github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Refactoring: Renames Rules to RulesSet

Browse Source 
RulesSet does not only contain rules but alse properties
This commit is contained in:
Felipe Zimmerle
2018-11-13 15:29:55 -03:00
parent 0c3e8b6b59
commit 7495675d54
47 changed files with 239 additions and 225 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Makefile.am
View File

@@ -43,7 +43,7 @@ pkginclude_HEADERS = \
../headers/modsecurity/modsecurity.h \
../headers/modsecurity/rule.h \
../headers/modsecurity/rule_message.h \
../headers/modsecurity/rules.h \
../headers/modsecurity/rules_set.h \
../headers/modsecurity/rules_exceptions.h \
../headers/modsecurity/rules_properties.h \
../headers/modsecurity/transaction.h \

2
src/actions/block.cc
View File

@@ -19,9 +19,9 @@
#include <string>
#include <memory>
#include "modsecurity/rules_set.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "modsecurity/rules.h"
#include "modsecurity/intervention.h"
#include "src/actions/data/status.h"

2
src/actions/ctl/rule_engine.cc
View File

@@ -18,8 +18,8 @@
#include <iostream>
#include <string>
#include "modsecurity/rules_set.h"
#include "modsecurity/rules_properties.h"
#include "modsecurity/rules.h"
#include "modsecurity/transaction.h"
namespace modsecurity {

2
src/actions/disruptive/allow.cc
View File

@@ -18,9 +18,9 @@
#include <iostream>
#include <string>
#include "modsecurity/rules_set.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "modsecurity/rules.h"
#include "src/utils/string.h"
#include "modsecurity/modsecurity.h"

2
src/actions/disruptive/deny.h
View File

@@ -16,9 +16,9 @@
#include <string>
#include <memory>
#include "modsecurity/rules_set.h"
#include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rules.h"
#include "modsecurity/rule_message.h"
#ifndef SRC_ACTIONS_DISRUPTIVE_DENY_H_

4
src/actions/disruptive/drop.cc
View File

@@ -21,7 +21,11 @@
#include <cstring>
#include <memory>
#include "modsecurity/rules_set.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "src/utils/string.h"
#include "modsecurity/modsecurity.h"
namespace modsecurity {
namespace actions {

1
src/actions/disruptive/drop.h
View File

@@ -18,7 +18,6 @@
#include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rules.h"
#include "modsecurity/rule_message.h"
#ifndef SRC_ACTIONS_DISRUPTIVE_DROP_H_

2
src/actions/disruptive/pass.cc
View File

@@ -19,9 +19,9 @@
#include <string>
#include <memory>
#include "modsecurity/rules_set.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "modsecurity/rules.h"
#include "modsecurity/rule_message.h"
namespace modsecurity {

2
src/actions/exec.cc
View File

@@ -18,10 +18,10 @@
#include <iostream>
#include <string>
#include "modsecurity/rules_set.h"
#include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "modsecurity/rules.h"
#include "src/utils/system.h"
#include "src/engine/lua.h"

2
src/actions/set_var.cc
View File

@@ -19,8 +19,8 @@
#include <string>
#include <memory>
#include "modsecurity/rules_set.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rules.h"
#include "modsecurity/rule.h"
#include "src/utils/string.h"
#include "src/variables/global.h"

2
src/actions/severity.cc
View File

@@ -19,10 +19,10 @@
#include <string>
#include <memory>
#include "modsecurity/rules_set.h"
#include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "modsecurity/rules.h"
#include "src/utils/string.h"
#include "modsecurity/rule_message.h"

2
src/actions/skip.cc
View File

@@ -18,9 +18,9 @@
#include <iostream>
#include <string>
#include "modsecurity/rules_set.h"
#include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rules.h"
namespace modsecurity {
namespace actions {

2
src/actions/skip_after.cc
View File

@@ -18,9 +18,9 @@
#include <iostream>
#include <string>
#include "modsecurity/rules_set.h"
#include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rules.h"
namespace modsecurity {

