Makes RuleWithActions const in run time operations

2025-08-13 21:36:00 +03:00 · 2019-05-08 11:08:24 -03:00 · 2019-05-08 11:08:24 -03:00 · 28c3cb3176
commit 28c3cb3176
parent 0a3b658969
90 changed files with 120 additions and 120 deletions
--- a/headers/modsecurity/rule.h
+++ b/headers/modsecurity/rule.h
@ -63,7 +63,7 @@ class Rule {
        return *this;
    }

-    virtual bool evaluate(Transaction *transaction) = 0;
+    virtual bool evaluate(Transaction *transaction) const = 0;

    std::shared_ptr<std::string> getFileName() const {
        return m_fileName;
@ -76,11 +76,11 @@ class Rule {
    int getPhase() const { return m_phase; }
    void setPhase(int phase) { m_phase = phase; }

-    virtual std::string getReference() {
+    virtual std::string getReference() const {
        return *m_fileName + ":" + std::to_string(m_lineNumber);
    }

-    virtual void dump(std::stringstream &out) {
+    virtual void dump(std::stringstream &out) const {
        out << getOriginInTextFormat() << std::endl;
    }

--- a/headers/modsecurity/rule_message.h
+++ b/headers/modsecurity/rule_message.h
@ -113,8 +113,8 @@ class RuleMessage {
    static std::string _details(const RuleMessage *rm);
    static std::string _errorLogTail(const RuleMessage *rm);

-    RuleWithActions *getRule() const;
-    void setRule(RuleWithActions *rule);
+    const RuleWithActions *getRule() const;
+    void setRule(const RuleWithActions *rule);
    bool isSettle() const;
    int getRuleId() const;
    int getPhase() const;
@ -144,7 +144,7 @@ class RuleMessage {

 private:
    Transaction *m_transaction;
-    RuleWithActions *m_rule;
+    const RuleWithActions *m_rule;
 };


--- a/headers/modsecurity/transaction.h
+++ b/headers/modsecurity/transaction.h
@ -329,7 +329,7 @@ class TransactionRuleMessageManagement {
    RuleMessage *messageGetLast();
    void messageNew();

-    void logMatchLastRuleOnTheChain(RuleWithActions *rule);
+    void logMatchLastRuleOnTheChain(const RuleWithActions *rule);

    std::list<RuleMessage *> messageGetAll();

--- a/src/engine/lua.h
+++ b/src/engine/lua.h
@ -34,7 +34,8 @@ class LuaScriptBlob {
 public:
    LuaScriptBlob() :
        m_data(NULL),
-        m_len(0) { }
+        m_len(0)
+    { }

    ~LuaScriptBlob() {
        if (m_data) {
--- a/src/operators/begins_with.cc
+++ b/src/operators/begins_with.cc
@ -25,7 +25,7 @@ namespace operators {


 bool BeginsWith::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &str,
    RuleMessage *ruleMessage) {
    std::string p(m_string->evaluate(transaction));
--- a/src/operators/begins_with.h
+++ b/src/operators/begins_with.h
@ -33,7 +33,7 @@ class BeginsWith : public Operator {
        : Operator("BeginsWith", std::move(param)) { }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;
 };
--- a/src/operators/contains.cc
+++ b/src/operators/contains.cc
@ -22,7 +22,7 @@ namespace modsecurity {
 namespace operators {

 bool Contains::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &input,
    RuleMessage *ruleMessage) {
    std::string p(m_string->evaluate(transaction));
--- a/src/operators/contains.h
+++ b/src/operators/contains.h
@ -36,7 +36,7 @@ class Contains : public Operator {
        : Operator("Contains", std::move(param)) { };

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;
 };
--- a/src/operators/contains_word.cc
+++ b/src/operators/contains_word.cc
@ -37,7 +37,7 @@ bool ContainsWord::acceptableChar(const bpstd::string_view &a, size_t pos) {
 }

 bool ContainsWord::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &inputView,
    RuleMessage *ruleMessage) {
    std::string paramTarget(m_string->evaluate(transaction));
--- a/src/operators/contains_word.h
+++ b/src/operators/contains_word.h
@ -33,7 +33,7 @@ class ContainsWord : public Operator {
        : Operator("ContainsWord", std::move(param)) { }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;

