TEST_F(TestIBUtilField, AliasBytestr)
{
const char s1[] = "hello";
const char s2[] = "bye";
ib_field_t *f;
const ib_bytestr_t *obs;
ib_status_t rc;
ib_bytestr_t *bs;
uint8_t *copy;
copy = (uint8_t *)ib_mm_strdup(MM(), "x");
rc = ib_field_create_bytestr_alias(&f, MM(),
IB_S2SL("foo"), copy, 0);
ASSERT_EQ(IB_OK, rc);
rc = ib_bytestr_dup_nulstr(&bs, MM(), s1);
ASSERT_EQ(IB_OK, rc);
rc = ib_field_setv(f, bs);
ASSERT_EQ(IB_OK, rc);
rc = ib_field_value(f, ib_ftype_bytestr_out(&obs));
ASSERT_EQ(IB_OK, rc);
ASSERT_EQ(strlen(s1), ib_bytestr_length(obs));
ASSERT_EQ(0, memcmp(s1,
ib_bytestr_const_ptr(obs), ib_bytestr_length(obs)) );
rc = ib_bytestr_dup_nulstr(&bs, MM(), s2);
ASSERT_EQ(IB_OK, rc);
rc = ib_field_setv(f, bs);
ASSERT_EQ(IB_OK, rc);
rc = ib_field_value(f, ib_ftype_bytestr_out(&obs));
ASSERT_EQ(IB_OK, rc);
ASSERT_EQ(strlen(s2), ib_bytestr_length(obs));
ASSERT_EQ(0, memcmp(s2,
ib_bytestr_const_ptr(obs), ib_bytestr_length(obs)) );
}
/**
* Add headers to promote closing if get_mode() returns not @ref RUNNING.
*
* @sa mode_t
*
* @param[in] ib IronBee Engine.
* @param[in] event The shutdown event.
*/
void on_response_header_data(
IronBee::Engine ib,
IronBee::Transaction tx,
IronBee::Engine::state_e event,
IronBee::ParsedHeader header) const
{
if (get_mode() != RUNNING) {
ib_status_t rc = ib_tx_server_header(
tx.ib(),
IB_SERVER_RESPONSE,
IB_HDR_SET,
IB_S2SL("Connection"),
IB_S2SL("close"));
if (rc != IB_OK) {
}
}
}
ib_parsed_headers_t * ib_parsed_headers_gen(
ib_mm_t mm,
...
)
{
ib_parsed_headers_t *hdrs;
va_list ap;
ib_status_t rc;
rc = ib_parsed_headers_create(&hdrs, mm);
if (rc != IB_OK) {
return NULL;
}
va_start(ap, mm);
for (;;) {
const char *name;
const char *value;
name = va_arg(ap, const char *);
if (name == NULL) {
break;
}
value = va_arg(ap, const char *);
if (value == NULL) {
break;
}
/* Allocation errors are fatal. */
rc = ib_parsed_headers_add(hdrs, IB_S2SL(name), IB_S2SL(value));
if (rc != IB_OK) {
va_end(ap);
return NULL;
}
}
va_end(ap);
return hdrs;
}
/// @test Test util field library - ib_field_create() ib_field_create()
TEST_F(TestIBUtilField, test_field_create)
{
ib_field_t *f;
ib_status_t rc;
const char *nulstrval = "TestValue";
ib_num_t numval = 5;
ib_bytestr_t *bytestrval;
const char *nulout;
const char *nulcopy;
nulcopy = ib_mm_strdup(MM(), nulstrval);
ASSERT_STRNE(NULL, nulcopy);
rc = ib_field_create(&f, MM(), IB_S2SL("test_nulstr"),
IB_FTYPE_NULSTR, ib_ftype_nulstr_in(nulcopy));
ASSERT_EQ(IB_OK, rc);
ASSERT_TRUE(f);
ASSERT_EQ(11UL, f->nlen);
ASSERT_EQ(0, memcmp("test_nulstr", f->name, 11));
rc = ib_field_value(f, ib_ftype_nulstr_out(&nulout));
