Enterprise-Onion-Toolkit/lib.d/generate-bw-code.pl

#!/usr/bin/perl

$warning = "(generated)";
$begin = "# ---- BEGIN GENERATED CODE ---- -*- awk -*-\n\n";
$end = "# ---- END GENERATED CODE ----\n";

$indent = "  ";
@polite = ();
@redirect = ();
@black = ();
@white = ();
@tail = ();

while (<DATA>) {
    next if /^#/;
    next if /^\s*$/;

    chomp;
    s/\s+/ /g;
    ($how, $lc_what, $condition) = split(/\s+/, $_, 3);
    $uc_what = uc($lc_what);

    if ($how eq "bwlist") {
        $uc_bl = "${uc_what}_BLACKLIST_RE";
        $uc_wl = "${uc_what}_WHITELIST_RE";
        $lc_bl = lc($uc_bl);
        $lc_wl = lc($uc_wl);
        $flag = "\$non_whitelist_${lc_what}";

        push(@black, "%%IF %$uc_bl%\n");
        push(@black, "# check $lc_bl $warning\n");
        push(@black, "%%CSV %$uc_bl%\n");
        push(@black, "$condition { %NGINX_ACTION_ABORT%; }\n");
        push(@black, "%%ENDCSV\n");
        push(@black, "%%ELSE\n");
        push(@black, "# no $lc_bl $warning\n");
        push(@black, "%%ENDIF\n");
        push(@black, "\n");

        push(@white, "%%IF %$uc_wl%\n");
        push(@white, "# check $lc_wl $warning\n");
        push(@white, "set $flag 1;\n");
        push(@white, "%%CSV %$uc_wl%\n");
        push(@white, "$condition { set $flag 0; }\n");
        push(@white, "%%ENDCSV\n");
        push(@white, "%%ELSE\n");
        push(@white, "# no $lc_wl $warning\n");
        push(@white, "%%ENDIF\n");
        push(@white, "\n");

        push(@tail, "%%IF %$uc_wl%\n");
        push(@tail, "# check success of $lc_wl $warning\n");
        push(@tail, "if ( $flag ) { %NGINX_ACTION_ABORT%; }\n");
        push(@tail, "%%ELSE\n");
        push(@tail, "# no check for success of $lc_wl $warning\n");
        push(@tail, "%%ENDIF\n");
        push(@tail, "\n");
    }
    elsif ($how eq "block") {
        push(@polite, "%%IF %$uc_what%\n");
        push(@polite, "# polite block for $lc_what $warning\n");
        push(@polite, "%%CSV %$uc_what%\n");
        push(@polite, "$condition { return 403 \"%BLOCK_ERR%\"; }\n");
        push(@polite, "%%ENDCSV\n");
        push(@polite, "%%ELSE\n");
        push(@polite, "# no polite block for $lc_what $warning\n");
        push(@polite, "%%ENDIF\n");
        push(@polite, "\n");
    }
    elsif ($how eq "redirect") {
        push(@redirect, "%%IF %$uc_what%\n");
        push(@redirect, "# redirect $lc_what: 1=regexp,2=dest,3=code $warning\n");
        push(@redirect, "%%CSV %$uc_what%\n");
        push(@redirect, "$condition { return %3% %2%\$request_uri; }\n");
        push(@redirect, "%%ENDCSV\n");
        push(@redirect, "%%ELSE\n");
        push(@redirect, "# no redirect $lc_what $warning\n");
        push(@redirect, "%%ENDIF\n");
        push(@redirect, "\n");
    }
    else {
        die "bad config line at line $.: $_\n";
    }
}

open(OUT, ">nginx-generated-blocks.conf") || die;
print OUT $indent x 2, $begin;
print OUT $indent x 2, "# polite blocks $warning\n\n";
foreach $x (@polite) {
    print OUT $indent x 2 if ($x !~ /^\s*$/);
    print OUT $x;
}
print OUT "\n";

print OUT $indent x 2, "# blacklists $warning\n\n";
foreach $x (@black) {
    print OUT $indent x 2 if ($x !~ /^\s*$/);
    print OUT $x;
}
print OUT "\n";

print OUT $indent x 2, "# redirects $warning\n\n";
foreach $x (@redirect) {
    print OUT $indent x 2 if ($x !~ /^\s*$/);
    print OUT $x;
}
print OUT "\n";

print OUT $indent x 2, "# whitelists $warning\n\n";
foreach $x (@white) {
    print OUT $indent x 2 if ($x !~ /^\s*$/);
    print OUT $x;
}
print OUT "\n";
print OUT $indent x 2, $end;
close(OUT);

open(OUT, ">nginx-generated-checks.conf") || die;
print OUT $indent x 3, $begin;
print OUT $indent x 3, "# whitelist checks $warning\n\n";
foreach $x (@tail) {
    print OUT $indent x 3 if ($x !~ /^\s*$/);
    print OUT $x;
}
print OUT "\n";
print OUT $indent x 3, $end;
close(OUT);

