From 65aa7ae5e2686caf7c530c1cae08bcfcfb1f15c8 Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <fcosta@trustwave.com>
Date: Fri, 22 Jun 2018 14:06:18 -0300
Subject: [PATCH] Improves the performance while loading the rules

Based on the findings listed on #1735
---
 CHANGES                                |  2 ++
 headers/modsecurity/rules_properties.h | 29 ++++++++++++++++----------
 2 files changed, 20 insertions(+), 11 deletions(-)

diff --git a/CHANGES b/CHANGES
index 7b4d9038..b26a5618 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
 v3.0.3 - YYYY-MMM-DD (to be released)
 -------------------------------------
 
+ - Improves the performance while loading the rules
+   [Issue #1735 - @zimmerle, @p0pr0ck5, @victorhora]
  - Allow empty strings to be evaluated by regex::searchAll
    [Issue #1799, #1785 - @victorhora, @XuanHuyDuong, @zimmerle]
  - Adds basic pkg-config info
diff --git a/headers/modsecurity/rules_properties.h b/headers/modsecurity/rules_properties.h
index 5f095d86..c19d2837 100644
--- a/headers/modsecurity/rules_properties.h
+++ b/headers/modsecurity/rules_properties.h
@@ -433,20 +433,27 @@ class RulesProperties {
         for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
             std::vector<modsecurity::Rule *> *rules_to = to+i;
             std::vector<modsecurity::Rule *> *rules_from = from+i;
+            // TODO: std::vector could be replaced with something more efficient.
+            std::vector<int64_t> v;
+            v.reserve(rules_to->size());
+            for (size_t z = 0; z < rules_to->size(); z++) {
+                Rule *rule_ckc = rules_to->at(z);
+                if (rule_ckc->m_secMarker == false) {
+                    continue;
+                }
+                v.push_back(rule_ckc->m_ruleId);
+            }
+            std::sort (v.begin(), v.end());
+
             for (size_t j = 0; j < rules_from->size(); j++) {
                 Rule *rule = rules_from->at(j);
-                for (size_t z = 0; z < rules_to->size(); z++) {
-                    Rule *rule_ckc = rules_to->at(z);
-                    if (rule_ckc->m_ruleId == rule->m_ruleId &&
-                        rule_ckc->m_secMarker == false &&
-                        rule->m_secMarker == false) {
-                        if (err != NULL) {
-                            *err << "Rule id: " \
-                                 << std::to_string(rule->m_ruleId) \
-                                 << " is duplicated" << std::endl;
-                        }
-                        return -1;
+                if (std::binary_search (v.begin(), v.end(), rule->m_ruleId)) {
+                    if (err != NULL) {
+                        *err << "Rule id: " \
+                            << std::to_string(rule->m_ruleId) \
+                            << " is duplicated" << std::endl;
                     }
+                    return -1;
                 }
                 amount_of_rules++;
                 rules_to->push_back(rule);