github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 03:34:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Using Collection instead of GlobalCollection

Browse Source 
Both has the same methods and characteristics except for the fact that
one is global and the other not. That can be handled by the backend.
This commit is contained in:
Felipe Zimmerle
2016-05-04 14:18:02 -03:00
parent 64c4f23a4e
commit 3062ff2aa5
14 changed files with 135 additions and 649 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Makefile.am
View File

@@ -34,7 +34,6 @@ pkginclude_HEADERS = \
libmodsecurity_includesub_HEADERS = \
../headers/modsecurity/collection/collection.h \
../headers/modsecurity/collection/collections.h \
../headers/modsecurity/collection/global_collection.h \
../headers/modsecurity/collection/variable.h
@@ -175,7 +174,6 @@ UTILS = \
COLLECTION = \
collection/collections.cc \
collection/global_collections.cc \
collection/backend/in_memory-per_process.cc

60
src/collection/backend/in_memory-per_process.cc
View File

@@ -53,7 +53,8 @@ bool InMemoryPerProcess::storeOrUpdateFirst(const std::string &key,
}
bool InMemoryPerProcess::updateFirst(const std::string &key, const std::string &value) {
bool InMemoryPerProcess::updateFirst(const std::string &key,
const std::string &value) {
auto range = this->equal_range(key);
for (auto it = range.first; it != range.second; ++it) {
@@ -121,6 +122,63 @@ std::string* InMemoryPerProcess::resolveFirst(const std::string& var) {
return NULL;
}
void InMemoryPerProcess::store(std::string key, std::string compartment,
std::string value) {
std::string nkey = key + "::" + compartment;
store(nkey, value);
}
bool InMemoryPerProcess::storeOrUpdateFirst(const std::string &key,
std::string compartment, const std::string &value) {
std::string nkey = key + "::" + compartment;
return storeOrUpdateFirst(nkey, value);
}
bool InMemoryPerProcess::updateFirst(const std::string &key,
std::string compartment, const std::string &value) {
std::string nkey = key + "::" + compartment;
return updateFirst(nkey, value);
}
void InMemoryPerProcess::del(const std::string& key,
std::string compartment) {
std::string nkey = key + "::" + compartment;
del(nkey);
}
std::string* InMemoryPerProcess::resolveFirst(const std::string& var,
std::string compartment) {
std::string nkey = var + "::" + compartment;
return resolveFirst(nkey);
}
void InMemoryPerProcess::resolveSingleMatch(const std::string& var,
std::string compartment, std::vector<const Variable *> *l) {
std::string nkey = var + "::" + compartment;
resolveSingleMatch(nkey, l);
}
void InMemoryPerProcess::resolveMultiMatches(const std::string& var,
std::string compartment, std::vector<const Variable *> *l) {
std::string nkey = var + "::" + compartment;
resolveMultiMatches(nkey, l);
}
void InMemoryPerProcess::resolveRegularExpression(const std::string& var,
std::string compartment, std::vector<const Variable *> *l) {
std::string nkey = var + "::" + compartment;
resolveRegularExpression(nkey, l);
}
} // namespace backend
} // namespace collection
} // namespace modsecurity

