mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-14 05:45:59 +03:00
Refactoring: Renames Rules to RulesSet
RulesSet does not only contain rules but alse properties
This commit is contained in:
Felipe Zimmerle
parent
0c3e8b6b59
commit
7495675d54
@ -15,7 +15,7 @@
|
|||||||
|
|
||||||
#include <modsecurity/modsecurity.h>
|
#include <modsecurity/modsecurity.h>
|
||||||
#include <modsecurity/transaction.h>
|
#include <modsecurity/transaction.h>
|
||||||
#include <modsecurity/rules.h>
|
#include <modsecurity/rules_set.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
@ -24,12 +24,13 @@
|
|||||||
#include <sys/wait.h>
|
#include <sys/wait.h>
|
||||||
#include <sys/time.h>
|
#include <sys/time.h>
|
||||||
|
|
||||||
|
|
||||||
#define FORKS 5
|
#define FORKS 5
|
||||||
#define REQUESTS_PER_PROCESS 100
|
#define REQUESTS_PER_PROCESS 100
|
||||||
|
|
||||||
|
|
||||||
char main_rule_uri[] = "basic_rules.conf";
|
char main_rule_uri[] = "basic_rules.conf";
|
||||||
Rules *rules = NULL;
|
RulesSet *rules = NULL;
|
||||||
ModSecurity *modsec = NULL;
|
ModSecurity *modsec = NULL;
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -69,14 +69,14 @@ char ip[] = "200.249.12.31";
|
|||||||
|
|
||||||
struct data_ms {
|
struct data_ms {
|
||||||
modsecurity::ModSecurity *modsec;
|
modsecurity::ModSecurity *modsec;
|
||||||
modsecurity::Rules *rules;
|
modsecurity::RulesSet *rules;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
static void *process_request(void *data) {
|
static void *process_request(void *data) {
|
||||||
struct data_ms *a = (struct data_ms *)data;
|
struct data_ms *a = (struct data_ms *)data;
|
||||||
modsecurity::ModSecurity *modsec = a->modsec;
|
modsecurity::ModSecurity *modsec = a->modsec;
|
||||||
modsecurity::Rules *rules = a->rules;
|
modsecurity::RulesSet *rules = a->rules;
|
||||||
int z = 0;
|
int z = 0;
|
||||||
|
|
||||||
for (z = 0; z < 10000; z++) {
|
for (z = 0; z < 10000; z++) {
|
||||||
@ -132,7 +132,7 @@ class ReadingLogsViaRuleMessage {
|
|||||||
void *status;
|
void *status;
|
||||||
|
|
||||||
modsecurity::ModSecurity *modsec;
|
modsecurity::ModSecurity *modsec;
|
||||||
modsecurity::Rules *rules;
|
modsecurity::RulesSet *rules;
|
||||||
|
|
||||||
modsec = new modsecurity::ModSecurity();
|
modsec = new modsecurity::ModSecurity();
|
||||||
modsec->setConnectorInformation("ModSecurity-test v0.0.1-alpha" \
|
modsec->setConnectorInformation("ModSecurity-test v0.0.1-alpha" \
|
||||||
@ -140,7 +140,7 @@ class ReadingLogsViaRuleMessage {
|
|||||||
modsec->setServerLogCb(logCb, modsecurity::RuleMessageLogProperty
|
modsec->setServerLogCb(logCb, modsecurity::RuleMessageLogProperty
|
||||||
| modsecurity::IncludeFullHighlightLogProperty);
|
| modsecurity::IncludeFullHighlightLogProperty);
|
||||||
|
|
||||||
rules = new modsecurity::Rules();
|
rules = new modsecurity::RulesSet();
|
||||||
if (rules->loadFromUri(m_rules.c_str()) < 0) {
|
if (rules->loadFromUri(m_rules.c_str()) < 0) {
|
||||||
std::cout << "Problems loading the rules..." << std::endl;
|
std::cout << "Problems loading the rules..." << std::endl;
|
||||||
std::cout << rules->m_parserError.str() << std::endl;
|
std::cout << rules->m_parserError.str() << std::endl;
|
||||||
|
|||||||
@ -17,7 +17,7 @@
|
|||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
#include <modsecurity/modsecurity.h>
|
#include <modsecurity/modsecurity.h>
|
||||||
#include <modsecurity/rules.h>
|
#include <modsecurity/rules_set.h>
|
||||||
#include "examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h"
|
#include "examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h"
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -18,7 +18,7 @@
|
|||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
|
||||||
#include "modsecurity/modsecurity.h"
|
#include "modsecurity/modsecurity.h"
|
||||||
#include "modsecurity/rules.h"
|
#include "modsecurity/rules_set.h"
|
||||||
|
|
||||||
|
|
||||||
char main_rule_uri[] = "basic_rules.conf";
|
char main_rule_uri[] = "basic_rules.conf";
|
||||||
@ -29,7 +29,7 @@ int main (int argc, char **argv)
