Fix disruptive actions execution

src/actions/action.cc

@@ -23,12 +23,14 @@
 
 #include "actions/block.h"
 #include "actions/chain.h"
+#include "actions/deny.h"
 #include "actions/redirect.h"
 #include "actions/status.h"
 #include "actions/rule_id.h"
 #include "actions/phase.h"
 #include "actions/severity.h"
 #include "actions/capture.h"
+#include "actions/pass.h"
 
 
 
@@ -82,6 +84,12 @@ Action *Action::instantiate(const std::string& name) {
     if (name == "capture") {
         return new Capture(name);
     }
+    if (name == "pass") {
+        return new Pass(name);
+    }
+    if (name == "deny") {
+        return new Deny(name);
+    }
     return new Action(name);
 }
 

src/actions/block.cc

@@ -19,6 +19,7 @@
 #include <string>
 
 #include "modsecurity/assay.h"
+#include "src/rule.h"
 
 namespace ModSecurity {
 namespace actions {
@@ -31,13 +32,16 @@ Block::Block(std::string action)
 
 
 bool Block::evaluate(Rule *rule, Assay *assay) {
-    assay->actions.push_back(this);
+    for (Action *a : rule->actions_runtime_pos) {
+        if (a->isDisruptive() == true) {
+            assay->actions.push_back(a);
+        }
+    }
     return true;
 }
 
 void Block::fill_intervention(ModSecurityIntervention *i) {
-    i->status = 403;
-    i->log = "Blocked request!";
+
 }
 
 }  // namespace actions

src/actions/block.h

@@ -35,6 +35,7 @@ class Block : public Action {
 
     bool evaluate(Rule *rule, Assay *assay) override;
     void fill_intervention(ModSecurityIntervention *i) override;
+    bool isDisruptive() override { return true; }
 };
 
 }  // namespace actions

src/actions/deny.cc

@@ -0,0 +1,44 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "actions/deny.h"
+
+#include <iostream>
+#include <string>
+
+#include "modsecurity/assay.h"
+
+namespace ModSecurity {
+namespace actions {
+
+Deny::Deny(std::string action)
+    : Action(action) {
+    this->action = action;
+    this->action_kind = 2;
+}
+
+
+bool Deny::evaluate(Rule *rule, Assay *assay) {
+    assay->actions.push_back(this);
+    return true;
+}
+
+void Deny::fill_intervention(ModSecurityIntervention *i) {
+    i->status = 403;
+    i->log = "Deny action";
+}
+
+}  // namespace actions
+}  // namespace ModSecurity

src/actions/deny.h

@@ -0,0 +1,41 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+
+#include "actions/action.h"
+#include "modsecurity/assay.h"
+
+#ifndef SRC_ACTIONS_DENY_H_
+#define SRC_ACTIONS_DENY_H_
+
+namespace ModSecurity {
+namespace actions {
+
+
+class Deny : public Action {
+ public:
+    explicit Deny(std::string action);
+
+    bool evaluate(Rule *rule, Assay *assay) override;
+    void fill_intervention(ModSecurityIntervention *i) override;
+    bool isDisruptive() override { return true; }
+};
+
+
+}  // namespace actions
+}  // namespace ModSecurity
+
+#endif  // SRC_ACTIONS_DENY_H_

src/actions/pass.cc

@@ -0,0 +1,44 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "actions/pass.h"
+
+#include <iostream>
+#include <string>
+
+#include "modsecurity/assay.h"
+#include "src/rule.h"
+
+namespace ModSecurity {
+namespace actions {
+
+Pass::Pass(std::string action)
+    : Action(action) {
+    this->action = action;
+    this->action_kind = 2;
+}
+
+
+bool Pass::evaluate(Rule *rule, Assay *assay) {
+    assay->actions.clear();
+    return true;
+}
+
+void Pass::fill_intervention(ModSecurityIntervention *i) {
+
+}
+
+}  // namespace actions
+}  // namespace ModSecurity

src/actions/pass.h

@@ -0,0 +1,41 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+
+#include "actions/action.h"
+#include "modsecurity/assay.h"
+
+#ifndef SRC_ACTIONS_PASS_H_
+#define SRC_ACTIONS_PASS_H_
+
+namespace ModSecurity {
+namespace actions {
+
+
+class Pass : public Action {
+ public:
+    explicit Pass(std::string action);
+
+    bool evaluate(Rule *rule, Assay *assay) override;
+    void fill_intervention(ModSecurityIntervention *i) override;
+    bool isDisruptive() override { return true; }
+};
+
+}  // namespace actions
+}  // namespace ModSecurity
+
+
+#endif  // SRC_ACTIONS_PASS_H_

src/actions/redirect.h

@@ -37,6 +37,7 @@ class Redirect : public Action {
     int status;
     std::string url;
     void fill_intervention(ModSecurityIntervention *i) override;
+    bool isDisruptive() override { return true; }
 };
 
 }  // namespace actions