ); ASSERT_EQ(IB_OK, rc); ASSERT_TRUE(fval); ASSERT_EQ( std::string("testval_cdynf_get_fetch1_call01"), fval ); }
ConstField get(ConstContext ctx, const char* key) { return get(ctx, IB_S2SL(key)); }
/** * Called to initialize the user agent module (when the module is loaded). * * Registers a handler for the request_header_finished_event event. * * @param[in,out] ib IronBee object * @param[in] m Module object * @param[in] cbdata (unused) * * @returns Status code */ static ib_status_t modua_init(ib_engine_t *ib, ib_module_t *m, void *cbdata) { ib_status_t rc; modua_match_rule_t *failed_rule; unsigned int failed_frule_num; /* Register the user agent callback */ rc = ib_hook_tx_register(ib, request_header_finished_event, modua_user_agent, m); if (rc != IB_OK) { ib_log_error(ib, "Hook register returned %s", ib_status_to_string(rc)); } /* Register the remote address callback */ rc = ib_hook_tx_register(ib, request_header_finished_event, modua_remoteip, m); if (rc != IB_OK) { ib_log_error(ib, "Hook register returned %s", ib_status_to_string(rc)); } /* Initializations */ rc = modua_ruleset_init(&failed_rule, &failed_frule_num); if (rc != IB_OK) { ib_log_error(ib, "User agent rule initialization failed" " on rule %s field rule #%d: %s", failed_rule->label, failed_frule_num, ib_status_to_string(rc)); } /* Get the rules */ modua_match_ruleset = modua_ruleset_get( ); if (modua_match_ruleset == NULL) { ib_log_error(ib, "Failed to get user agent rule list: %s", ib_status_to_string(rc)); return rc; } ib_log_debug(ib, "Found %d match rules", modua_match_ruleset->num_rules); rc = ib_var_source_register( NULL, ib_engine_var_config_get(ib), IB_S2SL("remote_addr"), IB_PHASE_NONE, IB_PHASE_NONE ); if (rc != IB_OK && rc != IB_EEXIST) { ib_log_warning(ib, "User agent failed to register \"remote_addr\": %s", ib_status_to_string(rc) ); /* Continue. */ } rc = ib_var_source_register( NULL, ib_engine_var_config_get(ib), IB_S2SL("UA"), IB_PHASE_NONE, IB_PHASE_NONE ); if (rc != IB_OK) { ib_log_warning(ib, "User agent failed to register \"UA\": %s", ib_status_to_string(rc) ); /* Continue. */ } rc = ib_hook_context_register(ib, context_close_event, modua_ctx_close, m); if (rc != IB_OK) { ib_log_error(ib, "Could not register context close hook: %s", ib_status_to_string(rc)); return rc; } return IB_OK; }
/** * Called at context close. Initialized user-agent target. * * @param[in] ib Engine * @param[in] ctx Context * @param[in] event Event triggering the callback * @param[in] cbdata Callback data (module). * * @returns Status code */ static ib_status_t modua_ctx_close( ib_engine_t *ib, ib_context_t *ctx, ib_state_event_type_t event, void *cbdata ) { ib_module_t *m = (ib_module_t *)cbdata; if (ib_context_type(ctx) == IB_CTYPE_MAIN) { modua_config_t *cfg; ib_var_target_t *target; ib_status_t rc; rc = ib_context_module_config(ctx, m, &cfg); if (rc != IB_OK) { ib_log_error(ib, "Can't fetch configuration: %s", ib_status_to_string(rc)); return rc; } rc = ib_var_target_acquire_from_string( &target, ib_engine_pool_main_get(ib), ib_engine_var_config_get(ib), IB_S2SL("request_headers:User-Agent"), NULL, NULL ); if (rc != IB_OK) { ib_log_error(ib, "Error acquiring target for User-Agent header: %s", ib_status_to_string(rc)); return rc; } cfg->user_agent = target; rc = ib_var_target_acquire_from_string( &target, ib_engine_pool_main_get(ib), ib_engine_var_config_get(ib), IB_S2SL("request_headers:X-Forwarded-For"), NULL, NULL ); if (rc != IB_OK) { ib_log_error(ib, "Error acquiring target for X-Forwarded-For header: %s", ib_status_to_string(rc)); return rc; } cfg->forwarded_for = target; rc = ib_var_source_acquire( &(cfg->remote_addr), ib_engine_pool_main_get(ib), ib_engine_var_config_get(ib), IB_S2SL("remote_addr") ); if (rc != IB_OK) { ib_log_error(ib, "Error acquiring source for remote_addr" " header: %s", ib_status_to_string(rc)); return rc; } } return IB_OK; }