--- a/src/operators/detect_sqli.cc
+++ b/src/operators/detect_sqli.cc
@ -28,7 +28,7 @@ namespace operators {


 bool DetectSQLi::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &input,
    RuleMessage *ruleMessage) {
    char fingerprint[8];
--- a/src/operators/detect_sqli.h
+++ b/src/operators/detect_sqli.h
@ -33,7 +33,7 @@ class DetectSQLi : public Operator {
        }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;
 };
--- a/src/operators/detect_xss.cc
+++ b/src/operators/detect_xss.cc
@ -27,7 +27,7 @@ namespace operators {


 bool DetectXSS::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &input,
    RuleMessage *ruleMessage) {
    int is_xss;
--- a/src/operators/detect_xss.h
+++ b/src/operators/detect_xss.h
@ -32,7 +32,7 @@ class DetectXSS : public Operator {
        }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;
 };
--- a/src/operators/ends_with.cc
+++ b/src/operators/ends_with.cc
@ -24,7 +24,7 @@ namespace operators {


 bool EndsWith::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &input,
    RuleMessage *ruleMessage) {
    bool ret = false;
--- a/src/operators/ends_with.h
+++ b/src/operators/ends_with.h
@ -35,7 +35,7 @@ class EndsWith : public Operator {
        }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;
 };
--- a/src/operators/eq.cc
+++ b/src/operators/eq.cc
@ -25,7 +25,7 @@ namespace operators {


 bool Eq::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &input,
    RuleMessage *ruleMessage) {
    int p = 0;
--- a/src/operators/eq.h
+++ b/src/operators/eq.h
@ -33,7 +33,7 @@ class Eq : public Operator {
        : Operator("Eq", std::move(param)) { }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;
 };
--- a/src/operators/fuzzy_hash.cc
+++ b/src/operators/fuzzy_hash.cc
@ -97,7 +97,7 @@ FuzzyHash::~FuzzyHash() {


 bool FuzzyHash::evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &str,
        RuleMessage *ruleMessage) {
 #ifdef WITH_SSDEEP
--- a/src/operators/fuzzy_hash.h
+++ b/src/operators/fuzzy_hash.h
@ -45,7 +45,7 @@ class FuzzyHash : public Operator {
    ~FuzzyHash();

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;

--- a/src/operators/ge.cc
+++ b/src/operators/ge.cc
@ -24,7 +24,7 @@ namespace modsecurity {
 namespace operators {

 bool Ge::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &str,
    RuleMessage *ruleMessage) {
    std::string p(m_string->evaluate(transaction));
--- a/src/operators/ge.h
+++ b/src/operators/ge.h
@ -34,7 +34,7 @@ class Ge : public Operator {
        }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;
 };
--- a/src/operators/geo_lookup.cc
+++ b/src/operators/geo_lookup.cc
@ -35,7 +35,7 @@ namespace operators {


 bool GeoLookup::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &str,
    RuleMessage *ruleMessage) {
    using std::placeholders::_1;
--- a/src/operators/geo_lookup.h
+++ b/src/operators/geo_lookup.h
@ -31,7 +31,7 @@ class GeoLookup : public Operator {
        : Operator("GeoLookup") { }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;

--- a/src/operators/gsblookup.cc
+++ b/src/operators/gsblookup.cc
@ -24,7 +24,7 @@ namespace operators {


 bool GsbLookup::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &str,
    RuleMessage *ruleMessage) {
    /**
--- a/src/operators/gsblookup.h
+++ b/src/operators/gsblookup.h
@ -32,7 +32,7 @@ class GsbLookup : public Operator {
        : Operator("GsbLookup", std::move(param)) { }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;
 };
--- a/src/operators/gt.cc
+++ b/src/operators/gt.cc
@ -24,7 +24,7 @@ namespace modsecurity {
 namespace operators {

 bool Gt::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &str,
    RuleMessage *ruleMessage) {
    std::string p(m_string->evaluate(transaction));
--- a/src/operators/gt.h
+++ b/src/operators/gt.h
@ -35,7 +35,7 @@ class Gt : public Operator {
        }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;
 };
--- a/src/operators/inspect_file.cc
+++ b/src/operators/inspect_file.cc
@ -50,7 +50,7 @@ bool InspectFile::init(const std::string &param2, std::string *error) {


 bool InspectFile::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &str,
    RuleMessage *ruleMessage) {
    if (m_isScript) {
--- a/src/operators/inspect_file.h
+++ b/src/operators/inspect_file.h
@ -38,7 +38,7 @@ class InspectFile : public Operator {
    bool init(const std::string &file, std::string *error) override;

