From 57553f08e3972e07e7d77b46b9d779b609736029 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Mon, 19 Nov 2018 13:57:47 -0300 Subject: [PATCH] Having a class Rules --- headers/modsecurity/rules.h | 48 +++++++++++++++++++++++++++++++ headers/modsecurity/rules_set.h | 27 ++++++++--------- src/Makefile.am | 1 + src/parser/driver.cc | 6 ++-- src/rules_set.cc | 18 ++++++------ test/optimization/optimization.cc | 10 +++---- 6 files changed, 80 insertions(+), 30 deletions(-) create mode 100644 headers/modsecurity/rules.h diff --git a/headers/modsecurity/rules.h b/headers/modsecurity/rules.h new file mode 100644 index 00000000..531d4b77 --- /dev/null +++ b/headers/modsecurity/rules.h @@ -0,0 +1,48 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include +#include + +#ifdef __cplusplus +#include +#include +#include +#include +#include +#endif + + +#ifndef HEADERS_MODSECURITY_RULES_H_ +#define HEADERS_MODSECURITY_RULES_H_ + +#include "modsecurity/rules_set_properties.h" +#include "modsecurity/modsecurity.h" +#include "modsecurity/transaction.h" +#include "modsecurity/rule.h" + +#ifdef __cplusplus +namespace modsecurity { + + +class Rules : public std::vector { + public: +}; + + +} // namespace modsecurity +#endif + +#endif // HEADERS_MODSECURITY_RULES_H_ diff --git a/headers/modsecurity/rules_set.h b/headers/modsecurity/rules_set.h index c8ab79e4..58b51ee4 100644 --- a/headers/modsecurity/rules_set.h +++ b/headers/modsecurity/rules_set.h @@ -25,12 +25,14 @@ #endif -#ifndef HEADERS_MODSECURITY_RULES_H_ -#define HEADERS_MODSECURITY_RULES_H_ +#ifndef HEADERS_MODSECURITY_RULES_SET_H_ +#define HEADERS_MODSECURITY_RULES_SET_H_ #include "modsecurity/rules_set_properties.h" #include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" +#include "modsecurity/rule.h" +#include "modsecurity/rules.h" #ifdef __cplusplus @@ -40,17 +42,16 @@ namespace Parser { class Driver; } - class RulesSetPhases { public: ~RulesSetPhases() { /** Cleanup the rules */ for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) { - std::vector rules = m_rules[i]; - while (rules.empty() == false) { - Rule *rule = rules.back(); - rules.pop_back(); + Rules *rules = &m_rules[i]; + while (rules->empty() == false) { + Rule *rule = rules->back(); + rules->pop_back(); if (rule->refCountDecreaseAndCheck()) { rule = NULL; } @@ -84,8 +85,8 @@ class RulesSetPhases { std::sort (v.begin(), v.end()); for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) { - for (size_t j = 0; j < from->at(i).size(); j++) { - Rule *rule = from->at(i).at(j); + for (size_t j = 0; j < from->at(i)->size(); j++) { + Rule *rule = from->at(i)->at(j); if (std::binary_search(v.begin(), v.end(), rule->m_ruleId)) { if (err != NULL) { *err << "Rule id: " << std::to_string(rule->m_ruleId) \ @@ -115,10 +116,10 @@ class RulesSetPhases { } } - std::vector operator[](int index) { return m_rules[index]; } - std::vector at(int index) { return m_rules[index]; } + Rules *operator[](int index) { return &m_rules[index]; } + Rules *at(int index) { return &m_rules[index]; } - std::vector m_rules[8]; + Rules m_rules[8]; }; @@ -192,4 +193,4 @@ int msc_rules_cleanup(RulesSet *rules); } // namespace modsecurity #endif -#endif // HEADERS_MODSECURITY_RULES_H_ +#endif // HEADERS_MODSECURITY_RULES_SET_H_ diff --git a/src/Makefile.am b/src/Makefile.am index 22ebf256..af4b149f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -42,6 +42,7 @@ pkginclude_HEADERS = \ ../headers/modsecurity/intervention.h \ ../headers/modsecurity/modsecurity.h \ ../headers/modsecurity/rule.h \ + ../headers/modsecurity/rules.h \ ../headers/modsecurity/rule_message.h \ ../headers/modsecurity/rules_set.h \ ../headers/modsecurity/rules_set_properties.h \ diff --git a/src/parser/driver.cc b/src/parser/driver.cc index 54c2e71c..62fd4d9b 100644 --- a/src/parser/driver.cc +++ b/src/parser/driver.cc @@ -119,9 +119,9 @@ int Driver::addSecRule(Rule *rule) { return false; } for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) { - std::vector rules = m_rulesSetPhases[i]; - for (int j = 0; j < rules.size(); j++) { - if (rules[j]->m_ruleId == rule->m_ruleId) { + Rules *rules = m_rulesSetPhases[i]; + for (int j = 0; j < rules->size(); j++) { + if (rules->at(j)->m_ruleId == rule->m_ruleId) { m_parserError << "Rule id: " << std::to_string(rule->m_ruleId) \ << " is duplicated" << std::endl; return false; diff --git a/src/rules_set.cc b/src/rules_set.cc index 2293dde2..78130980 100644 --- a/src/rules_set.cc +++ b/src/rules_set.cc @@ -155,10 +155,10 @@ int RulesSet::evaluate(int phase, Transaction *t) { return 0; } - std::vector rules = m_rulesSetPhases[phase]; + std::vector *rules = m_rulesSetPhases[phase]; ms_dbg_a(t, 9, "This phase consists of " \ - + std::to_string(rules.size()) + " rule(s)."); + + std::to_string(rules->size()) + " rule(s)."); if (t->m_allowType == actions::disruptive::FromNowOnAllowType && phase != modsecurity::Phases::LoggingPhase) { @@ -176,8 +176,8 @@ int RulesSet::evaluate(int phase, Transaction *t) { t->m_allowType = actions::disruptive::NoneAllowType; } - for (int i = 0; i < rules.size(); i++) { - Rule *rule = rules[i]; + for (int i = 0; i < rules->size(); i++) { + Rule *rule = rules->at(i); if (t->m_marker.empty() == false) { ms_dbg_a(t, 9, "Skipped rule id '" + std::to_string(rule->m_ruleId) \ + "' due to a SecMarker: " + t->m_marker); @@ -299,13 +299,13 @@ void RulesSet::debug(int level, const std::string &id, void RulesSet::dump() { std::cout << "Rules: " << std::endl; for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) { - std::vector rules = m_rulesSetPhases[i]; + std::vector *rules = m_rulesSetPhases[i]; std::cout << "Phase: " << std::to_string(i); - std::cout << " (" << std::to_string(rules.size()); + std::cout << " (" << std::to_string(rules->size()); std::cout << " rules)" << std::endl; - for (int j = 0; j < rules.size(); j++) { - std::cout << " Rule ID: " << std::to_string(rules[j]->m_ruleId); - std::cout << "--" << rules[j] << std::endl; + for (int j = 0; j < rules->size(); j++) { + std::cout << " Rule ID: " << std::to_string(rules->at(j)->m_ruleId); + std::cout << "--" << rules->at(j) << std::endl; } } } diff --git a/test/optimization/optimization.cc b/test/optimization/optimization.cc index d42fecd6..d07b84c1 100644 --- a/test/optimization/optimization.cc +++ b/test/optimization/optimization.cc @@ -68,18 +68,18 @@ int main(int argc, char **argv) { int nphases = modsecurity::Phases::NUMBER_OF_PHASES; for (int i = 0; i < nphases; i++) { - std::vector rules = modsecRules->m_rulesSetPhases[i]; - if (rules.size() == 0) { + std::vector *rules = modsecRules->m_rulesSetPhases[i]; + if (rules->size() == 0) { continue; } std::cout << "Phase: " << std::to_string(i); - std::cout << " (" << std::to_string(rules.size()); + std::cout << " (" << std::to_string(rules->size()); std::cout << " rules)" << std::endl; std::unordered_map operators; std::unordered_map variables; std::unordered_map op2var; - for (auto &z : rules) { + for (auto &z : *rules) { std::string key; if (z == NULL) { continue; @@ -138,7 +138,7 @@ int main(int argc, char **argv) { std::cout << std::endl; } - total += rules.size(); + total += rules->size(); } std::cout << std::endl;