Cleanup on Action class

2025-11-19 02:40:35 +03:00 · 2019-03-15 01:56:40 -03:00
parent dc33ed7abc
commit 17122a05d3
115 changed files with 786 additions and 794 deletions
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -43,10 +43,6 @@ pkginclude_HEADERS = \
 	../headers/modsecurity/intervention.h \
 	../headers/modsecurity/modsecurity.h \
 	../headers/modsecurity/rule.h \
-	../headers/modsecurity/rule_marker.h \
-	../headers/modsecurity/rule_unconditional.h \
-	../headers/modsecurity/rule_with_actions.h \
-	../headers/modsecurity/rule_with_operator.h \
 	../headers/modsecurity/rules.h \
 	../headers/modsecurity/rule_message.h \
 	../headers/modsecurity/rules_set.h \
@@ -289,6 +285,7 @@ libmodsecurity_la_SOURCES = \
 	debug_log/debug_log_writer.cc \
 	run_time_string.cc \
 	rule.cc \
+	rules.cc \
 	rule_unconditional.cc \
 	rule_with_actions.cc \
 	rule_with_operator.cc \
--- a/src/actions/accuracy.cc
+++ b/src/actions/accuracy.cc
@@ -21,7 +21,7 @@
 #include "modsecurity/actions/action.h"
 #include "modsecurity/transaction.h"
 #include "modsecurity/rule.h"
-
+#include "modsecurity/rule_with_actions.h"

 namespace modsecurity {
 namespace actions {
--- a/src/actions/block.cc
+++ b/src/actions/block.cc
@@ -24,6 +24,7 @@
 #include "modsecurity/rule.h"
 #include "modsecurity/intervention.h"
 #include "src/actions/data/status.h"
+#include "modsecurity/rule_with_actions.h"

 namespace modsecurity {
 namespace actions {
--- a/src/actions/chain.cc
+++ b/src/actions/chain.cc
@@ -20,6 +20,8 @@

 #include "modsecurity/transaction.h"
 #include "modsecurity/rule.h"
+#include "modsecurity/rule_with_actions.h"
+

 namespace modsecurity {
 namespace actions {
--- a/src/actions/maturity.cc
+++ b/src/actions/maturity.cc
@@ -21,7 +21,7 @@
 #include "modsecurity/actions/action.h"
 #include "modsecurity/transaction.h"
 #include "modsecurity/rule.h"
-
+#include "modsecurity/rule_with_actions.h"

 namespace modsecurity {
 namespace actions {
--- a/src/actions/phase.cc
+++ b/src/actions/phase.cc
@@ -22,6 +22,7 @@
 #include "modsecurity/rule.h"
 #include "modsecurity/modsecurity.h"
 #include "src/utils/string.h"
+#include "modsecurity/rule_with_actions.h"


 namespace modsecurity {
--- a/src/actions/rev.cc
+++ b/src/actions/rev.cc
@@ -21,6 +21,7 @@
 #include "modsecurity/actions/action.h"
 #include "modsecurity/transaction.h"
 #include "modsecurity/rule.h"
+#include "modsecurity/rule_with_actions.h"


 namespace modsecurity {
--- a/src/actions/rule_id.cc
+++ b/src/actions/rule_id.cc
@@ -20,6 +20,8 @@

 #include "modsecurity/transaction.h"
 #include "modsecurity/rule.h"
+#include "modsecurity/rule_with_actions.h"
+

 namespace modsecurity {
 namespace actions {
--- a/src/actions/set_env.cc
+++ b/src/actions/set_env.cc
@@ -21,6 +21,8 @@
 #include "modsecurity/transaction.h"
 #include "modsecurity/rule.h"
 #include "src/utils/string.h"
+#include "modsecurity/rule_with_actions.h"
+

 namespace modsecurity {
 namespace actions {
--- a/src/actions/set_var.cc
+++ b/src/actions/set_var.cc
@@ -30,6 +30,7 @@
 #include "src/variables/tx.h"
 #include "src/variables/user.h"
 #include "src/variables/variable.h"
+#include "modsecurity/rule_with_operator.h"

 namespace modsecurity {
 namespace actions {
--- a/src/actions/transformations/base64_decode.cc
+++ b/src/actions/transformations/base64_decode.cc
@@ -33,8 +33,8 @@ namespace transformations {


 void Base64Decode::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    std::string value(in.c_str(), in.size());
    std::string ret = Utils::Base64::decode(value);
    out.assign(ret.c_str(), ret.size());
--- a/src/actions/transformations/base64_decode.h
+++ b/src/actions/transformations/base64_decode.h
@@ -34,8 +34,8 @@ class Base64Decode : public Transformation {
        : Transformation(action) { }

