Avoid passing RuleMessage by std::shared_ptr and use a reference instead.

- Avoids copying std::shared_ptr when lifetime of the RuleMessage is controlled by the caller. - The RuleMessage instance is created in RuleWithActions::evaluate and then used to call the overloaded version of this method that is specialized by subclasses. - Once the call to the overloaded method returns, the std::shared_ptr is destroyed as it's not stored by any of the callers, so it can be replaced with a stack variable and avoid paying the cost of copying the std::shared_ptr (and its control block that is guaranteed to be thread-safe and thus is not a straightforward pointer copy) - Introduced RuleMessage::reset because this is required by RuleWithActions::performLogging when it's not the 'last log', the rule has multimatch and it's to be logged. - The current version is creating allocating another instance of RuleMessage on the heap to copy the Rule & Transaction related state while all the other members in the RuleMessage are set to their default values. - The new version leverages the existent, unused and incomplete function 'clean' (renamed as 'reset') to do this on the current instance. - Notice that the current code preserves the value of m_saveMessage, so 'reset' provides an argument for the caller to control whether this member should be reinitialized.
2025-08-13 13:26:01 +03:00 · 2024-05-06 01:24:52 +00:00 · 2024-05-06 01:24:52 +00:00 · 4df297b596
commit 4df297b596
parent e313ac7de7
86 changed files with 217 additions and 241 deletions
--- a/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h
+++ b/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h
@ -160,13 +160,13 @@ class ReadingLogsViaRuleMessage {
        std::cout << std::endl;
        if (ruleMessage->m_isDisruptive) {
            std::cout << " * Disruptive action: ";
-            std::cout << modsecurity::RuleMessage::log(ruleMessage);
+            std::cout << modsecurity::RuleMessage::log(*ruleMessage);
            std::cout << std::endl;
            std::cout << " ** %d is meant to be informed by the webserver.";
            std::cout << std::endl;
        } else {
            std::cout << " * Match, but no disruptive action: ";
-            std::cout << modsecurity::RuleMessage::log(ruleMessage);
+            std::cout << modsecurity::RuleMessage::log(*ruleMessage);
            std::cout << std::endl;
        }
    }
--- a/examples/using_bodies_in_chunks/simple_request.cc
+++ b/examples/using_bodies_in_chunks/simple_request.cc
@ -81,13 +81,13 @@ static void logCb(void *data, const void *ruleMessagev) {
    std::cout << std::endl;
    if (ruleMessage->m_isDisruptive) {
        std::cout << " * Disruptive action: ";
-        std::cout << modsecurity::RuleMessage::log(ruleMessage);
+        std::cout << modsecurity::RuleMessage::log(*ruleMessage);
        std::cout << std::endl;
        std::cout << " ** %d is meant to be informed by the webserver.";
        std::cout << std::endl;
    } else {
        std::cout << " * Match, but no disruptive action: ";
-        std::cout << modsecurity::RuleMessage::log(ruleMessage);
+        std::cout << modsecurity::RuleMessage::log(*ruleMessage);
        std::cout << std::endl;
    }
 }
--- a/headers/modsecurity/actions/action.h
+++ b/headers/modsecurity/actions/action.h
@ -89,7 +89,7 @@ class Action {
    virtual bool evaluate(RuleWithActions *rule, Transaction *transaction);
    virtual bool evaluate(RuleWithActions *rule, Transaction *transaction,
-        std::shared_ptr<RuleMessage> ruleMessage) {
+        RuleMessage &ruleMessage) {
        return evaluate(rule, transaction);
    }
    virtual bool init(std::string *error) { return true; }
--- a/headers/modsecurity/modsecurity.h
+++ b/headers/modsecurity/modsecurity.h
@ -292,7 +292,7 @@ class ModSecurity {
     */
    void setServerLogCb(ModSecLogCb cb, int properties);
-    void serverLog(void *data, std::shared_ptr<RuleMessage> rm);
+    void serverLog(void *data, const RuleMessage &rm);
    const std::string& getConnectorInformation() const;
--- a/headers/modsecurity/rule.h
+++ b/headers/modsecurity/rule.h
@ -78,8 +78,7 @@ class Rule {
    virtual bool evaluate(Transaction *transaction) = 0;
-    virtual bool evaluate(Transaction *transaction,
+    virtual bool evaluate(Transaction *transaction, RuleMessage &ruleMessage) = 0;
        std::shared_ptr<RuleMessage> rm) = 0;
    const std::string& getFileName() const {
        return m_fileName;
--- a/headers/modsecurity/rule_marker.h
+++ b/headers/modsecurity/rule_marker.h
@ -42,8 +42,7 @@ class RuleMarker : public Rule {
    RuleMarker &operator=(const RuleMarker &r) = delete;
-    virtual bool evaluate(Transaction *transaction,
+    virtual bool evaluate(Transaction *transaction, RuleMessage &ruleMessage) override {
        std::shared_ptr<RuleMessage> rm) override {
        return evaluate(transaction);
    }
--- a/headers/modsecurity/rule_message.h
+++ b/headers/modsecurity/rule_message.h
@ -13,14 +13,6 @@
 *
 */
 #ifdef __cplusplus
 #include <stack>
 #include <vector>
 #include <string>
 #include <list>
 #include <cstring>
 #endif
 #ifndef HEADERS_MODSECURITY_RULE_MESSAGE_H_
 #define HEADERS_MODSECURITY_RULE_MESSAGE_H_
@ -31,8 +23,10 @@
 #ifdef __cplusplus
-namespace modsecurity {
+#include <string>
 #include <list>
 namespace modsecurity {
 class RuleMessage {
@ -45,43 +39,51 @@ class RuleMessage {
    RuleMessage(const RuleWithActions &rule, const Transaction &trans) :
        m_rule(rule),
        m_transaction(trans)
-    { }
+    {
        reset(true);
    }
    RuleMessage(const RuleMessage &ruleMessage) = default;
    RuleMessage &operator=(const RuleMessage &ruleMessage) = delete;
-    void clean() {
+    void reset(const bool resetSaveMessage)
-        m_data = "";
+    {
-        m_match = "";
+        m_data.clear();
        m_isDisruptive = false;
-        m_reference = "";
+        m_match.clear();
        m_message.clear();
        m_noAuditLog = false;
        m_reference.clear();
        if (resetSaveMessage == true)
            m_saveMessage = true;
        m_severity = 0;
        m_tags.clear();
    }
-    std::string log() {
+    std::string log() const {
-        return log(this, 0);
+        return log(*this, 0);
    }
-    std::string log(int props) {
+    std::string log(int props) const {
-        return log(this, props);
+        return log(*this, props);
    }
-    std::string log(int props, int responseCode) {
+    std::string log(int props, int responseCode) const {
-        return log(this, props, responseCode);
+        return log(*this, props, responseCode);
    }
-    std::string errorLog() {
+    std::string errorLog() const {
-        return log(this,
+        return log(*this,
-		ClientLogMessageInfo | ErrorLogTailLogMessageInfo);
+                   ClientLogMessageInfo | ErrorLogTailLogMessageInfo);
    }
-    static std::string log(const RuleMessage *rm, int props, int code);
+    static std::string log(const RuleMessage &rm, int props, int code);
-    static std::string log(const RuleMessage *rm, int props) {
+    static std::string log(const RuleMessage &rm, int props) {
        return log(rm, props, -1);
