From 7495675d540b3b3ccce681773205a4fe34daeb64 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Tue, 13 Nov 2018 15:29:55 -0300 Subject: [PATCH] Refactoring: Renames Rules to RulesSet RulesSet does not only contain rules but alse properties --- examples/multiprocess_c/multi.c | 5 +- .../reading_logs_via_rule_message.h | 8 +- .../simple_request.cc | 2 +- examples/simple_example_using_c/test.c | 4 +- .../using_bodies_in_chunks/simple_request.cc | 7 +- headers/modsecurity/rules.h | 98 +--------------- headers/modsecurity/rules_set.h | 109 ++++++++++++++++++ headers/modsecurity/transaction.h | 14 +-- src/Makefile.am | 2 +- src/actions/block.cc | 2 +- src/actions/ctl/rule_engine.cc | 2 +- src/actions/disruptive/allow.cc | 2 +- src/actions/disruptive/deny.h | 2 +- src/actions/disruptive/drop.cc | 4 + src/actions/disruptive/drop.h | 1 - src/actions/disruptive/pass.cc | 2 +- src/actions/exec.cc | 2 +- src/actions/set_var.cc | 2 +- src/actions/severity.cc | 2 +- src/actions/skip.cc | 2 +- src/actions/skip_after.cc | 2 +- src/actions/transformations/url_decode_uni.cc | 4 +- src/audit_log/writer/https.cc | 2 +- src/audit_log/writer/parallel.h | 2 +- src/audit_log/writer/serial.h | 2 +- src/operators/rbl.cc | 2 +- src/parser/driver.h | 4 +- src/parser/seclang-parser.cc | 18 +-- src/parser/seclang-parser.yy | 18 +-- src/parser/seclang-scanner.cc | 4 +- src/parser/seclang-scanner.ll | 4 +- src/request_body_processor/json.h | 2 +- src/request_body_processor/multipart.cc | 2 +- src/request_body_processor/xml.h | 2 +- src/rule.cc | 4 +- src/rule_message.cc | 3 +- src/rule_script.h | 2 +- src/rules.cc | 46 ++++---- src/transaction.cc | 34 +++--- src/variables/variable.h | 2 +- src/variables/xml.cc | 2 +- test/benchmark/benchmark.cc | 6 +- test/fuzzer/afl_fuzzer.cc | 5 +- test/optimization/optimization.cc | 4 +- test/regression/regression.cc | 7 +- test/unit/unit.cc | 3 +- tools/rules-check/rules-check.cc | 6 +- 47 files changed, 239 insertions(+), 225 deletions(-) create mode 100644 headers/modsecurity/rules_set.h diff --git a/examples/multiprocess_c/multi.c b/examples/multiprocess_c/multi.c index ccdb01a3..570f544b 100644 --- a/examples/multiprocess_c/multi.c +++ b/examples/multiprocess_c/multi.c @@ -15,7 +15,7 @@ #include #include -#include +#include #include #include #include @@ -24,12 +24,13 @@ #include #include + #define FORKS 5 #define REQUESTS_PER_PROCESS 100 char main_rule_uri[] = "basic_rules.conf"; -Rules *rules = NULL; +RulesSet *rules = NULL; ModSecurity *modsec = NULL; diff --git a/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h b/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h index 31857e9c..4e369445 100644 --- a/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h +++ b/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h @@ -69,14 +69,14 @@ char ip[] = "200.249.12.31"; struct data_ms { modsecurity::ModSecurity *modsec; - modsecurity::Rules *rules; + modsecurity::RulesSet *rules; }; static void *process_request(void *data) { struct data_ms *a = (struct data_ms *)data; modsecurity::ModSecurity *modsec = a->modsec; - modsecurity::Rules *rules = a->rules; + modsecurity::RulesSet *rules = a->rules; int z = 0; for (z = 0; z < 10000; z++) { @@ -132,7 +132,7 @@ class ReadingLogsViaRuleMessage { void *status; modsecurity::ModSecurity *modsec; - modsecurity::Rules *rules; + modsecurity::RulesSet *rules; modsec = new modsecurity::ModSecurity(); modsec->setConnectorInformation("ModSecurity-test v0.0.1-alpha" \ @@ -140,7 +140,7 @@ class ReadingLogsViaRuleMessage { modsec->setServerLogCb(logCb, modsecurity::RuleMessageLogProperty | modsecurity::IncludeFullHighlightLogProperty); - rules = new modsecurity::Rules(); + rules = new modsecurity::RulesSet(); if (rules->loadFromUri(m_rules.c_str()) < 0) { std::cout << "Problems loading the rules..." << std::endl; std::cout << rules->m_parserError.str() << std::endl; diff --git a/examples/reading_logs_via_rule_message/simple_request.cc b/examples/reading_logs_via_rule_message/simple_request.cc index d79d6c3a..da60d8da 100644 --- a/examples/reading_logs_via_rule_message/simple_request.cc +++ b/examples/reading_logs_via_rule_message/simple_request.cc @@ -17,7 +17,7 @@ #include #include -#include +#include #include "examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h" diff --git a/examples/simple_example_using_c/test.c b/examples/simple_example_using_c/test.c index 1abbb6b1..38272b01 100644 --- a/examples/simple_example_using_c/test.c +++ b/examples/simple_example_using_c/test.c @@ -18,7 +18,7 @@ #include #include "modsecurity/modsecurity.h" -#include "modsecurity/rules.h" +#include "modsecurity/rules_set.h" char main_rule_uri[] = "basic_rules.conf"; @@ -29,7 +29,7 @@ int main (int argc, char **argv) const char *error = NULL; ModSecurity *modsec; Transaction *transaction = NULL; - Rules *rules; + RulesSet *rules; modsec = msc_init(); diff --git a/examples/using_bodies_in_chunks/simple_request.cc b/examples/using_bodies_in_chunks/simple_request.cc index c538e67f..853668bd 100644 --- a/examples/using_bodies_in_chunks/simple_request.cc +++ b/examples/using_bodies_in_chunks/simple_request.cc @@ -19,7 +19,7 @@ #include -#include +#include #include @@ -28,6 +28,7 @@ + char request_uri[] = "/test.pl?param1=test¶2=test2"; char request_body_first[] = "" \ @@ -125,7 +126,7 @@ int process_intervention(modsecurity::Transaction *transaction) { int main(int argc, char **argv) { modsecurity::ModSecurity *modsec; - modsecurity::Rules *rules; + modsecurity::RulesSet *rules; if (argc < 2) { std::cout << "Use " << *argv << " test-case-file.conf"; @@ -150,7 +151,7 @@ int main(int argc, char **argv) { * loading the rules.... * */ - rules = new modsecurity::Rules(); + rules = new modsecurity::RulesSet(); if (rules->loadFromUri(rules_arg.c_str()) < 0) { std::cout << "Problems loading the rules..." << std::endl; std::cout << rules->m_parserError.str() << std::endl; diff --git a/headers/modsecurity/rules.h b/headers/modsecurity/rules.h index 465e04e9..685e7c60 100644 --- a/headers/modsecurity/rules.h +++ b/headers/modsecurity/rules.h @@ -13,101 +13,5 @@ * */ -#include -#include +#include -#ifdef __cplusplus -#include -#include -#include -#include -#include -#endif - - -#ifndef HEADERS_MODSECURITY_RULES_H_ -#define HEADERS_MODSECURITY_RULES_H_ - -#include "modsecurity/rules_properties.h" -#include "modsecurity/modsecurity.h" -#include "modsecurity/transaction.h" - -#ifdef __cplusplus - -namespace modsecurity { -class Rule; -namespace Parser { -class Driver; -} - - -/** @ingroup ModSecurity_CPP_API */ -class Rules : public RulesProperties { - public: - Rules() - : RulesProperties(new DebugLog()), - unicode_codepage(0), -#ifndef NO_LOGS - m_secmarker_skipped(0), -#endif - m_referenceCount(0) { } - - explicit Rules(DebugLog *customLog) - : RulesProperties(customLog), - unicode_codepage(0), -#ifndef NO_LOGS - m_secmarker_skipped(0), -#endif - m_referenceCount(0) { } - - ~Rules() { } - - void incrementReferenceCount(void); - void decrementReferenceCount(void); - - int loadFromUri(const char *uri); - int loadRemote(const char *key, const char *uri); - int load(const char *rules); - int load(const char *rules, const std::string &ref); - - void dump() const; - - int merge(Parser::Driver *driver); - int merge(Rules *rules); - - int evaluate(int phase, Transaction *transaction); - std::string getParserError(); - - void debug(int level, const std::string &id, const std::string &uri, - const std::string &msg); - - int64_t unicode_codepage; - - private: -#ifndef NO_LOGS - uint8_t m_secmarker_skipped; -#endif - int m_referenceCount; -}; - -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -Rules *msc_create_rules_set(void); -void msc_rules_dump(Rules *rules); -int msc_rules_merge(Rules *rules_dst, Rules *rules_from, const char **error); -int msc_rules_add_remote(Rules *rules, const char *key, const char *uri, - const char **error); -int msc_rules_add_file(Rules *rules, const char *file, const char **error); -int msc_rules_add(Rules *rules, const char *plain_rules, const char **error); -int msc_rules_cleanup(Rules *rules); - -#ifdef __cplusplus -} -} // namespace modsecurity -#endif - -#endif // HEADERS_MODSECURITY_RULES_H_ diff --git a/headers/modsecurity/rules_set.h b/headers/modsecurity/rules_set.h new file mode 100644 index 00000000..c08b9368 --- /dev/null +++ b/headers/modsecurity/rules_set.h @@ -0,0 +1,109 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include +#include + +#ifdef __cplusplus +#include +#include +#include +#include +#include +#endif + + +#ifndef HEADERS_MODSECURITY_RULES_H_ +#define HEADERS_MODSECURITY_RULES_H_ + +#include "modsecurity/rules_properties.h" +#include "modsecurity/modsecurity.h" +#include "modsecurity/transaction.h" + +#ifdef __cplusplus + +namespace modsecurity { +class Rule; +namespace Parser { +class Driver; +} + + +/** @ingroup ModSecurity_CPP_API */ +class RulesSet : public RulesProperties { + public: + RulesSet() + : RulesProperties(new DebugLog()), + unicode_codepage(0), +#ifndef NO_LOGS + ,m_secmarker_skipped(0) +#endif + { } + + explicit RulesSet(DebugLog *customLog) + : RulesProperties(customLog), + unicode_codepage(0) +#ifndef NO_LOGS + ,m_secmarker_skipped(0) +#endif + { } + + ~RulesSet() { } + + int loadFromUri(const char *uri); + int loadRemote(const char *key, const char *uri); + int load(const char *rules); + int load(const char *rules, const std::string &ref); + + void dump() const; + + int merge(Parser::Driver *driver); + int merge(RulesSet *rules); + + int evaluate(int phase, Transaction *transaction); + std::string getParserError(); + + void debug(int level, const std::string &id, const std::string &uri, + const std::string &msg); + + int64_t unicode_codepage; + + private: +#ifndef NO_LOGS + uint8_t m_secmarker_skipped; +#endif +}; + +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +RulesSet *msc_create_rules_set(void); +void msc_rules_dump(RulesSet *rules); +int msc_rules_merge(RulesSet *rules_dst, RulesSet *rules_from, const char **error); +int msc_rules_add_remote(RulesSet *rules, const char *key, const char *uri, + const char **error); +int msc_rules_add_file(RulesSet *rules, const char *file, const char **error); +int msc_rules_add(RulesSet *rules, const char *plain_rules, const char **error); +int msc_rules_cleanup(RulesSet *rules); + +#ifdef __cplusplus +} +} // namespace modsecurity +#endif + +#endif // HEADERS_MODSECURITY_RULES_H_ diff --git a/headers/modsecurity/transaction.h b/headers/modsecurity/transaction.h index def041e3..e61da71e 100644 --- a/headers/modsecurity/transaction.h +++ b/headers/modsecurity/transaction.h @@ -37,7 +37,7 @@ #ifndef __cplusplus typedef struct ModSecurity_t ModSecurity; typedef struct Transaction_t Transaction; -typedef struct Rules_t Rules; +typedef struct Rules_t RulesSet; #endif #include "modsecurity/anchored_set_variable.h" @@ -98,7 +98,7 @@ namespace modsecurity { class ModSecurity; class Transaction; -class Rules; +class RulesSet; class RuleMessage; namespace actions { class Action; @@ -288,8 +288,8 @@ class TransactionAnchoredVariables { /** @ingroup ModSecurity_CPP_API */ class Transaction : public TransactionAnchoredVariables { public: - Transaction(ModSecurity *transaction, Rules *rules, void *logCbData); - Transaction(ModSecurity *transaction, Rules *rules, char *id, + Transaction(ModSecurity *transaction, RulesSet *rules, void *logCbData); + Transaction(ModSecurity *transaction, RulesSet *rules, char *id, void *logCbData); ~Transaction(); @@ -459,7 +459,7 @@ class Transaction : public TransactionAnchoredVariables { /** * Rules object utilized during this specific transaction. */ - Rules *m_rules; + RulesSet *m_rules; /** * @@ -604,11 +604,11 @@ extern "C" { /** @ingroup ModSecurity_C_API */ Transaction *msc_new_transaction(ModSecurity *ms, - Rules *rules, void *logCbData); + RulesSet *rules, void *logCbData); /** @ingroup ModSecurity_C_API */ Transaction *msc_new_transaction_with_id(ModSecurity *ms, - Rules *rules, char *id, void *logCbData); + RulesSet *rules, char *id, void *logCbData); /** @ingroup ModSecurity_C_API */ int msc_process_connection(Transaction *transaction, diff --git a/src/Makefile.am b/src/Makefile.am index 54c54fb3..84c283d2 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -43,7 +43,7 @@ pkginclude_HEADERS = \ ../headers/modsecurity/modsecurity.h \ ../headers/modsecurity/rule.h \ ../headers/modsecurity/rule_message.h \ - ../headers/modsecurity/rules.h \ + ../headers/modsecurity/rules_set.h \ ../headers/modsecurity/rules_exceptions.h \ ../headers/modsecurity/rules_properties.h \ ../headers/modsecurity/transaction.h \ diff --git a/src/actions/block.cc b/src/actions/block.cc index 6d677350..a34ac3e8 100644 --- a/src/actions/block.cc +++ b/src/actions/block.cc @@ -19,9 +19,9 @@ #include #include +#include "modsecurity/rules_set.h" #include "modsecurity/transaction.h" #include "modsecurity/rule.h" -#include "modsecurity/rules.h" #include "modsecurity/intervention.h" #include "src/actions/data/status.h" diff --git a/src/actions/ctl/rule_engine.cc b/src/actions/ctl/rule_engine.cc index 2bf7432c..a7b0eb41 100644 --- a/src/actions/ctl/rule_engine.cc +++ b/src/actions/ctl/rule_engine.cc @@ -18,8 +18,8 @@ #include #include +#include "modsecurity/rules_set.h" #include "modsecurity/rules_properties.h" -#include "modsecurity/rules.h" #include "modsecurity/transaction.h" namespace modsecurity { diff --git a/src/actions/disruptive/allow.cc b/src/actions/disruptive/allow.cc index f2b1b0e2..f715e3c6 100644 --- a/src/actions/disruptive/allow.cc +++ b/src/actions/disruptive/allow.cc @@ -18,9 +18,9 @@ #include #include +#include "modsecurity/rules_set.h" #include "modsecurity/transaction.h" #include "modsecurity/rule.h" -#include "modsecurity/rules.h" #include "src/utils/string.h" #include "modsecurity/modsecurity.h" diff --git a/src/actions/disruptive/deny.h b/src/actions/disruptive/deny.h index f18a342b..3f9cfb48 100644 --- a/src/actions/disruptive/deny.h +++ b/src/actions/disruptive/deny.h @@ -16,9 +16,9 @@ #include #include +#include "modsecurity/rules_set.h" #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" -#include "modsecurity/rules.h" #include "modsecurity/rule_message.h" #ifndef SRC_ACTIONS_DISRUPTIVE_DENY_H_ diff --git a/src/actions/disruptive/drop.cc b/src/actions/disruptive/drop.cc index 352c7aea..b9d4ae09 100644 --- a/src/actions/disruptive/drop.cc +++ b/src/actions/disruptive/drop.cc @@ -21,7 +21,11 @@ #include #include +#include "modsecurity/rules_set.h" #include "modsecurity/transaction.h" +#include "modsecurity/rule.h" +#include "src/utils/string.h" +#include "modsecurity/modsecurity.h" namespace modsecurity { namespace actions { diff --git a/src/actions/disruptive/drop.h b/src/actions/disruptive/drop.h index 5895dd01..05f817a3 100644 --- a/src/actions/disruptive/drop.h +++ b/src/actions/disruptive/drop.h @@ -18,7 +18,6 @@ #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" -#include "modsecurity/rules.h" #include "modsecurity/rule_message.h" #ifndef SRC_ACTIONS_DISRUPTIVE_DROP_H_ diff --git a/src/actions/disruptive/pass.cc b/src/actions/disruptive/pass.cc index 0e220da7..6634607c 100644 --- a/src/actions/disruptive/pass.cc +++ b/src/actions/disruptive/pass.cc @@ -19,9 +19,9 @@ #include #include +#include "modsecurity/rules_set.h" #include "modsecurity/transaction.h" #include "modsecurity/rule.h" -#include "modsecurity/rules.h" #include "modsecurity/rule_message.h" namespace modsecurity { diff --git a/src/actions/exec.cc b/src/actions/exec.cc index 807e1390..a7aae656 100644 --- a/src/actions/exec.cc +++ b/src/actions/exec.cc @@ -18,10 +18,10 @@ #include #include +#include "modsecurity/rules_set.h" #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" #include "modsecurity/rule.h" -#include "modsecurity/rules.h" #include "src/utils/system.h" #include "src/engine/lua.h" diff --git a/src/actions/set_var.cc b/src/actions/set_var.cc index 1c387f5b..5d26835b 100644 --- a/src/actions/set_var.cc +++ b/src/actions/set_var.cc @@ -19,8 +19,8 @@ #include #include +#include "modsecurity/rules_set.h" #include "modsecurity/transaction.h" -#include "modsecurity/rules.h" #include "modsecurity/rule.h" #include "src/utils/string.h" #include "src/variables/global.h" diff --git a/src/actions/severity.cc b/src/actions/severity.cc index 9421406c..a88af7c8 100644 --- a/src/actions/severity.cc +++ b/src/actions/severity.cc @@ -19,10 +19,10 @@ #include #include +#include "modsecurity/rules_set.h" #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" #include "modsecurity/rule.h" -#include "modsecurity/rules.h" #include "src/utils/string.h" #include "modsecurity/rule_message.h" diff --git a/src/actions/skip.cc b/src/actions/skip.cc index 4015eec3..1a016e9d 100644 --- a/src/actions/skip.cc +++ b/src/actions/skip.cc @@ -18,9 +18,9 @@ #include #include +#include "modsecurity/rules_set.h" #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" -#include "modsecurity/rules.h" namespace modsecurity { namespace actions { diff --git a/src/actions/skip_after.cc b/src/actions/skip_after.cc index 255fa593..4e80c1ab 100644 --- a/src/actions/skip_after.cc +++ b/src/actions/skip_after.cc @@ -18,9 +18,9 @@ #include #include +#include "modsecurity/rules_set.h" #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" -#include "modsecurity/rules.h" namespace modsecurity { diff --git a/src/actions/transformations/url_decode_uni.cc b/src/actions/transformations/url_decode_uni.cc index 04f0c6bb..7e0dfdaa 100644 --- a/src/actions/transformations/url_decode_uni.cc +++ b/src/actions/transformations/url_decode_uni.cc @@ -25,11 +25,11 @@ #include #include +#include "modsecurity/rules_set.h" #include "modsecurity/transaction.h" #include "src/actions/transformations/transformation.h" #include "src/utils/string.h" #include "src/utils/system.h" -#include "modsecurity/rules.h" #include "modsecurity/rules_properties.h" @@ -108,7 +108,7 @@ int UrlDecodeUni::inplace(unsigned char *input, uint64_t input_len, } if (Code >= 0 && Code <= 65535) { - Rules *r = t->m_rules; + RulesSet *r = t->m_rules; hmap = r->m_unicodeMapTable.m_unicodeMapTable->at(Code); } } diff --git a/src/audit_log/writer/https.cc b/src/audit_log/writer/https.cc index 66e1a8f0..fa2ac556 100644 --- a/src/audit_log/writer/https.cc +++ b/src/audit_log/writer/https.cc @@ -25,9 +25,9 @@ #include #include +#include "modsecurity/rules_set.h" #include "modsecurity/audit_log.h" #include "modsecurity/transaction.h" -#include "modsecurity/rules.h" #include "src/utils/md5.h" #include "src/utils/https_client.h" diff --git a/src/audit_log/writer/parallel.h b/src/audit_log/writer/parallel.h index d663c3c7..46b7590d 100644 --- a/src/audit_log/writer/parallel.h +++ b/src/audit_log/writer/parallel.h @@ -22,7 +22,7 @@ #include "modsecurity/transaction.h" #include "modsecurity/audit_log.h" #include "src/utils/shared_files.h" -#include "modsecurity/rules.h" +#include "modsecurity/rules_set.h" #ifdef __cplusplus diff --git a/src/audit_log/writer/serial.h b/src/audit_log/writer/serial.h index 89a12614..b855574b 100644 --- a/src/audit_log/writer/serial.h +++ b/src/audit_log/writer/serial.h @@ -26,7 +26,7 @@ #include "src/utils/shared_files.h" #include "modsecurity/transaction.h" #include "modsecurity/audit_log.h" -#include "modsecurity/rules.h" +#include "modsecurity/rules_set.h" #ifdef __cplusplus diff --git a/src/operators/rbl.cc b/src/operators/rbl.cc index 1cb04408..7bcfefec 100644 --- a/src/operators/rbl.cc +++ b/src/operators/rbl.cc @@ -15,7 +15,6 @@ #include "src/operators/rbl.h" -#include #include #include #include @@ -24,6 +23,7 @@ #include +#include "modsecurity/rules_set.h" #include "src/operators/operator.h" namespace modsecurity { diff --git a/src/parser/driver.h b/src/parser/driver.h index 942b7aa2..5259c092 100644 --- a/src/parser/driver.h +++ b/src/parser/driver.h @@ -26,7 +26,7 @@ #define SRC_PARSER_DRIVER_H_ #include "modsecurity/modsecurity.h" -#include "modsecurity/rules.h" +#include "modsecurity/rules_set.h" #include "modsecurity/rules_properties.h" #include "modsecurity/audit_log.h" #include "src/rule_script.h" @@ -35,7 +35,7 @@ #endif using modsecurity::Rule; -using modsecurity::Rules; +using modsecurity::RulesSet; # define YY_DECL \ diff --git a/src/parser/seclang-parser.cc b/src/parser/seclang-parser.cc index 294ad8cf..235dc7eb 100644 --- a/src/parser/seclang-parser.cc +++ b/src/parser/seclang-parser.cc @@ -2466,7 +2466,7 @@ namespace yy { case 80: #line 1210 "seclang-parser.yy" { - driver.m_secRuleEngine = modsecurity::Rules::DisabledRuleEngine; + driver.m_secRuleEngine = modsecurity::RulesSet::DisabledRuleEngine; } #line 2472 "seclang-parser.cc" break; @@ -2474,7 +2474,7 @@ namespace yy { case 81: #line 1214 "seclang-parser.yy" { - driver.m_secRuleEngine = modsecurity::Rules::EnabledRuleEngine; + driver.m_secRuleEngine = modsecurity::RulesSet::EnabledRuleEngine; } #line 2480 "seclang-parser.cc" break; @@ -2482,7 +2482,7 @@ namespace yy { case 82: #line 1218 "seclang-parser.yy" { - driver.m_secRuleEngine = modsecurity::Rules::DetectionOnlyRuleEngine; + driver.m_secRuleEngine = modsecurity::RulesSet::DetectionOnlyRuleEngine; } #line 2488 "seclang-parser.cc" break; @@ -3039,7 +3039,7 @@ namespace yy { case 131: #line 1582 "seclang-parser.yy" { - driver.m_requestBodyLimitAction = modsecurity::Rules::BodyLimitAction::ProcessPartialBodyLimitAction; + driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction; } #line 3045 "seclang-parser.cc" break; @@ -3047,7 +3047,7 @@ namespace yy { case 132: #line 1586 "seclang-parser.yy" { - driver.m_requestBodyLimitAction = modsecurity::Rules::BodyLimitAction::RejectBodyLimitAction; + driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction; } #line 3053 "seclang-parser.cc" break; @@ -3055,7 +3055,7 @@ namespace yy { case 133: #line 1590 "seclang-parser.yy" { - driver.m_responseBodyLimitAction = modsecurity::Rules::BodyLimitAction::ProcessPartialBodyLimitAction; + driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction; } #line 3061 "seclang-parser.cc" break; @@ -3063,7 +3063,7 @@ namespace yy { case 134: #line 1594 "seclang-parser.yy" { - driver.m_responseBodyLimitAction = modsecurity::Rules::BodyLimitAction::RejectBodyLimitAction; + driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction; } #line 3069 "seclang-parser.cc" break; @@ -3071,7 +3071,7 @@ namespace yy { case 135: #line 1598 "seclang-parser.yy" { - driver.m_remoteRulesActionOnFailed = Rules::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction; + driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction; } #line 3077 "seclang-parser.cc" break; @@ -3079,7 +3079,7 @@ namespace yy { case 136: #line 1602 "seclang-parser.yy" { - driver.m_remoteRulesActionOnFailed = Rules::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction; + driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction; } #line 3085 "seclang-parser.cc" break; diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy index 32c56647..5de54d67 100644 --- a/src/parser/seclang-parser.yy +++ b/src/parser/seclang-parser.yy @@ -1208,15 +1208,15 @@ expression: } | CONFIG_DIR_RULE_ENG CONFIG_VALUE_OFF { - driver.m_secRuleEngine = modsecurity::Rules::DisabledRuleEngine; + driver.m_secRuleEngine = modsecurity::RulesSet::DisabledRuleEngine; } | CONFIG_DIR_RULE_ENG CONFIG_VALUE_ON { - driver.m_secRuleEngine = modsecurity::Rules::EnabledRuleEngine; + driver.m_secRuleEngine = modsecurity::RulesSet::EnabledRuleEngine; } | CONFIG_DIR_RULE_ENG CONFIG_VALUE_DETC { - driver.m_secRuleEngine = modsecurity::Rules::DetectionOnlyRuleEngine; + driver.m_secRuleEngine = modsecurity::RulesSet::DetectionOnlyRuleEngine; } | CONFIG_DIR_REQ_BODY CONFIG_VALUE_ON { @@ -1580,27 +1580,27 @@ expression: } | CONFIG_DIR_REQ_BODY_LIMIT_ACTION CONFIG_VALUE_PROCESS_PARTIAL { - driver.m_requestBodyLimitAction = modsecurity::Rules::BodyLimitAction::ProcessPartialBodyLimitAction; + driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction; } | CONFIG_DIR_REQ_BODY_LIMIT_ACTION CONFIG_VALUE_REJECT { - driver.m_requestBodyLimitAction = modsecurity::Rules::BodyLimitAction::RejectBodyLimitAction; + driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction; } | CONFIG_DIR_RES_BODY_LIMIT_ACTION CONFIG_VALUE_PROCESS_PARTIAL { - driver.m_responseBodyLimitAction = modsecurity::Rules::BodyLimitAction::ProcessPartialBodyLimitAction; + driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction; } | CONFIG_DIR_RES_BODY_LIMIT_ACTION CONFIG_VALUE_REJECT { - driver.m_responseBodyLimitAction = modsecurity::Rules::BodyLimitAction::RejectBodyLimitAction; + driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction; } | CONFIG_SEC_REMOTE_RULES_FAIL_ACTION CONFIG_VALUE_ABORT { - driver.m_remoteRulesActionOnFailed = Rules::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction; + driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction; } | CONFIG_SEC_REMOTE_RULES_FAIL_ACTION CONFIG_VALUE_WARN { - driver.m_remoteRulesActionOnFailed = Rules::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction; + driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction; } | CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION /* Parser error disabled to avoid breaking default installations with modsecurity.conf-recommended diff --git a/src/parser/seclang-scanner.cc b/src/parser/seclang-scanner.cc index 08345288..6886d734 100644 --- a/src/parser/seclang-scanner.cc +++ b/src/parser/seclang-scanner.cc @@ -8535,10 +8535,10 @@ YY_RULE_SETUP if (ret == false) { BEGIN(INITIAL); - if (driver.m_remoteRulesActionOnFailed == Rules::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction) { + if (driver.m_remoteRulesActionOnFailed == RulesSet::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction) { /** TODO: Implement the server logging mechanism. */ } - if (driver.m_remoteRulesActionOnFailed == Rules::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction) { + if (driver.m_remoteRulesActionOnFailed == RulesSet::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction) { driver.error (*driver.loc.back(), "", yytext + std::string(" - Failed to download: ") + c.error); throw p::syntax_error(*driver.loc.back(), ""); } diff --git a/src/parser/seclang-scanner.ll b/src/parser/seclang-scanner.ll index ba51fc39..12b94900 100755 --- a/src/parser/seclang-scanner.ll +++ b/src/parser/seclang-scanner.ll @@ -1308,10 +1308,10 @@ EQUALS_MINUS (?i:=\-) if (ret == false) { BEGIN(INITIAL); - if (driver.m_remoteRulesActionOnFailed == Rules::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction) { + if (driver.m_remoteRulesActionOnFailed == RulesSet::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction) { /** TODO: Implement the server logging mechanism. */ } - if (driver.m_remoteRulesActionOnFailed == Rules::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction) { + if (driver.m_remoteRulesActionOnFailed == RulesSet::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction) { driver.error (*driver.loc.back(), "", yytext + std::string(" - Failed to download: ") + c.error); throw p::syntax_error(*driver.loc.back(), ""); } diff --git a/src/request_body_processor/json.h b/src/request_body_processor/json.h index dc562a13..ab8a9604 100644 --- a/src/request_body_processor/json.h +++ b/src/request_body_processor/json.h @@ -26,7 +26,7 @@ #include #include "modsecurity/transaction.h" -#include "modsecurity/rules.h" +#include "modsecurity/rules_set.h" diff --git a/src/request_body_processor/multipart.cc b/src/request_body_processor/multipart.cc index d711e87c..b8f01da7 100644 --- a/src/request_body_processor/multipart.cc +++ b/src/request_body_processor/multipart.cc @@ -27,8 +27,8 @@ #include #include +#include "modsecurity/rules_set.h" #include "modsecurity/collection/collections.h" -#include "modsecurity/rules.h" #include "src/utils/string.h" diff --git a/src/request_body_processor/xml.h b/src/request_body_processor/xml.h index 8334c982..67007015 100644 --- a/src/request_body_processor/xml.h +++ b/src/request_body_processor/xml.h @@ -22,7 +22,7 @@ #include #include "modsecurity/transaction.h" -#include "modsecurity/rules.h" +#include "modsecurity/rules_set.h" #ifndef SRC_REQUEST_BODY_PROCESSOR_XML_H_ #define SRC_REQUEST_BODY_PROCESSOR_XML_H_ diff --git a/src/rule.cc b/src/rule.cc index 15603373..19e67884 100644 --- a/src/rule.cc +++ b/src/rule.cc @@ -25,13 +25,13 @@ #include #include +#include "modsecurity/rules_set.h" #include "src/operators/operator.h" #include "modsecurity/actions/action.h" #include "modsecurity/modsecurity.h" #include "src/actions/transformations/none.h" #include "src/actions/tag.h" #include "src/utils/string.h" -#include "modsecurity/rules.h" #include "modsecurity/rule_message.h" #include "src/actions/msg.h" #include "src/actions/log_data.h" @@ -561,7 +561,7 @@ void