4
src/actions/transformations/url_decode_uni.cc
View File

@@ -25,11 +25,11 @@
#include <locale>
#include <cstring>
#include "modsecurity/rules_set.h"
#include "modsecurity/transaction.h"
#include "src/actions/transformations/transformation.h"
#include "src/utils/string.h"
#include "src/utils/system.h"
#include "modsecurity/rules.h"
#include "modsecurity/rules_properties.h"
@@ -108,7 +108,7 @@ int UrlDecodeUni::inplace(unsigned char *input, uint64_t input_len,
}
if (Code >= 0 && Code <= 65535) {
Rules *r = t->m_rules;
RulesSet *r = t->m_rules;
hmap = r->m_unicodeMapTable.m_unicodeMapTable->at(Code);
}
}

2
src/audit_log/writer/https.cc
View File

@@ -25,9 +25,9 @@
#include <fstream>
#include <mutex>
#include "modsecurity/rules_set.h"
#include "modsecurity/audit_log.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rules.h"
#include "src/utils/md5.h"
#include "src/utils/https_client.h"

2
src/audit_log/writer/parallel.h
View File

@@ -22,7 +22,7 @@
#include "modsecurity/transaction.h"
#include "modsecurity/audit_log.h"
#include "src/utils/shared_files.h"
#include "modsecurity/rules.h"
#include "modsecurity/rules_set.h"
#ifdef __cplusplus

2
src/audit_log/writer/serial.h
View File

@@ -26,7 +26,7 @@
#include "src/utils/shared_files.h"
#include "modsecurity/transaction.h"
#include "modsecurity/audit_log.h"
#include "modsecurity/rules.h"
#include "modsecurity/rules_set.h"
#ifdef __cplusplus

2
src/operators/rbl.cc
View File

@@ -15,7 +15,6 @@
#include "src/operators/rbl.h"
#include <modsecurity/rules.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
@@ -24,6 +23,7 @@
#include <string>
#include "modsecurity/rules_set.h"
#include "src/operators/operator.h"
namespace modsecurity {

4
src/parser/driver.h
View File

@@ -26,7 +26,7 @@
#define SRC_PARSER_DRIVER_H_
#include "modsecurity/modsecurity.h"
#include "modsecurity/rules.h"
#include "modsecurity/rules_set.h"
#include "modsecurity/rules_properties.h"
#include "modsecurity/audit_log.h"
#include "src/rule_script.h"
@@ -35,7 +35,7 @@
#endif
using modsecurity::Rule;
using modsecurity::Rules;
using modsecurity::RulesSet;
# define YY_DECL \

18
src/parser/seclang-parser.cc
View File

@@ -2466,7 +2466,7 @@ namespace yy {
case 80:
#line 1210 "seclang-parser.yy"
{
driver.m_secRuleEngine = modsecurity::Rules::DisabledRuleEngine;
driver.m_secRuleEngine = modsecurity::RulesSet::DisabledRuleEngine;
}
#line 2472 "seclang-parser.cc"
break;
@@ -2474,7 +2474,7 @@ namespace yy {
case 81:
#line 1214 "seclang-parser.yy"
{
driver.m_secRuleEngine = modsecurity::Rules::EnabledRuleEngine;
driver.m_secRuleEngine = modsecurity::RulesSet::EnabledRuleEngine;
}
#line 2480 "seclang-parser.cc"
break;
@@ -2482,7 +2482,7 @@ namespace yy {
case 82:
#line 1218 "seclang-parser.yy"
{
driver.m_secRuleEngine = modsecurity::Rules::DetectionOnlyRuleEngine;
driver.m_secRuleEngine = modsecurity::RulesSet::DetectionOnlyRuleEngine;
}
#line 2488 "seclang-parser.cc"
break;
@@ -3039,7 +3039,7 @@ namespace yy {
case 131:
#line 1582 "seclang-parser.yy"
{
driver.m_requestBodyLimitAction = modsecurity::Rules::BodyLimitAction::ProcessPartialBodyLimitAction;
driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction;
}
#line 3045 "seclang-parser.cc"
break;
@@ -3047,7 +3047,7 @@ namespace yy {
case 132:
#line 1586 "seclang-parser.yy"
{
driver.m_requestBodyLimitAction = modsecurity::Rules::BodyLimitAction::RejectBodyLimitAction;
driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction;
}
#line 3053 "seclang-parser.cc"
break;
@@ -3055,7 +3055,7 @@ namespace yy {
case 133:
#line 1590 "seclang-parser.yy"
{
driver.m_responseBodyLimitAction = modsecurity::Rules::BodyLimitAction::ProcessPartialBodyLimitAction;
driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction;
}
#line 3061 "seclang-parser.cc"
break;
@@ -3063,7 +3063,7 @@ namespace yy {
case 134:
#line 1594 "seclang-parser.yy"
{
driver.m_responseBodyLimitAction = modsecurity::Rules::BodyLimitAction::RejectBodyLimitAction;
driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction;
}
#line 3069 "seclang-parser.cc"
break;
@@ -3071,7 +3071,7 @@ namespace yy {
case 135:
#line 1598 "seclang-parser.yy"
{
driver.m_remoteRulesActionOnFailed = Rules::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction;
driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction;
}
#line 3077 "seclang-parser.cc"
break;
@@ -3079,7 +3079,7 @@ namespace yy {
case 136:
#line 1602 "seclang-parser.yy"
{
driver.m_remoteRulesActionOnFailed = Rules::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction;
driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction;
}
#line 3085 "seclang-parser.cc"
break;

