From 5b204642abd00f20e4f2f0392a51fe90ad3426ab Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Wed, 23 Sep 2020 13:48:15 -0300 Subject: [PATCH] Refactoring on Action - having RuleWithAction and RuleWithActionsProperties --- src/Makefile.am | 1 + src/actions/action_with_run_time_string.h | 4 +- src/actions/audit_log.h | 2 +- src/actions/block.h | 2 +- src/actions/capture.h | 2 +- src/actions/log.h | 2 +- src/actions/multi_match.h | 2 +- src/actions/no_audit_log.h | 2 +- src/actions/no_log.h | 2 +- src/actions/set_var.h | 2 +- src/actions/tag.h | 2 +- src/audit_log/audit_log.cc | 12 +- src/operators/detect_sqli.cc | 2 +- src/operators/detect_xss.cc | 2 +- src/operators/pm.cc | 2 +- src/operators/rbl.cc | 2 +- src/operators/rx.cc | 2 +- src/operators/rx_global.cc | 2 +- src/operators/verify_cc.cc | 2 +- src/operators/verify_cpf.cc | 2 +- src/operators/verify_ssn.cc | 2 +- src/operators/verify_svnr.cc | 2 +- src/parser/driver.cc | 39 +- src/parser/seclang-parser.cc | 1581 +++++++++--------- src/parser/seclang-parser.yy | 47 +- src/rule_message.cc | 2 +- src/rule_script.h | 2 +- src/rule_unconditional.h | 2 +- src/rule_with_actions.cc | 475 +++--- src/rule_with_actions.h | 671 +++----- src/rule_with_actions_properties.cc | 150 ++ src/rule_with_actions_properties.h | 213 +++ src/rule_with_operator.cc | 7 +- src/rule_with_operator.h | 2 +- src/rules_set.cc | 4 +- src/run_time_string.h | 14 +- src/transaction.cc | 7 +- src/transformation_result.h | 68 + src/variables/rule.h | 4 +- src/variables/rule_variable.h | 2 +- src/variables/variable_with_runtime_string.h | 2 +- test/test-cases/regression/auditlog.json | 349 ++++ test/test-cases/regression/issue-1528.json | 5 +- test/test-cases/regression/issue-1844.json | 4 +- 44 files changed, 2172 insertions(+), 1533 deletions(-) create mode 100644 src/rule_with_actions_properties.cc create mode 100644 src/rule_with_actions_properties.h create mode 100644 src/transformation_result.h diff --git a/src/Makefile.am b/src/Makefile.am index 553fc819..930c6e65 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -289,6 +289,7 @@ libmodsecurity_la_SOURCES = \ rules.cc \ rule_unconditional.cc \ rule_with_actions.cc \ + rule_with_actions_properties.cc \ rule_with_operator.cc \ rule_message.cc \ rule_script.cc \ diff --git a/src/actions/action_with_run_time_string.h b/src/actions/action_with_run_time_string.h index 76e12d3e..2d1b577d 100644 --- a/src/actions/action_with_run_time_string.h +++ b/src/actions/action_with_run_time_string.h @@ -43,14 +43,14 @@ class ActionWithRunTimeString : public virtual Action { return *this; } - virtual void populate(RuleWithActions *rule) { + virtual void populate(const RuleWithActions *rule) { if (m_string) { m_string->populate(rule); } } std::string getEvaluatedRunTimeString(const Transaction *transaction) const noexcept { - return (m_string == nullptr)?"":m_string->evaluate(transaction); + return (!m_string)?"":m_string->evaluate(transaction); } bool hasRunTimeString() const noexcept { diff --git a/src/actions/audit_log.h b/src/actions/audit_log.h index d1851537..0f34bab5 100644 --- a/src/actions/audit_log.h +++ b/src/actions/audit_log.h @@ -36,7 +36,7 @@ class AuditLog : public ActionTypeRuleMetaData, { } void configure(RuleWithActions *rule) override { - rule->setHasAuditLogAction(true); + rule->setAuditLog(true); } }; diff --git a/src/actions/block.h b/src/actions/block.h index 8800ea05..e50d8372 100644 --- a/src/actions/block.h +++ b/src/actions/block.h @@ -37,7 +37,7 @@ class Block : public ActionTypeRuleMetaData, { } void configure(RuleWithActions *rule) override { - rule->setHasBlockAction(true); + rule->setBlock(true); } }; diff --git a/src/actions/capture.h b/src/actions/capture.h index 041635a5..28bb02fb 100644 --- a/src/actions/capture.h +++ b/src/actions/capture.h @@ -33,7 +33,7 @@ class Capture : public ActionTypeRuleMetaData { : Action("capture") { } void configure(RuleWithActions *rule) override { - rule->setHasCaptureAction(true); + rule->setHasCapture(true); } }; diff --git a/src/actions/log.h b/src/actions/log.h index caa968da..b69edca7 100644 --- a/src/actions/log.h +++ b/src/actions/log.h @@ -37,7 +37,7 @@ class Log : public ActionTypeRuleMetaData, { } void configure(RuleWithActions *rule) override { - rule->setHasLogAction(true); + rule->setLog(true); } }; diff --git a/src/actions/multi_match.h b/src/actions/multi_match.h index f8a72694..74f14313 100644 --- a/src/actions/multi_match.h +++ b/src/actions/multi_match.h @@ -34,7 +34,7 @@ class MultiMatch : public ActionTypeRuleMetaData { void configure(RuleWithActions *rule) override { - rule->setHasMultimatchAction(true); + rule->setMultiMatch(true); } }; diff --git a/src/actions/no_audit_log.h b/src/actions/no_audit_log.h index 8b0252bb..604d65c8 100644 --- a/src/actions/no_audit_log.h +++ b/src/actions/no_audit_log.h @@ -36,7 +36,7 @@ class NoAuditLog : public ActionTypeRuleMetaData, { } void configure(RuleWithActions *rule) override { - rule->setHasNoAuditLogAction(true); + rule->setNoAuditLog(true); } }; diff --git a/src/actions/no_log.h b/src/actions/no_log.h index 126458d9..6d74068a 100644 --- a/src/actions/no_log.h +++ b/src/actions/no_log.h @@ -36,7 +36,7 @@ class NoLog : public ActionTypeRuleMetaData, { } void configure(RuleWithActions *rule) override { - rule->setHasNoLogAction(true); + rule->setNoLog(true); } }; diff --git a/src/actions/set_var.h b/src/actions/set_var.h index f8b24a42..bb0d1daa 100644 --- a/src/actions/set_var.h +++ b/src/actions/set_var.h @@ -87,7 +87,7 @@ class SetVar : public ActionWithRunTimeString, public ActionWithExecution { bool execute(Transaction *transaction) const noexcept override; - void populate(RuleWithActions *rule) override { + void populate(const RuleWithActions *rule) override { ActionWithRunTimeString::populate(rule); variables::RuleVariable *rulev = dynamic_cast( diff --git a/src/actions/tag.h b/src/actions/tag.h index e11605ac..100fd9c6 100644 --- a/src/actions/tag.h +++ b/src/actions/tag.h @@ -47,7 +47,7 @@ class Tag : public ActionWithRunTimeString, bool execute(Transaction *transaction) const noexcept override; - inline std::string getTagName(Transaction *transaction) const { + inline std::string getTagName(const Transaction *transaction) const { return getEvaluatedRunTimeString(transaction); } diff --git a/src/audit_log/audit_log.cc b/src/audit_log/audit_log.cc index d6105b53..9b198574 100644 --- a/src/audit_log/audit_log.cc +++ b/src/audit_log/audit_log.cc @@ -288,8 +288,18 @@ bool AuditLog::saveIfRelevant(Transaction *transaction) const noexcept { return false; } + // FIXME: This could be pre-computed. No need to compute in run time. + bool isThereSomethingToBeSaved = false; + for (RuleMessage *i : transaction->messageGetAll()) { + if (i->toBeAuditLog()) { + isThereSomethingToBeSaved = true; + break; + } + } + if ((m_status == RelevantOnlyAuditLogStatus - && isRelevant(transaction->m_httpCodeReturned) == false)) { + && isRelevant(transaction->m_httpCodeReturned) == false) + && isThereSomethingToBeSaved == false) { ms_dbg_a(transaction, 9, "Return code `" + std::to_string(transaction->m_httpCodeReturned) + "'" \ " is not interesting to audit logs, relevant code(s): `" + diff --git a/src/operators/detect_sqli.cc b/src/operators/detect_sqli.cc index 5cd83be9..c99861e5 100644 --- a/src/operators/detect_sqli.cc +++ b/src/operators/detect_sqli.cc @@ -45,7 +45,7 @@ bool DetectSQLi::evaluate(Transaction *transaction, ms_dbg_a(transaction, 4, "detected SQLi using libinjection with " \ "fingerprint '" + std::string(fingerprint) + "' at: '" + input.to_string() + "'"); - if (rule && rule->hasCaptureAction()) { + if (rule && rule->hasCapture()) { transaction->m_collections.m_tx_collection->storeOrUpdateFirst( "0", std::string(fingerprint)); ms_dbg_a(transaction, 7, "Added DetectSQLi match TX.0: " + \ diff --git a/src/operators/detect_xss.cc b/src/operators/detect_xss.cc index e62734b9..eb44f5d1 100644 --- a/src/operators/detect_xss.cc +++ b/src/operators/detect_xss.cc @@ -37,7 +37,7 @@ bool DetectXSS::evaluate(Transaction *transaction, if (transaction) { if (is_xss) { ms_dbg_a(transaction, 5, "detected XSS using libinjection."); - if (rule && rule->hasCaptureAction()) { + if (rule && rule->hasCapture()) { transaction->m_collections.m_tx_collection->storeOrUpdateFirst( "0", std::string(input)); ms_dbg_a(transaction, 7, "Added DetectXSS match TX.0: " + \ diff --git a/src/operators/pm.cc b/src/operators/pm.cc index d93e191b..09887834 100644 --- a/src/operators/pm.cc +++ b/src/operators/pm.cc @@ -105,7 +105,7 @@ bool Pm::evaluate(Transaction *transaction, logOffset(ruleMessage, rc - match_.size() + 1, match_.size()); transaction->m_matched.push_back(match_); - if (rule && rule->hasCaptureAction()) { + if (rule && rule->hasCapture()) { transaction->m_collections.m_tx_collection->storeOrUpdateFirst("0", match_); ms_dbg_a(transaction, 7, "Added pm match TX.0: " + \ diff --git a/src/operators/rbl.cc b/src/operators/rbl.cc index 80f7277d..c756051b 100644 --- a/src/operators/rbl.cc +++ b/src/operators/rbl.cc @@ -229,7 +229,7 @@ bool Rbl::evaluate(Transaction *transaction, furtherInfo(sin, str.c_str(), transaction, m_provider); freeaddrinfo(info); - if (rule && transaction && rule->hasCaptureAction()) { + if (rule && transaction && rule->hasCapture()) { transaction->m_collections.m_tx_collection->storeOrUpdateFirst( "0", std::string(str)); ms_dbg_a(transaction, 7, "Added RXL match TX.0: " + \ diff --git a/src/operators/rx.cc b/src/operators/rx.cc index 24fd1c77..5b79d23f 100644 --- a/src/operators/rx.cc +++ b/src/operators/rx.cc @@ -58,7 +58,7 @@ bool Rx::evaluate(Transaction *transaction, std::vector captures; // FIXME: searchOneMatch should accept string_view. re->searchOneMatch(input.c_str(), captures); - if (rule && rule->hasCaptureAction() && transaction) { + if (rule && rule->hasCapture() && transaction) { for (const Utils::SMatchCapture& capture : captures) { const std::string capture_substring(input.substr(capture.m_offset,capture.m_length)); transaction->m_collections.m_tx_collection->storeOrUpdateFirst( diff --git a/src/operators/rx_global.cc b/src/operators/rx_global.cc index a4dec062..a9a6babb 100644 --- a/src/operators/rx_global.cc +++ b/src/operators/rx_global.cc @@ -54,7 +54,7 @@ bool RxGlobal::evaluate(Transaction *transaction, const RuleWithActions *rule, std::vector captures; re->searchGlobal(input.c_str(), captures); - if (rule && rule->hasCaptureAction() && transaction) { + if (rule && rule->hasCapture() && transaction) { for (const Utils::SMatchCapture& capture : captures) { const std::string capture_substring(input.substr(capture.m_offset,capture.m_length)); transaction->m_collections.m_tx_collection->storeOrUpdateFirst( diff --git a/src/operators/verify_cc.cc b/src/operators/verify_cc.cc index b7a0e789..3acab213 100644 --- a/src/operators/verify_cc.cc +++ b/src/operators/verify_cc.cc @@ -145,7 +145,7 @@ bool VerifyCC::evaluate(Transaction *transaction, int is_cc = luhnVerify(match.c_str(), match.size()); if (is_cc) { if (transaction) { - if (rule && rule->hasCaptureAction()) { + if (rule && rule->hasCapture()) { transaction->m_collections.m_tx_collection->storeOrUpdateFirst( "0", std::string(match)); ms_dbg_a(transaction, 7, "Added VerifyCC match TX.0: " + \ diff --git a/src/operators/verify_cpf.cc b/src/operators/verify_cpf.cc index 45310f3b..fe2e51e6 100644 --- a/src/operators/verify_cpf.cc +++ b/src/operators/verify_cpf.cc @@ -128,7 +128,7 @@ bool VerifyCPF::evaluate(Transaction *transaction, is_cpf = verify(m.str().c_str(), m.str().size()); if (is_cpf) { logOffset(ruleMessage, m.offset(), m.str().size()); - if (rule && transaction && rule->hasCaptureAction()) { + if (rule && transaction && rule->hasCapture()) { transaction->m_collections.m_tx_collection->storeOrUpdateFirst( "0", m.str()); ms_dbg_a(transaction, 7, "Added VerifyCPF match TX.0: " + \ diff --git a/src/operators/verify_ssn.cc b/src/operators/verify_ssn.cc index 16c8ec7b..79e35cfa 100644 --- a/src/operators/verify_ssn.cc +++ b/src/operators/verify_ssn.cc @@ -130,7 +130,7 @@ bool VerifySSN::evaluate(Transaction *transaction, is_ssn = verify(j.str().c_str(), j.str().size()); if (is_ssn) { logOffset(ruleMessage, j.offset(), j.str().size()); - if (rule && transaction && rule->hasCaptureAction()) { + if (rule && transaction && rule->hasCapture()) { transaction->m_collections.m_tx_collection->storeOrUpdateFirst( "0", j.str()); ms_dbg_a(transaction, 7, "Added VerifySSN match TX.0: " + \ diff --git a/src/operators/verify_svnr.cc b/src/operators/verify_svnr.cc index 2673afd6..908500cf 100644 --- a/src/operators/verify_svnr.cc +++ b/src/operators/verify_svnr.cc @@ -97,7 +97,7 @@ bool VerifySVNR::evaluate(Transaction *t, is_svnr = verify(j.str().c_str(), j.str().size()); if (is_svnr) { logOffset(ruleMessage, j.offset(), j.str().size()); - if (rule && t && rule->hasCaptureAction()) { + if (rule && t && rule->hasCapture()) { t->m_collections.m_tx_collection->storeOrUpdateFirst( "0", j.str()); ms_dbg_a(t, 7, "Added VerifySVNR match TX.0: " + \ diff --git a/src/parser/driver.cc b/src/parser/driver.cc index 15f6615f..acb7d6b8 100644 --- a/src/parser/driver.cc +++ b/src/parser/driver.cc @@ -109,59 +109,62 @@ int Driver::addSecRule(std::unique_ptr r) { ); firstRule->setLogDataAction(nullptr); } - if (firstRule->hasSeverityAction()) { + if (firstRule->hasSeverity()) { firstRule->getChainedParent()->setSeverity( firstRule->getSeverity() ); } - if (firstRule->hasRevisionAction()) { + if (firstRule->hasRevision()) { firstRule->getChainedParent()->setRevision( firstRule->getRevision() ); } - if (firstRule->hasVersionAction()) { + if (firstRule->hasVersion()) { firstRule->getChainedParent()->setVersion( firstRule->getVersion() ); } - if (firstRule->hasAccuracyAction()) { + if (firstRule->hasAccuracy()) { firstRule->getChainedParent()->setAccuracy( firstRule->getAccuracy() ); } - if (firstRule->hasMaturityAction()) { + if (firstRule->hasMaturity()) { firstRule->getChainedParent()->setMaturity( firstRule->getMaturity() ); } - if (firstRule->hasTagAction()) { + if (firstRule->hasTags()) { firstRule->getChainedParent()->setTags( - firstRule->getTagsAction() + firstRule->getTags() ); - firstRule->cleanTags(); + firstRule->clearTags(); } + /* disruptive can only be set on the first rule if (firstRule->hasDisruptiveAction()) { firstRule->getChainedParent()->setDisruptiveAction( firstRule->getDisruptiveAction() ); firstRule->setDisruptiveAction(nullptr); } - firstRule->getChainedParent()->setHasBlockAction( - firstRule->hasBlockAction() + */ + + firstRule->getChainedParent()->setBlock( + firstRule->hasBlock() ); - firstRule->getChainedParent()->setHasLogAction( - firstRule->hasLogAction() + firstRule->getChainedParent()->setLog( + firstRule->hasLog() ); - firstRule->getChainedParent()->setHasLogAction( - firstRule->hasNoLogAction() + firstRule->getChainedParent()->setNoLog( + firstRule->hasNoLog() ); - firstRule->getChainedParent()->setHasAuditLogAction( - firstRule->hasAuditLogAction() + firstRule->getChainedParent()->setAuditLog( + firstRule->hasAuditLog() ); - firstRule->getChainedParent()->setHasNoAuditLogAction( - firstRule->hasNoAuditLogAction() + firstRule->getChainedParent()->setNoAuditLog( + firstRule->hasNoAuditLog() ); firstRule = firstRule->getChainedParent(); } diff --git a/src/parser/seclang-parser.cc b/src/parser/seclang-parser.cc index 367574ea..024ea6d2 100644 --- a/src/parser/seclang-parser.cc +++ b/src/parser/seclang-parser.cc @@ -2286,7 +2286,7 @@ namespace yy { case 75: // expression: "DIRECTIVE" variables op actions #line 1079 "seclang-parser.yy" { - std::vector *a = new std::vector(); + std::vector> *a = new std::vector>(); std::vector > *t = new std::vector >(); for (auto &i : *yystack_[0].value.as < std::unique_ptr > > > ().get()) { if (dynamic_cast(i.get())) { @@ -2294,7 +2294,7 @@ namespace yy { std::shared_ptr t2 = std::dynamic_pointer_cast(std::move(at)); t->push_back(std::move(t2)); } else { - a->push_back(i.release()); + a->push_back(std::move(i)); } } variables::Variables *v = new variables::Variables(); @@ -2311,7 +2311,7 @@ namespace yy { /* file name */ std::unique_ptr(new std::string(*yystack_[3].location.end.filename)), /* line number */ yystack_[3].location.end.line )); - + // TODO: filename should be a shared_ptr. if (driver.addSecRule(std::move(rule)) == false) { YYERROR; } @@ -2345,7 +2345,7 @@ namespace yy { case 77: // expression: "CONFIG_DIR_SEC_ACTION" actions #line 1130 "seclang-parser.yy" { - std::vector *a = new std::vector(); + std::vector> *a = new std::vector>(); std::vector > *t = new std::vector >(); for (auto &i : *yystack_[0].value.as < std::unique_ptr > > > ().get()) { if (dynamic_cast(i.get())) { @@ -2353,7 +2353,7 @@ namespace yy { std::shared_ptr t2 = std::dynamic_pointer_cast(std::move(at)); t->push_back(std::move(t2)); } else { - a->push_back(i.release()); + a->push_back(std::move(i)); } } std::unique_ptr rule(new RuleUnconditional( @@ -2371,7 +2371,7 @@ namespace yy { #line 1151 "seclang-parser.yy" { std::string err; - std::vector *a = new std::vector(); + std::vector> *a = new std::vector>(); std::vector > *t = new std::vector >(); for (auto &i : *yystack_[0].value.as < std::unique_ptr > > > ().get()) { if (dynamic_cast(i.get())) { @@ -2379,7 +2379,7 @@ namespace yy { std::shared_ptr t2 = std::dynamic_pointer_cast(std::move(at)); t->push_back(std::move(t2)); } else { - a->push_back(i.release()); + a->push_back(std::move(i)); } } std::unique_ptr r(new RuleScript( @@ -2405,25 +2405,25 @@ namespace yy { #line 1181 "seclang-parser.yy" { bool hasDisruptive = false; - std::vector *actions = new std::vector(); + std::vector> *actions = new std::vector>(); for (auto &i : *yystack_[0].value.as < std::unique_ptr > > > ().get()) { - actions->push_back(i.release()); + actions->push_back(std::move(i)); } - std::vector checkedActions; + std::vector> checkedActions; int definedPhase = -1; int secRuleDefinedPhase = -1; - for (actions::Action *a : *actions) { - actions::Phase *phase = dynamic_cast(a); - if (dynamic_cast(a) != NULL - && dynamic_cast(a) == NULL) { + for (auto &a : *actions) { + actions::Phase *phase = dynamic_cast(a.get()); + if (dynamic_cast(a.get()) != NULL + && dynamic_cast(a.get()) == NULL) { hasDisruptive = true; } if (phase != NULL) { definedPhase = phase->getPhase(); secRuleDefinedPhase = phase->getSecRulePhase(); delete phase; - } else if (dynamic_cast(a) - && !dynamic_cast(a)) { + } else if (dynamic_cast(a.get()) + && !dynamic_cast(a.get())) { checkedActions.push_back(a); } else { driver.error(yystack_[2].location, "The action '" + *a->getName() + "' is not suitable to be part of the SecDefaultActions"); @@ -2433,12 +2433,10 @@ namespace yy { if (definedPhase == -1) { definedPhase = modsecurity::Phases::RequestHeadersPhase; } - if (hasDisruptive == false) { driver.error(yystack_[2].location, "SecDefaultAction must specify a disruptive action."); YYERROR; } - if (!driver.m_rulesSetPhases[definedPhase]->m_defaultActions.empty()) { std::stringstream ss; ss << "SecDefaultActions can only be placed once per phase and configuration context. Phase "; @@ -2447,91 +2445,88 @@ namespace yy { driver.error(yystack_[2].location, ss.str()); YYERROR; } - - for (actions::Action *a : checkedActions) { - if (dynamic_cast(a)) { + for (auto &a : checkedActions) { + if (dynamic_cast(a.get())) { driver.m_rulesSetPhases[definedPhase]->m_defaultTransformations.push_back( - std::shared_ptr( - dynamic_cast(a))); + std::dynamic_pointer_cast(a)); } else { - driver.m_rulesSetPhases[definedPhase]->m_defaultActions.push_back(std::unique_ptr(a)); + driver.m_rulesSetPhases[definedPhase]->m_defaultActions.push_back(a); } } - - delete actions; + //delete actions; } -#line 2464 "seclang-parser.cc" +#line 2459 "seclang-parser.cc" break; case 80: // expression: "CONFIG_DIR_SEC_MARKER" -#line 1239 "seclang-parser.yy" +#line 1234 "seclang-parser.yy" { driver.addSecMarker(modsecurity::utils::string::removeBracketsIfNeeded(yystack_[0].value.as < std::string > ()), /* file name */ std::unique_ptr(new std::string(*yystack_[0].location.end.filename)), /* line number */ yystack_[0].location.end.line ); } -#line 2475 "seclang-parser.cc" +#line 2470 "seclang-parser.cc" break; case 81: // expression: "CONFIG_DIR_RULE_ENG" "CONFIG_VALUE_OFF" -#line 1246 "seclang-parser.yy" +#line 1241 "seclang-parser.yy" { driver.m_secRuleEngine = modsecurity::RulesSet::DisabledRuleEngine; } -#line 2483 "seclang-parser.cc" +#line 2478 "seclang-parser.cc" break; case 82: // expression: "CONFIG_DIR_RULE_ENG" "CONFIG_VALUE_ON" -#line 1250 "seclang-parser.yy" +#line 1245 "seclang-parser.yy" { driver.m_secRuleEngine = modsecurity::RulesSet::EnabledRuleEngine; } -#line 2491 "seclang-parser.cc" +#line 2486 "seclang-parser.cc" break; case 83: // expression: "CONFIG_DIR_RULE_ENG" "CONFIG_VALUE_DETC" -#line 1254 "seclang-parser.yy" +#line 1249 "seclang-parser.yy" { driver.m_secRuleEngine = modsecurity::RulesSet::DetectionOnlyRuleEngine; } -#line 2499 "seclang-parser.cc" +#line 2494 "seclang-parser.cc" break; case 84: // expression: "CONFIG_DIR_REQ_BODY" "CONFIG_VALUE_ON" -#line 1258 "seclang-parser.yy" +#line 1253 "seclang-parser.yy" { driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean; } -#line 2507 "seclang-parser.cc" +#line 2502 "seclang-parser.cc" break; case 85: // expression: "CONFIG_DIR_REQ_BODY" "CONFIG_VALUE_OFF" -#line 1262 "seclang-parser.yy" +#line 1257 "seclang-parser.yy" { driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::FalseConfigBoolean; } -#line 2515 "seclang-parser.cc" +#line 2510 "seclang-parser.cc" break; case 86: // expression: "CONFIG_DIR_RES_BODY" "CONFIG_VALUE_ON" -#line 1266 "seclang-parser.yy" +#line 1261 "seclang-parser.yy" { driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean; } -#line 2523 "seclang-parser.cc" +#line 2518 "seclang-parser.cc" break; case 87: // expression: "CONFIG_DIR_RES_BODY" "CONFIG_VALUE_OFF" -#line 1270 "seclang-parser.yy" +#line 1265 "seclang-parser.yy" { driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::FalseConfigBoolean; } -#line 2531 "seclang-parser.cc" +#line 2526 "seclang-parser.cc" break; case 88: // expression: "CONFIG_SEC_ARGUMENT_SEPARATOR" -#line 1274 "seclang-parser.yy" +#line 1269 "seclang-parser.yy" { if (yystack_[0].value.as < std::string > ().length() != 1) { driver.error(yystack_[1].location, "Argument separator should be set to a single character."); @@ -2540,259 +2535,259 @@ namespace yy { driver.m_secArgumentSeparator.m_value = yystack_[0].value.as < std::string > (); driver.m_secArgumentSeparator.m_set = true; } -#line 2544 "seclang-parser.cc" +#line 2539 "seclang-parser.cc" break; case 89: // expression: "CONFIG_COMPONENT_SIG" -#line 1283 "seclang-parser.yy" +#line 1278 "seclang-parser.yy" { driver.m_components.push_back(yystack_[0].value.as < std::string > ()); } -#line 2552 "seclang-parser.cc" +#line 2547 "seclang-parser.cc" break; case 90: // expression: "CONFIG_CONN_ENGINE" "CONFIG_VALUE_ON" -#line 1287 "seclang-parser.yy" +#line 1282 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecConnEngine is not yet supported."); YYERROR; } -#line 2561 "seclang-parser.cc" +#line 2556 "seclang-parser.cc" break; case 91: // expression: "CONFIG_CONN_ENGINE" "CONFIG_VALUE_OFF" -#line 1292 "seclang-parser.yy" +#line 1287 "seclang-parser.yy" { } -#line 2568 "seclang-parser.cc" +#line 2563 "seclang-parser.cc" break; case 92: // expression: "CONFIG_SEC_WEB_APP_ID" -#line 1295 "seclang-parser.yy" +#line 1290 "seclang-parser.yy" { driver.m_secWebAppId.m_value = yystack_[0].value.as < std::string > (); driver.m_secWebAppId.m_set = true; } -#line 2577 "seclang-parser.cc" +#line 2572 "seclang-parser.cc" break; case 93: // expression: "CONFIG_SEC_SERVER_SIG" -#line 1300 "seclang-parser.yy" +#line 1295 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecServerSignature is not supported."); YYERROR; } -#line 2586 "seclang-parser.cc" +#line 2581 "seclang-parser.cc" break; case 94: // expression: "CONFIG_SEC_CACHE_TRANSFORMATIONS" -#line 1305 "seclang-parser.yy" +#line 1300 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecCacheTransformations is not supported."); YYERROR; } -#line 2595 "seclang-parser.cc" +#line 2590 "seclang-parser.cc" break; case 95: // expression: "CONFIG_SEC_DISABLE_BACKEND_COMPRESS" "CONFIG_VALUE_ON" -#line 