github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Refactoring: Renames RulesProperties to RulesSetProperties

Browse Source
This commit is contained in:
Felipe Zimmerle 2018-11-13 16:08:27 -03:00
parent bad5892b93
commit 6a742cdf76
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
27 changed files with 675 additions and 628 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
examples/reading_logs_via_rule_message/Makefile.am
View File

@ -6,7 +6,6 @@ simple_request_SOURCES = \
simple_request.cc simple_request.cc
simple_request_LDADD = \ simple_request_LDADD = \
$(top_builddir)/src/.libs/libmodsecurity.a \
$(CURL_LDADD) \ $(CURL_LDADD) \
$(GEOIP_LDADD) \ $(GEOIP_LDADD) \
$(GLOBAL_LDADD) \ $(GLOBAL_LDADD) \
@ -19,9 +18,13 @@ simple_request_LDADD = \
$(YAJL_LDADD) $(YAJL_LDADD)
simple_request_LDFLAGS = \ simple_request_LDFLAGS = \
-L$(top_builddir)/src/.libs/ \
$(GEOIP_LDFLAGS) \ $(GEOIP_LDFLAGS) \
$(LMDB_LDFLAGS) \ -lmodsecurity \
-lpthread \ -lpthread \
-lm \
-lstdc++ \
$(LMDB_LDFLAGS) \
$(LUA_LDFLAGS) \ $(LUA_LDFLAGS) \
$(MAXMIND_LDFLAGS) \ $(MAXMIND_LDFLAGS) \
$(SSDEEP_LDFLAGS) \ $(SSDEEP_LDFLAGS) \

6
examples/reading_logs_with_offset/Makefile.am
View File

@ -6,7 +6,6 @@ read_SOURCES = \
read.cc read.cc
read_LDADD = \ read_LDADD = \
$(top_builddir)/src/.libs/libmodsecurity.a \
$(CURL_LDADD) \ $(CURL_LDADD) \
$(GEOIP_LDADD) \ $(GEOIP_LDADD) \
$(MAXMIND_LDADD) \ $(MAXMIND_LDADD) \
@ -19,7 +18,12 @@ read_LDADD = \
$(YAJL_LDADD) $(YAJL_LDADD)
read_LDFLAGS = \ read_LDFLAGS = \
-L$(top_builddir)/src/.libs/ \
$(GEOIP_LDFLAGS) \ $(GEOIP_LDFLAGS) \
-lmodsecurity \
-lpthread \
-lm \
-lstdc++ \
$(LMDB_LDFLAGS) \ $(LMDB_LDFLAGS) \
$(LUA_LDFLAGS) \ $(LUA_LDFLAGS) \
$(SSDEEP_LDFLAGS) \ $(SSDEEP_LDFLAGS) \

6
examples/using_bodies_in_chunks/Makefile.am
View File

@ -6,7 +6,6 @@ simple_request_SOURCES = \
simple_request.cc simple_request.cc
simple_request_LDADD = \ simple_request_LDADD = \
$(top_builddir)/src/.libs/libmodsecurity.a \
$(CURL_LDADD) \ $(CURL_LDADD) \
$(GEOIP_LDADD) \ $(GEOIP_LDADD) \
$(MAXMIND_LDADD) \ $(MAXMIND_LDADD) \
@ -19,7 +18,12 @@ simple_request_LDADD = \
$(YAJL_LDADD) $(YAJL_LDADD)
simple_request_LDFLAGS = \ simple_request_LDFLAGS = \
-L$(top_builddir)/src/.libs/ \
$(GEOIP_LDFLAGS) \ $(GEOIP_LDFLAGS) \
-lmodsecurity \
-lpthread \
-lm \
-lstdc++ \
$(MAXMIND_LDFLAGS) \ $(MAXMIND_LDFLAGS) \
$(LMDB_LDFLAGS) \ $(LMDB_LDFLAGS) \
-lpthread \ -lpthread \