|
|||||||
const char *error = NULL;
|
const char *error = NULL;
|
||||||
ModSecurity *modsec;
|
ModSecurity *modsec;
|
||||||
Transaction *transaction = NULL;
|
Transaction *transaction = NULL;
|
||||||
Rules *rules;
|
RulesSet *rules;
|
||||||
|
|
||||||
modsec = msc_init();
|
modsec = msc_init();
|
||||||
|
|
||||||
|
|||||||
@ -19,7 +19,7 @@
|
|||||||
|
|
||||||
|
|
||||||
#include <modsecurity/modsecurity.h>
|
#include <modsecurity/modsecurity.h>
|
||||||
#include <modsecurity/rules.h>
|
#include <modsecurity/rules_set.h>
|
||||||
#include <modsecurity/rule_message.h>
|
#include <modsecurity/rule_message.h>
|
||||||
|
|
||||||
|
|
||||||
@ -28,6 +28,7 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
char request_uri[] = "/test.pl?param1=test¶2=test2";
|
char request_uri[] = "/test.pl?param1=test¶2=test2";
|
||||||
|
|
||||||
char request_body_first[] = "" \
|
char request_body_first[] = "" \
|
||||||
@ -125,7 +126,7 @@ int process_intervention(modsecurity::Transaction *transaction) {
|
|||||||
|
|
||||||
int main(int argc, char **argv) {
|
int main(int argc, char **argv) {
|
||||||
modsecurity::ModSecurity *modsec;
|
modsecurity::ModSecurity *modsec;
|
||||||
modsecurity::Rules *rules;
|
modsecurity::RulesSet *rules;
|
||||||
|
|
||||||
if (argc < 2) {
|
if (argc < 2) {
|
||||||
std::cout << "Use " << *argv << " test-case-file.conf";
|
std::cout << "Use " << *argv << " test-case-file.conf";
|
||||||
@ -150,7 +151,7 @@ int main(int argc, char **argv) {
|
|||||||
* loading the rules....
|
* loading the rules....
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
rules = new modsecurity::Rules();
|
rules = new modsecurity::RulesSet();
|
||||||
if (rules->loadFromUri(rules_arg.c_str()) < 0) {
|
if (rules->loadFromUri(rules_arg.c_str()) < 0) {
|
||||||
std::cout << "Problems loading the rules..." << std::endl;
|
std::cout << "Problems loading the rules..." << std::endl;
|
||||||
std::cout << rules->m_parserError.str() << std::endl;
|
std::cout << rules->m_parserError.str() << std::endl;
|
||||||
|
|||||||
@ -13,101 +13,5 @@
|
|||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <modsecurity/rules_set.h>
|
||||||
#include <string.h>
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
#include <ctime>
|
|
||||||
#include <iostream>
|
|
||||||
#include <string>
|
|
||||||
#include <vector>
|
|
||||||
#include <list>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
#ifndef HEADERS_MODSECURITY_RULES_H_
|
|
||||||
#define HEADERS_MODSECURITY_RULES_H_
|
|
||||||
|
|
||||||
#include "modsecurity/rules_properties.h"
|
|
||||||
#include "modsecurity/modsecurity.h"
|
|
||||||
#include "modsecurity/transaction.h"
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
|
|
||||||
namespace modsecurity {
|
|
||||||
class Rule;
|
|
||||||
namespace Parser {
|
|
||||||
class Driver;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/** @ingroup ModSecurity_CPP_API */
|
|
||||||
class Rules : public RulesProperties {
|
|
||||||
public:
|
|
||||||
Rules()
|
|
||||||
: RulesProperties(new DebugLog()),
|
|
||||||
unicode_codepage(0),
|
|
||||||
#ifndef NO_LOGS
|
|
||||||
m_secmarker_skipped(0),
|
|
||||||
#endif
|
|
||||||
m_referenceCount(0) { }
|
|
||||||
|
|
||||||
explicit Rules(DebugLog *customLog)
|
|
||||||
: RulesProperties(customLog),
|
|
||||||
unicode_codepage(0),
|
|
||||||
#ifndef NO_LOGS
|
|
||||||
m_secmarker_skipped(0),
|
|
||||||
#endif
|
|
||||||
m_referenceCount(0) { }
|
|
||||||
|
|
||||||
~Rules() { }
|
|
||||||
|
|
||||||
void incrementReferenceCount(void);
|
|
||||||
void decrementReferenceCount(void);
|
|
||||||
|
|
||||||
int loadFromUri(const char *uri);
|
|
||||||
int loadRemote(const char *key, const char *uri);
|
|
||||||
int load(const char *rules);
|
|
||||||
int load(const char *rules, const std::string &ref);
|
|
||||||
|
|
||||||
void dump() const;
|
|
||||||
|
|
||||||
int merge(Parser::Driver *driver);
|
|
||||||
int merge(Rules *rules);
|
|
||||||
|
|
||||||
int evaluate(int phase, Transaction *transaction);
|
|
||||||