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;

--- a/src/operators/ip_match.cc
+++ b/src/operators/ip_match.cc
@ -38,7 +38,7 @@ bool IpMatch::init(const std::string &file, std::string *error) {


 bool IpMatch::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &str,
    RuleMessage *ruleMessage) {
    return m_tree.contains(str.c_str());
--- a/src/operators/ip_match.h
+++ b/src/operators/ip_match.h
@ -35,7 +35,7 @@ class IpMatch : public Operator {
        : Operator(n, std::move(param)) { }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;

--- a/src/operators/le.cc
+++ b/src/operators/le.cc
@ -24,7 +24,7 @@ namespace modsecurity {
 namespace operators {

 bool Le::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &str,
    RuleMessage *ruleMessage) {
    std::string p(m_string->evaluate(transaction));
--- a/src/operators/le.h
+++ b/src/operators/le.h
@ -35,7 +35,7 @@ class Le : public Operator {
        }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;
 };
--- a/src/operators/lt.cc
+++ b/src/operators/lt.cc
@ -23,7 +23,7 @@ namespace modsecurity {
 namespace operators {

 bool Lt::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &str,
    RuleMessage *ruleMessage) {
    std::string p(m_string->evaluate(transaction));
--- a/src/operators/lt.h
+++ b/src/operators/lt.h
@ -35,7 +35,7 @@ class Lt : public Operator {
        }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;
 };
--- a/src/operators/no_match.cc
+++ b/src/operators/no_match.cc
@ -21,7 +21,7 @@ namespace modsecurity {
 namespace operators {

 bool NoMatch::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &str,
    RuleMessage *ruleMessage) {
    return false;
--- a/src/operators/no_match.h
+++ b/src/operators/no_match.h
@ -33,7 +33,7 @@ class NoMatch : public Operator {
        : Operator("NoMatch") { }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;
 };
--- a/src/operators/operator.cc
+++ b/src/operators/operator.cc
@ -71,7 +71,7 @@ namespace operators {


 bool Operator::evaluateInternal(Transaction *transaction,
-    RuleWithActions *rule, const bpstd::string_view &a, RuleMessage *rm) {
+    const RuleWithActions *rule, const bpstd::string_view &a, RuleMessage *rm) {
    bool res = evaluate(transaction, rule, a, rm);

    if (m_negation) {
@ -111,7 +111,7 @@ std::string Operator::resolveMatchMessage(Transaction *t,


 bool Operator::evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) {
    ms_dbg_a(transaction, 2, "Operator: " + m_op + \
--- a/src/operators/operator.h
+++ b/src/operators/operator.h
@ -109,12 +109,12 @@ class Operator {
    }

    bool evaluateInternal(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view& a,
        RuleMessage *ruleMessage);

    virtual bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &str,
        RuleMessage *ruleMessage);

--- a/src/operators/pm.cc
+++ b/src/operators/pm.cc
@ -84,7 +84,7 @@ void Pm::postOrderTraversal(acmp_btree_node_t *node) {


 bool Pm::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &str,
    RuleMessage *ruleMessage) {
    int rc = -1;
--- a/src/operators/pm.h
+++ b/src/operators/pm.h
@ -43,7 +43,7 @@ class Pm : public Operator {
    ~Pm();

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;

--- a/src/operators/rbl.cc
+++ b/src/operators/rbl.cc
@ -203,7 +203,7 @@ void Rbl::furtherInfo(struct sockaddr_in *sin, const std::string &ipStr,


 bool Rbl::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &str,
    RuleMessage *ruleMessage) {
    struct addrinfo *info = NULL;
--- a/src/operators/rbl.h
+++ b/src/operators/rbl.h
@ -78,7 +78,7 @@ class Rbl : public Operator {
        }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;

