From 3e8e28da480976555cb96657da512125612d8a1f Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Fri, 28 Sep 2018 22:38:40 -0300 Subject: [PATCH] Refactoring on the RULE variable --- headers/modsecurity/rule.h | 1 - headers/modsecurity/transaction.h | 2 - src/actions/log_data.cc | 2 - src/actions/msg.cc | 2 - src/actions/set_var.cc | 2 +- src/actions/severity.cc | 2 - src/rule.cc | 23 ---- src/run_time_string.cc | 8 +- src/run_time_string.h | 1 + src/variables/rule.h | 181 +++++++++++++++++++++++++++++- src/variables/variable.h | 4 - 11 files changed, 188 insertions(+), 40 deletions(-) diff --git a/headers/modsecurity/rule.h b/headers/modsecurity/rule.h index c51fc815..75162868 100644 --- a/headers/modsecurity/rule.h +++ b/headers/modsecurity/rule.h @@ -94,7 +94,6 @@ class Rule { void updateMatchedVars(Transaction *trasn, std::string key, std::string value); void cleanMatchedVars(Transaction *trasn); - void updateRulesVariable(Transaction *trasn, std::shared_ptr rm); std::vector getActionsByName(const std::string& name, Transaction *t); diff --git a/headers/modsecurity/transaction.h b/headers/modsecurity/transaction.h index 88cfa082..cd57c052 100644 --- a/headers/modsecurity/transaction.h +++ b/headers/modsecurity/transaction.h @@ -174,7 +174,6 @@ class TransactionAnchoredVariables { m_variableResponseHeaders(t, "RESPONSE_HEADERS"), m_variableGeo(t, "GEO"), m_variableRequestCookiesNames(t, "REQUEST_COOKIES_NAMES"), - m_variableRule(t, "RULE"), m_variableFilesTmpNames(t, "FILES_TMPNAMES"), m_variableOffset(0) { } @@ -256,7 +255,6 @@ class TransactionAnchoredVariables { AnchoredSetVariable m_variableResponseHeaders; AnchoredSetVariable m_variableGeo; AnchoredSetVariable m_variableRequestCookiesNames; - AnchoredSetVariable m_variableRule; AnchoredSetVariable m_variableFilesTmpNames; int m_variableOffset; diff --git a/src/actions/log_data.cc b/src/actions/log_data.cc index 7836cb2e..658eb601 100644 --- a/src/actions/log_data.cc +++ b/src/actions/log_data.cc @@ -33,8 +33,6 @@ bool LogData::evaluate(Rule *rule, Transaction *transaction, std::shared_ptr rm) { rm->m_data = data(transaction); - transaction->m_variableRule.set("logdata", rm->m_data, 0); - return true; } diff --git a/src/actions/msg.cc b/src/actions/msg.cc index 2f7b1593..e27126a2 100644 --- a/src/actions/msg.cc +++ b/src/actions/msg.cc @@ -54,8 +54,6 @@ bool Msg::evaluate(Rule *rule, Transaction *transaction, transaction->debug(9, "Saving msg: " + msg); #endif - transaction->m_variableRule.set("msg", msg, 0); - return true; } diff --git a/src/actions/set_var.cc b/src/actions/set_var.cc index 7c04202c..7030ce6c 100644 --- a/src/actions/set_var.cc +++ b/src/actions/set_var.cc @@ -45,7 +45,7 @@ bool SetVar::evaluate(Rule *rule, Transaction *t) { std::string resolvedPre; if (m_string) { - resolvedPre = m_string->evaluate(t); + resolvedPre = m_string->evaluate(t, rule); } std::string m_variableNameExpanded; diff --git a/src/actions/severity.cc b/src/actions/severity.cc index 60c50468..4600ff98 100644 --- a/src/actions/severity.cc +++ b/src/actions/severity.cc @@ -84,8 +84,6 @@ bool Severity::evaluate(Rule *rule, Transaction *transaction, transaction->m_highestSeverityAction = this->m_severity; } - transaction->m_variableRule.set("severity", std::to_string(m_severity), 0); - return true; } diff --git a/src/rule.cc b/src/rule.cc index 15a6401a..45318df1 100644 --- a/src/rule.cc +++ b/src/rule.cc @@ -258,27 +258,6 @@ void Rule::cleanMatchedVars(Transaction *trans) { } -void Rule::updateRulesVariable(Transaction *trans, - std::shared_ptr rm) { - if (m_ruleId != 0) { - trans->m_variableRule.set("id", std::to_string(m_ruleId), 