43
src/collection/backend/in_memory-per_process.h
View File

@@ -27,8 +27,8 @@
#include "modsecurity/collection/variable.h"
#include "modsecurity/collection/collection.h"
#ifndef HEADERS_MODSECURITY_COLLECTION_BACKEND_IN_MEMORY_PER_PROCESS_H_
#define HEADERS_MODSECURITY_COLLECTION_BACKEND_IN_MEMORY_PER_PROCESS_H_
#ifndef SRC_COLLECTION_BACKEND_IN_MEMORY_PER_PROCESS_H_
#define SRC_COLLECTION_BACKEND_IN_MEMORY_PER_PROCESS_H_
#ifdef __cplusplus
namespace modsecurity {
@@ -46,14 +46,11 @@ namespace backend {
*/
struct MyEqual {
bool operator()(const std::string& Left, const std::string& Right) const {
/*
return Left.size() == Right.size()
&& std::equal(Left.begin(), Left.end(), Right.begin(),
[](char a, char b) {
return tolower(a) == tolower(b);
});
*/
return Left == Right;
}
};
@@ -75,23 +72,41 @@ class InMemoryPerProcess :
public:
InMemoryPerProcess();
~InMemoryPerProcess();
void store(std::string key, std::string value);
void store(std::string key, std::string value) override;
bool storeOrUpdateFirst(const std::string &key,
const std::string &value);
const std::string &value) override;
bool updateFirst(const std::string &key, const std::string &value);
bool updateFirst(const std::string &key,
const std::string &value) override;
void del(const std::string& key);
void del(const std::string& key) override;
std::string* resolveFirst(const std::string& var);
std::string* resolveFirst(const std::string& var) override;
void resolveSingleMatch(const std::string& var,
std::vector<const Variable *> *l);
std::vector<const Variable *> *l) override;
void resolveMultiMatches(const std::string& var,
std::vector<const Variable *> *l);
std::vector<const Variable *> *l) override;
void resolveRegularExpression(const std::string& var,
std::vector<const Variable *> *l);
std::vector<const Variable *> *l) override;
void store(std::string key, std::string compartment,
std::string value) override;
bool storeOrUpdateFirst(const std::string &key, std::string compartment,
const std::string &value) override;
bool updateFirst(const std::string &key, std::string compartment,
const std::string &value) override;
void del(const std::string& key, std::string compartment) override;
std::string* resolveFirst(const std::string& var,
std::string compartment) override;
void resolveSingleMatch(const std::string& var, std::string compartment,
std::vector<const Variable *> *l) override;
void resolveMultiMatches(const std::string& var, std::string compartment,
std::vector<const Variable *> *l) override;
void resolveRegularExpression(const std::string& var,
std::string compartment, std::vector<const Variable *> *l) override;
};
} // namespace backend
@@ -100,4 +115,4 @@ class InMemoryPerProcess :
#endif
#endif // HEADERS_MODSECURITY_COLLECTION_BACKEND_IN_MEMORY_PER_PROCESS_H_
#endif // SRC_COLLECTION_BACKEND_IN_MEMORY_PER_PROCESS_H_

7
src/collection/collections.cc
View File

@@ -33,8 +33,8 @@ namespace modsecurity {
namespace collection {
Collections::Collections(GlobalCollection *global,
GlobalCollection *ip)
Collections::Collections(Collection *global,
Collection *ip)
: m_global_collection_key(""),
m_ip_collection_key(""),
m_global_collection(global),
@@ -139,7 +139,8 @@ std::string* Collections::resolveFirst(const std::string& collectionName,
for (auto &a : *this) {
if (tolower(a.first) == tolower(collectionName)) {
std::string *res = a.second->resolveFirst(toupper(a.first) + ":" + var);
std::string *res = a.second->resolveFirst(toupper(a.first)
+ ":" + var);
if (res != NULL) {
return res;
}

128
src/collection/global_collections.cc
View File

@@ -1,128 +0,0 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include "modsecurity/collection/global_collection.h"
#ifdef __cplusplus
#include <string>
#include <iostream>
#include <unordered_map>
#include <list>
#endif
#include "src/utils.h"
namespace modsecurity {
namespace collection {
GlobalCollection::GlobalCollection() {
this->reserve(1000);
}
GlobalCollection::~GlobalCollection() {
this->clear();
}
void GlobalCollection::store(std::string key, std::string compartment,
std::string value) {
this->emplace(new CollectionKey(key, compartment), value);
}
bool GlobalCollection::storeOrUpdateFirst(const std::string &key,
std::string compartment, const std::string &value) {
if (updateFirst(key, compartment, value) == false) {
store(key, compartment, value);
}
return true;
}
bool GlobalCollection::updateFirst(const std::string &key,
std::string compartment, const std::string &value) {
auto range = this->equal_range(new CollectionKey(key, compartment));
for (auto it = range.first; it != range.second; ++it) {
it->second = value;
return true;
}
return false;
}
void GlobalCollection::del(const std::string& key, std::string compartment) {
this->erase(new CollectionKey(key, compartment));
}
void GlobalCollection::resolveSingleMatch(const std::string& var,
std::string compartment, std::vector<const Variable *> *l) {
auto range = this->equal_range(new CollectionKey(var, compartment));
for (auto it = range.first; it != range.second; ++it) {
l->push_back(new Variable(var, it->second));
}
}
void GlobalCollection::resolveMultiMatches(const std::string& var,
std::string compartment, std::vector<const Variable *> *l) {
size_t keySize = var.size();
l->reserve(15);
auto range = this->equal_range(new CollectionKey(var, compartment));
for (auto it = range.first; it != range.second; ++it) {
l->insert(l->begin(), new Variable(var, it->second));
}
for (const auto& x : *this) {
if (x.first->m_name.size() <= keySize + 1) {
continue;
}
if (x.first->m_name.at(keySize) != ':') {
continue;
}
if (x.first->m_name.compare(0, keySize, var) != 0) {
continue;
}
l->insert(l->begin(),
new Variable(x.first->m_name, x.second));
}
}
void GlobalCollection::resolveRegularExpression(const std::string& var,
std::string compartment, std::vector<const Variable *> *l) {
/* Not ready */
}
std::string* GlobalCollection::resolveFirst(const std::string& var,
std::string compartment) {
auto range = equal_range(new CollectionKey(var, compartment));
for (auto it = range.first; it != range.second; ++it) {
return &it->second;
}
return NULL;
}
} // namespace collection
} // namespace modsecurity