    }
-    static std::string log(const RuleMessage *rm) {
+    static std::string log(const RuleMessage &rm) {
        return log(rm, 0);
    }
-    static std::string _details(const RuleMessage *rm);
+    static std::string _details(const RuleMessage &rm);
-    static std::string _errorLogTail(const RuleMessage *rm);
+    static std::string _errorLogTail(const RuleMessage &rm);
    int getPhase() const { return m_rule.getPhase() - 1; }
--- a/headers/modsecurity/rule_unconditional.h
+++ b/headers/modsecurity/rule_unconditional.h
@ -36,7 +36,7 @@ class RuleUnconditional : public RuleWithActions {
 public:
    using RuleWithActions::RuleWithActions;
-    virtual bool evaluate(Transaction *transaction, std::shared_ptr<RuleMessage> ruleMessage) override;
+    virtual bool evaluate(Transaction *transaction, RuleMessage &ruleMessage) override;
 };
--- a/headers/modsecurity/rule_with_actions.h
+++ b/headers/modsecurity/rule_with_actions.h
@ -51,21 +51,21 @@ class RuleWithActions : public Rule {
    virtual bool evaluate(Transaction *transaction) override;
-    virtual bool evaluate(Transaction *transaction, std::shared_ptr<RuleMessage> ruleMessage) override;
+    virtual bool evaluate(Transaction *transaction, RuleMessage &ruleMessage) override;
    void executeActionsIndependentOfChainedRuleResult(
        Transaction *trasn,
        bool *containsDisruptive,
-        std::shared_ptr<RuleMessage> ruleMessage);
+        RuleMessage &ruleMessage);
    void executeActionsAfterFullMatch(
        Transaction *trasn,
        bool containsDisruptive,
-        std::shared_ptr<RuleMessage> ruleMessage);
+        RuleMessage &ruleMessage);
    void executeAction(Transaction *trans,
        bool containsBlock,
-        std::shared_ptr<RuleMessage> ruleMessage,
+        RuleMessage &ruleMessage,
        actions::Action *a,
        bool context);
@ -74,7 +74,7 @@ class RuleWithActions : public Rule {
        const Transaction *trasn, const std::string &value, TransformationResults &ret);
    void performLogging(Transaction *trans,
-        std::shared_ptr<RuleMessage> ruleMessage,
+        RuleMessage &ruleMessage,
        bool lastLog = true,
        bool chainedParentNull = false) const;
--- a/headers/modsecurity/rule_with_operator.h
+++ b/headers/modsecurity/rule_with_operator.h
@ -47,8 +47,7 @@ class RuleWithOperator : public RuleWithActions {
    ~RuleWithOperator() override;
-    bool evaluate(Transaction *transaction,
+    bool evaluate(Transaction *transaction, RuleMessage &ruleMessage) override;
        std::shared_ptr<RuleMessage> rm) override;
    void getVariablesExceptions(Transaction &t,
        variables::Variables *exclusion, variables::Variables *addition);
@ -56,7 +55,7 @@ class RuleWithOperator : public RuleWithActions {
        variables::Variables *eclusion, Transaction *trans);
    bool executeOperatorAt(Transaction *trasn, const std::string &key,
-        const std::string &value, std::shared_ptr<RuleMessage> rm);
+        const std::string &value, RuleMessage &ruleMessage);
    static void updateMatchedVars(Transaction *trasn, const std::string &key,
        const std::string &value);
--- a/headers/modsecurity/transaction.h
+++ b/headers/modsecurity/transaction.h
@ -407,7 +407,7 @@ class Transaction : public TransactionAnchoredVariables, public TransactionSecMa
 #ifndef NO_LOGS
    void debug(int, const std::string &) const; // cppcheck-suppress functionStatic
 #endif
-    void serverLog(std::shared_ptr<RuleMessage> rm);
+    void serverLog(const RuleMessage &rm);
    int getRuleEngineState() const;
--- a/src/actions/audit_log.cc
+++ b/src/actions/audit_log.cc
@ -27,11 +27,10 @@ namespace modsecurity {
 namespace actions {
-bool AuditLog::evaluate(RuleWithActions *rule, Transaction *transaction,
+bool AuditLog::evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) {
-    std::shared_ptr<RuleMessage> rm) {
+    ruleMessage.m_noAuditLog = false;
    rm->m_noAuditLog = false;
    ms_dbg_a(transaction, 9, "Saving transaction to logs");
-    rm->m_saveMessage = true;
+    ruleMessage.m_saveMessage = true;
    return true;
 }
--- a/src/actions/audit_log.h
+++ b/src/actions/audit_log.h
@ -35,8 +35,7 @@ class AuditLog : public Action {
    explicit AuditLog(const std::string &action) 
        : Action(action) { }
-    bool evaluate(RuleWithActions *rule, Transaction *transaction,
+    bool evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) override;
        std::shared_ptr<RuleMessage> rm) override;
 };
--- a/src/actions/block.cc
+++ b/src/actions/block.cc
@ -29,15 +29,14 @@ namespace modsecurity {
 namespace actions {
-bool Block::evaluate(RuleWithActions *rule, Transaction *transaction,
+bool Block::evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) {
    std::shared_ptr<RuleMessage> rm) {
    ms_dbg_a(transaction, 8, "Marking request as disruptive.");
    for (auto &a : transaction->m_rules->m_defaultActions[rule->getPhase()]) {
        if (a->isDisruptive() == false) {
            continue;
        }
-        a->evaluate(rule, transaction, rm);
+        a->evaluate(rule, transaction, ruleMessage);
    }
    return true;
--- a/src/actions/block.h
+++ b/src/actions/block.h
@ -35,8 +35,7 @@ class Block : public Action {
 public:
    explicit Block(const std::string &action) : Action(action) { }
-    bool evaluate(RuleWithActions *rule, Transaction *transaction,
+    bool evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) override;
        std::shared_ptr<RuleMessage> rm) override;
 };
--- a/src/actions/data/status.cc
+++ b/src/actions/data/status.cc
@ -39,7 +39,7 @@ bool Status::init(std::string *error) {
 bool Status::evaluate(RuleWithActions *rule, Transaction *transaction,
-    std::shared_ptr<RuleMessage> rm) {
+    RuleMessage &ruleMessage) {
    transaction->m_it.status = m_status;
    return true;
 }
--- a/src/actions/data/status.h
+++ b/src/actions/data/status.h
@ -37,8 +37,7 @@ class Status : public Action {
        : Action(action), m_status(0) { }
    bool init(std::string *error) override;
-    bool evaluate(RuleWithActions *rule, Transaction *transaction,
+    bool evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) override;
        std::shared_ptr<RuleMessage> rm) override;
    int m_status;
 };
--- a/src/actions/disruptive/deny.cc
+++ b/src/actions/disruptive/deny.cc
@ -29,7 +29,7 @@ namespace disruptive {
 bool Deny::evaluate(RuleWithActions *rule, Transaction *transaction,
-    std::shared_ptr<RuleMessage> rm) {
+    RuleMessage &ruleMessage) {
    ms_dbg_a(transaction, 8, "Running action deny");
    if (transaction->m_it.status == 200) {
@ -38,9 +38,9 @@ bool Deny::evaluate(RuleWithActions *rule, Transaction *transaction,
    transaction->m_it.disruptive = true;
    intervention::freeLog(&transaction->m_it);
-    rm->m_isDisruptive = true;
+    ruleMessage.m_isDisruptive = true;
    transaction->m_it.log = strdup(
-        rm->log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str());
+        ruleMessage.log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str());
    return true;
 }
--- a/src/actions/disruptive/deny.h
+++ b/src/actions/disruptive/deny.h
@ -33,8 +33,7 @@ class Deny : public Action {