Rule::executeAction(Transaction *trans, return; } - if (trans->getRuleEngineState() == Rules::EnabledRuleEngine) { + if (trans->getRuleEngineState() == RulesSet::EnabledRuleEngine) { ms_dbg_a(trans, 4, "Running (disruptive) action: " + a->m_name + \ "."); a->evaluate(this, trans, ruleMessage); diff --git a/src/rule_message.cc b/src/rule_message.cc index 6ba03e5b..7c016261 100644 --- a/src/rule_message.cc +++ b/src/rule_message.cc @@ -13,10 +13,9 @@ * */ -#include "modsecurity/rules.h" - #include "modsecurity/rule_message.h" +#include "modsecurity/rules_set.h" #include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" #include "src/utils/string.h" diff --git a/src/rule_script.h b/src/rule_script.h index dd47c141..533b9c13 100644 --- a/src/rule_script.h +++ b/src/rule_script.h @@ -18,6 +18,7 @@ #include #include +#include "modsecurity/rules_set.h" #include "modsecurity/rule.h" #include "src/engine/lua.h" #include "src/operators/operator.h" @@ -26,7 +27,6 @@ #include "src/actions/transformations/none.h" #include "src/actions/tag.h" #include "src/utils/string.h" -#include "modsecurity/rules.h" #include "modsecurity/rule_message.h" #include "src/actions/msg.h" #include "src/actions/log_data.h" diff --git a/src/rules.cc b/src/rules.cc index 0dc7d2db..c277279b 100644 --- a/src/rules.cc +++ b/src/rules.cc @@ -13,14 +13,13 @@ * */ -#include "modsecurity/rules.h" - #include #include #include #include #include +#include "modsecurity/rules_set.h" #include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" #include "src/parser/driver.h" @@ -47,7 +46,7 @@ namespace modsecurity { * @return Number of the current transactions using this rules * */ -void Rules::incrementReferenceCount(void) { +void RulesSet::incrementReferenceCount(void) { this->m_referenceCount++; } @@ -60,7 +59,7 @@ void Rules::incrementReferenceCount(void) { * @return Number of the current transactions using this rules * */ -void Rules::decrementReferenceCount(void) { +void RulesSet::decrementReferenceCount(void) { this->m_referenceCount--; if (this->m_referenceCount == 0) { /** @@ -92,7 +91,7 @@ void Rules::decrementReferenceCount(void) { * @retval false Problem loading the rules. * */ -int Rules::loadFromUri(const char *uri) { +int RulesSet::loadFromUri(const char *uri) { Driver *driver = new Driver(); if (driver->parseFile(uri) == false) { @@ -108,7 +107,7 @@ int Rules::loadFromUri(const char *uri) { } -int Rules::load(const char *file, const std::string &ref) { +int RulesSet::load(const char *file, const std::string &ref) { Driver *driver = new Driver(); if (driver->parse(file, ref) == false) { @@ -128,7 +127,7 @@ int Rules::load(const char *file, const std::string &ref) { } -int Rules::loadRemote(const char *key, const char *uri) { +int RulesSet::loadRemote(const char *key, const char *uri) { HttpsClient client; client.setKey(key); bool ret = client.download(uri); @@ -141,17 +140,17 @@ int Rules::loadRemote(const char *key, const char *uri) { } -int Rules::load(const char *plainRules) { +int RulesSet::load(const char *plainRules) { return this->load(plainRules, ""); } -std::string Rules::getParserError() { +std::string RulesSet::getParserError() { return this->m_parserError.str(); } -int Rules::evaluate(int phase, Transaction *t) { +int RulesSet::evaluate(int phase, Transaction *t) { if (phase >= modsecurity::Phases::NUMBER_OF_PHASES) { return 0; } @@ -266,7 +265,7 @@ int Rules::evaluate(int phase, Transaction *t) { } -int Rules::merge(Driver *from) { +int RulesSet::merge(Driver *from) { int amount_of_rules = 0; amount_of_rules = mergeProperties( dynamic_cast(from), @@ -277,7 +276,7 @@ int Rules::merge(Driver *from) { } -int Rules::merge(Rules *from) { +int RulesSet::merge(RulesSet *from) { int amount_of_rules = 0; amount_of_rules = mergeProperties( dynamic_cast(from), @@ -288,7 +287,7 @@ int Rules::merge(Rules *from) { } -void Rules::debug(int level, const std::string &id, +void RulesSet::debug(int level, const std::string &id, const std::string &uri, const std::string &msg) { if (m_debugLog != NULL) { m_debugLog->write(level, id, uri, msg); @@ -296,7 +295,8 @@ void Rules::debug(int level, const std::string &id, } -void Rules::dump() const { + +void RulesSet::dump() const { std::cout << "Rules: " << std::endl; for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) { std::vector rules = m_rules[i]; @@ -311,18 +311,18 @@ void Rules::dump() const { } -extern "C" Rules *msc_create_rules_set(void) { - return new Rules(); +extern "C" RulesSet *msc_create_rules_set(void) { + return new RulesSet(); } -extern "C" void msc_rules_dump(Rules *rules) { +extern "C" void msc_rules_dump(RulesSet *rules) { rules->dump(); } -extern "C" int msc_rules_merge(Rules *rules_dst, - Rules *rules_from, const char **error) { +extern "C" int msc_rules_merge(RulesSet *rules_dst, + RulesSet *rules_from, const char **error) { int ret = rules_dst->merge(rules_from); if (ret < 0) { *error = strdup(rules_dst->getParserError().c_str()); @@ -331,7 +331,7 @@ extern "C" int msc_rules_merge(Rules *rules_dst, } -extern "C" int msc_rules_add_remote(Rules *rules, +extern "C" int msc_rules_add_remote(RulesSet *rules, const char *key, const char *uri, const char **error) { int ret = rules->loadRemote(key, uri); if (ret < 0) { @@ -341,7 +341,7 @@ extern "C" int msc_rules_add_remote(Rules *rules, } -extern "C" int msc_rules_add_file(Rules *rules, const char *file, +extern "C" int msc_rules_add_file(RulesSet *rules, const char *file, const char **error) { int ret = rules->loadFromUri(file); if (ret < 0) { @@ -351,7 +351,7 @@ extern "C" int msc_rules_add_file(Rules *rules, const char *file, } -extern "C" int msc_rules_add(Rules *rules, const char *plain_rules, +extern "C" int msc_rules_add(RulesSet *rules, const char *plain_rules, const