github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 11:44:32 +03:00
Code Issues Packages Projects Releases Wiki Activity

Refactoring on `utils.cc' and adjacents

Browse Source 
Completely removed the `utils.cc' by moving residual functions into
sub-classes of `utils/'
This commit is contained in:
Felipe Zimmerle
2016-11-03 20:02:37 -03:00
parent b48dccff70
commit 507ec44cc2
75 changed files with 702 additions and 686 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/actions/accuracy.cc
View File

@@ -20,10 +20,10 @@
#include "actions/action.h"
#include "modsecurity/transaction.h"
#include "src/utils.h"
#include "modsecurity/rule.h"
#include "src/macro_expansion.h"
namespace modsecurity {
namespace actions {

3
src/actions/allow.cc
View File

@@ -20,12 +20,13 @@
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "src/utils.h"
#include "utils/msc_string.h"
#include "modsecurity/modsecurity.h"
using modsecurity::utils::String;
namespace modsecurity {
namespace actions {

2
src/actions/ctl/request_body_access.h
View File

@@ -17,7 +17,7 @@
#include "actions/action.h"
#include "modsecurity/transaction.h"
#include "src/utils.h"
#ifndef SRC_ACTIONS_CTL_REQUEST_BODY_ACCESS_H_
#define SRC_ACTIONS_CTL_REQUEST_BODY_ACCESS_H_

2
src/actions/ctl/rule_remove_by_id.h
View File

@@ -17,7 +17,7 @@
#include "actions/action.h"
#include "modsecurity/transaction.h"
#include "src/utils.h"
#ifndef SRC_ACTIONS_CTL_RULE_REMOVE_BY_ID_H_
#define SRC_ACTIONS_CTL_RULE_REMOVE_BY_ID_H_

2
src/actions/ctl/rule_remove_target_by_id.h
View File

@@ -17,7 +17,7 @@
#include "actions/action.h"
#include "modsecurity/transaction.h"
#include "src/utils.h"
#ifndef SRC_ACTIONS_CTL_RULE_REMOVE_TARGET_BY_ID_H_
#define SRC_ACTIONS_CTL_RULE_REMOVE_TARGET_BY_ID_H_

2
src/actions/ctl/rule_remove_target_by_tag.h
View File

@@ -17,7 +17,7 @@
#include "actions/action.h"
#include "modsecurity/transaction.h"
#include "src/utils.h"
#ifndef SRC_ACTIONS_CTL_RULE_REMOVE_TARGET_BY_TAG_H_
#define SRC_ACTIONS_CTL_RULE_REMOVE_TARGET_BY_TAG_H_

2
src/actions/init_col.cc
View File

@@ -20,10 +20,10 @@
#include "actions/action.h"
#include "modsecurity/transaction.h"
#include "src/utils.h"
#include "modsecurity/rule.h"
#include "src/macro_expansion.h"
namespace modsecurity {
namespace actions {

1
src/actions/log.cc
View File

@@ -20,7 +20,6 @@
#include "actions/action.h"
#include "modsecurity/transaction.h"
#include "src/utils.h"
#include "operators/operator.h"

1
src/actions/log_data.cc
View File

@@ -20,7 +20,6 @@
#include "actions/action.h"
#include "modsecurity/transaction.h"
#include "src/utils.h"
#include "src/macro_expansion.h"
#include "modsecurity/rule.h"

2
src/actions/maturity.cc
View File

@@ -20,10 +20,10 @@
#include "actions/action.h"
#include "modsecurity/transaction.h"
#include "src/utils.h"
#include "modsecurity/rule.h"
#include "src/macro_expansion.h"
namespace modsecurity {
namespace actions {

1
src/actions/msg.cc
View File

@@ -20,7 +20,6 @@
#include "actions/action.h"
#include "modsecurity/transaction.h"
#include "src/utils.h"
#include "src/macro_expansion.h"
#include "modsecurity/rule.h"

