1 /*
2  * ModSecurity, http://www.modsecurity.org/
3  * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
4  *
5  * You may not use this file except in compliance with
6  * the License.  You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * If any of the files related to licensing are missing or if you have any
11  * other questions related to licensing please contact Trustwave Holdings, Inc.
12  * directly using the email address security@modsecurity.org.
13  *
14  */
15 
16 #ifndef SRC_OPERATORS_RBL_H_
17 #define SRC_OPERATORS_RBL_H_
18 
19 #include <sys/types.h>
20 #include <sys/socket.h>
21 #include <netdb.h>
22 #include <netinet/in.h>
23 #include <arpa/inet.h>
24 
25 #include <string>
26 #include <memory>
27 #include <utility>
28 
29 #include "src/operators/operator.h"
30 
31 
32 namespace modsecurity {
33 namespace operators {
34 
35 class Rbl : public Operator {
36  public:
37     /**
38      *
39      */
40     enum RblProvider {
41         /**
42          * UnknownProvider
43          *
44          */
45         UnknownProvider,
46         /**
47          * httpbl.org
48          *
49          */
50         httpbl,
51         /**
52          * uribl.com
53          *
54          */
55         uribl,
56         /**
57          * spamhaus.org
58          *
59          */
60         spamhaus,
61     };
62 
63     /** @ingroup ModSecurity_Operator */
Rbl(std::unique_ptr<RunTimeString> param)64     explicit Rbl(std::unique_ptr<RunTimeString> param)
65         : m_service(),
66         m_demandsPassword(false),
67         m_provider(RblProvider::UnknownProvider),
68         Operator("Rbl", std::move(param)) {
69             m_service = m_string->evaluate();
70             if (m_service.find("httpbl.org") != std::string::npos) {
71                 m_demandsPassword = true;
72                 m_provider = RblProvider::httpbl;
73             } else if (m_service.find("uribl.com") != std::string::npos) {
74                 m_provider = RblProvider::httpbl;
75             } else if (m_service.find("spamhaus.org") != std::string::npos) {
76                 m_provider = RblProvider::httpbl;
77             }
78         }
79     bool evaluate(Transaction *transaction, RuleWithActions *rule,
80         const std::string& input,
81         std::shared_ptr<RuleMessage> ruleMessage) override;
82 
83     std::string mapIpToAddress(const std::string &ipStr, Transaction *trans) const;
84 
85     static void futherInfo_httpbl(struct sockaddr_in *sin, const std::string &ipStr,
86         Transaction *trans);
87     static void futherInfo_spamhaus(unsigned int high8bits, const std::string &ipStr,
88         Transaction *trans);
89     static void futherInfo_uribl(unsigned int high8bits, const std::string &ipStr,
90         Transaction *trans);
91     static void furtherInfo(struct sockaddr_in *sin, const std::string &ipStr,
92         Transaction *trans, RblProvider provider);
93 
94  private:
95     std::string m_service;
96     bool m_demandsPassword;
97     RblProvider m_provider;
98 };
99 
100 }  // namespace operators
101 }  // namespace modsecurity
102 
103 
104 #endif  // SRC_OPERATORS_RBL_H_
105