std::string getParserError();
|
|
||||||
|
|
||||||
void debug(int level, const std::string &id, const std::string &uri,
|
|
||||||
const std::string &msg);
|
|
||||||
|
|
||||||
int64_t unicode_codepage;
|
|
||||||
|
|
||||||
private:
|
|
||||||
#ifndef NO_LOGS
|
|
||||||
uint8_t m_secmarker_skipped;
|
|
||||||
#endif
|
|
||||||
int m_referenceCount;
|
|
||||||
};
|
|
||||||
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
Rules *msc_create_rules_set(void);
|
|
||||||
void msc_rules_dump(Rules *rules);
|
|
||||||
int msc_rules_merge(Rules *rules_dst, Rules *rules_from, const char **error);
|
|
||||||
int msc_rules_add_remote(Rules *rules, const char *key, const char *uri,
|
|
||||||
const char **error);
|
|
||||||
int msc_rules_add_file(Rules *rules, const char *file, const char **error);
|
|
||||||
int msc_rules_add(Rules *rules, const char *plain_rules, const char **error);
|
|
||||||
int msc_rules_cleanup(Rules *rules);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
} // namespace modsecurity
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif // HEADERS_MODSECURITY_RULES_H_
|
|
||||||
|
|||||||
109
headers/modsecurity/rules_set.h
Normal file
109
headers/modsecurity/rules_set.h
Normal file
@ -0,0 +1,109 @@
|
|||||||
|
/*
|
||||||
|
* ModSecurity, http://www.modsecurity.org/
|
||||||
|
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||||
|
*
|
||||||
|
* You may not use this file except in compliance with
|
||||||
|
* the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* If any of the files related to licensing are missing or if you have any
|
||||||
|
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||||
|
* directly using the email address security@modsecurity.org.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
#include <ctime>
|
||||||
|
#include <iostream>
|
||||||
|
#include <string>
|
||||||
|
#include <vector>
|
||||||
|
#include <list>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
#ifndef HEADERS_MODSECURITY_RULES_H_
|
||||||
|
#define HEADERS_MODSECURITY_RULES_H_
|
||||||
|
|
||||||
|
#include "modsecurity/rules_properties.h"
|
||||||
|
#include "modsecurity/modsecurity.h"
|
||||||
|
#include "modsecurity/transaction.h"
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
|
||||||
|
namespace modsecurity {
|
||||||
|
class Rule;
|
||||||
|
namespace Parser {
|
||||||
|
class Driver;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/** @ingroup ModSecurity_CPP_API */
|
||||||
|
class RulesSet : public RulesProperties {
|
||||||
|
public:
|
||||||
|
RulesSet()
|
||||||
|
: RulesProperties(new DebugLog()),
|
||||||
|
unicode_codepage(0),
|
||||||
|
#ifndef NO_LOGS
|
||||||
|
,m_secmarker_skipped(0)
|
||||||
|
#endif
|
||||||
|
{ }
|
||||||
|
|
||||||
|
explicit RulesSet(DebugLog *customLog)
|
||||||
|
: RulesProperties(customLog),
|
||||||
|
unicode_codepage(0)
|
||||||
|
#ifndef NO_LOGS
|
||||||
|
,m_secmarker_skipped(0)
|
||||||
|
#endif
|
||||||
|
{ }
|
||||||
|
|
||||||
|
~RulesSet() { }
|
||||||
|
|
||||||
|
int loadFromUri(const char *uri);
|
||||||
|
int loadRemote(const char *key, const char *uri);
|
||||||
|
int load(const char *rules);
|
||||||
|
int load(const char *rules, const std::string &ref);
|
||||||
|
|
||||||
|
void dump() const;
|
||||||
|
|
||||||
|
int merge(Parser::Driver *driver);
|
||||||
|
int merge(RulesSet *rules);
|
||||||
|
|
||||||
|
int evaluate(int phase, Transaction *transaction);
|
||||||
|
std::string getParserError();
|
||||||
|
|
||||||
|
void debug(int level, const std::string &id, const std::string &uri,
|
||||||
|
const std::string &msg);
|
||||||
|
|
||||||
|
int64_t unicode_codepage;
|
||||||
|
|
||||||
|
private:
|
||||||
|
#ifndef NO_LOGS
|
||||||
|
uint8_t m_secmarker_skipped;
|
||||||
|
#endif
|
||||||
|
};
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
#endif
|
||||||
|
|
||||||
|
RulesSet *msc_create_rules_set(void);
|
||||||
|
void msc_rules_dump(RulesSet *rules);
|
||||||
|
int msc_rules_merge(RulesSet *rules_dst, RulesSet *rules_from, const char **error);
|
||||||
|