# NB: AVOID `location` DIRECTIVE IN THE CONDITIONALS, BECAUSE IT
# TRIGGERS A HANDLER...
__END__;

# blocks: issue a 403
block suppress_tor2web if ( $http_x_tor2web )
block block_host if ( $host = "%0%" )
block block_host_re if ( $host ~* "%0%" )
block block_path if ( $uri = "%0%" )
block block_path_re if ( $uri ~* "%0%" )
# legacy
block block_location location %0%
block block_location_re location ~* "%0%"

# redirects
redirect redirect_host_csv if ( $host ~* "%1%" )
redirect redirect_path_csv if ( $uri ~* "%1%" )
# legacy
redirect redirect_location_csv location ~* "%1%"

# blacklists and whitelists: issue a 500
# nb: second argument gets interpolated into variablenames
bwlist user_agent if ( $http_user_agent ~* "%0%" )
bwlist referer if ( $http_referer ~* "%0%" )
bwlist host if ( $http_host ~* "%0%" )
bwlist path if ( $uri ~* "%0%" )
commit: semi-auto-generation of white and black lists 2017-11-29 13:45:52 +00:00			`#!/usr/bin/perl`

commit: fix blacklist template bug, start refactoring codegen 2017-12-02 10:33:03 +00:00			`$warning = "(generated)";`
commit: generator version 1 2017-12-02 11:12:59 +00:00			`$begin = "# ---- BEGIN GENERATED CODE ---- -- awk --\n\n";`
			`$end = "# ---- END GENERATED CODE ----\n";`

commit: fix blacklist template bug, start refactoring codegen 2017-12-02 10:33:03 +00:00			`$indent = " ";`
			`@polite = ();`
commit: move redirects to generated template code 2017-12-02 11:53:23 +00:00			`@redirect = ();`
commit: semi-auto-generation of white and black lists 2017-11-29 13:45:52 +00:00			`@black = ();`
			`@white = ();`
			`@tail = ();`

			`while (<DATA>) {`
commit: update codegen to take a switch 2017-12-02 09:40:40 +00:00			`next if /^#/;`
commit: semi-auto-generation of white and black lists 2017-11-29 13:45:52 +00:00			`next if /^\s*$/;`
commit: update codegen to take a switch 2017-12-02 09:40:40 +00:00
commit: semi-auto-generation of white and black lists 2017-11-29 13:45:52 +00:00			`chomp;`
			`s/\s+/ /g;`
commit: update codegen to take a switch 2017-12-02 09:40:40 +00:00			`($how, $lc_what, $condition) = split(/\s+/, $_, 3);`
commit: fix blacklist template bug, start refactoring codegen 2017-12-02 10:33:03 +00:00			`$uc_what = uc($lc_what);`
commit: update codegen to take a switch 2017-12-02 09:40:40 +00:00
			`if ($how eq "bwlist") {`
			`$uc_bl = "${uc_what}_BLACKLIST_RE";`
			`$uc_wl = "${uc_what}_WHITELIST_RE";`
			`$lc_bl = lc($uc_bl);`
			`$lc_wl = lc($uc_wl);`
			`$flag = "\$non_whitelist_${lc_what}";`

			`push(@black, "%%IF %$uc_bl%\n");`
commit: generator version 1 2017-12-02 11:12:59 +00:00			`push(@black, "# check $lc_bl $warning\n");`
commit: fix blacklist template bug, start refactoring codegen 2017-12-02 10:33:03 +00:00			`push(@black, "%%CSV %$uc_bl%\n");`
commit: update codegen to take a switch 2017-12-02 09:40:40 +00:00			`push(@black, "$condition { %NGINX_ACTION_ABORT%; }\n");`
			`push(@black, "%%ENDCSV\n");`
			`push(@black, "%%ELSE\n");`
commit: generator version 1 2017-12-02 11:12:59 +00:00			`push(@black, "# no $lc_bl $warning\n");`
commit: update codegen to take a switch 2017-12-02 09:40:40 +00:00			`push(@black, "%%ENDIF\n");`
			`push(@black, "\n");`

