blob: 529e0d1fdef928aed5152a96d6dbfd2807931782 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
//
// Created by luqiu on 2018-5-15.
//
#ifndef TFE_HTTPSCAN_H
#define TFE_HTTPSCAN_H
#include <Maat_rule.h>
#include "opts.h"
#include "httpaction.h"
/* Forward Declare */
class HttpScanSession;
class HttpScan;
class HttpSession;
/* HttpScan Module Init/Deinit */
class HttpScan : public std::enable_shared_from_this<HttpScan>
{
public:
HttpScan(struct tfe_instance * instance, struct tfe_config *config);
~HttpScan() = default;
void handlerConnectionCreate(HttpConnection & ct);
void handlerConnectionClose(HttpConnection & ct);
/* Table Symbols */
protected:
/* Global Instance */
tfe_instance * tfe_instance;
/* Global Config */
tfe_config * tfe_config;
/* Maat扫描句柄 */
Maat_feather_t maat_feather_ref;
/* 控制编译表ID */
int table_id_ctrl_compile;
/* IP配置表ID */
int table_id_ctrl_ip;
/* URL配置表ID */
int table_id_ctrl_http_url;
/* HTTP请求头部配置表ID */
int table_id_ctrl_http_req_hdr;
/* HTTP请求体配置表ID */
int table_id_ctrl_http_req_body;
/* HTTP应答头部配置表ID */
int table_id_ctrl_http_res_hdr;
/* HTTP应答体配置表ID */
int table_id_ctrl_http_res_body;
/* IP白名单扫描 */
int connection_bypass_scan();
int connection_bypass_do_action();
friend HttpScanSession;
};
/* Httpscan Ctx per HTTP Session */
class HttpScanSession
{
public:
explicit HttpScanSession(const HttpScan & httpscan_module);
~HttpScanSession();
/* HTTP请求、应答扫描 */
void ScanRequestHeader(HttpSession *http_session_ctx);
void ScanRequestBody(HttpSession *http_session_ctx);
void ScanResponseHeader(HttpSession *http_session_ctx);
void ScanResponseBody(HttpSession *http_session_ctx);
private:
void hit_config_and_do_action(HttpSession *http_session_ctx);
void hit_scan_error();
/* 最大命中结果数量 */
static constexpr int MAAT_SCAN_RESULT_ = 4;
/* 默认内容编码 */
static constexpr auto MAAT_DEFAULT_CHARSET_ = CHARSET_GBK;
/* HTTPSCAN Module句柄引用 */
const HttpScan & httpscan_module_ref_;
/* 扫描中间句柄 */
scan_status_t maat_scan_mid_{nullptr};
/* 扫描命中结果 */
Maat_rule_t maat_scan_result_[MAAT_SCAN_RESULT_];
/* 扫描命中数量 */
int nr_maat_scan_result_{0};
/* 命中结果后,重新调用上层的处理函数 */
bool need_to_recall_event_cb_{false};
};
#endif //TFE_HTTPSCAN_H
|