1310 "seclang-parser.yy" +#line 1305 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecDisableBackendCompression is not supported."); YYERROR; } -#line 2604 "seclang-parser.cc" +#line 2599 "seclang-parser.cc" break; case 96: // expression: "CONFIG_SEC_DISABLE_BACKEND_COMPRESS" "CONFIG_VALUE_OFF" -#line 1315 "seclang-parser.yy" +#line 1310 "seclang-parser.yy" { } -#line 2611 "seclang-parser.cc" +#line 2606 "seclang-parser.cc" break; case 97: // expression: "CONFIG_CONTENT_INJECTION" "CONFIG_VALUE_ON" -#line 1318 "seclang-parser.yy" +#line 1313 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecContentInjection is not yet supported."); YYERROR; } -#line 2620 "seclang-parser.cc" +#line 2615 "seclang-parser.cc" break; case 98: // expression: "CONFIG_CONTENT_INJECTION" "CONFIG_VALUE_OFF" -#line 1323 "seclang-parser.yy" +#line 1318 "seclang-parser.yy" { } -#line 2627 "seclang-parser.cc" +#line 2622 "seclang-parser.cc" break; case 99: // expression: "CONFIG_SEC_CHROOT_DIR" -#line 1326 "seclang-parser.yy" +#line 1321 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecChrootDir is not supported."); YYERROR; } -#line 2636 "seclang-parser.cc" +#line 2631 "seclang-parser.cc" break; case 100: // expression: "CONFIG_SEC_HASH_ENGINE" "CONFIG_VALUE_ON" -#line 1331 "seclang-parser.yy" +#line 1326 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecHashEngine is not yet supported."); YYERROR; } -#line 2645 "seclang-parser.cc" +#line 2640 "seclang-parser.cc" break; case 101: // expression: "CONFIG_SEC_HASH_ENGINE" "CONFIG_VALUE_OFF" -#line 1336 "seclang-parser.yy" +#line 1331 "seclang-parser.yy" { } -#line 2652 "seclang-parser.cc" +#line 2647 "seclang-parser.cc" break; case 102: // expression: "CONFIG_SEC_HASH_KEY" -#line 1339 "seclang-parser.yy" +#line 1334 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecHashKey is not yet supported."); YYERROR; } -#line 2661 "seclang-parser.cc" +#line 2656 "seclang-parser.cc" break; case 103: // expression: "CONFIG_SEC_HASH_PARAM" -#line 1344 "seclang-parser.yy" +#line 1339 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecHashParam is not yet supported."); YYERROR; } -#line 2670 "seclang-parser.cc" +#line 2665 "seclang-parser.cc" break; case 104: // expression: "CONFIG_SEC_HASH_METHOD_RX" -#line 1349 "seclang-parser.yy" +#line 1344 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecHashMethodRx is not yet supported."); YYERROR; } -#line 2679 "seclang-parser.cc" +#line 2674 "seclang-parser.cc" break; case 105: // expression: "CONFIG_SEC_HASH_METHOD_PM" -#line 1354 "seclang-parser.yy" +#line 1349 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecHashMethodPm is not yet supported."); YYERROR; } -#line 2688 "seclang-parser.cc" +#line 2683 "seclang-parser.cc" break; case 106: // expression: "CONFIG_DIR_GSB_DB" -#line 1359 "seclang-parser.yy" +#line 1354 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecGsbLookupDb is not supported."); YYERROR; } -#line 2697 "seclang-parser.cc" +#line 2692 "seclang-parser.cc" break; case 107: // expression: "CONFIG_SEC_GUARDIAN_LOG" -#line 1364 "seclang-parser.yy" +#line 1359 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecGuardianLog is not supported."); YYERROR; } -#line 2706 "seclang-parser.cc" +#line 2701 "seclang-parser.cc" break; case 108: // expression: "CONFIG_SEC_INTERCEPT_ON_ERROR" "CONFIG_VALUE_ON" -#line 1369 "seclang-parser.yy" +#line 1364 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecInterceptOnError is not yet supported."); YYERROR; } -#line 2715 "seclang-parser.cc" +#line 2710 "seclang-parser.cc" break; case 109: // expression: "CONFIG_SEC_INTERCEPT_ON_ERROR" "CONFIG_VALUE_OFF" -#line 1374 "seclang-parser.yy" +#line 1369 "seclang-parser.yy" { } -#line 2722 "seclang-parser.cc" +#line 2717 "seclang-parser.cc" break; case 110: // expression: "CONFIG_SEC_CONN_R_STATE_LIMIT" -#line 1377 "seclang-parser.yy" +#line 1372 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecConnReadStateLimit is not yet supported."); YYERROR; } -#line 2731 "seclang-parser.cc" +#line 2726 "seclang-parser.cc" break; case 111: // expression: "CONFIG_SEC_CONN_W_STATE_LIMIT" -#line 1382 "seclang-parser.yy" +#line 1377 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecConnWriteStateLimit is not yet supported."); YYERROR; } -#line 2740 "seclang-parser.cc" +#line 2735 "seclang-parser.cc" break; case 112: // expression: "CONFIG_SEC_SENSOR_ID" -#line 1387 "seclang-parser.yy" +#line 1382 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecSensorId is not yet supported."); YYERROR; } -#line 2749 "seclang-parser.cc" +#line 2744 "seclang-parser.cc" break; case 113: // expression: "CONFIG_SEC_RULE_INHERITANCE" "CONFIG_VALUE_ON" -#line 1392 "seclang-parser.yy" +#line 1387 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecRuleInheritance is not yet supported."); YYERROR; } -#line 2758 "seclang-parser.cc" +#line 2753 "seclang-parser.cc" break; case 114: // expression: "CONFIG_SEC_RULE_INHERITANCE" "CONFIG_VALUE_OFF" -#line 1397 "seclang-parser.yy" +#line 1392 "seclang-parser.yy" { } -#line 2765 "seclang-parser.cc" +#line 2760 "seclang-parser.cc" break; case 115: // expression: "CONFIG_SEC_RULE_PERF_TIME" -#line 1400 "seclang-parser.yy" +#line 1395 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecRulePerfTime is not yet supported."); YYERROR; } -#line 2774 "seclang-parser.cc" +#line 2769 "seclang-parser.cc" break; case 116: // expression: "CONFIG_SEC_STREAM_IN_BODY_INSPECTION" -#line 1405 "seclang-parser.yy" +#line 1400 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecStreamInBodyInspection is not supported."); YYERROR; } -#line 2783 "seclang-parser.cc" +#line 2778 "seclang-parser.cc" break; case 117: // expression: "CONFIG_SEC_STREAM_OUT_BODY_INSPECTION" -#line 1410 "seclang-parser.yy" +#line 1405 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecStreamOutBodyInspection is not supported."); YYERROR; } -#line 2792 "seclang-parser.cc" +#line 2787 "seclang-parser.cc" break; case 118: // expression: "CONFIG_SEC_RULE_REMOVE_BY_ID" -#line 1415 "seclang-parser.yy" +#line 1410 "seclang-parser.yy" { std::string error; if (driver.m_exceptions.load(yystack_[0].value.as < std::string > (), &error) == false) { @@ -2805,11 +2800,11 @@ namespace yy { YYERROR; } } -#line 2809 "seclang-parser.cc" +#line 2804 "seclang-parser.cc" break; case 119: // expression: "CONFIG_SEC_RULE_REMOVE_BY_TAG" -#line 1428 "seclang-parser.yy" +#line 1423 "seclang-parser.yy" { std::string error; if (driver.m_exceptions.loadRemoveRuleByTag(yystack_[0].value.as < std::string > (), &error) == false) { @@ -2822,11 +2817,11 @@ namespace yy { YYERROR; } } -#line 2826 "seclang-parser.cc" +#line 2821 "seclang-parser.cc" break; case 120: // expression: "CONFIG_SEC_RULE_REMOVE_BY_MSG" -#line 1441 "seclang-parser.yy" +#line 1436 "seclang-parser.yy" { std::string error; if (driver.m_exceptions.loadRemoveRuleByMsg(yystack_[0].value.as < std::string > (), &error) == false) { @@ -2839,11 +2834,11 @@ namespace yy { YYERROR; } } -#line 2843 "seclang-parser.cc" +#line 2838 "seclang-parser.cc" break; case 121: // expression: "CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG" variables_pre_process -#line 1454 "seclang-parser.yy" +#line 1449 "seclang-parser.yy" { std::string error; if (driver.m_exceptions.loadUpdateTargetByTag(yystack_[1].value.as < std::string > (), std::move(yystack_[0].value.as < std::unique_ptr > > > ()), &error) == false) { @@ -2856,11 +2851,11 @@ namespace yy { YYERROR; } } -#line 2860 "seclang-parser.cc" +#line 2855 "seclang-parser.cc" break; case 122: // expression: "CONFIG_SEC_RULE_UPDATE_TARGET_BY_MSG" variables_pre_process -#line 1467 "seclang-parser.yy" +#line 1462 "seclang-parser.yy" { std::string error; if (driver.m_exceptions.loadUpdateTargetByMsg(yystack_[1].value.as < std::string > (), std::move(yystack_[0].value.as < std::unique_ptr > > > ()), &error) == false) { @@ -2873,11 +2868,11 @@ namespace yy { YYERROR; } } -#line 2877 "seclang-parser.cc" +#line 2872 "seclang-parser.cc" break; case 123: // expression: "CONFIG_SEC_RULE_UPDATE_TARGET_BY_ID" variables_pre_process -#line 1480 "seclang-parser.yy" +#line 1475 "seclang-parser.yy" { std::string error; std::istringstream iss(yystack_[1].value.as < std::string > ()); @@ -2903,11 +2898,11 @@ namespace yy { YYERROR; } } -#line 2907 "seclang-parser.cc" +#line 2902 "seclang-parser.cc" break; case 124: // expression: "CONFIG_SEC_RULE_UPDATE_ACTION_BY_ID" actions -#line 1506 "seclang-parser.yy" +#line 1501 "seclang-parser.yy" { std::string error; std::istringstream iss(yystack_[1].value.as < std::string > ()); @@ -2934,11 +2929,11 @@ namespace yy { YYERROR; } } -#line 2938 "seclang-parser.cc" +#line 2933 "seclang-parser.cc" break; case 125: // expression: "CONFIG_DIR_DEBUG_LVL" -#line 1534 "seclang-parser.yy" +#line 1529 "seclang-parser.yy" { if (driver.m_debugLog != NULL) { driver.m_debugLog->setDebugLogLevel(atoi(yystack_[0].value.as < std::string > ().c_str())); @@ -2950,11 +2945,11 @@ namespace yy { YYERROR; } } -#line 2954 "seclang-parser.cc" +#line 2949 "seclang-parser.cc" break; case 126: // expression: "CONFIG_DIR_DEBUG_LOG" -#line 1546 "seclang-parser.yy" +#line 1541 "seclang-parser.yy" { if (driver.m_debugLog != NULL) { std::string error; @@ -2973,11 +2968,11 @@ namespace yy { YYERROR; } } -#line 2977 "seclang-parser.cc" +#line 2972 "seclang-parser.cc" break; case 127: // expression: "CONFIG_DIR_GEO_DB" -#line 1566 "seclang-parser.yy" +#line 1561 "seclang-parser.yy" { #if defined(WITH_GEOIP) or defined(WITH_MAXMIND) std::string err; @@ -3004,38 +2999,38 @@ namespace yy { YYERROR; #endif // WITH_GEOIP } -#line 3008 "seclang-parser.cc" +#line 3003 "seclang-parser.cc" break; case 128: // expression: "CONFIG_DIR_ARGS_LIMIT" -#line 1593 "seclang-parser.yy" +#line 1588 "seclang-parser.yy" { driver.m_argumentsLimit.m_set = true; driver.m_argumentsLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str()); } -#line 3017 "seclang-parser.cc" +#line 3012 "seclang-parser.cc" break; case 129: // expression: "CONFIG_DIR_REQ_BODY_LIMIT" -#line 1599 "seclang-parser.yy" +#line 1594 "seclang-parser.yy" { driver.m_requestBodyLimit.m_set = true; driver.m_requestBodyLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str()); } -#line 3026 "seclang-parser.cc" +#line 3021 "seclang-parser.cc" break; case 130: // expression: "CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT" -#line 1604 "seclang-parser.yy" +#line 1599 "seclang-parser.yy" { driver.m_requestBodyNoFilesLimit.m_set = true; driver.m_requestBodyNoFilesLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str()); } -#line 3035 "seclang-parser.cc" +#line 3030 "seclang-parser.cc" break; case 131: // expression: "CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT" -#line 1609 "seclang-parser.yy" +#line 1604 "seclang-parser.yy" { std::stringstream ss; ss << "As of ModSecurity version 3.0, SecRequestBodyInMemoryLimit is no longer "; @@ -3044,68 +3039,68 @@ namespace yy { driver.error(yystack_[1].location, ss.str()); YYERROR; } -#line 3048 "seclang-parser.cc" +#line 3043 "seclang-parser.cc" break; case 132: // expression: "CONFIG_DIR_RES_BODY_LIMIT" -#line 1618 "seclang-parser.yy" +#line 1613 "seclang-parser.yy" { driver.m_responseBodyLimit.m_set = true; driver.m_responseBodyLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str()); } -#line 3057 "seclang-parser.cc" +#line 3052 "seclang-parser.cc" break; case 133: // expression: "CONFIG_DIR_REQ_BODY_LIMIT_ACTION" "CONFIG_VALUE_PROCESS_PARTIAL" -#line 1623 "seclang-parser.yy" +#line 1618 "seclang-parser.yy" { driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction; } -#line 3065 "seclang-parser.cc" +#line 3060 "seclang-parser.cc" break; case 134: // expression: "CONFIG_DIR_REQ_BODY_LIMIT_ACTION" "CONFIG_VALUE_REJECT" -#line 1627 "seclang-parser.yy" +#line 1622 "seclang-parser.yy" { driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction; } -#line 3073 "seclang-parser.cc" +#line 3068 "seclang-parser.cc" break; case 135: // expression: "CONFIG_DIR_RES_BODY_LIMIT_ACTION" "CONFIG_VALUE_PROCESS_PARTIAL" -#line 1631 "seclang-parser.yy" +#line 1626 "seclang-parser.yy" { driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction; } -#line 3081 "seclang-parser.cc" +#line 3076 "seclang-parser.cc" break; case 136: // expression: "CONFIG_DIR_RES_BODY_LIMIT_ACTION" "CONFIG_VALUE_REJECT" -#line 1635 "seclang-parser.yy" +#line 1630 "seclang-parser.yy" { driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction; } -#line 3089 "seclang-parser.cc" +#line 3084 "seclang-parser.cc" break; case 137: // expression: "CONFIG_SEC_REMOTE_RULES_FAIL_ACTION" "CONFIG_VALUE_ABORT" -#line 1639 "seclang-parser.yy" +#line 1634 "seclang-parser.yy" { driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction; } -#line 3097 "seclang-parser.cc" +#line 3092 "seclang-parser.cc" break; case 138: // expression: "CONFIG_SEC_REMOTE_RULES_FAIL_ACTION" "CONFIG_VALUE_WARN" -#line 1643 "seclang-parser.yy" +#line 1638 "seclang-parser.yy" { driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction; } -#line 3105 "seclang-parser.cc" +#line 3100 "seclang-parser.cc" break; case 141: // expression: "CONGIG_DIR_RESPONSE_BODY_MP" -#line 1657 "seclang-parser.yy" +#line 1652 "seclang-parser.yy" { std::istringstream buf(yystack_[0].value.as < std::string > ()); std::istream_iterator beg(buf), end; @@ -3117,37 +3112,37 @@ namespace yy { driver.m_responseBodyTypeToBeInspected.m_value.insert(*it); } } -#line 3121 "seclang-parser.cc" +#line 3116 "seclang-parser.cc" break; case 142: // expression: "CONGIG_DIR_RESPONSE_BODY_MP_CLEAR" -#line 1669 "seclang-parser.yy" +#line 1664 "seclang-parser.yy" { driver.m_responseBodyTypeToBeInspected.m_set = true; driver.m_responseBodyTypeToBeInspected.m_clear = true; driver.m_responseBodyTypeToBeInspected.m_value.clear(); } -#line 3131 "seclang-parser.cc" +#line 3126 "seclang-parser.cc" break; case 143: // expression: "CONFIG_XML_EXTERNAL_ENTITY" "CONFIG_VALUE_OFF" -#line 1675 "seclang-parser.yy" +#line 1670 "seclang-parser.yy" { driver.m_secXMLExternalEntity = modsecurity::RulesSetProperties::FalseConfigBoolean; } -#line 3139 "seclang-parser.cc" +#line 3134 "seclang-parser.cc" break; case 144: // expression: "CONFIG_XML_EXTERNAL_ENTITY" "CONFIG_VALUE_ON" -#line 1679 "seclang-parser.yy" +#line 1674 "seclang-parser.yy" { driver.m_secXMLExternalEntity = modsecurity::RulesSetProperties::TrueConfigBoolean; } -#line 3147 "seclang-parser.cc" +#line 3142 "seclang-parser.cc" break; case 145: // expression: "CONGIG_DIR_SEC_TMP_DIR" -#line 1683 "seclang-parser.yy" +#line 1678 "seclang-parser.yy" { /* Parser error disabled to avoid breaking default installations with modsecurity.conf-recommended std::stringstream ss; @@ -3158,31 +3153,31 @@ namespace yy { YYERROR; */ } -#line 3162 "seclang-parser.cc" +#line 3157 "seclang-parser.cc" break; case 148: // expression: "CONGIG_DIR_SEC_COOKIE_FORMAT" -#line 1704 "seclang-parser.yy" +#line 1699 "seclang-parser.yy" { if (atoi(yystack_[0].value.as < std::string > ().c_str()) == 1) { driver.error(yystack_[1].location, "SecCookieFormat 1 is not yet supported."); YYERROR; } } -#line 3173 "seclang-parser.cc" +#line 3168 "seclang-parser.cc" break; case 149: // expression: "CONFIG_SEC_COOKIEV0_SEPARATOR" -#line 1711 "seclang-parser.yy" +#line 1706 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecCookieV0Separator is not yet supported."); YYERROR; } -#line 3182 "seclang-parser.cc" +#line 3177 "seclang-parser.cc" break; case 151: // expression: "CONFIG_DIR_UNICODE_MAP_FILE" -#line 1721 "seclang-parser.yy" +#line 1716 "seclang-parser.yy" { std::string error; std::vector param; @@ -3236,31 +3231,31 @@ namespace yy { } } -#line 3240 "seclang-parser.cc" +#line 3235 "seclang-parser.cc" break; case 152: // expression: "CONFIG_SEC_COLLECTION_TIMEOUT" -#line 1775 "seclang-parser.yy" +#line 1770 "seclang-parser.yy" { /* Parser error disabled to avoid breaking default CRS installations with crs-setup.conf-recommended driver.error(@0, "SecCollectionTimeout is not yet supported."); YYERROR; */ } -#line 3251 "seclang-parser.cc" +#line 3246 "seclang-parser.cc" break; case 153: // expression: "CONFIG_SEC_HTTP_BLKEY" -#line 1782 "seclang-parser.yy" +#line 1777 "seclang-parser.yy" { driver.m_httpblKey.m_set = true; driver.m_httpblKey.m_value = yystack_[0].value.as < std::string > (); } -#line 3260 "seclang-parser.cc" +#line 3255 "seclang-parser.cc" break; case 154: // variables: variables_pre_process -#line 1790 "seclang-parser.yy" +#line 1785 "seclang-parser.yy" { std::unique_ptr > > originalList = std::move(yystack_[0].value.as < std::unique_ptr > > > ()); std::unique_ptr>> newList(new std::vector>()); @@ -3294,2370 +3289,2370 @@ namespace yy { } yylhs.value.as < std::unique_ptr > > > () = std::move(newNewList); } -#line 3298 "seclang-parser.cc" +#line 3293 "seclang-parser.cc" break; case 155: // variables_pre_process: variables_may_be_quoted -#line 1827 "seclang-parser.yy" +#line 1822 "seclang-parser.yy" { yylhs.value.as < std::unique_ptr > > > () = std::move(yystack_[0].value.as < std::unique_ptr > > > ()); } -#line 3306 "seclang-parser.cc" +#line 3301 "seclang-parser.cc" break; case 156: // variables_pre_process: "QUOTATION_MARK" variables_may_be_quoted "QUOTATION_MARK" -#line 1831 "seclang-parser.yy" +#line 1826 "seclang-parser.yy" { yylhs.value.as < std::unique_ptr > > > () = std::move(yystack_[1].value.as < std::unique_ptr > > > ()); } -#line 3314 "seclang-parser.cc" +#line 3309 "seclang-parser.cc" break; case 157: // variables_may_be_quoted: variables_may_be_quoted PIPE var -#line 1838 "seclang-parser.yy" +#line 1833 "seclang-parser.yy" { yystack_[2].value.as < std::unique_ptr > > > ()->push_back(std::move(yystack_[0].value.as < std::unique_ptr > ())); yylhs.value.as < std::unique_ptr > > > () = std::move(yystack_[2].value.as < std::unique_ptr > > > ()); } -#line 3323 "seclang-parser.cc" +#line 3318 "seclang-parser.cc" break; case 158: // variables_may_be_quoted: variables_may_be_quoted PIPE VAR_EXCLUSION var -#line 1843 "seclang-parser.yy" +#line 1838 "seclang-parser.yy" { std::unique_ptr c(new VariableModificatorExclusion(std::move(yystack_[0].value.as < std::unique_ptr > ()))); yystack_[3].value.as < std::unique_ptr > > > ()->push_back(std::move(c)); yylhs.value.as < std::unique_ptr > > > () = std::move(yystack_[3].value.as < std::unique_ptr > > > ()); } -#line 3333 "seclang-parser.cc" +#line 3328 "seclang-parser.cc" break; case 159: // variables_may_be_quoted: variables_may_be_quoted PIPE VAR_COUNT var -#line 1849 "seclang-parser.yy" +#line 1844 "seclang-parser.yy" { std::unique_ptr c(new VariableModificatorCount(std::move(yystack_[0].value.as < std::unique_ptr > ()))); yystack_[3].value.as < std::unique_ptr > > > ()->push_back(std::move(c)); yylhs.value.as < std::unique_ptr > > > () = std::move(yystack_[3].value.as < std::unique_ptr > > > ()); } -#line 3343 "seclang-parser.cc" +#line 3338 "seclang-parser.cc" break; case 160: // variables_may_be_quoted: var -#line 1855 "seclang-parser.yy" +#line 1850 "seclang-parser.yy" { std::unique_ptr>> b(new std::vector>()); b->push_back(std::move(yystack_[0].value.as < std::unique_ptr > ())); yylhs.value.as < std::unique_ptr > > > () = std::move(b); } -#line 3353 "seclang-parser.cc" +#line 3348 "seclang-parser.cc" break; case 161: // variables_may_be_quoted: VAR_EXCLUSION var -#line 1861 "seclang-parser.yy" +#line 1856 "seclang-parser.yy" { std::unique_ptr>> b(new std::vector>()); std::unique_ptr c(new VariableModificatorExclusion(std::move(yystack_[0].value.as < std::unique_ptr > ()))); b->push_back(std::move(c)); yylhs.value.as < std::unique_ptr > > > () = std::move(b); } -#line 3364 "seclang-parser.cc" +#line 3359 "seclang-parser.cc" break; case 162: // variables_may_be_quoted: VAR_COUNT var -#line 1868 "seclang-parser.yy" +#line 1863 "seclang-parser.yy" { std::unique_ptr>> b(new std::vector>()); std::unique_ptr c(new VariableModificatorCount(std::move(yystack_[0].value.as < std::unique_ptr > ()))); b->push_back(std::move(c)); yylhs.value.as < std::unique_ptr > > > () = std::move(b); } -#line 3375 "seclang-parser.cc" +#line 3370 "seclang-parser.cc" break; case 163: // var: VARIABLE_ARGS "Dictionary element" -#line 1878 "seclang-parser.yy" +#line 1873 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Args_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3383 "seclang-parser.cc" +#line 3378 "seclang-parser.cc" break; case 164: // var: VARIABLE_ARGS "Dictionary element, selected by regexp" -#line 1882 "seclang-parser.yy" +#line 1877 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Args_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3391 "seclang-parser.cc" +#line 3386 "seclang-parser.cc" break; case 165: // var: VARIABLE_ARGS -#line 1886 "seclang-parser.yy" +#line 1881 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Args_NoDictElement()); } -#line 3399 "seclang-parser.cc" +#line 3394 "seclang-parser.cc" break; case 166: // var: VARIABLE_ARGS_POST "Dictionary element" -#line 1890 "seclang-parser.yy" +#line 1885 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPost_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3407 "seclang-parser.cc" +#line 3402 "seclang-parser.cc" break; case 167: // var: VARIABLE_ARGS_POST "Dictionary element, selected by regexp" -#line 1894 "seclang-parser.yy" +#line 1889 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPost_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3415 "seclang-parser.cc" +#line 3410 "seclang-parser.cc" break; case 168: // var: VARIABLE_ARGS_POST -#line 1898 "seclang-parser.yy" +#line 1893 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPost_NoDictElement()); } -#line 3423 "seclang-parser.cc" +#line 3418 "seclang-parser.cc" break; case 169: // var: VARIABLE_ARGS_GET "Dictionary element" -#line 1902 "seclang-parser.yy" +#line 1897 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGet_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3431 "seclang-parser.cc" +#line 3426 "seclang-parser.cc" break; case 170: // var: VARIABLE_ARGS_GET "Dictionary element, selected by regexp" -#line 1906 "seclang-parser.yy" +#line 1901 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGet_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3439 "seclang-parser.cc" +#line 3434 "seclang-parser.cc" break; case 171: // var: VARIABLE_ARGS_GET -#line 1910 "seclang-parser.yy" +#line 1905 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGet_NoDictElement()); } -#line 3447 "seclang-parser.cc" +#line 3442 "seclang-parser.cc" break; case 172: // var: VARIABLE_FILES_SIZES "Dictionary element" -#line 1914 "seclang-parser.yy" +#line 1909 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesSizes_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3455 "seclang-parser.cc" +#line 3450 "seclang-parser.cc" break; case 173: // var: VARIABLE_FILES_SIZES "Dictionary element, selected by regexp" -#line 1918 "seclang-parser.yy" +#line 1913 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesSizes_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3463 "seclang-parser.cc" +#line 3458 "seclang-parser.cc" break; case 174: // var: VARIABLE_FILES_SIZES -#line 1922 "seclang-parser.yy" +#line 1917 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesSizes_NoDictElement()); } -#line 3471 "seclang-parser.cc" +#line 3466 "seclang-parser.cc" break; case 175: // var: VARIABLE_FILES_NAMES "Dictionary element" -#line 1926 "seclang-parser.yy" +#line 1921 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3479 "seclang-parser.cc" +#line 3474 "seclang-parser.cc" break; case 176: // var: VARIABLE_FILES_NAMES "Dictionary element, selected by regexp" -#line 1930 "seclang-parser.yy" +#line 1925 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3487 "seclang-parser.cc" +#line 3482 "seclang-parser.cc" break; case 177: // var: VARIABLE_FILES_NAMES -#line 1934 "seclang-parser.yy" +#line 1929 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesNames_NoDictElement()); } -#line 3495 "seclang-parser.cc" +#line 3490 "seclang-parser.cc" break; case 178: // var: VARIABLE_FILES_TMP_CONTENT "Dictionary element" -#line 1938 "seclang-parser.yy" +#line 1933 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpContent_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3503 "seclang-parser.cc" +#line 