549
headers/modsecurity/rules_properties.h
View File

@ -13,553 +13,6 @@
* *
*/ */
#include <modsecurity/rules_set_properties.h>
#ifdef __cplusplus
#include <ctime>
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <set>
#include <cstring>
#endif
#ifndef HEADERS_MODSECURITY_RULES_PROPERTIES_H_
#define HEADERS_MODSECURITY_RULES_PROPERTIES_H_
#include "modsecurity/modsecurity.h"
#include "modsecurity/rule.h"
#include "modsecurity/rules_exceptions.h"
#include "modsecurity/actions/action.h"
#include "modsecurity/audit_log.h"
#define CODEPAGE_SEPARATORS " \t\n\r"
#define merge_boolean_value(to, from, default) \
if (to == PropertyNotSetConfigBoolean) { \
to = (from == PropertyNotSetConfigBoolean) ? default : from; \
}
#define merge_ruleengine_value(to, from, default) \
if (to == PropertyNotSetRuleEngine) { \
to = (from == PropertyNotSetRuleEngine) ? default : from; \
}
#define merge_bodylimitaction_value(to, from, default) \
if (to == PropertyNotSetBodyLimitAction) { \
to = (from == PropertyNotSetBodyLimitAction) ? default : from; \
}
#ifdef __cplusplus
namespace modsecurity {
class RulesExceptions;
namespace Parser {
class Driver;
}
using modsecurity::debug_log::DebugLog;
using modsecurity::audit_log::AuditLog;
/** @ingroup ModSecurity_CPP_API */
class ConfigInt {
public:
ConfigInt() : m_set(false), m_value(0) { }
bool m_set;
int m_value;
void merge(ConfigInt *from) {
if (m_set == true || from->m_set == false) {
return;
}
m_set = true;
m_value = from->m_value;
return;
}
};
class ConfigDouble {
public:
ConfigDouble() : m_set(false), m_value(0) { }
bool m_set;
double m_value;
void merge(ConfigDouble *from) {
if (m_set == true || from->m_set == false) {
return;
}
m_set = true;
m_value = from->m_value;
return;
}
};
class ConfigString {
public:
ConfigString() : m_set(false), m_value("") { }
bool m_set;
std::string m_value;
void merge(ConfigString *from) {
if (m_set == true || from->m_set == false) {
return;
}
m_set = true;
m_value = from->m_value;
return;
}
};
class ConfigSet {
public:
ConfigSet() : m_set(false), m_clear(false) { }
bool m_set;
bool m_clear;
std::set<std::string> m_value;
};
class UnicodeMapHolder {
public:
UnicodeMapHolder() {
memset(m_data, -1, (sizeof(int)*65536));
};
int& operator[](int index) { return m_data[index]; }
int operator[](int index) const { return m_data[index]; }
int at(int index) const { return m_data[index]; }
void change(int i, int a) { m_data[i] = a; }
int m_data[65536];
};
class RulesProperties;
class ConfigUnicodeMap {
public:
ConfigUnicodeMap() : m_set(false),
m_unicodeCodePage(0),
m_unicodeMapTable(NULL) { }
static void loadConfig(std::string f, double codePage,
RulesProperties *driver, std::string *errg);
void merge(ConfigUnicodeMap *from) {
if (from->m_set == false) {
return;
}
m_set = true;
m_unicodeCodePage = from->m_unicodeCodePage;
m_unicodeMapTable = from->m_unicodeMapTable;
return;
}
bool m_set;
double m_unicodeCodePage;
std::shared_ptr<modsecurity::UnicodeMapHolder> m_unicodeMapTable;
};
class RulesProperties {
public:
RulesProperties() :
m_auditLog(new AuditLog()),
m_requestBodyLimitAction(PropertyNotSetBodyLimitAction),
m_responseBodyLimitAction(PropertyNotSetBodyLimitAction),
m_secRequestBodyAccess(PropertyNotSetConfigBoolean),
m_secResponseBodyAccess(PropertyNotSetConfigBoolean),
m_secXMLExternalEntity(PropertyNotSetConfigBoolean),
m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean),
m_uploadKeepFiles(PropertyNotSetConfigBoolean),
m_debugLog(new DebugLog()),
m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction),
m_secRuleEngine(PropertyNotSetRuleEngine) { }
explicit RulesProperties(DebugLog *debugLog) :
m_auditLog(new AuditLog()),
m_requestBodyLimitAction(PropertyNotSetBodyLimitAction),
m_responseBodyLimitAction(PropertyNotSetBodyLimitAction),
m_secRequestBodyAccess(PropertyNotSetConfigBoolean),
m_secResponseBodyAccess(PropertyNotSetConfigBoolean),
m_secXMLExternalEntity(PropertyNotSetConfigBoolean),
m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean),
m_uploadKeepFiles(PropertyNotSetConfigBoolean),
m_debugLog(debugLog),
m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction),
m_secRuleEngine(PropertyNotSetRuleEngine) { }
RulesProperties(const RulesProperties &r) = delete;
RulesProperties &operator =(const RulesProperties &r) = delete;
~RulesProperties() {
int i = 0;
/** Cleanup the rules */
for (i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<Rule *> rules = m_rules[i];
while (rules.empty() == false) {
Rule *rule = rules.back();
rules.pop_back();
if (rule->refCountDecreaseAndCheck()) {
rule = NULL;
}
}
}
for (i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<actions::Action *> *tmp = &m_defaultActions[i];
while (tmp->empty() == false) {
actions::Action *a = tmp->back();
tmp->pop_back();
if (a->refCountDecreaseAndCheck()) {
a = NULL;
}
}
}
delete m_debugLog;
delete m_auditLog;
}
/**
*
*
*/
enum ConfigBoolean {
TrueConfigBoolean,
FalseConfigBoolean,
PropertyNotSetConfigBoolean
};
/**
*
* The RuleEngine enumerator consists in mapping the different states
* of the rule engine.
*
*/
enum RuleEngine {
/**
*
* Rules won't be evaluated if Rule Engine is set to DisabledRuleEngine
*
*/
DisabledRuleEngine,
/**
*
* Rules will be evaluated and disturb actions will take place if needed.
*
*/
EnabledRuleEngine,
/**
* Rules will be evaluated but it won't generate any disruptive action.
*
*/
DetectionOnlyRuleEngine,
/**
*
*/
PropertyNotSetRuleEngine
};
/**
*
* Defines what actions should be taken in case the body (response or
* request) is bigger than the expected size.
*
*/
enum BodyLimitAction {
/**
*
* Process partial
*
*/
ProcessPartialBodyLimitAction,
/**
*
* Reject the request
*
*/
RejectBodyLimitAction,
/**
*
*/
PropertyNotSetBodyLimitAction
};
/**
*
* Defines what actions should be taken in case the remote rules failed to
* be downloaded (independent of the circumstances)
*
*
*/
enum OnFailedRemoteRulesAction {
/**
*
* Abort
*
*/
AbortOnFailedRemoteRulesAction,
/**
*
* Warn on logging
*
*/
WarnOnFailedRemoteRulesAction,
/**
*
*/
PropertyNotSetRemoteRulesAction
};
static const char *ruleEngineStateString(RuleEngine i) {
switch (i) {
case DisabledRuleEngine:
return "Disabled";
case EnabledRuleEngine:
return "Enabled";
case DetectionOnlyRuleEngine:
return "DetectionOnly";
case PropertyNotSetRuleEngine:
return "PropertyNotSet/DetectionOnly";
}
return NULL;
}
static std::string configBooleanString(ConfigBoolean i) {
switch (i) {
case TrueConfigBoolean:
return "True";
case FalseConfigBoolean:
return "False";
case PropertyNotSetConfigBoolean:
return "Not set";
}
return NULL;
}
static int mergeProperties(RulesProperties *from, RulesProperties *to,
std::ostringstream *err) {
int amount_of_rules = 0;
amount_of_rules = appendRules(from->m_rules, to->m_rules, err);
if (amount_of_rules < 0) {
return amount_of_rules;
}
merge_ruleengine_value(to->m_secRuleEngine, from->m_secRuleEngine,
PropertyNotSetRuleEngine);
merge_boolean_value(to->m_secRequestBodyAccess,
from->m_secRequestBodyAccess,
PropertyNotSetConfigBoolean);
merge_boolean_value(to->m_secResponseBodyAccess,
from->m_secResponseBodyAccess,
PropertyNotSetConfigBoolean);
merge_boolean_value(to->m_secXMLExternalEntity,
from->m_secXMLExternalEntity,
PropertyNotSetConfigBoolean);
merge_boolean_value(to->m_uploadKeepFiles,
from->m_uploadKeepFiles,
PropertyNotSetConfigBoolean);
merge_boolean_value(to->m_tmpSaveUploadedFiles,
from->m_tmpSaveUploadedFiles,
PropertyNotSetConfigBoolean);
to->m_argumentsLimit.merge(&from->m_argumentsLimit);
to->m_requestBodyLimit.merge(&from->m_requestBodyLimit);
to->m_responseBodyLimit.merge(&from->m_responseBodyLimit);
merge_bodylimitaction_value(to->m_requestBodyLimitAction,
from->m_requestBodyLimitAction,
PropertyNotSetBodyLimitAction);
merge_bodylimitaction_value(to->m_responseBodyLimitAction,
from->m_responseBodyLimitAction,
PropertyNotSetBodyLimitAction);
to->m_uploadFileLimit.merge(&from->m_uploadFileLimit);
to->m_uploadFileMode.merge(&from->m_uploadFileMode);
to->m_uploadDirectory.merge(&from->m_uploadDirectory);
to->m_uploadTmpDirectory.merge(&from->m_uploadTmpDirectory);
to->m_secArgumentSeparator.merge(&from->m_secArgumentSeparator);
to->m_secWebAppId.merge(&from->m_secWebAppId);
to->m_unicodeMapTable.merge(&from->m_unicodeMapTable);
to->m_httpblKey.merge(&from->m_httpblKey);
to->m_exceptions.merge(&from->m_exceptions);
to->m_components.insert(to->m_components.end(),
from->m_components.begin(), from->m_components.end());
if (from->m_responseBodyTypeToBeInspected.m_set == true) {
if (from->m_responseBodyTypeToBeInspected.m_clear == true) {
to->m_responseBodyTypeToBeInspected.m_value.clear();
from->m_responseBodyTypeToBeInspected.m_value.clear();
} else {
for (std::set<std::string>::iterator
it = from->m_responseBodyTypeToBeInspected.m_value.begin();
it != from->m_responseBodyTypeToBeInspected.m_value.end();
++it) {
to->m_responseBodyTypeToBeInspected.m_value.insert(*it);
}
}
to->m_responseBodyTypeToBeInspected.m_set = true;
}
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<actions::Action *> *actions_from = \
from->m_defaultActions+i;
std::vector<actions::Action *> *actions_to = to->m_defaultActions+i;
for (size_t j = 0; j < actions_from->size(); j++) {
actions::Action *action = actions_from->at(j);
action->refCountIncrease();
actions_to->push_back(action);
}
}
if (to->m_auditLog) {
std::string error;
to->m_auditLog->merge(from->m_auditLog, &error);
if (error.size() > 0) {
*err << error;
return -1;
}
}
if (from->m_debugLog && to->m_debugLog &&
from->m_debugLog->isLogFileSet()) {
if (to->m_debugLog->isLogFileSet() == false) {
std::string error;
to->m_debugLog->setDebugLogFile(
from->m_debugLog->getDebugLogFile(),
&error);
if (error.size() > 0) {
*err << error;
return -1;
}
}
}
if (from->m_debugLog && to->m_debugLog &&
from->m_debugLog->isLogLevelSet()) {
if (to->m_debugLog->isLogLevelSet() == false) {
to->m_debugLog->setDebugLogLevel(
from->m_debugLog->getDebugLogLevel());
}
}
return amount_of_rules;
}
static int appendRules(
std::vector<modsecurity::Rule *> *from,
std::vector<modsecurity::Rule *> *to,
std::ostringstream *err) {
int amount_of_rules = 0;
// TODO: std::vector could be replaced with something more efficient.
std::vector<int64_t> v;
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<modsecurity::Rule *> *rules_to = to+i;
v.reserve(rules_to->size());
for (size_t z = 0; z < rules_to->size(); z++) {
Rule *rule_ckc = rules_to->at(z);
if (rule_ckc->m_secMarker == true) {
continue;
}
v.push_back(rule_ckc->m_ruleId);
}
}
std::sort (v.begin(), v.end());
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<modsecurity::Rule *> *rules_from = from+i;
std::vector<modsecurity::Rule *> *rules_to = to+i;
for (size_t j = 0; j < rules_from->size(); j++) {
Rule *rule = rules_from->at(j);
if (std::binary_search(v.begin(), v.end(), rule->m_ruleId)) {
if (err != NULL) {
*err << "Rule id: " << std::to_string(rule->m_ruleId) \
<< " is duplicated" << std::endl;
}
return -1;
}
amount_of_rules++;
rule->refCountIncrease();
rules_to->push_back(rule);
}
}
return amount_of_rules;
}
std::vector<modsecurity::Rule *> *getRulesForPhase(int phase) {
if (phase >= modsecurity::Phases::NUMBER_OF_PHASES) {
return NULL;
}
return &m_rules[phase];
}
audit_log::AuditLog *m_auditLog;
BodyLimitAction m_requestBodyLimitAction;
BodyLimitAction m_responseBodyLimitAction;
ConfigBoolean m_secRequestBodyAccess;
ConfigBoolean m_secResponseBodyAccess;
ConfigBoolean m_secXMLExternalEntity;
ConfigBoolean m_tmpSaveUploadedFiles;
ConfigBoolean m_uploadKeepFiles;
ConfigDouble m_argumentsLimit;
ConfigDouble m_requestBodyLimit;
ConfigDouble m_requestBodyNoFilesLimit;
ConfigDouble m_responseBodyLimit;
ConfigInt m_uploadFileLimit;
ConfigInt m_uploadFileMode;
DebugLog *m_debugLog;
OnFailedRemoteRulesAction m_remoteRulesActionOnFailed;
RuleEngine m_secRuleEngine;
RulesExceptions m_exceptions;
std::list<std::string> m_components;
std::ostringstream m_parserError;
ConfigSet m_responseBodyTypeToBeInspected;
ConfigString m_httpblKey;
ConfigString m_uploadDirectory;
ConfigString m_uploadTmpDirectory;
ConfigString m_secArgumentSeparator;
ConfigString m_secWebAppId;
std::vector<actions::Action *> m_defaultActions[modsecurity::Phases::NUMBER_OF_PHASES];
std::vector<modsecurity::Rule *> m_rules[modsecurity::Phases::NUMBER_OF_PHASES];
ConfigUnicodeMap m_unicodeMapTable;
};
#endif
#ifdef __cplusplus
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULES_PROPERTIES_H_