1
src/actions/no_log.cc
View File

@@ -20,7 +20,6 @@
#include "actions/action.h"
#include "modsecurity/transaction.h"
#include "src/utils.h"
#include "operators/operator.h"

2
src/actions/phase.cc
View File

@@ -20,10 +20,10 @@
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "src/utils.h"
#include "modsecurity/modsecurity.h"
#include "utils/msc_string.h"
using modsecurity::utils::String;

2
src/actions/rev.cc
View File

@@ -20,10 +20,10 @@
#include "actions/action.h"
#include "modsecurity/transaction.h"
#include "src/utils.h"
#include "modsecurity/rule.h"
#include "src/macro_expansion.h"
namespace modsecurity {
namespace actions {

2
src/actions/set_sid.cc
View File

@@ -21,7 +21,7 @@
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "src/macro_expansion.h"
#include "src/utils.h"
namespace modsecurity {
namespace actions {

2
src/actions/set_uid.cc
View File

@@ -21,7 +21,7 @@
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "src/macro_expansion.h"
#include "src/utils.h"
namespace modsecurity {
namespace actions {

1
src/actions/set_var.cc
View File

@@ -21,7 +21,6 @@
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "src/macro_expansion.h"
#include "src/utils.h"
#include "utils/msc_string.h"
using modsecurity::utils::String;

2
src/actions/severity.cc
View File

@@ -21,9 +21,9 @@
#include "actions/action.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "src/utils.h"
#include "utils/msc_string.h"
using modsecurity::utils::String;

2
src/actions/skip.cc
View File

@@ -20,7 +20,7 @@
#include "actions/action.h"
#include "modsecurity/transaction.h"
#include "src/utils.h"
namespace modsecurity {
namespace actions {

2
src/actions/skip_after.cc
View File

@@ -20,7 +20,7 @@
#include "actions/action.h"
#include "modsecurity/transaction.h"
#include "src/utils.h"
namespace modsecurity {
namespace actions {

1
src/actions/tag.cc
View File

@@ -20,7 +20,6 @@
#include "actions/action.h"
#include "modsecurity/transaction.h"
#include "src/utils.h"
#include "src/macro_expansion.h"
#include "modsecurity/rule.h"