			`push(@white, "%%IF %$uc_wl%\n");`
commit: generator version 1 2017-12-02 11:12:59 +00:00			`push(@white, "# check $lc_wl $warning\n");`
commit: update codegen to take a switch 2017-12-02 09:40:40 +00:00			`push(@white, "set $flag 1;\n");`
			`push(@white, "%%CSV %$uc_wl%\n");`
			`push(@white, "$condition { set $flag 0; }\n");`
			`push(@white, "%%ENDCSV\n");`
			`push(@white, "%%ELSE\n");`
commit: generator version 1 2017-12-02 11:12:59 +00:00			`push(@white, "# no $lc_wl $warning\n");`
commit: update codegen to take a switch 2017-12-02 09:40:40 +00:00			`push(@white, "%%ENDIF\n");`
			`push(@white, "\n");`

			`push(@tail, "%%IF %$uc_wl%\n");`
commit: generator version 1 2017-12-02 11:12:59 +00:00			`push(@tail, "# check success of $lc_wl $warning\n");`
commit: update codegen to take a switch 2017-12-02 09:40:40 +00:00			`push(@tail, "if ( $flag ) { %NGINX_ACTION_ABORT%; }\n");`
			`push(@tail, "%%ELSE\n");`
commit: generator version 1 2017-12-02 11:12:59 +00:00			`push(@tail, "# no check for success of $lc_wl $warning\n");`
commit: update codegen to take a switch 2017-12-02 09:40:40 +00:00			`push(@tail, "%%ENDIF\n");`
			`push(@tail, "\n");`
			`}`
commit: fix blacklist template bug, start refactoring codegen 2017-12-02 10:33:03 +00:00			`elsif ($how eq "block") {`
			`push(@polite, "%%IF %$uc_what%\n");`
commit: generator version 1 2017-12-02 11:12:59 +00:00			`push(@polite, "# polite block for $lc_what $warning\n");`
commit: fix blacklist template bug, start refactoring codegen 2017-12-02 10:33:03 +00:00			`push(@polite, "%%CSV %$uc_what%\n");`
			`push(@polite, "$condition { return 403 \"%BLOCK_ERR%\"; }\n");`
			`push(@polite, "%%ENDCSV\n");`
			`push(@polite, "%%ELSE\n");`
commit: generator version 1 2017-12-02 11:12:59 +00:00			`push(@polite, "# no polite block for $lc_what $warning\n");`
commit: fix blacklist template bug, start refactoring codegen 2017-12-02 10:33:03 +00:00			`push(@polite, "%%ENDIF\n");`
			`push(@polite, "\n");`
			`}`
commit: move redirects to generated template code 2017-12-02 11:53:23 +00:00			`elsif ($how eq "redirect") {`
			`push(@redirect, "%%IF %$uc_what%\n");`
			`push(@redirect, "# redirect $lc_what: 1=regexp,2=dest,3=code $warning\n");`
			`push(@redirect, "%%CSV %$uc_what%\n");`
			`push(@redirect, "$condition { return %3% %2%\$request_uri; }\n");`
			`push(@redirect, "%%ENDCSV\n");`
			`push(@redirect, "%%ELSE\n");`
			`push(@redirect, "# no redirect $lc_what $warning\n");`
			`push(@redirect, "%%ENDIF\n");`
			`push(@redirect, "\n");`
			`}`
commit: update codegen to take a switch 2017-12-02 09:40:40 +00:00			`else {`
			`die "bad config line at line $.: $_\n";`
			`}`
commit: semi-auto-generation of white and black lists 2017-11-29 13:45:52 +00:00			`}`

commit: generator version 1 2017-12-02 11:12:59 +00:00			`open(OUT, ">nginx-generated-blocks.conf") \|\| die;`
			`print OUT $indent x 2, $begin;`
			`print OUT $indent x 2, "# polite blocks $warning\n\n";`
commit: fix blacklist template bug, start refactoring codegen 2017-12-02 10:33:03 +00:00			`foreach $x (@polite) {`
commit: move redirects to generated template code 2017-12-02 11:53:23 +00:00			`print OUT $indent x 2 if ($x !~ /^\s*$/);`
			`print OUT $x;`
commit: fix blacklist template bug, start refactoring codegen 2017-12-02 10:33:03 +00:00			`}`
commit: generator version 1 2017-12-02 11:12:59 +00:00			`print OUT "\n";`
commit: semi-auto-generation of white and black lists 2017-11-29 13:45:52 +00:00
commit: generator version 1 2017-12-02 11:12:59 +00:00			`print OUT $indent x 2, "# blacklists $warning\n\n";`
commit: semi-auto-generation of white and black lists 2017-11-29 13:45:52 +00:00			`foreach $x (@black) {`
commit: move redirects to generated template code 2017-12-02 11:53:23 +00:00			`print OUT $indent x 2 if ($x !~ /^\s*$/);`
			`print OUT $x;`
			`}`
			`print OUT "\n";`