 public:
    explicit Deny(const std::string &action) : Action(action) { }
-    bool evaluate(RuleWithActions *rule, Transaction *transaction,
+    bool evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) override;
        std::shared_ptr<RuleMessage> rm) override;
    bool isDisruptive() override { return true; }
 };
--- a/src/actions/disruptive/drop.cc
+++ b/src/actions/disruptive/drop.cc
@ -33,7 +33,7 @@ namespace disruptive {
 bool Drop::evaluate(RuleWithActions *rule, Transaction *transaction,
-    std::shared_ptr<RuleMessage> rm) {
+    RuleMessage &ruleMessage) {
    ms_dbg_a(transaction, 8, "Running action drop " \
        "[executing deny instead of drop.]");
@ -43,9 +43,9 @@ bool Drop::evaluate(RuleWithActions *rule, Transaction *transaction,
    transaction->m_it.disruptive = true;
    intervention::freeLog(&transaction->m_it);
-    rm->m_isDisruptive = true;
+    ruleMessage.m_isDisruptive = true;
    transaction->m_it.log = strdup(
-        rm->log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str());
+        ruleMessage.log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str());
    return true;
 }
--- a/src/actions/disruptive/drop.h
+++ b/src/actions/disruptive/drop.h
@ -32,8 +32,7 @@ class Drop : public Action {
 public:
    explicit Drop(const std::string &action) : Action(action) { }
-    bool evaluate(RuleWithActions *rule, Transaction *transaction,
+    bool evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) override;
        std::shared_ptr<RuleMessage> rm) override;
    bool isDisruptive() override { return true; }
 };
--- a/src/actions/disruptive/pass.cc
+++ b/src/actions/disruptive/pass.cc
@ -30,7 +30,7 @@ namespace disruptive {
 bool Pass::evaluate(RuleWithActions *rule, Transaction *transaction,
-    std::shared_ptr<RuleMessage> rm) {
+    RuleMessage &ruleMessage) {
    intervention::free(&transaction->m_it);
    intervention::reset(&transaction->m_it);
--- a/src/actions/disruptive/pass.h
+++ b/src/actions/disruptive/pass.h
@ -31,8 +31,7 @@ class Pass : public Action {
 public:
    explicit Pass(const std::string &action) : Action(action) { }
-    bool evaluate(RuleWithActions *rule, Transaction *transaction,
+    bool evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) override;
        std::shared_ptr<RuleMessage> rm) override;
    bool isDisruptive() override { return true; }
 };
--- a/src/actions/disruptive/redirect.cc
+++ b/src/actions/disruptive/redirect.cc
@ -35,7 +35,7 @@ bool Redirect::init(std::string *error) {
 bool Redirect::evaluate(RuleWithActions *rule, Transaction *transaction,
-    std::shared_ptr<RuleMessage> rm) {
+    RuleMessage &ruleMessage) {
    std::string m_urlExpanded(m_string->evaluate(transaction));
    /* if it was changed before, lets keep it. */
    if (transaction->m_it.status == 200
@ -47,9 +47,9 @@ bool Redirect::evaluate(RuleWithActions *rule, Transaction *transaction,
    transaction->m_it.url = strdup(m_urlExpanded.c_str());
    transaction->m_it.disruptive = true;
    intervention::freeLog(&transaction->m_it);
-    rm->m_isDisruptive = true;
+    ruleMessage.m_isDisruptive = true;
    transaction->m_it.log = strdup(
-        rm->log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str());
+        ruleMessage.log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str());
    return true;
 }
--- a/src/actions/disruptive/redirect.h
+++ b/src/actions/disruptive/redirect.h
@ -46,8 +46,7 @@ class Redirect : public Action {
            m_status(0),
            m_string(std::move(z)) { }
-    bool evaluate(RuleWithActions *rule, Transaction *transaction,
+    bool evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) override;
        std::shared_ptr<RuleMessage> rm) override;
    bool init(std::string *error) override;
    bool isDisruptive() override { return true; }
--- a/src/actions/log.cc
+++ b/src/actions/log.cc
@ -28,10 +28,9 @@ namespace modsecurity {
 namespace actions {
-bool Log::evaluate(RuleWithActions *rule, Transaction *transaction,
+bool Log::evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) {
    std::shared_ptr<RuleMessage> rm) {
    ms_dbg_a(transaction, 9, "Saving transaction to logs");
-    rm->m_saveMessage = true;
+    ruleMessage.m_saveMessage = true;
    return true;
 }
--- a/src/actions/log.h
+++ b/src/actions/log.h
@ -33,8 +33,7 @@ class Log : public Action {
    explicit Log(const std::string &action) 
        : Action(action) { }
-    bool evaluate(RuleWithActions *rule, Transaction *transaction,
+    bool evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) override;
        std::shared_ptr<RuleMessage> rm) override;
 };
 }  // namespace actions
--- a/src/actions/log_data.cc
+++ b/src/actions/log_data.cc
@ -29,9 +29,8 @@ namespace modsecurity {
 namespace actions {
-bool LogData::evaluate(RuleWithActions *rule, Transaction *transaction,
+bool LogData::evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) {
-    std::shared_ptr<RuleMessage> rm) {
+    ruleMessage.m_data = data(transaction);
    rm->m_data = data(transaction);
    return true;
 }
--- a/src/actions/log_data.h
+++ b/src/actions/log_data.h
@ -39,8 +39,7 @@ class LogData : public Action {
        : Action("logdata"),
            m_string(std::move(z)) { }
-    bool evaluate(RuleWithActions *rule, Transaction *transaction,
+    bool evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) override;
       std::shared_ptr<RuleMessage> rm) override;
    std::string data(Transaction *Transaction);
--- a/src/actions/msg.cc
+++ b/src/actions/msg.cc
@ -46,10 +46,9 @@ namespace modsecurity {
 namespace actions {
-bool Msg::evaluate(RuleWithActions *rule, Transaction *transaction,
+bool Msg::evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) {
-    std::shared_ptr<RuleMessage> rm) {
+    const auto msg = data(transaction);
-    std::string msg = data(transaction);
+    ruleMessage.m_message = msg;
    rm->m_message = msg;
    ms_dbg_a(transaction, 9, "Saving msg: " + msg);
    return true;
--- a/src/actions/msg.h
+++ b/src/actions/msg.h
@ -40,8 +40,7 @@ class Msg : public Action {
        : Action("msg"),
            m_string(std::move(z)) { }
-    bool evaluate(RuleWithActions *rule, Transaction *transaction,
+    bool evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) override;
        std::shared_ptr<RuleMessage> rm) override;
    std::string data(Transaction *Transaction);
    std::unique_ptr<RunTimeString> m_string;
--- a/src/actions/no_audit_log.cc
+++ b/src/actions/no_audit_log.cc
@ -26,10 +26,9 @@ namespace modsecurity {
 namespace actions {
-bool NoAuditLog::evaluate(RuleWithActions *rule, Transaction *transaction,
+bool NoAuditLog::evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) {
-    std::shared_ptr<RuleMessage> rm) {
+    ruleMessage.m_noAuditLog = true;
-    rm->m_noAuditLog = true;
+    ruleMessage.m_saveMessage = false;
    rm->m_saveMessage = false;
    return true;
 }
--- a/src/actions/no_audit_log.h
+++ b/src/actions/no_audit_log.h
@ -35,8 +35,7 @@ class NoAuditLog : public Action {
    explicit NoAuditLog(const std::string &action) 
        : Action(action) { }
-    bool evaluate(RuleWithActions *rule, Transaction *transaction,
