diff --git a/examples/reading_logs_via_rule_message/Makefile.am b/examples/reading_logs_via_rule_message/Makefile.am index 48e88493..a9ec0853 100644 --- a/examples/reading_logs_via_rule_message/Makefile.am +++ b/examples/reading_logs_via_rule_message/Makefile.am @@ -6,7 +6,6 @@ simple_request_SOURCES = \ simple_request.cc simple_request_LDADD = \ - $(top_builddir)/src/.libs/libmodsecurity.a \ $(CURL_LDADD) \ $(GEOIP_LDADD) \ $(GLOBAL_LDADD) \ @@ -19,9 +18,13 @@ simple_request_LDADD = \ $(YAJL_LDADD) simple_request_LDFLAGS = \ + -L$(top_builddir)/src/.libs/ \ $(GEOIP_LDFLAGS) \ - $(LMDB_LDFLAGS) \ + -lmodsecurity \ -lpthread \ + -lm \ + -lstdc++ \ + $(LMDB_LDFLAGS) \ $(LUA_LDFLAGS) \ $(MAXMIND_LDFLAGS) \ $(SSDEEP_LDFLAGS) \ diff --git a/examples/reading_logs_with_offset/Makefile.am b/examples/reading_logs_with_offset/Makefile.am index d3ff1345..6e277867 100644 --- a/examples/reading_logs_with_offset/Makefile.am +++ b/examples/reading_logs_with_offset/Makefile.am @@ -6,7 +6,6 @@ read_SOURCES = \ read.cc read_LDADD = \ - $(top_builddir)/src/.libs/libmodsecurity.a \ $(CURL_LDADD) \ $(GEOIP_LDADD) \ $(MAXMIND_LDADD) \ @@ -19,7 +18,12 @@ read_LDADD = \ $(YAJL_LDADD) read_LDFLAGS = \ + -L$(top_builddir)/src/.libs/ \ $(GEOIP_LDFLAGS) \ + -lmodsecurity \ + -lpthread \ + -lm \ + -lstdc++ \ $(LMDB_LDFLAGS) \ $(LUA_LDFLAGS) \ $(SSDEEP_LDFLAGS) \ diff --git a/examples/using_bodies_in_chunks/Makefile.am b/examples/using_bodies_in_chunks/Makefile.am index 160e7ae9..0ddc06cb 100644 --- a/examples/using_bodies_in_chunks/Makefile.am +++ b/examples/using_bodies_in_chunks/Makefile.am @@ -6,7 +6,6 @@ simple_request_SOURCES = \ simple_request.cc simple_request_LDADD = \ - $(top_builddir)/src/.libs/libmodsecurity.a \ $(CURL_LDADD) \ $(GEOIP_LDADD) \ $(MAXMIND_LDADD) \ @@ -19,7 +18,12 @@ simple_request_LDADD = \ $(YAJL_LDADD) simple_request_LDFLAGS = \ + -L$(top_builddir)/src/.libs/ \ $(GEOIP_LDFLAGS) \ + -lmodsecurity \ + -lpthread \ + -lm \ + -lstdc++ \ $(MAXMIND_LDFLAGS) \ $(LMDB_LDFLAGS) \ -lpthread \ diff --git a/headers/modsecurity/rules_properties.h b/headers/modsecurity/rules_properties.h index 6a867e99..1b79cb23 100644 --- a/headers/modsecurity/rules_properties.h +++ b/headers/modsecurity/rules_properties.h @@ -13,553 +13,6 @@ * */ +#include -#ifdef __cplusplus -#include -#include -#include -#include -#include -#include -#include -#endif - -#ifndef HEADERS_MODSECURITY_RULES_PROPERTIES_H_ -#define HEADERS_MODSECURITY_RULES_PROPERTIES_H_ - - -#include "modsecurity/modsecurity.h" -#include "modsecurity/rule.h" -#include "modsecurity/rules_exceptions.h" -#include "modsecurity/actions/action.h" -#include "modsecurity/audit_log.h" - -#define CODEPAGE_SEPARATORS " \t\n\r" - -#define merge_boolean_value(to, from, default) \ - if (to == PropertyNotSetConfigBoolean) { \ - to = (from == PropertyNotSetConfigBoolean) ? default : from; \ - } - -#define merge_ruleengine_value(to, from, default) \ - if (to == PropertyNotSetRuleEngine) { \ - to = (from == PropertyNotSetRuleEngine) ? default : from; \ - } - -#define merge_bodylimitaction_value(to, from, default) \ - if (to == PropertyNotSetBodyLimitAction) { \ - to = (from == PropertyNotSetBodyLimitAction) ? default : from; \ - } - -#ifdef __cplusplus - -namespace modsecurity { -class RulesExceptions; -namespace Parser { -class Driver; -} - -using modsecurity::debug_log::DebugLog; -using modsecurity::audit_log::AuditLog; - -/** @ingroup ModSecurity_CPP_API */ -class ConfigInt { - public: - ConfigInt() : m_set(false), m_value(0) { } - bool m_set; - int m_value; - - void merge(ConfigInt *from) { - if (m_set == true || from->m_set == false) { - return; - } - m_set = true; - m_value = from->m_value; - return; - } -}; - - -class ConfigDouble { - public: - ConfigDouble() : m_set(false), m_value(0) { } - bool m_set; - double m_value; - - void merge(ConfigDouble *from) { - if (m_set == true || from->m_set == false) { - return; - } - m_set = true; - m_value = from->m_value; - return; - } -}; - - -class ConfigString { - public: - ConfigString() : m_set(false), m_value("") { } - bool m_set; - std::string m_value; - - void merge(ConfigString *from) { - if (m_set == true || from->m_set == false) { - return; - } - m_set = true; - m_value = from->m_value; - return; - } -}; - - -class ConfigSet { - public: - ConfigSet() : m_set(false), m_clear(false) { } - bool m_set; - bool m_clear; - std::set m_value; -}; - - -class UnicodeMapHolder { - public: - UnicodeMapHolder() { - memset(m_data, -1, (sizeof(int)*65536)); - }; - - int& operator[](int index) { return m_data[index]; } - int operator[](int index) const { return m_data[index]; } - - int at(int index) const { return m_data[index]; } - void change(int i, int a) { m_data[i] = a; } - - int m_data[65536]; -}; - - -class RulesProperties; -class ConfigUnicodeMap { - public: - ConfigUnicodeMap() : m_set(false), - m_unicodeCodePage(0), - m_unicodeMapTable(NULL) { } - - static void loadConfig(std::string f, double codePage, - RulesProperties *driver, std::string *errg); - - void merge(ConfigUnicodeMap *from) { - if (from->m_set == false) { - return; - } - - m_set = true; - m_unicodeCodePage = from->m_unicodeCodePage; - m_unicodeMapTable = from->m_unicodeMapTable; - - return; - } - - bool m_set; - double m_unicodeCodePage; - std::shared_ptr m_unicodeMapTable; -}; - - -class RulesProperties { - public: - RulesProperties() : - m_auditLog(new AuditLog()), - m_requestBodyLimitAction(PropertyNotSetBodyLimitAction), - m_responseBodyLimitAction(PropertyNotSetBodyLimitAction), - m_secRequestBodyAccess(PropertyNotSetConfigBoolean), - m_secResponseBodyAccess(PropertyNotSetConfigBoolean), - m_secXMLExternalEntity(PropertyNotSetConfigBoolean), - m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean), - m_uploadKeepFiles(PropertyNotSetConfigBoolean), - m_debugLog(new DebugLog()), - m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction), - m_secRuleEngine(PropertyNotSetRuleEngine) { } - - - explicit RulesProperties(DebugLog *debugLog) : - m_auditLog(new AuditLog()), - m_requestBodyLimitAction(PropertyNotSetBodyLimitAction), - m_responseBodyLimitAction(PropertyNotSetBodyLimitAction), - m_secRequestBodyAccess(PropertyNotSetConfigBoolean), - m_secResponseBodyAccess(PropertyNotSetConfigBoolean), - m_secXMLExternalEntity(PropertyNotSetConfigBoolean), - m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean), - m_uploadKeepFiles(PropertyNotSetConfigBoolean), - m_debugLog(debugLog), - m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction), - m_secRuleEngine(PropertyNotSetRuleEngine) { } - - RulesProperties(const