			`print OUT $indent x 2, "# redirects $warning\n\n";`
			`foreach $x (@redirect) {`
			`print OUT $indent x 2 if ($x !~ /^\s*$/);`
			`print OUT $x;`
commit: semi-auto-generation of white and black lists 2017-11-29 13:45:52 +00:00			`}`
commit: generator version 1 2017-12-02 11:12:59 +00:00			`print OUT "\n";`
commit: semi-auto-generation of white and black lists 2017-11-29 13:45:52 +00:00
commit: generator version 1 2017-12-02 11:12:59 +00:00			`print OUT $indent x 2, "# whitelists $warning\n\n";`
commit: semi-auto-generation of white and black lists 2017-11-29 13:45:52 +00:00			`foreach $x (@white) {`
commit: move redirects to generated template code 2017-12-02 11:53:23 +00:00			`print OUT $indent x 2 if ($x !~ /^\s*$/);`
			`print OUT $x;`
commit: semi-auto-generation of white and black lists 2017-11-29 13:45:52 +00:00			`}`
commit: generator version 1 2017-12-02 11:12:59 +00:00			`print OUT "\n";`
			`print OUT $indent x 2, $end;`
			`close(OUT);`
commit: semi-auto-generation of white and black lists 2017-11-29 13:45:52 +00:00
commit: generator version 1 2017-12-02 11:12:59 +00:00			`open(OUT, ">nginx-generated-checks.conf") \|\| die;`
			`print OUT $indent x 3, $begin;`
			`print OUT $indent x 3, "# whitelist checks $warning\n\n";`
commit: semi-auto-generation of white and black lists 2017-11-29 13:45:52 +00:00			`foreach $x (@tail) {`
commit: move redirects to generated template code 2017-12-02 11:53:23 +00:00			`print OUT $indent x 3 if ($x !~ /^\s*$/);`
			`print OUT $x;`
commit: semi-auto-generation of white and black lists 2017-11-29 13:45:52 +00:00			`}`
commit: generator version 1 2017-12-02 11:12:59 +00:00			`print OUT "\n";`
			`print OUT $indent x 3, $end;`
			`close(OUT);`
commit: semi-auto-generation of white and black lists 2017-11-29 13:45:52 +00:00
commit: fix path whitelisting 2017-11-30 13:02:35 +00:00			# NB: AVOID `location` DIRECTIVE IN THE CONDITIONALS, BECAUSE IT
			`# TRIGGERS A HANDLER...`
commit: semi-auto-generation of white and black lists 2017-11-29 13:45:52 +00:00			`__END__;`

commit: fix blacklist template bug, start refactoring codegen 2017-12-02 10:33:03 +00:00			`# blocks: issue a 403`
			`block suppress_tor2web if ( $http_x_tor2web )`
			`block block_host if ( $host = "%0%" )`
			`block block_host_re if ( $host ~* "%0%" )`
			`block block_path if ( $uri = "%0%" )`
			`block block_path_re if ( $uri ~* "%0%" )`
			`# legacy`
			`block block_location location %0%`
			`block block_location_re location ~* "%0%"`

commit: move redirects to generated template code 2017-12-02 11:53:23 +00:00			`# redirects`
			`redirect redirect_host_csv if ( $host ~* "%1%" )`
			`redirect redirect_path_csv if ( $uri ~* "%1%" )`
			`# legacy`
			`redirect redirect_location_csv location ~* "%1%"`

commit: fix blacklist template bug, start refactoring codegen 2017-12-02 10:33:03 +00:00			`# blacklists and whitelists: issue a 500`
			`# nb: second argument gets interpolated into variablenames`
commit: update codegen to take a switch 2017-12-02 09:40:40 +00:00			`bwlist user_agent if ( $http_user_agent ~* "%0%" )`
			`bwlist referer if ( $http_referer ~* "%0%" )`
			`bwlist host if ( $http_host ~* "%0%" )`
			`bwlist path if ( $uri ~* "%0%" )`