github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 03:34:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Using direct variable access instead m_collections

Browse Source
This commit is contained in:
Felipe Zimmerle
2018-01-28 02:31:11 -03:00
parent 43bba3f942
commit 6f7fdd9493
17 changed files with 247 additions and 447 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/variables/global.h
View File

@@ -37,11 +37,11 @@ class Global_DictElement : public Variable {
: Variable("GLOBAL"),
m_dictElement("GLOBAL:" + dictElement) { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveMultiMatches(m_dictElement,
"GLOBAL", l);
t->m_collections.m_global_collection->resolveMultiMatches(
m_dictElement, t->m_collections.m_global_collection_key, l);
}
std::string m_dictElement;
@@ -53,10 +53,11 @@ class Global_NoDictElement : public Variable {
Global_NoDictElement()
: Variable("GLOBAL") { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveMultiMatches(m_name, "GLOBAL", l);
t->m_collections.m_global_collection->resolveMultiMatches(m_name,
t->m_collections.m_global_collection_key, l);
}
};
@@ -68,11 +69,11 @@ class Global_DictElementRegexp : public Variable {
m_r(dictElement),
m_dictElement("GLOBAL:" + dictElement) { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveRegularExpression(m_dictElement,
"GLOBAL", l);
t->m_collections.m_global_collection->resolveRegularExpression(
m_dictElement, t->m_collections.m_global_collection_key, l);
}
Utils::Regex m_r;
@@ -86,11 +87,24 @@ class Global_DynamicElement : public Variable {
: Variable("GLOBAL:dynamic"),
m_string(std::move(dictElement)) { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
std::string string = m_string->evaluate(transaction);
transaction->m_collections.resolveMultiMatches("GLOBAL:" + string, "GLOBAL", l);
std::string string = m_string->evaluate(t);
t->m_collections.m_global_collection->resolveMultiMatches(
"GLOBAL:" + string, t->m_collections.m_global_collection_key, l);
}
void del(Transaction *t, std::string k) {
t->m_collections.m_global_collection->del(k,
t->m_collections.m_global_collection_key);
}
void storeOrUpdateFirst(Transaction *t, std::string var,
std::string value) {
t->m_collections.m_global_collection->storeOrUpdateFirst(
"GLOBAL:" + var, t->m_collections.m_global_collection_key, value);
}
std::unique_ptr<RunTimeString> m_string;

35
src/variables/ip.h
View File

@@ -37,10 +37,12 @@ class Ip_DictElement : public Variable {
: Variable("IP:" + dictElement),
m_dictElement("IP:" + dictElement) { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveMultiMatches(m_dictElement, "IP", l);
t->m_collections.m_ip_collection->resolveMultiMatches(m_dictElement,
t->m_collections.m_ip_collection_key, l);
}
std::string m_dictElement;
@@ -52,10 +54,11 @@ class Ip_NoDictElement : public Variable {
Ip_NoDictElement()
: Variable("IP") { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveMultiMatches(m_name, "IP", l);
t->m_collections.m_ip_collection->resolveMultiMatches(m_name,
t->m_collections.m_ip_collection_key, l);
}
};
@@ -67,11 +70,11 @@ class Ip_DictElementRegexp : public Variable {
m_r(dictElement),
m_dictElement("IP:" + dictElement) { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveRegularExpression(m_dictElement,
"IP", l);
t->m_collections.m_ip_collection->resolveRegularExpression(m_dictElement,
t->m_collections.m_ip_collection_key, l);
}
Utils::Regex m_r;
@@ -85,11 +88,23 @@ class Ip_DynamicElement : public Variable {
: Variable("IP:dynamic"),
m_string(std::move(dictElement)) { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
std::string string = m_string->evaluate(transaction);
transaction->m_collections.resolveMultiMatches("IP:" + string, "IP", l);
std::string string = m_string->evaluate(t);
t->m_collections.m_ip_collection->resolveMultiMatches("IP:" + string,
t->m_collections.m_ip_collection_key, l);
}
void del(Transaction *t, std::string k) {
t->m_collections.m_ip_collection->del(k,
t->m_collections.m_ip_collection_key);
}
void storeOrUpdateFirst(Transaction *t, std::string var,
std::string value) {
t->m_collections.m_ip_collection->storeOrUpdateFirst(
"IP:" + var, t->m_collections.m_ip_collection_key, value);
}
std::unique_ptr<RunTimeString> m_string;