18
src/parser/seclang-parser.yy
View File

@@ -1208,15 +1208,15 @@ expression:
}
| CONFIG_DIR_RULE_ENG CONFIG_VALUE_OFF
{
driver.m_secRuleEngine = modsecurity::Rules::DisabledRuleEngine;
driver.m_secRuleEngine = modsecurity::RulesSet::DisabledRuleEngine;
}
| CONFIG_DIR_RULE_ENG CONFIG_VALUE_ON
{
driver.m_secRuleEngine = modsecurity::Rules::EnabledRuleEngine;
driver.m_secRuleEngine = modsecurity::RulesSet::EnabledRuleEngine;
}
| CONFIG_DIR_RULE_ENG CONFIG_VALUE_DETC
{
driver.m_secRuleEngine = modsecurity::Rules::DetectionOnlyRuleEngine;
driver.m_secRuleEngine = modsecurity::RulesSet::DetectionOnlyRuleEngine;
}
| CONFIG_DIR_REQ_BODY CONFIG_VALUE_ON
{
@@ -1580,27 +1580,27 @@ expression:
}
| CONFIG_DIR_REQ_BODY_LIMIT_ACTION CONFIG_VALUE_PROCESS_PARTIAL
{
driver.m_requestBodyLimitAction = modsecurity::Rules::BodyLimitAction::ProcessPartialBodyLimitAction;
driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction;
}
| CONFIG_DIR_REQ_BODY_LIMIT_ACTION CONFIG_VALUE_REJECT
{
driver.m_requestBodyLimitAction = modsecurity::Rules::BodyLimitAction::RejectBodyLimitAction;
driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction;
}
| CONFIG_DIR_RES_BODY_LIMIT_ACTION CONFIG_VALUE_PROCESS_PARTIAL
{
driver.m_responseBodyLimitAction = modsecurity::Rules::BodyLimitAction::ProcessPartialBodyLimitAction;
driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction;
}
| CONFIG_DIR_RES_BODY_LIMIT_ACTION CONFIG_VALUE_REJECT
{
driver.m_responseBodyLimitAction = modsecurity::Rules::BodyLimitAction::RejectBodyLimitAction;
driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction;
}
| CONFIG_SEC_REMOTE_RULES_FAIL_ACTION CONFIG_VALUE_ABORT
{
driver.m_remoteRulesActionOnFailed = Rules::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction;
driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction;
}
| CONFIG_SEC_REMOTE_RULES_FAIL_ACTION CONFIG_VALUE_WARN
{
driver.m_remoteRulesActionOnFailed = Rules::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction;
driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction;
}
| CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION
/* Parser error disabled to avoid breaking default installations with modsecurity.conf-recommended

4
src/parser/seclang-scanner.cc
View File

@@ -8535,10 +8535,10 @@ YY_RULE_SETUP
if (ret == false) {
BEGIN(INITIAL);
if (driver.m_remoteRulesActionOnFailed == Rules::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction) {
if (driver.m_remoteRulesActionOnFailed == RulesSet::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction) {
/** TODO: Implement the server logging mechanism. */
}
if (driver.m_remoteRulesActionOnFailed == Rules::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction) {
if (driver.m_remoteRulesActionOnFailed == RulesSet::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction) {
driver.error (*driver.loc.back(), "", yytext + std::string(" - Failed to download: ") + c.error);
throw p::syntax_error(*driver.loc.back(), "");
}