+    bool evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) override;
        std::shared_ptr<RuleMessage> rm) override;
 };
 }  // namespace actions
--- a/src/actions/no_log.cc
+++ b/src/actions/no_log.cc
@ -29,9 +29,8 @@ namespace modsecurity {
 namespace actions {
-bool NoLog::evaluate(RuleWithActions *rule, Transaction *transaction,
+bool NoLog::evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) {
-    std::shared_ptr<RuleMessage> rm) {
+    ruleMessage.m_saveMessage = false;
    rm->m_saveMessage = false;
    return true;
 }
--- a/src/actions/no_log.h
+++ b/src/actions/no_log.h
@ -33,8 +33,7 @@ class NoLog : public Action {
    explicit NoLog(const std::string &action) 
        : Action(action) { }
-    bool evaluate(RuleWithActions *rule, Transaction *transaction,
+    bool evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) override;
        std::shared_ptr<RuleMessage> rm) override;
 };
 }  // namespace actions
--- a/src/actions/severity.cc
+++ b/src/actions/severity.cc
@ -71,13 +71,12 @@ bool Severity::init(std::string *error) {
 }
-bool Severity::evaluate(RuleWithActions *rule, Transaction *transaction,
+bool Severity::evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) {
    std::shared_ptr<RuleMessage> rm) {
    ms_dbg_a(transaction, 9, "This rule severity is: " + \
        std::to_string(this->m_severity) + " current transaction is: " + \
        std::to_string(transaction->m_highestSeverityAction));
-    rm->m_severity = m_severity;
+    ruleMessage.m_severity = m_severity;
    if (transaction->m_highestSeverityAction > this->m_severity) {
        transaction->m_highestSeverityAction = this->m_severity;
--- a/src/actions/severity.h
+++ b/src/actions/severity.h
@ -35,8 +35,7 @@ class Severity : public Action {
        : Action(action),
        m_severity(0) { }
-    bool evaluate(RuleWithActions *rule, Transaction *transaction,
+    bool evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) override;
        std::shared_ptr<RuleMessage> rm) override;
    bool init(std::string *error) override;
    int m_severity;
--- a/src/actions/tag.cc
+++ b/src/actions/tag.cc
@ -57,12 +57,11 @@ std::string Tag::getName(Transaction *transaction) {
 }
-bool Tag::evaluate(RuleWithActions *rule, Transaction *transaction,
+bool Tag::evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) {
    std::shared_ptr<RuleMessage> rm) {
    std::string tag = getName(transaction);
    ms_dbg_a(transaction, 9, "Rule tag: " + tag);
-    rm->m_tags.push_back(tag);
+    ruleMessage.m_tags.push_back(tag);
    return true;
 }
--- a/src/actions/tag.h
+++ b/src/actions/tag.h
@ -38,8 +38,7 @@ class Tag : public Action {
    std::string getName(Transaction *transaction);
-    bool evaluate(RuleWithActions *rule, Transaction *transaction,
+    bool evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) override;
        std::shared_ptr<RuleMessage> rm) override;
 protected:
    std::unique_ptr<RunTimeString> m_string;
--- a/src/modsecurity.cc
+++ b/src/modsecurity.cc
@ -190,26 +190,22 @@ const std::string& ModSecurity::getConnectorInformation() const {
    return m_connector;
 }
-void ModSecurity::serverLog(void *data, std::shared_ptr<RuleMessage> rm) {
+void ModSecurity::serverLog(void *data, const RuleMessage &rm) {
    if (m_logCb == NULL) {
-        std::cerr << "Server log callback is not set -- " << rm->errorLog();
+        std::cerr << "Server log callback is not set -- " << rm.errorLog();
        std::cerr << std::endl;
        return;
    }
    if (rm == NULL) {
        return;
    }
    if (m_logProperties & TextLogProperty) {
-        auto d = rm->log();
+        auto d = rm.log();
        const void *a = static_cast<const void *>(d.c_str());
        m_logCb(data, a);
        return;
    }
    if (m_logProperties & RuleMessageLogProperty) {
-        const void *a = static_cast<const void *>(rm.get());
+        const void *a = static_cast<const void *>(&rm);
        m_logCb(data, a);
        return;
    }
--- a/src/operators/begins_with.cc
+++ b/src/operators/begins_with.cc
@ -25,7 +25,7 @@ namespace operators {
 bool BeginsWith::evaluate(Transaction *transaction, RuleWithActions *rule,
-    const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string &str, RuleMessage &ruleMessage) {
    std::string p(m_string->evaluate(transaction));
    if (str.size() < p.size()) {
--- a/src/operators/begins_with.h
+++ b/src/operators/begins_with.h
@ -33,7 +33,7 @@ class BeginsWith : public Operator {
        : Operator("BeginsWith", std::move(param)) { }
    bool evaluate(Transaction *transaction, RuleWithActions *rule, const std::string &str,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage &ruleMessage) override;
 };
 }  // namespace operators
--- a/src/operators/contains.cc
+++ b/src/operators/contains.cc
@ -22,7 +22,7 @@ namespace modsecurity {
 namespace operators {
 bool Contains::evaluate(Transaction *transaction, RuleWithActions *rule,
-        const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
+        const std::string &input, RuleMessage &ruleMessage) {
    std::string p(m_string->evaluate(transaction));
    size_t offset = input.find(p);
--- a/src/operators/contains.h
+++ b/src/operators/contains.h
@ -36,7 +36,7 @@ class Contains : public Operator {
        : Operator("Contains", std::move(param)) { }
    bool evaluate(Transaction *transaction, RuleWithActions *rule,
        const std::string &str,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage &ruleMessage) override;
 };
 }  // namespace operators
--- a/src/operators/contains_word.cc
+++ b/src/operators/contains_word.cc
@ -37,7 +37,7 @@ bool ContainsWord::acceptableChar(const std::string& a, size_t pos) {
 }
 bool ContainsWord::evaluate(Transaction *transaction, RuleWithActions *rule,
-    const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string &str, RuleMessage &ruleMessage) {
    std::string paramTarget(m_string->evaluate(transaction));
    if (paramTarget.empty()) {
--- a/src/operators/contains_word.h
+++ b/src/operators/contains_word.h
@ -34,7 +34,7 @@ class ContainsWord : public Operator {
    bool evaluate(Transaction *transaction, RuleWithActions *rule,
        const std::string &str,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage &ruleMessage) override;
 private:
    static bool acceptableChar(const std::string& a, size_t pos);
--- a/src/operators/detect_sqli.cc
+++ b/src/operators/detect_sqli.cc
@ -26,7 +26,7 @@ namespace operators {
 bool DetectSQLi::evaluate(Transaction *t, RuleWithActions *rule,
-    const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string& input, RuleMessage &ruleMessage) {
    char fingerprint[8];
    int issqli;
--- a/src/operators/detect_sqli.h
+++ b/src/operators/detect_sqli.h
@ -34,7 +34,7 @@ class DetectSQLi : public Operator {
    bool evaluate(Transaction *t, RuleWithActions *rule,
        const std::string& input,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage &ruleMessage) override;
 };
 }  // namespace operators
--- a/src/operators/detect_xss.cc
+++ b/src/operators/detect_xss.cc
@ -26,7 +26,7 @@ namespace operators {
 bool DetectXSS::evaluate(Transaction *t, RuleWithActions *rule,