int msc_rules_add_remote(RulesSet *rules, const char *key, const char *uri,
|
||||||
|
const char **error);
|
||||||
|
int msc_rules_add_file(RulesSet *rules, const char *file, const char **error);
|
||||||
|
int msc_rules_add(RulesSet *rules, const char *plain_rules, const char **error);
|
||||||
|
int msc_rules_cleanup(RulesSet *rules);
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
}
|
||||||
|
} // namespace modsecurity
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#endif // HEADERS_MODSECURITY_RULES_H_
|
||||||
@ -37,7 +37,7 @@
|
|||||||
#ifndef __cplusplus
|
#ifndef __cplusplus
|
||||||
typedef struct ModSecurity_t ModSecurity;
|
typedef struct ModSecurity_t ModSecurity;
|
||||||
typedef struct Transaction_t Transaction;
|
typedef struct Transaction_t Transaction;
|
||||||
typedef struct Rules_t Rules;
|
typedef struct Rules_t RulesSet;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include "modsecurity/anchored_set_variable.h"
|
#include "modsecurity/anchored_set_variable.h"
|
||||||
@ -98,7 +98,7 @@ namespace modsecurity {
|
|||||||
|
|
||||||
class ModSecurity;
|
class ModSecurity;
|
||||||
class Transaction;
|
class Transaction;
|
||||||
class Rules;
|
class RulesSet;
|
||||||
class RuleMessage;
|
class RuleMessage;
|
||||||
namespace actions {
|
namespace actions {
|
||||||
class Action;
|
class Action;
|
||||||
@ -288,8 +288,8 @@ class TransactionAnchoredVariables {
|
|||||||
/** @ingroup ModSecurity_CPP_API */
|
/** @ingroup ModSecurity_CPP_API */
|
||||||
class Transaction : public TransactionAnchoredVariables {
|
class Transaction : public TransactionAnchoredVariables {
|
||||||
public:
|
public:
|
||||||
Transaction(ModSecurity *transaction, Rules *rules, void *logCbData);
|
Transaction(ModSecurity *transaction, RulesSet *rules, void *logCbData);
|
||||||
Transaction(ModSecurity *transaction, Rules *rules, char *id,
|
Transaction(ModSecurity *transaction, RulesSet *rules, char *id,
|
||||||
void *logCbData);
|
void *logCbData);
|
||||||
~Transaction();
|
~Transaction();
|
||||||
|
|
||||||
@ -459,7 +459,7 @@ class Transaction : public TransactionAnchoredVariables {
|
|||||||
/**
|
/**
|
||||||
* Rules object utilized during this specific transaction.
|
* Rules object utilized during this specific transaction.
|
||||||
*/
|
*/
|
||||||
Rules *m_rules;
|
RulesSet *m_rules;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
@ -604,11 +604,11 @@ extern "C" {
|
|||||||
|
|
||||||
/** @ingroup ModSecurity_C_API */
|
/** @ingroup ModSecurity_C_API */
|
||||||
Transaction *msc_new_transaction(ModSecurity *ms,
|
Transaction *msc_new_transaction(ModSecurity *ms,
|
||||||
Rules *rules, void *logCbData);
|
RulesSet *rules, void *logCbData);
|
||||||
|
|
||||||
/** @ingroup ModSecurity_C_API */
|
/** @ingroup ModSecurity_C_API */
|
||||||
Transaction *msc_new_transaction_with_id(ModSecurity *ms,
|
Transaction *msc_new_transaction_with_id(ModSecurity *ms,
|
||||||
Rules *rules, char *id, void *logCbData);
|
RulesSet *rules, char *id, void *logCbData);
|
||||||
|
|
||||||
/** @ingroup ModSecurity_C_API */
|
/** @ingroup ModSecurity_C_API */
|
||||||
int msc_process_connection(Transaction *transaction,
|
int msc_process_connection(Transaction *transaction,
|
||||||
|
|||||||
@ -43,7 +43,7 @@ pkginclude_HEADERS = \
|
|||||||
../headers/modsecurity/modsecurity.h \
|
../headers/modsecurity/modsecurity.h \
|
||||||
../headers/modsecurity/rule.h \
|
../headers/modsecurity/rule.h \
|
||||||
../headers/modsecurity/rule_message.h \
|
../headers/modsecurity/rule_message.h \
|
||||||
../headers/modsecurity/rules.h \
|
../headers/modsecurity/rules_set.h \
|
||||||
../headers/modsecurity/rules_exceptions.h \
|
../headers/modsecurity/rules_exceptions.h \
|
||||||
../headers/modsecurity/rules_properties.h \
|
../headers/modsecurity/rules_properties.h \
|
||||||
../headers/modsecurity/transaction.h \
|
../headers/modsecurity/transaction.h \
|
||||||
|
|||||||
@ -19,9 +19,9 @@
|
|||||||
#include <string>
|
#include <string>
|
||||||
#include <memory>
|