ASSERT_EQ(IB_OK, rc);
ASSERT_STREQ(nulstrval, nulout);
rc = ib_field_create(&f, MM(), IB_S2SL("test_num"),
IB_FTYPE_NUM, ib_ftype_num_in(&numval));
ASSERT_EQ(IB_OK, rc);
ASSERT_TRUE(f);
ASSERT_EQ(8UL, f->nlen);
ASSERT_EQ(0, memcmp("test_num", f->name, 8));
rc = ib_bytestr_dup_mem(&bytestrval, MM(),
(uint8_t *)nulstrval, strlen(nulstrval));
ASSERT_EQ(IB_OK, rc);
ASSERT_TRUE(f);
rc = ib_field_create(&f, MM(), IB_S2SL("test_bytestr"),
IB_FTYPE_BYTESTR, ib_ftype_bytestr_in(bytestrval));
ASSERT_EQ(IB_OK, rc);
ASSERT_TRUE(f);
ASSERT_EQ(12UL, f->nlen);
ASSERT_EQ(0, memcmp("test_bytestr", f->name, 12));
rc = ib_field_create(&f, MM(), IB_S2SL("test_nulstr_ex"),
IB_FTYPE_NULSTR, ib_ftype_nulstr_in(nulstrval));
ASSERT_EQ(IB_OK, rc);
ASSERT_TRUE(f);
rc = ib_field_create(&f, MM(), IB_S2SL("test_num_ex"),
IB_FTYPE_NUM, ib_ftype_num_in(&numval));
ASSERT_EQ(IB_OK, rc);
ASSERT_TRUE(f);
rc = ib_field_create(&f, MM(), IB_S2SL("test_bytestr_ex"),
IB_FTYPE_BYTESTR, ib_ftype_bytestr_in(bytestrval));
ASSERT_EQ(IB_OK, rc);
ASSERT_TRUE(f);
}
/// @test Test util field library - ib_field_from_string()
TEST_F(TestIBUtilField, test_field_from_string)
{
ib_field_t *f;
ib_status_t rc;
ib_num_t fnum;
ib_float_t ffloat;
const char *fnulstr;
rc = ib_field_from_string(MM(), IB_S2SL("test_num"),
"11", &f);
ASSERT_EQ(IB_OK, rc);
ASSERT_TRUE(f);
ASSERT_EQ(IB_FTYPE_NUM, f->type);
ASSERT_EQ(IB_OK, ib_field_value(f, ib_ftype_num_out(&fnum)));
ASSERT_EQ(11, fnum);
rc = ib_field_from_string(MM(), IB_S2SL("test_num"),
"-11", &f);
ASSERT_EQ(IB_OK, rc);
ASSERT_TRUE(f);
ASSERT_EQ(IB_FTYPE_NUM, f->type);
ASSERT_EQ(IB_OK, ib_field_value(f, ib_ftype_num_out(&fnum)));
ASSERT_EQ(-11, fnum);
rc = ib_field_from_string(MM(), IB_S2SL("test_float"),
"1.0", &f);
ASSERT_EQ(IB_OK, rc);
ASSERT_TRUE(f);
ASSERT_EQ(IB_FTYPE_FLOAT, f->type);
ASSERT_EQ(IB_OK, ib_field_value(f, ib_ftype_float_out(&ffloat)));
ASSERT_EQ(1.0, ffloat);
rc = ib_field_from_string(MM(), IB_S2SL("test_num"),
"-1.0", &f);
ASSERT_EQ(IB_OK, rc);
ASSERT_TRUE(f);
ASSERT_EQ(IB_FTYPE_FLOAT, f->type);
ASSERT_EQ(IB_OK, ib_field_value(f, ib_ftype_float_out(&ffloat)));
ASSERT_EQ(-1.0, ffloat);
rc = ib_field_from_string(MM(), IB_S2SL("test_str"),
"x", &f);
ASSERT_EQ(IB_OK, rc);
ASSERT_TRUE(f);
ASSERT_EQ(IB_FTYPE_NULSTR, f->type);
ASSERT_EQ(IB_OK, ib_field_value(f, ib_ftype_nulstr_out(&fnulstr)));
ASSERT_STREQ("x", fnulstr);
rc = ib_field_from_string(MM(), IB_S2SL("test_str"),
"-1.1x", &f);
ASSERT_EQ(IB_OK, rc);
ASSERT_TRUE(f);
ASSERT_EQ(IB_FTYPE_NULSTR, f->type);
ASSERT_EQ(IB_OK, ib_field_value(f, ib_ftype_nulstr_out(&fnulstr)));
ASSERT_STREQ("-1.1x", fnulstr);