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;
 };

 }  // namespace transformations
--- a/src/actions/transformations/base64_decode_ext.cc
+++ b/src/actions/transformations/base64_decode_ext.cc
@@ -33,8 +33,8 @@ namespace transformations {


 void Base64DecodeExt::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    std::string ret = Utils::Base64::decode_forgiven(in);
    out.assign(ret.c_str(), ret.size());
 }
--- a/src/actions/transformations/base64_decode_ext.h
+++ b/src/actions/transformations/base64_decode_ext.h
@@ -34,8 +34,8 @@ class Base64DecodeExt : public Transformation {
        : Transformation(action) { }

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;
 };

 }  // namespace transformations
--- a/src/actions/transformations/base64_encode.cc
+++ b/src/actions/transformations/base64_encode.cc
@@ -33,8 +33,8 @@ namespace transformations {


 void Base64Encode::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    std::string ret = Utils::Base64::encode(
        std::string(in.c_str(), in.size()));
    out.assign(ret.c_str(), ret.size());
--- a/src/actions/transformations/base64_encode.h
+++ b/src/actions/transformations/base64_encode.h
@@ -34,8 +34,8 @@ class Base64Encode : public Transformation {
        : Transformation(action) { }

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;
 };

 }  // namespace transformations
--- a/src/actions/transformations/cmd_line.cc
+++ b/src/actions/transformations/cmd_line.cc
@@ -32,8 +32,8 @@ namespace transformations {


 void CmdLine::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    int space = 0;

    for (auto& a : in) {
--- a/src/actions/transformations/cmd_line.h
+++ b/src/actions/transformations/cmd_line.h
@@ -34,8 +34,8 @@ class CmdLine : public Transformation {
        : Transformation(action) { }

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;
 };

 }  // namespace transformations
--- a/src/actions/transformations/compress_whitespace.cc
+++ b/src/actions/transformations/compress_whitespace.cc
@@ -32,8 +32,8 @@ namespace transformations {


 void CompressWhitespace::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    int inWhiteSpace = 0;
    size_t i = 0;
    out.reserve(in.size());
--- a/src/actions/transformations/compress_whitespace.h
+++ b/src/actions/transformations/compress_whitespace.h
@@ -34,8 +34,8 @@ class CompressWhitespace : public Transformation {
        : Transformation(action) { }

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;
 };

 }  // namespace transformations
--- a/src/actions/transformations/css_decode.cc
+++ b/src/actions/transformations/css_decode.cc
@@ -35,17 +35,19 @@ namespace transformations {


 void CssDecode::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
+    size_t s = in.size();
+
    char *tmp = reinterpret_cast<char *>(
-        malloc(sizeof(char) * in.size() + 1));
-    memcpy(tmp, in.c_str(), in.size() + 1);
-    tmp[in.size()] = '\0';
+        malloc(sizeof(char) * s + 1));
+    memcpy(tmp, in.c_str(), s + 1);
+    tmp[s] = '\0';

-    CssDecode::css_decode_inplace(reinterpret_cast<unsigned char *>(tmp),
-        in.size());
+    size_t r = CssDecode::css_decode_inplace(reinterpret_cast<unsigned char *>(tmp),
+        s);

-    out.assign(tmp, 0, in.size());
+    out.assign(tmp, r);
    free(tmp);
 }

--- a/src/actions/transformations/css_decode.h
+++ b/src/actions/transformations/css_decode.h
@@ -35,8 +35,8 @@ class CssDecode : public Transformation {
        : Transformation(action) { }