char **error) { int ret = rules->load(plain_rules); if (ret < 0) { @@ -361,7 +361,7 @@ extern "C" int msc_rules_add(Rules *rules, const char *plain_rules, } -extern "C" int msc_rules_cleanup(Rules *rules) { +extern "C" int msc_rules_cleanup(RulesSet *rules) { delete rules; return true; } diff --git a/src/transaction.cc b/src/transaction.cc index cd71a039..44a8bbd4 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -99,7 +99,7 @@ namespace modsecurity { * @endcode * */ -Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData) +Transaction::Transaction(ModSecurity *ms, RulesSet *rules, void *logCbData) : m_creationTimeStamp(utils::cpu_seconds()), m_clientIpAddress(""), m_httpVersion(""), @@ -120,7 +120,7 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData) m_ruleRemoveByTag(), m_ruleRemoveTargetByTag(), m_ruleRemoveTargetById(), - m_requestBodyAccess(Rules::PropertyNotSetConfigBoolean), + m_requestBodyAccess(RulesSet::PropertyNotSetConfigBoolean), m_auditLogModifier(), m_rulesMessages(), m_requestBody(), @@ -173,7 +173,7 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData) intervention::clean(&m_it); } -Transaction::Transaction(ModSecurity *ms, Rules *rules, char *id, void *logCbData) +Transaction::Transaction(ModSecurity *ms, RulesSet *rules, char *id, void *logCbData) : m_creationTimeStamp(utils::cpu_seconds()), m_clientIpAddress(""), m_httpVersion(""), @@ -194,7 +194,7 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, char *id, void *logCbDat m_ruleRemoveByTag(), m_ruleRemoveTargetByTag(), m_ruleRemoveTargetById(), - m_requestBodyAccess(Rules::PropertyNotSetConfigBoolean), + m_requestBodyAccess(RulesSet::PropertyNotSetConfigBoolean), m_auditLogModifier(), m_rulesMessages(), m_requestBody(), @@ -563,7 +563,7 @@ int Transaction::processURI(const char *uri, const char *method, int Transaction::processRequestHeaders() { ms_dbg(4, "Starting phase REQUEST_HEADERS. (SecRules 1)"); - if (getRuleEngineState() == Rules::DisabledRuleEngine) { + if (getRuleEngineState() == RulesSet::DisabledRuleEngine) { ms_dbg(4, "Rule engine disabled, returning..."); return true; } @@ -1004,7 +1004,7 @@ int Transaction::appendRequestBody(const unsigned char *buf, size_t len) { ms_dbg(5, "Request body is bigger than the maximum expected."); if (this->m_rules->m_requestBodyLimitAction == - Rules::BodyLimitAction::ProcessPartialBodyLimitAction) { + RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction) { size_t spaceLeft = this->m_rules->m_requestBodyLimit.m_value - current_size; this->m_requestBody.write(reinterpret_cast(buf), @@ -1013,10 +1013,10 @@ int Transaction::appendRequestBody(const unsigned char *buf, size_t len) { return false; } else { if (this->m_rules->m_requestBodyLimitAction == - Rules::BodyLimitAction::RejectBodyLimitAction) { + RulesSet::BodyLimitAction::RejectBodyLimitAction) { ms_dbg(5, "Request body limit is marked to reject the " \ "request"); - if (getRuleEngineState() == Rules::EnabledRuleEngine) { + if (getRuleEngineState() == RulesSet::EnabledRuleEngine) { intervention::free(&m_it); m_it.log = strdup("Request body limit is marked to " \ "reject the request"); @@ -1061,7 +1061,7 @@ int Transaction::processResponseHeaders(int code, const std::string& proto) { m_variableResponseStatus.set(std::to_string(code), m_variableOffset); m_variableResponseProtocol.set(proto, m_variableOffset); - if (getRuleEngineState() == Rules::DisabledRuleEngine) { + if (getRuleEngineState() == RulesSet::DisabledRuleEngine) { ms_dbg(4, "Rule engine disabled, returning..."); return true; } @@ -1182,7 +1182,7 @@ int Transaction::addResponseHeader(const unsigned char *key, size_t key_n, int Transaction::processResponseBody() { ms_dbg(4, "Starting phase RESPONSE_BODY. (SecRules 4)"); - if (getRuleEngineState() == Rules::DisabledRuleEngine) { + if (getRuleEngineState() == RulesSet::DisabledRuleEngine) { ms_dbg(4, "Rule engine disabled, returning..."); return true; } @@ -1263,7 +1263,7 @@ int Transaction::appendResponseBody(const unsigned char *buf, size_t len) { m_variableOutboundDataError.set("1", m_variableOffset); ms_dbg(5, "Response body is bigger than the maximum expected."); if (this->m_rules->m_responseBodyLimitAction == - Rules::BodyLimitAction::ProcessPartialBodyLimitAction) { + RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction) { size_t spaceLeft = this->m_rules->m_responseBodyLimit.m_value \ - current_size; this->m_responseBody.write(reinterpret_cast(buf), @@ -1272,10 +1272,10 @@ int Transaction::appendResponseBody(const unsigned char *buf, size_t len) { return false; } else { if (this->m_rules->m_responseBodyLimitAction == - Rules::BodyLimitAction::RejectBodyLimitAction) { + RulesSet::BodyLimitAction::RejectBodyLimitAction) { ms_dbg(5, "Response body limit is marked to reject the " \ "request"); - if (getRuleEngineState() == Rules::EnabledRuleEngine) { + if (getRuleEngineState() == RulesSet::EnabledRuleEngine) { intervention::free(&m_it); m_it.log = strdup("Response body limit is marked to reject " \ "the request"); @@ -1370,7 +1370,7 @@ size_t Transaction::getRequestBodyLength() { int Transaction::processLogging() { ms_dbg(4, "Starting phase LOGGING. (SecRules 5)"); - if (getRuleEngineState() == Rules::DisabledRuleEngine) { + if (getRuleEngineState() == RulesSet::DisabledRuleEngine) { ms_dbg(4, "Rule engine disabled, returning..."); return true; } @@ -1726,7 +1726,7 @@ std::string Transaction::toJSON(int parts) { /* producer > engine state */ LOGFY_ADD("secrules_engine", - Rules::ruleEngineStateString( + RulesSet::ruleEngineStateString( (RulesProperties::RuleEngine) getRuleEngineState())); /* producer > components */ @@ -1865,11 +1865,11 @@ int Transaction::updateStatusCode(int code) { * */ extern "C" Transaction *msc_new_transaction(ModSecurity *ms, - Rules *rules, void *logCbData) { + RulesSet *rules, void *logCbData) { return new Transaction(ms, rules, logCbData); } extern "C" Transaction *msc_new_transaction_with_id(ModSecurity *ms, - Rules *rules, char *id, void *logCbData) { + RulesSet *rules, char *id, void *logCbData) { return new Transaction(ms, rules, id, logCbData); } diff --git a/src/variables/variable.h b/src/variables/variable.h index 6cbd94d1..a1a0e238 100644 --- a/src/variables/variable.h +++ b/src/variables/variable.h @@ -21,9 +21,9 @@ #include #include +#include "modsecurity/rules_set.h" #include "modsecurity/transaction.h" #include "modsecurity/rule.h" -#include "modsecurity/rules.h" #include "src/utils/string.h" #include "src/utils/regex.h" diff --git a/src/variables/xml.cc b/src/variables/xml.cc index 0eff87e4..d64c5c84 100644 --- a/src/variables/xml.cc +++ b/src/variables/xml.cc @@ -37,7 +37,7 @@ #include "modsecurity/transaction.h" #include "modsecurity/rules_properties.h" -#include "modsecurity/rules.h" +#include "modsecurity/rules_set.h" #include "src/request_body_processor/xml.h" #include "modsecurity/actions/action.h" diff --git a/test/benchmark/benchmark.cc b/test/benchmark/benchmark.cc index c5f6768f..32ea9d9c 100644 --- a/test/benchmark/benchmark.cc +++ b/test/benchmark/benchmark.cc @@ -19,8 +19,8 @@ #include #include +#include "modsecurity/rules_set.h" #include "modsecurity/modsecurity.h" -#include "modsecurity/rules.h" using modsecurity::Transaction; @@ -71,14 +71,14 @@ int main(int argc, char *argv[]) { } std::cout << "Doing " << NUM_REQUESTS << " transactions...\n"; modsecurity::ModSecurity *modsec; - modsecurity::Rules *rules; + modsecurity::RulesSet *rules; modsecurity::ModSecurityIntervention it; modsecurity::intervention::reset(&it); modsec = new modsecurity::ModSecurity(); modsec->setConnectorInformation("ModSecurity-benchmark v0.0.1-alpha" \ " (ModSecurity benchmark utility)"); - rules = new modsecurity::Rules(); + rules = new modsecurity::RulesSet(); if (rules->loadFromUri(rules_file) < 0) { std::cout << "Problems loading the rules..." << std::endl; std::cout << rules->m_parserError.str() << std::endl; diff --git a/test/fuzzer/afl_fuzzer.cc b/test/fuzzer/afl_fuzzer.cc index 57be2c48..9c7fe3a5 100644 --- a/test/fuzzer/afl_fuzzer.cc +++ b/test/fuzzer/afl_fuzzer.cc @@ -15,9 +15,8 @@ #include - +#include "modsecurity/rules_set.h" #include "modsecurity/modsecurity.h" -#include "modsecurity/rules.h" #include "src/actions/transformations/transformation.h" /** @@ -135,7 +134,7 @@ int main(int argc, char** argv) { std::string z = lastString; ModSecurity *ms = new ModSecurity(); - Rules *rules = new Rules(); + RulesSet *rules = new RulesSet(); // Here it is possible to load a real transaction from a JSON. // like we do on the regression tests. Transaction *t = new Transaction(ms, rules, NULL); diff --git a/test/optimization/optimization.cc b/test/optimization/optimization.cc index 2537d2ed..ee8a8cf4 100644 --- a/test/optimization/optimization.cc +++ b/test/optimization/optimization.cc @@ -20,8 +20,8 @@ #include #include +#include "modsecurity/rules_set.h" #include "modsecurity/modsecurity.h" -#include "modsecurity/rules.h" #include "src/utils/system.h" #include "src/parser/driver.h" #include "src/utils/https_client.h" @@ -36,7 +36,7 @@ void print_help() { int main(int argc, char **argv) { - modsecurity::Rules *modsecRules = new modsecurity::Rules(); + modsecurity::RulesSet *modsecRules = new modsecurity::RulesSet(); std::list files; int total = 0; diff --git a/test/regression/regression.cc b/test/regression/regression.cc index 54d32fc7..7d2bca3b 100644 --- a/test/regression/regression.cc +++ b/test/regression/regression.cc @@ -23,9 +23,8 @@ #include #include +#include "modsecurity/rules_set.h" #include "modsecurity/modsecurity.h" -#include "modsecurity/rules.h" - #include "test/common/modsecurity_test.h" #include "test/common/colors.h" #include "test/regression/regression_test.h" @@ -99,7 +98,7 @@ void perform_unit_test(ModSecurityTest *test, for (RegressionTest *t : *tests) { CustomDebugLog *debug_log = new CustomDebugLog(); modsecurity::ModSecurity *modsec = NULL; - modsecurity::Rules *modsec_rules = NULL; + modsecurity::RulesSet *modsec_rules = NULL; modsecurity::Transaction *modsec_transaction = NULL; ModSecurityTestResults r; std::stringstream serverLog; @@ -148,7 +147,7 @@ void perform_unit_test(ModSecurityTest *test, modsec->setConnectorInformation("ModSecurity-regression v0.0.1-alpha" \ " (ModSecurity regression test utility)"); modsec->setServerLogCb(logCb); - modsec_rules = new modsecurity::Rules(debug_log); + modsec_rules = new modsecurity::RulesSet(debug_log); bool found = true; if (t->resource.empty() == false) { diff --git a/test/unit/unit.cc b/test/unit/unit.cc index 453109a7..f610a21e 100644 --- a/test/unit/unit.cc +++ b/test/unit/unit.cc @@ -20,9 +20,8 @@ #include #include - +#include "modsecurity/rules_set.h" #include "modsecurity/modsecurity.h" -#include "modsecurity/rules.h" #include "src/operators/operator.h" #include "src/actions/transformations/transformation.h" #include "modsecurity/transaction.h" diff --git a/tools/rules-check/rules-check.cc b/tools/rules-check/rules-check.cc index c1605e9f..91d78d84 100644 --- a/tools/rules-check/rules-check.cc +++ b/tools/rules-check/rules-check.cc @@ -21,8 +21,8 @@ #include #include +#include "modsecurity/rules_set.h" #include "modsecurity/modsecurity.h" -#include "modsecurity/rules.h" void print_help(const char *name) { @@ -32,9 +32,9 @@ void print_help(const char *name) { int main(int argc, char **argv) { - modsecurity::Rules *rules; + modsecurity::RulesSet *rules; char **args = argv; - rules = new modsecurity::Rules(); + rules = new modsecurity::RulesSet(); int ret = 0; args++;