diff --git a/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h b/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h index 501004d7..52ce11ed 100644 --- a/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h +++ b/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h @@ -13,10 +13,11 @@ * */ +#include + #include #include -#include #define NUM_THREADS 100 @@ -151,8 +152,9 @@ class ReadingLogsViaRuleMessage { dms.rules = rules; for (i = 0; i < NUM_THREADS; i++) { - pthread_create(&threads[i], NULL, process_request, (void *)&dms); - //process_request((void *)&dms); + pthread_create(&threads[i], NULL, process_request, + reinterpret_cast(&dms)); + // process_request((void *)&dms); } usleep(10000); diff --git a/examples/reading_logs_via_rule_message/simple_request.cc b/examples/reading_logs_via_rule_message/simple_request.cc index 302a3874..0487abc7 100644 --- a/examples/reading_logs_via_rule_message/simple_request.cc +++ b/examples/reading_logs_via_rule_message/simple_request.cc @@ -23,14 +23,13 @@ int main(int argc, char **argv) { - *argv++; - if (*argv == NULL) { - *argv--; + if (argc < 2) { std::cout << "Use " << *argv << " test-case-file.conf"; std::cout << std::endl << std::endl; return -1; } + *(argv++); std::string rules(*argv); ReadingLogsViaRuleMessage rlvrm(request_header, request_uri, request_body, response_headers, response_body, ip, rules); diff --git a/examples/simple_example_using_c/basic_rules.conf b/examples/simple_example_using_c/basic_rules.conf index 9ee17f2f..00773595 100644 --- a/examples/simple_example_using_c/basic_rules.conf +++ b/examples/simple_example_using_c/basic_rules.conf @@ -35,14 +35,11 @@ SecRule REQUEST_HEADERS:Content-Type "application/json" \ # to the size of data, with files excluded. You want to keep that value as # low as practical. # -SecRequestBodyLimit 13107200 -SecRequestBodyNoFilesLimit 131072 # Store up to 128 KB of request body data in memory. When the multipart # parser reachers this limit, it will start using your hard disk for # storage. That is slow, but unavoidable. # -SecRequestBodyInMemoryLimit 131072 # What do do if the request body size is above our configured limit. # Keep in mind that this setting will automatically be set to ProcessPartial diff --git a/examples/using_bodies_in_chunks/simple_request.cc b/examples/using_bodies_in_chunks/simple_request.cc index f70c425a..0a766bc2 100644 --- a/examples/using_bodies_in_chunks/simple_request.cc +++ b/examples/using_bodies_in_chunks/simple_request.cc @@ -13,18 +13,20 @@ * */ +#include #include #include -#include -#include -#include #include #include #include +#include +#include + + char request_uri[] = "/test.pl?param1=test¶2=test2"; @@ -85,8 +87,7 @@ static void logCb(void *data, const void *ruleMessagev) { } } -int process_intervention(modsecurity::Transaction *transaction) -{ +int process_intervention(modsecurity::Transaction *transaction) { modsecurity::ModSecurityIntervention intervention; intervention.status = 200; intervention.url = NULL; @@ -105,8 +106,7 @@ int process_intervention(modsecurity::Transaction *transaction) free(intervention.log); intervention.log = NULL; - if (intervention.url != NULL) - { + if (intervention.url != NULL) { std::cout << "Intervention, redirect to: " << intervention.url; std::cout << " with status code: " << intervention.status << std::endl; free(intervention.url); @@ -114,8 +114,7 @@ int process_intervention(modsecurity::Transaction *transaction) return intervention.status; } - if (intervention.status != 200) - { + if (intervention.status != 200) { std::cout << "Intervention, returning code: " << intervention.status; std::cout << std::endl; return intervention.status; @@ -129,13 +128,12 @@ int main(int argc, char **argv) { modsecurity::Rules *rules; modsecurity::ModSecurityIntervention it; - *argv++; - if (*argv == NULL) { - *argv--; + if (argc < 2) { std::cout << "Use " << *argv << " test-case-file.conf"; std::cout << std::endl << std::endl; return -1; } + *(argv++); std::string rules_arg(*argv); diff --git a/headers/modsecurity/audit_log.h b/headers/modsecurity/audit_log.h index 7f1885a2..924739dd 100644 --- a/headers/modsecurity/audit_log.h +++ b/headers/modsecurity/audit_log.h @@ -206,7 +206,7 @@ class AuditLog { int m_directoryPermission; int m_defaultDirectoryPermission = 0750; -private: + private: AuditLogStatus m_status; AuditLogType m_type; diff --git a/headers/modsecurity/collection/variable.h b/headers/modsecurity/collection/variable.h index 888a30f9..f0b59c53 100644 --- a/headers/modsecurity/collection/variable.h +++ b/headers/modsecurity/collection/variable.h @@ -19,6 +19,7 @@ #include #include #include +#include #endif #include "modsecurity/variable_origin.h" @@ -51,7 +52,7 @@ class Variable { m_key(""), m_value("") { } - Variable(const Variable *o) : + explicit Variable(const Variable *o) : m_key(""), m_value("") { m_key.assign(o->m_key); diff --git a/headers/modsecurity/rule.h b/headers/modsecurity/rule.h index 7f9b4626..e6069120 100644 --- a/headers/modsecurity/rule.h +++ b/headers/modsecurity/rule.h @@ -52,7 +52,8 @@ class Rule { explicit Rule(std::string marker); ~Rule(); - virtual bool evaluate(Transaction *transaction, std::shared_ptr rm); + virtual bool evaluate(Transaction *transaction, + std::shared_ptr rm); bool evaluateActions(Transaction *transaction); std::vector> getFinalVars(Transaction *trasn); @@ -108,7 +109,7 @@ class Rule { operators::Operator *m_op; int m_phase; std::string m_rev; - long m_ruleId; + int64_t m_ruleId; bool m_secMarker; std::vector *m_variables; std::string m_ver; diff --git a/headers/modsecurity/rule_message.h b/headers/modsecurity/rule_message.h index 944e461b..2362a607 100644 --- a/headers/modsecurity/rule_message.h +++ b/headers/modsecurity/rule_message.h @@ -76,7 +76,8 @@ class RuleMessage { return RuleMessage::log(this, props, responseCode); } std::string errorLog() { - return RuleMessage::log(this, ClientLogMessageInfo | ErrorLogTailLogMessageInfo); + return RuleMessage::log(this, + ClientLogMessageInfo | ErrorLogTailLogMessageInfo); } static std::string log(const RuleMessage *rm, int props, int code); diff --git a/headers/modsecurity/rules_exceptions.h b/headers/modsecurity/rules_exceptions.h index 0ac51141..3b928da2 100644 --- a/headers/modsecurity/rules_exceptions.h +++ b/headers/modsecurity/rules_exceptions.h @@ -48,26 +48,29 @@ class RulesExceptions { bool addRange(int a, int b); bool addNumber(int a); bool contains(int a); - bool merge(RulesExceptions& from); + bool merge(RulesExceptions *from); bool loadRemoveRuleByMsg(const std::string &msg, std::string *error); bool loadRemoveRuleByTag(const std::string &msg, std::string *error); bool loadUpdateTargetByMsg(const std::string &msg, - std::unique_ptr > > var, + std::unique_ptr > > v, std::string *error); bool loadUpdateTargetByTag(const std::string &tag, - std::unique_ptr > > var, + std::unique_ptr > > v, std::string *error); bool loadUpdateTargetById(double id, - std::unique_ptr > > var, + std::unique_ptr > > v, std::string *error); - std::unordered_multimap, std::unique_ptr> m_variable_update_target_by_tag; - std::unordered_multimap, std::unique_ptr> m_variable_update_target_by_msg; - std::unordered_multimap> m_variable_update_target_by_id; + std::unordered_multimap, + std::unique_ptr> m_variable_update_target_by_tag; + std::unordered_multimap, + std::unique_ptr> m_variable_update_target_by_msg; + std::unordered_multimap> m_variable_update_target_by_id; std::list m_remove_rule_by_msg; std::list m_remove_rule_by_tag; diff --git a/headers/modsecurity/rules_properties.h b/headers/modsecurity/rules_properties.h index aa493314..a9b1b8fe 100644 --- a/headers/modsecurity/rules_properties.h +++ b/headers/modsecurity/rules_properties.h @@ -355,7 +355,7 @@ class RulesProperties { to->m_httpblKey.m_set = from->m_httpblKey.m_set; } - to->m_exceptions.merge(from->m_exceptions); + to->m_exceptions.merge(&from->m_exceptions); to->m_components.insert(to->m_components.end(), from->m_components.begin(), from->m_components.end()); diff --git a/headers/modsecurity/transaction.h b/headers/modsecurity/transaction.h index 30327988..229ce6e7 100644 --- a/headers/modsecurity/transaction.h +++ b/headers/modsecurity/transaction.h @@ -323,7 +323,7 @@ class Transaction : public TransactionAnchoredVariables { size_t getRequestBodyLength(); #ifndef NO_LOGS - void debug(int, std::string); + void debug(int, std::string) const; #endif void serverLog(std::shared_ptr rm); diff --git a/src/actions/set_var.cc b/src/actions/set_var.cc index 0ccce877..2ee29dc2 100644 --- a/src/actions/set_var.cc +++ b/src/actions/set_var.cc @@ -155,7 +155,8 @@ bool SetVar::evaluate(Rule *rule, Transaction *transm_parser_payload) { + ":" + m_variableNameExpanded + " with value: " + targetValue); #endif transm_parser_payload->m_collections.storeOrUpdateFirst(m_collectionName, - m_variableNameExpanded, transm_parser_payload->m_rules->m_secWebAppId.m_value, targetValue); + m_variableNameExpanded, + transm_parser_payload->m_rules->m_secWebAppId.m_value, targetValue); end: return true; diff --git a/src/actions/transformations/url_decode_uni.cc b/src/actions/transformations/url_decode_uni.cc index 894eaf6c..926f9d12 100644 --- a/src/actions/transformations/url_decode_uni.cc +++ b/src/actions/transformations/url_decode_uni.cc @@ -36,7 +36,7 @@ namespace transformations { std::string UrlDecodeUni::evaluate(std::string value, - Transaction *transaction) { + Transaction *t) { std::string ret; unsigned char *input; @@ -49,7 +49,7 @@ std::string UrlDecodeUni::evaluate(std::string value, memcpy(input, value.c_str(), value.length()+1); - size_t i = inplace(input, value.length(), transaction); + size_t i = inplace(input, value.length(), t); ret.assign(reinterpret_cast(input), i); free(input); @@ -63,7 +63,7 @@ std::string UrlDecodeUni::evaluate(std::string value, * IMP1 Assumes NUL-terminated */ int UrlDecodeUni::inplace(unsigned char *input, uint64_t input_len, - Transaction *transaction) { + Transaction *t) { unsigned char *d = input; int64_t i, count, fact, j, xv; int Code, hmap = -1; @@ -86,10 +86,10 @@ int UrlDecodeUni::inplace(unsigned char *input, uint64_t input_len, Code = 0; fact = 1; - if (transaction - && transaction->m_rules->m_unicodeMapTable.m_set == true - && transaction->m_rules->m_unicodeMapTable.m_unicode_map_table != NULL - && transaction->m_rules->unicode_codepage > 0) { + if (t + && t->m_rules->m_unicodeMapTable.m_set == true + && t->m_rules->m_unicodeMapTable.m_unicode_map_table != NULL + && t->m_rules->unicode_codepage > 0) { for (j = 5; j >= 2; j--) { if (isxdigit((input[i+j]))) { if (input[i+j] >= 97) { @@ -105,7 +105,7 @@ int UrlDecodeUni::inplace(unsigned char *input, uint64_t input_len, } if (Code >= 0 && Code <= 65535) { - Rules *r = transaction->m_rules; + Rules *r = t->m_rules; hmap = r->m_unicodeMapTable.m_unicode_map_table[Code]; } } diff --git a/src/anchored_variable.cc b/src/anchored_variable.cc index d90e9a1e..dd715dc7 100644 --- a/src/anchored_variable.cc +++ b/src/anchored_variable.cc @@ -111,7 +111,7 @@ void AnchoredVariable::append(const std::string &a, size_t offset, void AnchoredVariable::evaluate(std::vector *l) { - if (m_name.empty() or m_value.empty()) { + if (m_name.empty() || m_value.empty()) { return; } diff --git a/src/audit_log/writer/serial.h b/src/audit_log/writer/serial.h index 777b9bc7..0cc12759 100644 --- a/src/audit_log/writer/serial.h +++ b/src/audit_log/writer/serial.h @@ -47,7 +47,6 @@ class Serial : public Writer { bool init(std::string *error) override; bool write(Transaction *transaction, int parts, std::string *error) override; - }; } // namespace writer diff --git a/src/engine/lua.cc b/src/engine/lua.cc index 58d6fd08..a81c3735 100644 --- a/src/engine/lua.cc +++ b/src/engine/lua.cc @@ -14,16 +14,10 @@ */ -#include "modsecurity/modsecurity.h" #include "src/engine/lua.h" -#include "src/utils/string.h" -#include "src/macro_expansion.h" -#include "modsecurity/transaction.h" -#include "modsecurity/collection/variable.h" -#include "src/variables/variable.h" -#include "src/variables/highest_severity.h" -#include "src/utils/string.h" -#include "src/actions/transformations/transformation.h" + +#include +#include #include #include @@ -32,8 +26,14 @@ #include #include -#include -#include +#include "modsecurity/modsecurity.h" +#include "src/utils/string.h" +#include "src/macro_expansion.h" +#include "modsecurity/transaction.h" +#include "modsecurity/collection/variable.h" +#include "src/variables/variable.h" +#include "src/variables/highest_severity.h" +#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -46,8 +46,7 @@ bool Lua::isCompatible(std::string script, Lua *l, std::string *error) { std::string err; if (!(script.size() >= lua.size() && - script.compare(script.size() - lua.size(), lua.size(), lua) == 0)) - { + script.compare(script.size() - lua.size(), lua.size(), lua) == 0)) { error->assign("Expecting a Lua script: " + script); return false; } @@ -84,7 +83,7 @@ bool Lua::load(std::string script, std::string *err) { return false; } - if (lua_dump(L, Lua::blob_keeper, (void *)&m_blob, 0)) { + if (lua_dump(L, Lua::blob_keeper, reinterpret_cast(&m_blob), 0)) { const char *luaerr = lua_tostring(L, -1); err->assign("Failed to compile script '" + script + ""); if (luaerr) { @@ -129,7 +128,7 @@ int Lua::run(Transaction *t) { luaL_newmetatable(L, "luaL_msc"); lua_newtable(L); - lua_pushlightuserdata(L, (void *)t); + lua_pushlightuserdata(L, reinterpret_cast(t)); lua_setglobal(L, "__transaction"); luaL_setfuncs(L, mscLuaLib, 0); @@ -184,7 +183,7 @@ int Lua::run(Transaction *t) { return false; } - char *a = (char *)lua_tostring(L, -1); + const char *a = reinterpret_cast(lua_tostring(L, -1)); if (a != NULL) { luaRet.assign(a); } @@ -208,7 +207,7 @@ int Lua::run(Transaction *t) { #ifdef WITH_LUA int Lua::log(lua_State *L) { - Transaction *t = NULL; + const Transaction *t = NULL; const char *text; int level; @@ -218,7 +217,7 @@ int Lua::log(lua_State *L) { /* Retrieve msr. */ lua_getglobal(L, "__transaction"); - t = (Transaction *)lua_topointer(L, -1); + t = reinterpret_cast(lua_topointer(L, -1)); /* Log message. */ if (t != NULL) { @@ -230,14 +229,16 @@ int Lua::log(lua_State *L) { int Lua::getvar(lua_State *L) { - char *varname = NULL; + const char *varname = NULL; Transaction *t = NULL; + void *z = NULL; /* Retrieve parameters. */ - varname = (char *)luaL_checkstring(L, 1); + varname = reinterpret_cast(luaL_checkstring(L, 1)); lua_getglobal(L, "__transaction"); - t = (Transaction *)lua_topointer(L, -1); + z = const_cast(lua_topointer(L, -1)); + t = reinterpret_cast(z); std::string var = Variables::Variable::stringMatchResolve(t, varname); var = applyTransformations(L, t, 2, var); @@ -254,16 +255,18 @@ int Lua::getvar(lua_State *L) { int Lua::getvars(lua_State *L) { - char *varname = NULL; + const char *varname = NULL; Transaction *t = NULL; + void *z = NULL; std::vector l; int idx = 1; /* Retrieve parameters. */ - varname = (char *)luaL_checkstring(L, 1); + varname = reinterpret_cast(luaL_checkstring(L, 1)); lua_getglobal(L, "__transaction"); - t = (Transaction *)lua_topointer(L, -1); + z = const_cast(lua_topointer(L, -1)); + t = reinterpret_cast(z); Variables::Variable::stringMatchResolveMulti(t, varname, &l); @@ -298,9 +301,12 @@ int Lua::setvar(lua_State *L) { int nargs = lua_gettop(L); char *chr = NULL; size_t pos; + void *z = NULL; lua_getglobal(L, "__transaction"); - t = (Transaction *)lua_topointer(L, -1); + z = const_cast(lua_topointer(L, -1)); + t = reinterpret_cast(z); + if (nargs != 2) { t->debug(8, "m.setvar: Failed m.setvar funtion must has 2 arguments"); @@ -334,7 +340,8 @@ int Lua::setvar(lua_State *L) { } -std::string Lua::applyTransformations(lua_State *L, Transaction *t, int idx, std::string var) { +std::string Lua::applyTransformations(lua_State *L, Transaction *t, + int idx, std::string var) { std::string newVar = var; if (lua_isuserdata(L, idx) || lua_isnoneornil(L, idx)) { @@ -342,12 +349,12 @@ std::string Lua::applyTransformations(lua_State *L, Transaction *t, int idx, std } if (lua_istable(L, idx)) { - char *name = NULL; + const char *name = NULL; int i, n = lua_rawlen(L, idx); for (i = 1; i <= n; i++) { lua_rawgeti(L, idx, i); - name = (char *)luaL_checkstring(L, -1); + name = reinterpret_cast(luaL_checkstring(L, -1)); /* A "none" means start over */ if (strcmp("none", name) == 0) { @@ -355,12 +362,15 @@ std::string Lua::applyTransformations(lua_State *L, Transaction *t, int idx, std continue; } - actions::transformations::Transformation *tfn = actions::transformations::Transformation::instantiate("t:" + std::string(name)); - // FIXME: transformation is not yet returning null. + actions::transformations::Transformation *tfn = \ + actions::transformations::Transformation::instantiate( + "t:" + std::string(name)); + // FIXME: transformation is not yet returning null. if (tfn) { newVar = tfn->evaluate(newVar, t); } else { - t->debug(1, "SecRuleScript: Invalid transformation function: " + std::string(name)); + t->debug(1, "SecRuleScript: Invalid transformation function: " \ + + std::string(name)); } } @@ -368,14 +378,19 @@ std::string Lua::applyTransformations(lua_State *L, Transaction *t, int idx, std } if (lua_isstring(L, idx)) { - char *name = (char *)luaL_checkstring(L, idx); + const char *name = NULL; + name = reinterpret_cast(luaL_checkstring(L, idx)); - actions::transformations::Transformation *tfn = actions::transformations::Transformation::instantiate("t:" + std::string(name)); - // FIXME: transformation is not yet returning null. + actions::transformations::Transformation *tfn = \ + actions::transformations::Transformation::instantiate( + "t:" + std::string(name)); + + // FIXME: transformation is not yet returning null. if (tfn) { newVar = tfn->evaluate(newVar, t); } else { - t->debug(1, "SecRuleScript: Invalid transformation function: " + std::string(name)); + t->debug(1, "SecRuleScript: Invalid transformation function: " \ + + std::string(name)); } return newVar; } @@ -389,5 +404,6 @@ std::string Lua::applyTransformations(lua_State *L, Transaction *t, int idx, std } #endif -} // namespace engines -} // namespace modsecurity +} // namespace engine +} // namespace modsecurity + diff --git a/src/engine/lua.h b/src/engine/lua.h index d2de7640..26583178 100644 --- a/src/engine/lua.h +++ b/src/engine/lua.h @@ -20,10 +20,10 @@ #include #include #include +#include - -#ifndef SRC_ENGINES_LUA_H_ -#define SRC_ENGINES_LUA_H_ +#ifndef SRC_ENGINE_LUA_H_ +#define SRC_ENGINE_LUA_H_ namespace modsecurity { class Transaction; @@ -34,7 +34,7 @@ class LuaScriptBlob { public: LuaScriptBlob() : m_data(NULL), - m_len(0) { }; + m_len(0) { } ~LuaScriptBlob() { if (m_data) { @@ -66,7 +66,7 @@ class LuaScriptBlob { class Lua { public: - Lua() { }; + Lua() { } bool load(std::string script, std::string *err); int run(Transaction *t); @@ -80,8 +80,8 @@ class Lua { static int getvar(lua_State *L); static int getvars(lua_State *L); static int setvar(lua_State *L); - static std::string applyTransformations(lua_State *L, Transaction *t, int idx, - std::string var); + static std::string applyTransformations(lua_State *L, Transaction *t, + int idx, std::string var); LuaScriptBlob m_blob; #endif @@ -98,7 +98,7 @@ static const struct luaL_Reg mscLuaLib[] = { }; #endif -} // namespace engines +} // namespace engine } // namespace modsecurity -#endif // SRC_ENGINES_LUA_H_ +#endif // SRC_ENGINE_LUA_H_ diff --git a/src/macro_expansion.h b/src/macro_expansion.h index 6613b5c1..3436d56f 100644 --- a/src/macro_expansion.h +++ b/src/macro_expansion.h @@ -39,13 +39,14 @@ class MacroExpansion { static std::string expandKeepOriginal(const std::string& input, Transaction *transaction); - static inline bool compareStrNoCase(const std::string &a, const std::string &b) { + static inline bool compareStrNoCase(const std::string &a, + const std::string &b) { return a.size() == b.size() && std::equal(a.begin(), a.end(), b.begin(), [](char aa, char