3498 "seclang-parser.cc" break; case 179: // var: VARIABLE_FILES_TMP_CONTENT "Dictionary element, selected by regexp" -#line 1942 "seclang-parser.yy" +#line 1937 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpContent_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3511 "seclang-parser.cc" +#line 3506 "seclang-parser.cc" break; case 180: // var: VARIABLE_FILES_TMP_CONTENT -#line 1946 "seclang-parser.yy" +#line 1941 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpContent_NoDictElement()); } -#line 3519 "seclang-parser.cc" +#line 3514 "seclang-parser.cc" break; case 181: // var: VARIABLE_MULTIPART_FILENAME "Dictionary element" -#line 1950 "seclang-parser.yy" +#line 1945 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartFileName_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3527 "seclang-parser.cc" +#line 3522 "seclang-parser.cc" break; case 182: // var: VARIABLE_MULTIPART_FILENAME "Dictionary element, selected by regexp" -#line 1954 "seclang-parser.yy" +#line 1949 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartFileName_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3535 "seclang-parser.cc" +#line 3530 "seclang-parser.cc" break; case 183: // var: VARIABLE_MULTIPART_FILENAME -#line 1958 "seclang-parser.yy" +#line 1953 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartFileName_NoDictElement()); } -#line 3543 "seclang-parser.cc" +#line 3538 "seclang-parser.cc" break; case 184: // var: VARIABLE_MULTIPART_NAME "Dictionary element" -#line 1962 "seclang-parser.yy" +#line 1957 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartName_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3551 "seclang-parser.cc" +#line 3546 "seclang-parser.cc" break; case 185: // var: VARIABLE_MULTIPART_NAME "Dictionary element, selected by regexp" -#line 1966 "seclang-parser.yy" +#line 1961 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartName_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3559 "seclang-parser.cc" +#line 3554 "seclang-parser.cc" break; case 186: // var: VARIABLE_MULTIPART_NAME -#line 1970 "seclang-parser.yy" +#line 1965 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartName_NoDictElement()); } -#line 3567 "seclang-parser.cc" +#line 3562 "seclang-parser.cc" break; case 187: // var: VARIABLE_MATCHED_VARS_NAMES "Dictionary element" -#line 1974 "seclang-parser.yy" +#line 1969 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVarsNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3575 "seclang-parser.cc" +#line 3570 "seclang-parser.cc" break; case 188: // var: VARIABLE_MATCHED_VARS_NAMES "Dictionary element, selected by regexp" -#line 1978 "seclang-parser.yy" +#line 1973 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVarsNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3583 "seclang-parser.cc" +#line 3578 "seclang-parser.cc" break; case 189: // var: VARIABLE_MATCHED_VARS_NAMES -#line 1982 "seclang-parser.yy" +#line 1977 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVarsNames_NoDictElement()); } -#line 3591 "seclang-parser.cc" +#line 3586 "seclang-parser.cc" break; case 190: // var: VARIABLE_MATCHED_VARS "Dictionary element" -#line 1986 "seclang-parser.yy" +#line 1981 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVars_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3599 "seclang-parser.cc" +#line 3594 "seclang-parser.cc" break; case 191: // var: VARIABLE_MATCHED_VARS "Dictionary element, selected by regexp" -#line 1990 "seclang-parser.yy" +#line 1985 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVars_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3607 "seclang-parser.cc" +#line 3602 "seclang-parser.cc" break; case 192: // var: VARIABLE_MATCHED_VARS -#line 1994 "seclang-parser.yy" +#line 1989 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVars_NoDictElement()); } -#line 3615 "seclang-parser.cc" +#line 3610 "seclang-parser.cc" break; case 193: // var: VARIABLE_FILES "Dictionary element" -#line 1998 "seclang-parser.yy" +#line 1993 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Files_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3623 "seclang-parser.cc" +#line 3618 "seclang-parser.cc" break; case 194: // var: VARIABLE_FILES "Dictionary element, selected by regexp" -#line 2002 "seclang-parser.yy" +#line 1997 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Files_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3631 "seclang-parser.cc" +#line 3626 "seclang-parser.cc" break; case 195: // var: VARIABLE_FILES -#line 2006 "seclang-parser.yy" +#line 2001 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Files_NoDictElement()); } -#line 3639 "seclang-parser.cc" +#line 3634 "seclang-parser.cc" break; case 196: // var: VARIABLE_REQUEST_COOKIES "Dictionary element" -#line 2010 "seclang-parser.yy" +#line 2005 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookies_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3647 "seclang-parser.cc" +#line 3642 "seclang-parser.cc" break; case 197: // var: VARIABLE_REQUEST_COOKIES "Dictionary element, selected by regexp" -#line 2014 "seclang-parser.yy" +#line 2009 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookies_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3655 "seclang-parser.cc" +#line 3650 "seclang-parser.cc" break; case 198: // var: VARIABLE_REQUEST_COOKIES -#line 2018 "seclang-parser.yy" +#line 2013 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookies_NoDictElement()); } -#line 3663 "seclang-parser.cc" +#line 3658 "seclang-parser.cc" break; case 199: // var: VARIABLE_REQUEST_HEADERS "Dictionary element" -#line 2022 "seclang-parser.yy" +#line 2017 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeaders_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3671 "seclang-parser.cc" +#line 3666 "seclang-parser.cc" break; case 200: // var: VARIABLE_REQUEST_HEADERS "Dictionary element, selected by regexp" -#line 2026 "seclang-parser.yy" +#line 2021 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeaders_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3679 "seclang-parser.cc" +#line 3674 "seclang-parser.cc" break; case 201: // var: VARIABLE_REQUEST_HEADERS -#line 2030 "seclang-parser.yy" +#line 2025 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeaders_NoDictElement()); } -#line 3687 "seclang-parser.cc" +#line 3682 "seclang-parser.cc" break; case 202: // var: VARIABLE_RESPONSE_HEADERS "Dictionary element" -#line 2034 "seclang-parser.yy" +#line 2029 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeaders_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3695 "seclang-parser.cc" +#line 3690 "seclang-parser.cc" break; case 203: // var: VARIABLE_RESPONSE_HEADERS "Dictionary element, selected by regexp" -#line 2038 "seclang-parser.yy" +#line 2033 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeaders_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3703 "seclang-parser.cc" +#line 3698 "seclang-parser.cc" break; case 204: // var: VARIABLE_RESPONSE_HEADERS -#line 2042 "seclang-parser.yy" +#line 2037 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeaders_NoDictElement()); } -#line 3711 "seclang-parser.cc" +#line 3706 "seclang-parser.cc" break; case 205: // var: VARIABLE_GEO "Dictionary element" -#line 2046 "seclang-parser.yy" +#line 2041 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Geo_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3719 "seclang-parser.cc" +#line 3714 "seclang-parser.cc" break; case 206: // var: VARIABLE_GEO "Dictionary element, selected by regexp" -#line 2050 "seclang-parser.yy" +#line 2045 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Geo_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3727 "seclang-parser.cc" +#line 3722 "seclang-parser.cc" break; case 207: // var: VARIABLE_GEO -#line 2054 "seclang-parser.yy" +#line 2049 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Geo_NoDictElement()); } -#line 3735 "seclang-parser.cc" +#line 3730 "seclang-parser.cc" break; case 208: // var: VARIABLE_REQUEST_COOKIES_NAMES "Dictionary element" -#line 2058 "seclang-parser.yy" +#line 2053 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookiesNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3743 "seclang-parser.cc" +#line 3738 "seclang-parser.cc" break; case 209: // var: VARIABLE_REQUEST_COOKIES_NAMES "Dictionary element, selected by regexp" -#line 2062 "seclang-parser.yy" +#line 2057 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookiesNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3751 "seclang-parser.cc" +#line 3746 "seclang-parser.cc" break; case 210: // var: VARIABLE_REQUEST_COOKIES_NAMES -#line 2066 "seclang-parser.yy" +#line 2061 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookiesNames_NoDictElement()); } -#line 3759 "seclang-parser.cc" +#line 3754 "seclang-parser.cc" break; case 211: // var: VARIABLE_RULE "Dictionary element" -#line 2070 "seclang-parser.yy" +#line 2065 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Rule_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3767 "seclang-parser.cc" +#line 3762 "seclang-parser.cc" break; case 212: // var: VARIABLE_RULE "Dictionary element, selected by regexp" -#line 2074 "seclang-parser.yy" +#line 2069 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Rule_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3775 "seclang-parser.cc" +#line 3770 "seclang-parser.cc" break; case 213: // var: VARIABLE_RULE -#line 2078 "seclang-parser.yy" +#line 2073 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Rule_NoDictElement()); } -#line 3783 "seclang-parser.cc" +#line 3778 "seclang-parser.cc" break; case 214: // var: "RUN_TIME_VAR_ENV" "Dictionary element" -#line 2082 "seclang-parser.yy" +#line 2077 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Env("ENV:" + yystack_[0].value.as < std::string > ())); } -#line 3791 "seclang-parser.cc" +#line 3786 "seclang-parser.cc" break; case 215: // var: "RUN_TIME_VAR_ENV" "Dictionary element, selected by regexp" -#line 2086 "seclang-parser.yy" +#line 2081 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Env("ENV:" + yystack_[0].value.as < std::string > ())); } -#line 3799 "seclang-parser.cc" +#line 3794 "seclang-parser.cc" break; case 216: // var: "RUN_TIME_VAR_ENV" -#line 2090 "seclang-parser.yy" +#line 2085 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Env("ENV")); } -#line 3807 "seclang-parser.cc" +#line 3802 "seclang-parser.cc" break; case 217: // var: "RUN_TIME_VAR_XML" "Dictionary element" -#line 2094 "seclang-parser.yy" +#line 2089 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::XML_WithNSPath(yystack_[0].value.as < std::string > ())); } -#line 3815 "seclang-parser.cc" +#line 3810 "seclang-parser.cc" break; case 218: // var: "RUN_TIME_VAR_XML" "Dictionary element, selected by regexp" -#line 2098 "seclang-parser.yy" +#line 2093 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::XML_WithNSPath(yystack_[0].value.as < std::string > ())); } -#line 3823 "seclang-parser.cc" +#line 3818 "seclang-parser.cc" break; case 219: // var: "RUN_TIME_VAR_XML" -#line 2102 "seclang-parser.yy" +#line 2097 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::XML_WithoutNSPath()); } -#line 3831 "seclang-parser.cc" +#line 3826 "seclang-parser.cc" break; case 220: // var: "FILES_TMPNAMES" "Dictionary element" -#line 2106 "seclang-parser.yy" +#line 2101 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3839 "seclang-parser.cc" +#line 3834 "seclang-parser.cc" break; case 221: // var: "FILES_TMPNAMES" "Dictionary element, selected by regexp" -#line 2110 "seclang-parser.yy" +#line 2105 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3847 "seclang-parser.cc" +#line 3842 "seclang-parser.cc" break; case 222: // var: "FILES_TMPNAMES" -#line 2114 "seclang-parser.yy" +#line 2109 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpNames_NoDictElement()); } -#line 3855 "seclang-parser.cc" +#line 3850 "seclang-parser.cc" break; case 223: // var: "RESOURCE" run_time_string -#line 2118 "seclang-parser.yy" +#line 2113 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Resource_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 3863 "seclang-parser.cc" +#line 3858 "seclang-parser.cc" break; case 224: // var: "RESOURCE" "Dictionary element" -#line 2122 "seclang-parser.yy" +#line 2117 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Resource_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3871 "seclang-parser.cc" +#line 3866 "seclang-parser.cc" break; case 225: // var: "RESOURCE" "Dictionary element, selected by regexp" -#line 2126 "seclang-parser.yy" +#line 2121 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Resource_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3879 "seclang-parser.cc" +#line 3874 "seclang-parser.cc" break; case 226: // var: "RESOURCE" -#line 2130 "seclang-parser.yy" +#line 2125 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Resource_NoDictElement()); } -#line 3887 "seclang-parser.cc" +#line 3882 "seclang-parser.cc" break; case 227: // var: "VARIABLE_IP" run_time_string -#line 2134 "seclang-parser.yy" +#line 2129 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Ip_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 3895 "seclang-parser.cc" +#line 3890 "seclang-parser.cc" break; case 228: // var: "VARIABLE_IP" "Dictionary element" -#line 2138 "seclang-parser.yy" +#line 2133 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Ip_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3903 "seclang-parser.cc" +#line 3898 "seclang-parser.cc" break; case 229: // var: "VARIABLE_IP" "Dictionary element, selected by regexp" -#line 2142 "seclang-parser.yy" +#line 2137 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Ip_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3911 "seclang-parser.cc" +#line 3906 "seclang-parser.cc" break; case 230: // var: "VARIABLE_IP" -#line 2146 "seclang-parser.yy" +#line 2141 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Ip_NoDictElement()); } -#line 3919 "seclang-parser.cc" +#line 3914 "seclang-parser.cc" break; case 231: // var: "VARIABLE_GLOBAL" run_time_string -#line 2150 "seclang-parser.yy" +#line 2145 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Global_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 3927 "seclang-parser.cc" +#line 3922 "seclang-parser.cc" break; case 232: // var: "VARIABLE_GLOBAL" "Dictionary element" -#line 2154 "seclang-parser.yy" +#line 2149 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Global_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3935 "seclang-parser.cc" +#line 3930 "seclang-parser.cc" break; case 233: // var: "VARIABLE_GLOBAL" "Dictionary element, selected by regexp" -#line 2158 "seclang-parser.yy" +#line 2153 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Global_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3943 "seclang-parser.cc" +#line 3938 "seclang-parser.cc" break; case 234: // var: "VARIABLE_GLOBAL" -#line 2162 "seclang-parser.yy" +#line 2157 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Global_NoDictElement()); } -#line 3951 "seclang-parser.cc" +#line 3946 "seclang-parser.cc" break; case 235: // var: "VARIABLE_USER" run_time_string -#line 2166 "seclang-parser.yy" +#line 2161 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::User_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 3959 "seclang-parser.cc" +#line 3954 "seclang-parser.cc" break; case 236: // var: "VARIABLE_USER" "Dictionary element" -#line 2170 "seclang-parser.yy" +#line 2165 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::User_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3967 "seclang-parser.cc" +#line 3962 "seclang-parser.cc" break; case 237: // var: "VARIABLE_USER" "Dictionary element, selected by regexp" -#line 2174 "seclang-parser.yy" +#line 2169 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::User_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3975 "seclang-parser.cc" +#line 3970 "seclang-parser.cc" break; case 238: // var: "VARIABLE_USER" -#line 2178 "seclang-parser.yy" +#line 2173 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::User_NoDictElement()); } -#line 3983 "seclang-parser.cc" +#line 3978 "seclang-parser.cc" break; case 239: // var: "VARIABLE_TX" run_time_string -#line 2182 "seclang-parser.yy" +#line 2177 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Tx_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 3991 "seclang-parser.cc" +#line 3986 "seclang-parser.cc" break; case 240: // var: "VARIABLE_TX" "Dictionary element" -#line 2186 "seclang-parser.yy" +#line 2181 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Tx_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3999 "seclang-parser.cc" +#line 3994 "seclang-parser.cc" break; case 241: // var: "VARIABLE_TX" "Dictionary element, selected by regexp" -#line 2190 "seclang-parser.yy" +#line 2185 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Tx_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4007 "seclang-parser.cc" +#line 4002 "seclang-parser.cc" break; case 242: // var: "VARIABLE_TX" -#line 2194 "seclang-parser.yy" +#line 2189 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Tx_NoDictElement()); } -#line 4015 "seclang-parser.cc" +#line 4010 "seclang-parser.cc" break; case 243: // var: "VARIABLE_SESSION" run_time_string -#line 2198 "seclang-parser.yy" +#line 2193 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Session_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 4023 "seclang-parser.cc" +#line 4018 "seclang-parser.cc" break; case 244: // var: "VARIABLE_SESSION" "Dictionary element" -#line 2202 "seclang-parser.yy" +#line 2197 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Session_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4031 "seclang-parser.cc" +#line 4026 "seclang-parser.cc" break; case 245: // var: "VARIABLE_SESSION" "Dictionary element, selected by regexp" -#line 2206 "seclang-parser.yy" +#line 2201 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Session_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4039 "seclang-parser.cc" +#line 4034 "seclang-parser.cc" break; case 246: // var: "VARIABLE_SESSION" -#line 2210 "seclang-parser.yy" +#line 2205 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Session_NoDictElement()); } -#line 4047 "seclang-parser.cc" +#line 4042 "seclang-parser.cc" break; case 247: // var: "Variable ARGS_NAMES" "Dictionary element" -#line 2214 "seclang-parser.yy" +#line 2209 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4055 "seclang-parser.cc" +#line 4050 "seclang-parser.cc" break; case 248: // var: "Variable ARGS_NAMES" "Dictionary element, selected by regexp" -#line 2218 "seclang-parser.yy" +#line 2213 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4063 "seclang-parser.cc" +#line 4058 "seclang-parser.cc" break; case 249: // var: "Variable ARGS_NAMES" -#line 2222 "seclang-parser.yy" +#line 2217 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsNames_NoDictElement()); } -#line 4071 "seclang-parser.cc" +#line 4066 "seclang-parser.cc" break; case 250: // var: VARIABLE_ARGS_GET_NAMES "Dictionary element" -#line 2226 "seclang-parser.yy" +#line 2221 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGetNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4079 "seclang-parser.cc" +#line 4074 "seclang-parser.cc" break; case 251: // var: VARIABLE_ARGS_GET_NAMES "Dictionary element, selected by regexp" -#line 2230 "seclang-parser.yy" +#line 2225 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGetNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4087 "seclang-parser.cc" +#line 4082 "seclang-parser.cc" break; case 252: // var: VARIABLE_ARGS_GET_NAMES -#line 2234 "seclang-parser.yy" +#line 2229 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGetNames_NoDictElement()); } -#line 4095 "seclang-parser.cc" +#line 4090 "seclang-parser.cc" break; case 253: // var: VARIABLE_ARGS_POST_NAMES "Dictionary element" -#line 2239 "seclang-parser.yy" +#line 2234 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPostNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4103 "seclang-parser.cc" +#line 4098 "seclang-parser.cc" break; case 254: // var: VARIABLE_ARGS_POST_NAMES "Dictionary element, selected by regexp" -#line 2243 "seclang-parser.yy" +#line 2238 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPostNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4111 "seclang-parser.cc" +#line 4106 "seclang-parser.cc" break; case 255: // var: VARIABLE_ARGS_POST_NAMES -#line 2247 "seclang-parser.yy" +#line 2242 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPostNames_NoDictElement()); } -#line 4119 "seclang-parser.cc" +#line 4114 "seclang-parser.cc" break; case 256: // var: VARIABLE_REQUEST_HEADERS_NAMES "Dictionary element" -#line 2252 "seclang-parser.yy" +#line 2247 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeadersNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4127 "seclang-parser.cc" +#line 4122 "seclang-parser.cc" break; case 257: // var: VARIABLE_REQUEST_HEADERS_NAMES "Dictionary element, selected by regexp" -#line 2256 "seclang-parser.yy" +#line 2251 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeadersNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4135 "seclang-parser.cc" +#line 4130 "seclang-parser.cc" break; case 258: // var: VARIABLE_REQUEST_HEADERS_NAMES -#line 2260 "seclang-parser.yy" +#line 2255 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeadersNames_NoDictElement()); } -#line 4143 "seclang-parser.cc" +#line 4138 "seclang-parser.cc" break; case 259: // var: VARIABLE_RESPONSE_CONTENT_TYPE -#line 2265 "seclang-parser.yy" +#line 2260 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseContentType()); } -#line 4151 "seclang-parser.cc" +#line 4146 "seclang-parser.cc" break; case 260: // var: VARIABLE_RESPONSE_HEADERS_NAMES "Dictionary element" -#line 2270 "seclang-parser.yy" +#line 2265 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeadersNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4159 "seclang-parser.cc" +#line 4154 "seclang-parser.cc" break; case 261: // var: VARIABLE_RESPONSE_HEADERS_NAMES "Dictionary element, selected by regexp" -#line 2274 "seclang-parser.yy" +#line 2269 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeadersNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4167 "seclang-parser.cc" +#line 4162 "seclang-parser.cc" break; case 262: // var: VARIABLE_RESPONSE_HEADERS_NAMES -#line 2278 "seclang-parser.yy" +#line 2273 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeadersNames_NoDictElement()); } -#line 4175 "seclang-parser.cc" +#line 4170 "seclang-parser.cc" break; case 263: // var: VARIABLE_ARGS_COMBINED_SIZE -#line 2282 "seclang-parser.yy" +#line 2277 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsCombinedSize()); } -#line 4183 "seclang-parser.cc" +#line 4178 "seclang-parser.cc" break; case 264: // var: "AUTH_TYPE" -#line 2286 "seclang-parser.yy" +#line 2281 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::AuthType()); } -#line 4191 "seclang-parser.cc" +#line 4186 "seclang-parser.cc" break; case 265: // var: "FILES_COMBINED_SIZE" -#line 2290 "seclang-parser.yy" +#line 2285 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesCombinedSize()); } -#line 4199 "seclang-parser.cc" +#line 4194 "seclang-parser.cc" break; case 266: // var: "FULL_REQUEST" -#line 2294 "seclang-parser.yy" +#line 2289 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FullRequest()); } -#line 4207 "seclang-parser.cc" +#line 4202 "seclang-parser.cc" break; case 267: // var: "FULL_REQUEST_LENGTH" -#line 2298 "seclang-parser.yy" +#line 2293 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FullRequestLength()); } -#line 4215 "seclang-parser.cc" +#line 4210 "seclang-parser.cc" break; case 268: // var: "INBOUND_DATA_ERROR" -#line 2302 "seclang-parser.yy" +#line 2297 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::InboundDataError()); } -#line 4223 "seclang-parser.cc" +#line 4218 "seclang-parser.cc" break; case 269: // var: "MATCHED_VAR" -#line 2306 "seclang-parser.yy" +#line 2301 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVar()); } -#line 4231 "seclang-parser.cc" +#line 4226 "seclang-parser.cc" break; case 270: // var: "MATCHED_VAR_NAME" -#line 2310 "seclang-parser.yy" +#line 2305 