1 //--------------------------------------------------------------------------
2 // Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
3 //
4 // This program is free software; you can redistribute it and/or modify it
5 // under the terms of the GNU General Public License Version 2 as published
6 // by the Free Software Foundation.  You may not use, modify or distribute
7 // this program under any other version of the GNU General Public License.
8 //
9 // This program is distributed in the hope that it will be useful, but
10 // WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12 // General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License along
15 // with this program; if not, write to the Free Software Foundation, Inc.,
16 // 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
17 //--------------------------------------------------------------------------
18 // shell.h author Russ Combs <rucombs@cisco.com>
19 
20 #ifndef SHELL_H
21 #define SHELL_H
22 
23 // Shell encapsulates a Lua state.  There is one for each policy file.
24 
25 #include <list>
26 #include <set>
27 #include <stack>
28 #include <string>
29 
30 #include "dump_config/config_data.h"
31 #include "framework/parameter.h"
32 
33 struct lua_State;
34 
35 class BaseConfigNode;
36 class ConfigOutput;
37 
38 namespace snort
39 {
40 struct SnortConfig;
41 class Value;
42 }
43 
44 class Shell
45 {
46 public:
47     typedef std::set<std::string> Allowlist;
48 
49     Shell(const char* file = nullptr, bool load_defaults = false);
50     ~Shell();
51 
52     void set_file(const char*);
53     void set_overrides(const char*);
54     void set_overrides(Shell*);
55 
56     bool configure(snort::SnortConfig*, bool is_root = false);
57     void install(const char*, const struct luaL_Reg*);
58     void execute(const char*, std::string&);
59 
get_file()60     const char* get_file() const
61     { return file.c_str(); }
62 
get_from()63     const char* get_from() const
64     { return parse_from.c_str(); }
65 
get_loaded()66     bool get_loaded() const
67     { return loaded; }
68 
get_lua()69     lua_State* get_lua() const
70     { return lua; }
71 
72 public:
73     static bool is_trusted(const std::string& key);
74     static void allowlist_append(const char* keyword, bool is_prefix);
75 
76     static void config_open_table(bool is_root_node, bool is_list, int idx,
77         const std::string& table_name, const snort::Parameter* p);
78     static void set_config_value(const std::string& fqn, const snort::Value& value);
79     static void add_config_child_node(const std::string& node_name, snort::Parameter::Type type,
80         bool is_root_list_item);
81     static void update_current_config_node(const std::string& node_name = "");
82     static void config_close_table();
83     static void set_config_output(ConfigOutput* config_output);
84     static void clear_config_output();
85 
set_lua_sandbox(const char * s)86     static void set_lua_sandbox(const char* s)
87     { lua_sandbox = s; }
88 
89 private:
90     static void add_config_root_node(const std::string& root_name, snort::Parameter::Type type);
91 
92 private:
93     [[noreturn]] static int panic(lua_State*);
94     static Shell* get_current_shell();
95 
96 private:
97     static std::string fatal;
98     static std::stack<Shell*> current_shells;
99     static ConfigOutput* s_config_output;
100     static BaseConfigNode* s_current_node;
101     static bool s_close_table;
102     static std::string lua_sandbox;
103 
104 private:
clear_allowlist()105     void clear_allowlist()
106     {
107         allowlist.clear();
108         internal_allowlist.clear();
109         allowlist_prefixes.clear();
110     }
111 
get_allowlist()112     const Allowlist& get_allowlist() const
113     { return allowlist; }
114 
get_internal_allowlist()115     const Allowlist& get_internal_allowlist() const
116     { return internal_allowlist; }
117 
get_allowlist_prefixes()118     const Allowlist& get_allowlist_prefixes() const
119     { return allowlist_prefixes; }
120 
121     void print_allowlist() const;
122     void allowlist_update(const char* keyword, bool is_prefix);
123 
124     bool load_lua_sandbox();
125     bool set_sandbox_env();
126     bool load_string(const char* s, bool load_in_sandbox, const char* message);
127     bool load_config(const char* file, bool load_in_sandbox);
128 
129 private:
130     bool loaded;
131     bool bootstrapped = false;
132     lua_State* lua;
133     std::string file;
134     std::string parse_from;
135     std::string overrides;
136     Allowlist allowlist;
137     Allowlist internal_allowlist;
138     Allowlist allowlist_prefixes;
139     ConfigData config_data;
140     bool load_defaults;
141 };
142 
143 #endif
144 
145