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;

    static int css_decode_inplace(unsigned char *input, int64_t input_len);
 };
--- a/src/actions/transformations/escape_seq_decode.cc
+++ b/src/actions/transformations/escape_seq_decode.cc
@@ -136,8 +136,8 @@ int EscapeSeqDecode::ansi_c_sequences_decode_inplace(unsigned char *input,


 void EscapeSeqDecode::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    unsigned char *tmp = (unsigned char *) malloc(sizeof(char)
        * in.size() + 1);
    memcpy(tmp, in.c_str(), in.size() + 1);
--- a/src/actions/transformations/escape_seq_decode.h
+++ b/src/actions/transformations/escape_seq_decode.h
@@ -34,8 +34,8 @@ class EscapeSeqDecode : public Transformation {
        : Transformation(action) { }

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;

    static int ansi_c_sequences_decode_inplace(unsigned char *input, int input_len);
 };
--- a/src/actions/transformations/hex_decode.cc
+++ b/src/actions/transformations/hex_decode.cc
@@ -33,8 +33,8 @@ namespace transformations {


 void HexDecode::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    unsigned char *input;
    int size = 0;

--- a/src/actions/transformations/hex_decode.h
+++ b/src/actions/transformations/hex_decode.h
@@ -34,8 +34,8 @@ class HexDecode : public Transformation {
        : Transformation(action) { }

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;

    static int inplace(unsigned char *data, int len);
 };
--- a/src/actions/transformations/hex_encode.cc
+++ b/src/actions/transformations/hex_encode.cc
@@ -33,8 +33,8 @@ namespace transformations {


 void HexEncode::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    std::stringstream result;
    for (std::size_t i=0; i < in.length(); i++) {
        int ii = reinterpret_cast<char>(in[i]);
--- a/src/actions/transformations/hex_encode.h
+++ b/src/actions/transformations/hex_encode.h
@@ -34,8 +34,8 @@ class HexEncode : public Transformation {
        : Transformation(action) { }

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;

 };

--- a/src/actions/transformations/html_entity_decode.cc
+++ b/src/actions/transformations/html_entity_decode.cc
@@ -34,8 +34,8 @@ namespace transformations {


 void HtmlEntityDecode::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    unsigned char *input;

    input = reinterpret_cast<unsigned char *>
--- a/src/actions/transformations/html_entity_decode.h
+++ b/src/actions/transformations/html_entity_decode.h
@@ -37,8 +37,8 @@ class HtmlEntityDecode : public Transformation {
        : Transformation(action) { }

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;

    static int inplace(unsigned char *input, uint64_t input_len);
 };
--- a/src/actions/transformations/js_decode.cc
+++ b/src/actions/transformations/js_decode.cc
@@ -35,8 +35,8 @@ namespace transformations {


 void JsDecode::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    unsigned char *input;

    input = reinterpret_cast<unsigned char *>
--- a/src/actions/transformations/js_decode.h
+++ b/src/actions/transformations/js_decode.h
@@ -34,8 +34,8 @@ class JsDecode : public Transformation {
        : Transformation(action) { }

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;

    static int inplace(unsigned char *input, uint64_t input_len);
 };
--- a/src/actions/transformations/length.cc
+++ b/src/actions/transformations/length.cc
@@ -32,8 +32,8 @@ namespace transformations {


 void Length::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    out.assign(std::to_string(in.size()).c_str());
 }

--- a/src/actions/transformations/length.h
+++ b/src/actions/transformations/length.h
@@ -34,8 +34,8 @@ class Length : public Transformation {
        : Transformation(action) { };

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;
 };

 }  // namespace transformations
--- a/src/actions/transformations/lower_case.cc
+++ b/src/actions/transformations/lower_case.cc
@@ -28,8 +28,8 @@ namespace transformations {


 void LowerCase::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    std::locale loc;
    out.resize(in.size());
    for (std::string::size_type i=0; i < in.size(); ++i) {
--- a/src/actions/transformations/lower_case.h
+++ b/src/actions/transformations/lower_case.h
@@ -36,8 +36,8 @@ class LowerCase : public Transformation {
        : Transformation(action) { };

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;
 };

 }  // namespace transformations
--- a/src/actions/transformations/md5.cc
+++ b/src/actions/transformations/md5.cc
@@ -32,8 +32,8 @@ namespace transformations {


 void Md5::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    std::string ret = Utils::Md5::digest(std::string(in.c_str(), in.size()));

    out.assign(ret.c_str(), ret.size());
--- a/src/actions/transformations/md5.h
+++ b/src/actions/transformations/md5.h
@@ -34,8 +34,8 @@ class Md5 : public Transformation {
        : Transformation(action) { }

