Implements ipMatchFromDataset, parsing for ipMatchFromFile (#363)

* Adds ipMatchFromFile parsing Signed-off-by: Matteo Pace <[email protected]> * Implements ipMatchFromDataset Signed-off-by: Matteo Pace <[email protected]> * Removes misleading comments Signed-off-by: Matteo Pace <[email protected]> * Adds test IpMatch with EmptyDataset * chore: Interfaces assertions * Registers ipMatchFromDataset operator Signed-off-by: Matteo Pace <[email protected]> Signed-off-by: Matteo Pace <[email protected]>
corazawaf · Aug 26, 2022 · 75e8217 · 75e8217
1 parent b04e185
commit 75e8217
Show file tree

Hide file tree

Showing 6 changed files with 110 additions and 4 deletions.
diff --git a/operators/ip_match_from_dataset.go b/operators/ip_match_from_dataset.go
@@ -0,0 +1,38 @@
+// Copyright 2022 Juan Pablo Tosso and the OWASP Coraza contributors
+// SPDX-License-Identifier: Apache-2.0
+
+package operators
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/corazawaf/coraza/v3"
+	engine "github.com/corazawaf/coraza/v3"
+)
+
+type ipMatchFromDataset struct {
+	ip *ipMatch
+}
+
+func (o *ipMatchFromDataset) Init(options coraza.RuleOperatorOptions) error {
+	data := options.Arguments
+	dataset, ok := options.Datasets[data]
+	if !ok || len(dataset) == 0 {
+		return fmt.Errorf("Dataset %q not found", data)
+	}
+
+	datasetParsed := strings.Join(dataset, ",")
+
+	o.ip = &ipMatch{}
+	opts := coraza.RuleOperatorOptions{
+		Arguments: datasetParsed,
+	}
+	return o.ip.Init(opts)
+}
+
+func (o *ipMatchFromDataset) Evaluate(tx *engine.Transaction, value string) bool {
+	return o.ip.Evaluate(tx, value)
+}
+
+var _ coraza.RuleOperator = (*ipMatchFromDataset)(nil)
diff --git a/operators/ip_match_from_dataset_test.go b/operators/ip_match_from_dataset_test.go
@@ -0,0 +1,52 @@
+// Copyright 2022 Juan Pablo Tosso and the OWASP Coraza contributors
+// SPDX-License-Identifier: Apache-2.0
+
+package operators
+
+import (
+	_ "fmt"
+	"testing"
+
+	"github.com/corazawaf/coraza/v3"
+)
+
+func TestIpMatchFromDataset(t *testing.T) {
+	addrok := []string{"127.0.0.1", "192.168.0.1", "192.168.0.253"}
+	addrfail := []string{"127.0.0.2", "192.168.1.1"}
+
+	ipm := &ipMatchFromDataset{}
+	opts := coraza.RuleOperatorOptions{
+		Arguments: "test_1",
+		Datasets: map[string][]string{
+			"test_1": {"127.0.0.1", "192.168.0.0/24"},
+		},
+	}
+
+	if err := ipm.Init(opts); err != nil {
+		t.Error("Cannot init ipmatchfromfile operator")
+	}
+	for _, ok := range addrok {
+		if !ipm.Evaluate(nil, ok) {
+			t.Errorf("Invalid result for single CIDR IpMatchFromDataset " + ok)
+		}
+	}
+
+	for _, fail := range addrfail {
+		if ipm.Evaluate(nil, fail) {
+			t.Errorf("Invalid result for single CIDR IpMatchFromDataset" + fail)
+		}
+	}
+}
+
+func TestIpMatchFromEmptyDataset(t *testing.T) {
+	ipm := &ipMatchFromDataset{}
+	opts := coraza.RuleOperatorOptions{
+		Arguments: "test_1",
+		Datasets: map[string][]string{
+			"test_1": {},
+		},
+	}
+	if err := ipm.Init(opts); err == nil {
+		t.Error("Empty dataset not checked")
+	}
+}
diff --git a/operators/ip_match_from_file.go b/operators/ip_match_from_file.go
@@ -4,6 +4,7 @@
 package operators
 
 import (
+	"bufio"
 	"strings"
 
 	"github.com/corazawaf/coraza/v3"
@@ -17,14 +18,30 @@ type ipMatchFromFile struct {
 func (o *ipMatchFromFile) Init(options coraza.RuleOperatorOptions) error {
 	data := options.Arguments
 
+	dataParsed := ""
+	sc := bufio.NewScanner(strings.NewReader(data))
+	for sc.Scan() {
+		l := sc.Text()
+		l = strings.TrimSpace(l)
+		if len(l) == 0 {
+			continue
+		}
+		if l[0] == '#' {
+			continue
+		}
+		dataParsed += ","
+		dataParsed += l
+	}
+
 	o.ip = &ipMatch{}
-	subnets := strings.ReplaceAll(data, "\n", ",")
 	opts := coraza.RuleOperatorOptions{
-		Arguments: subnets,
+		Arguments: dataParsed,
 	}
 	return o.ip.Init(opts)
 }
 
 func (o *ipMatchFromFile) Evaluate(tx *engine.Transaction, value string) bool {
 	return o.ip.Evaluate(tx, value)
 }
+
+var _ coraza.RuleOperator = (*ipMatchFromFile)(nil)
diff --git a/operators/operators.go b/operators/operators.go
@@ -33,6 +33,7 @@ func init() {
 	Register("streq", func() coraza.RuleOperator { return &streq{} })
 	Register("ipMatch", func() coraza.RuleOperator { return &ipMatch{} })
 	Register("ipMatchFromFile", func() coraza.RuleOperator { return &ipMatchFromFile{} })
+	Register("ipMatchFromDataset", func() coraza.RuleOperator { return &ipMatchFromDataset{} })
 	Register("rbl", func() coraza.RuleOperator { return &rbl{} })
 	Register("validateUtf8Encoding", func() coraza.RuleOperator { return &validateUtf8Encoding{} })
 	Register("noMatch", func() coraza.RuleOperator { return &noMatch{} })

diff --git a/operators/pm_from_dataset.go b/operators/pm_from_dataset.go
@@ -30,7 +30,6 @@ func (o *pmFromDataset) Init(options coraza.RuleOperatorOptions) error {
 		DFA:                  true,
 	})
 
-	// TODO this operator is supposed to support snort data syntax: "@pmFromDataset A|42|C|44|F"
 	o.matcher = builder.Build(dataset)
 	return nil
 }

diff --git a/operators/pm_from_file.go b/operators/pm_from_file.go
@@ -39,7 +39,6 @@ func (o *pmFromFile) Init(options coraza.RuleOperatorOptions) error {
 		DFA:                  false,
 	})
 
-	// TODO this operator is supposed to support snort data syntax: "@pm A|42|C|44|F"
 	o.matcher = builder.Build(lines)
 	return nil
 }