}
int ib_bytestr_index_of_c(
const ib_bytestr_t *haystack,
const char *needle
)
{
const uint8_t* haystack_data = ib_bytestr_const_ptr(haystack);
const char *found;
/* Let ib_strstr() do the heavy lifting */
found = ib_strstr( (const char *)haystack_data,
ib_bytestr_length(haystack),
IB_S2SL(needle) );
/* Return the offset (or -1) */
if (found != NULL) {
return found - (const char *)haystack_data;
}
else {
return -1;
}
}
virtual void SetUp()
{
ib_status_t rc;
const char *s1 = "string 1";
const char *s2 = "string 2";
BaseTransactionFixture::SetUp();
configureIronBee();
performTx();
ib_mm_t mm = ib_engine_mm_main_get(ib_engine);
char* str1 = (char *)ib_mm_alloc(mm, (strlen(s1)+1));
if (str1 == NULL) {
throw std::runtime_error("Could not allocate string 1.");
}
strcpy(str1, s1);
char* str2 = (char *)ib_mm_alloc(mm, (strlen(s2)+1));
if (str1 == NULL) {
throw std::runtime_error("Could not allocate string 2.");
}
strcpy(str2, s2);
// Create field 1.
rc = ib_field_create(&field1,
mm,
IB_S2SL("field1"),
IB_FTYPE_NULSTR,
ib_ftype_nulstr_in(str1));
if (rc != IB_OK) {
throw std::runtime_error("Could not initialize field1.");
}
// Create field 2.
rc = ib_field_create(&field2,
mm,
IB_S2SL("field2"),
IB_FTYPE_NULSTR,
ib_ftype_nulstr_in(str2));
if (rc != IB_OK) {
throw std::runtime_error("Could not initialize field2.");
}
/* Create rule 1 */
rc = ib_rule_create(ib_engine,
ib_context_engine(ib_engine),
__FILE__,
__LINE__,
true,
&rule1);
if (rc != IB_OK) {
throw std::runtime_error("Could not create rule1.");
}
rc = ib_rule_set_id(ib_engine, rule1, "rule1");
if (rc != IB_OK) {
throw std::runtime_error("Could not set ID for rule1.");
}
/* Create the rule execution object #1 */
memset(&rule_exec1, 0, sizeof(rule_exec1));
rule_exec1.ib = ib_engine;
rule_exec1.tx = ib_tx;
rule_exec1.rule = rule1;
/* Create rule 2 */
rc = (ib_rule_create(ib_engine,
ib_context_engine(ib_engine),
__FILE__,
__LINE__,
true,
&rule2));
if (rc != IB_OK) {
throw std::runtime_error("Could not create rule2.");
}
rc = ib_rule_set_id(ib_engine, rule2, "rule2");
if (rc != IB_OK) {
throw std::runtime_error("Could not set ID for rule2.");
}
rule2->flags |= IB_RULE_FLAG_CAPTURE;
/* Create the rule execution object #1 */
memset(&rule_exec2, 0, sizeof(rule_exec2));
rule_exec2.ib = ib_engine;
rule_exec2.tx = ib_tx;
rule_exec2.rule = rule2;
}
TEST_F(PcreModuleTest, test_pcre_operator)
{
ib_field_t *outfield;
ib_num_t result;
ib_field_t *capture;
const ib_operator_t *op;
ib_operator_inst_t *opinst;
ASSERT_EQ(IB_OK, ib_operator_lookup(ib_engine, IB_S2SL("pcre"), &op));
// Create the operator instance.