8
headers/modsecurity/rules_set.h
View File

@ -28,7 +28,7 @@
#ifndef HEADERS_MODSECURITY_RULES_H_ #ifndef HEADERS_MODSECURITY_RULES_H_
#define HEADERS_MODSECURITY_RULES_H_ #define HEADERS_MODSECURITY_RULES_H_
#include "modsecurity/rules_properties.h" #include "modsecurity/rules_set_properties.h"
#include "modsecurity/modsecurity.h" #include "modsecurity/modsecurity.h"
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
@ -42,10 +42,10 @@ class Driver;
/** @ingroup ModSecurity_CPP_API */ /** @ingroup ModSecurity_CPP_API */
class RulesSet : public RulesProperties { class RulesSet : public RulesSetProperties {
public: public:
RulesSet() RulesSet()
: RulesProperties(new DebugLog()), : RulesSetProperties(new DebugLog()),
unicode_codepage(0) unicode_codepage(0)
#ifndef NO_LOGS #ifndef NO_LOGS
,m_secmarker_skipped(0) ,m_secmarker_skipped(0)
@ -53,7 +53,7 @@ class RulesSet : public RulesProperties {
{ } { }
explicit RulesSet(DebugLog *customLog) explicit RulesSet(DebugLog *customLog)
: RulesProperties(customLog), : RulesSetProperties(customLog),
unicode_codepage(0) unicode_codepage(0)
#ifndef NO_LOGS #ifndef NO_LOGS
,m_secmarker_skipped(0) ,m_secmarker_skipped(0)