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;
 };

 }  // namespace transformations
--- a/src/actions/transformations/none.cc
+++ b/src/actions/transformations/none.cc
@@ -32,8 +32,8 @@ namespace transformations {


 void None::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) { }
+    ModSecString &in,
+    ModSecString &out) { }


 }  // namespace transformations
--- a/src/actions/transformations/none.h
+++ b/src/actions/transformations/none.h
@@ -32,11 +32,15 @@ class None : public Transformation {
 public:
    explicit None(const std::string &action) 
        : Transformation(action)
-        { m_isNone = true; }
+        {  }

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;
+
+    bool isNone() override {
+        return true;
+    }
 };

 }  // namespace transformations
--- a/src/actions/transformations/normalise_path.cc
+++ b/src/actions/transformations/normalise_path.cc
@@ -34,8 +34,8 @@ namespace transformations {


 void NormalisePath::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    int changed = 0;

    char *tmp = reinterpret_cast<char *>(
--- a/src/actions/transformations/normalise_path.h
+++ b/src/actions/transformations/normalise_path.h
@@ -34,8 +34,8 @@ class NormalisePath : public Transformation {
        : Transformation(action) { };

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;

    static int normalize_path_inplace(unsigned char *input, int input_len,
        int win, int *changed);
--- a/src/actions/transformations/normalise_path_win.cc
+++ b/src/actions/transformations/normalise_path_win.cc
@@ -35,8 +35,8 @@ namespace transformations {


 void NormalisePathWin::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    int changed;

    char *tmp = reinterpret_cast<char *>(
--- a/src/actions/transformations/normalise_path_win.h
+++ b/src/actions/transformations/normalise_path_win.h
@@ -34,8 +34,8 @@ class NormalisePathWin : public Transformation {
        : Transformation(action) { }

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;
 };

 }  // namespace transformations
--- a/src/actions/transformations/parity_even_7bit.cc
+++ b/src/actions/transformations/parity_even_7bit.cc
@@ -33,8 +33,8 @@ namespace transformations {


 void ParityEven7bit::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    unsigned char *input;

    input = reinterpret_cast<unsigned char *>
--- a/src/actions/transformations/parity_even_7bit.h
+++ b/src/actions/transformations/parity_even_7bit.h
@@ -34,8 +34,8 @@ class ParityEven7bit : public Transformation {
        : Transformation(action) { }

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;

    static bool inplace(unsigned char *input, uint64_t input_len);
 };
--- a/src/actions/transformations/parity_odd_7bit.cc
+++ b/src/actions/transformations/parity_odd_7bit.cc
@@ -33,8 +33,8 @@ namespace transformations {


 void ParityOdd7bit::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    unsigned char *input;

    input = reinterpret_cast<unsigned char *>
--- a/src/actions/transformations/parity_odd_7bit.h
+++ b/src/actions/transformations/parity_odd_7bit.h
@@ -34,8 +34,8 @@ class ParityOdd7bit : public Transformation {
        : Transformation(action) { }

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;

    static bool inplace(unsigned char *input, uint64_t input_len);
 };
--- a/src/actions/transformations/parity_zero_7bit.cc
+++ b/src/actions/transformations/parity_zero_7bit.cc
@@ -33,8 +33,8 @@ namespace transformations {


 void ParityZero7bit::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    unsigned char *input;

    input = reinterpret_cast<unsigned char *>
--- a/src/actions/transformations/parity_zero_7bit.h
+++ b/src/actions/transformations/parity_zero_7bit.h
@@ -34,8 +34,8 @@ class ParityZero7bit : public Transformation {
        : Transformation(action) { }

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;

    static bool inplace(unsigned char *input, uint64_t input_len);
 };
--- a/src/actions/transformations/php_args_names.cc
+++ b/src/actions/transformations/php_args_names.cc
@@ -34,8 +34,8 @@ PhpArgsNames::PhpArgsNames(const std::string &a)


 void PhpArgsNames::execute(Transaction *t,
-    ModSecStackString &val,
-    ModSecStackString &out) {
+    ModSecString &val,
+    ModSecString &out) {
    //Took the logic from php src code:
    //https://github.com/php/php-src/blob/master/main/php_variables.c
    //Function call PHPAPI void php_register_variable_ex(const char *var_name, zval *val, zval *track_vars_array)
--- a/src/actions/transformations/php_args_names.h
+++ b/src/actions/transformations/php_args_names.h
@@ -35,8 +35,8 @@ class PhpArgsNames : public Transformation {
    explicit PhpArgsNames(const std::string &action);