#include <memory>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
#include "modsecurity/rule.h"
|
#include "modsecurity/rule.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
#include "modsecurity/intervention.h"
|
#include "modsecurity/intervention.h"
|
||||||
#include "src/actions/data/status.h"
|
#include "src/actions/data/status.h"
|
||||||
|
|
||||||
|
|||||||
@ -18,8 +18,8 @@
|
|||||||
#include <iostream>
|
#include <iostream>
|
||||||
#include <string>
|
#include <string>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/rules_properties.h"
|
#include "modsecurity/rules_properties.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
|
|
||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
|
|||||||
@ -18,9 +18,9 @@
|
|||||||
#include <iostream>
|
#include <iostream>
|
||||||
#include <string>
|
#include <string>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
#include "modsecurity/rule.h"
|
#include "modsecurity/rule.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
#include "src/utils/string.h"
|
#include "src/utils/string.h"
|
||||||
#include "modsecurity/modsecurity.h"
|
#include "modsecurity/modsecurity.h"
|
||||||
|
|
||||||
|
|||||||
@ -16,9 +16,9 @@
|
|||||||
#include <string>
|
#include <string>
|
||||||
#include <memory>
|
#include <memory>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/actions/action.h"
|
#include "modsecurity/actions/action.h"
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
#include "modsecurity/rule_message.h"
|
#include "modsecurity/rule_message.h"
|
||||||
|
|
||||||
#ifndef SRC_ACTIONS_DISRUPTIVE_DENY_H_
|
#ifndef SRC_ACTIONS_DISRUPTIVE_DENY_H_
|
||||||
|
|||||||
@ -21,7 +21,11 @@
|
|||||||
#include <cstring>
|
#include <cstring>
|
||||||
#include <memory>
|
#include <memory>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
|
#include "modsecurity/rule.h"
|
||||||
|
#include "src/utils/string.h"
|
||||||
|
#include "modsecurity/modsecurity.h"
|
||||||
|
|
||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|||||||
@ -18,7 +18,6 @@
|
|||||||
|
|
||||||
#include "modsecurity/actions/action.h"
|
#include "modsecurity/actions/action.h"
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
#include "modsecurity/rule_message.h"
|
#include "modsecurity/rule_message.h"
|
||||||
|
|
||||||
#ifndef SRC_ACTIONS_DISRUPTIVE_DROP_H_
|
#ifndef SRC_ACTIONS_DISRUPTIVE_DROP_H_
|
||||||
|
|||||||
@ -19,9 +19,9 @@
|
|||||||
#include <string>
|
#include <string>
|
||||||
#include <memory>
|
#include <memory>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
#include "modsecurity/rule.h"
|
#include "modsecurity/rule.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
#include "modsecurity/rule_message.h"
|
#include "modsecurity/rule_message.h"
|
||||||
|
|
||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
|
|||||||
@ -18,10 +18,10 @@
|
|||||||
#include <iostream>
|
#include <iostream>
|
||||||
#include <string>
|
#include <string>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/actions/action.h"
|
#include "modsecurity/actions/action.h"
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
#include "modsecurity/rule.h"
|
#include "modsecurity/rule.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
#include "src/utils/system.h"
|
#include "src/utils/system.h"
|
||||||
#include "src/engine/lua.h"
|
#include "src/engine/lua.h"
|
||||||
|
|
||||||
|
|||||||
@ -19,8 +19,8 @@
|
|||||||
#include <string>
|
#include <string>
|
||||||
#include <memory>
|
#include <memory>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
#include "modsecurity/rule.h"
|
#include "modsecurity/rule.h"
|
||||||
#include "src/utils/string.h"
|
#include "src/utils/string.h"
|
||||||
#include "src/variables/global.h"
|
#include "src/variables/global.h"
|
||||||
|
|||||||
@ -19,10 +19,10 @@
|
|||||||
#include <string>
|
#include <string>
|
||||||
#include <memory>
|
#include <memory>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/actions/action.h"
|
#include "modsecurity/actions/action.h"
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