4
src/parser/seclang-scanner.ll
View File

@@ -1308,10 +1308,10 @@ EQUALS_MINUS (?i:=\-)
if (ret == false) {
BEGIN(INITIAL);
if (driver.m_remoteRulesActionOnFailed == Rules::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction) {
if (driver.m_remoteRulesActionOnFailed == RulesSet::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction) {
/** TODO: Implement the server logging mechanism. */
}
if (driver.m_remoteRulesActionOnFailed == Rules::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction) {
if (driver.m_remoteRulesActionOnFailed == RulesSet::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction) {
driver.error (*driver.loc.back(), "", yytext + std::string(" - Failed to download: ") + c.error);
throw p::syntax_error(*driver.loc.back(), "");
}

2
src/request_body_processor/json.h
View File

@@ -26,7 +26,7 @@
#include <deque>
#include "modsecurity/transaction.h"
#include "modsecurity/rules.h"
#include "modsecurity/rules_set.h"

2
src/request_body_processor/multipart.cc
View File

@@ -27,8 +27,8 @@
#include <string>
#include <utility>
#include "modsecurity/rules_set.h"
#include "modsecurity/collection/collections.h"
#include "modsecurity/rules.h"
#include "src/utils/string.h"

2
src/request_body_processor/xml.h
View File

@@ -22,7 +22,7 @@
#include <iostream>
#include "modsecurity/transaction.h"
#include "modsecurity/rules.h"
#include "modsecurity/rules_set.h"
#ifndef SRC_REQUEST_BODY_PROCESSOR_XML_H_
#define SRC_REQUEST_BODY_PROCESSOR_XML_H_

4
src/rule.cc
View File

@@ -25,13 +25,13 @@
#include <utility>
#include <memory>
#include "modsecurity/rules_set.h"
#include "src/operators/operator.h"
#include "modsecurity/actions/action.h"
#include "modsecurity/modsecurity.h"
#include "src/actions/transformations/none.h"
#include "src/actions/tag.h"
#include "src/utils/string.h"
#include "modsecurity/rules.h"
#include "modsecurity/rule_message.h"
#include "src/actions/msg.h"
#include "src/actions/log_data.h"
@@ -561,7 +561,7 @@ void Rule::executeAction(Transaction *trans,
return;
}
if (trans->getRuleEngineState() == Rules::EnabledRuleEngine) {
if (trans->getRuleEngineState() == RulesSet::EnabledRuleEngine) {
ms_dbg_a(trans, 4, "Running (disruptive) action: " + a->m_name + \
".");
a->evaluate(this, trans, ruleMessage);

3
src/rule_message.cc
View File

@@ -13,10 +13,9 @@
*
*/
#include "modsecurity/rules.h"
#include "modsecurity/rule_message.h"
#include "modsecurity/rules_set.h"
#include "modsecurity/modsecurity.h"
#include "modsecurity/transaction.h"
#include "src/utils/string.h"

2
src/rule_script.h
View File

@@ -18,6 +18,7 @@
#include <memory>
#include <vector>
#include "modsecurity/rules_set.h"
#include "modsecurity/rule.h"
#include "src/engine/lua.h"
#include "src/operators/operator.h"
@@ -26,7 +27,6 @@
#include "src/actions/transformations/none.h"
#include "src/actions/tag.h"
#include "src/utils/string.h"
#include "modsecurity/rules.h"
#include "modsecurity/rule_message.h"
#include "src/actions/msg.h"
#include "src/actions/log_data.h"