--- a/src/operators/rsub.cc
+++ b/src/operators/rsub.cc
@ -24,7 +24,7 @@ namespace operators {


 bool Rsub::evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) {
    /**
--- a/src/operators/rsub.h
+++ b/src/operators/rsub.h
@ -34,7 +34,7 @@ class Rsub : public Operator {
        : Operator("Rsub", std::move(param)) { }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;
 };
--- a/src/operators/rx.cc
+++ b/src/operators/rx.cc
@ -39,7 +39,7 @@ bool Rx::init(const std::string &file, std::string *error) {


 bool Rx::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &input,
    RuleMessage *ruleMessage) {
    Regex *re;
--- a/src/operators/rx.h
+++ b/src/operators/rx.h
@ -50,7 +50,7 @@ class Rx : public Operator {
    }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;

--- a/src/operators/rx_global.cc
+++ b/src/operators/rx_global.cc
@ -36,7 +36,7 @@ bool RxGlobal::init(const std::string &arg, std::string *error) {
 }


-bool RxGlobal::evaluate(Transaction *transaction, RuleWithActions *rule,
+bool RxGlobal::evaluate(Transaction *transaction, const RuleWithActions *rule,
    const bpstd::string_view& input, RuleMessage *ruleMessage) {
    Regex *re;

--- a/src/operators/rx_global.h
+++ b/src/operators/rx_global.h
@ -50,7 +50,7 @@ class RxGlobal : public Operator {
    }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view& input,
        RuleMessage *ruleMessage) override;

--- a/src/operators/str_eq.cc
+++ b/src/operators/str_eq.cc
@ -21,7 +21,7 @@ namespace modsecurity {
 namespace operators {

 bool StrEq::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &str,
    RuleMessage *ruleMessage) {
    std::string pt(m_string->evaluate(transaction));
--- a/src/operators/str_eq.h
+++ b/src/operators/str_eq.h
@ -35,7 +35,7 @@ class StrEq : public Operator {
        : Operator("StrEq", std::move(param)) { }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;
 };
--- a/src/operators/str_match.cc
+++ b/src/operators/str_match.cc
@ -25,7 +25,7 @@ namespace operators {


 bool StrMatch::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &str,
    RuleMessage *ruleMessage) {
    std::string p(m_string->evaluate(transaction));
--- a/src/operators/str_match.h
+++ b/src/operators/str_match.h
@ -35,7 +35,7 @@ class StrMatch : public Operator {
        }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;
 };
--- a/src/operators/unconditional_match.cc
+++ b/src/operators/unconditional_match.cc
@ -19,7 +19,7 @@ namespace modsecurity {
 namespace operators {

 bool UnconditionalMatch::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &str,
    RuleMessage *ruleMessage) {
    return true;
--- a/src/operators/unconditional_match.h
+++ b/src/operators/unconditional_match.h
@ -32,7 +32,7 @@ class UnconditionalMatch : public Operator {
        : Operator("UnconditionalMatch") { }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;
 };
--- a/src/operators/validate_byte_range.cc
+++ b/src/operators/validate_byte_range.cc
@ -112,7 +112,7 @@ bool ValidateByteRange::init(const std::string &file,


 bool ValidateByteRange::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &str,
    RuleMessage *ruleMessage) {
    bool ret = true;
--- a/src/operators/validate_byte_range.h
+++ b/src/operators/validate_byte_range.h
@ -38,7 +38,7 @@ class ValidateByteRange : public Operator {
    ~ValidateByteRange() override { }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;

--- a/src/operators/validate_dtd.cc
+++ b/src/operators/validate_dtd.cc
@ -44,7 +44,7 @@ bool ValidateDTD::init(const std::string &file, std::string *error) {


 bool ValidateDTD::evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) {
    xmlValidCtxtPtr cvp;
--- a/src/operators/validate_dtd.h
+++ b/src/operators/validate_dtd.h
@ -47,7 +47,7 @@ class ValidateDTD : public Operator {
    }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;