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVarName()); } -#line 4239 "seclang-parser.cc" +#line 4234 "seclang-parser.cc" break; case 271: // var: VARIABLE_MULTIPART_BOUNDARY_QUOTED -#line 2314 "seclang-parser.yy" +#line 2309 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartBoundaryQuoted()); } -#line 4247 "seclang-parser.cc" +#line 4242 "seclang-parser.cc" break; case 272: // var: VARIABLE_MULTIPART_BOUNDARY_WHITESPACE -#line 2318 "seclang-parser.yy" +#line 2313 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartBoundaryWhiteSpace()); } -#line 4255 "seclang-parser.cc" +#line 4250 "seclang-parser.cc" break; case 273: // var: "MULTIPART_CRLF_LF_LINES" -#line 2322 "seclang-parser.yy" +#line 2317 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartCrlfLFLines()); } -#line 4263 "seclang-parser.cc" +#line 4258 "seclang-parser.cc" break; case 274: // var: "MULTIPART_DATA_AFTER" -#line 2326 "seclang-parser.yy" +#line 2321 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartDateAfter()); } -#line 4271 "seclang-parser.cc" +#line 4266 "seclang-parser.cc" break; case 275: // var: VARIABLE_MULTIPART_DATA_BEFORE -#line 2330 "seclang-parser.yy" +#line 2325 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartDateBefore()); } -#line 4279 "seclang-parser.cc" +#line 4274 "seclang-parser.cc" break; case 276: // var: "MULTIPART_FILE_LIMIT_EXCEEDED" -#line 2334 "seclang-parser.yy" +#line 2329 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartFileLimitExceeded()); } -#line 4287 "seclang-parser.cc" +#line 4282 "seclang-parser.cc" break; case 277: // var: "MULTIPART_HEADER_FOLDING" -#line 2338 "seclang-parser.yy" +#line 2333 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartHeaderFolding()); } -#line 4295 "seclang-parser.cc" +#line 4290 "seclang-parser.cc" break; case 278: // var: "MULTIPART_INVALID_HEADER_FOLDING" -#line 2342 "seclang-parser.yy" +#line 2337 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartInvalidHeaderFolding()); } -#line 4303 "seclang-parser.cc" +#line 4298 "seclang-parser.cc" break; case 279: // var: VARIABLE_MULTIPART_INVALID_PART -#line 2346 "seclang-parser.yy" +#line 2341 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartInvalidPart()); } -#line 4311 "seclang-parser.cc" +#line 4306 "seclang-parser.cc" break; case 280: // var: "MULTIPART_INVALID_QUOTING" -#line 2350 "seclang-parser.yy" +#line 2345 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartInvalidQuoting()); } -#line 4319 "seclang-parser.cc" +#line 4314 "seclang-parser.cc" break; case 281: // var: VARIABLE_MULTIPART_LF_LINE -#line 2354 "seclang-parser.yy" +#line 2349 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartLFLine()); } -#line 4327 "seclang-parser.cc" +#line 4322 "seclang-parser.cc" break; case 282: // var: VARIABLE_MULTIPART_MISSING_SEMICOLON -#line 2358 "seclang-parser.yy" +#line 2353 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartMissingSemicolon()); } -#line 4335 "seclang-parser.cc" +#line 4330 "seclang-parser.cc" break; case 283: // var: VARIABLE_MULTIPART_SEMICOLON_MISSING -#line 2362 "seclang-parser.yy" +#line 2357 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartMissingSemicolon()); } -#line 4343 "seclang-parser.cc" +#line 4338 "seclang-parser.cc" break; case 284: // var: "MULTIPART_STRICT_ERROR" -#line 2366 "seclang-parser.yy" +#line 2361 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartStrictError()); } -#line 4351 "seclang-parser.cc" +#line 4346 "seclang-parser.cc" break; case 285: // var: "MULTIPART_UNMATCHED_BOUNDARY" -#line 2370 "seclang-parser.yy" +#line 2365 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartUnmatchedBoundary()); } -#line 4359 "seclang-parser.cc" +#line 4354 "seclang-parser.cc" break; case 286: // var: "OUTBOUND_DATA_ERROR" -#line 2374 "seclang-parser.yy" +#line 2369 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::OutboundDataError()); } -#line 4367 "seclang-parser.cc" +#line 4362 "seclang-parser.cc" break; case 287: // var: "PATH_INFO" -#line 2378 "seclang-parser.yy" +#line 2373 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::PathInfo()); } -#line 4375 "seclang-parser.cc" +#line 4370 "seclang-parser.cc" break; case 288: // var: "QUERY_STRING" -#line 2382 "seclang-parser.yy" +#line 2377 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::QueryString()); } -#line 4383 "seclang-parser.cc" +#line 4378 "seclang-parser.cc" break; case 289: // var: "REMOTE_ADDR" -#line 2386 "seclang-parser.yy" +#line 2381 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RemoteAddr()); } -#line 4391 "seclang-parser.cc" +#line 4386 "seclang-parser.cc" break; case 290: // var: "REMOTE_HOST" -#line 2390 "seclang-parser.yy" +#line 2385 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RemoteHost()); } -#line 4399 "seclang-parser.cc" +#line 4394 "seclang-parser.cc" break; case 291: // var: "REMOTE_PORT" -#line 2394 "seclang-parser.yy" +#line 2389 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RemotePort()); } -#line 4407 "seclang-parser.cc" +#line 4402 "seclang-parser.cc" break; case 292: // var: "REQBODY_ERROR" -#line 2398 "seclang-parser.yy" +#line 2393 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ReqbodyError()); } -#line 4415 "seclang-parser.cc" +#line 4410 "seclang-parser.cc" break; case 293: // var: "REQBODY_ERROR_MSG" -#line 2402 "seclang-parser.yy" +#line 2397 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ReqbodyErrorMsg()); } -#line 4423 "seclang-parser.cc" +#line 4418 "seclang-parser.cc" break; case 294: // var: "REQBODY_PROCESSOR" -#line 2406 "seclang-parser.yy" +#line 2401 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ReqbodyProcessor()); } -#line 4431 "seclang-parser.cc" +#line 4426 "seclang-parser.cc" break; case 295: // var: "REQBODY_PROCESSOR_ERROR" -#line 2410 "seclang-parser.yy" +#line 2405 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ReqbodyProcessorError()); } -#line 4439 "seclang-parser.cc" +#line 4434 "seclang-parser.cc" break; case 296: // var: "REQBODY_PROCESSOR_ERROR_MSG" -#line 2414 "seclang-parser.yy" +#line 2409 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ReqbodyProcessorErrorMsg()); } -#line 4447 "seclang-parser.cc" +#line 4442 "seclang-parser.cc" break; case 297: // var: "REQUEST_BASENAME" -#line 2418 "seclang-parser.yy" +#line 2413 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestBasename()); } -#line 4455 "seclang-parser.cc" +#line 4450 "seclang-parser.cc" break; case 298: // var: "REQUEST_BODY" -#line 2422 "seclang-parser.yy" +#line 2417 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestBody()); } -#line 4463 "seclang-parser.cc" +#line 4458 "seclang-parser.cc" break; case 299: // var: "REQUEST_BODY_LENGTH" -#line 2426 "seclang-parser.yy" +#line 2421 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestBodyLength()); } -#line 4471 "seclang-parser.cc" +#line 4466 "seclang-parser.cc" break; case 300: // var: "REQUEST_FILENAME" -#line 2430 "seclang-parser.yy" +#line 2425 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestFilename()); } -#line 4479 "seclang-parser.cc" +#line 4474 "seclang-parser.cc" break; case 301: // var: "REQUEST_LINE" -#line 2434 "seclang-parser.yy" +#line 2429 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestLine()); } -#line 4487 "seclang-parser.cc" +#line 4482 "seclang-parser.cc" break; case 302: // var: "REQUEST_METHOD" -#line 2438 "seclang-parser.yy" +#line 2433 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestMethod()); } -#line 4495 "seclang-parser.cc" +#line 4490 "seclang-parser.cc" break; case 303: // var: "REQUEST_PROTOCOL" -#line 2442 "seclang-parser.yy" +#line 2437 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestProtocol()); } -#line 4503 "seclang-parser.cc" +#line 4498 "seclang-parser.cc" break; case 304: // var: "REQUEST_URI" -#line 2446 "seclang-parser.yy" +#line 2441 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestURI()); } -#line 4511 "seclang-parser.cc" +#line 4506 "seclang-parser.cc" break; case 305: // var: "REQUEST_URI_RAW" -#line 2450 "seclang-parser.yy" +#line 2445 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestURIRaw()); } -#line 4519 "seclang-parser.cc" +#line 4514 "seclang-parser.cc" break; case 306: // var: "RESPONSE_BODY" -#line 2454 "seclang-parser.yy" +#line 2449 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseBody()); } -#line 4527 "seclang-parser.cc" +#line 4522 "seclang-parser.cc" break; case 307: // var: "RESPONSE_CONTENT_LENGTH" -#line 2458 "seclang-parser.yy" +#line 2453 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseContentLength()); } -#line 4535 "seclang-parser.cc" +#line 4530 "seclang-parser.cc" break; case 308: // var: "RESPONSE_PROTOCOL" -#line 2462 "seclang-parser.yy" +#line 2457 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseProtocol()); } -#line 4543 "seclang-parser.cc" +#line 4538 "seclang-parser.cc" break; case 309: // var: "RESPONSE_STATUS" -#line 2466 "seclang-parser.yy" +#line 2461 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseStatus()); } -#line 4551 "seclang-parser.cc" +#line 4546 "seclang-parser.cc" break; case 310: // var: "SERVER_ADDR" -#line 2470 "seclang-parser.yy" +#line 2465 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ServerAddr()); } -#line 4559 "seclang-parser.cc" +#line 4554 "seclang-parser.cc" break; case 311: // var: "SERVER_NAME" -#line 2474 "seclang-parser.yy" +#line 2469 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ServerName()); } -#line 4567 "seclang-parser.cc" +#line 4562 "seclang-parser.cc" break; case 312: // var: "SERVER_PORT" -#line 2478 "seclang-parser.yy" +#line 2473 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ServerPort()); } -#line 4575 "seclang-parser.cc" +#line 4570 "seclang-parser.cc" break; case 313: // var: "SESSIONID" -#line 2482 "seclang-parser.yy" +#line 2477 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::SessionID()); } -#line 4583 "seclang-parser.cc" +#line 4578 "seclang-parser.cc" break; case 314: // var: "UNIQUE_ID" -#line 2486 "seclang-parser.yy" +#line 2481 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::UniqueID()); } -#line 4591 "seclang-parser.cc" +#line 4586 "seclang-parser.cc" break; case 315: // var: "URLENCODED_ERROR" -#line 2490 "seclang-parser.yy" +#line 2485 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::UrlEncodedError()); } -#line 4599 "seclang-parser.cc" +#line 4594 "seclang-parser.cc" break; case 316: // var: "USERID" -#line 2494 "seclang-parser.yy" +#line 2489 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::UserID()); } -#line 4607 "seclang-parser.cc" +#line 4602 "seclang-parser.cc" break; case 317: // var: "VARIABLE_STATUS" -#line 2498 "seclang-parser.yy" +#line 2493 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Status()); } -#line 4615 "seclang-parser.cc" +#line 4610 "seclang-parser.cc" break; case 318: // var: "VARIABLE_STATUS_LINE" -#line 2502 "seclang-parser.yy" +#line 2497 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Status()); } -#line 4623 "seclang-parser.cc" +#line 4618 "seclang-parser.cc" break; case 319: // var: "WEBAPPID" -#line 2506 "seclang-parser.yy" +#line 2501 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::WebAppId()); } -#line 4631 "seclang-parser.cc" +#line 4626 "seclang-parser.cc" break; case 320: // var: "RUN_TIME_VAR_DUR" -#line 2510 "seclang-parser.yy" +#line 2505 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new Duration(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4642 "seclang-parser.cc" +#line 4637 "seclang-parser.cc" break; case 321: // var: "RUN_TIME_VAR_BLD" -#line 2518 "seclang-parser.yy" +#line 2513 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new ModsecBuild(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4653 "seclang-parser.cc" +#line 4648 "seclang-parser.cc" break; case 322: // var: "RUN_TIME_VAR_HSV" -#line 2525 "seclang-parser.yy" +#line 2520 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new HighestSeverity(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4664 "seclang-parser.cc" +#line 4659 "seclang-parser.cc" break; case 323: // var: "RUN_TIME_VAR_REMOTE_USER" -#line 2532 "seclang-parser.yy" +#line 2527 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new RemoteUser(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4675 "seclang-parser.cc" +#line 4670 "seclang-parser.cc" break; case 324: // var: "RUN_TIME_VAR_TIME" -#line 2539 "seclang-parser.yy" +#line 2534 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new Time(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4686 "seclang-parser.cc" +#line 4681 "seclang-parser.cc" break; case 325: // var: "RUN_TIME_VAR_TIME_DAY" -#line 2546 "seclang-parser.yy" +#line 2541 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeDay(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4697 "seclang-parser.cc" +#line 4692 "seclang-parser.cc" break; case 326: // var: "RUN_TIME_VAR_TIME_EPOCH" -#line 2553 "seclang-parser.yy" +#line 2548 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeEpoch(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4708 "seclang-parser.cc" +#line 4703 "seclang-parser.cc" break; case 327: // var: "RUN_TIME_VAR_TIME_HOUR" -#line 2560 "seclang-parser.yy" +#line 2555 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeHour(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4719 "seclang-parser.cc" +#line 4714 "seclang-parser.cc" break; case 328: // var: "RUN_TIME_VAR_TIME_MIN" -#line 2567 "seclang-parser.yy" +#line 2562 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeMin(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4730 "seclang-parser.cc" +#line 4725 "seclang-parser.cc" break; case 329: // var: "RUN_TIME_VAR_TIME_MON" -#line 2574 "seclang-parser.yy" +#line 2569 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeMon(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4741 "seclang-parser.cc" +#line 4736 "seclang-parser.cc" break; case 330: // var: "RUN_TIME_VAR_TIME_SEC" -#line 2581 "seclang-parser.yy" +#line 2576 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeSec(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4752 "seclang-parser.cc" +#line 4747 "seclang-parser.cc" break; case 331: // var: "RUN_TIME_VAR_TIME_WDAY" -#line 2588 "seclang-parser.yy" +#line 2583 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeWDay(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4763 "seclang-parser.cc" +#line 4758 "seclang-parser.cc" break; case 332: // var: "RUN_TIME_VAR_TIME_YEAR" -#line 2595 "seclang-parser.yy" +#line 2590 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeYear(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4774 "seclang-parser.cc" +#line 4769 "seclang-parser.cc" break; case 333: // act: "Accuracy" -#line 2605 "seclang-parser.yy" +#line 2600 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Accuracy(yystack_[0].value.as < std::string > ())); } -#line 4782 "seclang-parser.cc" +#line 4777 "seclang-parser.cc" break; case 334: // act: "Allow" -#line 2609 "seclang-parser.yy" +#line 2604 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Allow(yystack_[0].value.as < std::string > ())); } -#line 4790 "seclang-parser.cc" +#line 4785 "seclang-parser.cc" break; case 335: // act: "Append" -#line 2613 "seclang-parser.yy" +#line 2608 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("Append", yystack_[1].location); } -#line 4798 "seclang-parser.cc" +#line 4793 "seclang-parser.cc" break; case 336: // act: "AuditLog" -#line 2617 "seclang-parser.yy" +#line 2612 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::AuditLog()); } -#line 4806 "seclang-parser.cc" +#line 4801 "seclang-parser.cc" break; case 337: // act: "Block" -#line 2621 "seclang-parser.yy" +#line 2616 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Block()); } -#line 4814 "seclang-parser.cc" +#line 4809 "seclang-parser.cc" break; case 338: // act: "Capture" -#line 2625 "seclang-parser.yy" +#line 2620 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Capture()); } -#line 4822 "seclang-parser.cc" +#line 4817 "seclang-parser.cc" break; case 339: // act: "Chain" -#line 2629 "seclang-parser.yy" +#line 2624 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Chain()); } -#line 4830 "seclang-parser.cc" +#line 4825 "seclang-parser.cc" break; case 340: // act: "ACTION_CTL_AUDIT_ENGINE" "CONFIG_VALUE_ON" +#line 2628 "seclang-parser.yy" + { + //ACTION_NOT_SUPPORTED("CtlAuditEngine", @0); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); + } +#line 4834 "seclang-parser.cc" + break; + + case 341: // act: "ACTION_CTL_AUDIT_ENGINE" "CONFIG_VALUE_OFF" #line 2633 "seclang-parser.yy" { //ACTION_NOT_SUPPORTED("CtlAuditEngine", @0); ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); } -#line 4839 "seclang-parser.cc" +#line 4843 "seclang-parser.cc" break; - case 341: // act: "ACTION_CTL_AUDIT_ENGINE" "CONFIG_VALUE_OFF" + case 342: // act: "ACTION_CTL_AUDIT_ENGINE" "CONFIG_VALUE_RELEVANT_ONLY" #line 2638 "seclang-parser.yy" { //ACTION_NOT_SUPPORTED("CtlAuditEngine", @0); ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); } -#line 4848 "seclang-parser.cc" - break; - - case 342: // act: "ACTION_CTL_AUDIT_ENGINE" "CONFIG_VALUE_RELEVANT_ONLY" -#line 2643 "seclang-parser.yy" - { - //ACTION_NOT_SUPPORTED("CtlAuditEngine", @0); - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); - } -#line 4857 "seclang-parser.cc" +#line 4852 "seclang-parser.cc" break; case 343: // act: "ACTION_CTL_AUDIT_LOG_PARTS" -#line 2648 "seclang-parser.yy" +#line 2643 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::AuditLogParts(yystack_[0].value.as < std::string > ())); } -#line 4865 "seclang-parser.cc" +#line 4860 "seclang-parser.cc" break; case 344: // act: "ACTION_CTL_BDY_JSON" -#line 2652 "seclang-parser.yy" +#line 2647 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RequestBodyProcessorJSON(yystack_[0].value.as < std::string > ())); } -#line 4873 "seclang-parser.cc" +#line 4868 "seclang-parser.cc" break; case 345: // act: "ACTION_CTL_BDY_XML" -#line 2656 "seclang-parser.yy" +#line 2651 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RequestBodyProcessorXML(yystack_[0].value.as < std::string > ())); } -#line 4881 "seclang-parser.cc" +#line 4876 "seclang-parser.cc" break; case 346: // act: "ACTION_CTL_BDY_URLENCODED" -#line 2660 "seclang-parser.yy" +#line 2655 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RequestBodyProcessorURLENCODED(yystack_[0].value.as < std::string > ())); } -#line 4889 "seclang-parser.cc" +#line 4884 "seclang-parser.cc" break; case 347: // act: "ACTION_CTL_FORCE_REQ_BODY_VAR" "CONFIG_VALUE_ON" +#line 2659 "seclang-parser.yy" + { + //ACTION_NOT_SUPPORTED("CtlForceReequestBody", @0); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); + } +#line 4893 "seclang-parser.cc" + break; + + case 348: // act: "ACTION_CTL_FORCE_REQ_BODY_VAR" "CONFIG_VALUE_OFF" #line 2664 "seclang-parser.yy" { //ACTION_NOT_SUPPORTED("CtlForceReequestBody", @0); ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); } -#line 4898 "seclang-parser.cc" - break; - - case 348: // act: "ACTION_CTL_FORCE_REQ_BODY_VAR" "CONFIG_VALUE_OFF" -#line 2669 "seclang-parser.yy" - { - //ACTION_NOT_SUPPORTED("CtlForceReequestBody", @0); - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); - } -#line 4907 "seclang-parser.cc" +#line 4902 "seclang-parser.cc" break; case 349: // act: "ACTION_CTL_REQUEST_BODY_ACCESS" "CONFIG_VALUE_ON" -#line 2674 "seclang-parser.yy" +#line 2669 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RequestBodyAccess(yystack_[1].value.as < std::string > () + "true")); } -#line 4915 "seclang-parser.cc" +#line 4910 "seclang-parser.cc" break; case 350: // act: "ACTION_CTL_REQUEST_BODY_ACCESS" "CONFIG_VALUE_OFF" -#line 2678 "seclang-parser.yy" +#line 2673 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RequestBodyAccess(yystack_[1].value.as < std::string > () + "false")); } -#line 4923 "seclang-parser.cc" +#line 4918 "seclang-parser.cc" break; case 351: // act: "ACTION_CTL_RULE_ENGINE" "CONFIG_VALUE_ON" -#line 2682 "seclang-parser.yy" +#line 2677 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleEngine("ctl:RuleEngine=on")); } -#line 4931 "seclang-parser.cc" +#line 4926 "seclang-parser.cc" break; case 352: // act: "ACTION_CTL_RULE_ENGINE" "CONFIG_VALUE_OFF" -#line 2686 "seclang-parser.yy" +#line 2681 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleEngine("ctl:RuleEngine=off")); } -#line 4939 "seclang-parser.cc" +#line 4934 "seclang-parser.cc" break; case 353: // act: "ACTION_CTL_RULE_ENGINE" "CONFIG_VALUE_DETC" -#line 2690 "seclang-parser.yy" +#line 2685 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleEngine("ctl:RuleEngine=detectiononly")); } -#line 4947 "seclang-parser.cc" +#line 4942 "seclang-parser.cc" break; case 354: // act: "ACTION_CTL_RULE_REMOVE_BY_ID" -#line 2694 "seclang-parser.yy" +#line 2689 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleRemoveById(yystack_[0].value.as < std::string > ())); } -#line 4955 "seclang-parser.cc" +#line 4950 "seclang-parser.cc" break; case 355: // act: "ACTION_CTL_RULE_REMOVE_BY_TAG" -#line 2698 "seclang-parser.yy" +#line 2693 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleRemoveByTag(yystack_[0].value.as < std::string > ())); } -#line 4963 "seclang-parser.cc" +#line 4958 "seclang-parser.cc" break; case 356: // act: "ACTION_CTL_RULE_REMOVE_TARGET_BY_ID" -#line 2702 "seclang-parser.yy" +#line 2697 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleRemoveTargetById(yystack_[0].value.as < std::string > ())); } -#line 4971 "seclang-parser.cc" +#line 4966 "seclang-parser.cc" break; case 357: // act: "ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG" -#line 2706 "seclang-parser.yy" +#line 2701 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleRemoveTargetByTag(yystack_[0].value.as < std::string > ())); } -#line 4979 "seclang-parser.cc" +#line 4974 "seclang-parser.cc" break; case 358: // act: "Deny" -#line 2710 "seclang-parser.yy" +#line 2705 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Deny()); } -#line 4987 "seclang-parser.cc" +#line 4982 "seclang-parser.cc" break; case 359: // act: "DeprecateVar" -#line 2714 "seclang-parser.yy" +#line 2709 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("DeprecateVar", yystack_[1].location); } -#line 4995 "seclang-parser.cc" +#line 4990 "seclang-parser.cc" break; case 360: // act: "Drop" -#line 2718 "seclang-parser.yy" +#line 2713 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Drop()); } -#line 5003 "seclang-parser.cc" +#line 4998 "seclang-parser.cc" break; case 361: // act: "Exec" -#line 2722 "seclang-parser.yy" +#line 2717 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Exec(yystack_[0].value.as < std::string > ())); } -#line 5011 "seclang-parser.cc" +#line 5006 "seclang-parser.cc" break; case 362: // act: "ExpireVar" -#line 2726 "seclang-parser.yy" +#line 2721 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ExpireVar(yystack_[0].value.as < std::string > ())); } -#line 5019 "seclang-parser.cc" +#line 5014 "seclang-parser.cc" break; case 363: // act: "Id" -#line 2730 "seclang-parser.yy" +#line 2725 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::RuleId(yystack_[0].value.as < std::string > ())); } -#line 5027 "seclang-parser.cc" +#line 5022 "seclang-parser.cc" break; case 364: // act: "InitCol" run_time_string -#line 2734 "seclang-parser.yy" +#line 2729 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::InitCol(yystack_[1].value.as < std::string > (), std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5035 "seclang-parser.cc" +#line 5030 "seclang-parser.cc" break; case 365: // act: "LogData" run_time_string -#line 2738 "seclang-parser.yy" +#line 2733 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::LogData(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5043 "seclang-parser.cc" +#line 5038 "seclang-parser.cc" break; case 366: // act: "Log" -#line 2742 "seclang-parser.yy" +#line 2737 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Log()); } -#line 5051 "seclang-parser.cc" +#line 5046 "seclang-parser.cc" break; case 367: // act: "Maturity" -#line 2746 "seclang-parser.yy" +#line 2741 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Maturity(yystack_[0].value.as < std::string > ())); } -#line 5059 "seclang-parser.cc" +#line 5054 "seclang-parser.cc" break; case 368: // act: "Msg" run_time_string -#line 2750 "seclang-parser.yy" +#line 2745 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Msg(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5067 "seclang-parser.cc" +#line 5062 "seclang-parser.cc" break; case 369: // act: "MultiMatch" -#line 2754 "seclang-parser.yy" +#line 2749 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::MultiMatch()); } -#line 5075 "seclang-parser.cc" +#line 5070 "seclang-parser.cc" break; case 370: // act: "NoAuditLog" -#line 2758 "seclang-parser.yy" +#line 2753 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::NoAuditLog()); } -#line 5083 "seclang-parser.cc" +#line 5078 "seclang-parser.cc" break; case 371: // act: "NoLog" -#line 2762 "seclang-parser.yy" +#line 2757 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::NoLog()); } -#line 5091 "seclang-parser.cc" +#line 5086 "seclang-parser.cc" break; case 372: // act: "Pass" -#line 2766 "seclang-parser.yy" +#line 2761 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Pass()); } -#line 5099 "seclang-parser.cc" +#line 5094 "seclang-parser.cc" break; case 373: // act: "Pause" -#line 2770 "seclang-parser.yy" +#line 2765 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("Pause", yystack_[1].location); } -#line 5107 "seclang-parser.cc" +#line 5102 "seclang-parser.cc" break; case 374: // act: "Phase" -#line 2774 "seclang-parser.yy" +#line 2769 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Phase(yystack_[0].value.as < std::string > ())); } -#line 5115 "seclang-parser.cc" +#line 5110 "seclang-parser.cc" break; case 375: // act: "Prepend" -#line 2778 "seclang-parser.yy" +#line 2773 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("Prepend", yystack_[1].location); } -#line 5123 "seclang-parser.cc" +#line 5118 "seclang-parser.cc" break; case 376: // act: "Proxy" -#line 2782 "seclang-parser.yy" +#line 2777 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("Proxy", yystack_[1].location); } -#line 5131 "seclang-parser.cc" +#line 5126 "seclang-parser.cc" break; case 377: // act: "Redirect" run_time_string -#line 2786 "seclang-parser.yy" +#line 2781 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Redirect(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5139 "seclang-parser.cc" +#line 5134 "seclang-parser.cc" break; case 378: // act: "Rev" -#line 2790 "seclang-parser.yy" +#line 2785 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Rev(yystack_[0].value.as < std::string > ())); } -#line 5147 "seclang-parser.cc" +#line 5142 "seclang-parser.cc" break; case 379: // act: "SanitiseArg" -#line 2794 "seclang-parser.yy" +#line 2789 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("SanitiseArg", yystack_[1].location); } -#line 5155 "seclang-parser.cc" +#line 5150 "seclang-parser.cc" break; case 380: // act: "SanitiseMatched" -#line 2798 "seclang-parser.yy" +#line 2793 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("SanitiseMatched", yystack_[1].location); } -#line 5163 "seclang-parser.cc" +#line 5158 "seclang-parser.cc" break; case 381: // act: "SanitiseMatchedBytes" -#line 2802 "seclang-parser.yy" +#line 2797 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("SanitiseMatchedBytes", yystack_[1].location); } -#line 5171 "seclang-parser.cc" +#line 5166 "seclang-parser.cc" break; case 382: // act: "SanitiseRequestHeader" -#line 2806 "seclang-parser.yy" +#line 2801 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("SanitiseRequestHeader", yystack_[1].location); } -#line 5179 "seclang-parser.cc" +#line 5174 "seclang-parser.cc" break; case 383: // act: "SanitiseResponseHeader" -#line 2810 "seclang-parser.yy" +#line 2805 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("SanitiseResponseHeader", yystack_[1].location); } -#line 5187 "seclang-parser.cc" +#line 5182 "seclang-parser.cc" break; case 384: // act: "SetEnv" run_time_string -#line 2814 "seclang-parser.yy" +#line 2809 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetENV(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5195 "seclang-parser.cc" +#line 5190 "seclang-parser.cc" break; case 385: // act: "SetRsc" run_time_string -#line 2818 "seclang-parser.yy" +#line 2813 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetRSC(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5203 "seclang-parser.cc" +#line 5198 "seclang-parser.cc" break; case 386: // act: "SetSid" run_time_string -#line 2822 "seclang-parser.yy" +#line 2817 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetSID(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5211 "seclang-parser.cc" +#line 5206 "seclang-parser.cc" break; case 387: // act: "SetUID" run_time_string -#line 2826 "seclang-parser.yy" +#line 2821 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetUID(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5219 "seclang-parser.cc" +#line 5214 "seclang-parser.cc" break; case 388: // act: "SetVar" setvar_action -#line 2830 "seclang-parser.yy" +#line 2825 "seclang-parser.yy" { yylhs.value.as < std::unique_ptr > () = std::move(yystack_[0].value.as < std::unique_ptr > ()); } -#line 5227 "seclang-parser.cc" +#line 5222 "seclang-parser.cc" break; case 389: // act: "Severity" -#line 2834 "seclang-parser.yy" +#line 2829 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Severity(yystack_[0].value.as < std::string > ())); } -#line 5235 "seclang-parser.cc" +#line 5230 "seclang-parser.cc" break; case 390: // act: "Skip" -#line 2838 "seclang-parser.yy" +#line 2833 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Skip(yystack_[0].value.as < std::string > ())); } -#line 5243 "seclang-parser.cc" +#line 5238 "seclang-parser.cc" break; case 391: // act: "SkipAfter" -#line 2842 "seclang-parser.yy" +#line 2837 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SkipAfter(yystack_[0].value.as < std::string > ())); } -#line 5251 "seclang-parser.cc" +#line 5246 "seclang-parser.cc" break; case 392: // act: "Status" -#line 2846 "seclang-parser.yy" +#line 2841 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::data::Status(yystack_[0].value.as < std::string > ())); } -#line 5259 "seclang-parser.cc" +#line 5254 "seclang-parser.cc" break; case 393: // act: "Tag" run_time_string -#line 2850 "seclang-parser.yy" +#line 2845 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Tag(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5267 "seclang-parser.cc" +#line 5262 "seclang-parser.cc" break; case 394: // act: "Ver" -#line 2854 "seclang-parser.yy" +#line 2849 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Ver(yystack_[0].value.as < std::string > ())); } -#line 5275 "seclang-parser.cc" +#line 5270 "seclang-parser.cc" break; case 395: // act: "xmlns" -#line 2858 "seclang-parser.yy" +#line 2853 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::XmlNS(yystack_[0].value.as < std::string > ())); } -#line 5283 "seclang-parser.cc" +#line 5278 "seclang-parser.cc" break; case 396: // act: "ACTION_TRANSFORMATION_PARITY_ZERO_7_BIT" -#line 2862 "seclang-parser.yy" +#line 2857 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ParityZero7bit()); } -#line 5291 "seclang-parser.cc" +#line 5286 "seclang-parser.cc" break; case 397: // act: "ACTION_TRANSFORMATION_PARITY_ODD_7_BIT" -#line 2866 "seclang-parser.yy" +#line 2861 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ParityOdd7bit()); } -#line 5299 "seclang-parser.cc" +#line 5294 "seclang-parser.cc" break; case 398: // act: "ACTION_TRANSFORMATION_PARITY_EVEN_7_BIT" -#line 2870 "seclang-parser.yy" +#line 2865 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ParityEven7bit()); } -#line 5307 "seclang-parser.cc" +#line 5302 "seclang-parser.cc" break; case 399: // act: "ACTION_TRANSFORMATION_SQL_HEX_DECODE" -#line 2874 "seclang-parser.yy" +#line 2869 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::SqlHexDecode()); } -#line 5315 "seclang-parser.cc" +#line 5310 "seclang-parser.cc" break; case 400: // act: "ACTION_TRANSFORMATION_BASE_64_ENCODE" -#line 2878 "seclang-parser.yy" +#line 2873 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Base64Encode()); } -#line 5323 "seclang-parser.cc" +#line 5318 "seclang-parser.cc" break; case 401: // act: "ACTION_TRANSFORMATION_BASE_64_DECODE" -#line 2882 "seclang-parser.yy" +#line 2877 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Base64Decode()); } -#line 5331 "seclang-parser.cc" +#line 5326 "seclang-parser.cc" break; case 402: // act: "ACTION_TRANSFORMATION_BASE_64_DECODE_EXT" -#line 2886 "seclang-parser.yy" +#line 2881 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Base64DecodeExt()); } -#line 5339 "seclang-parser.cc" +#line 5334 "seclang-parser.cc" break; case 403: // act: "ACTION_TRANSFORMATION_CMD_LINE" -#line 2890 "seclang-parser.yy" +#line 2885 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::CmdLine()); } -#line 5347 "seclang-parser.cc" +#line 5342 "seclang-parser.cc" break; case 404: // act: "ACTION_TRANSFORMATION_SHA1" -#line 2894 "seclang-parser.yy" +#line 2889 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Sha1()); } -#line 5355 "seclang-parser.cc" +#line 5350 "seclang-parser.cc" break; case 405: // act: "ACTION_TRANSFORMATION_MD5" -#line 2898 "seclang-parser.yy" +#line 2893 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Md5()); } -#line 5363 "seclang-parser.cc" +#line 5358 "seclang-parser.cc" break; case 406: // act: "ACTION_TRANSFORMATION_ESCAPE_SEQ_DECODE" -#line 2902 "seclang-parser.yy" +#line 2897 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::EscapeSeqDecode()); } -#line 5371 "seclang-parser.cc" +#line 5366 "seclang-parser.cc" break; case 407: // act: "ACTION_TRANSFORMATION_HEX_ENCODE" -#line 2906 "seclang-parser.yy" +#line 2901 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::HexEncode()); } -#line 5379 "seclang-parser.cc" +#line 5374 "seclang-parser.cc" break; case 408: // act: "ACTION_TRANSFORMATION_HEX_DECODE" -#line 2910 "seclang-parser.yy" +#line 2905 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::HexDecode()); } -#line 5387 "seclang-parser.cc" +#line 5382 "seclang-parser.cc" break; case 409: // act: "ACTION_TRANSFORMATION_LOWERCASE" -#line 2914 "seclang-parser.yy" +#line 2909 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::LowerCase()); } -#line 5395 "seclang-parser.cc" +#line 5390 "seclang-parser.cc" break; case 410: // act: "ACTION_TRANSFORMATION_PHP_ARGS_NAMES" -#line 2918 "seclang-parser.yy" +#line 2913 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::PhpArgsNames()); } -#line 5403 "seclang-parser.cc" +#line 5398 "seclang-parser.cc" break; case 411: // act: "ACTION_TRANSFORMATION_UPPERCASE" -#line 2922 "seclang-parser.yy" +#line 2917 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UpperCase()); } -#line 5411 "seclang-parser.cc" +#line 5406 "seclang-parser.cc" break; case 412: // act: "ACTION_TRANSFORMATION_URL_DECODE_UNI" -#line 2926 "seclang-parser.yy" +#line 2921 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UrlDecodeUni()); } -#line 5419 "seclang-parser.cc" +#line 5414 "seclang-parser.cc" break; case 413: // act: "ACTION_TRANSFORMATION_URL_DECODE" -#line 2930 "seclang-parser.yy" +#line 2925 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UrlDecode()); } -#line 5427 "seclang-parser.cc" +#line 5422 "seclang-parser.cc" break; case 414: // act: "ACTION_TRANSFORMATION_URL_ENCODE" -#line 2934 "seclang-parser.yy" +#line 2929 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UrlEncode()); } -#line 5435 "seclang-parser.cc" +#line 5430 "seclang-parser.cc" break; case 415: // act: "ACTION_TRANSFORMATION_NONE" -#line 2938 "seclang-parser.yy" +#line 2933 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::None()); } -#line 5443 "seclang-parser.cc" +#line 5438 "seclang-parser.cc" break; case 416: // act: "ACTION_TRANSFORMATION_COMPRESS_WHITESPACE" -#line 2942 "seclang-parser.yy" +#line 2937 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::CompressWhitespace()); } -#line 5451 "seclang-parser.cc" +#line 5446 "seclang-parser.cc" break; case 417: // act: "ACTION_TRANSFORMATION_REMOVE_WHITESPACE" -#line 2946 "seclang-parser.yy" +#line 2941 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveWhitespace()); } -#line 5459 "seclang-parser.cc" +#line 5454 "seclang-parser.cc" break; case 418: // act: "ACTION_TRANSFORMATION_REPLACE_NULLS" -#line 2950 "seclang-parser.yy" +#line 2945 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ReplaceNulls()); } -#line 5467 "seclang-parser.cc" +#line 5462 "seclang-parser.cc" break; case 419: // act: "ACTION_TRANSFORMATION_REMOVE_NULLS" -#line 2954 "seclang-parser.yy" +#line 2949 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveNulls()); } -#line 5475 "seclang-parser.cc" +#line 5470 "seclang-parser.cc" break; case 420: // act: "ACTION_TRANSFORMATION_HTML_ENTITY_DECODE" -#line 2958 "seclang-parser.yy" +#line 2953 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::HtmlEntityDecode()); } -#line 5483 "seclang-parser.cc" +#line 5478 "seclang-parser.cc" break; case 421: // act: "ACTION_TRANSFORMATION_JS_DECODE" -#line 2962 "seclang-parser.yy" +#line 2957 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::JsDecode()); } -#line 5491 "seclang-parser.cc" +#line 5486 "seclang-parser.cc" break; case 422: // act: "ACTION_TRANSFORMATION_CSS_DECODE" -#line 2966 "seclang-parser.yy" +#line 2961 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::CssDecode()); } -#line 5499 "seclang-parser.cc" +#line 5494 "seclang-parser.cc" break; case 423: // act: "ACTION_TRANSFORMATION_TRIM" -#line 2970 "seclang-parser.yy" +#line 2965 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Trim()); } -#line 5507 "seclang-parser.cc" +#line 5502 "seclang-parser.cc" break; case 424: // act: "ACTION_TRANSFORMATION_TRIM_LEFT" -#line 2974 "seclang-parser.yy" +#line 2969 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::TrimLeft()); } -#line 5515 "seclang-parser.cc" +#line 5510 "seclang-parser.cc" break; case 425: // act: "ACTION_TRANSFORMATION_TRIM_RIGHT" -#line 2978 "seclang-parser.yy" +#line 2973 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::TrimRight()); } -#line 5523 "seclang-parser.cc" +#line 5518 "seclang-parser.cc" break; case 426: // act: "ACTION_TRANSFORMATION_NORMALISE_PATH_WIN" -#line 2982 "seclang-parser.yy" +#line 2977 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::NormalisePathWin()); } -#line 5531 "seclang-parser.cc" +#line 5526 "seclang-parser.cc" break; case 427: // act: "ACTION_TRANSFORMATION_NORMALISE_PATH" -#line 2986 "seclang-parser.yy" +#line 2981 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::NormalisePath()); } -#line 5539 "seclang-parser.cc" +#line 5534 "seclang-parser.cc" break; case 428: // act: "ACTION_TRANSFORMATION_LENGTH" -#line 2990 "seclang-parser.yy" +#line 2985 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Length()); } -#line 5547 "seclang-parser.cc" +#line 5542 "seclang-parser.cc" break; case 429: // act: "ACTION_TRANSFORMATION_UTF8_TO_UNICODE" -#line 2994 "seclang-parser.yy" +#line 2989 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Utf8ToUnicode()); } -#line 5555 "seclang-parser.cc" +#line 5550 "seclang-parser.cc" break; case 430: // act: "ACTION_TRANSFORMATION_REMOVE_COMMENTS_CHAR" -#line 2998 "seclang-parser.yy" +#line 2993 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveCommentsChar()); } -#line 5563 "seclang-parser.cc" +#line 5558 "seclang-parser.cc" break; case 431: // act: "ACTION_TRANSFORMATION_REMOVE_COMMENTS" -#line 3002 "seclang-parser.yy" +#line 2997 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveComments()); } -#line 5571 "seclang-parser.cc" +#line 5566 "seclang-parser.cc" break; case 432: // act: "ACTION_TRANSFORMATION_REPLACE_COMMENTS" -#line 3006 "seclang-parser.yy" +#line 3001 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ReplaceComments()); } -#line 5579 "seclang-parser.cc" +#line 5574 "seclang-parser.cc" break; case 433: // setvar_action: "NOT" var -#line 3013 "seclang-parser.yy" +#line 3008 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetVar(actions::SetVarOperation::unsetOperation, std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5587 "seclang-parser.cc" +#line 5582 "seclang-parser.cc" break; case 434: // setvar_action: var -#line 3017 "seclang-parser.yy" +#line 3012 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetVar(actions::SetVarOperation::setToOneOperation, std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5595 "seclang-parser.cc" +#line 5590 "seclang-parser.cc" break; case 435: // setvar_action: var SETVAR_OPERATION_EQUALS run_time_string -#line 3021 "seclang-parser.yy" +#line 3016 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetVar(actions::SetVarOperation::setOperation, std::move(yystack_[2].value.as < std::unique_ptr > ()), std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5603 "seclang-parser.cc" +#line 5598 "seclang-parser.cc" break; case 436: // setvar_action: var SETVAR_OPERATION_EQUALS_PLUS run_time_string -#line 3025 "seclang-parser.yy" +#line 3020 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetVar(actions::SetVarOperation::sumAndSetOperation, std::move(yystack_[2].value.as < std::unique_ptr > ()), std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5611 "seclang-parser.cc" +#line 5606 "seclang-parser.cc" break; case 437: // setvar_action: var SETVAR_OPERATION_EQUALS_MINUS run_time_string -#line 3029 "seclang-parser.yy" +#line 3024 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetVar(actions::SetVarOperation::substractAndSetOperation, std::move(yystack_[2].value.as < std::unique_ptr > ()), std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5619 "seclang-parser.cc" +#line 5614 "seclang-parser.cc" break; case 438: // run_time_string: run_time_string "FREE_TEXT_QUOTE_MACRO_EXPANSION" -#line 3036 "seclang-parser.yy" +#line 3031 "seclang-parser.yy" { yystack_[1].value.as < std::unique_ptr > ()->append(yystack_[0].value.as < std::string > ()); yylhs.value.as < std::unique_ptr > () = std::move(yystack_[1].value.as < std::unique_ptr > ()); } -#line 5628 "seclang-parser.cc" +#line 5623 "seclang-parser.cc" break; case 439: // run_time_string: run_time_string var -#line 3041 "seclang-parser.yy" +#line 3036 "seclang-parser.yy" { yystack_[1].value.as < std::unique_ptr > ()->append(std::move(yystack_[0].value.as < std::unique_ptr > ())); yylhs.value.as < std::unique_ptr > () = std::move(yystack_[1].value.as < std::unique_ptr > ()); } -#line 5637 "seclang-parser.cc" +#line 5632 "seclang-parser.cc" break; case 440: // run_time_string: "FREE_TEXT_QUOTE_MACRO_EXPANSION" -#line 3046 "seclang-parser.yy" +#line 3041 "seclang-parser.yy" { std::unique_ptr r(new RunTimeString()); r->append(yystack_[0].value.as < std::string > ()); yylhs.value.as < std::unique_ptr > () = std::move(r); } -#line 5647 "seclang-parser.cc" +#line 5642 "seclang-parser.cc" break; case 441: // run_time_string: var -#line 3052 "seclang-parser.yy" +#line 3047 "seclang-parser.yy" { std::unique_ptr r(new RunTimeString()); r->append(std::move(yystack_[0].value.as < std::unique_ptr > ())); yylhs.value.as < std::unique_ptr > () = std::move(r); } -#line 5657 "seclang-parser.cc" +#line 5652 "seclang-parser.cc" break; -#line 5661 "seclang-parser.cc" +#line 5656 "seclang-parser.cc" default: break; @@ -7161,43 +7156,43 @@ namespace yy { 969, 973, 977, 982, 987, 991, 995, 999, 1003, 1007, 1011, 1015, 1019, 1023, 1027, 1031, 1035, 1039, 1043, 1047, 1051, 1055, 1059, 1063, 1077, 1078, 1110, 1129, 1150, 1180, - 1238, 1245, 1249, 1253, 1257, 1261, 1265, 1269, 1273, 1282, - 1286, 1291, 1294, 1299, 1304, 1309, 1314, 1317, 1322, 1325, - 1330, 1335, 1338, 1343, 1348, 1353, 1358, 1363, 1368, 1373, - 1376, 1381, 1386, 1391, 1396, 1399, 1404, 1409, 1414, 1427, - 1440, 1453, 1466, 1479, 1505, 1533, 1545, 1565, 1592, 1598, - 1603, 1608, 1617, 1622, 1626, 1630, 1634, 1638, 1642, 1646, - 1651, 1656, 1668, 1674, 1678, 1682, 1693, 1702, 1703, 1710, - 1715, 1720, 1774, 1781, 1789, 1826, 1830, 1837, 1842, 1848, - 1854, 1860, 1867, 1877, 1881, 1885, 1889, 1893, 1897, 1901, - 1905, 1909, 1913, 1917, 1921, 1925, 1929, 1933, 1937, 1941, - 1945, 1949, 1953, 1957, 1961, 1965, 1969, 1973, 1977, 1981, - 1985, 1989, 1993, 1997, 2001, 2005, 2009, 2013, 2017, 2021, - 2025, 2029, 2033, 2037, 2041, 2045, 2049, 2053, 2057, 2061, - 2065, 2069, 2073, 2077, 2081, 2085, 2089, 2093, 2097, 2101, - 2105, 2109, 2113, 2117, 2121, 2125, 2129, 2133, 2137, 2141, - 2145, 2149, 2153, 2157, 2161, 2165, 2169, 2173, 2177, 2181, - 2185, 2189, 2193, 2197, 2201, 2205, 2209, 2213, 2217, 2221, - 2225, 2229, 2233, 2238, 2242, 2246, 2251, 2255, 2259, 2264, - 2269, 2273, 2277, 2281, 2285, 2289, 2293, 2297, 2301, 2305, - 2309, 2313, 2317, 2321, 2325, 2329, 2333, 2337, 2341, 2345, - 2349, 2353, 2357, 2361, 2365, 2369, 2373, 2377, 2381, 2385, - 2389, 2393, 2397, 2401, 2405, 2409, 2413, 2417, 2421, 2425, - 2429, 2433, 2437, 2441, 2445, 2449, 2453, 2457, 2461, 2465, - 2469, 2473, 2477, 2481, 2485, 2489, 2493, 2497, 2501, 2505, - 2509, 2517, 2524, 2531, 2538, 2545, 2552, 2559, 2566, 2573, - 2580, 2587, 2594, 2604, 2608, 2612, 2616, 2620, 2624, 2628, - 2632, 2637, 2642, 2647, 2651, 2655, 2659, 2663, 2668, 2673, - 2677, 2681, 2685, 2689, 2693, 2697, 2701, 2705, 2709, 2713, - 2717, 2721, 2725, 2729, 2733, 2737, 2741, 2745, 2749, 2753, - 2757, 2761, 2765, 2769, 2773, 2777, 2781, 2785, 2789, 2793, - 2797, 2801, 2805, 2809, 2813, 2817, 2821, 2825, 2829, 2833, - 2837, 2841, 2845, 2849, 2853, 2857, 2861, 2865, 2869, 2873, - 2877, 2881, 2885, 2889, 2893, 2897, 2901, 2905, 2909, 2913, - 2917, 2921, 2925, 2929, 2933, 2937, 2941, 2945, 2949, 2953, - 2957, 2961, 2965, 2969, 2973, 2977, 2981, 2985, 2989, 2993, - 2997, 3001, 3005, 3012, 3016, 3020, 3024, 3028, 3035, 3040, - 3045, 3051 + 1233, 1240, 1244, 1248, 1252, 1256, 1260, 1264, 1268, 1277, + 1281, 1286, 1289, 1294, 1299, 1304, 1309, 1312, 1317, 1320, + 1325, 1330, 1333, 1338, 1343, 1348, 1353, 1358, 1363, 1368, + 1371, 1376, 1381, 1386, 1391, 1394, 1399, 1404, 1409, 1422, + 1435, 1448, 1461, 1474, 1500, 1528, 1540, 1560, 1587, 1593, + 1598, 1603, 1612, 1617, 1621, 1625, 1629, 1633, 1637, 1641, + 1646, 1651, 1663, 1669, 1673, 1677, 1688, 1697, 1698, 1705, + 1710, 1715, 1769, 1776, 1784, 1821, 1825, 1832, 1837, 1843, + 1849, 1855, 1862, 1872, 1876, 1880, 1884, 1888, 1892, 1896, + 1900, 1904, 1908, 1912, 1916, 1920, 1924, 1928, 1932, 1936, + 1940, 1944, 1948, 1952, 1956, 1960, 1964, 1968, 1972, 1976, + 1980, 1984, 1988, 1992, 1996, 2000, 2004, 2008, 2012, 2016, + 2020, 2024, 2028, 2032, 2036, 2040, 2044, 2048, 2052, 2056, + 2060, 2064, 2068, 2072, 2076, 2080, 2084, 2088, 2092, 2096, + 2100, 2104, 2108, 2112, 2116, 2120, 2124, 2128, 2132, 2136, + 2140, 2144, 2148, 2152, 2156, 2160, 2164, 2168, 2172, 2176, + 2180, 2184, 2188, 2192, 2196, 2200, 2204, 2208, 2212, 2216, + 2220, 2224, 2228, 2233, 2237, 2241, 2246, 2250, 2254, 2259, + 2264, 2268, 2272, 2276, 2280, 2284, 2288, 2292, 2296, 2300, + 2304, 2308, 2312, 2316, 2320, 2324, 2328, 2332, 2336, 2340, + 2344, 2348, 2352, 2356, 2360, 2364, 2368, 2372, 2376, 2380, + 2384, 2388, 2392, 2396, 2400, 2404, 2408, 2412, 2416, 2420, + 2424, 2428, 2432, 2436, 2440, 2444, 2448, 2452, 2456, 2460, + 2464, 2468, 2472, 2476, 2480, 2484, 2488, 2492, 2496, 2500, + 2504, 2512, 2519, 2526, 2533, 2540, 2547, 2554, 2561, 2568, + 2575, 2582, 2589, 2599, 2603, 2607, 2611, 2615, 2619, 2623, + 2627, 2632, 2637, 2642, 2646, 2650, 2654, 2658, 2663, 2668, + 2672, 2676, 2680, 2684, 2688, 2692, 2696, 2700, 2704, 2708, + 2712, 2716, 2720, 2724, 2728, 2732, 2736, 2740, 2744, 2748, + 2752, 2756, 2760, 2764, 2768, 2772, 2776, 2780, 2784, 2788, + 2792, 2796, 2800, 2804, 2808, 2812, 2816, 2820, 2824, 2828, + 2832, 2836, 2840, 2844, 2848, 2852, 2856, 2860, 2864, 2868, + 2872, 2876, 2880, 2884, 2888, 2892, 2896, 2900, 2904, 2908, + 2912, 2916, 2920, 2924, 2928, 2932, 2936, 2940, 2944, 2948, + 2952, 2956, 2960, 2964, 2968, 2972, 2976, 2980, 2984, 2988, + 2992, 2996, 3000, 3007, 3011, 3015, 3019, 3023, 3030, 3035, + 3040, 3046 }; void @@ -7229,9 +7224,9 @@ namespace yy { } // yy -#line 7233 "seclang-parser.cc" +#line 7228 "seclang-parser.cc" -#line 3058 "seclang-parser.yy" +#line 3053 "seclang-parser.yy" void yy::seclang_parser::error (const location_type& l, const std::string& m) { diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy index 166e66d2..93acac4f 100644 --- a/src/parser/seclang-parser.yy +++ b/src/parser/seclang-parser.yy @@ -1077,7 +1077,7 @@ expression: audit_log | DIRECTIVE variables op actions { - std::vector *a = new std::vector(); + std::vector> *a = new std::vector>(); std::vector > *t = new std::vector >(); for (auto &i : *$4.get()) { if (dynamic_cast(i.get())) { @@ -1085,7 +1085,7 @@ expression: std::shared_ptr t2 = std::dynamic_pointer_cast(std::move(at)); t->push_back(std::move(t2)); } else { - a->push_back(i.release()); + a->push_back(std::move(i)); } } variables::Variables *v = new variables::Variables(); @@ -1102,7 +1102,7 @@ expression: /* file name */ std::unique_ptr(new std::string(*@1.end.filename)), /* line number */ @1.end.line )); - + // TODO: filename should be a shared_ptr. if (driver.addSecRule(std::move(rule)) == false) { YYERROR; } @@ -1128,7 +1128,7 @@ expression: } | CONFIG_DIR_SEC_ACTION actions { - std::vector *a = new std::vector(); + std::vector> *a = new std::vector>(); std::vector > *t = new std::vector >(); for (auto &i : *$2.get()) { if (dynamic_cast(i.get())) { @@ -1136,7 +1136,7 @@ expression: std::shared_ptr t2 = std::dynamic_pointer_cast(std::move(at)); t->push_back(std::move(t2)); } else { - a->push_back(i.release()); + a->push_back(std::move(i)); } } std::unique_ptr rule(new RuleUnconditional( @@ -1150,7 +1150,7 @@ expression: | DIRECTIVE_SECRULESCRIPT actions { std::string err; - std::vector *a = new std::vector(); + std::vector> *a = new std::vector>(); std::vector > *t = new std::vector >(); for (auto &i : *$2.get()) { if (dynamic_cast(i.get())) { @@ -1158,7 +1158,7 @@ expression: std::shared_ptr t2 = std::dynamic_pointer_cast(std::move(at)); t->push_back(std::move(t2)); } else { - a->push_back(i.release()); + a->push_back(std::move(i)); } } std::unique_ptr r(new RuleScript( @@ -1180,25 +1180,25 @@ expression: | CONFIG_DIR_SEC_DEFAULT_ACTION actions { bool hasDisruptive = false; - std::vector *actions = new std::vector(); + std::vector> *actions = new std::vector>(); for (auto &i : *$2.get()) { - actions->push_back(i.release()); + actions->push_back(std::move(i)); } - std::vector checkedActions; + std::vector> checkedActions; int definedPhase = -1; int secRuleDefinedPhase = -1; - for (actions::Action *a : *actions) { - actions::Phase *phase = dynamic_cast(a); - if (dynamic_cast(a) != NULL - && dynamic_cast(a) == NULL) { + for (auto &a : *actions) { + actions::Phase *phase = dynamic_cast(a.get()); + if (dynamic_cast(a.get()) != NULL + && dynamic_cast(a.get()) == NULL) { hasDisruptive = true; } if (phase != NULL) { definedPhase = phase->getPhase(); secRuleDefinedPhase = phase->getSecRulePhase(); delete phase; - } else if (dynamic_cast(a) - && !dynamic_cast(a)) { + } else if (dynamic_cast(a.get()) + && !dynamic_cast(a.get())) { checkedActions.push_back(a); } else { driver.error(@0, "The action '" + *a->getName() + "' is not suitable to be part of the SecDefaultActions"); @@ -1208,12 +1208,10 @@ expression: if (definedPhase == -1) { definedPhase = modsecurity::Phases::RequestHeadersPhase; } - if (hasDisruptive == false) { driver.error(@0, "SecDefaultAction must specify a disruptive action."); YYERROR; } - if (!driver.m_rulesSetPhases[definedPhase]->m_defaultActions.empty()) { std::stringstream ss; ss << "SecDefaultActions can only be placed once per phase and configuration context. Phase "; @@ -1222,18 +1220,15 @@ expression: driver.error(@0, ss.str()); YYERROR; } - - for (actions::Action *a : checkedActions) { - if (dynamic_cast(a)) { + for (auto &a : checkedActions) { + if (dynamic_cast(a.get())) { driver.m_rulesSetPhases[definedPhase]->m_defaultTransformations.push_back( - std::shared_ptr( - dynamic_cast(a))); + std::dynamic_pointer_cast(a)); } else { - driver.m_rulesSetPhases[definedPhase]->m_defaultActions.push_back(std::unique_ptr(a)); + driver.m_rulesSetPhases[definedPhase]->m_defaultActions.push_back(a); } } - - delete actions; + //delete actions; } | CONFIG_DIR_SEC_MARKER { diff --git a/src/rule_message.cc b/src/rule_message.cc index 4046a581..b8d1e190 100644 --- a/src/rule_message.cc +++ b/src/rule_message.cc @@ -218,7 +218,7 @@ std::string RuleMessage::getUri() const { bool RuleMessage::isDisruptive() const { if (m_rule) { - return m_rule->hasDisruptiveAction(); + return m_rule->isDisruptive(); } return 0; } diff --git a/src/rule_script.h b/src/rule_script.h index 7569c5bf..321486b0 100644 --- a/src/rule_script.h +++ b/src/rule_script.h @@ -47,7 +47,7 @@ using actions::Action; class RuleScript : public RuleWithActions { public: RuleScript(const std::string &name, - std::vector *actions, + Actions *actions, Transformations *t, std::unique_ptr fileName, int lineNumber) diff --git a/src/rule_unconditional.h b/src/rule_unconditional.h index 6aa08ff6..c44f55eb 100644 --- a/src/rule_unconditional.h +++ b/src/rule_unconditional.h @@ -40,7 +40,7 @@ namespace modsecurity { class RuleUnconditional : public RuleWithActions { public: RuleUnconditional( - std::vector *actions, + Actions *actions, Transformations *transformations, std::unique_ptr fileName, int lineNumber) diff --git a/src/rule_with_actions.cc b/src/rule_with_actions.cc index 29489b54..048af1f5 100644 --- a/src/rule_with_actions.cc +++ b/src/rule_with_actions.cc @@ -54,142 +54,223 @@ #include "src/actions/rule_id.h" #include "src/actions/ver.h" #include "src/actions/action_type_rule_metadata.h" - +#include "src/actions/action_allowed_in_sec_default_action.h" namespace modsecurity { + RuleWithActions::RuleWithActions( Actions *actions, Transformations *transformations, std::unique_ptr fileName, int lineNumber) : Rule(std::move(fileName), lineNumber), + RuleWithActionsProperties(transformations), m_ruleId(0), m_chainedRuleChild(nullptr), m_chainedRuleParent(nullptr), - m_disruptiveAction(nullptr), - m_logData(nullptr), - m_msg(nullptr), - m_actionsRuntimePos(), - m_actionsSetVar(), - m_actionsTag(), m_XmlNSs(), - m_defaultActionDisruptiveAction(nullptr), - m_defaultActionLogData(nullptr), - m_defaultActionMsg(nullptr), - m_defaultActionActionsRuntimePos(), - m_defaultActionActionsSetVar(), - m_defaultActionActionsTag(), - m_transformations(transformations != nullptr ? *transformations : Transformations()), - m_defaultTransformations(), - m_severity(SEVERITY_NOT_SET), - m_revision(""), - m_version(""), m_accuracy(ACCURACY_NOT_SET), m_maturity(MATURITY_NOT_SET), - m_containsCaptureAction(false), - m_containsLogAction(false), - m_containsNoLogAction(false), - m_containsAuditLogAction(false), - m_containsNoAuditLogAction(false), - m_containsMultiMatchAction(false), - m_containsStaticBlockAction(false), - m_defaultSeverity(SEVERITY_NOT_SET), - m_defaultRevision(""), - m_defaultVersion(""), - m_defaultAccuracy(ACCURACY_NOT_SET), - m_defaultMaturity(MATURITY_NOT_SET), - m_defaultContainsCaptureAction(false), - m_defaultContainsLogAction(false), - m_defaultContainsNoLogAction(false), - m_defaultContainsAuditLogAction(false), - m_defaultContainsNoAuditLogAction(false), - m_defaultContainsMultiMatchAction(false), - m_defaultContainsStaticBlockAction(false), - m_isChained(false) { - + m_severity(SEVERITY_NOT_SET), + m_containsCapture(false), + m_isChained(false), + m_revision(""), + m_version(""), + m_actionMsg(nullptr), + m_actionLogData(nullptr), + m_defaultActions() +{ + // FIXME: split confs on parser. + std::vector> confs; + std::vector> newActions; if (actions) { - for (actions::Action *a : *actions) { - addAction(a); + for (auto &a : *actions) { + if (std::dynamic_pointer_cast(a)) { + confs.push_back(std::dynamic_pointer_cast(a)); + continue; + } else if (std::dynamic_pointer_cast(a)) { + setDisruptiveAction(std::dynamic_pointer_cast(a)); + continue; + } + newActions.push_back(a); + } + } + + + /** + * + * Those are actions that only fit the propose to update something in + * the rule: META-DATA; e.g. RuleID. + * + * The merge action takes care of those properties. Once configured the + * action can be forgotten. + * + */ + for (auto &c : confs) { + c->configure(this); + } + + for (auto &a : newActions) { + if (std::dynamic_pointer_cast(a)) { + addSetVar(std::dynamic_pointer_cast(a)); + continue; + } + if (std::dynamic_pointer_cast(a)) { + addTag(std::dynamic_pointer_cast(a)); + continue; + } + if (std::dynamic_pointer_cast(a)) { + m_XmlNSs.push_back(std::dynamic_pointer_cast(a)); + continue; + } + if (std::dynamic_pointer_cast(a)) { + m_actionLogData = std::dynamic_pointer_cast(a); + continue; + } + if (std::dynamic_pointer_cast(a)) { + m_actionMsg = std::dynamic_pointer_cast(a); + continue; + } + + addGenericMatchAction(std::dynamic_pointer_cast(a)); + } + populate(this); +} + + +RuleWithActions::RuleWithActions(const RuleWithActions &r) + : Rule(r), + RuleWithActionsProperties(r), + m_ruleId(r.m_ruleId), + m_chainedRuleChild(r.m_chainedRuleChild), + m_chainedRuleParent(r.m_chainedRuleParent), + m_XmlNSs(/*r.m_XmlNSs*/), + m_accuracy(r.m_accuracy), + m_maturity(r.m_maturity), + m_severity(r.m_severity), + m_containsCapture(r.m_containsCapture), + m_isChained(r.m_isChained), + m_revision(r.m_revision), + m_version(r.m_version), + m_actionMsg(nullptr /*r.m_actionMsg*/), + m_actionLogData(nullptr /* r.m_actionLogData */), + m_defaultActions(r.m_defaultActions) { + copyActionsWithRunTimeStrings(r); + m_defaultActions.populate(this); + populate(this); +} + + +RuleWithActions &RuleWithActions::operator=(const RuleWithActions& r) { + Rule::operator = (r); + RuleWithActionsProperties::operator = (r); + m_ruleId = r.m_ruleId; + m_chainedRuleChild = r.m_chainedRuleChild; + m_chainedRuleParent = r.m_chainedRuleParent; + /*m_XmlNSs = r.m_XmlNSs;*/ + m_accuracy = r.m_accuracy; + m_maturity = r.m_maturity; + m_severity = r.m_severity; + m_containsCapture = r.m_containsCapture; + m_isChained = r.m_isChained; + m_revision = r.m_revision; + m_version = r.m_version; + /*m_actionMsg = r.m_actionMsg;*/ + /*m_actionLogData = r.m_actionLogData;*/ + m_defaultActions = r.m_defaultActions; + copyActionsWithRunTimeStrings(r); + m_defaultActions.populate(this); + populate(this); + return *this; +} + + +void inline RuleWithActions::copyActionsWithRunTimeStrings(const RuleWithActions &r) { + if (r.m_actionLogData) { + actions::ActionWithRunTimeString *arts = dynamic_cast(r.m_actionLogData.get()); + if (!arts) { + /* Humpf? */ + m_actionLogData = r.m_actionLogData; + } else { + std::shared_ptr z(dynamic_cast(arts->clone())); + actions::ActionWithRunTimeString *aa = dynamic_cast(z.get()); + aa->populate(nullptr); + m_actionLogData = z; + } + } + if (r.m_actionMsg) { + actions::ActionWithRunTimeString *arts = dynamic_cast(r.m_actionMsg.get()); + if (!arts) { + /* Humpf? */ + m_actionMsg = r.m_actionMsg; + } else { + std::shared_ptr z(dynamic_cast(arts->clone())); + actions::ActionWithRunTimeString *aa = dynamic_cast(z.get()); + aa->populate(nullptr); + m_actionMsg = z; + } + } + for (auto &i : r.m_XmlNSs) { + actions::ActionWithRunTimeString *arts = dynamic_cast(i.get()); + if (!arts) { + /* Humpf? */ + m_XmlNSs.push_back(i); + } else { + std::shared_ptr z(dynamic_cast(arts->clone())); + actions::ActionWithRunTimeString *aa = dynamic_cast(z.get()); + aa->populate(nullptr); + m_XmlNSs.push_back(z); } } } -void RuleWithActions::addDefaultAction(std::shared_ptr a) { + +void RuleWithActions::addDefaultAction(std::shared_ptr a) { + actions::ActionAllowedAsSecDefaultAction *d = dynamic_cast(a.get()); + if (d == nullptr) { + throw std::runtime_error("Action is being used as DefaultAction but not allowed."); + } + + /** + * + * ActionWithRunTimeString needs to be aware of the Rule that it + * belongs to. It is necessary to resolve some variables + * (e.g. Rule); Clone and associate are mandatory. + * + */ actions::ActionWithRunTimeString *arts = dynamic_cast(a.get()); if (arts != nullptr) { a = std::unique_ptr(arts->clone()); arts = dynamic_cast(a.get()); arts->populate(this); } - - if (dynamic_cast(a.get())) { - ActionTypeRuleMetaData *conf = dynamic_cast(a.get()); - conf->configure(this); + if (std::dynamic_pointer_cast(a)) { + m_defaultActions.addSetVar(std::dynamic_pointer_cast(a)); return; } - - if (dynamic_cast(a.get())) { - m_defaultActionLogData.reset(dynamic_cast(a.get())); - } else if (dynamic_cast(a.get())) { - m_defaultActionMsg.reset(dynamic_cast(a.get())); - } else if (dynamic_cast(a.get())) { - actions::SetVar *var = dynamic_cast(a.get()); - m_actionsSetVar.push_back(std::unique_ptr(var)); - } else if (dynamic_cast(a.get())) { - m_defaultActionActionsTag.push_back(std::dynamic_pointer_cast(a)); - } else if (dynamic_cast(a.get())) { - m_defaultActionActionsRuntimePos.push_back(std::dynamic_pointer_cast(a)); - m_defaultContainsStaticBlockAction = true; - } else if (std::dynamic_pointer_cast(a) != NULL) { - m_defaultActionDisruptiveAction = std::dynamic_pointer_cast(a); - } else { - m_defaultActionActionsRuntimePos.push_back(std::dynamic_pointer_cast(a)); - } -} - -void RuleWithActions::addAction(actions::Action *a) { - actions::ActionWithRunTimeString *arts = dynamic_cast(a); - if (arts != nullptr) { - a = arts->clone(); - arts = dynamic_cast(a); - arts->populate(this); - } - - if (dynamic_cast(a)) { - ActionTypeRuleMetaData *conf = dynamic_cast(a); - conf->configure(this); - delete a; + if (std::dynamic_pointer_cast(a)) { + m_defaultActions.addTag(std::dynamic_pointer_cast(a)); return; } - - if (dynamic_cast(a)) { - m_logData = std::unique_ptr(dynamic_cast(a)); - } else if (dynamic_cast(a)) { - m_msg = std::unique_ptr(dynamic_cast(a)); - } else if (dynamic_cast(a)) { - actions::SetVar *var = dynamic_cast(a); - m_actionsSetVar.push_back(std::unique_ptr(var)); - } else if (dynamic_cast(a)) { - m_actionsTag.push_back(std::unique_ptr(dynamic_cast(a))); - } else if (dynamic_cast(a)) { - m_actionsRuntimePos.push_back(std::unique_ptr(dynamic_cast(a))); - m_containsStaticBlockAction = true; - } else if (dynamic_cast(a)) { - m_XmlNSs.push_back(std::unique_ptr(dynamic_cast(a))); - } else if (dynamic_cast(a) != NULL) { - m_disruptiveAction = std::unique_ptr(dynamic_cast(a)); - } else { - m_actionsRuntimePos.push_back(std::unique_ptr(dynamic_cast(a))); + if (std::dynamic_pointer_cast(a)) { + m_defaultActions.setBlock(true); + return; } + if (std::dynamic_pointer_cast(a)) { + m_defaultActions.setDisruptiveAction(std::dynamic_pointer_cast(a)); + return; + } + std::shared_ptr bp = std::dynamic_pointer_cast(a); + if (!bp) { + return; + } + m_defaultActions.addGenericMatchAction(bp); } -RuleWithActions::~RuleWithActions() { } - - bool RuleWithActions::evaluate(Transaction *transaction) const { /* Matched vars needs to be clear at every new rule execution */ transaction->m_matched.clear(); @@ -199,97 +280,80 @@ bool RuleWithActions::evaluate(Transaction *transaction) const { void RuleWithActions::executeActionsIndependentOfChainedRuleResult(Transaction *trans) const { - - for (actions::SetVar *a : getSetVarsActionsPtr()) { - ms_dbg_a(trans, 4, "Running [independent] (non-disruptive) " \ - "action: " + *a->getName()); - - a->execute(trans); - } + /* setVar */ + auto f = [](Transaction *t, const std::shared_ptr &var) { + ms_dbg_a(t, 4, "Running [independent] (non-disruptive) action: " + *var->getName()); + var->execute(t); + }; + for (auto &a : m_defaultActions.getSetVars()) { f(trans, a); } + for (auto &a : getSetVars()) { f(trans, a); } } void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans) const { bool disruptiveAlreadyExecuted = false; - for (actions::Tag *a : getTagsActionPtr()) { - ms_dbg_a(trans, 4, "Running (non-disruptive) action: " \ - + a->getTagName(trans)); - a->execute(trans); - } + /* tags */ + auto f = [](Transaction *t, const std::shared_ptr &tag) { + ms_dbg_a(t, 4, "Running (non-disruptive) action: " + tag->getTagName(t)); + tag->execute(t); + }; + for (auto &a : m_defaultActions.getTags()) { f(trans, a); } + for (auto &a : getTags()) { f(trans, a); } + /** - * * FIXME: SecRuleUpdateActionBy should be runtime - * */ auto range = trans->m_rules->m_exceptions.m_action_pos_update_target_by_id.equal_range(m_ruleId); for (auto it = range.first; it != range.second; ++it) { ActionWithExecution *a = dynamic_cast(it->second.get()); if (dynamic_cast(a)) { trans->messageGetLast()->setRule(this); - } - executeAction(trans, a, false); - if (dynamic_cast(a)) { disruptiveAlreadyExecuted = true; } + ms_dbg_a(trans, 9, "Running action placed by updateTargetById: " + *a->getName()); + a->execute(trans); } - if (m_logData) { - m_logData->execute(trans); - } else if (m_defaultActionLogData) { - m_defaultActionLogData->execute(trans); + /* generic actions */ + auto fg = [](Transaction *t, const std::shared_ptr &a) { + ms_dbg_a(t, 9, "Running action: " + *a->getName()); + a->execute(t); + }; + for (auto &a : m_defaultActions.getGenericMatchActions()) { fg(trans, a); } + for (auto &a : getGenericMatchActions()) { fg(trans, a); } + + if (m_actionLogData) { + m_actionLogData->execute(trans); } - if (m_msg) { - m_msg->execute(trans); - } else if (m_defaultActionMsg) { - m_defaultActionMsg->execute(trans); + if (m_actionMsg) { + m_actionMsg->execute(trans); } - for (auto &a : getMatchActionsPtr()) { - if (!dynamic_cast(a) - && !(disruptiveAlreadyExecuted - && dynamic_cast(a))) { - executeAction(trans, a, false); + /* disruptive actions */ + if (disruptiveAlreadyExecuted) { + return; + } + auto fd = [](Transaction *t, const std::shared_ptr &a) { + if (t->getRuleEngineState() == RulesSet::EnabledRuleEngine) { + ms_dbg_a(t, 4, "Running (disruptive) action: " + *a->getName() + "."); + const ActionWithExecution *ae = dynamic_cast(a.get()); + ae->execute(t); + return; } + + ms_dbg_a(t, 4, "Not running disruptive action: " \ + + *a->getName() + ". SecRuleEngine is not On."); + }; + if (hasDisruptiveAction()) { + trans->messageGetLast()->setRule(this); + fd(trans, getDisruptiveAction()); + } else if ((hasBlock() || m_defaultActions.hasBlock()) && m_defaultActions.hasDisruptiveAction()) { + trans->messageGetLast()->setRule(this); + fd(trans, m_defaultActions.getDisruptiveAction()); } - if (!disruptiveAlreadyExecuted && m_disruptiveAction != nullptr) { - executeAction(trans, - m_disruptiveAction.get(), false); - } else if (!disruptiveAlreadyExecuted && hasBlockAction() - && m_defaultActionDisruptiveAction != nullptr) { - executeAction(trans, - m_defaultActionDisruptiveAction.get(), false); - } -} - - -void RuleWithActions::executeAction(Transaction *trans, - ActionWithExecution *a, bool defaultContext) { - ms_dbg_a(trans, 9, "Running action: " + *a->getName()); - a->execute(trans); -} - - -void RuleWithActions::executeAction(Transaction *trans, - ActionDisruptive *a, bool defaultContext) const { - if (defaultContext && !hasBlockAction()) { - ms_dbg_a(trans, 4, "Ignoring action: " + *a->getName() + \ - " (rule does not cotains block)"); - return; - } - - if (trans->getRuleEngineState() == RulesSet::EnabledRuleEngine) { - ms_dbg_a(trans, 4, "Running (disruptive) action: " + \ - *a->getName() + "."); - ActionWithExecution *ae = dynamic_cast(a); - ae->execute(trans); - return; - } - - ms_dbg_a(trans, 4, "Not running disruptive action: " \ - + *a->getName() + ". SecRuleEngine is not On."); } @@ -303,26 +367,17 @@ void RuleWithActions::executeTransformations( ssin.assign(in.c_str(), in.size()); results.push_back(TransformationResult(&ssin)); - - std::string path(""); - std::shared_ptr value = - std::shared_ptr(new std::string(in)); - - for (Transformation *action : getTransformationPtr()) { - if (dynamic_cast(action)) { + //FIXME: none should be pre-computed. + for (auto &action : m_defaultActions.getTransformations()) { + if (dynamic_cast(action.get())) { none++; } } - - for (Transformation *t : getTransformationPtr()) { - if (none == 0) { - executeTransformation(trans, &results, t); - } - if (dynamic_cast(t)) { - none--; + for (auto &action : getTransformations()) { + if (dynamic_cast(action.get())) { + none++; } } - // FIXME: It can't be something different from transformation. Sort this // on rules compile time. auto range = trans->m_rules->m_exceptions.m_action_transformation_update_target_by_id.equal_range(m_ruleId); @@ -333,6 +388,24 @@ void RuleWithActions::executeTransformations( } } + for (auto &t : m_defaultActions.getTransformations()) { + if (none == 0) { + executeTransformation(trans, &results, t.get()); + } + if (dynamic_cast(t.get())) { + none--; + } + } + + for (auto &t : getTransformations()) { + if (none == 0) { + executeTransformation(trans, &results, t.get()); + } + if (dynamic_cast(t.get())) { + none--; + } + } + for (auto it = range.first; it != range.second; ++it) { Transformation *t = it->second.get(); if (none == 0) { @@ -381,9 +454,14 @@ void RuleWithActions::executeTransformation( } -bool RuleWithActions::containsTag(const std::string& name, Transaction *t) const { - for (auto &tag : getTagsAction()) { - if (tag != NULL && tag->getTagName(t) == name) { +bool RuleWithActions::containsTag(const std::string& name, const Transaction *t) const noexcept { + for (auto &tag : m_defaultActions.getTags()) { + if (tag != nullptr && tag->getTagName(t) == name) { + return true; + } + } + for (auto &tag : getTags()) { + if (tag != nullptr && tag->getTagName(t) == name) { return true; } } @@ -391,13 +469,34 @@ bool RuleWithActions::containsTag(const std::string& name, Transaction *t) const } -bool RuleWithActions::containsMsg(const std::string& name, Transaction *t) const { - return m_msg && m_msg->getEvaluatedRunTimeString(t) == name; +bool RuleWithActions::containsMsg(const std::string& name, const Transaction *t) const noexcept { + return m_actionMsg && m_actionMsg->getEvaluatedRunTimeString(t) == name; } -std::string RuleWithActions::getLogData(const Transaction *t) const { return m_logData->getEvaluatedRunTimeString(t); } -std::string RuleWithActions::getMessage(const Transaction *t) const { return m_msg->getEvaluatedRunTimeString(t); } +std::string RuleWithActions::getLogData(const Transaction *t) const noexcept { + return m_actionLogData->getEvaluatedRunTimeString(t); +} +std::string RuleWithActions::getMessage(const Transaction *t) const noexcept { + return m_actionMsg->getEvaluatedRunTimeString(t); +} + +void RuleWithActions::populate(const RuleWithActions *r) const { + RuleWithActionsProperties::populate(r); + if (m_actionMsg) { + actions::ActionWithRunTimeString *arts = dynamic_cast(m_actionMsg.get()); + if (arts != nullptr) { + arts->populate(r); + } + } + if (m_actionLogData) { + actions::ActionWithRunTimeString *arts = dynamic_cast(m_actionLogData.get()); + if (arts != nullptr) { + arts->populate(r); + } + } +} + } // namespace modsecurity diff --git a/src/rule_with_actions.h b/src/rule_with_actions.h index cc184349..22660ef9 100644 --- a/src/rule_with_actions.h +++ b/src/rule_with_actions.h @@ -25,19 +25,32 @@ #ifndef SRC_RULE_WITH_ACTIONS_H_ #define SRC_RULE_WITH_ACTIONS_H_ -#include "modsecurity/transaction.h" -#include "modsecurity/modsecurity.h" -#include "modsecurity/variable_value.h" -#include "modsecurity/rule.h" #include "modsecurity/actions/action.h" +#include "modsecurity/modsecurity.h" +#include "modsecurity/rule.h" +#include "modsecurity/rule_message.h" +#include "modsecurity/rules_set.h" +#include "modsecurity/transaction.h" +#include "modsecurity/variable_value.h" +#include "src/actions/action_allowed_in_sec_default_action.h" #include "src/actions/action_type_rule_metadata.h" #include "src/actions/action_with_execution.h" +#include "src/actions/action_with_run_time_string.h" #include "src/actions/disruptive/disruptive_action.h" - +#include "src/actions/transformations/transformation.h" +#include "src/actions/xmlns.h" +#include "src/rule_with_actions.h" +#include "src/rule_with_actions_properties.h" +#include "src/utils/string.h" +#include "src/transformation_result.h" #ifdef __cplusplus + namespace modsecurity { + using XmlNSs = std::vector >; + using XmlNSsPtr = std::vector; + namespace actions { class Action; @@ -45,200 +58,42 @@ class Severity; class LogData; class Msg; class Rev; -class SetVar; -class Tag; class XmlNS; namespace transformations { class Transformation; } } -using Transformation = actions::transformations::Transformation; -using Transformations = std::vector >; -using TransformationsPtr = std::vector; -using Actions = std::vector; -using ActionWithExecution = actions::ActionWithExecution; -using ActionTypeRuleMetaData = actions::ActionTypeRuleMetaData; -using ActionDisruptive = actions::disruptive::ActionDisruptive; - -using