github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Reference RuleWithActions & Transaction object instead of copying values in RuleMessage

Browse Source 
- Because the lifetime of the RuleMessage instances do not extend beyond
  the lifetime of the enclosing RuleWithActions & Transaction,
  RuleMessage can just reference it and simplify its definition.
- Additionally, make the references const to show that it doesn't modify it.
- Replace RuleMessage copy constructor with default implementations.
- Removed unused RuleMessage assignment operator (which cannot be implemented
  now that it has reference members).
- Removed constructor from RuleMessage pointer.
- Addressed Sonarcloud suggestions: Do not use the constructor's
  initializer list for data member "xxx". Use the in-class initializer
  instead.
This commit is contained in:
Eduardo Arias
2024-05-05 15:15:47 -03:00
parent 2ec640fd76
commit 2ad87f640f
11 changed files with 85 additions and 205 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
headers/modsecurity/rule.h
View File

@@ -65,7 +65,7 @@ using MatchActions = std::vector<actions::Action *>;
class Rule {
public:
Rule(std::unique_ptr<std::string> fileName, int lineNumber)
: m_fileName(std::make_shared<std::string>(*fileName)),
: m_fileName(*fileName),
m_lineNumber(lineNumber),
m_phase(modsecurity::Phases::RequestHeadersPhase) {
}
@@ -81,7 +81,7 @@ class Rule {
virtual bool evaluate(Transaction *transaction,
std::shared_ptr<RuleMessage> rm) = 0;
std::shared_ptr<std::string> getFileName() const {
const std::string& getFileName() const {
return m_fileName;
}
@@ -93,18 +93,15 @@ class Rule {
void setPhase(int phase) { m_phase = phase; }
virtual std::string getReference() {
if (m_fileName) {
return *m_fileName + ":" + std::to_string(m_lineNumber);
}
return "<<no file>>:" + std::to_string(m_lineNumber);
return m_fileName + ":" + std::to_string(m_lineNumber);
}
virtual bool isMarker() { return false; }
private:
std::shared_ptr<std::string> m_fileName;
int m_lineNumber;
const std::string m_fileName;
const int m_lineNumber;
// FIXME: phase may not be neede to SecMarker.
int m_phase;
};

138
headers/modsecurity/rule_message.h
View File

@@ -42,116 +42,13 @@ class RuleMessage {
ClientLogMessageInfo = 4
};
/**
*
* FIXME: RuleMessage is currently too big, doing a lot of
* unnecessary data duplication. Needs to be shrink down.
*
*/
RuleMessage(RuleWithActions *rule, Transaction *trans) :
m_accuracy(rule->m_accuracy),
m_clientIpAddress(trans->m_clientIpAddress),
m_data(""),
m_id(trans->m_id),
m_isDisruptive(false),
m_match(""),
m_maturity(rule->m_maturity),
m_message(""),
m_noAuditLog(false),
m_phase(rule->getPhase() - 1),
m_reference(""),
m_rev(rule->m_rev),
RuleMessage(const RuleWithActions &rule, const Transaction &trans) :
m_rule(rule),
m_ruleFile(rule->getFileName()),
m_ruleId(rule->m_ruleId),
m_ruleLine(rule->getLineNumber()),
m_saveMessage(true),
m_serverIpAddress(trans->m_serverIpAddress),
m_requestHostName(trans->m_requestHostName),
m_severity(0),
m_uriNoQueryStringDecoded(trans->m_uri_no_query_string_decoded),
m_ver(rule->m_ver),
m_tags()
m_transaction(trans)
{ }
explicit RuleMessage(RuleMessage *rule) :
m_accuracy(rule->m_accuracy),
m_clientIpAddress(rule->m_clientIpAddress),
m_data(rule->m_data),
m_id(rule->m_id),
m_isDisruptive(rule->m_isDisruptive),
m_match(rule->m_match),
m_maturity(rule->m_maturity),
m_message(rule->m_message),
m_noAuditLog(rule->m_noAuditLog),
m_phase(rule->m_phase),
m_reference(rule->m_reference),
m_rev(rule->m_rev),
m_rule(rule->m_rule),
m_ruleFile(rule->m_ruleFile),
m_ruleId(rule->m_ruleId),
m_ruleLine(rule->m_ruleLine),
m_saveMessage(rule->m_saveMessage),
m_serverIpAddress(rule->m_serverIpAddress),
m_requestHostName(rule->m_requestHostName),
m_severity(rule->m_severity),
m_uriNoQueryStringDecoded(rule->m_uriNoQueryStringDecoded),
m_ver(rule->m_ver),
m_tags(rule->m_tags)
{ }
RuleMessage(const RuleMessage& ruleMessage)
: m_accuracy(ruleMessage.m_accuracy),
m_clientIpAddress(ruleMessage.m_clientIpAddress),
m_data(ruleMessage.m_data),
m_id(ruleMessage.m_id),
m_isDisruptive(ruleMessage.m_isDisruptive),
m_match(ruleMessage.m_match),
m_maturity(ruleMessage.m_maturity),
m_message(ruleMessage.m_message),
m_noAuditLog(ruleMessage.m_noAuditLog),
m_phase(ruleMessage.m_phase),
m_reference(ruleMessage.m_reference),
m_rev(ruleMessage.m_rev),
m_rule(ruleMessage.m_rule),
m_ruleFile(ruleMessage.m_ruleFile),
m_ruleId(ruleMessage.m_ruleId),
m_ruleLine(ruleMessage.m_ruleLine),
m_saveMessage(ruleMessage.m_saveMessage),
m_serverIpAddress(ruleMessage.m_serverIpAddress),
m_requestHostName(ruleMessage.m_requestHostName),
m_severity(ruleMessage.m_severity),
m_uriNoQueryStringDecoded(ruleMessage.m_uriNoQueryStringDecoded),
m_ver(ruleMessage.m_ver),
m_tags(ruleMessage.m_tags)
{ }
RuleMessage &operator=(const RuleMessage& ruleMessage) {
m_accuracy = ruleMessage.m_accuracy;
m_clientIpAddress = ruleMessage.m_clientIpAddress;
m_data = ruleMessage.m_data;
m_id = ruleMessage.m_id;
m_isDisruptive = ruleMessage.m_isDisruptive;
m_match = ruleMessage.m_match;
m_maturity = ruleMessage.m_maturity;
m_message = ruleMessage.m_message;
m_noAuditLog = ruleMessage.m_noAuditLog;
m_phase = ruleMessage.m_phase;
m_reference = ruleMessage.m_reference;
m_rev = ruleMessage.m_rev;
m_rule = ruleMessage.m_rule;
m_ruleFile = ruleMessage.m_ruleFile;
m_ruleId = ruleMessage.m_ruleId;
m_ruleLine = ruleMessage.m_ruleLine;
m_saveMessage = ruleMessage.m_saveMessage;
m_serverIpAddress = ruleMessage.m_serverIpAddress;
m_requestHostName = ruleMessage.m_requestHostName;
m_severity = ruleMessage.m_severity;
m_uriNoQueryStringDecoded = ruleMessage.m_uriNoQueryStringDecoded;
m_ver = ruleMessage.m_ver;
m_tags = ruleMessage.m_tags;
return *this;
}
RuleMessage(const RuleMessage &ruleMessage) = default;
RuleMessage &operator=(const RuleMessage &ruleMessage) = delete;
void clean() {
m_data = "";
@@ -159,7 +56,6 @@ class RuleMessage {
m_isDisruptive = false;
m_reference = "";
m_severity = 0;
m_ver = "";
}
std::string log() {
@@ -187,28 +83,18 @@ class RuleMessage {
static std::string _details(const RuleMessage *rm);
static std::string _errorLogTail(const RuleMessage *rm);
int m_accuracy;
std::shared_ptr<std::string> m_clientIpAddress;
int getPhase() const { return m_rule.getPhase() - 1; }
const RuleWithActions &m_rule;
const Transaction &m_transaction;
std::string m_data;
std::shared_ptr<std::string> m_id;
bool m_isDisruptive;
bool m_isDisruptive = false;
std::string m_match;
int m_maturity;
std::string m_message;
bool m_noAuditLog;
int m_phase;
bool m_noAuditLog = false;
std::string m_reference;
std::string m_rev;
RuleWithActions *m_rule;
std::shared_ptr<std::string> m_ruleFile;
int m_ruleId;
int m_ruleLine;
bool m_saveMessage;
std::shared_ptr<std::string> m_serverIpAddress;
std::shared_ptr<std::string> m_requestHostName;
int m_severity;
std::shared_ptr<std::string> m_uriNoQueryStringDecoded;
std::string m_ver;
bool m_saveMessage = true;
int m_severity = 0;
std::list<std::string> m_tags;
};