ASSERT_EQ(
IB_OK,
ib_operator_inst_create(
&opinst,
ib_engine_mm_main_get(ib_engine),
ib_context_main(ib_engine),
op,
IB_OP_CAPABILITY_NONE,
"string\\s2"
)
);
// Attempt to match.
ASSERT_EQ(
IB_OK,
ib_operator_inst_execute(
opinst,
rule_exec1.tx,
field1,
NULL,
&result
)
);
// We should fail.
ASSERT_FALSE(result);
// Attempt to match again.
ASSERT_EQ(
IB_OK,
ib_operator_inst_execute(
opinst,
rule_exec1.tx,
field2,
NULL,
&result
)
);
// This time we should succeed.
ASSERT_TRUE(result);
// Should be no capture set */
outfield = getTarget1(IB_TX_CAPTURE":0");
ASSERT_FALSE(outfield);
// Create the operator instance.
ASSERT_EQ(
IB_OK,
ib_operator_inst_create(
&opinst,
ib_engine_mm_main_get(ib_engine),
ib_context_main(ib_engine),
op,
IB_OP_CAPABILITY_NONE,
"(string 2)"
)
);
// Attempt to match.
ASSERT_EQ(
IB_OK,
ib_operator_inst_execute(
opinst,
rule_exec1.tx,
field1,
NULL,
&result
)
);
// We should fail.
ASSERT_FALSE(result);
// Attempt to match again.
ASSERT_EQ(
IB_OK,
ib_operator_inst_execute(
opinst,
rule_exec1.tx,
field2,
NULL,
&result
)
);
// This time we should succeed.
ASSERT_TRUE(result);
// Should be no capture (CAPTURE flag not set for rule 1)
outfield = getTarget1(IB_TX_CAPTURE":0");
ASSERT_FALSE(outfield);
// Create the operator instance.
ASSERT_EQ(
IB_OK,
ib_operator_inst_create(
&opinst,
ib_engine_mm_main_get(ib_engine),
ib_context_main(ib_engine),
op,
IB_OP_CAPABILITY_NONE,
"(string 2)"
)
);
ASSERT_EQ(IB_OK,
ib_capture_acquire(
rule_exec2.tx,
NULL,
&capture));
// Attempt to match again.
ASSERT_EQ(
IB_OK,
ib_operator_inst_execute(
opinst,
rule_exec1.tx,
field2,
capture,
&result
)
);
// This time we should succeed.