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;
 };

 }  // namespace transformations
--- a/src/actions/transformations/remove_comments.cc
+++ b/src/actions/transformations/remove_comments.cc
@@ -33,8 +33,8 @@ namespace transformations {


 void RemoveComments::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    unsigned char *input;

    input = reinterpret_cast<unsigned char *>
--- a/src/actions/transformations/remove_comments.h
+++ b/src/actions/transformations/remove_comments.h
@@ -35,8 +35,8 @@ class RemoveComments : public Transformation {
        : Transformation(action) { }

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;;
+        ModSecString &in,
+        ModSecString &out) override;;
 };


--- a/src/actions/transformations/remove_comments_char.cc
+++ b/src/actions/transformations/remove_comments_char.cc
@@ -32,8 +32,8 @@ namespace transformations {


 void RemoveCommentsChar::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    int64_t i;
    out = in;

--- a/src/actions/transformations/remove_comments_char.h
+++ b/src/actions/transformations/remove_comments_char.h
@@ -34,8 +34,8 @@ class RemoveCommentsChar : public Transformation {
        : Transformation(action) { };

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;
 };

 }  // namespace transformations
--- a/src/actions/transformations/remove_nulls.cc
+++ b/src/actions/transformations/remove_nulls.cc
@@ -34,8 +34,8 @@ namespace transformations {


 void RemoveNulls::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    int64_t i;
    out = in;

--- a/src/actions/transformations/remove_nulls.h
+++ b/src/actions/transformations/remove_nulls.h
@@ -34,8 +34,8 @@ class RemoveNulls : public Transformation {
        : Transformation(action) { }

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;
 };

 }  // namespace transformations
--- a/src/actions/transformations/remove_whitespace.cc
+++ b/src/actions/transformations/remove_whitespace.cc
@@ -32,8 +32,8 @@ namespace transformations {


 void RemoveWhitespace::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    out = in;
    int64_t i = 0;
    const char nonBreakingSpaces = 0xa0;
--- a/src/actions/transformations/remove_whitespace.h
+++ b/src/actions/transformations/remove_whitespace.h
@@ -34,8 +34,8 @@ class RemoveWhitespace : public Transformation {
        : Transformation(action) { };

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;
 };

 }  // namespace transformations
--- a/src/actions/transformations/replace_comments.cc
+++ b/src/actions/transformations/replace_comments.cc
@@ -33,8 +33,8 @@ namespace transformations {


 void ReplaceComments::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    uint64_t i, j, incomment;

    char *input = reinterpret_cast<char *>(
--- a/src/actions/transformations/replace_comments.h
+++ b/src/actions/transformations/replace_comments.h
@@ -34,8 +34,8 @@ class ReplaceComments : public Transformation {
        : Transformation(action) { };

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;
 };

 }  // namespace transformations
--- a/src/actions/transformations/replace_nulls.cc
+++ b/src/actions/transformations/replace_nulls.cc
@@ -32,8 +32,8 @@ namespace transformations {


 void ReplaceNulls::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    int64_t i;
    out = in;

--- a/src/actions/transformations/replace_nulls.h
+++ b/src/actions/transformations/replace_nulls.h
@@ -34,8 +34,8 @@ class ReplaceNulls : public Transformation {
        : Transformation(action) { };

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;
 };

 }  // namespace transformations
--- a/src/actions/transformations/sha1.cc
+++ b/src/actions/transformations/sha1.cc
@@ -33,8 +33,8 @@ namespace transformations {


 void Sha1::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {

    auto a = Utils::Sha1::digest(
            std::string(in.c_str(), in.size())
--- a/src/actions/transformations/sha1.h
+++ b/src/actions/transformations/sha1.h
@@ -34,8 +34,8 @@ class Sha1 : public Transformation {
        : Transformation(action) { };

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;
 };

 }  // namespace transformations
--- a/src/actions/transformations/sql_hex_decode.cc
+++ b/src/actions/transformations/sql_hex_decode.cc
@@ -42,8 +42,8 @@ namespace transformations {
 #endif

 void SqlHexDecode::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    unsigned char *input;
    int size = 0;

