ModSecurity/src/request_body_processor/json.h at bb4b5a77aa47c83a2bf41966d8f8b6da286f0760 · Easton97-Jens/ModSecurity · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
/*
 * ModSecurity, http://www.modsecurity.org/
 * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
 *
 * You may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * If any of the files related to licensing are missing or if you have any
 * other questions related to licensing please contact Trustwave Holdings, Inc.
 * directly using the email address security@modsecurity.org.
 *
 */

#ifndef SRC_REQUEST_BODY_PROCESSOR_JSON_H_
#define SRC_REQUEST_BODY_PROCESSOR_JSON_H_

#include <cstddef>
#include <cstdint>
#include <deque>
#include <memory>
#include <string>
#include <string_view>

#include "src/request_body_processor/json_backend.h"

namespace modsecurity {
class Transaction;
}


namespace modsecurity::RequestBodyProcessor {


class JSONContainer {
 public:
    explicit JSONContainer(const std::string &name) : m_name(name) { }
    virtual ~JSONContainer() = default;
    std::string m_name;
};


class JSONContainerArray : public JSONContainer {
 public:
    using JSONContainer::JSONContainer;
    size_t m_elementCounter = 0;
};


class JSONContainerMap : public JSONContainer {
 public:
    using JSONContainer::JSONContainer;
};


class JSON : public JsonEventSink {
 public:
    explicit JSON(Transaction *transaction);
    ~JSON() override;
    JSON(const JSON &) = delete;
    JSON &operator=(const JSON &) = delete;
    JSON(JSON &&) = delete;
    JSON &operator=(JSON &&) = delete;

    bool init();
    bool processChunk(const char *buf, unsigned int size,
        const std::string *err);
    bool complete(std::string *err);

    int addArgument(const std::string& value);

    JsonSinkStatus on_start_object() override;
    JsonSinkStatus on_end_object() override;
    JsonSinkStatus on_start_array() override;
    JsonSinkStatus on_end_array() override;
    JsonSinkStatus on_key(std::string_view value) override;
    JsonSinkStatus on_string(std::string_view value) override;
    JsonSinkStatus on_number(std::string_view value) override;
    JsonSinkStatus on_boolean(bool value) override;
    JsonSinkStatus on_null() override;

    bool isPreviousArray() const {
        if (m_containers.empty()) {
            return false;
        }
        const JSONContainerArray *prev = dynamic_cast<JSONContainerArray *>(
            m_containers.back().get());
        return prev != nullptr;
    }

    std::string getCurrentKey(bool emptyIsNull = false) {
        std::string ret(m_current_key);
        if (m_containers.empty()) {
            return "json";
        }
        if (m_current_key.empty()) {
            if (isPreviousArray() || emptyIsNull) {
                return "";
            }
            return "empty-key";
        }
        m_current_key = "";
        return ret;
    }

    void setMaxDepth(double max_depth) {
        m_max_depth = max_depth;
    }

 private:
    void clearContainers();

    std::deque<std::unique_ptr<JSONContainer>> m_containers;
    Transaction *m_transaction = nullptr;
    std::string m_current_key;
    std::string m_data;
    double m_max_depth = 0.0;
    int64_t m_current_depth = 0;
    bool m_depth_limit_exceeded = false;
};


}  // namespace modsecurity::RequestBodyProcessor

#endif  // SRC_REQUEST_BODY_PROCESSOR_JSON_H_