--- a/src/operators/validate_hash.cc
+++ b/src/operators/validate_hash.cc
@ -23,7 +23,7 @@ namespace modsecurity {
 namespace operators {

 bool ValidateHash::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &str,
    RuleMessage *ruleMessage) {
    /**
--- a/src/operators/validate_hash.h
+++ b/src/operators/validate_hash.h
@ -33,7 +33,7 @@ class ValidateHash : public Operator {
        : Operator("ValidateHash", std::move(param)) { }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;
 };
--- a/src/operators/validate_schema.cc
+++ b/src/operators/validate_schema.cc
@ -40,7 +40,7 @@ bool ValidateSchema::init(const std::string &file, std::string *error) {


 bool ValidateSchema::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &str,
    RuleMessage *ruleMessage) {
    int rc;
--- a/src/operators/validate_schema.h
+++ b/src/operators/validate_schema.h
@ -59,7 +59,7 @@ class ValidateSchema : public Operator {
    }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;

--- a/src/operators/validate_url_encoding.cc
+++ b/src/operators/validate_url_encoding.cc
@ -69,7 +69,7 @@ int ValidateUrlEncoding::validate_url_encoding(const char *input,


 bool ValidateUrlEncoding::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &input,
    RuleMessage *ruleMessage) {
    size_t offset = 0;
--- a/src/operators/validate_url_encoding.h
+++ b/src/operators/validate_url_encoding.h
@ -32,7 +32,7 @@ class ValidateUrlEncoding : public Operator {
        : Operator("ValidateUrlEncoding") { }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;

--- a/src/operators/validate_utf8_encoding.cc
+++ b/src/operators/validate_utf8_encoding.cc
@ -114,7 +114,7 @@ int ValidateUtf8Encoding::detect_utf8_character(
 }

 bool ValidateUtf8Encoding::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &str,
    RuleMessage *ruleMessage) {
    unsigned int i, bytes_left;
--- a/src/operators/validate_utf8_encoding.h
+++ b/src/operators/validate_utf8_encoding.h
@ -39,7 +39,7 @@ class ValidateUtf8Encoding : public Operator {
        : Operator("ValidateUtf8Encoding") { }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;

--- a/src/operators/verify_cc.cc
+++ b/src/operators/verify_cc.cc
@ -120,7 +120,7 @@ bool VerifyCC::init(const std::string &param2, std::string *error) {


 bool VerifyCC::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &i,
    RuleMessage *ruleMessage) {
    int offset = 0;
--- a/src/operators/verify_cc.h
+++ b/src/operators/verify_cc.h
@ -38,7 +38,7 @@ class VerifyCC : public Operator {
    bool init(const std::string &param, std::string *error) override;

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;

--- a/src/operators/verify_cpf.cc
+++ b/src/operators/verify_cpf.cc
@ -111,7 +111,7 @@ bool VerifyCPF::verify(const char *cpfnumber, int len) {


 bool VerifyCPF::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &input,
    RuleMessage *ruleMessage) {
    std::list<SMatch> matches;
--- a/src/operators/verify_cpf.h
+++ b/src/operators/verify_cpf.h
@ -47,7 +47,7 @@ class VerifyCPF : public Operator {
    VerifyCPF(const VerifyCPF &a) = delete;

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;

--- a/src/operators/verify_ssn.cc
+++ b/src/operators/verify_ssn.cc
@ -113,7 +113,7 @@ invalid:


 bool VerifySSN::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &input,
    RuleMessage *ruleMessage) {
    std::list<SMatch> matches;
--- a/src/operators/verify_ssn.h
+++ b/src/operators/verify_ssn.h
@ -47,7 +47,7 @@ class VerifySSN : public Operator {
    VerifySSN(const VerifySSN &a) = delete;

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;

--- a/src/operators/verify_svnr.cc
+++ b/src/operators/verify_svnr.cc
@ -79,7 +79,7 @@ bool VerifySVNR::verify(const char *svnrnumber, int len) {


 bool VerifySVNR::evaluate(Transaction *t,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &input,
    RuleMessage* ruleMessage) {
    std::list<SMatch> matches;
--- a/src/operators/verify_svnr.h
+++ b/src/operators/verify_svnr.h
@ -33,7 +33,7 @@ class VerifySVNR : public Operator {
    VerifySVNR(const VerifySVNR &a) = delete;