43
src/variables/resource.h
View File

@@ -37,11 +37,12 @@ class Resource_DictElement : public Variable {
: Variable("RESOURCE:" + dictElement),
m_dictElement("RESOURCE:" + dictElement) { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveMultiMatches(m_dictElement,
"RESOURCE", transaction->m_rules->m_secWebAppId.m_value, l);
t->m_collections.m_resource_collection->resolveMultiMatches(m_dictElement,
t->m_collections.m_resource_collection_key,
t->m_rules->m_secWebAppId.m_value, l);
}
std::string m_dictElement;
@@ -53,11 +54,12 @@ class Resource_NoDictElement : public Variable {
Resource_NoDictElement()
: Variable("RESOURCE") { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveMultiMatches(m_name, "RESOURCE",
transaction->m_rules->m_secWebAppId.m_value, l);
t->m_collections.m_resource_collection->resolveMultiMatches(m_name,
t->m_collections.m_resource_collection_key,
t->m_rules->m_secWebAppId.m_value, l);
}
};
@@ -69,11 +71,12 @@ class Resource_DictElementRegexp : public Variable {
m_r(dictElement),
m_dictElement("RESOURCE:" + dictElement) { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveRegularExpression(m_dictElement,
"RESOURCE", transaction->m_rules->m_secWebAppId.m_value, l);
t->m_collections.m_resource_collection->resolveRegularExpression(
m_dictElement, t->m_collections.m_resource_collection_key,
t->m_rules->m_secWebAppId.m_value, l);
}
Utils::Regex m_r;
@@ -87,11 +90,27 @@ class Resource_DynamicElement : public Variable {
: Variable("RESOURCE:dynamic"),
m_string(std::move(dictElement)) { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
std::string string = m_string->evaluate(transaction);
transaction->m_collections.resolveMultiMatches("RESOURCE:" + string, "RESOURCE", l);
std::string string = m_string->evaluate(t);
t->m_collections.m_resource_collection->resolveMultiMatches(
"RESOURCE:" + string,
t->m_collections.m_resource_collection_key,
t->m_rules->m_secWebAppId.m_value, l);
}
void del(Transaction *t, std::string k) {
t->m_collections.m_resource_collection->del(k,
t->m_collections.m_resource_collection_key);
}
void storeOrUpdateFirst(Transaction *t, std::string var,
std::string value) {
t->m_collections.m_resource_collection->storeOrUpdateFirst(
"RESOURCE:" + var,
t->m_collections.m_resource_collection_key,
t->m_rules->m_secWebAppId.m_value, value);
}
std::unique_ptr<RunTimeString> m_string;

41
src/variables/session.h
View File

@@ -37,11 +37,12 @@ class Session_DictElement : public Variable {
: Variable("SESSION"),
m_dictElement("SESSION:" + dictElement) { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveMultiMatches(m_dictElement,
"SESSION", transaction->m_rules->m_secWebAppId.m_value, l);
t->m_collections.m_session_collection->resolveMultiMatches(
m_dictElement, t->m_collections.m_session_collection_key,
t->m_rules->m_secWebAppId.m_value, l);
}
std::string m_dictElement;
@@ -53,11 +54,12 @@ class Session_NoDictElement : public Variable {
Session_NoDictElement()
: Variable("SESSION") { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveMultiMatches(m_name, "SESSION",
transaction->m_rules->m_secWebAppId.m_value, l);
t->m_collections.m_session_collection->resolveMultiMatches(m_name,
t->m_collections.m_session_collection_key,
t->m_rules->m_secWebAppId.m_value, l);
}
};
@@ -69,11 +71,12 @@ class Session_DictElementRegexp : public Variable {
m_r(dictElement),
m_dictElement("SESSION:" + dictElement) { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveRegularExpression(m_dictElement,
"SESSION", transaction->m_rules->m_secWebAppId.m_value, l);
t->m_collections.m_session_collection->resolveRegularExpression(m_dictElement,
t->m_collections.m_session_collection_key,
t->m_rules->m_secWebAppId.m_value, l);
}
Utils::Regex m_r;
@@ -87,11 +90,25 @@ class Session_DynamicElement : public Variable {
: Variable("SESSION:dynamic"),
m_string(std::move(dictElement)) { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
std::string string = m_string->evaluate(transaction);
transaction->m_collections.resolveMultiMatches("SESSION:" + string, "SESSION", l);
std::string string = m_string->evaluate(t);
t->m_collections.m_session_collection->resolveMultiMatches(
"SESSION:" + string,
t->m_collections.m_session_collection_key, l);
}
void del(Transaction *t, std::string k) {
t->m_collections.m_session_collection->del(k,
t->m_collections.m_session_collection_key);
}
void storeOrUpdateFirst(Transaction *t, std::string var,
std::string value) {
t->m_collections.m_session_collection->storeOrUpdateFirst(
"SESSION:" + var, t->m_collections.m_session_collection_key,
value);
}
std::unique_ptr<RunTimeString> m_string;