565
headers/modsecurity/rules_set_properties.h Normal file
View File

@ -0,0 +1,565 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2020 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifdef __cplusplus
#include <ctime>
#include <iostream>
#include <string>
#include <vector>
#include <list>
#include <set>
#include <cstring>
#endif
#ifndef HEADERS_MODSECURITY_RULES_SET_PROPERTIES_H_
#define HEADERS_MODSECURITY_RULES_SET_PROPERTIES_H_
#include "modsecurity/modsecurity.h"
#include "modsecurity/rule.h"
#include "modsecurity/rules_exceptions.h"
#include "modsecurity/actions/action.h"
#include "modsecurity/audit_log.h"
#define CODEPAGE_SEPARATORS " \t\n\r"
#define merge_boolean_value(to, from, default) \
if (to == PropertyNotSetConfigBoolean) { \
to = (from == PropertyNotSetConfigBoolean) ? default : from; \
}
#define merge_ruleengine_value(to, from, default) \
if (to == PropertyNotSetRuleEngine) { \
to = (from == PropertyNotSetRuleEngine) ? default : from; \
}
#define merge_bodylimitaction_value(to, from, default) \
if (to == PropertyNotSetBodyLimitAction) { \
to = (from == PropertyNotSetBodyLimitAction) ? default : from; \
}
#ifdef __cplusplus
namespace modsecurity {
class RulesExceptions;
namespace Parser {
class Driver;
}
using modsecurity::debug_log::DebugLog;
using modsecurity::audit_log::AuditLog;
/** @ingroup ModSecurity_CPP_API */
class ConfigInt {
public:
ConfigInt() : m_set(false), m_value(0) { }
bool m_set;
int m_value;
void merge(ConfigInt *from) {
if (m_set == true || from->m_set == false) {
return;
}
m_set = true;
m_value = from->m_value;
return;
}
};
class ConfigDouble {
public:
ConfigDouble() : m_set(false), m_value(0) { }
bool m_set;
double m_value;
void merge(ConfigDouble *from) {
if (m_set == true || from->m_set == false) {
return;
}
m_set = true;
m_value = from->m_value;
return;
}
};
class ConfigString {
public:
ConfigString() : m_set(false), m_value("") { }
bool m_set;
std::string m_value;
void merge(ConfigString *from) {
if (m_set == true || from->m_set == false) {
return;
}
m_set = true;
m_value = from->m_value;
return;
}
};
class ConfigSet {
public:
ConfigSet() : m_set(false), m_clear(false) { }
bool m_set;
bool m_clear;
std::set<std::string> m_value;
};
class UnicodeMapHolder {
public:
UnicodeMapHolder() {
memset(m_data, -1, (sizeof(int)*65536));
};
int& operator[](int index) { return m_data[index]; }
int operator[](int index) const { return m_data[index]; }
int at(int index) const { return m_data[index]; }
void change(int i, int a) { m_data[i] = a; }
int m_data[65536];
};
class RulesSetProperties;
class ConfigUnicodeMap {
public:
ConfigUnicodeMap() : m_set(false),
m_unicodeCodePage(0),
m_unicodeMapTable(NULL) { }
static void loadConfig(std::string f, double codePage,
RulesSetProperties *driver, std::string *errg);
void merge(ConfigUnicodeMap *from) {
if (from->m_set == false) {
return;
}
m_set = true;
m_unicodeCodePage = from->m_unicodeCodePage;
m_unicodeMapTable = from->m_unicodeMapTable;
return;
}
bool m_set;
double m_unicodeCodePage;
std::shared_ptr<modsecurity::UnicodeMapHolder> m_unicodeMapTable;
};
class RulesSetProperties {
public:
RulesSetProperties() :
m_auditLog(new AuditLog()),
m_requestBodyLimitAction(PropertyNotSetBodyLimitAction),
m_responseBodyLimitAction(PropertyNotSetBodyLimitAction),
m_secRequestBodyAccess(PropertyNotSetConfigBoolean),
m_secResponseBodyAccess(PropertyNotSetConfigBoolean),
m_secXMLExternalEntity(PropertyNotSetConfigBoolean),
m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean),
m_uploadKeepFiles(PropertyNotSetConfigBoolean),
m_debugLog(new DebugLog()),
m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction),
m_secRuleEngine(PropertyNotSetRuleEngine) { }
explicit RulesSetProperties(DebugLog *debugLog) :
m_auditLog(new AuditLog()),
m_requestBodyLimitAction(PropertyNotSetBodyLimitAction),
m_responseBodyLimitAction(PropertyNotSetBodyLimitAction),
m_secRequestBodyAccess(PropertyNotSetConfigBoolean),
m_secResponseBodyAccess(PropertyNotSetConfigBoolean),
m_secXMLExternalEntity(PropertyNotSetConfigBoolean),
m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean),
m_uploadKeepFiles(PropertyNotSetConfigBoolean),
m_debugLog(debugLog),
m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction),
m_secRuleEngine(PropertyNotSetRuleEngine) { }
RulesSetProperties(const RulesSetProperties &r) = delete;
RulesSetProperties &operator =(const RulesSetProperties &r) = delete;
~RulesSetProperties() {
int i = 0;
/** Cleanup the rules */
for (i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<Rule *> rules = m_rules[i];
while (rules.empty() == false) {
Rule *rule = rules.back();
rules.pop_back();
if (rule->refCountDecreaseAndCheck()) {
rule = NULL;
}
}
}
for (i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<actions::Action *> *tmp = &m_defaultActions[i];
while (tmp->empty() == false) {
actions::Action *a = tmp->back();
tmp->pop_back();
if (a->refCountDecreaseAndCheck()) {
a = NULL;
}
}
}
delete m_debugLog;
delete m_auditLog;
}
/**
*
*
*/
enum ConfigBoolean {
TrueConfigBoolean,
FalseConfigBoolean,
PropertyNotSetConfigBoolean
};
/**
*
* The RuleEngine enumerator consists in mapping the different states
* of the rule engine.
*
*/
enum RuleEngine {
/**
*
* Rules won't be evaluated if Rule Engine is set to DisabledRuleEngine
*
*/
DisabledRuleEngine,
/**
*
* Rules will be evaluated and disturb actions will take place if needed.
*
*/
EnabledRuleEngine,
/**
* Rules will be evaluated but it won't generate any disruptive action.
*
*/
DetectionOnlyRuleEngine,
/**
*
*/
PropertyNotSetRuleEngine
};
/**
*
* Defines what actions should be taken in case the body (response or
* request) is bigger than the expected size.
*
*/
enum BodyLimitAction {
/**
*
* Process partial
*
*/
ProcessPartialBodyLimitAction,
/**
*
* Reject the request
*
*/
RejectBodyLimitAction,
/**
*
*/
PropertyNotSetBodyLimitAction
};
/**
*
* Defines what actions should be taken in case the remote rules failed to
* be downloaded (independent of the circumstances)
*
*
*/
enum OnFailedRemoteRulesAction {
/**
*
* Abort
*
*/
AbortOnFailedRemoteRulesAction,
/**
*
* Warn on logging
*
*/
WarnOnFailedRemoteRulesAction,
/**
*
*/
PropertyNotSetRemoteRulesAction
};
static const char *ruleEngineStateString(RuleEngine i) {
switch (i) {
case DisabledRuleEngine:
return "Disabled";
case EnabledRuleEngine:
return "Enabled";
case DetectionOnlyRuleEngine:
return "DetectionOnly";
case PropertyNotSetRuleEngine:
return "PropertyNotSet/DetectionOnly";
}
return NULL;
}
static std::string configBooleanString(ConfigBoolean i) {
switch (i) {
case TrueConfigBoolean:
return "True";
case FalseConfigBoolean:
return "False";
case PropertyNotSetConfigBoolean:
return "Not set";
}
return NULL;
}
static int mergeProperties(RulesSetProperties *from, RulesSetProperties *to,
std::ostringstream *err) {
int amount_of_rules = 0;
amount_of_rules = appendRules(from->m_rules, to->m_rules, err);
if (amount_of_rules < 0) {
return amount_of_rules;
}
merge_ruleengine_value(to->m_secRuleEngine, from->m_secRuleEngine,
PropertyNotSetRuleEngine);
merge_boolean_value(to->m_secRequestBodyAccess,
from->m_secRequestBodyAccess,
PropertyNotSetConfigBoolean);
merge_boolean_value(to->m_secResponseBodyAccess,
from->m_secResponseBodyAccess,
PropertyNotSetConfigBoolean);
merge_boolean_value(to->m_secXMLExternalEntity,
from->m_secXMLExternalEntity,
PropertyNotSetConfigBoolean);
merge_boolean_value(to->m_uploadKeepFiles,
from->m_uploadKeepFiles,
PropertyNotSetConfigBoolean);
merge_boolean_value(to->m_tmpSaveUploadedFiles,
from->m_tmpSaveUploadedFiles,
PropertyNotSetConfigBoolean);
to->m_argumentsLimit.merge(&from->m_argumentsLimit);
to->m_requestBodyLimit.merge(&from->m_requestBodyLimit);
to->m_responseBodyLimit.merge(&from->m_responseBodyLimit);
merge_bodylimitaction_value(to->m_requestBodyLimitAction,
from->m_requestBodyLimitAction,
PropertyNotSetBodyLimitAction);
merge_bodylimitaction_value(to->m_responseBodyLimitAction,
from->m_responseBodyLimitAction,
PropertyNotSetBodyLimitAction);
to->m_uploadFileLimit.merge(&from->m_uploadFileLimit);
to->m_uploadFileMode.merge(&from->m_uploadFileMode);
to->m_uploadDirectory.merge(&from->m_uploadDirectory);
to->m_uploadTmpDirectory.merge(&from->m_uploadTmpDirectory);
to->m_secArgumentSeparator.merge(&from->m_secArgumentSeparator);
to->m_secWebAppId.merge(&from->m_secWebAppId);
to->m_unicodeMapTable.merge(&from->m_unicodeMapTable);
to->m_httpblKey.merge(&from->m_httpblKey);
to->m_exceptions.merge(&from->m_exceptions);
to->m_components.insert(to->m_components.end(),
from->m_components.begin(), from->m_components.end());
if (from->m_responseBodyTypeToBeInspected.m_set == true) {
if (from->m_responseBodyTypeToBeInspected.m_clear == true) {
to->m_responseBodyTypeToBeInspected.m_value.clear();
from->m_responseBodyTypeToBeInspected.m_value.clear();
} else {
for (std::set<std::string>::iterator
it = from->m_responseBodyTypeToBeInspected.m_value.begin();
it != from->m_responseBodyTypeToBeInspected.m_value.end();
++it) {
to->m_responseBodyTypeToBeInspected.m_value.insert(*it);
}
}
to->m_responseBodyTypeToBeInspected.m_set = true;
}
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<actions::Action *> *actions_from = \
from->m_defaultActions+i;
std::vector<actions::Action *> *actions_to = to->m_defaultActions+i;
for (size_t j = 0; j < actions_from->size(); j++) {
actions::Action *action = actions_from->at(j);
action->refCountIncrease();
actions_to->push_back(action);
}
}
if (to->m_auditLog) {
std::string error;
to->m_auditLog->merge(from->m_auditLog, &error);
if (error.size() > 0) {
*err << error;
return -1;
}
}
if (from->m_debugLog && to->m_debugLog &&
from->m_debugLog->isLogFileSet()) {
if (to->m_debugLog->isLogFileSet() == false) {
std::string error;
to->m_debugLog->setDebugLogFile(
from->m_debugLog->getDebugLogFile(),
&error);
if (error.size() > 0) {
*err << error;
return -1;
}
}
}
if (from->m_debugLog && to->m_debugLog &&
from->m_debugLog->isLogLevelSet()) {
if (to->m_debugLog->isLogLevelSet() == false) {
to->m_debugLog->setDebugLogLevel(
from->m_debugLog->getDebugLogLevel());
}
}
return amount_of_rules;
}
static int appendRules(
std::vector<modsecurity::Rule *> *from,
std::vector<modsecurity::Rule *> *to,
std::ostringstream *err) {
int amount_of_rules = 0;
// TODO: std::vector could be replaced with something more efficient.
std::vector<int64_t> v;
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<modsecurity::Rule *> *rules_to = to+i;
v.reserve(rules_to->size());
for (size_t z = 0; z < rules_to->size(); z++) {
Rule *rule_ckc = rules_to->at(z);
if (rule_ckc->m_secMarker == true) {
continue;
}
v.push_back(rule_ckc->m_ruleId);
}
}
std::sort (v.begin(), v.end());
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<modsecurity::Rule *> *rules_from = from+i;
std::vector<modsecurity::Rule *> *rules_to = to+i;
for (size_t j = 0; j < rules_from->size(); j++) {
Rule *rule = rules_from->at(j);
if (std::binary_search(v.begin(), v.end(), rule->m_ruleId)) {
if (err != NULL) {
*err << "Rule id: " << std::to_string(rule->m_ruleId) \
<< " is duplicated" << std::endl;
}
return -1;
}
amount_of_rules++;
rule->refCountIncrease();
rules_to->push_back(rule);
}
}
return amount_of_rules;
}
std::vector<modsecurity::Rule *> *getRulesForPhase(int phase) {
if (phase >= modsecurity::Phases::NUMBER_OF_PHASES) {
return NULL;
}
return &m_rules[phase];
}
audit_log::AuditLog *m_auditLog;
BodyLimitAction m_requestBodyLimitAction;
BodyLimitAction m_responseBodyLimitAction;
ConfigBoolean m_secRequestBodyAccess;
ConfigBoolean m_secResponseBodyAccess;
ConfigBoolean m_secXMLExternalEntity;
ConfigBoolean m_tmpSaveUploadedFiles;
ConfigBoolean m_uploadKeepFiles;
ConfigDouble m_argumentsLimit;
ConfigDouble m_requestBodyLimit;
ConfigDouble m_requestBodyNoFilesLimit;
ConfigDouble m_responseBodyLimit;
ConfigInt m_uploadFileLimit;
ConfigInt m_uploadFileMode;
DebugLog *m_debugLog;
OnFailedRemoteRulesAction m_remoteRulesActionOnFailed;
RuleEngine m_secRuleEngine;
RulesExceptions m_exceptions;
std::list<std::string> m_components;
std::ostringstream m_parserError;
ConfigSet m_responseBodyTypeToBeInspected;
ConfigString m_httpblKey;
ConfigString m_uploadDirectory;
ConfigString m_uploadTmpDirectory;
ConfigString m_secArgumentSeparator;
ConfigString m_secWebAppId;
std::vector<actions::Action *> m_defaultActions[modsecurity::Phases::NUMBER_OF_PHASES];
std::vector<modsecurity::Rule *> m_rules[modsecurity::Phases::NUMBER_OF_PHASES];
ConfigUnicodeMap m_unicodeMapTable;
};
#endif
#ifdef __cplusplus
} // namespace modsecurity
#endif
#endif // HEADERS_MODSECURITY_RULES_SET_PROPERTIES_H_