--- a/src/actions/transformations/sql_hex_decode.h
+++ b/src/actions/transformations/sql_hex_decode.h
@@ -34,8 +34,8 @@ class SqlHexDecode : public Transformation {
        : Transformation(action) { }

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;

    static int inplace(unsigned char *data, int len);

--- a/src/actions/transformations/transformation.cc
+++ b/src/actions/transformations/transformation.cc
@@ -116,6 +116,7 @@ Transformation* Transformation::instantiate(std::string a) {
    return new Transformation(a);
 }

+
 }  // namespace transformations
 }  // namespace actions
 }  // namespace modsecurity
--- a/src/actions/transformations/transformation.h
+++ b/src/actions/transformations/transformation.h
@@ -32,12 +32,7 @@ class Transformation : public Action {
    explicit Transformation(const std::string& _action)
        : Action(_action, RunTimeBeforeMatchAttemptKind) { }

-    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override {
-            // FIXME: this should be remove as soon as #1974 got fixed.
-            out.assign(in.c_str(), in.length());
-    }
+    virtual bool isNone() { return false; }

    static Transformation* instantiate(std::string a);
 };
--- a/src/actions/transformations/trim.cc
+++ b/src/actions/transformations/trim.cc
@@ -31,8 +31,7 @@ namespace actions {
 namespace transformations {


-
-void Trim::ltrim(ModSecStackString *s) {
+void Trim::ltrim(ModSecString *s) {
    s->erase(
        s->begin(),
        std::find_if(s->begin(), s->end(), [](unsigned char c) {
@@ -42,7 +41,7 @@ void Trim::ltrim(ModSecStackString *s) {
 }


-void Trim::rtrim(ModSecStackString *s) {
+void Trim::rtrim(ModSecString *s) {
    s->erase(
        std::find_if(s->rbegin(), s->rend(), [](unsigned char c) {
            return !std::isspace(c);
@@ -52,15 +51,15 @@ void Trim::rtrim(ModSecStackString *s) {
 }


-void Trim::trim(ModSecStackString *s) {
+void Trim::trim(ModSecString *s) {
    rtrim(s);
    ltrim(s);
 }


 void Trim::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    out = in;
    trim(&out);
 };
--- a/src/actions/transformations/trim.h
+++ b/src/actions/transformations/trim.h
@@ -34,12 +34,12 @@ class Trim : public Transformation {
        : Transformation(action) { };

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;

-    static void ltrim(ModSecStackString *s);
-    static void rtrim(ModSecStackString *s);
-    static void trim(ModSecStackString *s);
+    static void ltrim(ModSecString *s);
+    static void rtrim(ModSecString *s);
+    static void trim(ModSecString *s);
 };

 }  // namespace transformations
--- a/src/actions/transformations/trim_left.cc
+++ b/src/actions/transformations/trim_left.cc
@@ -33,8 +33,8 @@ namespace transformations {


 void TrimLeft::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    out = in;
    ltrim(&out);
 };
--- a/src/actions/transformations/trim_left.h
+++ b/src/actions/transformations/trim_left.h
@@ -35,8 +35,8 @@ class TrimLeft : public Trim {
        : Trim(action) { };

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;
 };

 }  // namespace transformations
--- a/src/actions/transformations/trim_right.cc
+++ b/src/actions/transformations/trim_right.cc
@@ -32,8 +32,8 @@ namespace transformations {


 void TrimRight::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    out = in;
    rtrim(&out);
 };
--- a/src/actions/transformations/trim_right.h
+++ b/src/actions/transformations/trim_right.h
@@ -35,8 +35,8 @@ class TrimRight : public Trim {
        : Trim(action) { };

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;
 };

 }  // namespace transformations
--- a/src/actions/transformations/upper_case.cc
+++ b/src/actions/transformations/upper_case.cc
@@ -28,8 +28,8 @@ namespace transformations {


 void UpperCase::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    std::locale loc;
    out.reserve(in.size());
    for (std::string::size_type i=0; i < in.size(); ++i) {
--- a/src/actions/transformations/upper_case.h
+++ b/src/actions/transformations/upper_case.h
@@ -36,8 +36,8 @@ class UpperCase : public Transformation {
        : Transformation(action) { };