125
src/collections/collection.cc
View File

@@ -1,125 +0,0 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include "modsecurity/transaction/collections.h"
#ifdef __cplusplus
#include <string>
#include <iostream>
#include <unordered_map>
#include <list>
#endif
#include "modsecurity/transaction/variable.h"
#include "src/utils.h"
namespace modsecurity {
namespace transaction {
Collection::Collection() {
this->reserve(1000);
}
Collection::~Collection() {
this->clear();
}
void Collection::store(std::string key, std::string value) {
this->emplace(key, value);
}
bool Collection::storeOrUpdateFirst(const std::string &key,
const std::string &value) {
if (updateFirst(key, value) == false) {
store(key, value);
}
return true;
}
bool Collection::updateFirst(const std::string &key, const std::string &value) {
auto range = this->equal_range(key);
for (auto it = range.first; it != range.second; ++it) {
it->second = value;
return true;
}
return false;
}
void Collection::del(const std::string& key) {
this->erase(key);
}
void Collection::resolveSingleMatch(const std::string& var,
std::vector<const transaction::Variable *> *l) {
auto range = this->equal_range(var);
for (auto it = range.first; it != range.second; ++it) {
l->push_back(new transaction::Variable(var, it->second));
}
}
void Collection::resolveMultiMatches(const std::string& var,
std::vector<const transaction::Variable *> *l) {
size_t keySize = var.size();
l->reserve(15);
auto range = this->equal_range(var);
for (auto it = range.first; it != range.second; ++it) {
l->insert(l->begin(), new transaction::Variable(var, it->second));
}
for (const auto& x : *this) {
if (x.first.size() <= keySize + 1) {
continue;
}
if (x.first.at(keySize) != ':') {
continue;
}
if (x.first.compare(0, keySize, var) != 0) {
continue;
}
l->insert(l->begin(), new transaction::Variable(x.first, x.second));
}
}
void Collection::resolveRegularExpression(const std::string& var,
std::vector<const transaction::Variable *> *l) {
/* Not ready */
}
std::string* Collection::resolveFirst(const std::string& var) {
auto range = equal_range(var);
for (auto it = range.first; it != range.second; ++it) {
return &it->second;
}
return NULL;
}
} // namespace transaction
} // namespace modsecurity