-    const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string& input, RuleMessage &ruleMessage) {
    int is_xss;
    is_xss = libinjection_xss(input.c_str(), input.length());
--- a/src/operators/detect_xss.h
+++ b/src/operators/detect_xss.h
@ -33,7 +33,7 @@ class DetectXSS : public Operator {
    bool evaluate(Transaction *t, RuleWithActions *rule,
        const std::string& input,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage &ruleMessage) override;
 };
 }  // namespace operators
--- a/src/operators/ends_with.cc
+++ b/src/operators/ends_with.cc
@ -24,7 +24,7 @@ namespace operators {
 bool EndsWith::evaluate(Transaction *transaction, RuleWithActions *rule,
-    const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string &str, RuleMessage &ruleMessage) {
    bool ret = false;
    std::string p(m_string->evaluate(transaction));
--- a/src/operators/ends_with.h
+++ b/src/operators/ends_with.h
@ -35,7 +35,7 @@ class EndsWith : public Operator {
        }
    bool evaluate(Transaction *transaction, RuleWithActions *rule,
        const std::string &str,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage &ruleMessage) override;
 };
--- a/src/operators/operator.cc
+++ b/src/operators/operator.cc
@ -71,8 +71,8 @@ namespace operators {
 bool Operator::evaluateInternal(Transaction *transaction,
-    RuleWithActions *rule, const std::string& a, std::shared_ptr<RuleMessage> rm) {
+    RuleWithActions *rule, const std::string& a, RuleMessage &ruleMessage) {
-    bool res = evaluate(transaction, rule, a, rm);
+    bool res = evaluate(transaction, rule, a, ruleMessage);
    if (m_negation) {
        return !res;
--- a/src/operators/operator.h
+++ b/src/operators/operator.h
@ -115,7 +115,7 @@ class Operator {
    bool evaluateInternal(Transaction *t, RuleWithActions *rule,
        const std::string& a);
    bool evaluateInternal(Transaction *t, RuleWithActions *rule,
-        const std::string& a, std::shared_ptr<RuleMessage> ruleMessage);
+        const std::string& a, RuleMessage &ruleMessage);
    virtual bool evaluate(Transaction *transaction, const std::string &str);
@ -124,16 +124,14 @@ class Operator {
        return evaluate(transaction, str);
    }
    virtual bool evaluate(Transaction *transaction, RuleWithActions *rule,
-        const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
+        const std::string &str, RuleMessage &ruleMessage) {
        return evaluate(transaction, str);
    }
-    static void logOffset(std::shared_ptr<RuleMessage> ruleMessage, int offset, int len) {
+    static void logOffset(RuleMessage &ruleMessage, int offset, int len) {
-        if (ruleMessage) {
+        ruleMessage.m_reference.append("o"
-            ruleMessage->m_reference.append("o"
+            + std::to_string(offset) + ","
-                + std::to_string(offset) + ","
+            + std::to_string(len));
                + std::to_string(len));
        }
    }
    std::string m_match_message;
--- a/src/operators/pm.cc
+++ b/src/operators/pm.cc
@ -140,7 +140,7 @@ void Pm::postOrderTraversal(acmp_btree_node_t *node) {
 bool Pm::evaluate(Transaction *transaction, RuleWithActions *rule,
-    const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string &input, RuleMessage &ruleMessage) {
    int rc;
    ACMPT pt;
    pt.parser = m_p;
--- a/src/operators/pm.h
+++ b/src/operators/pm.h
@ -43,7 +43,7 @@ class Pm : public Operator {
    ~Pm();
    bool evaluate(Transaction *transaction, RuleWithActions *rule,
        const std::string &str,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage &ruleMessage) override;
    bool init(const std::string &file, std::string *error) override;
--- a/src/operators/rbl.cc
+++ b/src/operators/rbl.cc
@ -207,7 +207,7 @@ void Rbl::furtherInfo(struct sockaddr_in *sin, const std::string &ipStr,
 bool Rbl::evaluate(Transaction *t, RuleWithActions *rule,
        const std::string& ipStr,
-        std::shared_ptr<RuleMessage> ruleMessage) {
+        RuleMessage &ruleMessage) {
    struct addrinfo *info = NULL;
    std::string host = Rbl::mapIpToAddress(ipStr, t);
    int rc = 0;
--- a/src/operators/rbl.h
+++ b/src/operators/rbl.h
@ -83,7 +83,7 @@ class Rbl : public Operator {
        }
    bool evaluate(Transaction *transaction, RuleWithActions *rule,
        const std::string& input,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage &ruleMessage) override;
    std::string mapIpToAddress(const std::string &ipStr, Transaction *trans) const;
--- a/src/operators/rx.cc
+++ b/src/operators/rx.cc
@ -37,7 +37,7 @@ bool Rx::init(const std::string &arg, std::string *error) {
 bool Rx::evaluate(Transaction *transaction, RuleWithActions *rule,
-    const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string& input, RuleMessage &ruleMessage) {
    Regex *re;
    if (m_param.empty() && !m_string->m_containsMacro) {
--- a/src/operators/rx.h
+++ b/src/operators/rx.h
@ -51,7 +51,7 @@ class Rx : public Operator {
    bool evaluate(Transaction *transaction, RuleWithActions *rule,
        const std::string& input,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage &ruleMessage) override;
    bool init(const std::string &arg, std::string *error) override;
--- a/src/operators/rx_global.cc
+++ b/src/operators/rx_global.cc
@ -37,7 +37,7 @@ bool RxGlobal::init(const std::string &arg, std::string *error) {
 bool RxGlobal::evaluate(Transaction *transaction, RuleWithActions *rule,
-    const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string& input, RuleMessage &ruleMessage) {
    Regex *re;
    if (m_param.empty() && !m_string->m_containsMacro) {
--- a/src/operators/rx_global.h
+++ b/src/operators/rx_global.h
@ -51,7 +51,7 @@ class RxGlobal : public Operator {
    bool evaluate(Transaction *transaction, RuleWithActions *rule,
        const std::string& input,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage &ruleMessage) override;
    bool init(const std::string &arg, std::string *error) override;
--- a/src/operators/validate_byte_range.cc
+++ b/src/operators/validate_byte_range.cc
@ -111,7 +111,7 @@ bool ValidateByteRange::init(const std::string &file,
 bool ValidateByteRange::evaluate(Transaction *transaction, RuleWithActions *rule,
-    const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string &input, RuleMessage &ruleMessage) {
    bool ret = true;
    size_t count = 0;
--- a/src/operators/validate_byte_range.h
+++ b/src/operators/validate_byte_range.h
@ -39,7 +39,7 @@ class ValidateByteRange : public Operator {
    bool evaluate(Transaction *transaction, RuleWithActions *rule,
        const std::string &input,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage &ruleMessage) override;
    bool getRange(const std::string &rangeRepresentation, std::string *error);
    bool init(const std::string& file, std::string *error) override;
 private:
--- a/src/operators/validate_url_encoding.cc
+++ b/src/operators/validate_url_encoding.cc
@ -69,7 +69,7 @@ int ValidateUrlEncoding::validate_url_encoding(const char *input,
 bool ValidateUrlEncoding::evaluate(Transaction *transaction, RuleWithActions *rule,
-    const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string &input, RuleMessage &ruleMessage) {