bb) { return toupper(aa) == bb; }); - }; + } }; diff --git a/src/modsecurity.cc b/src/modsecurity.cc index 33ae6ccf..d58b6075 100644 --- a/src/modsecurity.cc +++ b/src/modsecurity.cc @@ -13,28 +13,30 @@ * */ -#include -#include - -#include -#include #include "modsecurity/modsecurity.h" -#include "modsecurity/rule.h" -#include "modsecurity/rule_message.h" -#include "src/collection/backend/in_memory-per_process.h" -#include "src/collection/backend/lmdb.h" #include "src/config.h" -#include "src/unique_id.h" -#include "src/utils/regex.h" -#ifdef MSC_WITH_CURL -#include -#endif + #ifdef WITH_YAJL #include #include #endif +#include +#include +#ifdef MSC_WITH_CURL +#include +#endif + +#include +#include + +#include "modsecurity/rule.h" +#include "modsecurity/rule_message.h" +#include "src/collection/backend/in_memory-per_process.h" +#include "src/collection/backend/lmdb.h" +#include "src/unique_id.h" +#include "src/utils/regex.h" #include "src/utils/geo_lookup.h" #include "src/actions/transformations/transformation.h" @@ -303,14 +305,16 @@ int ModSecurity::processContentOffset(const char *content, size_t len, reinterpret_cast(trans.back().match.c_str()), trans.back().match.size()); - t = modsecurity::actions::transformations::Transformation::instantiate(trans.back().match.c_str()); + t = modsecurity::actions::transformations::Transformation::instantiate( + trans.back().match.c_str()); varValueRes = t->evaluate(varValue, NULL); varValue.assign(varValueRes); trans.pop_back(); yajl_gen_string(g, reinterpret_cast("value"), strlen("value")); - yajl_gen_string(g, reinterpret_cast(varValue.c_str()), + yajl_gen_string(g, reinterpret_cast( + varValue.c_str()), varValue.size()); yajl_gen_map_close(g); } diff --git a/src/operators/fuzzy_hash.cc b/src/operators/fuzzy_hash.cc index e2248deb..705178ee 100644 --- a/src/operators/fuzzy_hash.cc +++ b/src/operators/fuzzy_hash.cc @@ -56,7 +56,8 @@ bool FuzzyHash::init(const std::string ¶m2, std::string *error) { } for (std::string line; std::getline(*iss, line); ) { - chunk = (struct fuzzy_hash_chunk *)calloc(1, sizeof(struct fuzzy_hash_chunk)); + chunk = (struct fuzzy_hash_chunk *)calloc(1, + sizeof(struct fuzzy_hash_chunk)); chunk->data = strdup(line.c_str()); chunk->next = NULL; @@ -77,7 +78,8 @@ bool FuzzyHash::init(const std::string ¶m2, std::string *error) { delete iss; return true; #else - error->assign("@fuzzyHash: SSDEEP support was not enabled during the compilation."); + error->assign("@fuzzyHash: SSDEEP support was not enabled " \ + "during the compilation."); return false; #endif } @@ -89,17 +91,15 @@ bool FuzzyHash::evaluate(Transaction *t, const std::string &str) { char result[FUZZY_MAX_RESULT]; struct fuzzy_hash_chunk *chunk = m_head; - if (fuzzy_hash_buf((const unsigned char*)str.c_str(), str.size(), result)) - { + if (fuzzy_hash_buf((const unsigned char*)str.c_str(), + str.size(), result)) { t->debug(4, "Problems generating fuzzy hash"); return false; } - while (chunk != NULL) - { + while (chunk != NULL) { int i = fuzzy_compare(chunk->data, result); - if (i >= m_threshold) - { + if (i >= m_threshold) { t->debug(4, "Fuzzy hash: matched " \ "with score: " + std::to_string(i) + "."); return true; diff --git a/src/operators/fuzzy_hash.h b/src/operators/fuzzy_hash.h index e4301344..9936e692 100644 --- a/src/operators/fuzzy_hash.h +++ b/src/operators/fuzzy_hash.h @@ -19,7 +19,7 @@ #include #ifdef WITH_SSDEEP -#include "fuzzy.h" +#include #endif #include "src/operators/operator.h" diff --git a/src/operators/inspect_file.cc b/src/operators/inspect_file.cc index 7ec8be74..1ea1737d 100644 --- a/src/operators/inspect_file.cc +++ b/src/operators/inspect_file.cc @@ -15,9 +15,10 @@ #include "src/operators/inspect_file.h" +#include + #include #include -#include #include "src/operators/operator.h" #include "src/utils/system.h" @@ -61,7 +62,7 @@ bool InspectFile::evaluate(Transaction *transaction, const std::string &str) { openstr.append(m_param); openstr.append(" "); openstr.append(str); - if (!(in = popen(openstr.c_str(), "r"))){ + if (!(in = popen(openstr.c_str(), "r"))) { return false; } diff --git a/src/operators/pm.h b/src/operators/pm.h index 64ea09c6..ef9d7ff7 100644 --- a/src/operators/pm.h +++ b/src/operators/pm.h @@ -57,6 +57,7 @@ class Pm : public Operator { ACMP *m_p; #ifdef MODSEC_MUTEX_ON_PM + private: pthread_mutex_t m_lock; #endif diff --git a/src/operators/verify_cpf.cc b/src/operators/verify_cpf.cc index 229cac88..f8261639 100644 --- a/src/operators/verify_cpf.cc +++ b/src/operators/verify_cpf.cc @@ -16,23 +16,24 @@ #include "src/operators/verify_cpf.h" #include +#include #include "src/operators/operator.h" namespace modsecurity { namespace operators { -int VerifyCPF::convert_to_int(const char c) -{ +int VerifyCPF::convert_to_int(const char c) { int n; - if ((c>='0') && (c<='9')) + if ((c >= '0') && (c <= '9')) { n = c - '0'; - else if ((c>='A') && (c<='F')) + } else if ((c >= 'A') && (c <= 'F')) { n = c - 'A' + 10; - else if ((c>='a') && (c<='f')) + } else if ((c >= 'a') && (c <= 'f')) { n = c - 'a' + 10; - else + } else { n = 0; + } return n; } @@ -53,12 +54,9 @@ bool VerifyCPF::verify(const char *cpfnumber, int len) { "88888888888", "99999999999"}; - while ((*cpfnumber != '\0') && ( var_len > 0)) - { - if (*cpfnumber != '-' || *cpfnumber != '.') - { - if (i < cpf_len && isdigit(*cpfnumber)) - { + while ((*cpfnumber != '\0') && (var_len > 0)) { + if (*cpfnumber != '-' || *cpfnumber != '.') { + if (i < cpf_len && isdigit(*cpfnumber)) { s_cpf[i] = *cpfnumber; cpf[i] = convert_to_int(*cpfnumber); i++; @@ -69,16 +67,11 @@ bool VerifyCPF::verify(const char *cpfnumber, int len) { } - if (i != cpf_len) - { + if (i != cpf_len) { return 0; - } - else - { - for (i = 0; i< cpf_len; i++) - { - if (strncmp(s_cpf,bad_cpf[i],cpf_len) == 0) - { + } else { + for (i = 0; i< cpf_len; i++) { + if (strncmp(s_cpf, bad_cpf[i], cpf_len) == 0) { return 0; } } @@ -95,7 +88,7 @@ bool VerifyCPF::verify(const char *cpfnumber, int len) { factor = (sum % cpf_len); - if(factor < 2) { + if (factor < 2) { cpf[9] = 0; } else { cpf[9] = cpf_len-factor; @@ -104,8 +97,9 @@ bool VerifyCPF::verify(const char *cpfnumber, int len) { sum = 0; c = cpf_len; - for (i = 0;i < 10; i++) + for (i = 0; i < 10; i++) { sum += (cpf[i] * c--); + } factor = (sum % cpf_len); @@ -115,8 +109,7 @@ bool VerifyCPF::verify(const char *cpfnumber, int len) { cpf[10] = cpf_len-factor; } - if (part_1 == cpf[9] && part_2 == cpf[10]) - { + if (part_1 == cpf[9] && part_2 == cpf[10]) { return true; } diff --git a/src/operators/verify_cpf.h b/src/operators/verify_cpf.h index ae425aab..919b52f5 100644 --- a/src/operators/verify_cpf.h +++ b/src/operators/verify_cpf.h @@ -17,6 +17,7 @@ #define SRC_OPERATORS_VERIFY_CPF_H_ #include +#include #include "src/operators/operator.h" #include "src/utils/regex.h" diff --git a/src/operators/verify_ssn.cc b/src/operators/verify_ssn.cc index 68993633..49c14e71 100644 --- a/src/operators/verify_ssn.cc +++ b/src/operators/verify_ssn.cc @@ -16,23 +16,25 @@ #include "src/operators/verify_ssn.h" #include +#include +#include #include "src/operators/operator.h" namespace modsecurity { namespace operators { -int VerifySSN::convert_to_int(const char c) -{ +int VerifySSN::convert_to_int(const char c) { int n; - if ((c>='0') && (c<='9')) + if ((c >= '0') && (c <= '9')) { n = c - '0'; - else if ((c>='A') && (c<='F')) + } else if ((c >= 'A') && (c <= 'F')) { n = c - 'A' + 10; - else if ((c>='a') && (c<='f')) + } else if ((c >= 'a') && (c <= 'f')) { n = c - 'a' + 10; - else + } else { n = 0; + } return n; } diff --git a/src/operators/verify_ssn.h b/src/operators/verify_ssn.h index eac7cb37..00658a69 100644 --- a/src/operators/verify_ssn.h +++ b/src/operators/verify_ssn.h @@ -17,6 +17,7 @@ #define SRC_OPERATORS_VERIFY_SSN_H_ #include +#include #include "src/operators/operator.h" #include "src/utils/regex.h" diff --git a/src/request_body_processor/json.cc b/src/request_body_processor/json.cc index 951d17c1..b7327e9d 100644 --- a/src/request_body_processor/json.cc +++ b/src/request_body_processor/json.cc @@ -117,7 +117,8 @@ int JSON::addArgument(const std::string& value) { std::string path; for (size_t i = 0; i < m_containers.size(); i++) { - JSONContainerArray *a = dynamic_cast(m_containers[i]); + JSONContainerArray *a = dynamic_cast( + m_containers[i]); path = path + m_containers[i]->m_name; if (a != NULL) { path = path + ".array_" + std::to_string(a->m_elementCounter); @@ -126,7 +127,8 @@ int JSON::addArgument(const std::string& value) { } } - JSONContainerArray *a = dynamic_cast(m_containers.back()); + JSONContainerArray *a = dynamic_cast( + m_containers.back()); if (a) { a->m_elementCounter++; } else { @@ -212,7 +214,8 @@ int JSON::yajl_number(void *ctx, const char *value, size_t length) { int JSON::yajl_start_array(void *ctx) { JSON *tthis = reinterpret_cast(ctx); std::string name = tthis->getCurrentKey(); - tthis->m_containers.push_back((JSONContainer *)new JSONContainerArray(name)); + tthis->m_containers.push_back( + reinterpret_cast(new JSONContainerArray(name))); return 1; } @@ -223,7 +226,8 @@ int JSON::yajl_end_array(void *ctx) { tthis->m_containers.pop_back(); delete a; if (tthis->m_containers.size() > 0) { - JSONContainerArray *a = dynamic_cast(tthis->m_containers.back()); + JSONContainerArray *a = dynamic_cast( + tthis->m_containers.back()); if (a) { a->m_elementCounter++; } @@ -236,7 +240,8 @@ int JSON::yajl_end_array(void *ctx) { int JSON::yajl_start_map(void *ctx) { JSON *tthis = reinterpret_cast(ctx); std::string name(tthis->getCurrentKey()); - tthis->m_containers.push_back((JSONContainer *)new JSONContainerMap(name)); + tthis->m_containers.push_back( + reinterpret_cast(new JSONContainerMap(name))); return 1; } @@ -252,7 +257,8 @@ int JSON::yajl_end_map(void *ctx) { delete a; if (tthis->m_containers.size() > 0) { - JSONContainerArray *a = dynamic_cast(tthis->m_containers.back()); + JSONContainerArray *a = dynamic_cast( + tthis->m_containers.back()); if (a) { a->m_elementCounter++; } diff --git a/src/request_body_processor/json.h b/src/request_body_processor/json.h index 2bfef90a..2b1aa814 100644 --- a/src/request_body_processor/json.h +++ b/src/request_body_processor/json.h @@ -23,6 +23,7 @@ #include #include +#include #include "modsecurity/transaction.h" #include "modsecurity/rules.h" @@ -35,15 +36,15 @@ namespace RequestBodyProcessor { class JSONContainer { public: - JSONContainer(std::string name) : m_name(name) { }; - virtual ~JSONContainer() { }; + explicit JSONContainer(std::string name) : m_name(name) { } + virtual ~JSONContainer() { } std::string m_name; }; class JSONContainerArray : public JSONContainer { public: - JSONContainerArray(std::string name) : JSONContainer(name), + explicit JSONContainerArray(std::string name) : JSONContainer(name), m_elementCounter(0) { } size_t m_elementCounter; }; @@ -51,7 +52,7 @@ class JSONContainerArray : public JSONContainer { class JSONContainerMap : public JSONContainer { public: - JSONContainerMap(std::string name) : JSONContainer(name) { } + explicit JSONContainerMap(std::string name) : JSONContainer(name) { } }; @@ -89,7 +90,8 @@ class JSON { if (m_containers.size() < 1) { return false; } - prev = dynamic_cast(m_containers[m_containers.size() - 1]); + prev = dynamic_cast( + m_containers[m_containers.size() - 1]); return prev != NULL; } diff --git a/src/rule.cc b/src/rule.cc index 46fd471c..d7d10a00 100644 --- a/src/rule.cc +++ b/src/rule.cc @@ -265,9 +265,11 @@ void Rule::executeActionsIndependentOfChainedRuleResult(Transaction *trans, *containsDisruptive = true; } } else { - if (a->m_name == "setvar" || a->m_name == "msg" || a->m_name == "log") { + if (a->m_name == "setvar" || a->m_name == "msg" + || a->m_name == "log") { #ifndef NO_LOGS - trans->debug(4, "Running [independent] (non-disruptive) action: " + a->m_name); + trans->debug(4, "Running [independent] (non-disruptive) " \ + "action: " + a->m_name); #endif a->evaluate(this, trans, ruleMessage); } @@ -438,9 +440,11 @@ std::vector> Rule::getFinalVars( std::vector variables; std::vector> finalVars; - std::copy (m_variables->begin(), m_variables->end(), std::back_inserter(variables)); + std::copy(m_variables->begin(), m_variables->end(), + std::back_inserter(variables)); - for (auto &a : trans->m_rules->m_exceptions.m_variable_update_target_by_tag) { + for (auto &a : + trans->m_rules->m_exceptions.m_variable_update_target_by_tag) { if (containsTag(*a.first.get(), trans) == false) { continue; } @@ -448,10 +452,12 @@ std::vector> Rule::getFinalVars( std::vector z; a.second->evaluate(trans, this, &z); for (auto &y : z) { - exclusions_update_by_tag_remove.push_back(std::string(y->m_key)); + exclusions_update_by_tag_remove.push_back( + std::string(y->m_key)); delete y; } - exclusions_update_by_tag_remove.push_back(std::string(a.second->m_name)); + exclusions_update_by_tag_remove.push_back( + std::string(a.second->m_name)); } else { Variable *b = a.second.get(); @@ -459,7 +465,8 @@ std::vector> Rule::getFinalVars( } } - for (auto &a : trans->m_rules->m_exceptions.m_variable_update_target_by_msg) { + for (auto &a : + trans->m_rules->m_exceptions.m_variable_update_target_by_msg) { if (containsMsg(*a.first.get(), trans) == false) { continue; } @@ -467,10 +474,12 @@ std::vector> Rule::getFinalVars( std::vector z; a.second->evaluate(trans, this, &z); for (auto &y : z) { - exclusions_update_by_msg_remove.push_back(std::string(y->m_key)); + exclusions_update_by_msg_remove.push_back( + std::string(y->m_key)); delete y; } - exclusions_update_by_msg_remove.push_back(std::string(a.second->m_name)); + exclusions_update_by_msg_remove.push_back( + std::string(a.second->m_name)); } else { Variable *b = a.second.get(); @@ -478,7 +487,8 @@ std::vector> Rule::getFinalVars( } } - for (auto &a : trans->m_rules->m_exceptions.m_variable_update_target_by_id) { + for (auto &a : + trans->m_rules->m_exceptions.m_variable_update_target_by_id) { if (m_ruleId != a.first) { continue; } @@ -489,7 +499,8 @@ std::vector> Rule::getFinalVars( exclusions_update_by_id_remove.push_back(std::string(y->m_key)); delete y; } - exclusions_update_by_id_remove.push_back(std::string(a.second->m_name)); + exclusions_update_by_id_remove.push_back( + std::string(a.second->m_name)); } else { Variable *b = a.second.get(); variables.push_back(b); @@ -567,7 +578,8 @@ std::vector> Rule::getFinalVars( != exclusions_update_by_id_remove.end()) { #ifndef NO_LOGS trans->debug(9, "Variable: " + key + - " is part of the exclusion list (from update by ID), skipping..."); + " is part of the exclusion list (from " \ + "update by ID), skipping..."); #endif delete v; v = NULL; @@ -646,7 +658,8 @@ std::vector> Rule::getFinalVars( continue; } - std::unique_ptr var(new collection::Variable(v)); + std::unique_ptr var( + new collection::Variable(v)); delete v; v = NULL; finalVars.push_back(std::move(var)); @@ -705,7 +718,8 @@ void Rule::executeActionsAfterFullMatch(Transaction *trans, if (a->m_name != "setvar" && a->m_name != "log" && a->m_name != "msg") { #ifndef NO_LOGS - trans->debug(4, "Running (non-disruptive) action: " + a->m_name); + trans->debug(4, "Running (non-disruptive) action: " \ + + a->m_name); #endif a->evaluate(this, trans, ruleMessage); } diff --git a/src/rule_message.cc b/src/rule_message.cc index bf208960..aab92180 100644 --- a/src/rule_message.cc +++ b/src/rule_message.cc @@ -69,21 +69,16 @@ std::string RuleMessage::log(const RuleMessage *rm, int props, int code) { msg.append("[client " + std::string(rm->m_clientIpAddress) + "] "); } - if (rm->m_isDisruptive) - { + if (rm->m_isDisruptive) { msg.append("ModSecurity: Access denied with code "); if (code == -1) { msg.append("%d"); - } - else - { + } else { msg.append(std::to_string(code)); } msg.append(" (phase "); msg.append(std::to_string(rm->m_rule->m_phase - 1) + "). "); - } - else - { + } else { msg.append("ModSecurity: Warning. "); } diff --git a/src/rule_script.h b/src/rule_script.h index 4883b12d..d1409fd9 100644 --- a/src/rule_script.h +++ b/src/rule_script.h @@ -15,6 +15,9 @@ */ #include +#include +#include + #include "modsecurity/rule.h" #include "src/engine/lua.h" #include "src/operators/operator.h" @@ -45,9 +48,9 @@ class RuleScript : public Rule { RuleScript(std::string name, std::vector *actions, std::string fileName, - int lineNumber - ) : Rule (NULL, NULL, actions, fileName, lineNumber), - m_name(name) { }; + int lineNumber) + : Rule(NULL, NULL, actions, fileName, lineNumber), + m_name(name) { } bool init(std::string *err); bool evaluate(Transaction *trans, diff --git a/src/rules.cc b/src/rules.cc index 052cf979..66ae57f7 100644 --- a/src/rules.cc +++ b/src/rules.cc @@ -206,7 +206,8 @@ int Rules::evaluate(int phase, Transaction *transaction) { if (m_exceptions.m_remove_rule_by_msg.empty() == false) { for (auto &z : m_exceptions.m_remove_rule_by_msg) { if (rule->containsMsg(z, transaction) == true) { - debug(9, "Skipped rule id '" + std::to_string(rule->m_ruleId) \ + debug(9, "Skipped rule id '" \ + + std::to_string(rule->m_ruleId) \ + "'. Removed by a SecRuleRemoveByMsg directive."); return 1; } @@ -216,7 +217,8 @@ int Rules::evaluate(int phase, Transaction *transaction) { if (m_exceptions.m_remove_rule_by_tag.empty() == false) { for (auto &z : m_exceptions.m_remove_rule_by_tag) { if (rule->containsTag(z, transaction) == true) { - debug(9, "Skipped rule id '" + std::to_string(rule->m_ruleId) \ + debug(9, "Skipped rule id '" \ + + std::to_string(rule->m_ruleId) \ + "'. Removed by a SecRuleRemoveByTag directive."); return 1; } diff --git a/src/rules_exceptions.cc b/src/rules_exceptions.cc index 0466c109..9c770726 100644 --- a/src/rules_exceptions.cc +++ b/src/rules_exceptions.cc @@ -51,7 +51,11 @@ bool RulesExceptions::loadUpdateTargetByMsg(const std::string &msg, std::unique_ptr > > var, std::string *error) { for (auto &i : *var) { - m_variable_update_target_by_msg.emplace(std::pair, std::unique_ptr>(std::make_shared(msg), std::move(i))); + m_variable_update_target_by_msg.emplace( + std::pair, + std::unique_ptr>( + std::make_shared(msg), + std::move(i))); } return true; @@ -63,7 +67,10 @@ bool RulesExceptions::loadUpdateTargetByTag(const std::string &tag, std::string *error) { for (auto &i : *var) { - m_variable_update_target_by_tag.emplace(std::pair, std::unique_ptr>(std::make_shared(tag), std::move(i))); + m_variable_update_target_by_tag.emplace( + std::pair, + std::unique_ptr>( + std::make_shared(tag), std::move(i))); } return true; @@ -75,7 +82,9 @@ bool RulesExceptions::loadUpdateTargetById(double id, std::string *error) { for (auto &i : *var) { - m_variable_update_target_by_id.emplace(std::pair>(id , std::move(i))); + m_variable_update_target_by_id.emplace( + std::pair>(id , std::move(i))); } return true; @@ -168,37 +177,46 @@ bool RulesExceptions::contains(int a) { } -bool RulesExceptions::merge(RulesExceptions& from) { - for (int a : from.m_numbers) { +bool RulesExceptions::merge(RulesExceptions *from) { + for (int a : from->m_numbers) { bool ret = addNumber(a); if (ret == false) { return ret; } } - for (auto b : from.m_ranges) { + for (auto b : from->m_ranges) { bool ret = addRange(b.first, b.second); if (ret == false) { return ret; } } - for (auto &p : from.m_variable_update_target_by_tag) { - m_variable_update_target_by_tag.emplace(std::pair, std::unique_ptr>(p.first, std::move(p.second))); + for (auto &p : from->m_variable_update_target_by_tag) { + m_variable_update_target_by_tag.emplace( + std::pair, + std::unique_ptr>(p.first, + std::move(p.second))); } - for (auto &p : from.m_variable_update_target_by_msg) { - m_variable_update_target_by_msg.emplace(std::pair, std::unique_ptr>(p.first, std::move(p.second))); + for (auto &p : from->m_variable_update_target_by_msg) { + m_variable_update_target_by_msg.emplace( + std::pair, + std::unique_ptr>(p.first, + std::move(p.second))); } - for (auto &p : from.m_variable_update_target_by_id) { - m_variable_update_target_by_id.emplace(std::pair>(p.first, std::move(p.second))); + for (auto &p : from->m_variable_update_target_by_id) { + m_variable_update_target_by_id.emplace( + std::pair>(p.first, + std::move(p.second))); } - for (auto &p : from.m_remove_rule_by_msg) { + for (auto &p : from->m_remove_rule_by_msg) { m_remove_rule_by_msg.push_back(p); } - for (auto &p : from.m_remove_rule_by_tag) { + for (auto &p : from->m_remove_rule_by_tag) { m_remove_rule_by_tag.push_back(p); } diff --git a/src/transaction.cc b/src/transaction.cc index 6aacfdd4..4ea5e615 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -174,7 +174,7 @@ Transaction::~Transaction() { * */ #ifndef NO_LOGS -void Transaction::debug(int level, std::string message) { +void Transaction::debug(int level, std::string message) const { if (m_rules == NULL) { return; } @@ -1076,9 +1076,11 @@ int Transaction::processResponseBody() { return true; } - std::set &bi = m_rules->m_responseBodyTypeToBeInspected.m_value; + std::set &bi = \ + m_rules->m_responseBodyTypeToBeInspected.m_value; auto t = bi.find(m_variableResponseContentType.m_value); - if (t == bi.end() && m_rules->m_responseBodyTypeToBeInspected.m_set == true) { + if (t == bi.end() + && m_rules->m_responseBodyTypeToBeInspected.m_set == true) { #ifndef NO_LOGS debug(5, "Response Content-Type is " \ + m_variableResponseContentType.m_value \ @@ -1127,7 +1129,8 @@ int Transaction::processResponseBody() { int Transaction::appendResponseBody(const unsigned char *buf, size_t len) { int current_size = this->m_responseBody.tellp(); - std::set &bi = this->m_rules->m_responseBodyTypeToBeInspected.m_value; + std::set &bi = \ + this->m_rules->m_responseBodyTypeToBeInspected.m_value; auto t = bi.find(m_variableResponseContentType.m_value); if (t == bi.end() && bi.empty() == false) { #ifndef NO_LOGS @@ -1466,7 +1469,8 @@ std::string Transaction::toOldAuditLogFormat(int parts, std::vector l; audit_log << "--" << trailer << "-" << "F--" << std::endl; - audit_log << "HTTP/" << m_httpVersion.c_str() << " " << this->m_httpCodeReturned << std::endl; + audit_log << "HTTP/" << m_httpVersion.c_str() << " "; + audit_log << this->m_httpCodeReturned << std::endl; m_variableResponseHeaders.resolve(&l); for (auto &h : l) { size_t pos = strlen("RESPONSE_HEADERS:"); @@ -1701,7 +1705,8 @@ std::string Transaction::toJSON(int parts) { return log; #else - return std::string("{\"error\":\"ModSecurity was not compiled with JSON support.\"}"); + return std::string("{\"error\":\"ModSecurity was " \ + "not compiled with JSON support.\"}"); #endif } diff --git a/src/variables/remote_user.cc b/src/variables/remote_user.cc index ed502821..be1739ee 100644 --- a/src/variables/remote_user.cc +++ b/src/variables/remote_user.cc @@ -44,7 +44,8 @@ void RemoteUser::evaluate(Transaction *transaction, collection::Variable *var; std::string header; - std::vector *l2 = new std::vector(); + std::vector *l2 = \ + new std::vector(); transaction->m_variableRequestHeaders.resolve("authorization", l2); if (l2->size() < 1) { diff --git a/src/variables/variable.h b/src/variables/variable.h index aa9aa121..c8891999 100644 --- a/src/variables/variable.h +++ b/src/variables/variable.h @@ -70,491 +70,349 @@ class Variable { Variable(std::string name, VariableKind kind); virtual ~Variable() { } - virtual void evaluate(Transaction *transaction, + virtual void evaluate(Transaction *t, Rule *rule, std::vector *l) = 0; static std::string to_s(std::vector *variables); - static inline bool compareStrNoCase(const std::string &a, const std::string &b) { + static inline bool comp(const std::string &a, const std::string &b) { return a.size() == b.size() && std::equal(a.begin(), a.end(), b.begin(), [](char aa, char bb) { return toupper(aa) == bb; }); - }; + } - static void stringMatchResolveMulti(Transaction *transaction, const std::string &variable, + static void stringMatchResolveMulti(Transaction *t, + const std::string &variable, std::vector *l) { size_t collection = variable.find("."); if (collection == std::string::npos) { collection = variable.find(":"); } if (collection == std::string::npos) { - if (compareStrNoCase(variable, "RESPONSE_CONTENT_TYPE")) { - transaction->m_variableResponseContentType.evaluate(l); - } - else if (compareStrNoCase(variable, "ARGS_COMBINED_SIZE")) { - transaction->m_variableARGScombinedSize.evaluate(l); - } - else if (compareStrNoCase(variable, "AUTH_TYPE")) { - transaction->m_variableAuthType.evaluate(l); - } - else if (compareStrNoCase(variable, "FILES_COMBINED_SIZE")) { - transaction->m_variableFilesCombinedSize.evaluate(l); - } - else if (compareStrNoCase(variable, "FULL_REQUEST")) { - transaction->m_variableFullRequest.evaluate(l); - } - else if (compareStrNoCase(variable, "FULL_REQUEST_LENGTH")) { - transaction->m_variableFullRequestLength.evaluate(l); - } - else if (compareStrNoCase(variable, "INBOUND_DATA_ERROR")) { - transaction->m_variableInboundDataError.evaluate(l); - } - else if (compareStrNoCase(variable, "MATCHED_VAR")) { - transaction->m_variableMatchedVar.evaluate(l); - } - else if (compareStrNoCase(variable, "MATCHED_VAR_NAME")) { - transaction->m_variableMatchedVarName.evaluate(l); - } - else if (compareStrNoCase(variable, "MULTIPART_CRLF_LF_LINES")) { - transaction->m_variableMultipartCrlfLFLines.evaluate(l); - } - else if (compareStrNoCase(variable, "MULTIPART_DATA_AFTER")) { - transaction->m_variableMultipartDataAfter.evaluate(l); - } - else if (compareStrNoCase(variable, "MULTIPART_FILE_LIMIT_EXCEEDED")) { - transaction->m_variableMultipartFileLimitExceeded.evaluate(l); - } - else if (compareStrNoCase(variable, "MULTIPART_STRICT_ERROR")) { - transaction->m_variableMultipartStrictError.evaluate(l); - } - else if (compareStrNoCase(variable, "MULTIPART_HEADER_FOLDING")) { - transaction->m_variableMultipartHeaderFolding.evaluate(l); - } - else if (compareStrNoCase(variable, "MULTIPART_INVALID_QUOTING")) { - transaction->m_variableMultipartInvalidQuoting.evaluate(l); - } - else if (compareStrNoCase(variable, "MULTIPART_INVALID_HEADER_FOLDING")) { - transaction->m_variableMultipartInvalidHeaderFolding.evaluate(l); - } - else if (compareStrNoCase(variable, "MULTIPART_UNMATCHED_BOUNDARY")) { - transaction->m_variableMultipartUnmatchedBoundary.evaluate(l); - } - else if (compareStrNoCase(variable, "OUTBOUND_DATA_ERROR")) { - transaction->m_variableOutboundDataError.evaluate(l); - } - else if (compareStrNoCase(variable, "PATH_INFO")) { - transaction->m_variablePathInfo.evaluate(l); - } - else if (compareStrNoCase(variable, "QUERY_STRING")) { - transaction->m_variableQueryString.evaluate(l); - } - else if (compareStrNoCase(variable, "REMOTE_ADDR")) { - transaction->m_variableRemoteAddr.evaluate(l); - } - else if (compareStrNoCase(variable, "REMOTE_HOST")) { - transaction->m_variableRemoteHost.evaluate(l); - } - else if (compareStrNoCase(variable, "REMOTE_PORT")) { - transaction->m_variableRemotePort.evaluate(l); - } - else if (compareStrNoCase(variable, "REQBODY_ERROR")) { - transaction->m_variableReqbodyError.evaluate(l); - } - else if (compareStrNoCase(variable, "REQBODY_ERROR_MSG")) { - transaction->m_variableReqbodyErrorMsg.evaluate(l); - } - else if (compareStrNoCase(variable, "REQBODY_PROCESSOR_ERROR_MSG")) { - transaction->m_variableReqbodyProcessorErrorMsg.evaluate(l); - } - else if (compareStrNoCase(variable, "REQBODY_PROCESSOR_ERROR")) { - transaction->m_variableReqbodyProcessorError.evaluate(l); - } - else if (compareStrNoCase(variable, "REQBODY_PROCESSOR")) { - transaction->m_variableReqbodyProcessor.evaluate(l); - } - else if (compareStrNoCase(variable, "REQUEST_BASENAME")) { - transaction->m_variableRequestBasename.evaluate(l); - } - else if (compareStrNoCase(variable, "REQUEST_BODY")) { - transaction->m_variableRequestBody.evaluate(l); - } - else if (compareStrNoCase(variable, "REQUEST_BODY_LENGTH")) { - transaction->m_variableRequestBodyLength.evaluate(l); - } - else if (compareStrNoCase(variable, "REQUEST_FILENAME")) { - transaction->m_variableRequestFilename.evaluate(l); - } - else if (compareStrNoCase(variable, "REQUEST_LINE")) { - transaction->m_variableRequestLine.evaluate(l); - } - else if (compareStrNoCase(variable, "REQUEST_METHOD")) { - transaction->m_variableRequestMethod.evaluate(l); - } - else if (compareStrNoCase(variable, "REQUEST_PROTOCOL")) { - transaction->m_variableRequestProtocol.evaluate(l); - } - else if (compareStrNoCase(variable, "REQUEST_URI")) { - transaction->m_variableRequestURI.evaluate(l); - } - else if (compareStrNoCase(variable, "REQUEST_URI_RAW")) { - transaction->m_variableRequestURIRaw.evaluate(l); - } - else if (compareStrNoCase(variable, "RESOURCE")) { - transaction->m_variableResource.evaluate(l); - } - else if (compareStrNoCase(variable, "RESPONSE_BODY")) { - transaction->m_variableResponseBody.evaluate(l); - } - else if (compareStrNoCase(variable, "RESPONSE_CONTENT_LENGTH")) { - transaction->m_variableResponseContentLength.evaluate(l); - } - else if (compareStrNoCase(variable, "RESPONSE_PROTOCOL")) { - transaction->m_variableResponseProtocol.evaluate(l); - } - else if (compareStrNoCase(variable, "RESPONSE_STATUS")) { - transaction->m_variableResponseStatus.evaluate(l); - } - else if (compareStrNoCase(variable, "SERVER_ADDR")) { - transaction->m_variableServerAddr.evaluate(l); - } - else if (compareStrNoCase(variable, "SERVER_NAME")) { - transaction->m_variableServerName.evaluate(l); - } - else if (compareStrNoCase(variable, "SERVER_PORT")) { - transaction->m_variableServerPort.evaluate(l); - } - else if (compareStrNoCase(variable, "SESSIONID")) { - transaction->m_variableSessionID.evaluate(l); - } - else if (compareStrNoCase(variable, "UNIQUE_ID")) { - transaction->m_variableUniqueID.evaluate(l); - } - else if (compareStrNoCase(variable, "URLENCODED_ERROR")) { - transaction->m_variableUrlEncodedError.evaluate(l); - } - else if (compareStrNoCase(variable, "USERID")) { - transaction->m_variableUserID.evaluate(l); + if (comp(variable, "RESPONSE_CONTENT_TYPE")) { + t->m_variableResponseContentType.evaluate(l); + } else if (comp(variable, "ARGS_COMBINED_SIZE")) { + t->m_variableARGScombinedSize.evaluate(l); + } else if (comp(variable, "AUTH_TYPE")) { + t->m_variableAuthType.evaluate(l); + } else if (comp(variable, "FILES_COMBINED_SIZE")) { + t->m_variableFilesCombinedSize.evaluate(l); + } else if (comp(variable, "FULL_REQUEST")) { + t->m_variableFullRequest.evaluate(l); + } else if (comp(variable, "FULL_REQUEST_LENGTH")) { + t->m_variableFullRequestLength.evaluate(l); + } else if (comp(variable, "INBOUND_DATA_ERROR")) { + t->m_variableInboundDataError.evaluate(l); + } else if (comp(variable, "MATCHED_VAR")) { + t->m_variableMatchedVar.evaluate(l); + } else if (comp(variable, "MATCHED_VAR_NAME")) { + t->m_variableMatchedVarName.evaluate(l); + } else if (comp(variable, "MULTIPART_CRLF_LF_LINES")) { + t->m_variableMultipartCrlfLFLines.evaluate(l); + } else if (comp(variable, "MULTIPART_DATA_AFTER")) { + t->m_variableMultipartDataAfter.evaluate(l); + } else if (comp(variable, "MULTIPART_FILE_LIMIT_EXCEEDED")) { + t->m_variableMultipartFileLimitExceeded.evaluate(l); + } else if (comp(variable, "MULTIPART_STRICT_ERROR")) { + t->m_variableMultipartStrictError.evaluate(l); + } else if (comp(variable, "MULTIPART_HEADER_FOLDING")) { + t->m_variableMultipartHeaderFolding.evaluate(l); + } else if (comp(variable, "MULTIPART_INVALID_QUOTING")) { + t->m_variableMultipartInvalidQuoting.evaluate(l); + } else if (comp(variable, "MULTIPART_INVALID_HEADER_FOLDING")) { + t->m_variableMultipartInvalidHeaderFolding.evaluate(l); + } else if (comp(variable, "MULTIPART_UNMATCHED_BOUNDARY")) { + t->m_variableMultipartUnmatchedBoundary.evaluate(l); + } else if (comp(variable, "OUTBOUND_DATA_ERROR")) { + t->m_variableOutboundDataError.evaluate(l); + } else if (comp(variable, "PATH_INFO")) { + t->m_variablePathInfo.evaluate(l); + } else if (comp(variable, "QUERY_STRING")) { + t->m_variableQueryString.evaluate(l); + } else if (comp(variable, "REMOTE_ADDR")) { + t->m_variableRemoteAddr.evaluate(l); + } else if (comp(variable, "REMOTE_HOST")) { + t->m_variableRemoteHost.evaluate(l); + } else if (comp(variable, "REMOTE_PORT")) { + t->m_variableRemotePort.evaluate(l); + } else if (comp(variable, "REQBODY_ERROR")) { + t->m_variableReqbodyError.evaluate(l); + } else if (comp(variable, "REQBODY_ERROR_MSG")) { + t->m_variableReqbodyErrorMsg.evaluate(l); + } else if (comp(variable, "REQBODY_PROCESSOR_ERROR_MSG")) { + t->m_variableReqbodyProcessorErrorMsg.evaluate(l); + } else if (comp(variable, "REQBODY_PROCESSOR_ERROR")) { + t->m_variableReqbodyProcessorError.evaluate(l); + } else if (comp(variable, "REQBODY_PROCESSOR")) { + t->m_variableReqbodyProcessor.evaluate(l); + } else if (comp(variable, "REQUEST_BASENAME")) { + t->m_variableRequestBasename.evaluate(l); + } else if (comp(variable, "REQUEST_BODY")) { + t->m_variableRequestBody.evaluate(l); + } else if (comp(variable, "REQUEST_BODY_LENGTH")) { + t->m_variableRequestBodyLength.evaluate(l); + } else if (comp(variable, "REQUEST_FILENAME")) { + t->m_variableRequestFilename.evaluate(l); + } else if (comp(variable, "REQUEST_LINE")) { + t->m_variableRequestLine.evaluate(l); + } else if (comp(variable, "REQUEST_METHOD")) { + t->m_variableRequestMethod.evaluate(l); + } else if (comp(variable, "REQUEST_PROTOCOL")) { + t->m_variableRequestProtocol.evaluate(l); + } else if (comp(variable, "REQUEST_URI")) { + t->m_variableRequestURI.evaluate(l); + } else if (comp(variable, "REQUEST_URI_RAW")) { + t->m_variableRequestURIRaw.evaluate(l); + } else if (comp(variable, "RESOURCE")) { + t->m_variableResource.evaluate(l); + } else if (comp(variable, "RESPONSE_BODY")) { + t->m_variableResponseBody.evaluate(l); + } else if (comp(variable, "RESPONSE_CONTENT_LENGTH")) { + t->m_variableResponseContentLength.evaluate(l); + } else if (comp(variable, "RESPONSE_PROTOCOL")) { + t->m_variableResponseProtocol.evaluate(l); + } else if (comp(variable, "RESPONSE_STATUS")) { + t->m_variableResponseStatus.evaluate(l); + } else if (comp(variable, "SERVER_ADDR")) { + t->m_variableServerAddr.evaluate(l); + } else if (comp(variable, "SERVER_NAME")) { + t->m_variableServerName.evaluate(l); + } else if (comp(variable, "SERVER_PORT")) { + t->m_variableServerPort.evaluate(l); + } else if (comp(variable, "SESSIONID")) { + t->m_variableSessionID.evaluate(l); + } else if (comp(variable, "UNIQUE_ID")) { + t->m_variableUniqueID.evaluate(l); + } else if (comp(variable, "URLENCODED_ERROR")) { + t->m_variableUrlEncodedError.evaluate(l); + } else if (comp(variable, "USERID")) { + t->m_variableUserID.evaluate(l); } else { - transaction->m_collections.resolveMultiMatches( - variable, l); + t->m_collections.resolveMultiMatches(variable, l); } } else { std::string col = std::string(variable, 0, collection); std::string var = std::string(variable, collection + 1, variable.length() - (collection + 1)); - if (compareStrNoCase(col, "ARGS")) { - transaction->m_variableArgs.resolve(var, l); - } - else if (compareStrNoCase(variable, "ARGS_NAMES")) { - transaction->m_variableArgsNames.resolve(var, l); - } - else if (compareStrNoCase(variable, "ARGS_GET_NAMES")) { - transaction->m_variableArgsGetNames.resolve(var, l); - } - else if (compareStrNoCase(variable, "ARGS_POST_NAMES")) { - transaction->m_variableArgsPostNames.resolve(var, l); - } - else if (compareStrNoCase(col, "RULE")) { - transaction->m_variableRule.resolve(var, l); - } - else if (compareStrNoCase(col, "ARGS_GET")) { - transaction->m_variableArgsGet.resolve(var, l); - } - else if (compareStrNoCase(col, "ARGS_POST")) { - transaction->m_variableArgsPost.resolve(var, l); - } - else if (compareStrNoCase(col, "FILES_SIZES")) { - transaction->m_variableFilesSizes.resolve(var, l); - } - else if (compareStrNoCase(col, "FILES_NAMES")) { - transaction->m_variableFilesNames.resolve(var, l); - } - else if (compareStrNoCase(col, "FILES_TMP_CONTENT")) { - transaction->m_variableFilesTmpContent.resolve(var, l); - } - else if (compareStrNoCase(col, "MULTIPART_FILENAME")) { - transaction->m_variableMultiPartFileName.resolve(var, l); - } - else if (compareStrNoCase(col, "MULTIPART_NAME")) { - transaction->m_variableMultiPartName.resolve(var, l); - } - else if (compareStrNoCase(col, "MATCHED_VARS_NAMES")) { - transaction->m_variableMatchedVarsNames.resolve(var, l); - } - else if (compareStrNoCase(col, "MATCHED_VARS")) { - transaction->m_variableMatchedVars.resolve(var, l); - } - else if (compareStrNoCase(col, "FILES")) { - transaction->m_variableFiles.resolve(var, l); - } - else if (compareStrNoCase(col, "REQUEST_COOKIES")) { - transaction->m_variableRequestCookies.resolve(var, l); - } - else if (compareStrNoCase(col, "REQUEST_HEADERS")) { - transaction->m_variableRequestHeaders.resolve(var, l); - } - else if (compareStrNoCase(variable, "REQUEST_HEADERS_NAMES")) { - transaction->m_variableRequestHeadersNames.resolve(var, l); - } - else if (compareStrNoCase(col, "RESPONSE_HEADERS")) { - transaction->m_variableResponseHeaders.resolve(var, l); - } - else if (compareStrNoCase(variable, "RESPONSE_HEADERS_NAMES")) { - transaction->m_variableResponseHeadersNames.resolve(var, l); - } - else if (compareStrNoCase(col, "GEO")) { - transaction->m_variableGeo.resolve(var, l); - } - else if (compareStrNoCase(col, "REQUEST_COOKIES_NAMES")) { - transaction->m_variableRequestCookiesNames.resolve(var, l); - } - else if (compareStrNoCase(col, "FILES_TMPNAMES")) { - transaction->m_variableFilesTmpNames.resolve(var, l); + if (comp(col, "ARGS")) { + t->m_variableArgs.resolve(var, l); + } else if (comp(variable, "ARGS_NAMES")) { + t->m_variableArgsNames.resolve(var, l); + } else if (comp(variable, "ARGS_GET_NAMES")) { + t->m_variableArgsGetNames.resolve(var, l); + } else if (comp(variable, "ARGS_POST_NAMES")) { + t->m_variableArgsPostNames.resolve(var, l); + } else if (comp(col, "RULE")) { + t->m_variableRule.resolve(var, l); + } else if (comp(col, "ARGS_GET")) { + t->m_variableArgsGet.resolve(var, l); + } else if (comp(col, "ARGS_POST")) { + t->m_variableArgsPost.resolve(var, l); + } else if (comp(col, "FILES_SIZES")) { + t->m_variableFilesSizes.resolve(var, l); + } else if (comp(col, "FILES_NAMES")) { + t->m_variableFilesNames.resolve(var, l); + } else if (comp(col, "FILES_TMP_CONTENT")) { + t->m_variableFilesTmpContent.resolve(var, l); + } else if (comp(col, "MULTIPART_FILENAME")) { + t->m_variableMultiPartFileName.resolve(var, l); + } else if (comp(col, "MULTIPART_NAME")) { + t->m_variableMultiPartName.resolve(var, l); + } else if (comp(col, "MATCHED_VARS_NAMES")) { + t->m_variableMatchedVarsNames.resolve(var, l); + } else if (comp(col, "MATCHED_VARS")) { + t->m_variableMatchedVars.resolve(var, l); + } else if (comp(col, "FILES")) { + t->m_variableFiles.resolve(var, l); + } else if (comp(col, "REQUEST_COOKIES")) { + t->m_variableRequestCookies.resolve(var, l); + } else if (comp(col, "REQUEST_HEADERS")) { + t->m_variableRequestHeaders.resolve(var, l); + } else if (comp(variable, "REQUEST_HEADERS_NAMES")) { + t->m_variableRequestHeadersNames.resolve(var, l); + } else if (comp(col, "RESPONSE_HEADERS")) { + t->m_variableResponseHeaders.resolve(var, l); + } else if (comp(variable, "RESPONSE_HEADERS_NAMES")) { + t->m_variableResponseHeadersNames.resolve(var, l); + } else if (comp(col, "GEO")) { + t->m_variableGeo.resolve(var, l); + } else if (comp(col, "REQUEST_COOKIES_NAMES")) { + t->m_variableRequestCookiesNames.resolve(var, l); + } else if (comp(col, "FILES_TMPNAMES")) { + t->m_variableFilesTmpNames.resolve(var, l); } else { - transaction->m_collections.resolveMultiMatches(col, - var, l); + t->m_collections.resolveMultiMatches(col, var, l); } } } - static std::string stringMatchResolve(Transaction *transaction, const std::string &variable) { - std::unique_ptr variableValue = nullptr; + static std::string stringMatchResolve(Transaction *t, + const std::string &variable) { + std::unique_ptr vv = nullptr; size_t collection = variable.find("."); if (collection == std::string::npos) { collection = variable.find(":"); } if (collection == std::string::npos) { - if (compareStrNoCase(variable, "RESPONSE_CONTENT_TYPE")) { - variableValue = transaction->m_variableResponseContentType.resolveFirst(); - } - else if (compareStrNoCase(variable, "ARGS_COMBINED_SIZE")) { - variableValue = transaction->m_variableARGScombinedSize.resolveFirst(); - } - else if (compareStrNoCase(variable, "AUTH_TYPE")) { - variableValue = transaction->m_variableAuthType.resolveFirst(); - } - else if (compareStrNoCase(variable, "FILES_COMBINED_SIZE")) { - variableValue = transaction->m_variableFilesCombinedSize.resolveFirst(); - } - else if (compareStrNoCase(variable, "FULL_REQUEST")) { - variableValue = transaction->m_variableFullRequest.resolveFirst(); - } - else if (compareStrNoCase(variable, "FULL_REQUEST_LENGTH")) { - variableValue = transaction->m_variableFullRequestLength.resolveFirst(); - } - else if (compareStrNoCase(variable, "INBOUND_DATA_ERROR")) { - variableValue = transaction->m_variableInboundDataError.resolveFirst(); - } - else if (compareStrNoCase(variable, "MATCHED_VAR")) { - variableValue = transaction->m_variableMatchedVar.resolveFirst(); - } - else if (compareStrNoCase(variable, "MATCHED_VAR_NAME")) { - variableValue = transaction->m_variableMatchedVarName.resolveFirst(); - } - else if (compareStrNoCase(variable, "MULTIPART_CRLF_LF_LINES")) { - variableValue = transaction->m_variableMultipartCrlfLFLines.resolveFirst(); - } - else if (compareStrNoCase(variable, "MULTIPART_DATA_AFTER")) { - variableValue = transaction->m_variableMultipartDataAfter.resolveFirst(); - } - else if (compareStrNoCase(variable, "MULTIPART_FILE_LIMIT_EXCEEDED")) { - variableValue = transaction->m_variableMultipartFileLimitExceeded.resolveFirst(); - } - else if (compareStrNoCase(variable, "MULTIPART_STRICT_ERROR")) { - variableValue = transaction->m_variableMultipartStrictError.resolveFirst(); - } - else if (compareStrNoCase(variable, "MULTIPART_HEADER_FOLDING")) { - variableValue = transaction->m_variableMultipartHeaderFolding.resolveFirst(); - } - else if (compareStrNoCase(variable, "MULTIPART_INVALID_QUOTING")) { - variableValue = transaction->m_variableMultipartInvalidQuoting.resolveFirst(); - } - else if (compareStrNoCase(variable, "MULTIPART_INVALID_HEADER_FOLDING")) { - variableValue = transaction->m_variableMultipartInvalidHeaderFolding.resolveFirst(); - } - else if (compareStrNoCase(variable, "MULTIPART_UNMATCHED_BOUNDARY")) { - variableValue = transaction->m_variableMultipartUnmatchedBoundary.resolveFirst(); - } - else if (compareStrNoCase(variable, "OUTBOUND_DATA_ERROR")) { - variableValue = transaction->m_variableOutboundDataError.resolveFirst(); - } - else if (compareStrNoCase(variable, "PATH_INFO")) { - variableValue = transaction->m_variablePathInfo.resolveFirst(); - } - else if (compareStrNoCase(variable, "QUERY_STRING")) { - variableValue = transaction->m_variableQueryString.resolveFirst(); - } - else if (compareStrNoCase(variable, "REMOTE_ADDR")) { - variableValue = transaction->m_variableRemoteAddr.resolveFirst(); - } - else if (compareStrNoCase(variable, "REMOTE_HOST")) { - variableValue = transaction->m_variableRemoteHost.resolveFirst(); - } - else if (compareStrNoCase(variable, "REMOTE_PORT")) { - variableValue = transaction->m_variableRemotePort.resolveFirst(); - } - else if (compareStrNoCase(variable, "REQBODY_ERROR")) { - variableValue = transaction->m_variableReqbodyError.resolveFirst(); - } - else if (compareStrNoCase(variable, "REQBODY_ERROR_MSG")) { - variableValue = transaction->m_variableReqbodyErrorMsg.resolveFirst(); - } - else if (compareStrNoCase(variable, "REQBODY_PROCESSOR_ERROR_MSG")) { - variableValue = transaction->m_variableReqbodyProcessorErrorMsg.resolveFirst(); - } - else if (compareStrNoCase(variable, "REQBODY_PROCESSOR_ERROR")) { - variableValue = transaction->m_variableReqbodyProcessorError.resolveFirst(); - } - else if (compareStrNoCase(variable, "REQBODY_PROCESSOR")) { - variableValue = transaction->m_variableReqbodyProcessor.resolveFirst(); - } - else if (compareStrNoCase(variable, "REQUEST_BASENAME")) { - variableValue = transaction->m_variableRequestBasename.resolveFirst(); - } - else if (compareStrNoCase(variable, "REQUEST_BODY")) { - variableValue = transaction->m_variableRequestBody.resolveFirst(); - } - else if (compareStrNoCase(variable, "REQUEST_BODY_LENGTH")) { - variableValue = transaction->m_variableRequestBodyLength.resolveFirst(); - } - else if (compareStrNoCase(variable, "REQUEST_FILENAME")) { - variableValue = transaction->m_variableRequestFilename.resolveFirst(); - } - else if (compareStrNoCase(variable, "REQUEST_LINE")) { - variableValue = transaction->m_variableRequestLine.resolveFirst(); - } - else if (compareStrNoCase(variable, "REQUEST_METHOD")) { - variableValue = transaction->m_variableRequestMethod.resolveFirst(); - } - else if (compareStrNoCase(variable, "REQUEST_PROTOCOL")) { - variableValue = transaction->m_variableRequestProtocol.resolveFirst(); - } - else if (compareStrNoCase(variable, "REQUEST_URI")) { - variableValue = transaction->m_variableRequestURI.resolveFirst(); - } - else if (compareStrNoCase(variable, "REQUEST_URI_RAW")) { - variableValue = transaction->m_variableRequestURIRaw.resolveFirst(); - } - else if (compareStrNoCase(variable, "RESOURCE")) { - variableValue = transaction->m_variableResource.resolveFirst(); - } - else if (compareStrNoCase(variable, "RESPONSE_BODY")) { - variableValue = transaction->m_variableResponseBody.resolveFirst(); - } - else if (compareStrNoCase(variable, "RESPONSE_CONTENT_LENGTH")) { - variableValue = transaction->m_variableResponseContentLength.resolveFirst(); - } - else if (compareStrNoCase(variable, "RESPONSE_PROTOCOL")) { - variableValue = transaction->m_variableResponseProtocol.resolveFirst(); - } - else if (compareStrNoCase(variable, "RESPONSE_STATUS")) { - variableValue = transaction->m_variableResponseStatus.resolveFirst(); - } - else if (compareStrNoCase(variable, "SERVER_ADDR")) { - variableValue = transaction->m_variableServerAddr.resolveFirst(); - } - else if (compareStrNoCase(variable, "SERVER_NAME")) { - variableValue = transaction->m_variableServerName.resolveFirst(); - } - else if (compareStrNoCase(variable, "SERVER_PORT")) { - variableValue = transaction->m_variableServerPort.resolveFirst(); - } - else if (compareStrNoCase(variable, "SESSIONID")) { - variableValue = transaction->m_variableSessionID.resolveFirst(); - } - else if (compareStrNoCase(variable, "UNIQUE_ID")) { - variableValue = transaction->m_variableUniqueID.resolveFirst(); - } - else if (compareStrNoCase(variable, "URLENCODED_ERROR")) { - variableValue = transaction->m_variableUrlEncodedError.resolveFirst(); - } - else if (compareStrNoCase(variable, "USERID")) { - variableValue = transaction->m_variableUserID.resolveFirst(); + if (comp(variable, "RESPONSE_CONTENT_TYPE")) { + vv = t->m_variableResponseContentType.resolveFirst(); + } else if (comp(variable, "ARGS_COMBINED_SIZE")) { + vv = t->m_variableARGScombinedSize.resolveFirst(); + } else if (comp(variable, "AUTH_TYPE")) { + vv = t->m_variableAuthType.resolveFirst(); + } else if (comp(variable, "FILES_COMBINED_SIZE")) { + vv = t->m_variableFilesCombinedSize.resolveFirst(); + } else if (comp(variable, "FULL_REQUEST")) { + vv = t->m_variableFullRequest.resolveFirst(); + } else if (comp(variable, "FULL_REQUEST_LENGTH")) { + vv = t->m_variableFullRequestLength.resolveFirst(); + } else if (comp(variable, "INBOUND_DATA_ERROR")) { + vv = t->m_variableInboundDataError.resolveFirst(); + } else if (comp(variable, "MATCHED_VAR")) { + vv = t->m_variableMatchedVar.resolveFirst(); + } else if (comp(variable, "MATCHED_VAR_NAME")) { + vv = t->m_variableMatchedVarName.resolveFirst(); + } else if (comp(variable, "MULTIPART_CRLF_LF_LINES")) { + vv = t->m_variableMultipartCrlfLFLines.resolveFirst(); + } else if (comp(variable, "MULTIPART_DATA_AFTER")) { + vv = t->m_variableMultipartDataAfter.resolveFirst(); + } else if (comp(variable, "MULTIPART_FILE_LIMIT_EXCEEDED")) { + vv = t->m_variableMultipartFileLimitExceeded.resolveFirst(); + } else if (comp(variable, "MULTIPART_STRICT_ERROR")) { + vv = t->m_variableMultipartStrictError.resolveFirst(); + } else if (comp(variable, "MULTIPART_HEADER_FOLDING")) { + vv = t->m_variableMultipartHeaderFolding.resolveFirst(); + } else if (comp(variable, "MULTIPART_INVALID_QUOTING")) { + vv = t->m_variableMultipartInvalidQuoting.resolveFirst(); + } else if (comp(variable, "MULTIPART_INVALID_HEADER_FOLDING")) { + vv = t->m_variableMultipartInvalidHeaderFolding.resolveFirst(); + } else if (comp(variable, "MULTIPART_UNMATCHED_BOUNDARY")) { + vv = t->m_variableMultipartUnmatchedBoundary.resolveFirst(); + } else if (comp(variable, "OUTBOUND_DATA_ERROR")) { + vv = t->m_variableOutboundDataError.resolveFirst(); + } else if (comp(variable, "PATH_INFO")) { + vv = t->m_variablePathInfo.resolveFirst(); + } else if (comp(variable, "QUERY_STRING")) { + vv = t->m_variableQueryString.resolveFirst(); + } else if (comp(variable, "REMOTE_ADDR")) { + vv = t->m_variableRemoteAddr.resolveFirst(); + } else if (comp(variable, "REMOTE_HOST")) { + vv = t->m_variableRemoteHost.resolveFirst(); + } else if (comp(variable, "REMOTE_PORT")) { + vv = t->m_variableRemotePort.resolveFirst(); + } else if (comp(variable, "REQBODY_ERROR")) { + vv = t->m_variableReqbodyError.resolveFirst(); + } else if (comp(variable, "REQBODY_ERROR_MSG")) { + vv = t->m_variableReqbodyErrorMsg.resolveFirst(); + } else if (comp(variable, "REQBODY_PROCESSOR_ERROR_MSG")) { + vv = t->m_variableReqbodyProcessorErrorMsg.resolveFirst(); + } else if (comp(variable, "REQBODY_PROCESSOR_ERROR")) { + vv = t->m_variableReqbodyProcessorError.resolveFirst(); + } else if (comp(variable, "REQBODY_PROCESSOR")) { + vv = t->m_variableReqbodyProcessor.resolveFirst(); + } else if (comp(variable, "REQUEST_BASENAME")) { + vv = t->m_variableRequestBasename.resolveFirst(); + } else if (comp(variable, "REQUEST_BODY")) { + vv = t->m_variableRequestBody.resolveFirst(); + } else if (comp(variable, "REQUEST_BODY_LENGTH")) { + vv = t->m_variableRequestBodyLength.resolveFirst(); + } else if (comp(variable, "REQUEST_FILENAME")) { + vv = t->m_variableRequestFilename.resolveFirst(); + } else if (comp(variable, "REQUEST_LINE")) { + vv = t->m_variableRequestLine.resolveFirst(); + } else if (comp(variable, "REQUEST_METHOD")) { + vv = t->m_variableRequestMethod.resolveFirst(); + } else if (comp(variable, "REQUEST_PROTOCOL")) { + vv = t->m_variableRequestProtocol.resolveFirst(); + } else if (comp(variable, "REQUEST_URI")) { + vv = t->m_variableRequestURI.resolveFirst(); + } else if (comp(variable, "REQUEST_URI_RAW")) { + vv = t->m_variableRequestURIRaw.resolveFirst(); + } else if (comp(variable, "RESOURCE")) { + vv = t->m_variableResource.resolveFirst(); + } else if (comp(variable, "RESPONSE_BODY")) { + vv = t->m_variableResponseBody.resolveFirst(); + } else if (comp(variable, "RESPONSE_CONTENT_LENGTH")) { + vv = t->m_variableResponseContentLength.resolveFirst(); + } else if (comp(variable, "RESPONSE_PROTOCOL")) { + vv = t->m_variableResponseProtocol.resolveFirst(); + } else if (comp(variable, "RESPONSE_STATUS")) { + vv = t->m_variableResponseStatus.resolveFirst(); + } else if (comp(variable, "SERVER_ADDR")) { + vv = t->m_variableServerAddr.resolveFirst(); + } else if (comp(variable, "SERVER_NAME")) { + vv = t->m_variableServerName.resolveFirst(); + } else if (comp(variable, "SERVER_PORT")) { + vv = t->m_variableServerPort.resolveFirst(); + } else if (comp(variable, "SESSIONID")) { + vv = t->m_variableSessionID.resolveFirst(); + } else if (comp(variable, "UNIQUE_ID")) { + vv = t->m_variableUniqueID.resolveFirst(); + } else if (comp(variable, "URLENCODED_ERROR")) { + vv = t->m_variableUrlEncodedError.resolveFirst(); + } else if (comp(variable, "USERID")) { + vv = t->m_variableUserID.resolveFirst(); } else { - variableValue = transaction->m_collections.resolveFirst( - variable); + vv = t->m_collections.resolveFirst(variable); } } else { std::string col = std::string(variable, 0, collection); std::string var = std::string(variable, collection + 1, variable.length() - (collection + 1)); - if (compareStrNoCase(col, "ARGS")) { - variableValue = transaction->m_variableArgs.resolveFirst(var); - } - else if (compareStrNoCase(variable, "ARGS_NAMES")) { - variableValue = transaction->m_variableArgsNames.resolveFirst(var); - } - else if (compareStrNoCase(variable, "ARGS_GET_NAMES")) { - variableValue = transaction->m_variableArgsGetNames.resolveFirst(var); - } - else if (compareStrNoCase(variable, "ARGS_POST_NAMES")) { - variableValue = transaction->m_variableArgsPostNames.resolveFirst(var); - } - else if (compareStrNoCase(col, "RULE")) { - variableValue = transaction->m_variableRule.resolveFirst(var); - } - else if (compareStrNoCase(col, "ARGS_GET")) { - variableValue = transaction->m_variableArgsGet.resolveFirst(var); - } - else if (compareStrNoCase(col, "ARGS_POST")) { - variableValue = transaction->m_variableArgsPost.resolveFirst(var); - } - else if (compareStrNoCase(col, "FILES_SIZES")) { - variableValue = transaction->m_variableFilesSizes.resolveFirst(var); - } - else if (compareStrNoCase(col, "FILES_NAMES")) { - variableValue = transaction->m_variableFilesNames.resolveFirst(var); - } - else if (compareStrNoCase(col, "FILES_TMP_CONTENT")) { - variableValue = transaction->m_variableFilesTmpContent.resolveFirst(var); - } - else if (compareStrNoCase(col, "MULTIPART_FILENAME")) { - variableValue = transaction->m_variableMultiPartFileName.resolveFirst(var); - } - else if (compareStrNoCase(col, "MULTIPART_NAME")) { - variableValue = transaction->m_variableMultiPartName.resolveFirst(var); - } - else if (compareStrNoCase(col, "MATCHED_VARS_NAMES")) { - variableValue = transaction->m_variableMatchedVarsNames.resolveFirst(var); - } - else if (compareStrNoCase(col, "MATCHED_VARS")) { - variableValue = transaction->m_variableMatchedVars.resolveFirst(var); - } - else if (compareStrNoCase(col, "FILES")) { - variableValue = transaction->m_variableFiles.resolveFirst(var); - } - else if (compareStrNoCase(col, "REQUEST_COOKIES")) { - variableValue = transaction->m_variableRequestCookies.resolveFirst(var); - } - else if (compareStrNoCase(col, "REQUEST_HEADERS")) { - variableValue = transaction->m_variableRequestHeaders.resolveFirst(var); - } - else if (compareStrNoCase(variable, "REQUEST_HEADERS_NAMES")) { - variableValue = transaction->m_variableRequestHeadersNames.resolveFirst(var); - } - else if (compareStrNoCase(col, "RESPONSE_HEADERS")) { - variableValue = transaction->m_variableResponseHeaders.resolveFirst(var); - } - else if (compareStrNoCase(variable, "RESPONSE_HEADERS_NAMES")) { - variableValue = transaction->m_variableResponseHeadersNames.resolveFirst(var); - } - else if (compareStrNoCase(col, "GEO")) { - variableValue = transaction->m_variableGeo.resolveFirst(var); - } - else if (compareStrNoCase(col, "REQUEST_COOKIES_NAMES")) { - variableValue = transaction->m_variableRequestCookiesNames.resolveFirst(var); - } - else if (compareStrNoCase(col, "FILES_TMPNAMES")) { - variableValue = transaction->m_variableFilesTmpNames.resolveFirst(var); + if (comp(col, "ARGS")) { + vv = t->m_variableArgs.resolveFirst(var); + } else if (comp(variable, "ARGS_NAMES")) { + vv = t->m_variableArgsNames.resolveFirst(var); + } else if (comp(variable, "ARGS_GET_NAMES")) { + vv = t->m_variableArgsGetNames.resolveFirst(var); + } else if (comp(variable, "ARGS_POST_NAMES")) { + vv = t->m_variableArgsPostNames.resolveFirst(var); + } else if (comp(col, "RULE")) { + vv = t->m_variableRule.resolveFirst(var); + } else if (comp(col, "ARGS_GET")) { + vv = t->m_variableArgsGet.resolveFirst(var); + } else if (comp(col, "ARGS_POST")) { + vv = t->m_variableArgsPost.resolveFirst(var); + } else if (comp(col, "FILES_SIZES")) { + vv = t->m_variableFilesSizes.resolveFirst(var); + } else if (comp(col, "FILES_NAMES")) { + vv = t->m_variableFilesNames.resolveFirst(var); + } else if (comp(col, "FILES_TMP_CONTENT")) { + vv = t->m_variableFilesTmpContent.resolveFirst(var); + } else if (comp(col, "MULTIPART_FILENAME")) { + vv = t->m_variableMultiPartFileName.resolveFirst(var); + } else if (comp(col, "MULTIPART_NAME")) { + vv = t->m_variableMultiPartName.resolveFirst(var); + } else if (comp(col, "MATCHED_VARS_NAMES")) { + vv = t->m_variableMatchedVarsNames.resolveFirst(var); + } else if (comp(col, "MATCHED_VARS")) { + vv = t->m_variableMatchedVars.resolveFirst(var); + } else if (comp(col, "FILES")) { + vv = t->m_variableFiles.resolveFirst(var); + } else if (comp(col, "REQUEST_COOKIES")) { + vv = t->m_variableRequestCookies.resolveFirst(var); + } else if (comp(col, "REQUEST_HEADERS")) { + vv = t->m_variableRequestHeaders.resolveFirst(var); + } else if (comp(variable, "REQUEST_HEADERS_NAMES")) { + vv = t->m_variableRequestHeadersNames.resolveFirst(var); + } else if (comp(col, "RESPONSE_HEADERS")) { + vv = t->m_variableResponseHeaders.resolveFirst(var); + } else if (comp(variable, "RESPONSE_HEADERS_NAMES")) { + vv = t->m_variableResponseHeadersNames.resolveFirst(var); + } else if (comp(col, "GEO")) { + vv = t->m_variableGeo.resolveFirst(var); + } else if (comp(col, "REQUEST_COOKIES_NAMES")) { + vv = t->m_variableRequestCookiesNames.resolveFirst(var); + } else if (comp(col, "FILES_TMPNAMES")) { + vv = t->m_variableFilesTmpNames.resolveFirst(var); } else { - variableValue = transaction->m_collections.resolveFirst(col, - var); + vv = t->m_collections.resolveFirst(col, var); } } - return std::string(*variableValue.get()); + return std::string(*vv.get()); } std::string m_name; @@ -575,10 +433,10 @@ class VariableModificatorExclusion : public Variable { m_isExclusion = true; } - void evaluate(Transaction *transaction, + void evaluate(Transaction *t, Rule *rule, std::vector *l) { - m_var->evaluate(transaction, rule, l); + m_var->evaluate(t, rule, l); } std::unique_ptr m_var; @@ -593,14 +451,14 @@ class VariableModificatorCount : public Variable { m_isCount = true; } - void evaluate(Transaction *transaction, + void evaluate(Transaction *t, Rule *rule, std::vector *l) { std::vector reslIn; collection::Variable *val = NULL; int count = 0; - m_var->evaluate(transaction, rule, &reslIn); + m_var->evaluate(t, rule, &reslIn); for (const collection::Variable *a : reslIn) { count++; delete a; diff --git a/src/variables/web_app_id.h b/src/variables/web_app_id.h index 972918e4..231fbad9 100644 --- a/src/variables/web_app_id.h +++ b/src/variables/web_app_id.h @@ -32,7 +32,7 @@ namespace Variables { class WebAppId : public Variable { public: - explicit WebAppId() + WebAppId() : Variable("WEBAPPID") { } void evaluate(Transaction *transaction, diff --git a/test/coding_style_suppressions.txt b/test/coding_style_suppressions.txt index e66684e2..c2b1ea52 100644 --- a/test/coding_style_suppressions.txt +++ b/test/coding_style_suppressions.txt @@ -29,4 +29,9 @@ ./test/benchmark/owasp-v3/util/av-scanning/runAV/common.h ./src/audit_log/writer/parallel.cc:28 ./src/macro_expansion.c +./src/utils/string.h +./headers/modsecurity/rules_properties.h:369 +./headers/modsecurity/rules_properties.h:370 +./src/actions/transformations/url_decode_uni.cc +./test/unit/unit.cc:47 Total errors found diff --git a/test/unit/unit.cc b/test/unit/unit.cc index e5ee9d15..165ea1b9 100644 --- a/test/unit/unit.cc +++ b/test/unit/unit.cc @@ -27,7 +27,6 @@ #include "src/actions/transformations/transformation.h" #include "modsecurity/transaction.h" #include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" #include "test/common/modsecurity_test.h" @@ -44,10 +43,9 @@ using modsecurity_test::ModSecurityTest; using modsecurity_test::ModSecurityTestResults; using modsecurity::actions::transformations::Transformation; using modsecurity::operators::Operator; -using namespace modsecurity::actions::transformations; std::string default_test_path = "test-cases/secrules-language-tests/operators"; -std::list resources; +static std::list resources; void print_help() { std::cout << "Use ./unit /path/to/file" << std::endl;