Module: ICAPrb::Filter

Defined in:
lib/icaprb/filter.rb,
lib/icaprb/filter/version.rb,
lib/icaprb/filter/steganography.rb

Overview

Filter module

Defined Under Namespace

Modules: Steganography Classes: ConfigurationLoadError

Constant Summary collapse

VERSION =

version of the Filter-Service

"0.0.1"

Class Method Summary collapse

Class Method Details

.block(description, action) ⇒ Object

creates a new block rule with the parameters

description

description of the rule, so it can be logged and the admin can troubleshoot the ruleset.

action

do something

raises a ConfigurationLoadError if it is called outside of request_filter or response_filter



49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'lib/icaprb/filter.rb', line 49

def self.block(description, action)
  puts "============================="
  puts  "BLOCK: #{description}, ACTION NAME: #{action.keys.first}"
  if @filter_type == :request_mod
    puts "TYPE: REQUEST"
  elsif @filter_type == :response_mod
    puts  "TYPE: RESPONSE"
  else
    raise ConfigurationLoadError, "used param 'block' without a filter type"
  end
  # Check if action name exists and create it
  found_name = false
  @valid_filters.each { |filter|
    if filter[:name].to_s == action.keys.first.to_s
      found_name = true
      new_filter = {:name => action.keys.first,
                    :object => filter[:class].new(@filter_type, action[action.keys.first]),
                    :description => description}
      if @filter_type == :request_mod
        @temp_req_mod << new_filter
      elsif @filter_type == :response_mod
        @temp_resp_mod << new_filter
      end
      break
    end
  }
  unless found_name
    raise ConfigurationLoadError, "Unknown filter type '" + action.keys.first.to_s + "' "
  end
end

.custom_action(description, action, match = {}) ⇒ Object

Custom action, alias for modify The reason for it being a simple alias is that it may not modify its content, for example a virustotal scan takes too long so we pass it through anyway, but the scan results is saved in a log file May modify the content, but default behaviour should be that it doesn’t

description

Description of the function

action

Name of the action in the configuration file

match

Attributes



124
125
126
 
# File 'lib/icaprb/filter.rb', line 124

def self.custom_action(description, action, match={})
  self.modify(description, action, match)
end

.delete_filtersObject

Delete current filters Simple reset for tests of configuration files



134
135
136
137
138
139
140
 
# File 'lib/icaprb/filter.rb', line 134

def self.delete_filters()
  @req_mod = nil
  @resp_mod = nil
  @temp_req_mod = nil
  @temp_resp_mod = nil
  @filter_type = nil
end

.get_filtersObject

returns the filters



40
41
42
 
# File 'lib/icaprb/filter.rb', line 40

def self.get_filters
  return @filters
end

.load_filters(path) ⇒ Object

Try to load the configureation file from path. If everything works as expected, the new filter rules are set, otherwise an error is raised if the configuration file is invalid and no previous configuration is available which would lead into an empty config or the loading will fail with an error on the log.

path

Path to the configuration file



147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
 
# File 'lib/icaprb/filter.rb', line 147

def self.load_filters(path)
  # puts are required because no logger is given when the service is created
  # Setup objects to be written into
  puts 'Trying to read new configuration'
  # Set valid plugins and filters, has to done for each reload
  @valid_filters = ICAPrb::Filters.get_filters
  @valid_plugins = ICAPrb::Filters.get_plugins
  # Execute file (we trust the user blindly, assuming that the configuration file is protected sufficiently)
  @temp_resp_mod = []
  @temp_req_mod = []
  begin
    eval(File.read File.expand_path(path))
  rescue StandardError => error
    error_info = "#{error.message} #{error.backtrace}"
    # Initial info couldn't be loaded, shutting down filter framework
    if @resp_mod == nil or @req_mod == nil
      puts "Initial configuration couldn't be loaded: #{error_info}"
      # Non recoverable
      raise ConfigurationLoadError, "Initial configuration couldn't be loaded: #{error_info}"
    else
      puts "Error when reloading the configuration, configuration wasn't changed: #{error_info}"
      # Don't throw an error, we still retain the old configuration
      @temp_resp_mod = nil
      @temp_req_mod = nil
      @filter_type = nil
      return
    end
  end
  # Write data into variables (writing it beforehand is dangerous because the incomplete object may be used
  # for new requests, this allows to reload the configuration during runtime)
  @req_mod = @temp_req_mod
  @resp_mod = @temp_resp_mod
  puts 'Finished reading filter configuration'
  return @req_mod, @resp_mod
end

.modify(description, action, match = {}) ⇒ Object

Load a modifiying rule

description

Description of the rule

action

Name of the plugin to use

match

Parameters for the plugin



83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
 
# File 'lib/icaprb/filter.rb', line 83

def self.modify(description, action, match={})
  puts "============================="
  puts  "MODIFY/CUSTOM: #{description}, ACTION NAME: #{action.to_s}"
  if @filter_type == :request_mod
    puts "TYPE: REQUEST"
  elsif @filter_type == :response_mod
    puts  "TYPE: RESPONSE"
  else
    raise ConfigurationLoadError, "used param 'block' without a filter type"
  end
  # Check if action name exists and create it
  found_name = false
  @valid_plugins.each { |plugin|
    if plugin[:name].to_s == action.to_s
      found_name = true
      # Check if given plugin supports filter type
      unless plugin[:class]::MODES.include? @filter_type
        raise ConfigurationLoadError, 'Plugin ' + action.to_s + ' does not support filter type'
      end
      new_plugin = {:name => action,
                    :object => plugin[:class].new(@filter_type, match[match.keys.first]),
                    :description => description}
      if @filter_type == :request_mod
        @temp_req_mod << new_plugin
      elsif @filter_type == :response_mod
        @temp_resp_mod << new_plugin
      end
    end
  }
  unless found_name
    raise ConfigurationLoadError, 'Unknown plugin type'
  end
end

.passObject

Placeholder if user wants to write pass, doesn’t do anything For future expansion: Add conditionals to the rules ==> rewrite pass



130
131
 
# File 'lib/icaprb/filter.rb', line 130

def self.pass()
end

.request_filterObject

set the configuration mode to request filter so the rules will know that they are request filter rules. It takes a block which is executed while the filter_type is set up.



25
26
27
28
29
 
# File 'lib/icaprb/filter.rb', line 25

def self.request_filter
  @filter_type = :request_mod
  yield
  @filter_type = nil
end

.response_filterObject

set the configuration mode to response filter so the rules will know that they are response filter rules. It takes a block which is executed while the filter_type is set up.



33
34
35
36
37
 
# File 'lib/icaprb/filter.rb', line 33

def self.response_filter
  @filter_type = :response_mod
  yield
  @filter_type = nil
end

.set_logger(logger) ⇒ Object

Set logger for filter

logger

Logger object



185
186
187
 
# File 'lib/icaprb/filter.rb', line 185

def self.set_logger(logger)
  @logger = logger
end