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;
 };

 }  // namespace transformations
--- a/src/actions/transformations/url_decode.cc
+++ b/src/actions/transformations/url_decode.cc
@@ -33,8 +33,8 @@ namespace transformations {


 void UrlDecode::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    unsigned char *val(NULL);
    int invalid_count = 0;
    int changed;
--- a/src/actions/transformations/url_decode.h
+++ b/src/actions/transformations/url_decode.h
@@ -36,8 +36,8 @@ class UrlDecode : public Transformation {
        : Transformation(action) { };

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;
 };

 }  // namespace transformations
--- a/src/actions/transformations/url_decode_uni.cc
+++ b/src/actions/transformations/url_decode_uni.cc
@@ -39,8 +39,8 @@ namespace transformations {


 void UrlDecodeUni::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    unsigned char *input;

    input = reinterpret_cast<unsigned char *>
--- a/src/actions/transformations/url_decode_uni.h
+++ b/src/actions/transformations/url_decode_uni.h
@@ -35,8 +35,8 @@ class UrlDecodeUni : public Transformation {
        : Transformation(action) { }

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;

    static int inplace(unsigned char *input, uint64_t input_len,
        Transaction *transaction);
--- a/src/actions/transformations/url_encode.cc
+++ b/src/actions/transformations/url_encode.cc
@@ -82,8 +82,8 @@ std::string UrlEncode::url_enc(const char *input,


 void UrlEncode::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {
    int changed;

    std::string ret = url_enc(in.c_str(), in.size(), &changed);
--- a/src/actions/transformations/url_encode.h
+++ b/src/actions/transformations/url_encode.h
@@ -34,8 +34,8 @@ class UrlEncode : public Transformation {
        : Transformation(action) { };

    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;

    static std::string url_enc(const char *input,
        unsigned int input_len, int *changed);
--- a/src/actions/transformations/utf8_to_unicode.cc
+++ b/src/actions/transformations/utf8_to_unicode.cc
@@ -34,8 +34,8 @@ namespace transformations {


 void Utf8ToUnicode::execute(Transaction *t,
-    ModSecStackString &in,
-    ModSecStackString &out) {
+    ModSecString &in,
+    ModSecString &out) {

    unsigned char *input;
    int changed = 0;
--- a/src/actions/transformations/utf8_to_unicode.h
+++ b/src/actions/transformations/utf8_to_unicode.h
@@ -40,8 +40,8 @@ class Utf8ToUnicode : public Transformation {


    void execute(Transaction *t,
-        ModSecStackString &in,
-        ModSecStackString &out) override;
+        ModSecString &in,
+        ModSecString &out) override;

    static char *inplace(unsigned char *input, uint64_t input_len,
        int *changed);
--- a/src/actions/ver.cc
+++ b/src/actions/ver.cc
@@ -21,6 +21,7 @@
 #include "modsecurity/actions/action.h"
 #include "modsecurity/transaction.h"
 #include "modsecurity/rule.h"
+#include "modsecurity/rule_with_actions.h"


 namespace modsecurity {
--- a/src/engine/lua.cc
+++ b/src/engine/lua.cc
@@ -439,8 +439,8 @@ std::string Lua::applyTransformations(lua_State *L, Transaction *t,
                    "t:" + std::string(name));
            // FIXME: transformation is not yet returning null.
            if (tfn) {
-                ModSecStackString in;
-                ModSecStackString out;
+                ModSecString in;
+                ModSecString out;
                in.assign(newVar.c_str(), newVar.size());
                tfn->execute(t, in, out);
                newVar.assign(out.c_str(), out.size());
@@ -465,8 +465,8 @@ std::string Lua::applyTransformations(lua_State *L, Transaction *t,

        // FIXME: transformation is not yet returning null.
        if (tfn) {
-            ModSecStackString in;
-            ModSecStackString out;
+            ModSecString in;
+            ModSecString out;
            in.assign(newVar.c_str(), newVar.size());
            tfn->execute(t, in, out);
            newVar.assign(out.c_str(), out.size());
--- a/src/modsecurity.cc
+++ b/src/modsecurity.cc
@@ -307,8 +307,8 @@ int ModSecurity::processContentOffset(const char *content, size_t len,

    while (!trans.empty()) {
        modsecurity::actions::transformations::Transformation *t;
-        ModSecStackString in;
-        ModSecStackString out;
+        ModSecString in;
+        ModSecString out;

        yajl_gen_map_open(g);
        yajl_gen_string(g,
--- a/src/operators/detect_sqli.cc
+++ b/src/operators/detect_sqli.cc
@@ -20,6 +20,8 @@

