-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
Copy pathvalidate_schema.cc
129 lines (106 loc) · 3.68 KB
/
validate_schema.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2023 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address [email protected].
*
*/
#include "src/operators/validate_schema.h"
#include <string>
#include "src/operators/operator.h"
#include "src/request_body_processor/xml.h"
#include "src/utils/system.h"
namespace modsecurity {
namespace operators {
#ifdef WITH_LIBXML2
bool ValidateSchema::init(const std::string &file, std::string *error) {
std::string err;
m_resource = utils::find_resource(m_param, file, &err);
if (m_resource == "") {
error->assign("XML: File not found: " + m_param + ". " + err);
return false;
}
return true;
}
bool ValidateSchema::evaluate(Transaction *transaction,
const std::string &str) {
if (transaction->m_xml->m_data.doc == NULL) {
ms_dbg_a(transaction, 4, "XML document tree could not be found for " \
"schema validation.");
return true;
}
if (transaction->m_xml->m_data.well_formed != 1) {
ms_dbg_a(transaction, 4, "XML: Schema validation failed because " \
"content is not well formed.");
return true;
}
xmlSchemaParserCtxtPtr parserCtx = xmlSchemaNewParserCtxt(m_resource.c_str());
if (parserCtx == NULL) {
std::stringstream err;
err << "XML: Failed to load Schema from file: ";
err << m_resource;
err << ". ";
if (m_err.empty() == false) {
err << m_err;
}
ms_dbg_a(transaction, 4, err.str());
return true;
}
xmlSchemaSetParserErrors(parserCtx,
(xmlSchemaValidityErrorFunc)error_load,
(xmlSchemaValidityWarningFunc)warn_load, &m_err);
xmlThrDefSetGenericErrorFunc(parserCtx,
null_error);
xmlSetGenericErrorFunc(parserCtx,
null_error);
xmlSchemaPtr schema = xmlSchemaParse(parserCtx);
if (schema == NULL) {
std::stringstream err;
err << "XML: Failed to load Schema: ";
err << m_resource;
err << ".";
if (m_err.empty() == false) {
err << " " << m_err;
}
ms_dbg_a(transaction, 4, err.str());
xmlSchemaFreeParserCtxt(parserCtx);
return true;
}
xmlSchemaValidCtxtPtr validCtx = xmlSchemaNewValidCtxt(schema);
if (validCtx == NULL) {
std::stringstream err("XML: Failed to create validation context.");
if (m_err.empty() == false) {
err << " " << m_err;
}
ms_dbg_a(transaction, 4, err.str());
xmlSchemaFree(schema);
xmlSchemaFreeParserCtxt(parserCtx);
return true;
}
/* Send validator errors/warnings to msr_log */
xmlSchemaSetValidErrors(validCtx,
(xmlSchemaValidityErrorFunc)error_runtime,
(xmlSchemaValidityWarningFunc)warn_runtime, transaction);
int rc = xmlSchemaValidateDoc(validCtx, transaction->m_xml->m_data.doc);
xmlSchemaFreeValidCtxt(validCtx);
xmlSchemaFree(schema);
xmlSchemaFreeParserCtxt(parserCtx);
if (rc != 0) {
ms_dbg_a(transaction, 4, "XML: Schema validation failed.");
return true; /* No match. */
} else {
ms_dbg_a(transaction, 4, "XML: Successfully validated payload against " \
"Schema: " + m_resource);
return false;
}
}
#endif
} // namespace operators
} // namespace modsecurity