0); - } - if (m_rev.empty() == false) { - trans->m_variableRule.set("rev", m_rev, 0); - } - if (m_severity) { - trans->m_variableRule.set("severity", - std::to_string(m_severity->m_severity), 0); - } - if (m_logData) { - trans->m_variableRule.set("logdata", m_logData->data(trans), 0); - } - if (m_msg) { - trans->m_variableRule.set("msg", m_msg->data(trans), 0); - } -} - - void Rule::executeActionsIndependentOfChainedRuleResult(Transaction *trans, bool *containsBlock, std::shared_ptr ruleMessage) { @@ -720,8 +699,6 @@ bool Rule::evaluate(Transaction *trans, #endif } - updateRulesVariable(trans, ruleMessage); - getFinalVars(&vars, &exclusion, trans); for (auto &var : vars) { diff --git a/src/run_time_string.cc b/src/run_time_string.cc index 5649fae3..ee02541a 100644 --- a/src/run_time_string.cc +++ b/src/run_time_string.cc @@ -47,13 +47,18 @@ void RunTimeString::appendVar( std::string RunTimeString::evaluate(Transaction *t) { + return evaluate(t, NULL); +} + + +std::string RunTimeString::evaluate(Transaction *t, Rule *r) { std::string s; for (auto &z : m_elements) { if (z->m_string.size() > 0) { s.append(z->m_string); } else if (z->m_var != NULL && t != NULL) { std::vector l; - z->m_var->evaluate(t, NULL, &l); + z->m_var->evaluate(t, r, &l); if (l.size() > 0) { s.append(l[0]->m_value); } @@ -65,5 +70,4 @@ std::string RunTimeString::evaluate(Transaction *t) { return s; } - } // namespace modsecurity diff --git a/src/run_time_string.h b/src/run_time_string.h index 87af8997..582fd4c6 100644 --- a/src/run_time_string.h +++ b/src/run_time_string.h @@ -49,6 +49,7 @@ class RunTimeString { void appendText(std::string text); void appendVar(std::unique_ptr var); std::string evaluate(Transaction *t); + std::string evaluate(Transaction *t, Rule *r); std::string evaluate() { return evaluate(NULL); } diff --git a/src/variables/rule.h b/src/variables/rule.h index 099913df..018e8579 100644 --- a/src/variables/rule.h +++ b/src/variables/rule.h @@ -21,6 +21,10 @@ #define SRC_VARIABLES_RULE_H_ #include "src/variables/variable.h" +#include "src/actions/severity.h" +#include "src/actions/log_data.h" +#include "src/actions/msg.h" + namespace modsecurity { @@ -28,7 +32,182 @@ class Transaction; namespace Variables { -DEFINE_VARIABLE_DICT(Rule, RULE, m_variableRule) +class Rule_DictElement : public VariableDictElement { \ + public: + explicit Rule_DictElement(std::string dictElement) + : VariableDictElement("RULE", dictElement) { } + + static void id(Transaction *t, + Rule *rule, + std::vector *l) { + if (!rule) { + return; + } + std::unique_ptr origin(new VariableOrigin()); + std::string *a = new std::string(std::to_string(rule->m_ruleId)); + VariableValue *var = new VariableValue( + std::make_shared("RULE:id"), + a + ); + delete a; + origin->m_offset = 0; + origin->m_length = 0; + var->m_orign.push_back(std::move(origin)); + l->push_back(var); + } + + + static void rev(Transaction *t, + Rule *rule, + std::vector *l) { + if (!rule) { + return; + } + std::unique_ptr origin(new VariableOrigin()); + std::string *a = new std::string(rule->m_rev); + VariableValue *var = new VariableValue( + std::make_shared("RULE:rev"), + a + ); + delete a; + origin->m_offset = 0; + origin->m_length = 0; + var->m_orign.push_back(std::move(origin)); + l->push_back(var); + } + + + static void severity(Transaction *t, + Rule *rule, + std::vector *l) { + if (rule && rule->m_severity) { + std::unique_ptr origin(new VariableOrigin()); + std::string *a = new std::string(std::to_string(rule->m_severity->m_severity)); + VariableValue *var = new