6
src/Makefile.am
View File

@ -45,8 +45,8 @@ pkginclude_HEADERS = \
../headers/modsecurity/rule_message.h \ ../headers/modsecurity/rule_message.h \
../headers/modsecurity/rules.h \ ../headers/modsecurity/rules.h \
../headers/modsecurity/rules_set.h \ ../headers/modsecurity/rules_set.h \
../headers/modsecurity/rules_set_properties.h \
../headers/modsecurity/rules_exceptions.h \ ../headers/modsecurity/rules_exceptions.h \
../headers/modsecurity/rules_properties.h \
../headers/modsecurity/transaction.h \ ../headers/modsecurity/transaction.h \
../headers/modsecurity/variable_origin.h \ ../headers/modsecurity/variable_origin.h \
../headers/modsecurity/variable_value.h ../headers/modsecurity/variable_value.h
@ -274,7 +274,8 @@ libmodsecurity_la_SOURCES = \
audit_log/writer/serial.cc \ audit_log/writer/serial.cc \
audit_log/writer/parallel.cc \ audit_log/writer/parallel.cc \
modsecurity.cc \ modsecurity.cc \
rules.cc \ rules_set.cc \
rules_set_properties.cc \
debug_log/debug_log.cc \ debug_log/debug_log.cc \
debug_log/debug_log_writer.cc \ debug_log/debug_log_writer.cc \
run_time_string.cc \ run_time_string.cc \
@ -283,7 +284,6 @@ libmodsecurity_la_SOURCES = \
rule_script.cc \ rule_script.cc \
unique_id.cc \ unique_id.cc \
rules_exceptions.cc \ rules_exceptions.cc \
rules_properties.cc \
${BODY_PROCESSORS} \ ${BODY_PROCESSORS} \
${ACTIONS} \ ${ACTIONS} \
${ENGINES} \ ${ENGINES} \

6
src/actions/ctl/request_body_access.cc
View File

@ -18,7 +18,7 @@
#include <iostream> #include <iostream>
#include <string> #include <string>
#include "modsecurity/rules_properties.h" #include "modsecurity/rules_set_properties.h"
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
namespace modsecurity { namespace modsecurity {
@ -44,9 +44,9 @@ bool RequestBodyAccess::init(std::string *error) {
bool RequestBodyAccess::evaluate(Rule *rule, Transaction *transaction) { bool RequestBodyAccess::evaluate(Rule *rule, Transaction *transaction) {
if (m_request_body_access) { if (m_request_body_access) {
transaction->m_requestBodyAccess = RulesProperties::TrueConfigBoolean; transaction->m_requestBodyAccess = RulesSetProperties::TrueConfigBoolean;
} else { } else {
transaction->m_requestBodyAccess = RulesProperties::FalseConfigBoolean; transaction->m_requestBodyAccess = RulesSetProperties::FalseConfigBoolean;
} }
return true; return true;

10
src/actions/ctl/rule_engine.cc
View File

@ -18,8 +18,8 @@
#include <iostream> #include <iostream>
#include <string> #include <string>
#include "modsecurity/rules_set_properties.h"
#include "modsecurity/rules_set.h" #include "modsecurity/rules_set.h"
#include "modsecurity/rules_properties.h"
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
namespace modsecurity { namespace modsecurity {
@ -31,11 +31,11 @@ bool RuleEngine::init(std::string *error) {
std::string what(m_parser_payload, 11, m_parser_payload.size() - 11); std::string what(m_parser_payload, 11, m_parser_payload.size() - 11);
if (what == "on") { if (what == "on") {
m_ruleEngine = RulesProperties::EnabledRuleEngine; m_ruleEngine = RulesSetProperties::EnabledRuleEngine;
} else if (what == "off") { } else if (what == "off") {
m_ruleEngine = RulesProperties::DisabledRuleEngine; m_ruleEngine = RulesSetProperties::DisabledRuleEngine;
} else if (what == "detectiononly") { } else if (what == "detectiononly") {
m_ruleEngine = RulesProperties::DetectionOnlyRuleEngine; m_ruleEngine = RulesSetProperties::DetectionOnlyRuleEngine;
} else { } else {
error->assign("Internal error. Expected: On, Off or DetectionOnly; " \ error->assign("Internal error. Expected: On, Off or DetectionOnly; " \
"got: " + m_parser_payload); "got: " + m_parser_payload);
@ -48,7 +48,7 @@ bool RuleEngine::init(std::string *error) {
bool RuleEngine::evaluate(Rule *rule, Transaction *transaction) { bool RuleEngine::evaluate(Rule *rule, Transaction *transaction) {
std::stringstream a; std::stringstream a;
a << "Setting SecRuleEngine to "; a << "Setting SecRuleEngine to ";
a << modsecurity::RulesProperties::ruleEngineStateString(m_ruleEngine); a << modsecurity::RulesSetProperties::ruleEngineStateString(m_ruleEngine);
a << " as requested by a ctl:ruleEngine action"; a << " as requested by a ctl:ruleEngine action";
ms_dbg_a(transaction, 8, a.str()); ms_dbg_a(transaction, 8, a.str());

6
src/actions/ctl/rule_engine.h
View File

@ -15,9 +15,9 @@
#include <string> #include <string>
#include "modsecurity/rules_set_properties.h"
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "modsecurity/rules_properties.h"
#ifndef SRC_ACTIONS_CTL_RULE_ENGINE_H_ #ifndef SRC_ACTIONS_CTL_RULE_ENGINE_H_
@ -32,12 +32,12 @@ class RuleEngine : public Action {
public: public:
explicit RuleEngine(const std::string &action) explicit RuleEngine(const std::string &action)
: Action(action, RunTimeOnlyIfMatchKind), : Action(action, RunTimeOnlyIfMatchKind),
m_ruleEngine(RulesProperties::PropertyNotSetRuleEngine) { } m_ruleEngine(RulesSetProperties::PropertyNotSetRuleEngine) { }
bool init(std::string *error) override; bool init(std::string *error) override;
bool evaluate(Rule *rule, Transaction *transaction) override; bool evaluate(Rule *rule, Transaction *transaction) override;
RulesProperties::RuleEngine m_ruleEngine; RulesSetProperties::RuleEngine m_ruleEngine;
}; };

2
src/actions/transformations/url_decode_uni.cc
View File

@ -25,12 +25,12 @@
#include <locale> #include <locale>
#include <cstring> #include <cstring>
#include "modsecurity/rules_set_properties.h"
#include "modsecurity/rules_set.h" #include "modsecurity/rules_set.h"
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "src/actions/transformations/transformation.h" #include "src/actions/transformations/transformation.h"
#include "src/utils/string.h" #include "src/utils/string.h"
#include "src/utils/system.h" #include "src/utils/system.h"
#include "modsecurity/rules_properties.h"
namespace modsecurity { namespace modsecurity {

2
src/actions/transformations/url_decode_uni.h
View File

@ -15,8 +15,8 @@
#include <string> #include <string>
#include "modsecurity/rules_set_properties.h"
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "modsecurity/rules_properties.h"
#include "src/actions/transformations/transformation.h" #include "src/actions/transformations/transformation.h"
#ifndef SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_UNI_H_ #ifndef SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_UNI_H_

4
src/operators/verify_svnr.cc
View File

@ -7,7 +7,9 @@
#include "modsecurity/rule.h" #include "modsecurity/rule.h"
#include "modsecurity/rule_message.h" #include "modsecurity/rule_message.h"
#include "modsecurity/rules_properties.h" #include "modsecurity/rules_set_properties.h"
namespace modsecurity { namespace modsecurity {
namespace operators { namespace operators {

5
src/parser/driver.cc
View File

@ -15,8 +15,9 @@
#include "src/parser/driver.h" #include "src/parser/driver.h"
#include "modsecurity/rules_set_properties.h"
#include "src/parser/seclang-parser.hh"
#include "modsecurity/audit_log.h" #include "modsecurity/audit_log.h"
#include "modsecurity/rules_properties.h"
using modsecurity::audit_log::AuditLog; using modsecurity::audit_log::AuditLog;
using modsecurity::Rule; using modsecurity::Rule;
@ -25,7 +26,7 @@ namespace modsecurity {
namespace Parser { namespace Parser {
Driver::Driver() Driver::Driver()
: RulesProperties(), : RulesSetProperties(),
trace_scanning(false), trace_scanning(false),
trace_parsing(false), trace_parsing(false),
lastRule(NULL) { } lastRule(NULL) { }