#include "modsecurity/rule.h"
|
#include "modsecurity/rule.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
#include "src/utils/string.h"
|
#include "src/utils/string.h"
|
||||||
#include "modsecurity/rule_message.h"
|
#include "modsecurity/rule_message.h"
|
||||||
|
|
||||||
|
|||||||
@ -18,9 +18,9 @@
|
|||||||
#include <iostream>
|
#include <iostream>
|
||||||
#include <string>
|
#include <string>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/actions/action.h"
|
#include "modsecurity/actions/action.h"
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
|
|
||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
namespace actions {
|
namespace actions {
|
||||||
|
|||||||
@ -18,9 +18,9 @@
|
|||||||
#include <iostream>
|
#include <iostream>
|
||||||
#include <string>
|
#include <string>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/actions/action.h"
|
#include "modsecurity/actions/action.h"
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
|
|
||||||
|
|
||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
|
|||||||
@ -25,11 +25,11 @@
|
|||||||
#include <locale>
|
#include <locale>
|
||||||
#include <cstring>
|
#include <cstring>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
#include "src/actions/transformations/transformation.h"
|
#include "src/actions/transformations/transformation.h"
|
||||||
#include "src/utils/string.h"
|
#include "src/utils/string.h"
|
||||||
#include "src/utils/system.h"
|
#include "src/utils/system.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
#include "modsecurity/rules_properties.h"
|
#include "modsecurity/rules_properties.h"
|
||||||
|
|
||||||
|
|
||||||
@ -108,7 +108,7 @@ int UrlDecodeUni::inplace(unsigned char *input, uint64_t input_len,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (Code >= 0 && Code <= 65535) {
|
if (Code >= 0 && Code <= 65535) {
|
||||||
Rules *r = t->m_rules;
|
RulesSet *r = t->m_rules;
|
||||||
hmap = r->m_unicodeMapTable.m_unicodeMapTable->at(Code);
|
hmap = r->m_unicodeMapTable.m_unicodeMapTable->at(Code);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -25,9 +25,9 @@
|
|||||||
#include <fstream>
|
#include <fstream>
|
||||||
#include <mutex>
|
#include <mutex>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/audit_log.h"
|
#include "modsecurity/audit_log.h"
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
#include "src/utils/md5.h"
|
#include "src/utils/md5.h"
|
||||||
#include "src/utils/https_client.h"
|
#include "src/utils/https_client.h"
|
||||||
|
|
||||||
|
|||||||
@ -22,7 +22,7 @@
|
|||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
#include "modsecurity/audit_log.h"
|
#include "modsecurity/audit_log.h"
|
||||||
#include "src/utils/shared_files.h"
|
#include "src/utils/shared_files.h"
|
||||||
#include "modsecurity/rules.h"
|
#include "modsecurity/rules_set.h"
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
|
|
||||||
|
|||||||
@ -26,7 +26,7 @@
|
|||||||
#include "src/utils/shared_files.h"
|
#include "src/utils/shared_files.h"
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
#include "modsecurity/audit_log.h"
|
#include "modsecurity/audit_log.h"
|
||||||
#include "modsecurity/rules.h"
|
#include "modsecurity/rules_set.h"
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
|
|
||||||
|
|||||||
@ -15,7 +15,6 @@
|
|||||||
|
|
||||||
#include "src/operators/rbl.h"
|
#include "src/operators/rbl.h"
|
||||||
|
|
||||||
#include <modsecurity/rules.h>
|
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <sys/socket.h>
|
#include <sys/socket.h>
|
||||||
#include <netdb.h>
|
#include <netdb.h>
|
||||||
@ -24,6 +23,7 @@
|
|||||||
|
|
||||||
#include <string>
|
#include <string>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "src/operators/operator.h"
|
#include "src/operators/operator.h"
|
||||||
|
|
||||||
namespace modsecurity {
|
namespace modsecurity {
|
||||||
|
|||||||
@ -26,7 +26,7 @@
|
|||||||
#define SRC_PARSER_DRIVER_H_
|
#define SRC_PARSER_DRIVER_H_
|
||||||
|
|
||||||
#include "modsecurity/modsecurity.h"
|
#include "modsecurity/modsecurity.h"
