1 /* 2 * ModSecurity, http://www.modsecurity.org/ 3 * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/) 4 * 5 * You may not use this file except in compliance with 6 * the License. You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * If any of the files related to licensing are missing or if you have any 11 * other questions related to licensing please contact Trustwave Holdings, Inc. 12 * directly using the email address security@modsecurity.org. 13 * 14 */ 15 16 #ifndef SRC_OPERATORS_RBL_H_ 17 #define SRC_OPERATORS_RBL_H_ 18 19 #include <sys/types.h> 20 #include <sys/socket.h> 21 #include <netdb.h> 22 #include <netinet/in.h> 23 #include <arpa/inet.h> 24 25 #include <string> 26 #include <memory> 27 #include <utility> 28 29 #include "src/operators/operator.h" 30 31 32 namespace modsecurity { 33 namespace operators { 34 35 class Rbl : public Operator { 36 public: 37 /** 38 * 39 */ 40 enum RblProvider { 41 /** 42 * UnknownProvider 43 * 44 */ 45 UnknownProvider, 46 /** 47 * httpbl.org 48 * 49 */ 50 httpbl, 51 /** 52 * uribl.com 53 * 54 */ 55 uribl, 56 /** 57 * spamhaus.org 58 * 59 */ 60 spamhaus, 61 }; 62 63 /** @ingroup ModSecurity_Operator */ Rbl(std::unique_ptr<RunTimeString> param)64 explicit Rbl(std::unique_ptr<RunTimeString> param) 65 : m_service(), 66 m_demandsPassword(false), 67 m_provider(RblProvider::UnknownProvider), 68 Operator("Rbl", std::move(param)) { 69 m_service = m_string->evaluate(); 70 if (m_service.find("httpbl.org") != std::string::npos) { 71 m_demandsPassword = true; 72 m_provider = RblProvider::httpbl; 73 } else if (m_service.find("uribl.com") != std::string::npos) { 74 m_provider = RblProvider::httpbl; 75 } else if (m_service.find("spamhaus.org") != std::string::npos) { 76 m_provider = RblProvider::httpbl; 77 } 78 } 79 bool evaluate(Transaction *transaction, RuleWithActions *rule, 80 const std::string& input, 81 std::shared_ptr<RuleMessage> ruleMessage) override; 82 83 std::string mapIpToAddress(const std::string &ipStr, Transaction *trans) const; 84 85 static void futherInfo_httpbl(struct sockaddr_in *sin, const std::string &ipStr, 86 Transaction *trans); 87 static void futherInfo_spamhaus(unsigned int high8bits, const std::string &ipStr, 88 Transaction *trans); 89 static void futherInfo_uribl(unsigned int high8bits, const std::string &ipStr, 90 Transaction *trans); 91 static void furtherInfo(struct sockaddr_in *sin, const std::string &ipStr, 92 Transaction *trans, RblProvider provider); 93 94 private: 95 std::string m_service; 96 bool m_demandsPassword; 97 RblProvider m_provider; 98 }; 99 100 } // namespace operators 101 } // namespace modsecurity 102 103 104 #endif // SRC_OPERATORS_RBL_H_ 105