4
src/parser/driver.h
View File

@ -27,7 +27,7 @@
#include "modsecurity/modsecurity.h" #include "modsecurity/modsecurity.h"
#include "modsecurity/rules_set.h" #include "modsecurity/rules_set.h"
#include "modsecurity/rules_properties.h" #include "modsecurity/rules_set_properties.h"
#include "modsecurity/audit_log.h" #include "modsecurity/audit_log.h"
#include "src/rule_script.h" #include "src/rule_script.h"
#ifndef MS_CPPCHECK_DISABLED_FOR_PARSER #ifndef MS_CPPCHECK_DISABLED_FOR_PARSER
@ -61,7 +61,7 @@ typedef struct Driver_t Driver;
* driver class. * driver class.
* *
**/ **/
class Driver : public RulesProperties { class Driver : public RulesSetProperties {
public: public:
Driver(); Driver();
virtual ~Driver(); virtual ~Driver();

20
src/parser/seclang-parser.cc
View File

@ -1847,7 +1847,7 @@ namespace yy {
case 21: case 21:
#line 803 "seclang-parser.yy" #line 803 "seclang-parser.yy"
{ {
driver.m_uploadKeepFiles = modsecurity::RulesProperties::TrueConfigBoolean; driver.m_uploadKeepFiles = modsecurity::RulesSetProperties::TrueConfigBoolean;
} }
#line 1853 "seclang-parser.cc" #line 1853 "seclang-parser.cc"
break; break;
@ -1855,7 +1855,7 @@ namespace yy {
case 22: case 22:
#line 807 "seclang-parser.yy" #line 807 "seclang-parser.yy"
{ {
driver.m_uploadKeepFiles = modsecurity::RulesProperties::FalseConfigBoolean; driver.m_uploadKeepFiles = modsecurity::RulesSetProperties::FalseConfigBoolean;
} }
#line 1861 "seclang-parser.cc" #line 1861 "seclang-parser.cc"
break; break;
@ -1899,7 +1899,7 @@ namespace yy {
case 27: case 27:
#line 831 "seclang-parser.yy" #line 831 "seclang-parser.yy"
{ {
driver.m_tmpSaveUploadedFiles = modsecurity::RulesProperties::TrueConfigBoolean; driver.m_tmpSaveUploadedFiles = modsecurity::RulesSetProperties::TrueConfigBoolean;
} }
#line 1905 "seclang-parser.cc" #line 1905 "seclang-parser.cc"
break; break;
@ -1907,7 +1907,7 @@ namespace yy {
case 28: case 28:
#line 835 "seclang-parser.yy" #line 835 "seclang-parser.yy"
{ {
driver.m_tmpSaveUploadedFiles = modsecurity::RulesProperties::FalseConfigBoolean; driver.m_tmpSaveUploadedFiles = modsecurity::RulesSetProperties::FalseConfigBoolean;
} }
#line 1913 "seclang-parser.cc" #line 1913 "seclang-parser.cc"
break; break;
@ -2495,7 +2495,7 @@ namespace yy {
case 83: case 83:
#line 1223 "seclang-parser.yy" #line 1223 "seclang-parser.yy"
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesProperties::TrueConfigBoolean; driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
} }
#line 2501 "seclang-parser.cc" #line 2501 "seclang-parser.cc"
break; break;
@ -2503,7 +2503,7 @@ namespace yy {
case 84: case 84:
#line 1227 "seclang-parser.yy" #line 1227 "seclang-parser.yy"
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesProperties::FalseConfigBoolean; driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::FalseConfigBoolean;
} }
#line 2509 "seclang-parser.cc" #line 2509 "seclang-parser.cc"
break; break;
@ -2511,7 +2511,7 @@ namespace yy {
case 85: case 85:
#line 1231 "seclang-parser.yy" #line 1231 "seclang-parser.yy"
{ {
driver.m_secResponseBodyAccess = modsecurity::RulesProperties::TrueConfigBoolean; driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
} }
#line 2517 "seclang-parser.cc" #line 2517 "seclang-parser.cc"
break; break;
@ -2519,7 +2519,7 @@ namespace yy {
case 86: case 86:
#line 1235 "seclang-parser.yy" #line 1235 "seclang-parser.yy"
{ {
driver.m_secResponseBodyAccess = modsecurity::RulesProperties::FalseConfigBoolean; driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::FalseConfigBoolean;
} }
#line 2525 "seclang-parser.cc" #line 2525 "seclang-parser.cc"
break; break;
@ -3127,7 +3127,7 @@ namespace yy {
case 142: case 142:
#line 1640 "seclang-parser.yy" #line 1640 "seclang-parser.yy"
{ {
driver.m_secXMLExternalEntity = modsecurity::RulesProperties::FalseConfigBoolean; driver.m_secXMLExternalEntity = modsecurity::RulesSetProperties::FalseConfigBoolean;
} }
#line 3133 "seclang-parser.cc" #line 3133 "seclang-parser.cc"
break; break;
@ -3135,7 +3135,7 @@ namespace yy {
case 143: case 143:
#line 1644 "seclang-parser.yy" #line 1644 "seclang-parser.yy"
{ {
driver.m_secXMLExternalEntity = modsecurity::RulesProperties::TrueConfigBoolean; driver.m_secXMLExternalEntity = modsecurity::RulesSetProperties::TrueConfigBoolean;
} }
#line 3141 "seclang-parser.cc" #line 3141 "seclang-parser.cc"
break; break;

2
src/parser/seclang-parser.hh
View File

@ -187,7 +187,7 @@ class Driver;
#include "modsecurity/audit_log.h" #include "modsecurity/audit_log.h"
#include "modsecurity/modsecurity.h" #include "modsecurity/modsecurity.h"
#include "modsecurity/rules_properties.h" #include "modsecurity/rules_set_properties.h"
#include "modsecurity/rule.h" #include "modsecurity/rule.h"
#include "src/operators/operator.h" #include "src/operators/operator.h"
#include "src/utils/geo_lookup.h" #include "src/utils/geo_lookup.h"

22
src/parser/seclang-parser.yy
View File

@ -149,7 +149,7 @@ class Driver;
#include "modsecurity/audit_log.h" #include "modsecurity/audit_log.h"
#include "modsecurity/modsecurity.h" #include "modsecurity/modsecurity.h"
#include "modsecurity/rules_properties.h" #include "modsecurity/rules_set_properties.h"
#include "modsecurity/rule.h" #include "modsecurity/rule.h"
#include "src/operators/operator.h" #include "src/operators/operator.h"
#include "src/utils/geo_lookup.h" #include "src/utils/geo_lookup.h"
@ -801,11 +801,11 @@ audit_log:
/* Upload */ /* Upload */
| CONFIG_UPDLOAD_KEEP_FILES CONFIG_VALUE_ON | CONFIG_UPDLOAD_KEEP_FILES CONFIG_VALUE_ON
{ {
driver.m_uploadKeepFiles = modsecurity::RulesProperties::TrueConfigBoolean; driver.m_uploadKeepFiles = modsecurity::RulesSetProperties::TrueConfigBoolean;
} }
| CONFIG_UPDLOAD_KEEP_FILES CONFIG_VALUE_OFF | CONFIG_UPDLOAD_KEEP_FILES CONFIG_VALUE_OFF
{ {
driver.m_uploadKeepFiles = modsecurity::RulesProperties::FalseConfigBoolean; driver.m_uploadKeepFiles = modsecurity::RulesSetProperties::FalseConfigBoolean;
} }
| CONFIG_UPDLOAD_KEEP_FILES CONFIG_VALUE_RELEVANT_ONLY | CONFIG_UPDLOAD_KEEP_FILES CONFIG_VALUE_RELEVANT_ONLY
{ {
@ -829,11 +829,11 @@ audit_log:
} }
| CONFIG_UPDLOAD_SAVE_TMP_FILES CONFIG_VALUE_ON | CONFIG_UPDLOAD_SAVE_TMP_FILES CONFIG_VALUE_ON
{ {
driver.m_tmpSaveUploadedFiles = modsecurity::RulesProperties::TrueConfigBoolean; driver.m_tmpSaveUploadedFiles = modsecurity::RulesSetProperties::TrueConfigBoolean;
} }
| CONFIG_UPDLOAD_SAVE_TMP_FILES CONFIG_VALUE_OFF | CONFIG_UPDLOAD_SAVE_TMP_FILES CONFIG_VALUE_OFF
{ {
driver.m_tmpSaveUploadedFiles = modsecurity::RulesProperties::FalseConfigBoolean; driver.m_tmpSaveUploadedFiles = modsecurity::RulesSetProperties::FalseConfigBoolean;
} }
; ;
@ -1221,19 +1221,19 @@ expression:
} }
| CONFIG_DIR_REQ_BODY CONFIG_VALUE_ON | CONFIG_DIR_REQ_BODY CONFIG_VALUE_ON
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesProperties::TrueConfigBoolean; driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
} }
| CONFIG_DIR_REQ_BODY CONFIG_VALUE_OFF | CONFIG_DIR_REQ_BODY CONFIG_VALUE_OFF
{ {
driver.m_secRequestBodyAccess = modsecurity::RulesProperties::FalseConfigBoolean; driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::FalseConfigBoolean;
} }
| CONFIG_DIR_RES_BODY CONFIG_VALUE_ON | CONFIG_DIR_RES_BODY CONFIG_VALUE_ON
{ {
driver.m_secResponseBodyAccess = modsecurity::RulesProperties::TrueConfigBoolean; driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean;
} }
| CONFIG_DIR_RES_BODY CONFIG_VALUE_OFF | CONFIG_DIR_RES_BODY CONFIG_VALUE_OFF
{ {
driver.m_secResponseBodyAccess = modsecurity::RulesProperties::FalseConfigBoolean; driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::FalseConfigBoolean;
} }
| CONFIG_SEC_ARGUMENT_SEPARATOR | CONFIG_SEC_ARGUMENT_SEPARATOR
{ {
@ -1638,11 +1638,11 @@ expression:
} }
| CONFIG_XML_EXTERNAL_ENTITY CONFIG_VALUE_OFF | CONFIG_XML_EXTERNAL_ENTITY CONFIG_VALUE_OFF
{ {
driver.m_secXMLExternalEntity = modsecurity::RulesProperties::FalseConfigBoolean; driver.m_secXMLExternalEntity = modsecurity::RulesSetProperties::FalseConfigBoolean;
} }
| CONFIG_XML_EXTERNAL_ENTITY CONFIG_VALUE_ON | CONFIG_XML_EXTERNAL_ENTITY CONFIG_VALUE_ON
{ {
driver.m_secXMLExternalEntity = modsecurity::RulesProperties::TrueConfigBoolean; driver.m_secXMLExternalEntity = modsecurity::RulesSetProperties::TrueConfigBoolean;
} }
| CONGIG_DIR_SEC_TMP_DIR | CONGIG_DIR_SEC_TMP_DIR
{ {