146
src/actions/transformations/css_decode.cc
View File

@@ -26,7 +26,7 @@
#include "modsecurity/transaction.h"
#include "actions/transformations/transformation.h"
#include "src/utils.h"
#include "src/utils/msc_string.h"
namespace modsecurity {
@@ -42,13 +42,155 @@ std::string CssDecode::evaluate(std::string value,
memcpy(tmp, value.c_str(), value.size() + 1);
tmp[value.size()] = '\0';
css_decode_inplace(reinterpret_cast<unsigned char *>(tmp), value.size());
CssDecode::css_decode_inplace(reinterpret_cast<unsigned char *>(tmp),
value.size());
std::string ret(tmp, 0, value.size());
free(tmp);
return ret;
}
/**
* Decode a string that contains CSS-escaped characters.
*
* References:
* http://www.w3.org/TR/REC-CSS2/syndata.html#q4
* http://www.unicode.org/roadmaps/
*/
int CssDecode::css_decode_inplace(unsigned char *input, int64_t input_len) {
unsigned char *d = (unsigned char *)input;
int64_t i, j, count;
if (input == NULL) {
return -1;
}
i = count = 0;
while (i < input_len) {
/* Is the character a backslash? */
if (input[i] == '\\') {
/* Is there at least one more byte? */
if (i + 1 < input_len) {
i++; /* We are not going to need the backslash. */
/* Check for 1-6 hex characters following the backslash */
j = 0;
while ((j < 6)
&& (i + j < input_len)
&& (VALID_HEX(input[i + j]))) {
j++;
}
if (j > 0) {
/* We have at least one valid hexadecimal character. */
int fullcheck = 0;
/* For now just use the last two bytes. */
switch (j) {
/* Number of hex characters */
case 1:
*d++ = modsecurity::utils::xsingle2c(&input[i]);
break;
case 2:
case 3:
/* Use the last two from the end. */
*d++ = modsecurity::utils::x2c(&input[i + j - 2]);
break;
case 4:
/* Use the last two from the end, but request
* a full width check.
*/
*d = modsecurity::utils::x2c(&input[i + j - 2]);
fullcheck = 1;
break;
case 5:
/* Use the last two from the end, but request
* a full width check if the number is greater
* or equal to 0xFFFF.
*/
*d = modsecurity::utils::x2c(&input[i + j - 2]);
/* Do full check if first byte is 0 */
if (input[i] == '0') {
fullcheck = 1;
} else {
d++;
}
break;
case 6:
/* Use the last two from the end, but request
* a full width check if the number is greater
* or equal to 0xFFFF.
*/
*d = modsecurity::utils::x2c(&input[i + j - 2]);
/* Do full check if first/second bytes are 0 */
if ((input[i] == '0')
&& (input[i + 1] == '0')) {
fullcheck = 1;
} else {
d++;
}
break;
}
/* Full width ASCII (0xff01 - 0xff5e) needs 0x20 added */
if (fullcheck) {
if ((*d > 0x00) && (*d < 0x5f)
&& ((input[i + j - 3] == 'f') ||
(input[i + j - 3] == 'F'))
&& ((input[i + j - 4] == 'f') ||
(input[i + j - 4] == 'F'))) {
(*d) += 0x20;
}
d++;
}
/* We must ignore a single whitespace after a hex escape */
if ((i + j < input_len) && isspace(input[i + j])) {
j++;
}
/* Move over. */
count++;
i += j;
} else if (input[i] == '\n') {
/* No hexadecimal digits after backslash */
/* A newline character following backslash is ignored. */
i++;
} else {
/* The character after backslash is not a hexadecimal digit,
* nor a newline. */
/* Use one character after backslash as is. */
*d++ = input[i++];
count++;
}
} else {
/* No characters after backslash. */
/* Do not include backslash in output
*(continuation to nothing) */
i++;
}
} else {
/* Character is not a backslash. */
/* Copy one normal character to output. */
*d++ = input[i++];
count++;
}
}
/* Terminate output string. */
*d = '\0';
return count;
}
} // namespace transformations
} // namespace actions
} // namespace modsecurity

2
src/actions/transformations/css_decode.h
View File

@@ -35,6 +35,8 @@ class CssDecode : public Transformation {
: Transformation(action) { }
std::string evaluate(std::string exp,
Transaction *transaction) override;
static int css_decode_inplace(unsigned char *input, int64_t input_len);
};

4
src/actions/transformations/escape_seq_decode.cc
View File

@@ -25,7 +25,7 @@
#include "modsecurity/transaction.h"
#include "actions/transformations/transformation.h"
#include "src/utils.h"
#include "src/utils/msc_string.h"
namespace modsecurity {
namespace actions {
@@ -92,7 +92,7 @@ int EscapeSeqDecode::ansi_c_sequences_decode_inplace(unsigned char *input,
if ((i + 3 < input_len) && (isxdigit(input[i + 2]))
&& (isxdigit(input[i + 3]))) {
/* Two digits. */
c = x2c(&input[i + 2]);
c = modsecurity::utils::x2c(&input[i + 2]);
i += 4;
} else {
/* Invalid encoding, do nothing. */

4
src/actions/transformations/hex_decode.cc
View File

@@ -25,7 +25,7 @@
#include "modsecurity/transaction.h"
#include "actions/transformations/transformation.h"
#include "src/utils.h"
#include "src/utils/msc_string.h"
namespace modsecurity {
namespace actions {
@@ -65,7 +65,7 @@ int HexDecode::inplace(unsigned char *data, int len) {
}
for (i = 0; i <= len - 2; i += 2) {
*d++ = x2c(&data[i]);
*d++ = modsecurity::utils::x2c(&data[i]);
count++;
}
*d = '\0';

