1 /*
2 * ModSecurity for Apache 2.x, http://www.modsecurity.org/
3 * Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
4 *
5 * You may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * If any of the files related to licensing are missing or if you have any
11 * other questions related to licensing please contact Trustwave Holdings, Inc.
12 * directly using the email address security@modsecurity.org.
13 */
14
15 /* This is just an example on how to make an extension to allow custom
16 * request body parsing. This just describes how to do this externally
17 * and you should look more at on e of the internal parsers to see
18 * the full potential.
19 *
20 * This module defines "EXAMPLE" and can be enabled with a rule like this:
21 *
22 * SecAction "phase:1,pass,nolog,ctl:requestBodyProcessor=EXAMPLE"
23 *
24 * See these for real parsers:
25 * msc_reqbody.c
26 * msc_multipart.c
27 * msc_xml.c
28 */
29
30 #include "httpd.h"
31 #include "http_core.h"
32 #include "http_config.h"
33 #include "http_log.h"
34 #include "http_protocol.h"
35 #include "ap_config.h"
36 #include "apr_optional.h"
37
38 #include "modsecurity.h"
39
40 typedef struct example_ctx {
41 unsigned long length;
42 } example_ctx;
43
44 /**
45 * This function will be invoked to initialize the processor. This is
46 * probably only needed for streaming parsers that must create a context.
47 */
example_init(modsec_rec * msr,char ** error_msg)48 static int example_init(modsec_rec *msr, char **error_msg)
49 {
50 if (error_msg == NULL) return -1;
51 *error_msg = NULL;
52
53 ap_log_error(APLOG_MARK, APLOG_INFO | APLOG_NOERRNO, 0, NULL,
54 "mod_reqbody_example: init()");
55
56 msr->reqbody_processor_ctx = apr_pcalloc(msr->mp, sizeof(example_ctx));
57 if (msr->reqbody_processor_ctx == NULL) {
58 /* Set error message and return -1 if unsuccessful */
59 *error_msg = apr_pstrdup(msr->mp, "failed to create example requbody processor context");
60 return -1;
61 }
62
63 /* Return 1 on success */
64 return 1;
65 }
66
67 /**
68 * This function will be invoked whenever the ModSecurity has data to
69 * be processed. You probably at least need to increment the no_files
70 * length, but otherwise this is only useful for a streaming parser.
71 */
example_process(modsec_rec * msr,const char * buf,unsigned int size,char ** error_msg)72 static int example_process(modsec_rec *msr,
73 const char *buf, unsigned int size, char **error_msg)
74 {
75 example_ctx *ctx = (example_ctx *)msr->reqbody_processor_ctx;
76
77 if (error_msg == NULL) return -1;
78 *error_msg = NULL;
79
80 ap_log_error(APLOG_MARK, APLOG_INFO | APLOG_NOERRNO, 0, NULL,
81 "mod_reqbody_example: process()");
82
83 /* Need to increment the no_files length if this is not an uploaded file.
84 * Failing to do this will mess up some other limit checks.
85 */
86 msr->msc_reqbody_no_files_length += size;
87
88 /* Check for an existing context and do something interesting
89 * with the chunk of data we have been given.
90 */
91 if (ctx != NULL) {
92 ctx->length += size;
93 }
94
95 /* Return 1 on success */
96 return 1;
97 }
98
99 /**
100 * This function is called to signal the parser that the request body is
101 * complete. Here you should do any final parsing. For non-streaming parsers
102 * you can parse the data in msr->msc_reqbody_buffer of length
103 * msr->msc_reqbody_length. See modsecurity_request_body_end_urlencoded() in
104 * msc_reqbody.c for an example of this.
105 */
example_complete(modsec_rec * msr,char ** error_msg)106 static int example_complete(modsec_rec *msr, char **error_msg)
107 {
108 example_ctx *ctx = (example_ctx *)msr->reqbody_processor_ctx;
109
110 if (error_msg == NULL) return -1;
111 *error_msg = NULL;
112
113 ap_log_error(APLOG_MARK, APLOG_INFO | APLOG_NOERRNO, 0, NULL,
114 "mod_reqbody_example: complete()");
115
116 ap_log_error(APLOG_MARK, APLOG_INFO | APLOG_NOERRNO, 0, NULL,
117 "mod_reqbody_example: request body length=%lu", ctx->length);
118
119 /* Return 1 on success */
120 return 1;
121 }
122
hook_pre_config(apr_pool_t * mp,apr_pool_t * mp_log,apr_pool_t * mp_temp)123 static int hook_pre_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_temp) {
124
125 void (*fn)(const char *name,
126 void *fn_init, void *fn_process, void *fn_complete);
127
128 /* Look for the registration function exported by ModSecurity. */
129 fn = APR_RETRIEVE_OPTIONAL_FN(modsec_register_reqbody_processor);
130 if (fn) {
131 /* Use it to register our new request body parser functions under
132 * the name "EXAMPLE".
133 */
134 fn("EXAMPLE",
135 (void *)example_init,
136 (void *)example_process,
137 (void *)example_complete);
138 }
139 else {
140 ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, 0, NULL,
141 "mod_reqbody_example: Unable to find modsec_register_reqbody_processor.");
142 }
143
144 return OK;
145 }
146
147 /* This is a function to register another function to be called during
148 * the Apache configuration process.
149 */
register_hooks(apr_pool_t * p)150 static void register_hooks(apr_pool_t *p) {
151 ap_hook_pre_config(hook_pre_config, NULL, NULL, APR_HOOK_LAST);
152 }
153
154 /* Dispatch list for API hooks */
155 module AP_MODULE_DECLARE_DATA reqbody_example_module = {
156 STANDARD20_MODULE_STUFF,
157 NULL, /* create per-dir config structures */
158 NULL, /* merge per-dir config structures */
159 NULL, /* create per-server config structures */
160 NULL, /* merge per-server config structures */
161 NULL, /* table of config file commands */
162 register_hooks /* register hooks */
163 };
164
165