|
||||||
#include "modsecurity/rules.h"
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/rules_properties.h"
|
#include "modsecurity/rules_properties.h"
|
||||||
#include "modsecurity/audit_log.h"
|
#include "modsecurity/audit_log.h"
|
||||||
#include "src/rule_script.h"
|
#include "src/rule_script.h"
|
||||||
@ -35,7 +35,7 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
using modsecurity::Rule;
|
using modsecurity::Rule;
|
||||||
using modsecurity::Rules;
|
using modsecurity::RulesSet;
|
||||||
|
|
||||||
|
|
||||||
# define YY_DECL \
|
# define YY_DECL \
|
||||||
|
|||||||
@ -2466,7 +2466,7 @@ namespace yy {
|
|||||||
case 80:
|
case 80:
|
||||||
#line 1210 "seclang-parser.yy"
|
#line 1210 "seclang-parser.yy"
|
||||||
{
|
{
|
||||||
driver.m_secRuleEngine = modsecurity::Rules::DisabledRuleEngine;
|
driver.m_secRuleEngine = modsecurity::RulesSet::DisabledRuleEngine;
|
||||||
}
|
}
|
||||||
#line 2472 "seclang-parser.cc"
|
#line 2472 "seclang-parser.cc"
|
||||||
break;
|
break;
|
||||||
@ -2474,7 +2474,7 @@ namespace yy {
|
|||||||
case 81:
|
case 81:
|
||||||
#line 1214 "seclang-parser.yy"
|
#line 1214 "seclang-parser.yy"
|
||||||
{
|
{
|
||||||
driver.m_secRuleEngine = modsecurity::Rules::EnabledRuleEngine;
|
driver.m_secRuleEngine = modsecurity::RulesSet::EnabledRuleEngine;
|
||||||
}
|
}
|
||||||
#line 2480 "seclang-parser.cc"
|
#line 2480 "seclang-parser.cc"
|
||||||
break;
|
break;
|
||||||
@ -2482,7 +2482,7 @@ namespace yy {
|
|||||||
case 82:
|
case 82:
|
||||||
#line 1218 "seclang-parser.yy"
|
#line 1218 "seclang-parser.yy"
|
||||||
{
|
{
|
||||||
driver.m_secRuleEngine = modsecurity::Rules::DetectionOnlyRuleEngine;
|
driver.m_secRuleEngine = modsecurity::RulesSet::DetectionOnlyRuleEngine;
|
||||||
}
|
}
|
||||||
#line 2488 "seclang-parser.cc"
|
#line 2488 "seclang-parser.cc"
|
||||||
break;
|
break;
|
||||||
@ -3039,7 +3039,7 @@ namespace yy {
|
|||||||
case 131:
|
case 131:
|
||||||
#line 1582 "seclang-parser.yy"
|
#line 1582 "seclang-parser.yy"
|
||||||
{
|
{
|
||||||
driver.m_requestBodyLimitAction = modsecurity::Rules::BodyLimitAction::ProcessPartialBodyLimitAction;
|
driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction;
|
||||||
}
|
}
|
||||||
#line 3045 "seclang-parser.cc"
|
#line 3045 "seclang-parser.cc"
|
||||||
break;
|
break;
|
||||||
@ -3047,7 +3047,7 @@ namespace yy {
|
|||||||
case 132:
|
case 132:
|
||||||
#line 1586 "seclang-parser.yy"
|
#line 1586 "seclang-parser.yy"
|
||||||
{
|
{
|
||||||
driver.m_requestBodyLimitAction = modsecurity::Rules::BodyLimitAction::RejectBodyLimitAction;
|
driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction;
|
||||||
}
|
}
|
||||||
#line 3053 "seclang-parser.cc"
|
#line 3053 "seclang-parser.cc"
|
||||||
break;
|
break;
|
||||||
@ -3055,7 +3055,7 @@ namespace yy {
|
|||||||
case 133:
|
case 133:
|
||||||
#line 1590 "seclang-parser.yy"
|
#line 1590 "seclang-parser.yy"
|
||||||
{
|
{
|
||||||
driver.m_responseBodyLimitAction = modsecurity::Rules::BodyLimitAction::ProcessPartialBodyLimitAction;
|
driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction;
|
||||||
}
|
}
|
||||||
#line 3061 "seclang-parser.cc"
|
#line 3061 "seclang-parser.cc"
|
||||||
break;
|
break;
|
||||||
@ -3063,7 +3063,7 @@ namespace yy {
|
|||||||
case 134:
|
case 134:
|
||||||
#line 1594 "seclang-parser.yy"
|
#line 1594 "seclang-parser.yy"
|
||||||
{
|
{
|
||||||
driver.m_responseBodyLimitAction = modsecurity::Rules::BodyLimitAction::RejectBodyLimitAction;
|
driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction;
|
||||||
}
|
}
|
||||||
#line 3069 "seclang-parser.cc"
|
#line 3069 "seclang-parser.cc"
|
||||||
break;
|
break;
|
||||||
@ -3071,7 +3071,7 @@ namespace yy {
|
|||||||
case 135:
|
case 135:
|
||||||
#line 1598 "seclang-parser.yy"
|
#line 1598 "seclang-parser.yy"
|
||||||
{
|
{
|
||||||
driver.m_remoteRulesActionOnFailed = Rules::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction;
|
driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction;
|
||||||
}
|
}
|
||||||
#line 3077 "seclang-parser.cc"