8
src/request_body_processor/multipart.cc
View File

@ -73,12 +73,12 @@ Multipart::Multipart(const std::string &header, Transaction *transaction)
Multipart::~Multipart() { Multipart::~Multipart() {
ms_dbg_a(m_transaction, 4, ms_dbg_a(m_transaction, 4,
"Multipart: Cleanup started (keep files set to " \ "Multipart: Cleanup started (keep files set to " \
+ RulesProperties::configBooleanString( + RulesSetProperties::configBooleanString(
m_transaction->m_rules->m_uploadKeepFiles) \ m_transaction->m_rules->m_uploadKeepFiles) \
+ ")"); + ")");
if (m_transaction->m_rules->m_uploadKeepFiles if (m_transaction->m_rules->m_uploadKeepFiles
!= RulesProperties::TrueConfigBoolean) { != RulesSetProperties::TrueConfigBoolean) {
for (MultipartPart *m : m_parts) { for (MultipartPart *m : m_parts) {
if (m->m_type == MULTIPART_FILE) { if (m->m_type == MULTIPART_FILE) {
if (!m->m_tmp_file_name.empty()) { if (!m->m_tmp_file_name.empty()) {
@ -514,9 +514,9 @@ int Multipart::process_part_data(std::string *error, size_t offset) {
/* add data to the part we are building */ /* add data to the part we are building */
if (m_mpp->m_type == MULTIPART_FILE) { if (m_mpp->m_type == MULTIPART_FILE) {
bool extract = m_transaction->m_rules->m_uploadKeepFiles \ bool extract = m_transaction->m_rules->m_uploadKeepFiles \
== RulesProperties::TrueConfigBoolean \ == RulesSetProperties::TrueConfigBoolean \
|| m_transaction->m_rules->m_tmpSaveUploadedFiles \ || m_transaction->m_rules->m_tmpSaveUploadedFiles \
== RulesProperties::TrueConfigBoolean; == RulesSetProperties::TrueConfigBoolean;
/* remember where we started */ /* remember where we started */
if (m_mpp->m_length == 0) { if (m_mpp->m_length == 0) {

2
src/request_body_processor/xml.cc
View File

@ -48,7 +48,7 @@ XML::~XML() {
bool XML::init() { bool XML::init() {
//xmlParserInputBufferCreateFilenameFunc entity; //xmlParserInputBufferCreateFilenameFunc entity;
if (m_transaction->m_rules->m_secXMLExternalEntity if (m_transaction->m_rules->m_secXMLExternalEntity
== RulesProperties::TrueConfigBoolean) { == RulesSetProperties::TrueConfigBoolean) {
/*entity = */xmlParserInputBufferCreateFilenameDefault( /*entity = */xmlParserInputBufferCreateFilenameDefault(
__xmlParserInputBufferCreateFilename); __xmlParserInputBufferCreateFilename);
} else { } else {

8
src/rules.cc → src/rules_set.cc
View File

@ -223,8 +223,8 @@ int RulesSet::evaluate(int phase, Transaction *t) {
int RulesSet::merge(Driver *from) { int RulesSet::merge(Driver *from) {
int amount_of_rules = 0; int amount_of_rules = 0;
amount_of_rules = mergeProperties( amount_of_rules = mergeProperties(
dynamic_cast<RulesProperties *>(from), dynamic_cast<RulesSetProperties *>(from),
dynamic_cast<RulesProperties *>(this), dynamic_cast<RulesSetProperties *>(this),
&m_parserError); &m_parserError);
return amount_of_rules; return amount_of_rules;
@ -234,8 +234,8 @@ int RulesSet::merge(Driver *from) {
int RulesSet::merge(RulesSet *from) { int RulesSet::merge(RulesSet *from) {
int amount_of_rules = 0; int amount_of_rules = 0;
amount_of_rules = mergeProperties( amount_of_rules = mergeProperties(
dynamic_cast<RulesProperties *>(from), dynamic_cast<RulesSetProperties *>(from),
dynamic_cast<RulesProperties *>(this), dynamic_cast<RulesSetProperties *>(this),
&m_parserError); &m_parserError);
return amount_of_rules; return amount_of_rules;

5
src/rules_properties.cc → src/rules_set_properties.cc
View File

@ -13,10 +13,9 @@
* *
*/ */
#include "modsecurity/rules_properties.h"
#include <string> #include <string>
#include "modsecurity/rules_set_properties.h"
#include "src/utils/string.h" #include "src/utils/string.h"
#include "src/variables/variable.h" #include "src/variables/variable.h"
@ -24,7 +23,7 @@ namespace modsecurity {
void ConfigUnicodeMap::loadConfig(std::string f, double configCodePage, void ConfigUnicodeMap::loadConfig(std::string f, double configCodePage,
RulesProperties *driver, std::string *errg) { RulesSetProperties *driver, std::string *errg) {
char *buf = NULL; char *buf = NULL;
char *hmap = NULL; char *hmap = NULL;
char *p = NULL; char *p = NULL;