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;

--- a/src/operators/within.cc
+++ b/src/operators/within.cc
@ -25,7 +25,7 @@ namespace operators {


 bool Within::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
    const bpstd::string_view &str,
    RuleMessage *ruleMessage) {
    bool res = false;
--- a/src/operators/within.h
+++ b/src/operators/within.h
@ -35,7 +35,7 @@ class Within : public Operator {
        }

    bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
        const bpstd::string_view &input,
        RuleMessage *ruleMessage) override;
 };
--- a/src/rule_marker.h
+++ b/src/rule_marker.h
@ -54,7 +54,7 @@ class RuleMarker : public Rule {
        m_name(std::move(r.m_name))
    { };

-    virtual bool evaluate(Transaction *transaction) override {
+    virtual bool evaluate(Transaction *transaction) const override {
        if (transaction->isInsideAMarker()) {
            if (*transaction->getCurrentMarker() == *m_name) {
                transaction->removeMarker();
@ -71,7 +71,7 @@ class RuleMarker : public Rule {
        return m_name;
    }

-    virtual void dump(std::stringstream &out) override {
+    virtual void dump(std::stringstream &out) const override {
        Rule::dump(out);
        out << "SecMarker \"" << *getName() << "\"" << std::endl;
    }
--- a/src/rule_message.cc
+++ b/src/rule_message.cc
@ -97,12 +97,12 @@ std::string RuleMessage::log(const RuleMessage *rm, int props, int code) {
 }


-RuleWithActions *RuleMessage::getRule() const {
+const RuleWithActions *RuleMessage::getRule() const {
    return m_rule;
 }


-void RuleMessage::setRule(RuleWithActions *rule) {
+void RuleMessage::setRule(const RuleWithActions *rule) {
    m_rule = rule;
 }

--- a/src/rule_script.cc
+++ b/src/rule_script.cc
@ -22,7 +22,7 @@ bool RuleScript::init(std::string *err) {
    return m_lua->load(m_name, err);
 }

-bool RuleScript::evaluate(Transaction *trans) {
+bool RuleScript::evaluate(Transaction *trans) const {

    ms_dbg_a(trans, 4, " Executing script: " + m_name + ".");

--- a/src/rule_script.h
+++ b/src/rule_script.h
@ -68,7 +68,7 @@ class RuleScript : public RuleWithActions {
    }

    bool init(std::string *err);
-    bool evaluate(Transaction *trans) override;
+    bool evaluate(Transaction *trans) const override;

    std::string m_name;
    std::shared_ptr<engine::Lua> m_lua;
--- a/src/rule_unconditional.cc
+++ b/src/rule_unconditional.cc
@ -19,7 +19,7 @@
 namespace modsecurity {


-bool RuleUnconditional::evaluate(Transaction *trans) {
+bool RuleUnconditional::evaluate(Transaction *trans) const {
    RuleWithActions::evaluate(trans);

    ms_dbg_a(trans, 4, "(Rule: " + std::to_string(getId()) \
--- a/src/rule_unconditional.h
+++ b/src/rule_unconditional.h
@ -50,7 +50,7 @@ class RuleUnconditional : public RuleWithActions {
        : RuleWithActions(r)
        { }

-    virtual bool evaluate(Transaction *transaction) override;
+    virtual bool evaluate(Transaction *transaction) const override;

 private:
 };
--- a/src/rule_with_actions.cc
+++ b/src/rule_with_actions.cc
@ -190,7 +190,7 @@ void RuleWithActions::addAction(actions::Action *a) {
 RuleWithActions::~RuleWithActions() { }


-bool RuleWithActions::evaluate(Transaction *transaction) {
+bool RuleWithActions::evaluate(Transaction *transaction) const {
    /* Matched vars needs to be clear at every new rule execution */
    transaction->m_matched.clear();