239
src/collections/collections.cc
View File

@@ -1,239 +0,0 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include "modsecurity/transaction/collections.h"
#ifdef __cplusplus
#include <string>
#include <iostream>
#include <unordered_map>
#include <list>
#include <vector>
#endif
#include "modsecurity/transaction/variable.h"
#include "modsecurity/transaction/collection.h"
#include "src/utils.h"
namespace modsecurity {
namespace transaction {
Collections::Collections(GlobalCollection *global,
GlobalCollection *ip)
: m_global_collection_key(""),
m_ip_collection_key(""),
m_global_collection(global),
m_ip_collection(ip) {
/* Create collection TX */
this->emplace("TX", new Collection());
}
Collections::~Collections() {
for (const auto &thing : *this) {
delete thing.second;
}
this->clear();
}
void Collections::storeOrUpdateFirst(const std::string& collectionName,
const std::string& variableName,
const std::string& targetValue) {
if (tolower(collectionName) == "ip"
&& !m_ip_collection_key.empty()) {
m_ip_collection->storeOrUpdateFirst(collectionName + ":"
+ variableName, m_ip_collection_key, targetValue);
return;
}
if (tolower(collectionName) == "global"
&& !m_global_collection_key.empty()) {
m_global_collection->storeOrUpdateFirst(collectionName + ":"
+ variableName, m_global_collection_key, targetValue);
return;
}
try {
Collection *collection;
collection = this->at(collectionName);
collection->storeOrUpdateFirst(collectionName + ":"
+ variableName, targetValue);
} catch (...) {
#if 0
debug(9, "don't know any collection named: "
+ collectionName + ". it was created?");
#endif
}
}
void Collections::store(std::string key, std::string value) {
m_transient.store(key, value);
}
bool Collections::storeOrUpdateFirst(const std::string &key,
const std::string &value) {
return m_transient.storeOrUpdateFirst(key, value);
}
bool Collections::updateFirst(const std::string &key,
const std::string &value) {
return m_transient.updateFirst(key, value);
}
void Collections::del(const std::string& key) {
return m_transient.del(key);
}
std::string* Collections::resolveFirst(const std::string& var) {
std::string *transientVar = m_transient.resolveFirst(var);
if (transientVar != NULL) {
return transientVar;
}
for (auto &a : *this) {
auto range = a.second->equal_range(var);
for (auto it = range.first; it != range.second; ++it) {
return & it->second;
}
}
return NULL;
}
std::string* Collections::resolveFirst(const std::string& collectionName,
const std::string& var) {
if (tolower(collectionName) == "ip"
&& !m_ip_collection_key.empty()) {
return m_ip_collection->resolveFirst(toupper(collectionName)
+ ":" + var, m_ip_collection_key);
}
if (tolower(collectionName) == "global"
&& !m_global_collection_key.empty()) {
return m_global_collection->resolveFirst(toupper(collectionName)
+ ":" + var, m_global_collection_key);
}
for (auto &a : *this) {
if (tolower(a.first) == tolower(collectionName)) {
Collection *t = a.second;
auto range = t->equal_range(toupper(collectionName)
+ ":" + var);
for (auto it = range.first; it != range.second; ++it) {
return &it->second;
}
}
}
return NULL;
}
void Collections::resolveSingleMatch(const std::string& var,
std::vector<const transaction::Variable *> *l) {
m_transient.resolveSingleMatch(var, l);
}
void Collections::resolveSingleMatch(const std::string& var,
const std::string& collection,
std::vector<const transaction::Variable *> *l) {
if (tolower(collection) == "ip"
&& !m_ip_collection_key.empty()) {
m_ip_collection->resolveSingleMatch(var, m_ip_collection_key, l);
return;
}
if (tolower(collection) == "global"
&& !m_global_collection_key.empty()) {
m_global_collection->resolveSingleMatch(var,
m_global_collection_key, l);
return;
}
try {
this->at(collection)->resolveSingleMatch(var, l);
} catch (...) { }
}
void Collections::resolveMultiMatches(const std::string& var,
std::vector<const transaction::Variable *> *l) {
m_transient.resolveMultiMatches(var, l);
}
void Collections::resolveMultiMatches(const std::string& var,
const std::string& collection,
std::vector<const transaction::Variable *> *l) {
if (tolower(collection) == "ip"
&& !m_ip_collection_key.empty()) {
m_ip_collection->resolveMultiMatches(var, m_ip_collection_key, l);
return;
}
if (tolower(collection) == "global"
&& !m_global_collection_key.empty()) {
m_global_collection->resolveMultiMatches(var,
m_global_collection_key, l);
return;
}
try {
this->at(collection)->resolveMultiMatches(var, l);
} catch (...) { }
}
void Collections::resolveRegularExpression(const std::string& var,
std::vector<const transaction::Variable *> *l) {
m_transient.resolveRegularExpression(var, l);
}
void Collections::resolveRegularExpression(const std::string& var,
const std::string& collection,
std::vector<const transaction::Variable *> *l) {
if (tolower(collection) == "ip"
&& !m_ip_collection_key.empty()) {
m_ip_collection->resolveRegularExpression(toupper(collection)
+ ":" + var, m_ip_collection_key, l);
return;
}
if (tolower(collection) == "global"
&& !m_global_collection_key.empty()) {
m_global_collection->resolveRegularExpression(toupper(collection)
+ ":" + var, m_global_collection_key, l);
return;
}
try {
this->at(collection)->resolveRegularExpression(var, l);
} catch (...) { }
}
} // namespace transaction
} // namespace modsecurity

3
src/modsecurity.cc
View File

@@ -18,6 +18,7 @@
#include "modsecurity/modsecurity.h"
#include "modsecurity/rule.h"
#include "src/collection/backend/in_memory-per_process.h"
#include "src/config.h"
#include "src/unique_id.h"
#ifdef MSC_WITH_CURL
@@ -45,6 +46,8 @@ namespace modsecurity {
*/
ModSecurity::ModSecurity()
: m_connector(""),
m_global_collection(new collection::backend::InMemoryPerProcess()),
m_ip_collection(new collection::backend::InMemoryPerProcess()),
m_logCb(NULL) {
UniqueId::uniqueId();
srand(time(NULL));

2
src/transaction.cc
View File

@@ -112,7 +112,7 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData)
m_creationTimeStamp(cpu_seconds()),
m_logCbData(logCbData),
m_ms(ms),
m_collections(&ms->m_global_collection, &ms->m_ip_collection) {
m_collections(ms->m_global_collection, ms->m_ip_collection) {
m_id = std::to_string(this->m_timeStamp) + \
std::to_string(generate_transaction_unique_id());
m_rules->incrementReferenceCount();