46
src/rules.cc
View File

@@ -13,14 +13,13 @@
*
*/
#include "modsecurity/rules.h"
#include <ctime>
#include <iostream>
#include <fstream>
#include <string>
#include <vector>
#include "modsecurity/rules_set.h"
#include "modsecurity/modsecurity.h"
#include "modsecurity/transaction.h"
#include "src/parser/driver.h"
@@ -47,7 +46,7 @@ namespace modsecurity {
* @return Number of the current transactions using this rules
*
*/
void Rules::incrementReferenceCount(void) {
void RulesSet::incrementReferenceCount(void) {
this->m_referenceCount++;
}
@@ -60,7 +59,7 @@ void Rules::incrementReferenceCount(void) {
* @return Number of the current transactions using this rules
*
*/
void Rules::decrementReferenceCount(void) {
void RulesSet::decrementReferenceCount(void) {
this->m_referenceCount--;
if (this->m_referenceCount == 0) {
/**
@@ -92,7 +91,7 @@ void Rules::decrementReferenceCount(void) {
* @retval false Problem loading the rules.
*
*/
int Rules::loadFromUri(const char *uri) {
int RulesSet::loadFromUri(const char *uri) {
Driver *driver = new Driver();
if (driver->parseFile(uri) == false) {
@@ -108,7 +107,7 @@ int Rules::loadFromUri(const char *uri) {
}
int Rules::load(const char *file, const std::string &ref) {
int RulesSet::load(const char *file, const std::string &ref) {
Driver *driver = new Driver();
if (driver->parse(file, ref) == false) {
@@ -128,7 +127,7 @@ int Rules::load(const char *file, const std::string &ref) {
}
int Rules::loadRemote(const char *key, const char *uri) {
int RulesSet::loadRemote(const char *key, const char *uri) {
HttpsClient client;
client.setKey(key);
bool ret = client.download(uri);
@@ -141,17 +140,17 @@ int Rules::loadRemote(const char *key, const char *uri) {
}
int Rules::load(const char *plainRules) {
int RulesSet::load(const char *plainRules) {
return this->load(plainRules, "");
}
std::string Rules::getParserError() {
std::string RulesSet::getParserError() {
return this->m_parserError.str();
}
int Rules::evaluate(int phase, Transaction *t) {
int RulesSet::evaluate(int phase, Transaction *t) {
if (phase >= modsecurity::Phases::NUMBER_OF_PHASES) {
return 0;
}
@@ -266,7 +265,7 @@ int Rules::evaluate(int phase, Transaction *t) {
}
int Rules::merge(Driver *from) {
int RulesSet::merge(Driver *from) {
int amount_of_rules = 0;
amount_of_rules = mergeProperties(
dynamic_cast<RulesProperties *>(from),
@@ -277,7 +276,7 @@ int Rules::merge(Driver *from) {
}
int Rules::merge(Rules *from) {
int RulesSet::merge(RulesSet *from) {
int amount_of_rules = 0;
amount_of_rules = mergeProperties(
dynamic_cast<RulesProperties *>(from),
@@ -288,7 +287,7 @@ int Rules::merge(Rules *from) {
}
void Rules::debug(int level, const std::string &id,
void RulesSet::debug(int level, const std::string &id,
const std::string &uri, const std::string &msg) {
if (m_debugLog != NULL) {
m_debugLog->write(level, id, uri, msg);
@@ -296,7 +295,8 @@ void Rules::debug(int level, const std::string &id,
}
void Rules::dump() const {
void RulesSet::dump() const {
std::cout << "Rules: " << std::endl;
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<Rule *> rules = m_rules[i];
@@ -311,18 +311,18 @@ void Rules::dump() const {
}
extern "C" Rules *msc_create_rules_set(void) {
return new Rules();
extern "C" RulesSet *msc_create_rules_set(void) {
return new RulesSet();
}
extern "C" void msc_rules_dump(Rules *rules) {
extern "C" void msc_rules_dump(RulesSet *rules) {
rules->dump();
}
extern "C" int msc_rules_merge(Rules *rules_dst,
Rules *rules_from, const char **error) {
extern "C" int msc_rules_merge(RulesSet *rules_dst,
RulesSet *rules_from, const char **error) {
int ret = rules_dst->merge(rules_from);
if (ret < 0) {
*error = strdup(rules_dst->getParserError().c_str());
@@ -331,7 +331,7 @@ extern "C" int msc_rules_merge(Rules *rules_dst,
}
extern "C" int msc_rules_add_remote(Rules *rules,
extern "C" int msc_rules_add_remote(RulesSet *rules,
const char *key, const char *uri, const char **error) {
int ret = rules->loadRemote(key, uri);
if (ret < 0) {
@@ -341,7 +341,7 @@ extern "C" int msc_rules_add_remote(Rules *rules,
}
extern "C" int msc_rules_add_file(Rules *rules, const char *file,
extern "C" int msc_rules_add_file(RulesSet *rules, const char *file,
const char **error) {
int ret = rules->loadFromUri(file);
if (ret < 0) {
@@ -351,7 +351,7 @@ extern "C" int msc_rules_add_file(Rules *rules, const char *file,
}
extern "C" int msc_rules_add(Rules *rules, const char *plain_rules,
extern "C" int msc_rules_add(RulesSet *rules, const char *plain_rules,
const char **error) {
int ret = rules->load(plain_rules);
if (ret < 0) {
@@ -361,7 +361,7 @@ extern "C" int msc_rules_add(Rules *rules, const char *plain_rules,
}
extern "C" int msc_rules_cleanup(Rules *rules) {
extern "C" int msc_rules_cleanup(RulesSet *rules) {
delete rules;
return true;
}