32
src/variables/tx.h
View File

@@ -37,10 +37,11 @@ class Tx_DictElement : public Variable {
: Variable("TX:" + dictElement),
m_dictElement("TX:" + dictElement) { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveMultiMatches(m_dictElement, "TX", l);
t->m_collections.m_tx_collection->resolveMultiMatches(
m_dictElement, l);
}
std::string m_dictElement;
@@ -52,10 +53,10 @@ class Tx_NoDictElement : public Variable {
Tx_NoDictElement()
: Variable("TX") { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveMultiMatches(m_name, "TX", l);
t->m_collections.m_tx_collection->resolveMultiMatches(m_name, l);
}
};
@@ -67,11 +68,11 @@ class Tx_DictElementRegexp : public Variable {
m_r(dictElement),
m_dictElement("TX:" + dictElement) { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveRegularExpression(m_dictElement,
"TX", l);
t->m_collections.m_tx_collection->resolveRegularExpression(
m_dictElement, l);
}
Utils::Regex m_r;
@@ -85,11 +86,22 @@ class Tx_DynamicElement : public Variable {
: Variable("TX:dynamic"),
m_string(std::move(dictElement)) { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
std::string string = m_string->evaluate(transaction);
transaction->m_collections.resolveMultiMatches("TX:" + string, "TX", l);
std::string string = m_string->evaluate(t);
t->m_collections.m_tx_collection->resolveMultiMatches(
"TX:" + string, l);
}
void del(Transaction *t, std::string k) {
t->m_collections.m_tx_collection->del(k);
}
void storeOrUpdateFirst(Transaction *t, std::string var,
std::string value) {
t->m_collections.m_tx_collection->storeOrUpdateFirst(
"TX:" + var, value);
}
std::unique_ptr<RunTimeString> m_string;

40
src/variables/user.h
View File

@@ -37,11 +37,12 @@ class User_DictElement : public Variable {
: Variable("USER"),
m_dictElement("USER:" + dictElement) { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveMultiMatches(m_dictElement,
"USER", transaction->m_rules->m_secWebAppId.m_value, l);
t->m_collections.m_user_collection->resolveMultiMatches(
m_dictElement, t->m_collections.m_user_collection_key,
t->m_rules->m_secWebAppId.m_value, l);
}
std::string m_dictElement;
@@ -53,11 +54,12 @@ class User_NoDictElement : public Variable {
User_NoDictElement()
: Variable("USER") { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveMultiMatches(m_name, "USER",
transaction->m_rules->m_secWebAppId.m_value, l);
t->m_collections.m_user_collection->resolveMultiMatches(m_name,
t->m_collections.m_user_collection_key,
t->m_rules->m_secWebAppId.m_value, l);
}
};
@@ -69,11 +71,12 @@ class User_DictElementRegexp : public Variable {
m_r(dictElement),
m_dictElement("USER:" + dictElement) { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
transaction->m_collections.resolveRegularExpression(m_dictElement,
"USER", transaction->m_rules->m_secWebAppId.m_value, l);
t->m_collections.m_user_collection->resolveRegularExpression(
m_dictElement, t->m_collections.m_user_collection_key,
t->m_rules->m_secWebAppId.m_value, l);
}
Utils::Regex m_r;
@@ -87,11 +90,24 @@ class User_DynamicElement : public Variable {
: Variable("USER:dynamic"),
m_string(std::move(dictElement)) { }
void evaluate(Transaction *transaction,
void evaluate(Transaction *t,
Rule *rule,
std::vector<const collection::Variable *> *l) override {
std::string string = m_string->evaluate(transaction);
transaction->m_collections.resolveMultiMatches("USER:" + string, "USER", l);
std::string string = m_string->evaluate(t);
t->m_collections.m_user_collection->resolveMultiMatches(
"USER:" + string, t->m_collections.m_user_collection_key, l);
}
void del(Transaction *t, std::string k) {
t->m_collections.m_user_collection->del(k,
t->m_collections.m_user_collection_key);
}
void storeOrUpdateFirst(Transaction *t, std::string var,
std::string value) {
t->m_collections.m_user_collection->storeOrUpdateFirst(
"USER:" + var, t->m_collections.m_user_collection_key,
value);
}
std::unique_ptr<RunTimeString> m_string;

10
src/variables/variable.h
View File

@@ -18,6 +18,7 @@
#include <list>
#include <utility>
#include <memory>
#include <exception>
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
@@ -32,6 +33,7 @@ namespace modsecurity {
class Transaction;
namespace Variables {
class Variable {
public:
/**
@@ -191,7 +193,7 @@ class Variable {
} else if (comp(variable, "USERID")) {
t->m_variableUserID.evaluate(l);
} else {
t->m_collections.resolveMultiMatches(variable, l);
throw std::invalid_argument("Variable not found.");
}
} else {
std::string col = std::string(variable, 0, collection);
@@ -244,7 +246,7 @@ class Variable {
} else if (comp(col, "FILES_TMPNAMES")) {
t->m_variableFilesTmpNames.resolve(var, l);
} else {
t->m_collections.resolveMultiMatches(col, var, l);
throw std::invalid_argument("Variable not found.");
}
}
}
@@ -356,7 +358,7 @@ class Variable {
} else if (comp(variable, "USERID")) {
vv = t->m_variableUserID.resolveFirst();
} else {
vv = t->m_collections.resolveFirst(variable);
throw std::invalid_argument("Variable not found.");
}
} else {
std::string col = std::string(variable, 0, collection);
@@ -409,7 +411,7 @@ class Variable {
} else if (comp(col, "FILES_TMPNAMES")) {
vv = t->m_variableFilesTmpNames.resolveFirst(var);
} else {
vv = t->m_collections.resolveFirst(col, var);
throw std::invalid_argument("Variable not found.");
}
}
return std::string(*vv.get());