ASSERT_TRUE(result);
// Should be a capture (CAPTURE flag is set for rule 2)
outfield = getTarget1(IB_TX_CAPTURE":0");
ASSERT_TRUE(outfield);
}
TEST_F(PcreModuleTest, test_load_module)
{
const ib_operator_t *op;
ASSERT_EQ(IB_OK, ib_operator_lookup(ib_engine, IB_S2SL("pcre"), &op));
}
/* Called when module is loaded. */
static ib_status_t geoip_init(ib_engine_t *ib, ib_module_t *m, void *cbdata)
{
ib_status_t rc;
GeoIP *geoip_db = NULL;
module_data_t *mod_data;
mod_data = ib_mpool_calloc(ib_engine_pool_main_get(ib),
sizeof(*mod_data), 1);
if (mod_data == NULL) {
return IB_EALLOC;
}
ib_log_debug(ib, "Initializing default GeoIP database...");
geoip_db = GeoIP_new(GEOIP_MMAP_CACHE);
if (geoip_db == NULL) {
ib_log_debug(ib, "Failed to initialize GeoIP database.");
return IB_EUNKNOWN;
}
ib_log_debug(ib, "Initializing GeoIP database complete.");
ib_log_debug(ib, "Registering handler...");
/* Store off pointer to our module data structure */
mod_data->geoip_db = geoip_db;
/* And point the generic module data at it */
m->data = mod_data;
rc = ib_hook_tx_register(ib,
handle_context_tx_event,
geoip_lookup,
mod_data);
if (rc != IB_OK) {
ib_log_debug(
ib,
"Failed to register tx hook: %s",
ib_status_to_string(rc));
return rc;
}
ib_log_debug(ib, "Done registering handler.");
rc = ib_var_source_register(
&(mod_data->geoip_source),
ib_engine_var_config_get(ib),
IB_S2SL("GEOIP"),
IB_PHASE_NONE, IB_PHASE_NONE
);
if (rc != IB_OK) {
ib_log_warning(ib,
"GeoIP failed to register \"GEOIP\" var: %s",
ib_status_to_string(rc)
);
/* Continue */
}
if (rc != IB_OK) {
ib_log_debug(ib, "Failed to load GeoIP module.");
return rc;
}
geoip_directive_map[0].cbdata_cb = mod_data;
ib_log_debug(ib, "GeoIP module loaded.");
return IB_OK;
}
///@test Test util field library - ib_field_dyn_register_get()
TEST_F(TestIBUtilField, test_dyn_field)
{
ib_field_t *dynf;
ib_field_t *cdynf;
ib_status_t rc;
const char *fval;
/* Create a field with no initial value. */
rc = ib_field_create_dynamic(
&dynf, MM(),
IB_S2SL("test_dynf"), IB_FTYPE_NULSTR,
dyn_get, (void *)"dynf_get",
dyn_set, (void *)"dynf_set"
);
ASSERT_EQ(IB_OK, rc);
ASSERT_TRUE(dynf);
ASSERT_EQ(9UL, dynf->nlen);
ASSERT_EQ(0, memcmp("test_dynf", dynf->name, 9));
/* Get the value from the dynamic field. */
rc = ib_field_value_ex(dynf,
ib_ftype_nulstr_out(&fval),
(void *)"fetch1", 6
);
ASSERT_EQ(IB_OK, rc);
ASSERT_TRUE(fval);
ASSERT_EQ(
std::string("testval_dynf_get_fetch1_call01"),
fval
);
/* Get the value from the dynamic field again. */
rc = ib_field_value_ex(dynf,
ib_ftype_nulstr_out(&fval),
(void *)"fetch2", 6
);
ASSERT_EQ(IB_OK, rc);
ASSERT_TRUE(fval);
ASSERT_EQ(
std::string("testval_dynf_get_fetch2_call02"),
fval
);
/* Set */
rc = ib_field_setv_ex(dynf, (void *)"val1", (void *)"set1", 4);
ASSERT_EQ(IB_OK, rc);
ASSERT_EQ(std::string("testval_dynf_set_set1_val1_call03"), g_dyn_call_val);
/* Reset call counter. */
g_dyn_call_count = 0;
/* Create another field with no initial value. */
rc = ib_field_create_dynamic(
&cdynf, MM(),
IB_S2SL("test_cdynf"), IB_FTYPE_NULSTR,
dyn_get_cached, (void *)("cdynf_get"),
dyn_set, NULL
);
ASSERT_EQ(IB_OK, rc);
ASSERT_TRUE(cdynf);
ASSERT_EQ(10UL, cdynf->nlen);
ASSERT_EQ(0, memcmp("test_cdynf", cdynf->name, 10));
/* Get the value from the dynamic field. */
rc = ib_field_value_ex(cdynf,
ib_ftype_nulstr_out(&fval),
(void *)"fetch1", 6
);
ASSERT_EQ(IB_OK, rc);
ASSERT_TRUE(fval);
ASSERT_EQ(
std::string("testval_cdynf_get_fetch1_call01"),
fval
);
/* Get the value from the dynamic field again. */
rc = ib_field_value_ex(cdynf,
ib_ftype_nulstr_out(&fval),
NULL, 0
);
ASSERT_EQ(IB_OK, rc);
ASSERT_TRUE(fval);
ASSERT_EQ(
std::string("testval_cdynf_get_fetch1_call01"),
fval
);
}
ConstField get(ConstContext ctx, const char* key)
{
return get(ctx, IB_S2SL(key));
}
/**
* Called to initialize the user agent module (when the module is loaded).