VariableValue( + std::make_shared("RULE:severity"), + a + ); + delete a; + origin->m_offset = 0; + origin->m_length = 0; + var->m_orign.push_back(std::move(origin)); + l->push_back(var); + } + } + + + static void logData(Transaction *t, + Rule *rule, + std::vector *l) { + if (rule && rule->m_logData) { + std::unique_ptr origin(new VariableOrigin()); + std::string *a = new std::string(rule->m_logData->data(t)); + VariableValue *var = new VariableValue( + std::make_shared("RULE:logdata"), + a + ); + delete a; + origin->m_offset = 0; + origin->m_length = 0; + var->m_orign.push_back(std::move(origin)); + l->push_back(var); + } + } + + static void msg(Transaction *t, + Rule *rule, + std::vector *l) { + if (rule && rule->m_msg) { + std::unique_ptr origin(new VariableOrigin()); + std::string *a = new std::string(rule->m_msg->data(t)); + VariableValue *var = new VariableValue( + std::make_shared("RULE:msg"), + a + ); + delete a; + origin->m_offset = 0; + origin->m_length = 0; + var->m_orign.push_back(std::move(origin)); + l->push_back(var); + } + } + + void evaluate(Transaction *t, + Rule *rule, + std::vector *l) override { + if (m_dictElement == "id") { + id(t, rule, l); + return; + } + if (rule && m_dictElement == "rev") { + rev(t, rule, l); + return; + } + if (rule && m_dictElement == "severity") { + severity(t, rule, l); + return; + } + if (m_dictElement == "logdata") { + logData(t, rule, l); + return; + } + if (m_dictElement == "msg") { + msg(t, rule, l); + return; + } + } +}; + + +class Rule_DictElementRegexp : public VariableRegex { + public: + explicit Rule_DictElementRegexp(std::string regex) + : VariableRegex("RULE", regex) { } + + void evaluate(Transaction *t, + Rule *rule, + std::vector *l) override { + if (Utils::regex_search("id", m_r) > 0) { + Rule_DictElement::id(t, rule, l); + return; + } + if (Utils::regex_search("rev", m_r) > 0) { + Rule_DictElement::rev(t, rule, l); + return; + } + if (Utils::regex_search("severity", m_r) > 0) { + Rule_DictElement::severity(t, rule, l); + return; + } + if (Utils::regex_search("logdata", m_r) > 0) { + Rule_DictElement::logData(t, rule, l); + return; + } + if (Utils::regex_search("msg", m_r) > 0) { + Rule_DictElement::msg(t, rule, l); + return; + } + } +}; + + +class Rule_NoDictElement : public Variable { + public: + explicit Rule_NoDictElement() + : Variable("RULE") { } + + void evaluate(Transaction *t, + Rule *rule, + std::vector *l) override { + Rule_DictElement::id(t, rule, l); + Rule_DictElement::rev(t, rule, l); + Rule_DictElement::severity(t, rule, l); + Rule_DictElement::logData(t, rule, l); + Rule_DictElement::msg(t, rule, l); + } +}; + +// DEFINE_VARIABLE_DICT(Rule, RULE, m_variableRule) } // namespace Variables diff --git a/src/variables/variable.h b/src/variables/variable.h index 3c0aaee2..7a63391f 100644 --- a/src/variables/variable.h +++ b/src/variables/variable.h @@ -292,8 +292,6 @@ class VariableMonkeyResolution { t->m_variableArgsGetNames.resolve(var, l); } else if (comp(variable, "ARGS_POST_NAMES")) { t->m_variableArgsPostNames.resolve(var, l); - } else if (comp(col, "RULE")) { - t->m_variableRule.resolve(var, l); } else if (comp(col, "ARGS_GET")) { t->m_variableArgsGet.resolve(var, l); } else if (comp(col, "ARGS_POST")) { @@ -474,8 +472,6 @@ class VariableMonkeyResolution { vv = t->m_variableArgsGetNames.resolveFirst(var); } else if (comp(variable, "ARGS_POST_NAMES")) { vv = t->m_variableArgsPostNames.resolveFirst(var); - } else if (comp(col, "RULE")) { - vv = t->m_variableRule.resolveFirst(var); } else if (comp(col, "ARGS_GET")) { vv = t->m_variableArgsGet.resolveFirst(var); } else if (comp(col, "ARGS_POST")) {