RulesProperties &r) = delete; - RulesProperties &operator =(const RulesProperties &r) = delete; - - ~RulesProperties() { - int i = 0; - /** Cleanup the rules */ - for (i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) { - std::vector rules = m_rules[i]; - while (rules.empty() == false) { - Rule *rule = rules.back(); - rules.pop_back(); - if (rule->refCountDecreaseAndCheck()) { - rule = NULL; - } - } - } - for (i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) { - std::vector *tmp = &m_defaultActions[i]; - while (tmp->empty() == false) { - actions::Action *a = tmp->back(); - tmp->pop_back(); - if (a->refCountDecreaseAndCheck()) { - a = NULL; - } - } - } - - delete m_debugLog; - delete m_auditLog; - } - - - /** - * - * - */ - enum ConfigBoolean { - TrueConfigBoolean, - FalseConfigBoolean, - PropertyNotSetConfigBoolean - }; - - - /** - * - * The RuleEngine enumerator consists in mapping the different states - * of the rule engine. - * - */ - enum RuleEngine { - /** - * - * Rules won't be evaluated if Rule Engine is set to DisabledRuleEngine - * - */ - DisabledRuleEngine, - /** - * - * Rules will be evaluated and disturb actions will take place if needed. - * - */ - EnabledRuleEngine, - /** - * Rules will be evaluated but it won't generate any disruptive action. - * - */ - DetectionOnlyRuleEngine, - /** - * - */ - PropertyNotSetRuleEngine - }; - - - /** - * - * Defines what actions should be taken in case the body (response or - * request) is bigger than the expected size. - * - */ - enum BodyLimitAction { - /** - * - * Process partial - * - */ - ProcessPartialBodyLimitAction, - /** - * - * Reject the request - * - */ - RejectBodyLimitAction, - /** - * - */ - PropertyNotSetBodyLimitAction - }; - - - /** - * - * Defines what actions should be taken in case the remote rules failed to - * be downloaded (independent of the circumstances) - * - * - */ - enum OnFailedRemoteRulesAction { - /** - * - * Abort - * - */ - AbortOnFailedRemoteRulesAction, - /** - * - * Warn on logging - * - */ - WarnOnFailedRemoteRulesAction, - /** - * - */ - PropertyNotSetRemoteRulesAction - }; - - - static const char *ruleEngineStateString(RuleEngine i) { - switch (i) { - case DisabledRuleEngine: - return "Disabled"; - case EnabledRuleEngine: - return "Enabled"; - case DetectionOnlyRuleEngine: - return "DetectionOnly"; - case PropertyNotSetRuleEngine: - return "PropertyNotSet/DetectionOnly"; - } - return NULL; - } - - - static std::string configBooleanString(ConfigBoolean i) { - switch (i) { - case TrueConfigBoolean: - return "True"; - case FalseConfigBoolean: - return "False"; - case PropertyNotSetConfigBoolean: - return "Not set"; - } - return NULL; - } - - - static int mergeProperties(RulesProperties *from, RulesProperties *to, - std::ostringstream *err) { - int amount_of_rules = 0; - - amount_of_rules = appendRules(from->m_rules, to->m_rules, err); - if (amount_of_rules < 0) { - return amount_of_rules; - } - - merge_ruleengine_value(to->m_secRuleEngine, from->m_secRuleEngine, - PropertyNotSetRuleEngine); - - merge_boolean_value(to->m_secRequestBodyAccess, - from->m_secRequestBodyAccess, - PropertyNotSetConfigBoolean); - - merge_boolean_value(to->m_secResponseBodyAccess, - from->m_secResponseBodyAccess, - PropertyNotSetConfigBoolean); - - merge_boolean_value(to->m_secXMLExternalEntity, - from->m_secXMLExternalEntity, - PropertyNotSetConfigBoolean); - - merge_boolean_value(to->m_uploadKeepFiles, - from->m_uploadKeepFiles, - PropertyNotSetConfigBoolean); - - merge_boolean_value(to->m_tmpSaveUploadedFiles, - from->m_tmpSaveUploadedFiles, - PropertyNotSetConfigBoolean); - - to->m_argumentsLimit.merge(&from->m_argumentsLimit); - to->m_requestBodyLimit.merge(&from->m_requestBodyLimit); - to->m_responseBodyLimit.merge(&from->m_responseBodyLimit); - - merge_bodylimitaction_value(to->m_requestBodyLimitAction, - from->m_requestBodyLimitAction, - PropertyNotSetBodyLimitAction); - - merge_bodylimitaction_value(to->m_responseBodyLimitAction, - from->m_responseBodyLimitAction, - PropertyNotSetBodyLimitAction); - - to->m_uploadFileLimit.merge(&from->m_uploadFileLimit); - to->m_uploadFileMode.merge(&from->m_uploadFileMode); - to->m_uploadDirectory.merge(&from->m_uploadDirectory); - to->m_uploadTmpDirectory.merge(&from->m_uploadTmpDirectory); - - to->m_secArgumentSeparator.merge(&from->m_secArgumentSeparator); - - to->m_secWebAppId.merge(&from->m_secWebAppId); - - to->m_unicodeMapTable.merge(&from->m_unicodeMapTable); - - to->m_httpblKey.merge(&from->m_httpblKey); - - to->m_exceptions.merge(&from->m_exceptions); - - to->m_components.insert(to->m_components.end(), - from->m_components.begin(), from->m_components.end()); - - if (from->m_responseBodyTypeToBeInspected.m_set == true) { - if (from->m_responseBodyTypeToBeInspected.m_clear == true) { - to->m_responseBodyTypeToBeInspected.m_value.clear(); - from->m_responseBodyTypeToBeInspected.m_value.clear(); - } else { - for (std::set::iterator - it = from->m_responseBodyTypeToBeInspected.m_value.begin(); - it != from->m_responseBodyTypeToBeInspected.m_value.end(); - ++it) { - to->m_responseBodyTypeToBeInspected.m_value.insert(*it); - } - } - to->m_responseBodyTypeToBeInspected.m_set = true; - } - - for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) { - std::vector *actions_from = \ - from->m_defaultActions+i; - std::vector *actions_to = to->m_defaultActions+i; - for (size_t j = 0; j < actions_from->size(); j++) { - actions::Action *action = actions_from->at(j); - action->refCountIncrease(); - actions_to->push_back(action); - } - } - - if (to->m_auditLog) { - std::string error; - to->m_auditLog->merge(from->m_auditLog, &error); - if (error.size() > 0) { - *err << error; - return -1; - } - } - - if (from->m_debugLog && to->m_debugLog && - from->m_debugLog->isLogFileSet()) { - if (to->m_debugLog->isLogFileSet() == false) { - std::string error; - to->m_debugLog->setDebugLogFile( - from->m_debugLog->getDebugLogFile(), - &error); - if (error.size() > 0) { - *err << error; - return -1; - } - } - } - - if (from->m_debugLog && to->m_debugLog && - from->m_debugLog->isLogLevelSet()) { - if (to->m_debugLog->isLogLevelSet() == false) { - to->m_debugLog->setDebugLogLevel( - from->m_debugLog->getDebugLogLevel()); - } - } - - return amount_of_rules; - } - - - static int appendRules( - std::vector *from, - std::vector *to, - std::ostringstream *err) { - int amount_of_rules = 0; - // TODO: std::vector could be replaced with something more efficient. - std::vector v; - for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) { - std::vector *rules_to = to+i; - v.reserve(rules_to->size()); - for (size_t z = 0; z < rules_to->size(); z++) { - Rule *rule_ckc = rules_to->at(z); - if (rule_ckc->m_secMarker == true) { - continue; - } - v.push_back(rule_ckc->m_ruleId); - } - } - std::sort (v.begin(), v.end()); - - for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) { - std::vector *rules_from = from+i; - std::vector *rules_to = to+i; - for (size_t j = 0; j < rules_from->size(); j++) { - Rule *rule = rules_from->at(j); - if (std::binary_search(v.begin(), v.end(), rule->m_ruleId)) { - if (err != NULL) { - *err << "Rule id: " << std::to_string(rule->m_ruleId) \ - << " is duplicated" << std::endl; - } - return -1; - } - amount_of_rules++; - rule->refCountIncrease(); - rules_to->push_back(rule); - } - } - return amount_of_rules; - } - - - std::vector *getRulesForPhase(int phase) { - if (phase >= modsecurity::Phases::NUMBER_OF_PHASES) { - return NULL; - } - return &m_rules[phase]; - } - - - audit_log::AuditLog *m_auditLog; - BodyLimitAction m_requestBodyLimitAction; - BodyLimitAction m_responseBodyLimitAction; - ConfigBoolean m_secRequestBodyAccess; - ConfigBoolean m_secResponseBodyAccess; - ConfigBoolean m_secXMLExternalEntity; - ConfigBoolean m_tmpSaveUploadedFiles; - ConfigBoolean m_uploadKeepFiles; - ConfigDouble m_argumentsLimit; - ConfigDouble m_requestBodyLimit; - ConfigDouble m_requestBodyNoFilesLimit; - ConfigDouble m_responseBodyLimit; - ConfigInt m_uploadFileLimit; - ConfigInt m_uploadFileMode; - DebugLog *m_debugLog; - OnFailedRemoteRulesAction m_remoteRulesActionOnFailed; - RuleEngine m_secRuleEngine; - RulesExceptions m_exceptions; - std::list m_components; - std::ostringstream m_parserError; - ConfigSet m_responseBodyTypeToBeInspected; - ConfigString m_httpblKey; - ConfigString m_uploadDirectory; - ConfigString m_uploadTmpDirectory; - ConfigString m_secArgumentSeparator; - ConfigString m_secWebAppId; - std::vector m_defaultActions[modsecurity::Phases::NUMBER_OF_PHASES]; - std::vector m_rules[modsecurity::Phases::NUMBER_OF_PHASES]; - ConfigUnicodeMap m_unicodeMapTable; -}; - - -#endif - -#ifdef __cplusplus -} // namespace modsecurity -#endif - -#endif // HEADERS_MODSECURITY_RULES_PROPERTIES_H_ diff --git a/headers/modsecurity/rules_set.h b/headers/modsecurity/rules_set.h index ae08cc0f..2ead9a81 100644 --- a/headers/modsecurity/rules_set.h +++ b/headers/modsecurity/rules_set.h @@ -28,7 +28,7 @@ #ifndef HEADERS_MODSECURITY_RULES_H_ #define HEADERS_MODSECURITY_RULES_H_ -#include "modsecurity/rules_properties.h" +#include "modsecurity/rules_set_properties.h" #include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" @@ -42,10 +42,10 @@ class Driver; /** @ingroup ModSecurity_CPP_API */ -class RulesSet : public RulesProperties { +class RulesSet : public RulesSetProperties { public: RulesSet() - : RulesProperties(new DebugLog()), + : RulesSetProperties(new DebugLog()), unicode_codepage(0) #ifndef NO_LOGS ,m_secmarker_skipped(0) @@ -53,7 +53,7 @@ class RulesSet : public RulesProperties { { } explicit RulesSet(DebugLog *customLog) - : RulesProperties(customLog), + : RulesSetProperties(customLog), unicode_codepage(0) #ifndef NO_LOGS ,m_secmarker_skipped(0) diff --git a/headers/modsecurity/rules_set_properties.h b/headers/modsecurity/rules_set_properties.h new file mode 100644 index 00000000..252f51f3 --- /dev/null +++ b/headers/modsecurity/rules_set_properties.h @@ -0,0 +1,565 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 - 2020 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + + +#ifdef __cplusplus +#include +#include +#include +#include +#include +#include +#include +#endif + + +#ifndef HEADERS_MODSECURITY_RULES_SET_PROPERTIES_H_ +#define HEADERS_MODSECURITY_RULES_SET_PROPERTIES_H_ + + +#include "modsecurity/modsecurity.h" +#include "modsecurity/rule.h" +#include "modsecurity/rules_exceptions.h" +#include "modsecurity/actions/action.h" +#include "modsecurity/audit_log.h" + +#define CODEPAGE_SEPARATORS " \t\n\r" + +#define merge_boolean_value(to, from, default) \ + if (to == PropertyNotSetConfigBoolean) { \ + to = (from == PropertyNotSetConfigBoolean) ? default : from; \ + } + +#define merge_ruleengine_value(to, from, default) \ + if (to == PropertyNotSetRuleEngine) { \ + to = (from == PropertyNotSetRuleEngine) ? default : from; \ + } + +#define merge_bodylimitaction_value(to, from, default) \ + if (to == PropertyNotSetBodyLimitAction) { \ + to = (from == PropertyNotSetBodyLimitAction) ? default : from; \ + } + +#ifdef __cplusplus + +namespace modsecurity { +class RulesExceptions; +namespace Parser { +class Driver; +} + +using modsecurity::debug_log::DebugLog; +using modsecurity::audit_log::AuditLog; + +/** @ingroup ModSecurity_CPP_API */ +class ConfigInt { + public: + ConfigInt() : m_set(false), m_value(0) { } + bool m_set; + int m_value; + + void merge(ConfigInt *from) { + if (m_set == true || from->m_set == false) { + return; + } + m_set = true; + m_value = from->m_value; + return; + } +}; + + +class ConfigDouble { + public: + ConfigDouble() : m_set(false), m_value(0) { } + bool m_set; + double m_value; + + void merge(ConfigDouble *from) { + if (m_set == true || from->m_set == false) { + return; + } + m_set = true; + m_value = from->m_value; + return; + } +}; + + +class ConfigString { + public: + ConfigString() : m_set(false), m_value("") { } + bool m_set; + std::string m_value; + + void merge(ConfigString *from) { + if (m_set == true || from->m_set == false) { + return; + } + m_set = true; + m_value = from->m_value; + return; + } +}; + + +class ConfigSet { + public: + ConfigSet() : m_set(false), m_clear(false) { } + bool m_set; + bool m_clear; + std::set m_value; +}; + + +class UnicodeMapHolder { + public: + UnicodeMapHolder() { + memset(m_data, -1, (sizeof(int)*65536)); + }; + + int& operator[](int index) { return m_data[index]; } + int operator[](int index) const { return m_data[index]; } + + int at(int index) const { return m_data[index]; } + void change(int i, int a) { m_data[i] = a; } + + int m_data[65536]; +}; + + +class RulesSetProperties; +class ConfigUnicodeMap { + public: + ConfigUnicodeMap() : m_set(false), + m_unicodeCodePage(0), + m_unicodeMapTable(NULL) { } + + static void loadConfig(std::string f, double codePage, + RulesSetProperties *driver, std::string *errg); + + void merge(ConfigUnicodeMap *from) { + if (from->m_set == false) { + return; + } + + m_set = true; + m_unicodeCodePage = from->m_unicodeCodePage; + m_unicodeMapTable = from->m_unicodeMapTable; + + return; + } + + bool m_set; + double m_unicodeCodePage; + std::shared_ptr m_unicodeMapTable; +}; + + +class