20
src/transaction.cc
View File

@ -49,7 +49,7 @@
#include "src/utils/random.h" #include "src/utils/random.h"
#include "modsecurity/rule.h" #include "modsecurity/rule.h"
#include "modsecurity/rule_message.h" #include "modsecurity/rule_message.h"
#include "modsecurity/rules_properties.h" #include "modsecurity/rules_set_properties.h"
#include "src/actions/disruptive/allow.h" #include "src/actions/disruptive/allow.h"
#include "src/variables/remote_user.h" #include "src/variables/remote_user.h"
@ -147,7 +147,7 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, void *logCbData)
#else #else
m_json(NULL), m_json(NULL),
#endif #endif
m_secRuleEngine(RulesProperties::PropertyNotSetRuleEngine), m_secRuleEngine(RulesSetProperties::PropertyNotSetRuleEngine),
m_variableDuration(""), m_variableDuration(""),
m_variableEnvs(), m_variableEnvs(),
m_variableHighestSeverityAction(""), m_variableHighestSeverityAction(""),
@ -220,7 +220,7 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, char *id, void *logCb
#else #else
m_json(NULL), m_json(NULL),
#endif #endif
m_secRuleEngine(RulesProperties::PropertyNotSetRuleEngine), m_secRuleEngine(RulesSetProperties::PropertyNotSetRuleEngine),
m_variableDuration(""), m_variableDuration(""),
m_variableEnvs(), m_variableEnvs(),
m_variableHighestSeverityAction(""), m_variableHighestSeverityAction(""),
@ -778,7 +778,7 @@ int Transaction::addRequestHeader(const unsigned char *key, size_t key_n,
int Transaction::processRequestBody() { int Transaction::processRequestBody() {
ms_dbg(4, "Starting phase REQUEST_BODY. (SecRules 2)"); ms_dbg(4, "Starting phase REQUEST_BODY. (SecRules 2)");
if (getRuleEngineState() == RulesProperties::DisabledRuleEngine) { if (getRuleEngineState() == RulesSetProperties::DisabledRuleEngine) {
ms_dbg(4, "Rule engine disabled, returning..."); ms_dbg(4, "Rule engine disabled, returning...");
return true; return true;
} }
@ -891,8 +891,8 @@ int Transaction::processRequestBody() {
m_variableReqbodyProcessorError.set("0", m_variableOffset); m_variableReqbodyProcessorError.set("0", m_variableOffset);
} }
if (m_rules->m_secRequestBodyAccess == RulesProperties::FalseConfigBoolean) { if (m_rules->m_secRequestBodyAccess == RulesSetProperties::FalseConfigBoolean) {
if (m_requestBodyAccess != RulesProperties::TrueConfigBoolean) { if (m_requestBodyAccess != RulesSetProperties::TrueConfigBoolean) {
ms_dbg(4, "Request body processing is disabled"); ms_dbg(4, "Request body processing is disabled");
return true; return true;
} else { } else {
@ -901,7 +901,7 @@ int Transaction::processRequestBody() {
"action"); "action");
} }
} else { } else {
if (m_requestBodyAccess == RulesProperties::FalseConfigBoolean) { if (m_requestBodyAccess == RulesSetProperties::FalseConfigBoolean) {
ms_dbg(4, "Request body processing is enabled, but " \ ms_dbg(4, "Request body processing is enabled, but " \
"disabled to this transaction due to ctl:requestBodyAccess " \ "disabled to this transaction due to ctl:requestBodyAccess " \
"action"); "action");
@ -1189,7 +1189,7 @@ int Transaction::processResponseBody() {
return true; return true;
} }
if (m_rules->m_secResponseBodyAccess != RulesProperties::TrueConfigBoolean) { if (m_rules->m_secResponseBodyAccess != RulesSetProperties::TrueConfigBoolean) {
ms_dbg(4, "Response body is disabled, returning... " + std::to_string(m_rules->m_secResponseBodyAccess)); ms_dbg(4, "Response body is disabled, returning... " + std::to_string(m_rules->m_secResponseBodyAccess));
return true; return true;
} }
@ -1729,7 +1729,7 @@ std::string Transaction::toJSON(int parts) {
/* producer > engine state */ /* producer > engine state */
LOGFY_ADD("secrules_engine", LOGFY_ADD("secrules_engine",
RulesSet::ruleEngineStateString( RulesSet::ruleEngineStateString(
(RulesProperties::RuleEngine) getRuleEngineState())); (RulesSetProperties::RuleEngine) getRuleEngineState()));
/* producer > components */ /* producer > components */
yajl_gen_string(g, yajl_gen_string(g,
@ -1816,7 +1816,7 @@ void Transaction::serverLog(std::shared_ptr<RuleMessage> rm) {
int Transaction::getRuleEngineState() const { int Transaction::getRuleEngineState() const {
if (m_secRuleEngine == RulesProperties::PropertyNotSetRuleEngine) { if (m_secRuleEngine == RulesSetProperties::PropertyNotSetRuleEngine) {
return m_rules->m_secRuleEngine; return m_rules->m_secRuleEngine;
} }

2
src/variables/xml.cc
View File

@ -36,7 +36,7 @@
#include <utility> #include <utility>
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "modsecurity/rules_properties.h" #include "modsecurity/rules_set_properties.h"
#include "modsecurity/rules_set.h" #include "modsecurity/rules_set.h"
#include "src/request_body_processor/xml.h" #include "src/request_body_processor/xml.h"

18
test/Makefile.am
View File

@ -42,7 +42,6 @@ noinst_HEADERS = \
unit_tests_LDADD = \ unit_tests_LDADD = \
$(top_builddir)/src/.libs/libmodsecurity.a \
$(CURL_LDADD) \ $(CURL_LDADD) \
$(GEOIP_LDADD) \ $(GEOIP_LDADD) \
$(MAXMIND_LDADD) \ $(MAXMIND_LDADD) \
@ -56,7 +55,12 @@ unit_tests_LDADD = \
unit_tests_LDFLAGS = \ unit_tests_LDFLAGS = \
-L$(top_builddir)/src/.libs/ \
$(GEOIP_LDFLAGS) \ $(GEOIP_LDFLAGS) \
-lmodsecurity \
-lpthread \
-lm \
-lstdc++ \
$(MAXMIND_LDFLAGS) \ $(MAXMIND_LDFLAGS) \
$(LMDB_LDFLAGS) \ $(LMDB_LDFLAGS) \
$(LUA_LDFLAGS) \ $(LUA_LDFLAGS) \
@ -92,7 +96,6 @@ regression_tests_SOURCES = \
regression/custom_debug_log.cc regression/custom_debug_log.cc
regression_tests_LDADD = \ regression_tests_LDADD = \
$(top_builddir)/src/.libs/libmodsecurity.a \
$(CURL_LDADD) \ $(CURL_LDADD) \
$(GEOIP_LDADD) \ $(GEOIP_LDADD) \
$(MAXMIND_LDADD) \ $(MAXMIND_LDADD) \
@ -106,7 +109,12 @@ regression_tests_LDADD = \
regression_tests_LDFLAGS = \ regression_tests_LDFLAGS = \
-L$(top_builddir)/src/.libs/ \
$(GEOIP_LDFLAGS) \ $(GEOIP_LDFLAGS) \
-lmodsecurity \
-lpthread \
-lm \
-lstdc++ \
$(MAXMIND_LDFLAGS) \ $(MAXMIND_LDFLAGS) \
$(YAJL_LDFLAGS) \ $(YAJL_LDFLAGS) \
$(LMDB_LDFLAGS) \ $(LMDB_LDFLAGS) \
@ -141,7 +149,6 @@ rules_optimization_SOURCES = \
optimization/optimization.cc optimization/optimization.cc
rules_optimization_LDADD = \ rules_optimization_LDADD = \
$(top_builddir)/src/.libs/libmodsecurity.a \
$(CURL_LDADD) \ $(CURL_LDADD) \
$(GEOIP_LDADD) \ $(GEOIP_LDADD) \
$(MAXMIND_LDADD) \ $(MAXMIND_LDADD) \
@ -154,7 +161,12 @@ rules_optimization_LDADD = \
$(YAJL_LDADD) $(YAJL_LDADD)
rules_optimization_LDFLAGS = \ rules_optimization_LDFLAGS = \
-L$(top_builddir)/src/.libs/ \
$(GEOIP_LDFLAGS) \ $(GEOIP_LDFLAGS) \
-lmodsecurity \
-lpthread \
-lm \
-lstdc++ \
$(MAXMIND_LDFLAGS) \ $(MAXMIND_LDFLAGS) \
$(LMDB_LDFLAGS) \ $(LMDB_LDFLAGS) \
$(LUA_LDFLAGS) \ $(LUA_LDFLAGS) \

8
test/benchmark/Makefile.am
View File

@ -6,7 +6,6 @@ benchmark_SOURCES = \
benchmark.cc benchmark.cc
benchmark_LDADD = \ benchmark_LDADD = \
$(top_builddir)/src/.libs/libmodsecurity.a \
$(CURL_LDADD) \ $(CURL_LDADD) \
$(GEOIP_LDADD) \ $(GEOIP_LDADD) \
$(MAXMIND_LDADD) \ $(MAXMIND_LDADD) \
@ -19,7 +18,12 @@ benchmark_LDADD = \
$(GLOBAL_LDADD) $(GLOBAL_LDADD)
benchmark_LDFLAGS = \ benchmark_LDFLAGS = \
$(top_builddir)/src/.libs/libmodsecurity.a \ -L$(top_builddir)/src/.libs/ \
$(GEOIP_LDFLAGS) \
-lmodsecurity \
-lpthread \
-lm \
-lstdc++ \
$(GEOIP_LDFLAGS) \ $(GEOIP_LDFLAGS) \
$(MAXMIND_LDFLAGS) \ $(MAXMIND_LDFLAGS) \
$(YAJL_LDFLAGS) \ $(YAJL_LDFLAGS) \

2
test/optimization/optimization.cc
View File

@ -20,12 +20,12 @@
#include <string> #include <string>
#include <list> #include <list>
#include "modsecurity/rules_set_properties.h"
#include "modsecurity/rules_set.h" #include "modsecurity/rules_set.h"
#include "modsecurity/modsecurity.h" #include "modsecurity/modsecurity.h"
#include "src/utils/system.h" #include "src/utils/system.h"
#include "src/parser/driver.h" #include "src/parser/driver.h"
#include "src/utils/https_client.h" #include "src/utils/https_client.h"
#include "modsecurity/rules_properties.h"
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
void print_help() { void print_help() {