1
src/actions/transformations/html_entity_decode.cc
View File

@@ -26,7 +26,6 @@
#include "modsecurity/transaction.h"
#include "actions/transformations/transformation.h"
#include "src/utils.h"
namespace modsecurity {

1
src/actions/transformations/html_entity_decode.h
View File

@@ -18,6 +18,7 @@
#include "actions/action.h"
#include "actions/transformations/transformation.h"
#include "utils/msc_string.h"
#ifndef SRC_ACTIONS_TRANSFORMATIONS_HTML_ENTITY_DECODE_H_
#define SRC_ACTIONS_TRANSFORMATIONS_HTML_ENTITY_DECODE_H_

6
src/actions/transformations/js_decode.cc
View File

@@ -26,7 +26,7 @@
#include "modsecurity/transaction.h"
#include "actions/transformations/transformation.h"
#include "src/utils.h"
#include "src/utils/msc_string.h"
namespace modsecurity {
@@ -72,7 +72,7 @@ int JsDecode::inplace(unsigned char *input, u_int64_t input_len) {
/* \uHHHH */
/* Use only the lower byte. */
*d = x2c(&input[i + 4]);
*d = modsecurity::utils::x2c(&input[i + 4]);
/* Full width ASCII (ff01 - ff5e) needs 0x20 added */
if ((*d > 0x00) && (*d < 0x5f)
@@ -87,7 +87,7 @@ int JsDecode::inplace(unsigned char *input, u_int64_t input_len) {
} else if ((i + 3 < input_len) && (input[i + 1] == 'x')
&& VALID_HEX(input[i + 2]) && VALID_HEX(input[i + 3])) {
/* \xHH */
*d++ = x2c(&input[i + 2]);
*d++ = modsecurity::utils::x2c(&input[i + 2]);
count++;
i += 4;
} else if ((i + 1 < input_len) && ISODIGIT(input[i + 1])) {