34
src/transaction.cc
View File

@@ -99,7 +99,7 @@ namespace modsecurity {
* @endcode
*
*/
Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData)
Transaction::Transaction(ModSecurity *ms, RulesSet *rules, void *logCbData)
: m_creationTimeStamp(utils::cpu_seconds()),
m_clientIpAddress(""),
m_httpVersion(""),
@@ -120,7 +120,7 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData)
m_ruleRemoveByTag(),
m_ruleRemoveTargetByTag(),
m_ruleRemoveTargetById(),
m_requestBodyAccess(Rules::PropertyNotSetConfigBoolean),
m_requestBodyAccess(RulesSet::PropertyNotSetConfigBoolean),
m_auditLogModifier(),
m_rulesMessages(),
m_requestBody(),
@@ -173,7 +173,7 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData)
intervention::clean(&m_it);
}
Transaction::Transaction(ModSecurity *ms, Rules *rules, char *id, void *logCbData)
Transaction::Transaction(ModSecurity *ms, RulesSet *rules, char *id, void *logCbData)
: m_creationTimeStamp(utils::cpu_seconds()),
m_clientIpAddress(""),
m_httpVersion(""),
@@ -194,7 +194,7 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, char *id, void *logCbDat
m_ruleRemoveByTag(),
m_ruleRemoveTargetByTag(),
m_ruleRemoveTargetById(),
m_requestBodyAccess(Rules::PropertyNotSetConfigBoolean),
m_requestBodyAccess(RulesSet::PropertyNotSetConfigBoolean),
m_auditLogModifier(),
m_rulesMessages(),
m_requestBody(),
@@ -563,7 +563,7 @@ int Transaction::processURI(const char *uri, const char *method,
int Transaction::processRequestHeaders() {
ms_dbg(4, "Starting phase REQUEST_HEADERS. (SecRules 1)");
if (getRuleEngineState() == Rules::DisabledRuleEngine) {
if (getRuleEngineState() == RulesSet::DisabledRuleEngine) {
ms_dbg(4, "Rule engine disabled, returning...");
return true;
}
@@ -1004,7 +1004,7 @@ int Transaction::appendRequestBody(const unsigned char *buf, size_t len) {
ms_dbg(5, "Request body is bigger than the maximum expected.");
if (this->m_rules->m_requestBodyLimitAction ==
Rules::BodyLimitAction::ProcessPartialBodyLimitAction) {
RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction) {
size_t spaceLeft = this->m_rules->m_requestBodyLimit.m_value
- current_size;
this->m_requestBody.write(reinterpret_cast<const char*>(buf),
@@ -1013,10 +1013,10 @@ int Transaction::appendRequestBody(const unsigned char *buf, size_t len) {
return false;
} else {
if (this->m_rules->m_requestBodyLimitAction ==
Rules::BodyLimitAction::RejectBodyLimitAction) {
RulesSet::BodyLimitAction::RejectBodyLimitAction) {
ms_dbg(5, "Request body limit is marked to reject the " \
"request");
if (getRuleEngineState() == Rules::EnabledRuleEngine) {
if (getRuleEngineState() == RulesSet::EnabledRuleEngine) {
intervention::free(&m_it);
m_it.log = strdup("Request body limit is marked to " \
"reject the request");
@@ -1061,7 +1061,7 @@ int Transaction::processResponseHeaders(int code, const std::string& proto) {
m_variableResponseStatus.set(std::to_string(code), m_variableOffset);
m_variableResponseProtocol.set(proto, m_variableOffset);
if (getRuleEngineState() == Rules::DisabledRuleEngine) {
if (getRuleEngineState() == RulesSet::DisabledRuleEngine) {
ms_dbg(4, "Rule engine disabled, returning...");