    size_t offset = 0;
    bool res = false;
--- a/src/operators/validate_url_encoding.h
+++ b/src/operators/validate_url_encoding.h
@ -33,7 +33,7 @@ class ValidateUrlEncoding : public Operator {
    bool evaluate(Transaction *transaction, RuleWithActions *rule,
        const std::string &input,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage &ruleMessage) override;
    static int validate_url_encoding(const char *input, uint64_t input_length,
        size_t *offset);
--- a/src/operators/validate_utf8_encoding.cc
+++ b/src/operators/validate_utf8_encoding.cc
@ -122,7 +122,7 @@ int ValidateUtf8Encoding::detect_utf8_character(
 }
 bool ValidateUtf8Encoding::evaluate(Transaction *transaction, RuleWithActions *rule,
-    const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string &str, RuleMessage &ruleMessage) {
    unsigned int i, bytes_left;
    const char *str_c = str.c_str();
--- a/src/operators/validate_utf8_encoding.h
+++ b/src/operators/validate_utf8_encoding.h
@ -33,7 +33,7 @@ class ValidateUtf8Encoding : public Operator {
    bool evaluate(Transaction *transaction, RuleWithActions *rule,
        const std::string &str,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage &ruleMessage) override;
    static int detect_utf8_character(const unsigned char *p_read,
        unsigned int length);
--- a/src/operators/verify_cc.cc
+++ b/src/operators/verify_cc.cc
@ -135,7 +135,7 @@ bool VerifyCC::init(const std::string &param2, std::string *error) {
 bool VerifyCC::evaluate(Transaction *t, RuleWithActions *rule,
-    const std::string& i, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string& i, RuleMessage &ruleMessage) {
 #ifdef WITH_PCRE2
    PCRE2_SIZE offset = 0;
    size_t target_length = i.length();
--- a/src/operators/verify_cc.h
+++ b/src/operators/verify_cc.h
@ -49,7 +49,7 @@ class VerifyCC : public Operator {
    bool evaluate(Transaction *t, RuleWithActions *rule,
        const std::string& input,
-        std::shared_ptr<RuleMessage> ruleMessage)  override;
+        RuleMessage &ruleMessage)  override;
    bool init(const std::string &param, std::string *error) override;
 private:
 #if WITH_PCRE2
--- a/src/operators/verify_cpf.cc
+++ b/src/operators/verify_cpf.cc
@ -109,7 +109,7 @@ bool VerifyCPF::verify(const char *cpfnumber, int len) {
 bool VerifyCPF::evaluate(Transaction *t, RuleWithActions *rule,
-    const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string& input, RuleMessage &ruleMessage) {
    std::list<SMatch> matches;
    bool is_cpf = false;
    int i;
--- a/src/operators/verify_cpf.h
+++ b/src/operators/verify_cpf.h
@ -48,7 +48,7 @@ class VerifyCPF : public Operator {
    bool evaluate(Transaction *transaction, RuleWithActions *rule,
        const std::string& input,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage &ruleMessage) override;
    bool verify(const char *ssnumber, int len);
--- a/src/operators/verify_ssn.cc
+++ b/src/operators/verify_ssn.cc
@ -111,7 +111,7 @@ invalid:
 bool VerifySSN::evaluate(Transaction *t, RuleWithActions *rule,
-    const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string& input, RuleMessage &ruleMessage) {
    std::list<SMatch> matches;
    bool is_ssn = false;
    int i;
--- a/src/operators/verify_ssn.h
+++ b/src/operators/verify_ssn.h
@ -48,7 +48,7 @@ class VerifySSN : public Operator {
    bool evaluate(Transaction *transaction, RuleWithActions *rule,
        const std::string& input,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage &ruleMessage) override;
--- a/src/operators/verify_svnr.cc
+++ b/src/operators/verify_svnr.cc
@ -78,7 +78,7 @@ bool VerifySVNR::verify(const char *svnrnumber, int len) {
 bool VerifySVNR::evaluate(Transaction *t, RuleWithActions *rule,
-    const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string& input, RuleMessage &ruleMessage) {
    std::list<SMatch> matches;
    bool is_svnr = false;
    int i;
--- a/src/operators/verify_svnr.h
+++ b/src/operators/verify_svnr.h
@ -34,7 +34,7 @@ class VerifySVNR : public Operator {
    bool evaluate(Transaction *transaction, RuleWithActions *rule,
        const std::string& input,
-        std::shared_ptr<RuleMessage> ruleMessage) override;
+        RuleMessage &ruleMessage) override;
    bool verify(const char *ssnumber, int len);
--- a/src/operators/within.cc
+++ b/src/operators/within.cc
@ -25,7 +25,7 @@ namespace operators {
 bool Within::evaluate(Transaction *transaction, RuleWithActions *rule,
-    const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string &str, RuleMessage &ruleMessage) {
    bool res = false;
    size_t pos = 0;
    std::string paramTarget(m_string->evaluate(transaction));
--- a/src/operators/within.h
+++ b/src/operators/within.h
@ -34,7 +34,7 @@ class Within : public Operator {
            m_couldContainsMacro = true;
        }
    bool evaluate(Transaction *transaction, RuleWithActions *rule,
-        const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) override;
+        const std::string &str, RuleMessage &ruleMessage) override;
 };
 }  // namespace operators
--- a/src/rule_message.cc
+++ b/src/rule_message.cc
@ -23,55 +23,55 @@
 namespace modsecurity {
-std::string RuleMessage::_details(const RuleMessage *rm) {
+std::string RuleMessage::_details(const RuleMessage &rm) {
    std::string msg;
-    msg.append(" [file \"" + rm->m_rule.getFileName() + "\"]");
+    msg.append(" [file \"" + rm.m_rule.getFileName() + "\"]");
-    msg.append(" [line \"" + std::to_string(rm->m_rule.getLineNumber()) + "\"]");
+    msg.append(" [line \"" + std::to_string(rm.m_rule.getLineNumber()) + "\"]");
-    msg.append(" [id \"" + std::to_string(rm->m_rule.m_ruleId) + "\"]");
+    msg.append(" [id \"" + std::to_string(rm.m_rule.m_ruleId) + "\"]");
-    msg.append(" [rev \"" + utils::string::toHexIfNeeded(rm->m_rule.m_rev, true) + "\"]");
+    msg.append(" [rev \"" + utils::string::toHexIfNeeded(rm.m_rule.m_rev, true) + "\"]");
-    msg.append(" [msg \"" + rm->m_message + "\"]");
+    msg.append(" [msg \"" + rm.m_message + "\"]");
-    msg.append(" [data \"" + utils::string::toHexIfNeeded(utils::string::limitTo(200, rm->m_data), true) + "\"]");
+    msg.append(" [data \"" + utils::string::toHexIfNeeded(utils::string::limitTo(200, rm.m_data), true) + "\"]");
    msg.append(" [severity \"" +
-        std::to_string(rm->m_severity) + "\"]");
+        std::to_string(rm.m_severity) + "\"]");
-    msg.append(" [ver \"" + utils::string::toHexIfNeeded(rm->m_rule.m_ver, true) + "\"]");
+    msg.append(" [ver \"" + utils::string::toHexIfNeeded(rm.m_rule.m_ver, true) + "\"]");
-    msg.append(" [maturity \"" + std::to_string(rm->m_rule.m_maturity) + "\"]");
+    msg.append(" [maturity \"" + std::to_string(rm.m_rule.m_maturity) + "\"]");
-    msg.append(" [accuracy \"" + std::to_string(rm->m_rule.m_accuracy) + "\"]");
+    msg.append(" [accuracy \"" + std::to_string(rm.m_rule.m_accuracy) + "\"]");
-    for (const auto &a : rm->m_tags) {
+    for (const auto &a : rm.m_tags) {
        msg.append(" [tag \"" + utils::string::toHexIfNeeded(a, true) + "\"]");
    }
-    msg.append(" [hostname \"" + rm->m_transaction.m_requestHostName \