*
* Registers a handler for the request_header_finished_event event.
*
* @param[in,out] ib IronBee object
* @param[in] m Module object
* @param[in] cbdata (unused)
*
* @returns Status code
*/
static ib_status_t modua_init(ib_engine_t *ib, ib_module_t *m, void *cbdata)
{
ib_status_t rc;
modua_match_rule_t *failed_rule;
unsigned int failed_frule_num;
/* Register the user agent callback */
rc = ib_hook_tx_register(ib, request_header_finished_event,
modua_user_agent,
m);
if (rc != IB_OK) {
ib_log_error(ib, "Hook register returned %s", ib_status_to_string(rc));
}
/* Register the remote address callback */
rc = ib_hook_tx_register(ib, request_header_finished_event,
modua_remoteip,
m);
if (rc != IB_OK) {
ib_log_error(ib, "Hook register returned %s", ib_status_to_string(rc));
}
/* Initializations */
rc = modua_ruleset_init(&failed_rule, &failed_frule_num);
if (rc != IB_OK) {
ib_log_error(ib,
"User agent rule initialization failed"
" on rule %s field rule #%d: %s",
failed_rule->label, failed_frule_num, ib_status_to_string(rc));
}
/* Get the rules */
modua_match_ruleset = modua_ruleset_get( );
if (modua_match_ruleset == NULL) {
ib_log_error(ib, "Failed to get user agent rule list: %s", ib_status_to_string(rc));
return rc;
}
ib_log_debug(ib,
"Found %d match rules",
modua_match_ruleset->num_rules);
rc = ib_var_source_register(
NULL,
ib_engine_var_config_get(ib),
IB_S2SL("remote_addr"),
IB_PHASE_NONE, IB_PHASE_NONE
);
if (rc != IB_OK && rc != IB_EEXIST) {
ib_log_warning(ib,
"User agent failed to register \"remote_addr\": %s",
ib_status_to_string(rc)
);
/* Continue. */
}
rc = ib_var_source_register(
NULL,
ib_engine_var_config_get(ib),
IB_S2SL("UA"),
IB_PHASE_NONE, IB_PHASE_NONE
);
if (rc != IB_OK) {
ib_log_warning(ib,
"User agent failed to register \"UA\": %s",
ib_status_to_string(rc)
);
/* Continue. */
}
rc = ib_hook_context_register(ib, context_close_event,
modua_ctx_close, m);
if (rc != IB_OK) {
ib_log_error(ib,
"Could not register context close hook: %s",
ib_status_to_string(rc));
return rc;
}
return IB_OK;
}
/**
* Called at context close. Initialized user-agent target.
*
* @param[in] ib Engine
* @param[in] ctx Context
* @param[in] event Event triggering the callback
* @param[in] cbdata Callback data (module).