168
src/actions/transformations/normalise_path.cc
View File

@@ -26,7 +26,6 @@
#include "modsecurity/transaction.h"
#include "actions/transformations/transformation.h"
#include "src/utils.h"
namespace modsecurity {
@@ -57,6 +56,173 @@ std::string NormalisePath::evaluate(std::string value,
return ret;
}
/**
*
* IMP1 Assumes NUL-terminated
*/
int NormalisePath::normalize_path_inplace(unsigned char *input, int input_len,
int win, int *changed) {
unsigned char *src;
unsigned char *dst;
unsigned char *end;
int ldst = 0;
int hitroot = 0;
int done = 0;
int relative;
int trailing;
*changed = 0;
/* Need at least one byte to normalize */
if (input_len <= 0) return 0;
/*
* ENH: Deal with UNC and drive letters?
*/
src = dst = input;
end = input + (input_len - 1);
ldst = 1;
relative = ((*input == '/') || (win && (*input == '\\'))) ? 0 : 1;
trailing = ((*end == '/') || (win && (*end == '\\'))) ? 1 : 0;
while (!done && (src <= end) && (dst <= end)) {
/* Convert backslash to forward slash on Windows only. */
if (win) {
if (*src == '\\') {
*src = '/';
*changed = 1;
}
if ((src < end) && (*(src + 1) == '\\')) {
*(src + 1) = '/';
*changed = 1;
}
}
/* Always normalize at the end of the input. */
if (src == end) {
done = 1;
} else if (*(src + 1) != '/') {
/* Skip normalization if this is NOT the
*end of the path segment. */
goto copy; /* Skip normalization. */
}
/*** Normalize the path segment. ***/
/* Could it be an empty path segment? */
if ((src != end) && *src == '/') {
/* Ignore */
*changed = 1;
goto copy; /* Copy will take care of this. */
} else if (*src == '.') {
/* Could it be a back or self reference? */
/* Back-reference? */
if ((dst > input) && (*(dst - 1) == '.')) {
/* If a relative path and either our normalization has
* already hit the rootdir, or this is a backref with no
* previous path segment, then mark that the rootdir was hit
* and just copy the backref as no normilization is possible.
*/
if (relative && (hitroot || ((dst - 2) <= input))) {
hitroot = 1;
goto copy; /* Skip normalization. */
}
/* Remove backreference and the previous path segment. */
dst -= 3;
while ((dst > input) && (*dst != '/')) {
dst--;
}
/* But do not allow going above rootdir. */
if (dst <= input) {
hitroot = 1;
dst = input;
/* Need to leave the root slash if this
* is not a relative path and the end was reached
* on a backreference.
*/
if (!relative && (src == end)) {
dst++;
}
}
if (done) goto length; /* Skip the copy. */
src++;
*changed = 1;
} else if (dst == input) {
/* Relative Self-reference? */
*changed = 1;
/* Ignore. */
if (done) goto length; /* Skip the copy. */
src++;
} else if (*(dst - 1) == '/') {
/* Self-reference? */
*changed = 1;
/* Ignore. */
if (done) goto length; /* Skip the copy. */
dst--;
src++;
}
} else if (dst > input) {
/* Found a regular path segment. */
hitroot = 0;
}
copy:
/*** Copy the byte if required. ***/
/* Skip to the last forward slash when multiple are used. */
if (*src == '/') {
unsigned char *oldsrc = src;
while ((src < end)
&& ((*(src + 1) == '/') || (win && (*(src + 1) == '\\'))) ) {
src++;
}
if (oldsrc != src) *changed = 1;
/* Do not copy the forward slash to the root
* if it is not a relative path. Instead
* move over the slash to the next segment.
*/
if (relative && (dst == input)) {
src++;
goto length; /* Skip the copy */
}
}
*(dst++) = *(src++);
length:
ldst = (dst - input);
}
/* Make sure that there is not a trailing slash in the
* normalized form if there was not one in the original form.
*/
if (!trailing && (dst > input) && *(dst - 1) == '/') {
ldst--;
dst--;
}
/* Always NUL terminate */
*dst = '\0';
return ldst;
}
} // namespace transformations
} // namespace actions
} // namespace modsecurity

3
src/actions/transformations/normalise_path.h
View File

@@ -33,6 +33,9 @@ class NormalisePath : public Transformation {
explicit NormalisePath(std::string action);
std::string evaluate(std::string exp,
Transaction *transaction) override;
static int normalize_path_inplace(unsigned char *input, int input_len,
int win, int *changed);
};
} // namespace transformations

5
src/actions/transformations/normalise_path_win.cc
View File

@@ -26,7 +26,7 @@
#include "modsecurity/transaction.h"
#include "actions/transformations/transformation.h"
#include "src/utils.h"
#include "actions/transformations/normalise_path.h"
namespace modsecurity {
@@ -43,7 +43,8 @@ std::string NormalisePathWin::evaluate(std::string value,
memcpy(tmp, value.c_str(), value.size() + 1);
tmp[value.size()] = '\0';
int i = normalize_path_inplace(reinterpret_cast<unsigned char *>(tmp),
int i = NormalisePath::normalize_path_inplace(
reinterpret_cast<unsigned char *>(tmp),
value.size(), 1, &changed);
std::string ret("");

2
src/actions/transformations/remove_nulls.cc
View File

@@ -26,7 +26,7 @@
#include "modsecurity/transaction.h"
#include "actions/transformations/transformation.h"
#include "src/utils.h"
namespace modsecurity {
namespace actions {

1
src/actions/transformations/replace_comments.cc
View File

@@ -25,7 +25,6 @@
#include "modsecurity/transaction.h"
#include "actions/transformations/transformation.h"
#include "src/utils.h"
namespace modsecurity {

1
src/actions/transformations/sha1.cc
View File

@@ -25,7 +25,6 @@
#include "modsecurity/transaction.h"
#include "actions/transformations/transformation.h"
#include "utils/sha1.h"
#include "src/utils.h"
namespace modsecurity {