@ -198,7 +198,7 @@ bool RuleWithActions::evaluate(Transaction *transaction) {
 }


-void RuleWithActions::executeActionsIndependentOfChainedRuleResult(Transaction *trans) {
+void RuleWithActions::executeActionsIndependentOfChainedRuleResult(Transaction *trans) const {

    for (actions::SetVar *a : getSetVarsActionsPtr()) {
        ms_dbg_a(trans, 4, "Running [independent] (non-disruptive) " \
@ -209,7 +209,7 @@ void RuleWithActions::executeActionsIndependentOfChainedRuleResult(Transaction *
 }


-void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans) {
+void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans) const {
    bool disruptiveAlreadyExecuted = false;

    for (actions::Tag *a : getTagsActionPtr()) {
@ -276,7 +276,7 @@ void RuleWithActions::executeAction(Transaction *trans,


 void RuleWithActions::executeAction(Transaction *trans,
-    ActionDisruptive *a, bool defaultContext) {
+    ActionDisruptive *a, bool defaultContext) const {
    if (defaultContext && !hasBlockAction()) {
        ms_dbg_a(trans, 4, "Ignoring action: " + *a->getName() + \
            " (rule does not cotains block)");
@ -299,7 +299,7 @@ void RuleWithActions::executeAction(Transaction *trans,
 void RuleWithActions::executeTransformations(
    Transaction *trans,
    const std::string &in,
-    TransformationsResults &results) {
+    TransformationsResults &results) const {
    int none = 0;

    ModSecString ssin;
@ -401,7 +401,7 @@ bool RuleWithActions::containsTag(const std::string& name, Transaction *t) const
 }


-bool RuleWithActions::containsMsg(const std::string& name, Transaction *t) {
+bool RuleWithActions::containsMsg(const std::string& name, Transaction *t) const {
    return m_msg && m_msg->getEvaluatedRunTimeString(t) == name;
 }

--- a/src/rule_with_actions.h
+++ b/src/rule_with_actions.h
@ -222,22 +222,22 @@ class RuleWithActions : public Rule {
    }


-    virtual bool evaluate(Transaction *transaction) override;
+    virtual bool evaluate(Transaction *transaction) const override;


    void executeActionsIndependentOfChainedRuleResult(
-        Transaction *trasn);
+        Transaction *trasn) const;

    void executeActionsAfterFullMatch(
-        Transaction *trasn);
+        Transaction *trasn) const;

-    void executeAction(Transaction *trans,
+    static void executeAction(Transaction *trans,
        ActionWithExecution *a,
        bool context);

    void executeAction(Transaction *trans,
        ActionDisruptive *a,
-        bool context);
+        bool context) const;

    static void executeTransformation(
        Transaction *transaction,
@ -253,7 +253,7 @@ class RuleWithActions : public Rule {
    void executeTransformations(
        Transaction *transaction,
        const std::string &value,
-        TransformationsResults &results);
+        TransformationsResults &results) const;

    void addAction(actions::Action *a);
    void addTransformation(std::shared_ptr<actions::transformations::Transformation> t) {
@ -268,7 +268,7 @@ class RuleWithActions : public Rule {
    std::vector<actions::Action *> getActionsByName(const std::string& name,
        Transaction *t);
    bool containsTag(const std::string& name, Transaction *t) const;
-    bool containsMsg(const std::string& name, Transaction *t);
+    bool containsMsg(const std::string& name, Transaction *t) const;


    void clearDefaultActions() {
@ -525,7 +525,7 @@ class RuleWithActions : public Rule {
    }


-    virtual void dump(std::stringstream &out) override {
+    virtual void dump(std::stringstream &out) const override {
        out << "RuleWithActions" << std::endl;
    }

--- a/src/rule_with_operator.cc
+++ b/src/rule_with_operator.cc
@ -90,7 +90,7 @@ void RuleWithOperator::updateMatchedVars(Transaction *trans,
 }