*
* @returns Status code
*/
static
ib_status_t modua_ctx_close(
ib_engine_t *ib,
ib_context_t *ctx,
ib_state_event_type_t event,
void *cbdata
)
{
ib_module_t *m = (ib_module_t *)cbdata;
if (ib_context_type(ctx) == IB_CTYPE_MAIN) {
modua_config_t *cfg;
ib_var_target_t *target;
ib_status_t rc;
rc = ib_context_module_config(ctx, m, &cfg);
if (rc != IB_OK) {
ib_log_error(ib, "Can't fetch configuration: %s",
ib_status_to_string(rc));
return rc;
}
rc = ib_var_target_acquire_from_string(
&target,
ib_engine_pool_main_get(ib),
ib_engine_var_config_get(ib),
IB_S2SL("request_headers:User-Agent"),
NULL, NULL
);
if (rc != IB_OK) {
ib_log_error(ib,
"Error acquiring target for User-Agent header: %s",
ib_status_to_string(rc));
return rc;
}
cfg->user_agent = target;
rc = ib_var_target_acquire_from_string(
&target,
ib_engine_pool_main_get(ib),
ib_engine_var_config_get(ib),
IB_S2SL("request_headers:X-Forwarded-For"),
NULL, NULL
);
if (rc != IB_OK) {
ib_log_error(ib,
"Error acquiring target for X-Forwarded-For header: %s",
ib_status_to_string(rc));
return rc;
}
cfg->forwarded_for = target;
rc = ib_var_source_acquire(
&(cfg->remote_addr),
ib_engine_pool_main_get(ib),
ib_engine_var_config_get(ib),
IB_S2SL("remote_addr")
);
if (rc != IB_OK) {
ib_log_error(ib,
"Error acquiring source for remote_addr"
" header: %s",
ib_status_to_string(rc));
return rc;
}
}
return IB_OK;
}
/**
* Parse the user agent header, splitting into component fields.
*
* Attempt to tokenize the user agent string passed in, storing the
* result in the DPI associated with the transaction.
*
* @param[in] ib IronBee object
* @param[in,out] tx Transaction object
* @param[in] bs Byte string containing the agent string
*
* @returns Status code
*/
static ib_status_t modua_agent_fields(ib_engine_t *ib,
ib_tx_t *tx,
const ib_bytestr_t *bs)
{
const modua_match_rule_t *rule = NULL;
ib_field_t *agent_list = NULL;
char *product = NULL;
char *platform = NULL;
char *extra = NULL;
char *agent;
char *buf;
size_t len;
ib_status_t rc;
ib_var_source_t *source;
/* Get the length of the byte string */
len = ib_bytestr_length(bs);
/* Allocate memory for a copy of the string to split up below. */
buf = (char *)ib_mpool_calloc(tx->mp, 1, len+1);
if (buf == NULL) {
ib_log_error_tx(tx,
"Failed to allocate %zd bytes for agent string",
len+1);
return IB_EALLOC;
}
/* Copy the string out */
memcpy(buf, ib_bytestr_const_ptr(bs), len);
buf[len] = '\0';
ib_log_debug_tx(tx, "Found user agent: '%s'", buf);
/* Copy the agent string */
agent = (char *)ib_mpool_strdup(tx->mp, buf);
if (agent == NULL) {
ib_log_error_tx(tx, "Failed to allocate copy of agent string");
return IB_EALLOC;
}
/* Parse the user agent string */
rc = modua_parse_uastring(buf, &product, &platform, &extra);
if (rc != IB_OK) {
ib_log_debug_tx(tx, "Failed to parse User Agent string '%s'", agent);
return IB_OK;
}
/* Categorize the parsed string */
rule = modua_match_cat_rules(product, platform, extra);
if (rule == NULL) {
ib_log_debug_tx(tx, "No rule matched" );
}
else {
ib_log_debug_tx(tx, "Matched to rule #%d / category '%s'",
