Adds initial support to chained rules

src/Makefile.am

@@ -33,6 +33,7 @@ ACTIONS = \
 	actions/action.cc \
 	actions/audit_log.cc \
 	actions/block.cc \
+	actions/chain.cc \
 	actions/no_audit_log.cc \
 	actions/phase.cc \
 	actions/redirect.cc \

src/actions/action.cc

@@ -20,6 +20,7 @@
 
 #include "modsecurity/assay.h"
 #include "actions/block.h"
+#include "actions/chain.h"
 #include "actions/redirect.h"
 #include "actions/status.h"
 #include "actions/rule_id.h"
@@ -27,6 +28,7 @@
 #include "actions/severity.h"
 
 
+
 #define IF_MATCH(a) \
     if (op.compare(1, std::strlen(#a), #a) == 0)
 
@@ -79,7 +81,9 @@ Action *Action::instantiate(std::string name) {
     if (name.compare(0, severity.length(), severity) == 0) {
         return new Severity(name);
     }
-
+    if (name == "chain") {
+        return new Chain(name);
+    }
     return new Action(name);
 }
 

src/actions/chain.cc

@@ -0,0 +1,35 @@
+/**
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "actions/chain.h"
+
+#include <iostream>
+#include <string>
+
+#include "modsecurity/assay.h"
+#include "src/rule.h"
+
+namespace ModSecurity {
+namespace actions {
+
+
+
+bool Chain::evaluate(Rule *rule) {
+    rule->chained = true;
+    return true;
+}
+
+}  // namespace actions
+}  // namespace ModSecurity

src/actions/chain.h

@@ -0,0 +1,45 @@
+/**
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+
+#include "actions/action.h"
+
+#ifndef SRC_ACTIONS_CHAIN_H_
+#define SRC_ACTIONS_CHAIN_H_
+
+#ifdef __cplusplus
+class Assay;
+
+namespace ModSecurity {
+class Assay;
+class Rule;
+
+namespace actions {
+
+
+class Chain : public Action {
+ public:
+    explicit Chain(std::string action)
+        : Action(action, ConfigurationKind) { }
+
+    bool evaluate(Rule *rule) override;
+};
+
+}  // namespace actions
+}  // namespace ModSecurity
+#endif
+
+#endif  // SRC_ACTIONS_CHAIN_H_

src/parser/driver.cc

@@ -34,9 +34,33 @@ int Driver::addSecRule(ModSecurity::Rule *rule) {
         /** TODO: return an error message */
         return -1;
     }
+
+    int size = this->rules[rule->phase].size();
+
+    if (size == 0) {
+        this->rules[rule->phase].push_back(rule);
+        return true;
+    }
+
+    ModSecurity::Rule *lastRule = this->rules[rule->phase][size-1];
+    if (lastRule->chained && lastRule->chainedRule == NULL) {
+        lastRule->chainedRule = rule;
+        return true;
+    }
+    if (lastRule->chained && lastRule->chainedRule != NULL) {
+        ModSecurity::Rule *a = lastRule->chainedRule;
+        while (a->chained && a->chainedRule != NULL) {
+            a = a->chainedRule;
+        }
+        if (a->chained && a->chainedRule == NULL) {
+            a->chainedRule = rule;
+            return true;
+        }
+    }
+
     this->rules[rule->phase].push_back(rule);
 
-    return 1;
+    return true;
 }
 
 

src/parser/seclang-scanner.ll

@@ -59,7 +59,7 @@ OPERATORNOARG	(?i:@detectSQLi|@detectXSS|@geoLookup|@validateUrlEncoding|@valida
 
 TRANSFORMATION  t:(lowercase|urlDecodeUni|urlDecode|none|compressWhitespace|removeWhitespace|replaceNulls|removeNulls|htmlEntityDecode|jsDecode|cssDecode|trim)
 
-VARIABLE          (?i:INBOUND_DATA_ERROR|FULL_REQUEST|FILES|AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX|GEO)
+VARIABLE          (?i:MATCHED_VAR|INBOUND_DATA_ERROR|FULL_REQUEST|FILES|AUTH_TYPE|ARGS_NAMES|ARGS|QUERY_STRING|REMOTE_ADDR|REQUEST_BASENAME|REQUEST_BODY|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_METHOD|REQUEST_PROTOCOL|REQUEST_URI|RESPONSE_BODY|RESPONSE_CONTENT_LENGTH|RESPONSE_CONTENT_TYPE|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_PROTOCOL|RESPONSE_STATUS|TX|GEO)
 RUN_TIME_VAR_DUR  (?i:DURATION)
 RUN_TIME_VAR_ENV  (?i:ENV)
 RUN_TIME_VAR_BLD  (?i:MODSEC_BUILD)

src/rule.cc

@@ -36,7 +36,9 @@ using actions::Action;
 Rule::Rule(Operator *_op,
         std::vector<Variable *> *_variables,
         std::vector<Action *> *_actions)
-    : variables(_variables),
+    : chained(false),
+    chainedRule(NULL),
+    variables(_variables),
     op(_op),
     rule_id(0),
     phase(-1) {
@@ -111,6 +113,10 @@ bool Rule::evaluate(Assay *assay) {
                     assay->debug(4, "Running action: " + a->action);
                     a->evaluate(assay);
                 }
+
+                if (this->chained && this->chainedRule != NULL) {
+                    this->chainedRule->evaluate(assay);
+                }
             } else {
                 assay->debug(4, "Rule returned 0.");
             }

src/rule.h

@@ -44,6 +44,9 @@ class Rule {
     std::vector<Variable *> *variables;
     int phase;
     double rule_id;
+
+    Rule *chainedRule;
+    bool chained;
 };
 
 }  // namespace ModSecurity