RulesSetProperties { + public: + RulesSetProperties() : + m_auditLog(new AuditLog()), + m_requestBodyLimitAction(PropertyNotSetBodyLimitAction), + m_responseBodyLimitAction(PropertyNotSetBodyLimitAction), + m_secRequestBodyAccess(PropertyNotSetConfigBoolean), + m_secResponseBodyAccess(PropertyNotSetConfigBoolean), + m_secXMLExternalEntity(PropertyNotSetConfigBoolean), + m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean), + m_uploadKeepFiles(PropertyNotSetConfigBoolean), + m_debugLog(new DebugLog()), + m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction), + m_secRuleEngine(PropertyNotSetRuleEngine) { } + + + explicit RulesSetProperties(DebugLog *debugLog) : + m_auditLog(new AuditLog()), + m_requestBodyLimitAction(PropertyNotSetBodyLimitAction), + m_responseBodyLimitAction(PropertyNotSetBodyLimitAction), + m_secRequestBodyAccess(PropertyNotSetConfigBoolean), + m_secResponseBodyAccess(PropertyNotSetConfigBoolean), + m_secXMLExternalEntity(PropertyNotSetConfigBoolean), + m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean), + m_uploadKeepFiles(PropertyNotSetConfigBoolean), + m_debugLog(debugLog), + m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction), + m_secRuleEngine(PropertyNotSetRuleEngine) { } + + RulesSetProperties(const RulesSetProperties &r) = delete; + RulesSetProperties &operator =(const RulesSetProperties &r) = delete; + + ~RulesSetProperties() { + int i = 0; + /** Cleanup the rules */ + for (i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) { + std::vector rules = m_rules[i]; + while (rules.empty() == false) { + Rule *rule = rules.back(); + rules.pop_back(); + if (rule->refCountDecreaseAndCheck()) { + rule = NULL; + } + } + } + for (i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) { + std::vector *tmp = &m_defaultActions[i]; + while (tmp->empty() == false) { + actions::Action *a = tmp->back(); + tmp->pop_back(); + if (a->refCountDecreaseAndCheck()) { + a = NULL; + } + } + } + + delete m_debugLog; + delete m_auditLog; + } + + + /** + * + * + */ + enum ConfigBoolean { + TrueConfigBoolean, + FalseConfigBoolean, + PropertyNotSetConfigBoolean + }; + + + /** + * + * The RuleEngine enumerator consists in mapping the different states + * of the rule engine. + * + */ + enum RuleEngine { + /** + * + * Rules won't be evaluated if Rule Engine is set to DisabledRuleEngine + * + */ + DisabledRuleEngine, + /** + * + * Rules will be evaluated and disturb actions will take place if needed. + * + */ + EnabledRuleEngine, + /** + * Rules will be evaluated but it won't generate any disruptive action. + * + */ + DetectionOnlyRuleEngine, + /** + * + */ + PropertyNotSetRuleEngine + }; + + + /** + * + * Defines what actions should be taken in case the body (response or + * request) is bigger than the expected size. + * + */ + enum BodyLimitAction { + /** + * + * Process partial + * + */ + ProcessPartialBodyLimitAction, + /** + * + * Reject the request + * + */ + RejectBodyLimitAction, + /** + * + */ + PropertyNotSetBodyLimitAction + }; + + + /** + * + * Defines what actions should be taken in case the remote rules failed to + * be downloaded (independent of the circumstances) + * + * + */ + enum OnFailedRemoteRulesAction { + /** + * + * Abort + * + */ + AbortOnFailedRemoteRulesAction, + /** + * + * Warn on logging + * + */ + WarnOnFailedRemoteRulesAction, + /** + * + */ + PropertyNotSetRemoteRulesAction + }; + + + static const char *ruleEngineStateString(RuleEngine i) { + switch (i) { + case DisabledRuleEngine: + return "Disabled"; + case EnabledRuleEngine: + return "Enabled"; + case DetectionOnlyRuleEngine: + return "DetectionOnly"; + case PropertyNotSetRuleEngine: + return "PropertyNotSet/DetectionOnly"; + } + return NULL; + } + + + static std::string configBooleanString(ConfigBoolean i) { + switch (i) { + case TrueConfigBoolean: + return "True"; + case FalseConfigBoolean: + return "False"; + case PropertyNotSetConfigBoolean: + return "Not set"; + } + return NULL; + } + + + static int mergeProperties(RulesSetProperties *from, RulesSetProperties *to, + std::ostringstream *err) { + int amount_of_rules = 0; + + amount_of_rules = appendRules(from->m_rules, to->m_rules, err); + if (amount_of_rules < 0) { + return amount_of_rules; + } + + merge_ruleengine_value(to->m_secRuleEngine, from->m_secRuleEngine, + PropertyNotSetRuleEngine); + + merge_boolean_value(to->m_secRequestBodyAccess, + from->m_secRequestBodyAccess, + PropertyNotSetConfigBoolean); + + merge_boolean_value(to->m_secResponseBodyAccess, + from->m_secResponseBodyAccess, + PropertyNotSetConfigBoolean); + + merge_boolean_value(to->m_secXMLExternalEntity, + from->m_secXMLExternalEntity, + PropertyNotSetConfigBoolean); + + merge_boolean_value(to->m_uploadKeepFiles, + from->m_uploadKeepFiles, + PropertyNotSetConfigBoolean); + + merge_boolean_value(to->m_tmpSaveUploadedFiles, + from->m_tmpSaveUploadedFiles, + PropertyNotSetConfigBoolean); + + to->m_argumentsLimit.merge(&from->m_argumentsLimit); + to->m_requestBodyLimit.merge(&from->m_requestBodyLimit); + to->m_responseBodyLimit.merge(&from->m_responseBodyLimit); + + merge_bodylimitaction_value(to->m_requestBodyLimitAction, + from->m_requestBodyLimitAction, + PropertyNotSetBodyLimitAction); + + merge_bodylimitaction_value(to->m_responseBodyLimitAction, + from->m_responseBodyLimitAction, + PropertyNotSetBodyLimitAction); + + to->m_uploadFileLimit.merge(&from->m_uploadFileLimit); + to->m_uploadFileMode.merge(&from->m_uploadFileMode); + to->m_uploadDirectory.merge(&from->m_uploadDirectory); + to->m_uploadTmpDirectory.merge(&from->m_uploadTmpDirectory); + + to->m_secArgumentSeparator.merge(&from->m_secArgumentSeparator); + + to->m_secWebAppId.merge(&from->m_secWebAppId); + + to->m_unicodeMapTable.merge(&from->m_unicodeMapTable); + + to->m_httpblKey.merge(&from->m_httpblKey); + + to->m_exceptions.merge(&from->m_exceptions); + + to->m_components.insert(to->m_components.end(), + from->m_components.begin(), from->m_components.end()); + + if (from->m_responseBodyTypeToBeInspected.m_set == true) { + if (from->m_responseBodyTypeToBeInspected.m_clear == true) { + to->m_responseBodyTypeToBeInspected.m_value.clear(); + from->m_responseBodyTypeToBeInspected.m_value.clear(); + } else { + for (std::set::iterator + it = from->m_responseBodyTypeToBeInspected.m_value.begin(); + it != from->m_responseBodyTypeToBeInspected.m_value.end(); + ++it) { + to->m_responseBodyTypeToBeInspected.m_value.insert(*it); + } + } + to->m_responseBodyTypeToBeInspected.m_set = true; + } + + for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) { + std::vector *actions_from = \ + from->m_defaultActions+i; + std::vector *actions_to = to->m_defaultActions+i; + for (size_t j = 0; j < actions_from->size(); j++) { + actions::Action *action = actions_from->at(j); + action->refCountIncrease(); + actions_to->push_back(action); + } + } + + if (to->m_auditLog) { + std::string error; + to->m_auditLog->merge(from->m_auditLog, &error); + if (error.size() > 0) { + *err << error; + return -1; + } + } + + if (from->m_debugLog && to->m_debugLog && + from->m_debugLog->isLogFileSet()) { + if (to->m_debugLog->isLogFileSet() == false) { + std::string error; + to->m_debugLog->setDebugLogFile( + from->m_debugLog->getDebugLogFile(), + &error); + if (error.size() > 0) { + *err << error; + return -1; + } + } + } + + if (from->m_debugLog && to->m_debugLog && + from->m_debugLog->isLogLevelSet()) { + if (to->m_debugLog->isLogLevelSet() == false) { + to->m_debugLog->setDebugLogLevel( + from->m_debugLog->getDebugLogLevel()); + } + } + + return amount_of_rules; + } + + + static int appendRules( + std::vector *from, + std::vector *to, + std::ostringstream *err) { + int amount_of_rules = 0; + // TODO: std::vector could be replaced with something more efficient. + std::vector v; + for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) { + std::vector *rules_to = to+i; + v.reserve(rules_to->size()); + for (size_t z = 0; z < rules_to->size(); z++) { + Rule *rule_ckc = rules_to->at(z); + if (rule_ckc->m_secMarker == true) { + continue; + } + v.push_back(rule_ckc->m_ruleId); + } + } + std::sort (v.begin(), v.end()); + + for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) { + std::vector *rules_from = from+i; + std::vector *rules_to = to+i; + for (size_t j = 0; j < rules_from->size(); j++) { + Rule *rule = rules_from->at(j); + if (std::binary_search(v.begin(), v.end(), rule->m_ruleId)) { + if (err != NULL) { + *err << "Rule id: " << std::to_string(rule->m_ruleId) \ + << " is duplicated" << std::endl; + } + return -1; + } + amount_of_rules++; + rule->refCountIncrease(); + rules_to->push_back(rule); + } + } + return amount_of_rules; + } + + + std::vector *getRulesForPhase(int phase) { + if (phase >= modsecurity::Phases::NUMBER_OF_PHASES) { + return NULL; + } + return &m_rules[phase]; + } + + + audit_log::AuditLog *m_auditLog; + BodyLimitAction m_requestBodyLimitAction; + BodyLimitAction m_responseBodyLimitAction; + ConfigBoolean m_secRequestBodyAccess; + ConfigBoolean m_secResponseBodyAccess; + ConfigBoolean m_secXMLExternalEntity; + ConfigBoolean m_tmpSaveUploadedFiles; + ConfigBoolean m_uploadKeepFiles; + ConfigDouble m_argumentsLimit; + ConfigDouble m_requestBodyLimit; + ConfigDouble m_requestBodyNoFilesLimit; + ConfigDouble m_responseBodyLimit; + ConfigInt m_uploadFileLimit; + ConfigInt m_uploadFileMode; + DebugLog *m_debugLog; + OnFailedRemoteRulesAction m_remoteRulesActionOnFailed; + RuleEngine m_secRuleEngine; + RulesExceptions m_exceptions; + std::list m_components; + std::ostringstream m_parserError; + ConfigSet m_responseBodyTypeToBeInspected; + ConfigString m_httpblKey; + ConfigString m_uploadDirectory; + ConfigString m_uploadTmpDirectory; + ConfigString m_secArgumentSeparator; + ConfigString m_secWebAppId; + std::vector m_defaultActions[modsecurity::Phases::NUMBER_OF_PHASES]; + std::vector m_rules[modsecurity::Phases::NUMBER_OF_PHASES]; + ConfigUnicodeMap m_unicodeMapTable; +}; + + +#endif + +#ifdef __cplusplus +} // namespace modsecurity +#endif + +#endif // HEADERS_MODSECURITY_RULES_SET_PROPERTIES_H_ diff --git a/src/Makefile.am b/src/Makefile.am index d0b87f7f..a437bbfc 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -45,8 +45,8 @@ pkginclude_HEADERS = \ ../headers/modsecurity/rule_message.h \ ../headers/modsecurity/rules.h \ ../headers/modsecurity/rules_set.h \ + ../headers/modsecurity/rules_set_properties.h \ ../headers/modsecurity/rules_exceptions.h \ - ../headers/modsecurity/rules_properties.h \ ../headers/modsecurity/transaction.h \ ../headers/modsecurity/variable_origin.h \ ../headers/modsecurity/variable_value.h @@ -274,7 +274,8 @@ libmodsecurity_la_SOURCES = \ audit_log/writer/serial.cc \ audit_log/writer/parallel.cc \ modsecurity.cc \ - rules.cc \ + rules_set.cc \ + rules_set_properties.cc \ debug_log/debug_log.cc \ debug_log/debug_log_writer.cc \ run_time_string.cc \ @@ -283,7 +284,6 @@ libmodsecurity_la_SOURCES = \ rule_script.cc \ unique_id.cc \ rules_exceptions.cc \ - rules_properties.cc \ ${BODY_PROCESSORS} \ ${ACTIONS} \ ${ENGINES} \ diff --git a/src/actions/ctl/request_body_access.cc b/src/actions/ctl/request_body_access.cc index 8d5b011a..1527c495 100644 --- a/src/actions/ctl/request_body_access.cc +++ b/src/actions/ctl/request_body_access.cc @@ -18,7 +18,7 @@ #include #include -#include "modsecurity/rules_properties.h" +#include "modsecurity/rules_set_properties.h" #include "modsecurity/transaction.h" namespace modsecurity { @@ -44,9 +44,9 @@ bool RequestBodyAccess::init(std::string *error) { bool RequestBodyAccess::evaluate(Rule *rule, Transaction *transaction) { if (m_request_body_access) { - transaction->m_requestBodyAccess = RulesProperties::TrueConfigBoolean; + transaction->m_requestBodyAccess = RulesSetProperties::TrueConfigBoolean; } else { - transaction->m_requestBodyAccess = RulesProperties::FalseConfigBoolean; + transaction->m_requestBodyAccess = RulesSetProperties::FalseConfigBoolean; } return true; diff --git a/src/actions/ctl/rule_engine.cc b/src/actions/ctl/rule_engine.cc index a7b0eb41..c682621f 100644 --- a/src/actions/ctl/rule_engine.cc +++ b/src/actions/ctl/rule_engine.cc @@ -18,8 +18,8 @@ #include #include +#include "modsecurity/rules_set_properties.h" #include "modsecurity/rules_set.h" -#include "modsecurity/rules_properties.h" #include "modsecurity/transaction.h" namespace modsecurity { @@ -31,11 +31,11 @@ bool RuleEngine::init(std::string *error) { std::string what(m_parser_payload, 11, m_parser_payload.size() - 11); if (what == "on") { - m_ruleEngine = RulesProperties::EnabledRuleEngine; + m_ruleEngine = RulesSetProperties::EnabledRuleEngine; } else if (what == "off") { - m_ruleEngine = RulesProperties::DisabledRuleEngine; + m_ruleEngine = RulesSetProperties::DisabledRuleEngine; } else if (what == "detectiononly") { - m_ruleEngine = RulesProperties::DetectionOnlyRuleEngine; + m_ruleEngine = RulesSetProperties::DetectionOnlyRuleEngine; } else { error->assign("Internal error. Expected: On, Off or DetectionOnly; " \ "got: " + m_parser_payload); @@ -48,7 +48,7 @@ bool RuleEngine::init(std::string *error) { bool RuleEngine::evaluate(Rule *rule, Transaction *transaction) { std::stringstream a; a << "Setting SecRuleEngine to "; - a << modsecurity::RulesProperties::ruleEngineStateString(m_ruleEngine); + a << modsecurity::RulesSetProperties::ruleEngineStateString(m_ruleEngine); a << " as requested by a ctl:ruleEngine action"; ms_dbg_a(transaction, 8, a.str()); diff --git a/src/actions/ctl/rule_engine.h b/src/actions/ctl/rule_engine.h index 8f6d8ea2..6456b6fe 100644 --- a/src/actions/ctl/rule_engine.h +++ b/src/actions/ctl/rule_engine.h @@ -15,9 +15,9 @@ #include +#include "modsecurity/rules_set_properties.h" #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" -#include "modsecurity/rules_properties.h" #ifndef SRC_ACTIONS_CTL_RULE_ENGINE_H_ @@ -32,12 +32,12 @@ class RuleEngine : public Action { public: explicit RuleEngine(const std::string &action) : Action(action, RunTimeOnlyIfMatchKind), - m_ruleEngine(RulesProperties::PropertyNotSetRuleEngine) { } + m_ruleEngine(RulesSetProperties::PropertyNotSetRuleEngine) { } bool init(std::string *error) override; bool evaluate(Rule *rule, Transaction *transaction) override; - RulesProperties::RuleEngine m_ruleEngine; + RulesSetProperties::RuleEngine m_ruleEngine; }; diff --git a/src/actions/transformations/url_decode_uni.cc b/src/actions/transformations/url_decode_uni.cc index 7e0dfdaa..0485a03c 100644 --- a/src/actions/transformations/url_decode_uni.cc +++ b/src/actions/transformations/url_decode_uni.cc @@ -25,12 +25,12 @@ #include #include +#include "modsecurity/rules_set_properties.h" #include "modsecurity/rules_set.h" #include "modsecurity/transaction.h" #include "src/actions/transformations/transformation.h" #include "src/utils/string.h" #include "src/utils/system.h" -#include "modsecurity/rules_properties.h" namespace modsecurity { diff --git a/src/actions/transformations/url_decode_uni.h b/src/actions/transformations/url_decode_uni.h index b92733ea..6bc7415b 100644 --- a/src/actions/transformations/url_decode_uni.h +++ b/src/actions/transformations/url_decode_uni.h @@ -15,8 +15,8 @@ #include +#include "modsecurity/rules_set_properties.h" #include "modsecurity/actions/action.h" -#include "modsecurity/rules_properties.h" #include "src/actions/transformations/transformation.h" #ifndef SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_UNI_H_ diff --git a/src/operators/verify_svnr.cc b/src/operators/verify_svnr.cc index bede368d..669c7be2 100644 --- a/src/operators/verify_svnr.cc +++ b/src/operators/verify_svnr.cc @@ -7,7 +7,9 @@ #include "modsecurity/rule.h" #include "modsecurity/rule_message.h" -#include "modsecurity/rules_properties.h" +#include "modsecurity/rules_set_properties.h" + + namespace modsecurity { namespace operators { diff --git a/src/parser/driver.cc b/src/parser/driver.cc index 00174d52..90415255 100644 --- a/src/parser/driver.cc +++ b/src/parser/driver.cc @@ -15,8 +15,9 @@ #include "src/parser/driver.h" +#include "modsecurity/rules_set_properties.h" +#include "src/parser/seclang-parser.hh" #include "modsecurity/audit_log.h" -#include "modsecurity/rules_properties.h" using modsecurity::audit_log::AuditLog; using modsecurity::Rule; @@ -25,7 +26,7 @@ namespace modsecurity { namespace Parser { Driver::Driver() - : RulesProperties(), + : RulesSetProperties(), trace_scanning(false), trace_parsing(false), lastRule(NULL) { } diff --git a/src/parser/driver.h b/src/parser/driver.h index 5259c092..9cc49ba7 100644 --- a/src/parser/driver.h +++ b/src/parser/driver.h @@ -27,7 +27,7 @@ #include "modsecurity/modsecurity.h" #include "modsecurity/rules_set.h" -#include "modsecurity/rules_properties.h" +#include "modsecurity/rules_set_properties.h" #include "modsecurity/audit_log.h" #include "src/rule_script.h" #ifndef MS_CPPCHECK_DISABLED_FOR_PARSER @@ -61,7 +61,7 @@ typedef struct Driver_t Driver; * driver class. * **/ -class Driver : public RulesProperties { +class Driver : public RulesSetProperties { public: Driver(); virtual ~Driver(); diff --git a/src/parser/seclang-parser.cc b/src/parser/seclang-parser.cc index 97461161..d1572bf6 100644 --- a/src/parser/seclang-parser.cc +++ b/src/parser/seclang-parser.cc @@ -1847,7 +1847,7 @@ namespace yy { case 21: #line 803 "seclang-parser.yy" { - driver.m_uploadKeepFiles = modsecurity::RulesProperties::TrueConfigBoolean; + driver.m_uploadKeepFiles = modsecurity::RulesSetProperties::TrueConfigBoolean; } #line 1853 "seclang-parser.cc" break; @@ -1855,7 +1855,7 @@ namespace yy { case 22: #line 807 "seclang-parser.yy" { - driver.m_uploadKeepFiles = modsecurity::RulesProperties::FalseConfigBoolean; + driver.m_uploadKeepFiles = modsecurity::RulesSetProperties::FalseConfigBoolean; } #line 1861 "seclang-parser.cc" break; @@ -1899,7 +1899,7 @@ namespace yy { case 27: #line 831 "seclang-parser.yy" { - driver.m_tmpSaveUploadedFiles = modsecurity::RulesProperties::TrueConfigBoolean; + driver.m_tmpSaveUploadedFiles = modsecurity::RulesSetProperties::TrueConfigBoolean; } #line 1905 "seclang-parser.cc" break; @@ -1907,7 +1907,7 @@ namespace yy { case 28: #line 835 "seclang-parser.yy" { - driver.m_tmpSaveUploadedFiles = modsecurity::RulesProperties::FalseConfigBoolean; + driver.m_tmpSaveUploadedFiles = modsecurity::RulesSetProperties::FalseConfigBoolean; } #line 1913 "seclang-parser.cc" break; @@ -2495,7 +2495,7 @@ namespace yy { case 83: #line 1223 "seclang-parser.yy" { - driver.m_secRequestBodyAccess = modsecurity::RulesProperties::TrueConfigBoolean; + driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean; } #line 2501 "seclang-parser.cc" break; @@ -2503,7 +2503,7 @@ namespace yy { case 84: #line 1227 "seclang-parser.yy" { - driver.m_secRequestBodyAccess = modsecurity::RulesProperties::FalseConfigBoolean; + driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::FalseConfigBoolean; } #line 2509 "seclang-parser.cc" break; @@ -2511,7 +2511,7 @@ namespace yy { case 85: #line 1231 "seclang-parser.yy" { - driver.m_secResponseBodyAccess = modsecurity::RulesProperties::TrueConfigBoolean; + driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean; } #line 2517 "seclang-parser.cc" break; @@ -2519,7 +2519,7 @@ namespace yy { case 86: #line 1235 "seclang-parser.yy" { - driver.m_secResponseBodyAccess = modsecurity::RulesProperties::FalseConfigBoolean; + driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::FalseConfigBoolean; } #line 2525 "seclang-parser.cc" break; @@ -3127,7 +3127,7 @@ namespace yy { case 142: #line 1640 "seclang-parser.yy" { - driver.m_secXMLExternalEntity = modsecurity::RulesProperties::FalseConfigBoolean; + driver.m_secXMLExternalEntity = modsecurity::RulesSetProperties::FalseConfigBoolean; } #line 3133 "seclang-parser.cc" break; @@ -3135,7 +3135,7 @@ namespace yy { case 143: #line 1644 "seclang-parser.yy" { - driver.m_secXMLExternalEntity = modsecurity::RulesProperties::TrueConfigBoolean; + driver.m_secXMLExternalEntity = modsecurity::RulesSetProperties::TrueConfigBoolean; } #line 3141 "seclang-parser.cc" break; diff --git a/src/parser/seclang-parser.hh b/src/parser/seclang-parser.hh index e3fde898..cacabec6 100644 --- a/src/parser/seclang-parser.hh +++ b/src/parser/seclang-parser.hh @@ -187,7 +187,7 @@ class Driver; #include "modsecurity/audit_log.h" #include "modsecurity/modsecurity.h" -#include "modsecurity/rules_properties.h" +#include "modsecurity/rules_set_properties.h" #include "modsecurity/rule.h" #include "src/operators/operator.h" #include "src/utils/geo_lookup.h" diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy index 49614b40..02d4db25 100644 --- a/src/parser/seclang-parser.yy +++ b/src/parser/seclang-parser.yy @@ -149,7 +149,7 @@ class Driver; #include "modsecurity/audit_log.h" #include "modsecurity/modsecurity.h" -#include "modsecurity/rules_properties.h" +#include "modsecurity/rules_set_properties.h" #include "modsecurity/rule.h" #include "src/operators/operator.h" #include "src/utils/geo_lookup.h" @@ -801,11 +801,11 @@ audit_log: /* Upload */ | CONFIG_UPDLOAD_KEEP_FILES CONFIG_VALUE_ON { - driver.m_uploadKeepFiles = modsecurity::RulesProperties::TrueConfigBoolean; + driver.m_uploadKeepFiles = modsecurity::RulesSetProperties::TrueConfigBoolean; } | CONFIG_UPDLOAD_KEEP_FILES CONFIG_VALUE_OFF { - driver.m_uploadKeepFiles = modsecurity::RulesProperties::FalseConfigBoolean; + driver.m_uploadKeepFiles = modsecurity::RulesSetProperties::FalseConfigBoolean; } | CONFIG_UPDLOAD_KEEP_FILES CONFIG_VALUE_RELEVANT_ONLY { @@ -829,11 +829,11 @@ audit_log: } | CONFIG_UPDLOAD_SAVE_TMP_FILES CONFIG_VALUE_ON { - driver.m_tmpSaveUploadedFiles = modsecurity::RulesProperties::TrueConfigBoolean; + driver.m_tmpSaveUploadedFiles = modsecurity::RulesSetProperties::TrueConfigBoolean; } | CONFIG_UPDLOAD_SAVE_TMP_FILES CONFIG_VALUE_OFF { - driver.m_tmpSaveUploadedFiles = modsecurity::RulesProperties::FalseConfigBoolean; + driver.m_tmpSaveUploadedFiles = modsecurity::RulesSetProperties::FalseConfigBoolean; } ; @@ -1221,19 +1221,19 @@ expression: } | CONFIG_DIR_REQ_BODY CONFIG_VALUE_ON { - driver.m_secRequestBodyAccess = modsecurity::RulesProperties::TrueConfigBoolean; + driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean; } | CONFIG_DIR_REQ_BODY CONFIG_VALUE_OFF { - driver.m_secRequestBodyAccess = modsecurity::RulesProperties::FalseConfigBoolean; + driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::FalseConfigBoolean; } | CONFIG_DIR_RES_BODY CONFIG_VALUE_ON { - driver.m_secResponseBodyAccess = modsecurity::RulesProperties::TrueConfigBoolean; + driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean; } | CONFIG_DIR_RES_BODY CONFIG_VALUE_OFF { - driver.m_secResponseBodyAccess = modsecurity::RulesProperties::FalseConfigBoolean; + driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::FalseConfigBoolean; } | CONFIG_SEC_ARGUMENT_SEPARATOR { @@ -1638,11 +1638,11 @@ expression: } | CONFIG_XML_EXTERNAL_ENTITY CONFIG_VALUE_OFF { - driver.m_secXMLExternalEntity = modsecurity::RulesProperties::FalseConfigBoolean; + driver.m_secXMLExternalEntity = modsecurity::RulesSetProperties::FalseConfigBoolean; } | CONFIG_XML_EXTERNAL_ENTITY CONFIG_VALUE_ON { - driver.m_secXMLExternalEntity = modsecurity::RulesProperties::TrueConfigBoolean; + driver.m_secXMLExternalEntity = modsecurity::RulesSetProperties::TrueConfigBoolean; } | CONGIG_DIR_SEC_TMP_DIR { diff --git a/src/request_body_processor/multipart.cc b/src/request_body_processor/multipart.cc index b8f01da7..713884b8 100644 --- a/src/request_body_processor/multipart.cc +++ b/src/request_body_processor/multipart.cc @@ -73,12 +73,12 @@ Multipart::Multipart(const std::string &header, Transaction *transaction) Multipart::~Multipart() { ms_dbg_a(m_transaction, 4, "Multipart: Cleanup started (keep files set to " \ - + RulesProperties::configBooleanString( + + RulesSetProperties::configBooleanString( m_transaction->m_rules->m_uploadKeepFiles) \ + ")"); if (m_transaction->m_rules->m_uploadKeepFiles - != RulesProperties::TrueConfigBoolean) { + != RulesSetProperties::TrueConfigBoolean) { for (MultipartPart *m : m_parts) { if (m->m_type == MULTIPART_FILE) { if (!m->m_tmp_file_name.empty()) { @@ -514,9 +514,9 @@ int Multipart::process_part_data(std::string *error, size_t offset) { /* add data to the part we are building */ if (m_mpp->m_type == MULTIPART_FILE) { bool extract = m_transaction->m_rules->m_uploadKeepFiles \ - == RulesProperties::TrueConfigBoolean \ + == RulesSetProperties::TrueConfigBoolean \ || m_transaction->m_rules->m_tmpSaveUploadedFiles \ - == RulesProperties::TrueConfigBoolean; + == RulesSetProperties::TrueConfigBoolean; /* remember where we started */ if (m_mpp->m_length == 0) { diff --git a/src/request_body_processor/xml.cc b/src/request_body_processor/xml.cc index 5ea7ef46..1944a1aa 100644 --- a/src/request_body_processor/xml.cc +++ b/src/request_body_processor/xml.cc @@ -48,7 +48,7 @@ XML::~XML() { bool XML::init() { //xmlParserInputBufferCreateFilenameFunc entity; if (m_transaction->m_rules->m_secXMLExternalEntity - == RulesProperties::TrueConfigBoolean) { + == RulesSetProperties::TrueConfigBoolean) { /*entity = */xmlParserInputBufferCreateFilenameDefault( __xmlParserInputBufferCreateFilename); } else { diff --git a/src/rules.cc b/src/rules_set.cc similarity index 97% rename from src/rules.cc rename to src/rules_set.cc index b36b12de..0e4987ea 100644 --- a/src/rules.cc +++ b/src/rules_set.cc @@ -223,8 +223,8 @@ int RulesSet::evaluate(int phase, Transaction *t) { int RulesSet::merge(Driver *from) { int amount_of_rules = 0; amount_of_rules = mergeProperties( - dynamic_cast(from), - dynamic_cast(this), + dynamic_cast(from), + dynamic_cast(this), &m_parserError); return amount_of_rules; @@ -234,8 +234,8 @@ int RulesSet::merge(Driver *from) { int RulesSet::merge(RulesSet *from) { int amount_of_rules = 0; amount_of_rules = mergeProperties( - dynamic_cast(from), - dynamic_cast(this), + dynamic_cast(from), + dynamic_cast(this), &m_parserError); return amount_of_rules; diff --git a/src/rules_properties.cc b/src/rules_set_properties.cc similarity index 97% rename from src/rules_properties.cc rename to src/rules_set_properties.cc index 1c71161d..5b8da864 100644 --- a/src/rules_properties.cc +++ b/src/rules_set_properties.cc @@ -13,10 +13,9 @@ * */ -#include "modsecurity/rules_properties.h" - #include +#include "modsecurity/rules_set_properties.h" #include "src/utils/string.h" #include "src/variables/variable.h" @@ -24,7 +23,7 @@ namespace modsecurity { void ConfigUnicodeMap::loadConfig(std::string f, double configCodePage, - RulesProperties *driver, std::string *errg) { + RulesSetProperties *driver, std::string *errg) { char *buf = NULL; char *hmap = NULL; char *p = NULL; diff --git a/src/transaction.cc b/src/transaction.cc index 5bf34237..61288b8f 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -49,7 +49,7 @@ #include "src/utils/random.h" #include "modsecurity/rule.h" #include "modsecurity/rule_message.h" -#include "modsecurity/rules_properties.h" +#include "modsecurity/rules_set_properties.h" #include "src/actions/disruptive/allow.h" #include "src/variables/remote_user.h" @@ -147,7 +147,7 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, void *logCbData) #else m_json(NULL), #endif - m_secRuleEngine(RulesProperties::PropertyNotSetRuleEngine), + m_secRuleEngine(RulesSetProperties::PropertyNotSetRuleEngine), m_variableDuration(""), m_variableEnvs(), m_variableHighestSeverityAction(""), @@ -220,7 +220,7 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, char *id, void *logCb #else m_json(NULL), #endif - m_secRuleEngine(RulesProperties::PropertyNotSetRuleEngine), + m_secRuleEngine(RulesSetProperties::PropertyNotSetRuleEngine), m_variableDuration(""), m_variableEnvs(), m_variableHighestSeverityAction(""), @@ -778,7 +778,7 @@ int Transaction::addRequestHeader(const unsigned char *key, size_t key_n, int Transaction::processRequestBody() { ms_dbg(4, "Starting phase REQUEST_BODY. (SecRules 2)"); - if (getRuleEngineState() == RulesProperties::DisabledRuleEngine) { + if (getRuleEngineState() == RulesSetProperties::DisabledRuleEngine) { ms_dbg(4, "Rule engine disabled, returning..."); return true; } @@ -891,8 +891,8 @@ int Transaction::processRequestBody() { m_variableReqbodyProcessorError.set("0", m_variableOffset); } - if (m_rules->m_secRequestBodyAccess == RulesProperties::FalseConfigBoolean) { - if (m_requestBodyAccess != RulesProperties::TrueConfigBoolean) { + if (m_rules->m_secRequestBodyAccess == RulesSetProperties::FalseConfigBoolean) { + if (m_requestBodyAccess != RulesSetProperties::TrueConfigBoolean) { ms_dbg(4, "Request body processing is disabled"); return true; } else { @@ -901,7 +901,7 @@ int Transaction::processRequestBody() { "action"); } } else { - if (m_requestBodyAccess == RulesProperties::FalseConfigBoolean) { + if (m_requestBodyAccess == RulesSetProperties::FalseConfigBoolean) { ms_dbg(4, "Request body processing is enabled, but " \ "disabled to this transaction due to ctl:requestBodyAccess " \ "action"); @@ -1189,7 +1189,7 @@ int Transaction::processResponseBody() { return true; } - if (m_rules->m_secResponseBodyAccess != RulesProperties::TrueConfigBoolean) { + if (m_rules->m_secResponseBodyAccess != RulesSetProperties::TrueConfigBoolean) { ms_dbg(4, "Response body is disabled, returning... " + std::to_string(m_rules->m_secResponseBodyAccess)); return true; } @@ -1729,7 +1729,7 @@ std::string Transaction::toJSON(int parts) { /* producer > engine state */ LOGFY_ADD("secrules_engine", RulesSet::ruleEngineStateString( - (RulesProperties::RuleEngine) getRuleEngineState())); + (RulesSetProperties::RuleEngine) getRuleEngineState())); /* producer > components */ yajl_gen_string(g, @@ -1816,7 +1816,7 @@ void Transaction::serverLog(std::shared_ptr rm) { int Transaction::getRuleEngineState() const { - if (m_secRuleEngine == RulesProperties::PropertyNotSetRuleEngine) { + if (m_secRuleEngine == RulesSetProperties::PropertyNotSetRuleEngine) { return m_rules->m_secRuleEngine; } diff --git a/src/variables/xml.cc b/src/variables/xml.cc index d64c5c84..b66224c2 100644 --- a/src/variables/xml.cc +++ b/src/variables/xml.cc @@ -36,7 +36,7 @@ #include #include "modsecurity/transaction.h" -#include "modsecurity/rules_properties.h" +#include "modsecurity/rules_set_properties.h" #include "modsecurity/rules_set.h" #include "src/request_body_processor/xml.h" diff --git a/test/Makefile.am b/test/Makefile.am index 97364554..9a719342 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -42,7 +42,6 @@ noinst_HEADERS = \ unit_tests_LDADD = \ - $(top_builddir)/src/.libs/libmodsecurity.a \ $(CURL_LDADD) \ $(GEOIP_LDADD) \ $(MAXMIND_LDADD) \ @@ -56,7 +55,12 @@ unit_tests_LDADD = \ unit_tests_LDFLAGS = \ + -L$(top_builddir)/src/.libs/ \ $(GEOIP_LDFLAGS) \ + -lmodsecurity \ + -lpthread \ + -lm \ + -lstdc++ \ $(MAXMIND_LDFLAGS) \ $(LMDB_LDFLAGS) \ $(LUA_LDFLAGS) \ @@ -92,7 +96,6 @@ regression_tests_SOURCES = \ regression/custom_debug_log.cc regression_tests_LDADD = \ - $(top_builddir)/src/.libs/libmodsecurity.a \ $(CURL_LDADD) \ $(GEOIP_LDADD) \ $(MAXMIND_LDADD) \ @@ -106,7 +109,12 @@ regression_tests_LDADD = \ regression_tests_LDFLAGS = \ + -L$(top_builddir)/src/.libs/ \ $(GEOIP_LDFLAGS) \ + -lmodsecurity \ + -lpthread \ + -lm \ + -lstdc++ \ $(MAXMIND_LDFLAGS) \ $(YAJL_LDFLAGS) \ $(LMDB_LDFLAGS) \ @@ -141,7 +149,6 @@ rules_optimization_SOURCES = \ optimization/optimization.cc rules_optimization_LDADD = \ - $(top_builddir)/src/.libs/libmodsecurity.a \ $(CURL_LDADD) \ $(GEOIP_LDADD) \ $(MAXMIND_LDADD) \ @@ -154,7 +161,12 @@ rules_optimization_LDADD = \ $(YAJL_LDADD) rules_optimization_LDFLAGS = \ + -L$(top_builddir)/src/.libs/ \ $(GEOIP_LDFLAGS) \ + -lmodsecurity \ + -lpthread \ + -lm \ + -lstdc++ \ $(MAXMIND_LDFLAGS) \ $(LMDB_LDFLAGS) \ $(LUA_LDFLAGS) \ diff --git a/test/benchmark/Makefile.am b/test/benchmark/Makefile.am index e14f50e5..73a975b3 100644 --- a/test/benchmark/Makefile.am +++ b/test/benchmark/Makefile.am @@ -6,7 +6,6 @@ benchmark_SOURCES = \ benchmark.cc benchmark_LDADD = \ - $(top_builddir)/src/.libs/libmodsecurity.a \ $(CURL_LDADD) \ $(GEOIP_LDADD) \ $(MAXMIND_LDADD) \ @@ -19,7 +18,12 @@ benchmark_LDADD = \ $(GLOBAL_LDADD) benchmark_LDFLAGS = \ - $(top_builddir)/src/.libs/libmodsecurity.a \ + -L$(top_builddir)/src/.libs/ \ + $(GEOIP_LDFLAGS) \ + -lmodsecurity \ + -lpthread \ + -lm \ + -lstdc++ \ $(GEOIP_LDFLAGS) \ $(MAXMIND_LDFLAGS) \ $(YAJL_LDFLAGS) \ diff --git a/test/optimization/optimization.cc b/test/optimization/optimization.cc index ee8a8cf4..6dd16e02 100644 --- a/test/optimization/optimization.cc +++ b/test/optimization/optimization.cc @@ -20,12 +20,12 @@ #include #include +#include "modsecurity/rules_set_properties.h" #include "modsecurity/rules_set.h" #include "modsecurity/modsecurity.h" #include "src/utils/system.h" #include "src/parser/driver.h" #include "src/utils/https_client.h" -#include "modsecurity/rules_properties.h" #include "modsecurity/transaction.h" void print_help() {