modsecurity: body filter module (closes owasp-modsecurity#84)

Author: pracj3am

config

@@ -110,7 +110,7 @@ if test -n "$ngx_module_link"; then
 	ngx_module_type=HTTP_FILTER
 	ngx_module_name="$ngx_addon_name"
 	ngx_module_srcs="$ngx_addon_dir/src/ngx_http_modsecurity_module.c \
-            $ngx_addon_dir/src/ngx_http_modsecurity_pre_access.c \
+            $ngx_addon_dir/src/ngx_http_modsecurity_request_body_filter.c \
             $ngx_addon_dir/src/ngx_http_modsecurity_header_filter.c \
             $ngx_addon_dir/src/ngx_http_modsecurity_log.c \
             $ngx_addon_dir/src/ngx_http_modsecurity_rewrite.c \
@@ -140,7 +140,7 @@ else
 	NGX_ADDON_SRCS="\
 	    $NGX_ADDON_SRCS \
 	    $ngx_addon_dir/src/ngx_http_modsecurity_module.c \
-	    $ngx_addon_dir/src/ngx_http_modsecurity_pre_access.c \
+	    $ngx_addon_dir/src/ngx_http_modsecurity_request_body_filter.c \
 	    $ngx_addon_dir/src/ngx_http_modsecurity_header_filter.c \
 	    $ngx_addon_dir/src/ngx_http_modsecurity_log.c \
 	    $ngx_addon_dir/src/ngx_http_modsecurity_rewrite.c \

src/ngx_http_modsecurity_common.h

@@ -75,11 +75,8 @@
 typedef struct {
     Transaction *modsec_transaction;
 
-    unsigned waiting_more_body:1;
-    unsigned body_requested:1;
     unsigned logged:1;
     unsigned intervention_triggered:1;
-    unsigned pre_access_processed:1;
 } ngx_http_modsecurity_ctx_t;
 
 
@@ -119,8 +116,7 @@ void ngx_http_modsecurity_header_filter_init(void);
 void ngx_http_modsecurity_log(void *log, const void* data);
 ngx_int_t ngx_http_modsecurity_log_handler(ngx_http_request_t *r);
 
-/* ngx_http_modsecurity_pre_access.c */
-ngx_int_t ngx_http_modsecurity_pre_access_handler(ngx_http_request_t *r);
+void ngx_http_modsecurity_request_body_filter_init(void);
 
 /* ngx_http_modsecurity_rewrite.c */
 ngx_int_t ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r);

src/ngx_http_modsecurity_module.c

@@ -541,19 +541,13 @@ ngx_http_modsecurity_init(ngx_conf_t *cf)
 
     *h = ngx_http_modsecurity_rewrite_handler;
 
-    h = ngx_array_push(&cmcf->phases[NGX_HTTP_PREACCESS_PHASE].handlers);
-    if (h == NULL) {
-        return NGX_ERROR;
-    }
-
-    *h = ngx_http_modsecurity_pre_access_handler;
-
     h = ngx_array_push(&cmcf->phases[NGX_HTTP_LOG_PHASE].handlers);
     if (h == NULL) {
         return NGX_ERROR;
     }
     *h = ngx_http_modsecurity_log_handler;
 
+    ngx_http_modsecurity_request_body_filter_init();
     ngx_http_modsecurity_header_filter_init();
 
     return NGX_OK;

src/ngx_http_modsecurity_pre_access.c

@@ -0,0 +1,99 @@
+/*
+ * ModSecurity connector for nginx, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#ifndef MODSECURITY_DDEBUG
+#define MODSECURITY_DDEBUG 0
+#endif
+#include "ddebug.h"
+
+#include "ngx_http_modsecurity_common.h"
+
+
+static ngx_int_t ngx_http_modsecurity_request_body_filter(
+   ngx_http_request_t *r, ngx_chain_t *in);
+
+
+static ngx_http_request_body_filter_pt   ngx_http_next_request_body_filter;
+
+
+void
+ngx_http_modsecurity_request_body_filter_init(void)
+{
+    ngx_http_next_request_body_filter = ngx_http_top_request_body_filter;
+    ngx_http_top_request_body_filter = ngx_http_modsecurity_request_body_filter;
+}
+
+
+static ngx_int_t
+ngx_http_modsecurity_request_body_filter(ngx_http_request_t *r, ngx_chain_t *in)
+{
+    ngx_int_t                    rc, rcms;
+    ngx_pool_t                  *old_pool;
+    ngx_uint_t                   last;
+    ngx_http_modsecurity_ctx_t  *ctx;
+
+    if (r != r->main || r->internal) {
+        return NGX_DECLINED;
+    }
+
+    ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);
+
+    if (ctx == NULL) {
+        // module is off
+        return ngx_http_next_request_body_filter(r, in);
+    }
+
+    rc = ngx_http_next_request_body_filter(r, in);
+
+    last = 0;
+
+    while (in) {
+        if (in->buf->last_buf) {
+            last = 1;
+        }
+
+        msc_append_request_body(ctx->modsec_transaction,
+                                in->buf->pos,
+                                in->buf->last - in->buf->pos);
+
+        /**
+         * ModSecurity may perform stream inspection on this buffer,
+         * it may ask for a intervention in consequence of that.
+         *
+         */
+        rcms = ngx_http_modsecurity_process_intervention(
+                                                 ctx->modsec_transaction, r, 0);
+        if (rcms > 0) {
+            return rcms;
+        }
+
+        in = in->next;
+    }
+
+    if (last) {
+        old_pool = ngx_http_modsecurity_pcre_malloc_init(r->pool);
+        msc_process_request_body(ctx->modsec_transaction);
+        ngx_http_modsecurity_pcre_malloc_done(old_pool);
+
+        rcms = ngx_http_modsecurity_process_intervention(
+                                                 ctx->modsec_transaction, r, 0);
+        if (rcms > 0) {
+            return rcms;
+        }
+    }
+
+    return rc;
+}
+