2
headers/modsecurity/rule_with_actions.h
View File

@@ -76,7 +76,7 @@ class RuleWithActions : public Rule {
void performLogging(Transaction *trans,
std::shared_ptr<RuleMessage> ruleMessage,
bool lastLog = true,
bool chainedParentNull = false);
bool chainedParentNull = false) const;
std::vector<actions::Action *> getActionsByName(const std::string& name,
Transaction *t);

12
headers/modsecurity/transaction.h
View File

@@ -57,7 +57,7 @@ typedef struct Rules_t RulesSet;
#define ms_dbg(b, c) \
do { \
if (m_rules && m_rules->m_debugLog && m_rules->m_debugLog->m_debugLevel >= b) { \
m_rules->debug(b, *m_id.get(), m_uri, c); \
m_rules->debug(b, m_id, m_uri, c); \
} \
} while (0);
#else
@@ -431,7 +431,7 @@ class Transaction : public TransactionAnchoredVariables, public TransactionSecMa
/**
* Holds the client IP address.
*/
std::shared_ptr<std::string> m_clientIpAddress;
std::string m_clientIpAddress;
/**
* Holds the HTTP version: 1.2, 2.0, 3.0 and so on....
@@ -441,12 +441,12 @@ class Transaction : public TransactionAnchoredVariables, public TransactionSecMa
/**
* Holds the server IP Address
*/
std::shared_ptr<std::string> m_serverIpAddress;
std::string m_serverIpAddress;
/**
* Holds the request's hostname
*/
std::shared_ptr<std::string> m_requestHostName;
std::string m_requestHostName;
/**
* Holds the raw URI that was requested.
@@ -456,7 +456,7 @@ class Transaction : public TransactionAnchoredVariables, public TransactionSecMa
/**
* Holds the URI that was requests (without the query string).
*/
std::shared_ptr<std::string> m_uri_no_query_string_decoded;
std::string m_uri_no_query_string_decoded;
/**
* Holds the combined size of all arguments, later used to fill the
@@ -568,7 +568,7 @@ class Transaction : public TransactionAnchoredVariables, public TransactionSecMa
* Contains the unique ID of the transaction. Use by the variable
* `UNIQUE_ID'. This unique id is also saved as part of the AuditLog.
*/
std::shared_ptr<std::string> m_id;
std::string m_id;
/**
* Holds the amount of rules that should be skipped. If bigger than 0 the