4
src/actions/transformations/sql_hex_decode.cc
View File

@@ -25,7 +25,7 @@
#include "modsecurity/transaction.h"
#include "actions/transformations/transformation.h"
#include "src/utils.h"
#include "src/utils/msc_string.h"
namespace modsecurity {
@@ -96,7 +96,7 @@ int SqlHexDecode::inplace(unsigned char *data, int len) {
}
while (VALID_HEX(data[0]) && VALID_HEX(data[1])) {
*d++ = x2c(data);
*d++ = modsecurity::utils::x2c(data);
data += 2;
count += 2;
}

4
src/actions/transformations/url_decode.cc
View File

@@ -25,7 +25,7 @@
#include "modsecurity/transaction.h"
#include "actions/transformations/transformation.h"
#include "src/utils.h"
#include "src/utils/decode.h"
namespace modsecurity {
namespace actions {
@@ -51,7 +51,7 @@ std::string UrlDecode::evaluate(std::string value,
memcpy(val, value.c_str(), value.size() + 1);
val[value.size()] = '\0';
int size = urldecode_nonstrict_inplace(val, value.size(),
int size = utils::urldecode_nonstrict_inplace(val, value.size(),
&invalid_count, &changed);
std::string out;

6
src/actions/transformations/url_decode_uni.cc
View File

@@ -27,7 +27,7 @@
#include "modsecurity/transaction.h"
#include "actions/transformations/transformation.h"
#include "src/utils.h"
#include "src/utils/msc_string.h"
#include "modsecurity/rules.h"
namespace modsecurity {
@@ -114,7 +114,7 @@ int UrlDecodeUni::inplace(unsigned char *input, u_int64_t input_len,
} else {
/* We first make use of the lower byte here,
* ignoring the higher byte. */
*d = x2c(&input[i + 4]);
*d = modsecurity::utils::x2c(&input[i + 4]);
/* Full width ASCII (ff01 - ff5e)
* needs 0x20 added */
@@ -153,7 +153,7 @@ int UrlDecodeUni::inplace(unsigned char *input, u_int64_t input_len,
char c2 = input[i + 2];
if (VALID_HEX(c1) && VALID_HEX(c2)) {
*d++ = x2c(&input[i + 1]);
*d++ = modsecurity::utils::x2c(&input[i + 1]);
count++;
i += 3;
} else {

4
src/actions/transformations/url_encode.cc
View File

@@ -24,7 +24,7 @@
#include "modsecurity/transaction.h"
#include "actions/transformations/transformation.h"
#include "src/utils.h"
#include "src/utils/msc_string.h"
namespace modsecurity {
namespace actions {
@@ -69,7 +69,7 @@ std::string UrlEncode::url_enc(const char *input,
} else {
*d++ = '%';
count++;
c2x(c, (unsigned char *)d);
modsecurity::utils::c2x(c, (unsigned char *)d);
d += 2;
count++;
count++;

4
src/actions/transformations/utf8_to_unicode.cc
View File

@@ -25,7 +25,7 @@
#include "modsecurity/transaction.h"
#include "actions/transformations/transformation.h"
#include "src/utils.h"
#include "src/utils/msc_string.h"
namespace modsecurity {
@@ -93,7 +93,7 @@ char *Utf8ToUnicode::inplace(unsigned char *input,
count++;
if (count <= len) {
if (c == 0)
*data = x2c(&c);
*data = modsecurity::utils::x2c(&c);
else
*data++ = c;
}

1
src/actions/ver.cc
View File

@@ -20,7 +20,6 @@
#include "actions/action.h"
#include "modsecurity/transaction.h"
#include "src/utils.h"
#include "modsecurity/rule.h"
#include "src/macro_expansion.h"

1
src/actions/xmlns.cc
View File

@@ -20,7 +20,6 @@
#include "actions/action.h"
#include "modsecurity/transaction.h"
#include "src/utils.h"
namespace modsecurity {
namespace actions {