-void RuleWithOperator::cleanMatchedVars(Transaction *trans) {
+inline void RuleWithOperator::cleanMatchedVars(Transaction *trans) {
    ms_dbg_a(trans, 9, "Matched vars cleaned.");
    trans->m_variableMatchedVar.unset();
    trans->m_variableMatchedVars.unset();
@ -101,7 +101,7 @@ void RuleWithOperator::cleanMatchedVars(Transaction *trans) {

 bool RuleWithOperator::executeOperatorAt(Transaction *trans,
    const std::string &key,
-    const bpstd::string_view &value) {
+    const bpstd::string_view &value) const {
 #if MSC_EXEC_CLOCK_ENABLED
    clock_t begin = clock();
    clock_t end;
@ -128,7 +128,7 @@ bool RuleWithOperator::executeOperatorAt(Transaction *trans,


 void RuleWithOperator::getVariablesExceptions(Transaction *t,
-    variables::Variables *exclusion, variables::Variables *addition) {
+    variables::Variables *exclusion, variables::Variables *addition) const {
    for (auto &a : t->m_rules->m_exceptions.m_variable_update_target_by_tag) {
        if (containsTag(*a.first.get(), t) == false) {
            continue;
@ -174,7 +174,7 @@ void RuleWithOperator::getVariablesExceptions(Transaction *t,


 inline void RuleWithOperator::getFinalVars(variables::Variables *vars,
-    variables::Variables *exclusion, Transaction *trans) {
+    variables::Variables *exclusion, Transaction *trans) const {
    variables::Variables addition;
    getVariablesExceptions(trans, exclusion, &addition);

@ -210,7 +210,7 @@ inline void RuleWithOperator::getFinalVars(variables::Variables *vars,
 }


-bool RuleWithOperator::evaluate(Transaction *trans) {
+bool RuleWithOperator::evaluate(Transaction *trans) const {
    bool globalRet = false;
    variables::Variables *variables = m_variables.get();
    bool recursiveGlobalRet;
--- a/src/rule_with_operator.h
+++ b/src/rule_with_operator.h
@ -70,16 +70,16 @@ class RuleWithOperator : public RuleWithActions {

    virtual ~RuleWithOperator();

-    bool evaluate(Transaction *transaction) override;
+    bool evaluate(Transaction *transaction) const override;

    void getVariablesExceptions(Transaction *t,
-        variables::Variables *exclusion, variables::Variables *addition);
+        variables::Variables *exclusion, variables::Variables *addition) const;
    inline void getFinalVars(variables::Variables *vars,
-        variables::Variables *eclusion, Transaction *trans);
+        variables::Variables *eclusion, Transaction *trans) const;

    bool executeOperatorAt(Transaction *transaction,
        const std::string &key,
-        const bpstd::string_view &value);
+        const bpstd::string_view &value) const;

    static void updateMatchedVars(Transaction *transaction,
        const std::string &key,
@ -87,14 +87,13 @@ class RuleWithOperator : public RuleWithActions {

    static void cleanMatchedVars(Transaction *trasn);

-
    std::string getOperatorName() const;

-    virtual std::string getReference() override {
+    virtual std::string getReference() const override {
        return std::to_string(getId());
    }

-    virtual void dump(std::stringstream &out) override {
+    virtual void dump(std::stringstream &out) const override {
        Rule::dump(out);
        out << "# RuleWithOperator" << std::endl;
        out << "SecRule ";
--- a/src/transaction.cc
+++ b/src/transaction.cc
@ -67,7 +67,7 @@ RuleMessage *TransactionRuleMessageManagement::messageGetLast() {
    return m_rulesMessages.back();
 }

-void TransactionRuleMessageManagement::logMatchLastRuleOnTheChain(RuleWithActions *rule) {
+void TransactionRuleMessageManagement::logMatchLastRuleOnTheChain(const RuleWithActions *rule) {
    RuleMessage *rm = m_rulesMessages.back();

    rm->setRule(rule);
--- a/test/cppcheck_suppressions.txt
+++ b/test/cppcheck_suppressions.txt
@ -46,8 +46,8 @@ functionStatic:headers/modsecurity/transaction.h:437
 duplicateBranch:src/audit_log/audit_log.cc:223
 unreadVariable:src/request_body_processor/multipart.cc:435
 stlcstrParam:src/audit_log/writer/parallel.cc:145
-functionStatic:src/engine/lua.h:78
 functionStatic:src/engine/lua.h:79
+functionStatic:src/engine/lua.h:80
 functionConst:src/utils/geo_lookup.h:49
 useInitializationList:src/operators/rbl.h:69
 constStatement:test/common/modsecurity_test.cc:82