+    msg.append(" [hostname \"" + rm.m_transaction.m_requestHostName \
        + "\"]");
-    msg.append(" [uri \"" + utils::string::limitTo(200, rm->m_transaction.m_uri_no_query_string_decoded) + "\"]");
+    msg.append(" [uri \"" + utils::string::limitTo(200, rm.m_transaction.m_uri_no_query_string_decoded) + "\"]");
-    msg.append(" [unique_id \"" + rm->m_transaction.m_id + "\"]");
+    msg.append(" [unique_id \"" + rm.m_transaction.m_id + "\"]");
-    msg.append(" [ref \"" + utils::string::limitTo(200, rm->m_reference) + "\"]");
+    msg.append(" [ref \"" + utils::string::limitTo(200, rm.m_reference) + "\"]");
    return msg;
 }
-std::string RuleMessage::_errorLogTail(const RuleMessage *rm) {
+std::string RuleMessage::_errorLogTail(const RuleMessage &rm) {
    std::string msg;
-    msg.append("[hostname \"" + rm->m_transaction.m_serverIpAddress + "\"]");
+    msg.append("[hostname \"" + rm.m_transaction.m_serverIpAddress + "\"]");
-    msg.append(" [uri \"" + utils::string::limitTo(200, rm->m_transaction.m_uri_no_query_string_decoded) + "\"]");
+    msg.append(" [uri \"" + utils::string::limitTo(200, rm.m_transaction.m_uri_no_query_string_decoded) + "\"]");
-    msg.append(" [unique_id \"" + rm->m_transaction.m_id + "\"]");
+    msg.append(" [unique_id \"" + rm.m_transaction.m_id + "\"]");
    return msg;
 }
-std::string RuleMessage::log(const RuleMessage *rm, int props, int code) {
+std::string RuleMessage::log(const RuleMessage &rm, int props, int code) {
    std::string msg("");
    msg.reserve(2048);
    if (props & ClientLogMessageInfo) {
-        msg.append("[client " + rm->m_transaction.m_clientIpAddress + "] ");
+        msg.append("[client " + rm.m_transaction.m_clientIpAddress + "] ");
    }
-    if (rm->m_isDisruptive) {
+    if (rm.m_isDisruptive) {
        msg.append("ModSecurity: Access denied with code ");
        if (code == -1) {
            msg.append("%d");
@ -79,12 +79,12 @@ std::string RuleMessage::log(const RuleMessage *rm, int props, int code) {
            msg.append(std::to_string(code));
        }
        msg.append(" (phase ");
-        msg.append(std::to_string(rm->getPhase()) + "). ");
+        msg.append(std::to_string(rm.getPhase()) + "). ");
    } else {
        msg.append("ModSecurity: Warning. ");
    }
-    msg.append(rm->m_match);
+    msg.append(rm.m_match);
    msg.append(_details(rm));
    if (props & ErrorLogTailLogMessageInfo) {
--- a/src/rule_script.cc
+++ b/src/rule_script.cc
@ -23,7 +23,7 @@ bool RuleScript::init(std::string *err) {
 }
 bool RuleScript::evaluate(Transaction *trans,
-    std::shared_ptr<RuleMessage> ruleMessage) {
+    RuleMessage &ruleMessage) {
    ms_dbg_a(trans, 4, " Executing script: " + m_name + ".");
--- a/src/rule_script.h
+++ b/src/rule_script.h
@ -59,8 +59,7 @@ class RuleScript : public RuleWithActions {
    bool init(std::string *err);
-    bool evaluate(Transaction *trans,
+    bool evaluate(Transaction *trans, RuleMessage &ruleMessage) override;
        std::shared_ptr<RuleMessage> ruleMessage) override;
    std::string m_name;
    engine::Lua m_lua;
--- a/src/rule_unconditional.cc
+++ b/src/rule_unconditional.cc
@ -20,7 +20,7 @@ namespace modsecurity {
 bool RuleUnconditional::evaluate(Transaction *trans,
-    std::shared_ptr<RuleMessage> ruleMessage) {
+    RuleMessage &ruleMessage) {
    RuleWithActions::evaluate(trans, ruleMessage);
    // FIXME: This needs to be romeved on the runtime exeption review.
--- a/src/rule_with_actions.cc
+++ b/src/rule_with_actions.cc
@ -179,12 +179,13 @@ RuleWithActions::~RuleWithActions() {
 bool RuleWithActions::evaluate(Transaction *transaction) {
-    return evaluate(transaction, std::make_shared<RuleMessage>(*this, *transaction));
+    RuleMessage rm(*this, *transaction);
    return evaluate(transaction, rm);
 }
 bool RuleWithActions::evaluate(Transaction *transaction,
-    std::shared_ptr<RuleMessage> ruleMessage) {
+    RuleMessage &ruleMessage) {
    /* Rule evaluate is pure virtual.
     *
@ -199,7 +200,7 @@ bool RuleWithActions::evaluate(Transaction *transaction,
 void RuleWithActions::executeActionsIndependentOfChainedRuleResult(Transaction *trans,
-    bool *containsBlock, std::shared_ptr<RuleMessage> ruleMessage) {
+    bool *containsBlock, RuleMessage &ruleMessage) {
    for (actions::SetVar *a : m_actionsSetVar) {
        ms_dbg_a(trans, 4, "Running [independent] (non-disruptive) " \
@ -243,7 +244,7 @@ void RuleWithActions::executeActionsIndependentOfChainedRuleResult(Transaction *
 void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans,
-    bool containsBlock, std::shared_ptr<RuleMessage> ruleMessage) {
+    bool containsBlock, RuleMessage &ruleMessage) {
    bool disruptiveAlreadyExecuted = false;
    for (const auto &a : trans->m_rules->m_defaultActions[getPhase()]) { // cppcheck-suppress ctunullpointer
@ -296,7 +297,7 @@ void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans,
 void RuleWithActions::executeAction(Transaction *trans,
-    bool containsBlock, std::shared_ptr<RuleMessage> ruleMessage,
+    bool containsBlock, RuleMessage &ruleMessage,
    Action *a, bool defaultContext) {
    if (a->isDisruptive() == false && *a->m_name.get() != "block") {
        ms_dbg_a(trans, 9, "Running " \
@ -492,12 +493,12 @@ std::vector<actions::Action *> RuleWithActions::getActionsByName(const std::stri
 }
 void RuleWithActions::performLogging(Transaction *trans,
-    std::shared_ptr<RuleMessage> ruleMessage,
+    RuleMessage &ruleMessage,
    bool lastLog,
    bool chainedParentNull) const {
    /* last rule in the chain. */
-    bool isItToBeLogged = ruleMessage->m_saveMessage;
+    bool isItToBeLogged = ruleMessage.m_saveMessage;
    /**
    *
@ -512,31 +513,31 @@ void RuleWithActions::performLogging(Transaction *trans,
    **/
    if (lastLog) {
        if (chainedParentNull) {
-            isItToBeLogged = (ruleMessage->m_saveMessage && (m_chainedRuleParent == nullptr));
+            isItToBeLogged = (ruleMessage.m_saveMessage && (m_chainedRuleParent == nullptr));
            if (isItToBeLogged && !hasMultimatch()) {
                /* warn */
-                trans->m_rulesMessages.push_back(*ruleMessage);
+                trans->m_rulesMessages.push_back(ruleMessage);
                /* error */
-                if (!ruleMessage->m_isDisruptive) {
+                if (!ruleMessage.m_isDisruptive) {
                    trans->serverLog(ruleMessage);
                }
            }
        } else if (hasBlockAction() && !hasMultimatch()) {
            /* warn */
-            trans->m_rulesMessages.push_back(*ruleMessage);
+            trans->m_rulesMessages.push_back(ruleMessage);
            /* error */
-            if (!ruleMessage->m_isDisruptive) {
+            if (!ruleMessage.m_isDisruptive) {
                trans->serverLog(ruleMessage);
            }
        } else {
            if (isItToBeLogged && !hasMultimatch()
-                && !ruleMessage->m_message.empty()) {
+                && !ruleMessage.m_message.empty()) {
                /* warn */
-                trans->m_rulesMessages.push_back(*ruleMessage);
+                trans->m_rulesMessages.push_back(ruleMessage);
                /* error */
