You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
143 lines
4.8 KiB
C++
143 lines
4.8 KiB
C++
/***************************************************************************
|
|
* Copyright (C) gempa GmbH *
|
|
* All rights reserved. *
|
|
* Contact: gempa GmbH (seiscomp-dev@gempa.de) *
|
|
* *
|
|
* GNU Affero General Public License Usage *
|
|
* This file may be used under the terms of the GNU Affero *
|
|
* Public License version 3.0 as published by the Free Software Foundation *
|
|
* and appearing in the file LICENSE included in the packaging of this *
|
|
* file. Please review the following information to ensure the GNU Affero *
|
|
* Public License version 3.0 requirements will be met: *
|
|
* https://www.gnu.org/licenses/agpl-3.0.html. *
|
|
* *
|
|
* Other Usage *
|
|
* Alternatively, this file may be used in accordance with the terms and *
|
|
* conditions contained in a signed written agreement between you and *
|
|
* gempa GmbH. *
|
|
***************************************************************************/
|
|
|
|
|
|
#ifndef SEISCOMP_UTILS_STRINGFIREWALL_H
|
|
#define SEISCOMP_UTILS_STRINGFIREWALL_H
|
|
|
|
|
|
#include <seiscomp/core/baseobject.h>
|
|
|
|
#include <string>
|
|
#include <set>
|
|
#include <map>
|
|
|
|
|
|
namespace Seiscomp {
|
|
namespace Util {
|
|
|
|
|
|
DEFINE_SMARTPOINTER(StringFirewall);
|
|
|
|
|
|
/**
|
|
* @brief The StringFirewall class implements a "firewall" for strings.
|
|
*
|
|
* It manages a blacklist and a whitelist of strings. Whether a string is
|
|
* accepted is checked with the following algorithm:
|
|
* - Accept if both lists are empty
|
|
* - If either list is empty the partial result (accepted1 or accepted2) is true
|
|
* - If the input string matches any item in the whitelist, accepted1 is true,
|
|
* false otherwise
|
|
* - If the input string matches any item in the blacklist, accepted2 is false,
|
|
* true otherwise
|
|
* - The result is accepted1 && accepted2
|
|
*/
|
|
class SC_SYSTEM_CORE_API StringFirewall : public Core::BaseObject {
|
|
// ----------------------------------------------------------------------
|
|
// Public typedefs and variables
|
|
// ----------------------------------------------------------------------
|
|
public:
|
|
typedef std::set<std::string> StringSet;
|
|
|
|
StringSet allow; //!< The whitelist
|
|
StringSet deny; //!< The blacklist
|
|
|
|
|
|
// ----------------------------------------------------------------------
|
|
// Public interface
|
|
// ----------------------------------------------------------------------
|
|
public:
|
|
/**
|
|
* @brief isAllowed evaluates if a string may pass the firewall.
|
|
* @param s The input string
|
|
* @return true if it may pass, false otherwise
|
|
*/
|
|
virtual bool isAllowed(const std::string &s) const;
|
|
|
|
/**
|
|
* @brief isDenied evaluates if a string is blocked by the firewall.
|
|
*
|
|
* It holds that isDenied(s) == !isAllowed(s).
|
|
*
|
|
* @param s The input string
|
|
* @return true if it is blocked, false otherwise
|
|
*/
|
|
bool isDenied(const std::string &s) const;
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
* @brief The WildcardStringFirewall class extends the StringFirewall by
|
|
* allowing wildcard ('*' or '?') matches for strings.
|
|
*
|
|
* Each call to either isAllowed or isDenied is cached by default to reduce
|
|
* evaluation time for repeating queries. If queries do not repeat or are
|
|
* more or less random then caching should be disabled.
|
|
*/
|
|
class SC_SYSTEM_CORE_API WildcardStringFirewall : public StringFirewall {
|
|
// ----------------------------------------------------------------------
|
|
// X'truction
|
|
// ----------------------------------------------------------------------
|
|
public:
|
|
//! C'tor
|
|
WildcardStringFirewall();
|
|
|
|
|
|
// ----------------------------------------------------------------------
|
|
// Public interface
|
|
// ----------------------------------------------------------------------
|
|
public:
|
|
/**
|
|
* Clears the internal evaluation cache. This should be called when
|
|
* either #allow or #deny have changed.
|
|
*/
|
|
void clearCache() const;
|
|
|
|
/**
|
|
* @brief Enables query caching. The default is true.
|
|
* @param enable Whether to cache queries.
|
|
*/
|
|
void setCachingEnabled(bool enable);
|
|
|
|
/**
|
|
* @brief isAllowed evaluates if a string may pass the firewall.
|
|
* @param s The input string
|
|
* @return true if it may pass, false otherwise
|
|
*/
|
|
virtual bool isAllowed(const std::string &s) const;
|
|
|
|
|
|
// ----------------------------------------------------------------------
|
|
// Private members and typedefs
|
|
// ----------------------------------------------------------------------
|
|
private:
|
|
typedef std::map<std::string, bool> StringPassMap;
|
|
mutable StringPassMap _cache;
|
|
bool _enableCaching;
|
|
};
|
|
|
|
|
|
}
|
|
}
|
|
|
|
|
|
#endif
|