return true;
}
@@ -1182,7 +1182,7 @@ int Transaction::addResponseHeader(const unsigned char *key, size_t key_n,
int Transaction::processResponseBody() {
ms_dbg(4, "Starting phase RESPONSE_BODY. (SecRules 4)");
if (getRuleEngineState() == Rules::DisabledRuleEngine) {
if (getRuleEngineState() == RulesSet::DisabledRuleEngine) {
ms_dbg(4, "Rule engine disabled, returning...");
return true;
}
@@ -1263,7 +1263,7 @@ int Transaction::appendResponseBody(const unsigned char *buf, size_t len) {
m_variableOutboundDataError.set("1", m_variableOffset);
ms_dbg(5, "Response body is bigger than the maximum expected.");
if (this->m_rules->m_responseBodyLimitAction ==
Rules::BodyLimitAction::ProcessPartialBodyLimitAction) {
RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction) {
size_t spaceLeft = this->m_rules->m_responseBodyLimit.m_value \
- current_size;
this->m_responseBody.write(reinterpret_cast<const char*>(buf),
@@ -1272,10 +1272,10 @@ int Transaction::appendResponseBody(const unsigned char *buf, size_t len) {
return false;
} else {
if (this->m_rules->m_responseBodyLimitAction ==
Rules::BodyLimitAction::RejectBodyLimitAction) {
RulesSet::BodyLimitAction::RejectBodyLimitAction) {
ms_dbg(5, "Response body limit is marked to reject the " \
"request");
if (getRuleEngineState() == Rules::EnabledRuleEngine) {
if (getRuleEngineState() == RulesSet::EnabledRuleEngine) {
intervention::free(&m_it);
m_it.log = strdup("Response body limit is marked to reject " \
"the request");
@@ -1370,7 +1370,7 @@ size_t Transaction::getRequestBodyLength() {
int Transaction::processLogging() {
ms_dbg(4, "Starting phase LOGGING. (SecRules 5)");
if (getRuleEngineState() == Rules::DisabledRuleEngine) {
if (getRuleEngineState() == RulesSet::DisabledRuleEngine) {
ms_dbg(4, "Rule engine disabled, returning...");
return true;
}
@@ -1726,7 +1726,7 @@ std::string Transaction::toJSON(int parts) {
/* producer > engine state */
LOGFY_ADD("secrules_engine",
Rules::ruleEngineStateString(
RulesSet::ruleEngineStateString(
(RulesProperties::RuleEngine) getRuleEngineState()));
/* producer > components */
@@ -1865,11 +1865,11 @@ int Transaction::updateStatusCode(int code) {
*
*/
extern "C" Transaction *msc_new_transaction(ModSecurity *ms,
Rules *rules, void *logCbData) {
RulesSet *rules, void *logCbData) {
return new Transaction(ms, rules, logCbData);
}
extern "C" Transaction *msc_new_transaction_with_id(ModSecurity *ms,
Rules *rules, char *id, void *logCbData) {
RulesSet *rules, char *id, void *logCbData) {
return new Transaction(ms, rules, id, logCbData);
}

2
src/variables/variable.h
View File

@@ -21,9 +21,9 @@
#include <vector>
#include <deque>
#include "modsecurity/rules_set.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "modsecurity/rules.h"
#include "src/utils/string.h"
#include "src/utils/regex.h"

2
src/variables/xml.cc
View File

@@ -37,7 +37,7 @@
#include "modsecurity/transaction.h"
#include "modsecurity/rules_properties.h"
#include "modsecurity/rules.h"
#include "modsecurity/rules_set.h"
#include "src/request_body_processor/xml.h"
#include "modsecurity/actions/action.h"