/** * Parse the user agent header, splitting into component fields. * * Attempt to tokenize the user agent string passed in, storing the * result in the DPI associated with the transaction. * * @param[in] ib IronBee object * @param[in,out] tx Transaction object * @param[in] bs Byte string containing the agent string * * @returns Status code */ static ib_status_t modua_agent_fields(ib_engine_t *ib, ib_tx_t *tx, const ib_bytestr_t *bs) { const modua_match_rule_t *rule = NULL; ib_field_t *agent_list = NULL; char *product = NULL; char *platform = NULL; char *extra = NULL; char *agent; char *buf; size_t len; ib_status_t rc; ib_var_source_t *source; /* Get the length of the byte string */ len = ib_bytestr_length(bs); /* Allocate memory for a copy of the string to split up below. */ buf = (char *)ib_mpool_calloc(tx->mp, 1, len+1); if (buf == NULL) { ib_log_error_tx(tx, "Failed to allocate %zd bytes for agent string", len+1); return IB_EALLOC; } /* Copy the string out */ memcpy(buf, ib_bytestr_const_ptr(bs), len); buf[len] = '\0'; ib_log_debug_tx(tx, "Found user agent: '%s'", buf); /* Copy the agent string */ agent = (char *)ib_mpool_strdup(tx->mp, buf); if (agent == NULL) { ib_log_error_tx(tx, "Failed to allocate copy of agent string"); return IB_EALLOC; } /* Parse the user agent string */ rc = modua_parse_uastring(buf, &product, &platform, &extra); if (rc != IB_OK) { ib_log_debug_tx(tx, "Failed to parse User Agent string '%s'", agent); return IB_OK; } /* Categorize the parsed string */ rule = modua_match_cat_rules(product, platform, extra); if (rule == NULL) { ib_log_debug_tx(tx, "No rule matched" ); } else { ib_log_debug_tx(tx, "Matched to rule #%d / category '%s'", rule->rule_num, rule->category ); } /* Build a new list. */ rc = ib_var_source_acquire( &source, tx->mp, ib_engine_var_config_get(ib), IB_S2SL("UA") ); if (rc != IB_OK) { ib_log_alert_tx(tx, "Unable to acquire source for UserAgent list."); return rc; } rc = ib_var_source_initialize( source, &agent_list, tx->var_store, IB_FTYPE_LIST ); if (rc != IB_OK) { ib_log_alert_tx(tx, "Unable to add UserAgent list to DPI."); return rc; } /* Store Agent */ rc = modua_store_field(ib, tx->mp, agent_list, "agent", agent); if (rc != IB_OK) { return rc; } /* Store product */ rc = modua_store_field(ib, tx->mp, agent_list, "PRODUCT", product); if (rc != IB_OK) { return rc; } /* Store Platform */ rc = modua_store_field(ib, tx->mp, agent_list, "OS", platform); if (rc != IB_OK) { return rc; } /* Store Extra */ rc = modua_store_field(ib, tx->mp, agent_list, "extra", extra); if (rc != IB_OK) { return rc; } /* Store Extra */ if (rule != NULL) { rc = modua_store_field(ib, tx->mp, agent_list, "category", rule->category); } else { rc = modua_store_field(ib, tx->mp, agent_list, "category", NULL ); } if (rc != IB_OK) { return rc; } /* Done */ return IB_OK; }
static ib_status_t sqli_op_execute( ib_tx_t *tx, const ib_field_t *field, ib_field_t *capture, ib_num_t *result, void *instance_data, void *cbdata ) { assert(tx != NULL); assert(field != NULL); assert(result != NULL); const sqli_fingerprint_set_t *ps = (const sqli_fingerprint_set_t *)instance_data; sfilter sf; ib_bytestr_t *bs; ib_status_t rc; sqli_callback_data_t callback_data; *result = 0; /* Currently only bytestring types are supported. * Other types will just get passed through. */ if (field->type != IB_FTYPE_BYTESTR) { return IB_OK; } rc = ib_field_value(field, ib_ftype_bytestr_mutable_out(&bs)); if (rc != IB_OK) { return rc; } /* Run through libinjection. */ libinjection_sqli_init( &sf, (const char *)ib_bytestr_const_ptr(bs), ib_bytestr_length(bs), FLAG_NONE ); callback_data.confidence = 0; callback_data.fingerprint_set = NULL; if (ps != NULL) { callback_data.fingerprint_set = ps; libinjection_sqli_callback(&sf, sqli_lookup_word, (void *)&callback_data); } if (libinjection_is_sqli(&sf)) { ib_log_debug_tx(tx, "Matched SQLi fingerprint: %s", sf.fingerprint); *result = 1; } if (*result == 1 && capture != NULL) { { ib_field_t *fingerprint_field; size_t fingerprint_length = strlen(sf.fingerprint); const uint8_t *fingerprint; fingerprint = ib_mm_memdup( tx->mm, sf.fingerprint, fingerprint_length ); if (fingerprint == NULL) { return IB_EALLOC; } rc = ib_field_create_bytestr_alias( &fingerprint_field, tx->mm, IB_S2SL("fingerprint"), fingerprint, fingerprint_length ); if (rc != IB_OK) { return rc; } rc = ib_field_list_add(capture, fingerprint_field); if (rc != IB_OK) { return rc; } } { ib_field_t *confidence_field; rc = ib_field_create( &confidence_field, tx->mm, IB_S2SL("confidence"), IB_FTYPE_NUM, ib_ftype_num_in(&callback_data.confidence) ); if (rc != IB_OK) { return rc; } rc = ib_field_list_add(capture, confidence_field); if (rc != IB_OK) { return rc; } } } return IB_OK; }