 #include "src/operators/operator.h"
 #include "others/libinjection/src/libinjection.h"
+#include "modsecurity/rule_with_actions.h"
+

 namespace modsecurity {
 namespace operators {
--- a/src/operators/detect_xss.cc
+++ b/src/operators/detect_xss.cc
@@ -19,6 +19,7 @@

 #include "src/operators/operator.h"
 #include "others/libinjection/src/libinjection.h"
+#include "modsecurity/rule_with_actions.h"


 namespace modsecurity {
--- a/src/operators/pm.cc
+++ b/src/operators/pm.cc
@@ -28,6 +28,8 @@
 #include "src/operators/operator.h"
 #include "src/utils/acmp.h"
 #include "src/utils/string.h"
+#include "modsecurity/rule_with_actions.h"
+

 namespace modsecurity {
 namespace operators {
--- a/src/operators/rbl.cc
+++ b/src/operators/rbl.cc
@@ -25,6 +25,8 @@

 #include "modsecurity/rules_set.h"
 #include "src/operators/operator.h"
+#include "modsecurity/rule_with_actions.h"
+

 namespace modsecurity {
 namespace operators {
--- a/src/operators/rx.cc
+++ b/src/operators/rx.cc
@@ -22,6 +22,8 @@
 #include "src/operators/operator.h"
 #include "modsecurity/rule.h"
 #include "modsecurity/rule_message.h"
+#include "modsecurity/rule_with_actions.h"
+

 namespace modsecurity {
 namespace operators {
--- a/src/operators/verify_cc.cc
+++ b/src/operators/verify_cc.cc
@@ -21,6 +21,8 @@
 #include <vector>

 #include "src/operators/operator.h"
+#include "modsecurity/rule_with_actions.h"
+

 #if PCRE_HAVE_JIT
 #define pcre_study_opt PCRE_STUDY_JIT_COMPILE
--- a/src/operators/verify_cpf.cc
+++ b/src/operators/verify_cpf.cc
@@ -19,6 +19,8 @@
 #include <list>

 #include "src/operators/operator.h"
+#include "modsecurity/rule_with_actions.h"
+

 namespace modsecurity {
 namespace operators {
--- a/src/operators/verify_ssn.cc
+++ b/src/operators/verify_ssn.cc
@@ -20,6 +20,8 @@
 #include <list>

 #include "src/operators/operator.h"
+#include "modsecurity/rule_with_actions.h"
+

 namespace modsecurity {
 namespace operators {
--- a/src/operators/verify_svnr.cc
+++ b/src/operators/verify_svnr.cc
@@ -9,6 +9,7 @@
 #include "modsecurity/rule_message.h"
 #include "modsecurity/rules_set_properties.h"

+#include "modsecurity/rule_with_actions.h"

 namespace modsecurity {
 namespace operators {
--- a/src/parser/seclang-parser.cc
+++ b/src/parser/seclang-parser.cc
--- a/src/parser/seclang-parser.hh
+++ b/src/parser/seclang-parser.hh
@@ -56,6 +56,8 @@ class Driver;
 }

 #include "modsecurity/rule_unconditional.h"
+#include "modsecurity/rule_with_operator.h"
+#include "modsecurity/rule_with_actions.h"
 #include "src/rule_script.h"

 #include "src/actions/accuracy.h"
@@ -350,7 +352,7 @@ using namespace modsecurity::operators;
    a = std::move(c);


-#line 354 "seclang-parser.hh"
+#line 356 "seclang-parser.hh"

 # include <cassert>
 # include <cstdlib> // std::abort
@@ -484,7 +486,7 @@ using namespace modsecurity::operators;
 #endif

 namespace yy {
-#line 488 "seclang-parser.hh"
+#line 490 "seclang-parser.hh"



@@ -8151,7 +8153,7 @@ switch (yytype)
  }

 } // yy
-#line 8155 "seclang-parser.hh"
+#line 8157 "seclang-parser.hh"



--- a/Show More
+++ b/Show More