-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
rbl.go
90 lines (73 loc) · 1.77 KB
/
rbl.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
// Copyright 2022 Juan Pablo Tosso and the OWASP Coraza contributors
// SPDX-License-Identifier: Apache-2.0
//go:build !tinygo && !coraza.disabled_operators.rbl
// +build !tinygo,!coraza.disabled_operators.rbl
package operators
import (
"context"
"fmt"
"net"
"time"
"github.com/appsentinels/coraza/v3/experimental/plugins/plugintypes"
)
const timeout = 500 * time.Millisecond
type rbl struct {
service string
resolver *net.Resolver
}
var _ plugintypes.Operator = (*rbl)(nil)
func newRBL(options plugintypes.OperatorOptions) (plugintypes.Operator, error) {
data := options.Arguments
return &rbl{
service: data,
resolver: net.DefaultResolver,
}, nil
}
// https://github.com/mrichman/godnsbl
// https://github.com/SpiderLabs/ModSecurity/blob/b66224853b4e9d30e0a44d16b29d5ed3842a6b11/src/operators/rbl.cc
func (o *rbl) Evaluate(tx plugintypes.TransactionState, ipAddr string) bool {
// TODO validate address
resC := make(chan bool)
ctx, cancel := context.WithCancel(context.Background())
defer func() {
cancel()
}()
addr := fmt.Sprintf("%s.%s", ipAddr, o.service)
var captures []string
go func(ctx context.Context) {
defer func() {
close(resC)
}()
res, err := o.resolver.LookupHost(ctx, addr)
if err != nil {
resC <- false
return
}
// var status string
if len(res) > 0 {
txt, err := o.resolver.LookupTXT(ctx, addr)
if err != nil {
resC <- false
return
}
if len(txt) > 0 {
status := txt[0]
captures = append(captures, status)
tx.Variables().TX().Set("httpbl_msg", []string{status})
}
}
resC <- true
}(ctx)
select {
case res := <-resC:
if res && len(captures) > 0 {
tx.CaptureField(0, captures[0])
}
return res
case <-time.After(timeout):
return false
}
}
func init() {
Register("rbl", newRBL)
}