-                if (!ruleMessage->m_isDisruptive) {
+                if (!ruleMessage.m_isDisruptive) {
                    trans->serverLog(ruleMessage);
                }
            }
@ -544,16 +545,14 @@ void RuleWithActions::performLogging(Transaction *trans,
    } else {
        if (hasMultimatch() && isItToBeLogged) {
            /* warn */
-            trans->m_rulesMessages.push_back(*ruleMessage.get());
+            trans->m_rulesMessages.push_back(ruleMessage);
            /* error */
-            if (!ruleMessage->m_isDisruptive) {
+            if (!ruleMessage.m_isDisruptive) {
                trans->serverLog(ruleMessage);
            }
-            RuleMessage *rm = new RuleMessage(*this, *trans);
+            ruleMessage.reset(false);
            rm->m_saveMessage = ruleMessage->m_saveMessage;
            ruleMessage.reset(rm);
        }
    }
 }
--- a/src/rule_with_operator.cc
+++ b/src/rule_with_operator.cc
@ -102,7 +102,7 @@ void RuleWithOperator::cleanMatchedVars(Transaction *trans) {
 bool RuleWithOperator::executeOperatorAt(Transaction *trans, const std::string &key,
-    const std::string &value, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string &value, RuleMessage &ruleMessage) {
 #if MSC_EXEC_CLOCK_ENABLED
    clock_t begin = clock();
    clock_t end;
@ -202,7 +202,7 @@ inline void RuleWithOperator::getFinalVars(variables::Variables *vars,
 bool RuleWithOperator::evaluate(Transaction *trans,
-    std::shared_ptr<RuleMessage> ruleMessage) {
+    RuleMessage &ruleMessage) {
    bool globalRet = false;
    variables::Variables *variables = this->m_variables;
    bool recursiveGlobalRet;
@ -301,13 +301,13 @@ bool RuleWithOperator::evaluate(Transaction *trans,
                const bool ret = executeOperatorAt(trans, key, valueAfterTrans, ruleMessage);
                if (ret == true) {
-                    ruleMessage->m_match = m_operator->resolveMatchMessage(trans,
+                    ruleMessage.m_match = m_operator->resolveMatchMessage(trans,
                        key, value);
                    for (const auto &i : v->getOrigin()) {
-                        ruleMessage->m_reference.append(i.toText());
+                        ruleMessage.m_reference.append(i.toText());
                    }
-                    ruleMessage->m_reference.append(*valueTemp.second);
+                    ruleMessage.m_reference.append(*valueTemp.second);
                    updateMatchedVars(trans, key, valueAfterTrans);
                    executeActionsIndependentOfChainedRuleResult(trans,
                        &containsBlock, ruleMessage);
--- a/src/transaction.cc
+++ b/src/transaction.cc
@ -1750,7 +1750,7 @@ std::string Transaction::toJSON(int parts) {
 }
-void Transaction::serverLog(std::shared_ptr<RuleMessage> rm) {
+void Transaction::serverLog(const RuleMessage &rm) {
    m_ms->serverLog(m_logCbData, rm);
 }
--- a/test/unit/unit.cc
+++ b/test/unit/unit.cc
@ -32,6 +32,7 @@
 #include "test/common/modsecurity_test.h"
 #include "test/common/modsecurity_test_results.h"
 #include "test/common/modsecurity_test_context.h"
 #include "test/common/colors.h"
 #include "test/unit/unit_test.h"
 #include "src/utils/string.h"
@ -69,8 +70,10 @@ struct OperatorTest {
        return op;
    }
-    static UnitTestResult eval(ItemType &op, const UnitTest &t) {
+    static UnitTestResult eval(ItemType &op, const UnitTest &t, modsecurity::Transaction &transaction) {
-        return {op.evaluate(nullptr, nullptr, t.input, nullptr), {}};
+        modsecurity::RuleWithActions rule{nullptr, nullptr, "dummy.conf", -1};
        modsecurity::RuleMessage ruleMessage{rule, transaction};
        return {op.evaluate(&transaction, &rule, t.input, ruleMessage), {}};
    }
    static bool check(const UnitTestResult &result, const UnitTest &t) {
@ -89,9 +92,9 @@ struct TransformationTest {
        return tfn;
    }
-    static UnitTestResult eval(const ItemType &tfn, const UnitTest &t) {
+    static UnitTestResult eval(const ItemType &tfn, const UnitTest &t, modsecurity::Transaction &transaction) {
-        std::string ret = t.input;
+        auto ret = t.input;
-        tfn.transform(ret, nullptr);
+        tfn.transform(ret, &transaction);
        return {1, ret};
    }
@ -102,16 +105,16 @@ struct TransformationTest {
 template<typename TestType>
-UnitTestResult perform_unit_test_once(const UnitTest &t) {
+UnitTestResult perform_unit_test_once(const UnitTest &t, modsecurity::Transaction &transaction) {
    std::unique_ptr<typename TestType::ItemType> item(TestType::init(t));
    assert(item.get() != nullptr);
-    return TestType::eval(*item.get(), t);
+    return TestType::eval(*item.get(), t, transaction);
 }
 template<typename TestType>
-UnitTestResult perform_unit_test_multithreaded(const UnitTest &t) {
+UnitTestResult perform_unit_test_multithreaded(const UnitTest &t, modsecurity::Transaction &transaction) {
    constexpr auto NUM_THREADS = 50;
    constexpr auto ITERATIONS = 5'000;
@ -126,10 +129,10 @@ UnitTestResult perform_unit_test_multithreaded(const UnitTest &t) {
    {
        auto &result = results[i];
        threads[i] = std::thread(
-            [&item, &t, &result]()
+            [&item, &t, &result, &transaction]()
            {
                for (auto j = 0; j != ITERATIONS; ++j)
-                    result = TestType::eval(*item.get(), t);
+                    result = TestType::eval(*item.get(), t, transaction);
            });
    }
@ -150,12 +153,12 @@ UnitTestResult perform_unit_test_multithreaded(const UnitTest &t) {
 template<typename TestType>
 void perform_unit_test_helper(const ModSecurityTest<UnitTest> &test, UnitTest &t,
-    ModSecurityTestResults<UnitTest> &res) {
+    ModSecurityTestResults<UnitTest> &res, modsecurity::Transaction &transaction) {
    if (!test.m_test_multithreaded)
-        t.result = perform_unit_test_once<TestType>(t);
+        t.result = perform_unit_test_once<TestType>(t, transaction);
    else
-        t.result = perform_unit_test_multithreaded<TestType>(t);
+        t.result = perform_unit_test_multithreaded<TestType>(t, transaction);
    if (TestType::check(t.result, t)) {
        res.push_back(&t);
@ -172,6 +175,11 @@ void perform_unit_test(const ModSecurityTest<UnitTest> &test, UnitTest &t,
    ModSecurityTestResults<UnitTest> &res) {
    bool found = true;
    modsecurity_test::ModSecurityTestContext context("ModSecurity-unit v0.0.1-alpha"
                                                        " (ModSecurity unit test utility)");
    auto transaction = context.create_transaction();
    if (test.m_automake_output) {
        std::cout << ":test-result: ";
    }
@ -190,9 +198,9 @@ void perform_unit_test(const ModSecurityTest<UnitTest> &test, UnitTest &t,
    }
    if (t.type == "op") {
-        perform_unit_test_helper<OperatorTest>(test, t, res);
+        perform_unit_test_helper<OperatorTest>(test, t, res, transaction);
    } else if (t.type == "tfn") {
-        perform_unit_test_helper<TransformationTest>(test, t, res);
+        perform_unit_test_helper<TransformationTest>(test, t, res, transaction);
    } else {
        std::cerr << "Failed. Test type is unknown: << " << t.type;
        std::cerr << std::endl;