rule->rule_num, rule->category );
}
/* Build a new list. */
rc = ib_var_source_acquire(
&source, tx->mp, ib_engine_var_config_get(ib), IB_S2SL("UA")
);
if (rc != IB_OK) {
ib_log_alert_tx(tx, "Unable to acquire source for UserAgent list.");
return rc;
}
rc = ib_var_source_initialize(
source, &agent_list, tx->var_store, IB_FTYPE_LIST
);
if (rc != IB_OK)
{
ib_log_alert_tx(tx, "Unable to add UserAgent list to DPI.");
return rc;
}
/* Store Agent */
rc = modua_store_field(ib, tx->mp, agent_list, "agent", agent);
if (rc != IB_OK) {
return rc;
}
/* Store product */
rc = modua_store_field(ib, tx->mp, agent_list, "PRODUCT", product);
if (rc != IB_OK) {
return rc;
}
/* Store Platform */
rc = modua_store_field(ib, tx->mp, agent_list, "OS", platform);
if (rc != IB_OK) {
return rc;
}
/* Store Extra */
rc = modua_store_field(ib, tx->mp, agent_list, "extra", extra);
if (rc != IB_OK) {
return rc;
}
/* Store Extra */
if (rule != NULL) {
rc = modua_store_field(ib, tx->mp, agent_list,
"category", rule->category);
}
else {
rc = modua_store_field(ib, tx->mp, agent_list, "category", NULL );
}
if (rc != IB_OK) {
return rc;
}
/* Done */
return IB_OK;
}
static
ib_status_t sqli_op_execute(
ib_tx_t *tx,
const ib_field_t *field,
ib_field_t *capture,
ib_num_t *result,
void *instance_data,
void *cbdata
)
{
assert(tx != NULL);
assert(field != NULL);
assert(result != NULL);
const sqli_fingerprint_set_t *ps = (const sqli_fingerprint_set_t *)instance_data;
sfilter sf;
ib_bytestr_t *bs;
ib_status_t rc;
sqli_callback_data_t callback_data;
*result = 0;
/* Currently only bytestring types are supported.
* Other types will just get passed through. */
if (field->type != IB_FTYPE_BYTESTR) {
return IB_OK;
}
rc = ib_field_value(field, ib_ftype_bytestr_mutable_out(&bs));
if (rc != IB_OK) {
return rc;
}
/* Run through libinjection. */
libinjection_sqli_init(
&sf,
(const char *)ib_bytestr_const_ptr(bs),
ib_bytestr_length(bs),
FLAG_NONE
);
callback_data.confidence = 0;
callback_data.fingerprint_set = NULL;
if (ps != NULL) {
callback_data.fingerprint_set = ps;
libinjection_sqli_callback(&sf, sqli_lookup_word, (void *)&callback_data);
}
if (libinjection_is_sqli(&sf)) {
ib_log_debug_tx(tx, "Matched SQLi fingerprint: %s", sf.fingerprint);
*result = 1;
}
if (*result == 1 && capture != NULL) {
{
ib_field_t *fingerprint_field;
size_t fingerprint_length = strlen(sf.fingerprint);
const uint8_t *fingerprint;
fingerprint = ib_mm_memdup(
tx->mm,
sf.fingerprint, fingerprint_length
);
if (fingerprint == NULL) {
return IB_EALLOC;
}
rc = ib_field_create_bytestr_alias(
&fingerprint_field,
tx->mm,
IB_S2SL("fingerprint"),
fingerprint, fingerprint_length
);
if (rc != IB_OK) {
return rc;
}
rc = ib_field_list_add(capture, fingerprint_field);
if (rc != IB_OK) {
return rc;
}
}
{
ib_field_t *confidence_field;
rc = ib_field_create(
&confidence_field,
tx->mm,
IB_S2SL("confidence"),
IB_FTYPE_NUM,
ib_ftype_num_in(&callback_data.confidence)
);
if (rc != IB_OK) {
return rc;
}
rc = ib_field_list_add(capture, confidence_field);
if (rc != IB_OK) {
return rc;
}
}
}
return IB_OK;
}