MatchActions = std::vector >; -using MatchActionsPtr = std::vector; - -using Tags = std::vector >; -using TagsPtr = std::vector; - -using SetVars = std::vector >; -using SetVarsPtr = std::vector; - -using XmlNSs = std::vector >; -using XmlNSsPtr = std::vector; - - -class TransformationResult { +class RuleWithActions : public Rule, public RuleWithActionsProperties { public: - explicit TransformationResult( - ModSecString &after, - const std::string *transformation = nullptr) - : m_after(after), - m_transformation(transformation) { }; - explicit TransformationResult( - ModSecString *after) - : m_after(*after), - m_transformation(nullptr) { }; + using Action = actions::Action; + using Actions = std::vector>; + using ActionTypeRuleMetaData = actions::ActionTypeRuleMetaData; - TransformationResult(const TransformationResult &t2) - : m_after(t2.m_after), - m_transformation(t2.m_transformation) { }; - - - ModSecString *getAfter() { - return &m_after; - } - - - const std::string *getTransformationName() const { - return m_transformation; - } - - - private: - ModSecString m_after; - const std::string *m_transformation; -}; - -using TransformationsResults = std::list; - - -class RuleWithActions : public Rule { - public: - int SEVERITY_NOT_SET = 10; - int ACCURACY_NOT_SET = 10; - int MATURITY_NOT_SET = 10; + const unsigned int SEVERITY_NOT_SET = 10; + const unsigned int ACCURACY_NOT_SET = 10; + const unsigned int MATURITY_NOT_SET = 10; RuleWithActions( Actions *a, Transformations *t, std::unique_ptr fileName, int lineNumber); - ~RuleWithActions(); - - RuleWithActions(const RuleWithActions &r) - : Rule(r), - m_ruleId(r.m_ruleId), - m_chainedRuleChild(r.m_chainedRuleChild), - m_chainedRuleParent(r.m_chainedRuleParent), - m_disruptiveAction(r.m_disruptiveAction), - m_logData(r.m_logData), - m_msg(r.m_msg), - m_actionsRuntimePos(r.m_actionsRuntimePos), - m_actionsSetVar(r.m_actionsSetVar), - m_actionsTag(r.m_actionsTag), - m_XmlNSs(r.m_XmlNSs), - m_defaultActionDisruptiveAction(r.m_defaultActionDisruptiveAction), - m_defaultActionLogData(r.m_defaultActionLogData), - m_defaultActionMsg(r.m_defaultActionMsg), - m_defaultActionActionsRuntimePos(r.m_defaultActionActionsRuntimePos), - m_defaultActionActionsSetVar(r.m_defaultActionActionsSetVar), - m_defaultActionActionsTag(r.m_defaultActionActionsTag), - m_transformations(r.m_transformations), - m_defaultTransformations(r.m_defaultTransformations), - m_severity(r.m_severity), - m_revision(r.m_revision), - m_version(r.m_version), - m_accuracy(r.m_accuracy), - m_maturity(r.m_maturity), - m_containsCaptureAction(r.m_containsCaptureAction), - m_containsLogAction(r.m_containsLogAction), - m_containsNoLogAction(r.m_containsNoLogAction), - m_containsAuditLogAction(r.m_containsAuditLogAction), - m_containsNoAuditLogAction(r.m_containsNoAuditLogAction), - m_containsMultiMatchAction(r.m_containsMultiMatchAction), - m_containsStaticBlockAction(r.m_containsStaticBlockAction), - m_defaultSeverity(r.m_defaultSeverity), - m_defaultRevision(r.m_defaultRevision), - m_defaultVersion(r.m_defaultVersion), - m_defaultAccuracy(r.m_defaultAccuracy), - m_defaultMaturity(r.m_defaultMaturity), - m_defaultContainsCaptureAction(r.m_defaultContainsCaptureAction), - m_defaultContainsLogAction(r.m_defaultContainsLogAction), - m_defaultContainsNoLogAction(r.m_defaultContainsNoLogAction), - m_defaultContainsAuditLogAction(r.m_defaultContainsAuditLogAction), - m_defaultContainsNoAuditLogAction(r.m_defaultContainsNoAuditLogAction), - m_defaultContainsMultiMatchAction(r.m_defaultContainsMultiMatchAction), - m_defaultContainsStaticBlockAction(r.m_defaultContainsStaticBlockAction), - m_isChained(r.m_isChained) { - // TODO: Verify if it is necessary to process any other copy. - }; - - RuleWithActions &operator=(const RuleWithActions& r) { - Rule::operator = (r); - m_ruleId = r.m_ruleId; - m_chainedRuleChild = r.m_chainedRuleChild; - m_chainedRuleParent = r.m_chainedRuleParent; - m_disruptiveAction = r.m_disruptiveAction; - m_logData = r.m_logData; - m_msg = r.m_msg; - m_actionsRuntimePos = r.m_actionsRuntimePos; - m_actionsSetVar = r.m_actionsSetVar; - m_actionsTag = r.m_actionsTag; - m_XmlNSs = r.m_XmlNSs; - m_defaultActionDisruptiveAction = r.m_defaultActionDisruptiveAction; - m_defaultActionLogData = r.m_defaultActionLogData; - m_defaultActionMsg = r.m_defaultActionMsg; - m_defaultActionActionsRuntimePos = r.m_defaultActionActionsRuntimePos; - m_defaultActionActionsSetVar = r.m_defaultActionActionsSetVar; - m_defaultActionActionsTag = r.m_defaultActionActionsTag; - m_transformations = r.m_transformations; - m_defaultTransformations = r.m_defaultTransformations; - m_severity = r.m_severity; - m_revision = r.m_revision; - m_version = r.m_version; - m_accuracy = r.m_accuracy; - m_maturity = r.m_maturity; - m_containsCaptureAction = r.m_containsCaptureAction; - m_containsLogAction = r.m_containsLogAction; - m_containsNoLogAction = r.m_containsNoLogAction; - m_containsAuditLogAction = r.m_containsAuditLogAction; - m_containsNoAuditLogAction = r.m_containsNoAuditLogAction; - m_containsMultiMatchAction = r.m_containsMultiMatchAction; - m_containsStaticBlockAction = r.m_containsStaticBlockAction; - m_defaultSeverity = r.m_defaultSeverity; - m_defaultRevision = r.m_defaultRevision; - m_defaultVersion = r.m_defaultVersion; - m_defaultAccuracy = r.m_defaultAccuracy; - m_defaultMaturity = r.m_defaultMaturity; - m_defaultContainsCaptureAction = r.m_defaultContainsCaptureAction; - m_defaultContainsLogAction = r.m_defaultContainsLogAction; - m_defaultContainsNoLogAction = r.m_defaultContainsNoLogAction; - m_defaultContainsAuditLogAction = r.m_defaultContainsAuditLogAction; - m_defaultContainsNoAuditLogAction = r.m_defaultContainsNoAuditLogAction; - m_defaultContainsMultiMatchAction = r.m_defaultContainsMultiMatchAction; - m_defaultContainsStaticBlockAction = r.m_defaultContainsStaticBlockAction; - m_isChained = r.m_isChained; - return *this; - // TODO: Verify if it is necessary to process any other copy. - } + RuleWithActions(const RuleWithActions &r); + RuleWithActions &operator=(const RuleWithActions& r); virtual bool evaluate(Transaction *transaction) const override; - void executeActionsIndependentOfChainedRuleResult( - Transaction *trasn) const; + Transaction *trasaction) const; void executeActionsAfterFullMatch( - Transaction *trasn) const; - - static void executeAction(Transaction *trans, - ActionWithExecution *a, - bool context); - - void executeAction(Transaction *trans, - ActionDisruptive *a, - bool context) const; + Transaction *transaction) const; + // FIXME: Pass a callback for the transformation execution. static void executeTransformation( Transaction *transaction, TransformationsResults *ret, @@ -255,253 +110,194 @@ class RuleWithActions : public Rule { const std::string &value, TransformationsResults &results) const; - void addAction(actions::Action *a); - void addTransformation(std::shared_ptr t) { - m_transformations.push_back(t); - } - void addDefaultAction(std::shared_ptr); - void addDefaultTransformation(std::shared_ptr t) { - m_defaultTransformations.push_back(t); - } - - - std::vector getActionsByName(const std::string& name, - Transaction *t); - bool containsTag(const std::string& name, Transaction *t) const; - bool containsMsg(const std::string& name, Transaction *t) const; + /* */ + bool containsTag(const std::string& name, const Transaction *t) const noexcept; + bool containsMsg(const std::string& name, const Transaction *t) const noexcept; + /* default Actions */ void clearDefaultActions() { - m_defaultSeverity = SEVERITY_NOT_SET; - m_defaultRevision = ""; - m_defaultVersion = ""; - m_defaultAccuracy = ACCURACY_NOT_SET; - m_defaultMaturity = MATURITY_NOT_SET; - m_defaultContainsCaptureAction = false; - m_defaultContainsLogAction = false; - m_defaultContainsNoLogAction = false; - m_defaultContainsMultiMatchAction = false; - m_defaultContainsStaticBlockAction = false; - m_defaultActionLogData = nullptr; - m_defaultActionMsg = nullptr; - m_defaultActionActionsSetVar.clear(); - m_defaultActionActionsTag.clear(); - m_defaultActionActionsRuntimePos.clear(); - m_defaultActionDisruptiveAction = nullptr; - m_defaultActionActionsRuntimePos.clear(); - m_defaultTransformations.clear(); + m_defaultActions.clear(); + } + void addDefaultAction(std::shared_ptr a); + void addDefaulTransformation(std::shared_ptr t) { + m_defaultActions.addTransformation(t); } - Transformations getTransformation() const { - Transformations dst; - for (auto &a : m_defaultTransformations) { - dst.push_back(a); - } - for (auto &a : m_transformations) { - dst.push_back(a); - } - return dst; + void populate(const RuleWithActions *r) const; + + /* rule id */ + // FIXME: not ever rule has an id. e.g. chained rule. */ + inline const RuleId getId() const noexcept { return m_ruleId; } + void setId(int id) noexcept { + m_ruleId = id; } - TransformationsPtr getTransformationPtr() const { - TransformationsPtr dst; - for (auto &a : m_defaultTransformations) { - dst.push_back(a.get()); - } - for (auto &a : m_transformations) { - dst.push_back(a.get()); - } - return dst; + + /* capture */ + inline void setHasCapture(bool b) noexcept { + m_containsCapture = b; + } + inline bool hasCapture() const noexcept { + return m_containsCapture; } - SetVars getSetVarsActions() const { - SetVars dst; - for (auto &a : m_defaultActionActionsSetVar) { - dst.push_back(a); - } - for (auto &a : m_actionsSetVar) { - dst.push_back(a); - } - return dst; + + /* accuracy */ + inline const int getAccuracy() const noexcept { + return m_accuracy; + } + inline void setAccuracy(unsigned int accuracy) noexcept { + m_accuracy = accuracy; + } + inline bool hasAccuracy() const noexcept { + return m_accuracy != ACCURACY_NOT_SET; } - SetVarsPtr getSetVarsActionsPtr() const { - SetVarsPtr dst; - for (auto &a : m_defaultActionActionsSetVar) { - dst.push_back(a.get()); - } - for (auto &a : m_actionsSetVar) { - dst.push_back(a.get()); - } - return dst; + + /* severity */ + inline int getSeverity() const noexcept { + return m_severity; + } + inline void setSeverity(unsigned int severity) noexcept { + m_severity = severity; + } + inline bool hasSeverity() const noexcept { + return m_severity != SEVERITY_NOT_SET; } - MatchActionsPtr getMatchActionsPtr() const { - MatchActionsPtr dst; - for (auto &a : m_defaultActionActionsRuntimePos) { - dst.push_back(a.get()); - } - for (auto &a : m_actionsRuntimePos) { - dst.push_back(a.get()); - } - return dst; + + /* revision */ + inline const std::string getRevision() const noexcept { + return m_revision; + }; + inline void setRevision(const std::string &revision) noexcept { + m_revision.assign(revision); + } + inline bool hasRevision() const noexcept { + return m_revision != ""; } - MatchActions getMatchActions() const { - MatchActions dst; - for (auto &a : m_defaultActionActionsRuntimePos) { - dst.push_back(a); - } - for (auto &a : m_actionsRuntimePos) { - dst.push_back(a); - } - return dst; + + /* version */ + inline const std::string getVersion() const noexcept { + return m_version; + }; + inline void setVersion(const std::string &version) noexcept { + m_version.assign(version); + } + inline bool hasVersion() const noexcept { + return m_version != ""; } + + /* maturity */ + inline const int getMaturity() const noexcept { + return m_maturity; + } + inline void setMaturity(unsigned int maturity) noexcept { + m_maturity = maturity; + } + inline bool hasMaturity() const noexcept { + return m_maturity != MATURITY_NOT_SET; + } + + + /* logData */ + inline std::shared_ptr getLogDataAction() const noexcept { + return m_actionLogData; + } + std::string getLogData(const Transaction *t) const noexcept; + inline void setLogDataAction(const std::shared_ptr &data) noexcept { + m_actionLogData = data; + } + inline bool hasLogDataAction() const noexcept { + return m_actionLogData != nullptr; + } + + + /* message */ + inline std::shared_ptr getMessageAction() const noexcept { + return m_actionMsg; + } + std::string getMessage(const Transaction *t) const noexcept; + inline void setMessageAction(const std::shared_ptr &msg) noexcept { + m_actionMsg = msg; + } + inline bool hasMessageAction() const noexcept { + return m_actionMsg != nullptr; + } + + + /* multimatch */ + inline bool processMultiMatch() const noexcept { + return hasMultiMatch() || m_defaultActions.hasMultiMatch(); + } + + + /* isDisruptive */ + inline bool isDisruptive() const { + return hasDisruptiveAction() || ((m_defaultActions.hasBlock() || hasBlock()) && m_defaultActions.hasBlock()); + } + + + /* logging */ + inline bool isItToBeLogged() const noexcept { + if (hasNoLog()) { + return false; + } + if (m_defaultActions.hasNoLog() && !hasNoLog()) { + return false; + } + if (!hasDisruptiveAction() && !(hasBlock() || m_defaultActions.hasBlock())) { + return false; + } + if (!m_defaultActions.hasDisruptiveAction() && !hasDisruptiveAction()) { + return false; + } + return true; + } + + inline bool isItToBeAuditLogged() const noexcept { + if (hasNoAuditLog()) { + return false; + } + if (hasNoLog() && !hasAuditLog()) { + return false; + } + if (hasLog() || hasAuditLog()) { + return true; + } + if (m_defaultActions.hasAuditLog()) { + return true; + } + if (isItToBeLogged()) { + return true; + } + return false; + } + + + /* chained rule */ + /* FIXME: The chained rule needs to have its own class. */ + void setChainedNext(std::unique_ptr r) { + m_chainedRuleChild = std::move(r); + } + inline RuleWithActions *getChainedNext() const { + return m_chainedRuleChild.get(); + } + void setChainedParent(RuleWithActions *r) { + m_chainedRuleParent = r; + } + inline RuleWithActions *getChainedParent() { + return m_chainedRuleParent; + } inline bool hasChainAction() const { return m_isChained == true; } inline void setHasChainAction(bool b) { m_isChained = b; } inline bool hasChainedParent() const { return m_chainedRuleParent != nullptr; } inline bool hasChainedChild() const { return m_chainedRuleChild.get() != nullptr; } - inline void setHasCaptureAction(bool b) { m_containsCaptureAction = b; } - inline bool hasCaptureAction() const { return m_containsCaptureAction || m_defaultContainsCaptureAction; } - inline bool hasDisruptiveAction() const { return m_disruptiveAction != nullptr || m_defaultActionDisruptiveAction != nullptr; } - inline void setDisruptiveAction(const std::shared_ptr &a) { m_disruptiveAction = a; } - inline std::shared_ptr getDisruptiveAction() const { return m_disruptiveAction; } - - inline bool hasBlockAction() const { return m_containsStaticBlockAction || m_defaultContainsStaticBlockAction; } - inline void setHasBlockAction(bool b) { m_containsStaticBlockAction = b; } - - inline void setHasMultimatchAction(bool b) { m_containsMultiMatchAction = b; } - inline bool hasMultimatchAction() const { return m_containsMultiMatchAction || m_defaultContainsMultiMatchAction; } - - inline bool hasAuditLogAction() const { return m_containsAuditLogAction == true; } - inline void setHasAuditLogAction(bool b) { m_containsAuditLogAction = b; } - inline bool hasNoAuditLogAction() const { return m_containsNoAuditLogAction == true; } - inline void setHasNoAuditLogAction(bool b) { m_containsNoAuditLogAction = b; } - - inline bool hasLogAction() const { return m_containsLogAction == true; } - inline void setHasLogAction(bool b) { m_containsLogAction = b; } - inline bool hasNoLogAction() const { return m_containsNoLogAction == true; } - inline void setHasNoLogAction(bool b) { m_containsNoLogAction = b; } - - - inline bool isItToBeLogged() const noexcept { - if (m_containsNoLogAction) { - return false; - } - - if (m_defaultContainsNoLogAction && !m_containsLogAction) { - return false; - } - - return true; - } - - - inline bool isItToBeAuditLogged() const noexcept { - if (!isItToBeLogged() && !m_containsAuditLogAction - && !m_defaultContainsAuditLogAction) { - return false; - } - - if (m_containsNoAuditLogAction) { - return false; - } - - if (m_defaultContainsNoLogAction && !m_containsAuditLogAction) { - return false; - } - - return true; - } - - - inline bool hasLogDataAction() const { return m_logData != nullptr || m_defaultActionLogData != nullptr; } - inline std::shared_ptr getLogDataAction() const { return m_logData; } - std::string getLogData(const Transaction *t) const; - inline void setLogDataAction(const std::shared_ptr &data) { m_logData = data; } - - inline bool hasMessageAction() const { return m_msg != nullptr || m_defaultActionMsg != nullptr; } - inline std::shared_ptr getMessageAction() const { return m_msg; } - inline void setMessageAction(const std::shared_ptr &msg) { m_msg = msg; } - std::string getMessage(const Transaction *t) const; - - - inline bool hasSeverityAction() const { return m_severity != SEVERITY_NOT_SET || m_defaultSeverity != SEVERITY_NOT_SET; } - inline int getSeverity() const { return (m_severity != SEVERITY_NOT_SET)?m_severity:m_defaultSeverity; } - inline void setDefaultActionSeverity(unsigned int severity) { m_defaultSeverity = severity; } - inline void setSeverity(unsigned int severity) { m_severity = severity; } - - inline bool hasRevisionAction() const { return m_revision != ""; } - inline const std::string getRevision() const { return m_revision; }; - inline void setRevision(const std::string &revision) { m_revision.assign(revision); } - - inline bool hasVersionAction() const { return m_version != ""; } - inline const std::string getVersion() const { return m_version; }; - inline void setVersion(const std::string &version) { m_version.assign(version); } - - inline bool hasAccuracyAction() const { return m_accuracy != ACCURACY_NOT_SET || m_defaultAccuracy != ACCURACY_NOT_SET; } - inline const int getAccuracy() const { return m_accuracy; } - inline void setAccuracy(unsigned int accuracy) { m_accuracy = accuracy; } - - inline bool hasMaturityAction() const { return m_maturity != MATURITY_NOT_SET || m_defaultMaturity != MATURITY_NOT_SET; } - inline const int getMaturity() const { return m_maturity; } - inline void setDefaultActionMaturity(unsigned int maturity) { m_defaultMaturity = maturity; } - inline void setMaturity(unsigned int maturity) { m_maturity = maturity; } - - inline bool hasTagAction() const { return m_actionsTag.size() > 0; } - inline void setTags(Tags tags) { - for (auto tag : tags) { - m_actionsTag.push_back(tag); - } - } - inline void cleanTags() { - m_actionsTag.clear(); - } - Tags getTagsAction() const { - Tags dst; - for (auto &a : m_defaultActionActionsTag) { - dst.push_back(a); - } - for (auto &a : m_actionsTag) { - dst.push_back(a); - } - return dst; - } - - TagsPtr getTagsActionPtr() const { - TagsPtr dst; - for (auto &a : m_defaultActionActionsTag) { - dst.push_back(a.get()); - } - for (auto &a : m_actionsTag) { - dst.push_back(a.get()); - } - return dst; - } - - inline RuleId getId() const { return m_ruleId; } - void setId(int id) { - m_ruleId = id; - } - - void setChainedNext(std::unique_ptr r) { - m_chainedRuleChild = std::move(r); - } - - inline RuleWithActions *getChainedNext() const { - return m_chainedRuleChild.get(); - } - - void setChainedParent(RuleWithActions *r) { - m_chainedRuleParent = r; - } - - inline RuleWithActions *getChainedParent() { - return m_chainedRuleParent; - } XmlNSs getXmlNSs() const { XmlNSs dst; @@ -530,37 +326,24 @@ class RuleWithActions : public Rule { } private: + void inline copyActionsWithRunTimeStrings(const RuleWithActions &o); + RuleId m_ruleId; std::shared_ptr m_chainedRuleChild; RuleWithActions *m_chainedRuleParent; - /* actions */ - std::shared_ptr m_disruptiveAction; - std::shared_ptr m_logData; - std::shared_ptr m_msg; - MatchActions m_actionsRuntimePos; - SetVars m_actionsSetVar; - Tags m_actionsTag; + /* xmlns */ XmlNSs m_XmlNSs; - /* actions || SecDefaultAction */ - std::shared_ptr m_defaultActionDisruptiveAction; - std::shared_ptr m_defaultActionLogData; - std::shared_ptr m_defaultActionMsg; - - MatchActions m_defaultActionActionsRuntimePos; - SetVars m_defaultActionActionsSetVar; - Tags m_defaultActionActionsTag; - - /* actions > transformations */ - Transformations m_transformations; - - /* actions > transformations || SecDefaultAction */ - Transformations m_defaultTransformations; - - - /* || */ + /** + * 1-9 where 9 is very strong and 1 has many false positives + */ + unsigned int m_accuracy:4; + /** + * 1-9 where 9 is extensively tested and 1 is a brand new experimental rule + */ + unsigned int m_maturity:4; /** * 0 - EMERGENCY: is generated from correlation of anomaly * scoring data where there is an inbound @@ -581,44 +364,16 @@ class RuleWithActions : public Rule { * 6 - INFO * 7 - DEBUG **/ - unsigned int m_severity:3; - + unsigned int m_severity:4; + bool m_containsCapture:1; + bool m_isChained:1; std::string m_revision; std::string m_version; + std::shared_ptr m_actionMsg; + std::shared_ptr m_actionLogData; - /** - * 1-9 where 9 is very strong and 1 has many false positives - */ - unsigned int m_accuracy:3; - /** - * 1-9 where 9 is extensively tested and 1 is a brand new experimental rule - */ - unsigned int m_maturity:3; - - - bool m_containsCaptureAction:1; - bool m_containsLogAction:1; - bool m_containsNoLogAction:1; - bool m_containsAuditLogAction:1; - bool m_containsNoAuditLogAction:1; - bool m_containsMultiMatchAction:1; - bool m_containsStaticBlockAction:1; - - /* || SecDefaultAction */ - unsigned int m_defaultSeverity:3; - std::string m_defaultRevision; - std::string m_defaultVersion; - unsigned int m_defaultAccuracy:3; - unsigned int m_defaultMaturity:3; - bool m_defaultContainsCaptureAction:1; - bool m_defaultContainsLogAction:1; - bool m_defaultContainsNoLogAction:1; - bool m_defaultContainsAuditLogAction:1; - bool m_defaultContainsNoAuditLogAction:1; - bool m_defaultContainsMultiMatchAction:1; - bool m_defaultContainsStaticBlockAction:1; - - bool m_isChained:1; + /* SecDefaultAction */ + RuleWithActionsProperties m_defaultActions; }; } // namespace modsecurity diff --git a/src/rule_with_actions_properties.cc b/src/rule_with_actions_properties.cc new file mode 100644 index 00000000..fd39ec20 --- /dev/null +++ b/src/rule_with_actions_properties.cc @@ -0,0 +1,150 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include "modsecurity/rule.h" + +#include + +#include +#include +#include +#include +#include +#include +#include + +#include "src/actions/set_var.h" +#include "src/actions/tag.h" +#include "src/actions/transformations/transformation.h" + + +namespace modsecurity { + + +RuleWithActionsProperties::RuleWithActionsProperties(Transformations *transformations) : + m_hasAuditLog(false), + m_hasBlock(false), + m_hasLog(false), + m_hasMultiMatch(false), + m_hasNoAuditLog(false), + m_hasNoLog(false), + m_executeIfMatchActions(), + m_setVars(), + m_disruptiveAction(nullptr), + m_tags(), + m_transformations(transformations != nullptr ? *transformations : Transformations()) +{ } + + + +RuleWithActionsProperties::RuleWithActionsProperties(const RuleWithActionsProperties &o) : + m_hasAuditLog(o.m_hasAuditLog), + m_hasBlock(o.m_hasBlock), + m_hasLog(o.m_hasLog), + m_hasMultiMatch(o.m_hasMultiMatch), + m_hasNoAuditLog(o.m_hasNoAuditLog), + m_hasNoLog(o.m_hasNoLog), + m_executeIfMatchActions(), + m_setVars(), + m_disruptiveAction(o.m_disruptiveAction), + m_tags(), + m_transformations(o.m_transformations) +{ + copyActionsWithRunTimeStrings(o); +} + + +RuleWithActionsProperties &RuleWithActionsProperties::operator=(const RuleWithActionsProperties &o) { + m_hasAuditLog = o.m_hasAuditLog; + m_hasBlock = o.m_hasBlock; + m_hasLog = o.m_hasLog; + m_hasMultiMatch = o.m_hasMultiMatch; + m_hasNoAuditLog = o.m_hasNoAuditLog; + m_hasNoLog = o.m_hasNoAuditLog; + m_disruptiveAction = o.m_disruptiveAction; + m_transformations = o.m_transformations; + copyActionsWithRunTimeStrings(o); + + return *this; +} + + +void inline RuleWithActionsProperties::copyActionsWithRunTimeStrings(const RuleWithActionsProperties &o) { + for (auto &i : o.m_executeIfMatchActions) { + actions::ActionWithRunTimeString *arts = dynamic_cast(i.get()); + if (!arts) { + m_executeIfMatchActions.push_back(i); + continue; + } + std::shared_ptr z(dynamic_cast(arts->clone())); + actions::ActionWithRunTimeString *aa = dynamic_cast(z.get()); + aa->populate(nullptr); + m_executeIfMatchActions.push_back(z); + } + for (auto &i : o.m_setVars) { + actions::ActionWithRunTimeString *arts = dynamic_cast(i.get()); + if (!arts) { + m_setVars.push_back(i); + continue; + } + std::shared_ptr z(dynamic_cast(arts->clone())); + actions::ActionWithRunTimeString *aa = dynamic_cast(z.get()); + aa->populate(nullptr); + m_setVars.push_back(z); + } + for (auto &i : o.m_tags) { + actions::ActionWithRunTimeString *arts = dynamic_cast(i.get()); + if (!arts) { + m_tags.push_back(i); + continue; + } + std::shared_ptr z(dynamic_cast(arts->clone())); + actions::Tag *aa = dynamic_cast(z.get()); + aa->populate(nullptr); + m_tags.push_back(z); + } +} + + +void RuleWithActionsProperties::populate(const RuleWithActions *r) const { + /** + * + * ActionWithRunTimeString needs to be aware of the Rule that it + * belongs to. It is necessary to resolve some variables + * (e.g. Rule); Clone and associate are mandatory. + * + */ + for (auto &i : m_executeIfMatchActions) { + actions::ActionWithRunTimeString *arts = dynamic_cast(i.get()); + if (arts != nullptr) { + arts->populate(r); + } + } + for (auto &i : m_setVars) { + actions::ActionWithRunTimeString *arts = dynamic_cast(i.get()); + if (arts != nullptr) { + arts->populate(r); + } + } + for (auto &i : m_tags) { + actions::ActionWithRunTimeString *arts = dynamic_cast(i.get()); + if (arts != nullptr) { + arts->populate(r); + } + } +} + + +} // namespace modsecurity diff --git a/src/rule_with_actions_properties.h b/src/rule_with_actions_properties.h new file mode 100644 index 00000000..32a86ed8 --- /dev/null +++ b/src/rule_with_actions_properties.h @@ -0,0 +1,213 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + + +#ifndef SRC_RULE_WITH_ACTIONS_PROPERTIES_H_ +#define SRC_RULE_WITH_ACTIONS_PROPERTIES_H_ + + +#include "modsecurity/modsecurity.h" +#include "src/actions/action_with_execution.h" +#include "src/actions/disruptive/disruptive_action.h" + +namespace modsecurity { + +namespace actions { +class SetVar; +class Tag; +namespace transformations { +class Transformation; +} +} + + +class RuleWithActionsProperties { + /** + * Properties that can be part of the SecDefaultActions. + * + */ + public: + using ActionWithExecution = actions::ActionWithExecution; + using ActionDisruptive = actions::disruptive::ActionDisruptive; + using MatchActions = std::vector>; + using SetVar = actions::SetVar; + using SetVars = std::vector>; + using Tag = actions::Tag; + using Tags = std::vector>; + using Transformation = actions::transformations::Transformation; + using Transformations = std::vector>; + + explicit RuleWithActionsProperties(Transformations *transformations = nullptr); + ~RuleWithActionsProperties() { + /* all the allocated resources are shared pointers. */ + } + + RuleWithActionsProperties(const RuleWithActionsProperties &o); + RuleWithActionsProperties &operator=(const RuleWithActionsProperties &o); + RuleWithActionsProperties(RuleWithActionsProperties &&o) = delete; + + + void clear() { + m_hasLog = false; + m_hasNoLog = false; + m_hasBlock = false; + m_setVars.clear(); + m_tags.clear(); + m_disruptiveAction = nullptr; + m_executeIfMatchActions.clear(); + m_transformations.clear(); + }; + + void populate(const RuleWithActions *r) const; + + + /* auditLog */ + bool hasAuditLog() const noexcept { + return m_hasAuditLog; + } + void setAuditLog(bool b) { + m_hasAuditLog = b; + } + + + /* log */ + bool hasLog() const noexcept { + return m_hasLog; + } + void setLog(bool b) { + m_hasLog = b; + } + + + /* MultiMatch */ + bool hasMultiMatch() const noexcept { + return m_hasMultiMatch; + } + void setMultiMatch(bool b) { + m_hasMultiMatch = b; + } + + + /* noAuditLog */ + bool hasNoAuditLog() const noexcept { + return m_hasNoAuditLog; + } + void setNoAuditLog(bool b) { + m_hasNoAuditLog = b; + } + + + /* noLog */ + bool hasNoLog() const noexcept { + return m_hasNoLog; + } + void setNoLog(bool b) { + m_hasNoLog = b; + } + + + /* block */ + bool hasBlock() const noexcept { + return m_hasBlock; + } + void setBlock(bool b) { + m_hasBlock = b; + } + + + /* transformations */ + const Transformations &getTransformations() const noexcept { + return m_transformations; + } + void addTransformation(std::shared_ptr t) { + m_transformations.push_back(t); + } + + + /* tags */ + const Tags &getTags() const noexcept { + return m_tags; + } + void setTags(Tags tags) noexcept { + m_tags.insert(m_tags.end(), tags.begin(), tags.end()); + } + void addTag(std::shared_ptr t) { + m_tags.push_back(t); + } + bool hasTags() const noexcept { + return !m_tags.empty(); + } + void clearTags() noexcept { + m_tags.clear(); + } + + + /* vars */ + const SetVars &getSetVars() const noexcept { + return m_setVars; + } + void addSetVar(std::shared_ptr t) { + m_setVars.push_back(t); + } + + + /* other match actions */ + const MatchActions &getGenericMatchActions() const noexcept { + return m_executeIfMatchActions; + } + void addGenericMatchAction(std::shared_ptr a) { + m_executeIfMatchActions.push_back(a); + } + + + /* disruptive action */ + const std::shared_ptr &getDisruptiveAction() const noexcept { + return m_disruptiveAction; + } + inline void setDisruptiveAction(std::shared_ptr d) noexcept { + m_disruptiveAction = d; + } + inline bool hasDisruptiveAction() const noexcept { + return m_disruptiveAction != nullptr; + } + + + private: + void inline copyActionsWithRunTimeStrings(const RuleWithActionsProperties &o); + + /** + * FIXME: log, noLog, AuditLog and noAuditLog are save to compute whenver log + * is necessary or not. This can be pre-computed while the actions are + * encountered amoung the rule action list. + * + */ + bool m_hasAuditLog:1; + bool m_hasBlock:1; + bool m_hasLog:1; + bool m_hasMultiMatch:1; + bool m_hasNoAuditLog:1; + bool m_hasNoLog:1; + + MatchActions m_executeIfMatchActions; + SetVars m_setVars; + std::shared_ptr m_disruptiveAction; + Tags m_tags; + Transformations m_transformations; +}; + +} // namespace modsecurity + + +#endif // SRC_RULE_WITH_ACTIONS_PROPERTIES_H_ \ No newline at end of file diff --git a/src/rule_with_operator.cc b/src/rule_with_operator.cc index a1150e68..9a097779 100644 --- a/src/rule_with_operator.cc +++ b/src/rule_with_operator.cc @@ -56,7 +56,7 @@ using actions::transformations::None; RuleWithOperator::RuleWithOperator(Operator *op, variables::Variables *_variables, - std::vector *actions, + Actions *actions, Transformations *transformations, std::unique_ptr fileName, int lineNumber) @@ -217,7 +217,6 @@ bool RuleWithOperator::evaluate(Transaction *trans) const { bool globalRet = false; variables::Variables *variables = m_variables.get(); bool recursiveGlobalRet; - bool containsBlock = hasBlockAction(); std::string eparam; variables::Variables vars; vars.reserve(4); @@ -303,7 +302,7 @@ bool RuleWithOperator::evaluate(Transaction *trans) const { executeTransformations(trans, value, transformationsResults); auto iter = transformationsResults.begin(); - if (!hasMultimatchAction()) { + if (!processMultiMatch()) { iter = transformationsResults.end(); std::advance(iter, -1); } @@ -381,7 +380,7 @@ end_exec: /* last rule in the chain. */ trans->logMatchLastRuleOnTheChain(this); - if (hasSeverityAction()) { + if (hasSeverity()) { ms_dbg_a(trans, 9, "This rule severity is: " + \ std::to_string(getSeverity()) + " current transaction is: " + \ std::to_string(trans->m_highestSeverityAction)); diff --git a/src/rule_with_operator.h b/src/rule_with_operator.h index 29cfd4ce..02d46549 100644 --- a/src/rule_with_operator.h +++ b/src/rule_with_operator.h @@ -43,7 +43,7 @@ class RuleWithOperator : public RuleWithActions { public: RuleWithOperator(operators::Operator *op, variables::Variables *variables, - std::vector *actions, + Actions *actions, Transformations *transformations, std::unique_ptr fileName, int lineNumber); diff --git a/src/rules_set.cc b/src/rules_set.cc index 8ec964ce..ac976ca3 100644 --- a/src/rules_set.cc +++ b/src/rules_set.cc @@ -62,11 +62,11 @@ namespace modsecurity { RuleWithActions *nr = dynamic_cast(m_rules[i].get()); nr->clearDefaultActions(); - for (auto a : m_defaultActions) { + for (auto &a : m_defaultActions) { nr->addDefaultAction(a); } for (auto a : m_defaultTransformations) { - nr->addDefaultTransformation(a); + nr->addDefaulTransformation(a); } diff --git a/src/run_time_string.h b/src/run_time_string.h index f6426179..551f5980 100644 --- a/src/run_time_string.h +++ b/src/run_time_string.h @@ -75,7 +75,7 @@ class RunTimeString { } - void populate(RuleWithActions *rule) noexcept { + void populate(const RuleWithActions *rule) noexcept { for (auto &a : m_elements) { a->populate(rule); } @@ -108,7 +108,6 @@ class RunTimeString { rv = dynamic_cast(nrv); rv->populate(nullptr); m_variable = std::unique_ptr(nrv); - /* m_variable = nullptr; */ } else { m_variable = other.m_variable; } @@ -119,7 +118,9 @@ class RunTimeString { void appendValueTo(const Transaction *transaction, std::string &v) const noexcept { if (m_variable && transaction) { VariableValues l; + m_variable->evaluate(transaction, &l); + if (!l.empty()) { v.append(l[0]->getValue()); } @@ -130,19 +131,20 @@ class RunTimeString { } - void populate(RuleWithActions *rule) noexcept { + void populate(const RuleWithActions *rule) noexcept { if (!m_variable) { return; } RuleVariable *vrule = dynamic_cast(m_variable.get()); - if (vrule != nullptr) { - vrule->populate(rule); + if (!vrule) { + return; } + vrule->populate(rule); } private: - std::string m_string; + const std::string m_string; /* * * FIXME: In the current state m_variable should be a unique_ptr. There diff --git a/src/transaction.cc b/src/transaction.cc index 91e1c244..d43e26de 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -72,14 +72,11 @@ void TransactionRuleMessageManagement::logMatchLastRuleOnTheChain(const RuleWith rm->setRule(rule); - if (rule->hasDisruptiveAction() && rule->isItToBeLogged() && - (m_transaction->getRuleEngineState() == RulesSet::DetectionOnlyRuleEngine)) { + if (rule->isItToBeLogged() && + (m_transaction->getRuleEngineState() == RulesSet::EnabledRuleEngine)) { /* error */ // The error goes over the disruptive massage. We don't need it here. //m_transaction->serverLog(rm); - } else if (rule->hasBlockAction() && rule->isItToBeLogged()) { - /* Log as warning. */ - m_transaction->serverLog(rm); } else if (rule->isItToBeLogged()) { /* Log as warning. */ m_transaction->serverLog(rm); diff --git a/src/transformation_result.h b/src/transformation_result.h new file mode 100644 index 00000000..a7c2bc01 --- /dev/null +++ b/src/transformation_result.h @@ -0,0 +1,68 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include "modsecurity/modsecurity.h" +#include "modsecurity/rule.h" +#include "modsecurity/rule_message.h" +#include "modsecurity/rules_set.h" + +#ifndef SRC_TRANSFORMATION_RESULT_H_ +#define SRC_TRANSFORMATION_RESULT_H_ + + +namespace modsecurity { + + +class TransformationResult { + public: + explicit TransformationResult( + ModSecString &after, + const std::string *transformation = nullptr) + : m_after(after), + m_transformation(transformation) { }; + + explicit TransformationResult( + ModSecString *after) + : m_after(*after), + m_transformation(nullptr) { }; + + TransformationResult(const TransformationResult &t2) + : m_after(t2.m_after), + m_transformation(t2.m_transformation) { }; + + + ModSecString *getAfter() { + return &m_after; + } + + + const std::string *getTransformationName() const { + return m_transformation; + } + + + private: + ModSecString m_after; + const std::string *m_transformation; +}; + +using TransformationsResults = std::list; + +} // namespace modsecurity + + + +#endif // SRC_TRANSFORMATION_RESULT_H_ + diff --git a/src/variables/rule.h b/src/variables/rule.h index 32acdfaa..3caf737e 100644 --- a/src/variables/rule.h +++ b/src/variables/rule.h @@ -71,7 +71,7 @@ class Rule_DictElement : public RuleVariable, public VariableDictElement { const RuleWithActions *rule, VariableValues *l) { - if (rule->hasRevisionAction()) { + if (rule->hasRevision()) { auto var = std::make_shared(&m_rule, &m_rule_rev, std::unique_ptr(new std::string(rule->getRevision()))); VariableOrigin origin; origin.m_offset = 0; @@ -87,7 +87,7 @@ class Rule_DictElement : public RuleVariable, public VariableDictElement { const RuleWithActions *rule, VariableValues *l) { - if (rule->hasSeverityAction()) { + if (rule->hasSeverity()) { auto var = std::make_shared(&m_rule, &m_rule_severity, std::unique_ptr(new std::string(std::to_string(rule->getSeverity())))); VariableOrigin origin; origin.m_offset = 0; diff --git a/src/variables/rule_variable.h b/src/variables/rule_variable.h index 47714f16..b0a9384c 100644 --- a/src/variables/rule_variable.h +++ b/src/variables/rule_variable.h @@ -20,11 +20,11 @@ #ifndef SRC_VARIABLES_RULE_VARIABLE_H_ #define SRC_VARIABLES_RULE_VARIABLE_H_ -#include "src/rule_with_actions.h" namespace modsecurity { +class RuleWithActions; class Transaction; namespace variables { diff --git a/src/variables/variable_with_runtime_string.h b/src/variables/variable_with_runtime_string.h index 0e248cc8..cb4b2634 100644 --- a/src/variables/variable_with_runtime_string.h +++ b/src/variables/variable_with_runtime_string.h @@ -40,7 +40,7 @@ class VariableWithRunTimeString : public Variable { return *this; } - virtual void populate(RuleWithActions *rule) { + virtual void populate(const RuleWithActions *rule) { if (m_string) { m_string->populate(rule); } diff --git a/test/test-cases/regression/auditlog.json b/test/test-cases/regression/auditlog.json index e872bbaf..25e6843c 100644 --- a/test/test-cases/regression/auditlog.json +++ b/test/test-cases/regression/auditlog.json @@ -270,5 +270,354 @@ "SecAuditLogType Serial", "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"" ] + }, + { + "enabled": 1, + "version_min": 300000, + "version_max": 0, + "title": "auditlog : messages verification - DetectionOnly,log,auditlog", + "client": { + "ip": "200.249.12.31", + "port": 2313 + }, + "server": { + "ip": "200.249.12.31", + "port": 80 + }, + "request": { + "headers": { + "Host": "www.modsecurity.org", + "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", + "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", + "Accept-Language": "en-us,en;q=0.5", + "Accept-Encoding": "gzip,deflate", + "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", + "Keep-Alive": "300", + "Connection": "keep-alive", + "Pragma": "no-cache", + "Cache-Control": "no-cache" + }, + "uri": "\/test.pl?param1=test1¶m2=test2", + "method": "GET", + "http_version": 1.1, + "body": "" + }, + "expected": { + "audit_log": "1555", + "error_log": "", + "http_code": 200 + }, + "rules": [ + "SecRuleEngine DetectionOnly", + "SecDefaultAction \"phase:2,log,auditlog,deny,status:403\"", + "SecRule ARGS \"@contains test1\" \"id:1555,phase:2,block,log,auditlog\"", + "SecAuditEngine RelevantOnly", + "SecAuditLogParts ABCFHZ", + "SecAuditLog /tmp/test/modsec_audit_auditlog_1.log", + "SecAuditLogDirMode 0766", + "SecAuditLogFileMode 0666", + "SecAuditLogType Serial", + "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"" + ] + }, + { + "enabled": 1, + "version_min": 300000, + "version_max": 0, + "title": "auditlog : messages verification - DetectionOnly,log", + "client": { + "ip": "200.249.12.31", + "port": 2313 + }, + "server": { + "ip": "200.249.12.31", + "port": 80 + }, + "request": { + "headers": { + "Host": "www.modsecurity.org", + "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", + "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", + "Accept-Language": "en-us,en;q=0.5", + "Accept-Encoding": "gzip,deflate", + "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", + "Keep-Alive": "300", + "Connection": "keep-alive", + "Pragma": "no-cache", + "Cache-Control": "no-cache" + }, + "uri": "\/test.pl?param1=test1¶m2=test2", + "method": "GET", + "http_version": 1.1, + "body": "" + }, + "expected": { + "audit_log": "1555", + "error_log": "", + "http_code": 200 + }, + "rules": [ + "SecRuleEngine DetectionOnly", + "SecDefaultAction \"phase:2,log,auditlog,deny,status:403\"", + "SecRule ARGS \"@contains test1\" \"id:1555,phase:2,block,log\"", + "SecAuditEngine RelevantOnly", + "SecAuditLogParts ABCFHZ", + "SecAuditLog /tmp/test/modsec_audit_auditlog_1.log", + "SecAuditLogDirMode 0766", + "SecAuditLogFileMode 0666", + "SecAuditLogType Serial", + "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"" + ] + }, + { + "enabled": 1, + "version_min": 300000, + "version_max": 0, + "title": "auditlog : messages verification - DetectionOnly,nolog", + "client": { + "ip": "200.249.12.31", + "port": 2313 + }, + "server": { + "ip": "200.249.12.31", + "port": 80 + }, + "request": { + "headers": { + "Host": "www.modsecurity.org", + "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", + "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", + "Accept-Language": "en-us,en;q=0.5", + "Accept-Encoding": "gzip,deflate", + "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", + "Keep-Alive": "300", + "Connection": "keep-alive", + "Pragma": "no-cache", + "Cache-Control": "no-cache" + }, + "uri": "\/test.pl?param1=test1¶m2=test2", + "method": "GET", + "http_version": 1.1, + "body": "" + }, + "expected": { + "audit_log": "^$", + "error_log": "", + "http_code": 200 + }, + "rules": [ + "SecRuleEngine On", + "SecDefaultAction \"phase:2,log,auditlog,deny,status:403\"", + "SecRule ARGS \"@contains test1\" \"id:1555,phase:2,pass,nolog\"", + "SecAuditEngine RelevantOnly", + "SecAuditLogParts ABCFHZ", + "SecAuditLog /tmp/test/modsec_audit_auditlog_1.log", + "SecAuditLogDirMode 0766", + "SecAuditLogFileMode 0666", + "SecAuditLogFormat JSON", + "SecAuditLogType Serial", + "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"" + ] + }, + { + "enabled": 1, + "version_min": 300000, + "version_max": 0, + "title": "auditlog : messages verification - DetectionOnly (no log info)", + "client": { + "ip": "200.249.12.31", + "port": 2313 + }, + "server": { + "ip": "200.249.12.31", + "port": 80 + }, + "request": { + "headers": { + "Host": "www.modsecurity.org", + "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", + "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", + "Accept-Language": "en-us,en;q=0.5", + "Accept-Encoding": "gzip,deflate", + "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", + "Keep-Alive": "300", + "Connection": "keep-alive", + "Pragma": "no-cache", + "Cache-Control": "no-cache" + }, + "uri": "\/test.pl?param1=test1¶m2=test2", + "method": "GET", + "http_version": 1.1, + "body": "" + }, + "expected": { + "audit_log": "", + "error_log": "", + "http_code": 200 + }, + "rules": [ + "SecRuleEngine DetectionOnly", + "SecDefaultAction \"phase:2,deny,status:403\"", + "SecRule ARGS \"@contains test1\" \"id:1555,phase:2,block\"", + "SecAuditEngine RelevantOnly", + "SecAuditLogParts ABCFHZ", + "SecAuditLog /tmp/test/modsec_audit_auditlog_1.log", + "SecAuditLogDirMode 0766", + "SecAuditLogFileMode 0666", + "SecAuditLogFormat JSON", + "SecAuditLogType Serial", + "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"" + ] + }, + { + "enabled": 1, + "version_min": 300000, + "version_max": 0, + "title": "auditlog : messages verification - DetectionOnly (noauditlog)", + "client": { + "ip": "200.249.12.31", + "port": 2313 + }, + "server": { + "ip": "200.249.12.31", + "port": 80 + }, + "request": { + "headers": { + "Host": "www.modsecurity.org", + "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", + "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", + "Accept-Language": "en-us,en;q=0.5", + "Accept-Encoding": "gzip,deflate", + "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", + "Keep-Alive": "300", + "Connection": "keep-alive", + "Pragma": "no-cache", + "Cache-Control": "no-cache" + }, + "uri": "\/test.pl?param1=test1¶m2=test2", + "method": "GET", + "http_version": 1.1, + "body": "" + }, + "expected": { + "audit_log": "", + "error_log": "", + "http_code": 200, + "debug_log":"is not interesting to audit logs, relevant code" + }, + "rules": [ + "SecRuleEngine DetectionOnly", + "SecDefaultAction \"phase:2,deny,status:403,noauditlog\"", + "SecRule ARGS \"@contains test1\" \"id:1555,phase:2,noauditlog,block\"", + "SecAuditEngine RelevantOnly", + "SecAuditLogParts ABCFHZ", + "SecAuditLog /tmp/test/modsec_audit_auditlog_1.log", + "SecAuditLogDirMode 0766", + "SecAuditLogFileMode 0666", + "SecAuditLogFormat JSON", + "SecAuditLogType Serial", + "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"" + ] + }, + { + "enabled": 1, + "version_min": 300000, + "version_max": 0, + "title": "auditlog : messages verification - DetectionOnly (noauditlog & nodefault & pass)", + "client": { + "ip": "200.249.12.31", + "port": 2313 + }, + "server": { + "ip": "200.249.12.31", + "port": 80 + }, + "request": { + "headers": { + "Host": "www.modsecurity.org", + "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", + "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", + "Accept-Language": "en-us,en;q=0.5", + "Accept-Encoding": "gzip,deflate", + "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", + "Keep-Alive": "300", + "Connection": "keep-alive", + "Pragma": "no-cache", + "Cache-Control": "no-cache" + }, + "uri": "\/test.pl?param1=test1¶m2=test2", + "method": "GET", + "http_version": 1.1, + "body": "" + }, + "expected": { + "audit_log": "", + "error_log": "", + "http_code": 200, + "debug_log": "is not interesting to audit logs, relevant code" + }, + "rules": [ + "SecRuleEngine DetectionOnly", + "SecRule ARGS \"@contains test1\" \"id:1555,phase:2,pass,noauditlog\"", + "SecAuditEngine RelevantOnly", + "SecAuditLogParts ABCFHZ", + "SecAuditLog /tmp/test/modsec_audit_auditlog_1.log", + "SecAuditLogDirMode 0766", + "SecAuditLogFileMode 0666", + "SecAuditLogFormat JSON", + "SecAuditLogType Serial", + "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"" + ] + }, + { + "enabled": 1, + "version_min": 300000, + "version_max": 0, + "title": "auditlog : messages verification - DetectionOnly (noauditlog & nodefault & nopass)", + "client": { + "ip": "200.249.12.31", + "port": 2313 + }, + "server": { + "ip": "200.249.12.31", + "port": 80 + }, + "request": { + "headers": { + "Host": "www.modsecurity.org", + "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", + "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", + "Accept-Language": "en-us,en;q=0.5", + "Accept-Encoding": "gzip,deflate", + "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", + "Keep-Alive": "300", + "Connection": "keep-alive", + "Pragma": "no-cache", + "Cache-Control": "no-cache" + }, + "uri": "\/test.pl?param1=test1¶m2=test2", + "method": "GET", + "http_version": 1.1, + "body": "" + }, + "expected": { + "audit_log": "", + "error_log": "", + "http_code": 200, + "debug_log": "is not interesting to audit logs, relevant code" + }, + "rules": [ + "SecRuleEngine DetectionOnly", + "SecRule ARGS \"@contains test1\" \"id:1555,phase:2,noauditlog\"", + "SecAuditEngine RelevantOnly", + "SecAuditLogParts ABCFHZ", + "SecAuditLog /tmp/test/modsec_audit_auditlog_1.log", + "SecAuditLogDirMode 0766", + "SecAuditLogFileMode 0666", + "SecAuditLogFormat JSON", + "SecAuditLogType Serial", + "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"" + ] } ] diff --git a/test/test-cases/regression/issue-1528.json b/test/test-cases/regression/issue-1528.json index 74f2c3db..74f578ee 100644 --- a/test/test-cases/regression/issue-1528.json +++ b/test/test-cases/regression/issue-1528.json @@ -27,12 +27,13 @@ }, "expected": { "debug_log": "Rule returned 1", - "error_log": "Matched \"Operator `Rx' with parameter `\\^attack\\$'" + "error_log": "Matched \"Operator `Rx' with parameter `\\^attack\\$'", + "http_code": 403 }, "rules": [ "SecRuleEngine On", "SecAction \"id:1, setvar:tx.bad_value=attack\"", - "SecRule ARGS:param \"@rx ^%{tx.bad_value}$\" \"id:2,log\"" + "SecRule ARGS:param \"@rx ^%{tx.bad_value}$\" \"id:2,log,deny\"" ] } ] diff --git a/test/test-cases/regression/issue-1844.json b/test/test-cases/regression/issue-1844.json index df1a4ec6..1d394218 100644 --- a/test/test-cases/regression/issue-1844.json +++ b/test/test-cases/regression/issue-1844.json @@ -85,10 +85,12 @@ ] }, "expected":{ - "error_log":"line \"55\"" + "error_log":"line \"55\"", + "http_code": 403 }, "rules":[ "SecRuleEngine On", + "SecDefaultAction \"phase:2,deny\"", "SecRule WEBAPPID \"@contains test2\" \"id:1,phase:3,pass,t:trim\"", "Include test-cases/data/big-file.conf" ]