|
#line 3077 "seclang-parser.cc"
|
||||||
break;
|
break;
|
||||||
@ -3079,7 +3079,7 @@ namespace yy {
|
|||||||
case 136:
|
case 136:
|
||||||
#line 1602 "seclang-parser.yy"
|
#line 1602 "seclang-parser.yy"
|
||||||
{
|
{
|
||||||
driver.m_remoteRulesActionOnFailed = Rules::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction;
|
driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction;
|
||||||
}
|
}
|
||||||
#line 3085 "seclang-parser.cc"
|
#line 3085 "seclang-parser.cc"
|
||||||
break;
|
break;
|
||||||
|
|||||||
@ -1208,15 +1208,15 @@ expression:
|
|||||||
}
|
}
|
||||||
| CONFIG_DIR_RULE_ENG CONFIG_VALUE_OFF
|
| CONFIG_DIR_RULE_ENG CONFIG_VALUE_OFF
|
||||||
{
|
{
|
||||||
driver.m_secRuleEngine = modsecurity::Rules::DisabledRuleEngine;
|
driver.m_secRuleEngine = modsecurity::RulesSet::DisabledRuleEngine;
|
||||||
}
|
}
|
||||||
| CONFIG_DIR_RULE_ENG CONFIG_VALUE_ON
|
| CONFIG_DIR_RULE_ENG CONFIG_VALUE_ON
|
||||||
{
|
{
|
||||||
driver.m_secRuleEngine = modsecurity::Rules::EnabledRuleEngine;
|
driver.m_secRuleEngine = modsecurity::RulesSet::EnabledRuleEngine;
|
||||||
}
|
}
|
||||||
| CONFIG_DIR_RULE_ENG CONFIG_VALUE_DETC
|
| CONFIG_DIR_RULE_ENG CONFIG_VALUE_DETC
|
||||||
{
|
{
|
||||||
driver.m_secRuleEngine = modsecurity::Rules::DetectionOnlyRuleEngine;
|
driver.m_secRuleEngine = modsecurity::RulesSet::DetectionOnlyRuleEngine;
|
||||||
}
|
}
|
||||||
| CONFIG_DIR_REQ_BODY CONFIG_VALUE_ON
|
| CONFIG_DIR_REQ_BODY CONFIG_VALUE_ON
|
||||||
{
|
{
|
||||||
@ -1580,27 +1580,27 @@ expression:
|
|||||||
}
|
}
|
||||||
| CONFIG_DIR_REQ_BODY_LIMIT_ACTION CONFIG_VALUE_PROCESS_PARTIAL
|
| CONFIG_DIR_REQ_BODY_LIMIT_ACTION CONFIG_VALUE_PROCESS_PARTIAL
|
||||||
{
|
{
|
||||||
driver.m_requestBodyLimitAction = modsecurity::Rules::BodyLimitAction::ProcessPartialBodyLimitAction;
|
driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction;
|
||||||
}
|
}
|
||||||
| CONFIG_DIR_REQ_BODY_LIMIT_ACTION CONFIG_VALUE_REJECT
|
| CONFIG_DIR_REQ_BODY_LIMIT_ACTION CONFIG_VALUE_REJECT
|
||||||
{
|
{
|
||||||
driver.m_requestBodyLimitAction = modsecurity::Rules::BodyLimitAction::RejectBodyLimitAction;
|
driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction;
|
||||||
}
|
}
|
||||||
| CONFIG_DIR_RES_BODY_LIMIT_ACTION CONFIG_VALUE_PROCESS_PARTIAL
|
| CONFIG_DIR_RES_BODY_LIMIT_ACTION CONFIG_VALUE_PROCESS_PARTIAL
|
||||||
{
|
{
|
||||||
driver.m_responseBodyLimitAction = modsecurity::Rules::BodyLimitAction::ProcessPartialBodyLimitAction;
|
driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction;
|
||||||
}
|
}
|
||||||
| CONFIG_DIR_RES_BODY_LIMIT_ACTION CONFIG_VALUE_REJECT
|
| CONFIG_DIR_RES_BODY_LIMIT_ACTION CONFIG_VALUE_REJECT
|
||||||
{
|
{
|
||||||
driver.m_responseBodyLimitAction = modsecurity::Rules::BodyLimitAction::RejectBodyLimitAction;
|
driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction;
|
||||||
}
|
}
|
||||||
| CONFIG_SEC_REMOTE_RULES_FAIL_ACTION CONFIG_VALUE_ABORT
|
| CONFIG_SEC_REMOTE_RULES_FAIL_ACTION CONFIG_VALUE_ABORT
|
||||||
{
|
{
|
||||||
driver.m_remoteRulesActionOnFailed = Rules::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction;
|
driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction;
|
||||||
}
|
}
|
||||||
| CONFIG_SEC_REMOTE_RULES_FAIL_ACTION CONFIG_VALUE_WARN
|
| CONFIG_SEC_REMOTE_RULES_FAIL_ACTION CONFIG_VALUE_WARN
|
||||||
{
|
{
|
||||||
driver.m_remoteRulesActionOnFailed = Rules::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction;
|
driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction;
|
||||||
}
|
}
|
||||||
| CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION
|
| CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION
|
||||||
/* Parser error disabled to avoid breaking default installations with modsecurity.conf-recommended
|
/* Parser error disabled to avoid breaking default installations with modsecurity.conf-recommended
|
||||||
|
|||||||
@ -8535,10 +8535,10 @@ YY_RULE_SETUP
|
|||||||
|
|
||||||
if (ret == false) {
|
if (ret == false) {
|
||||||
BEGIN(INITIAL);
|
BEGIN(INITIAL);
|
||||||
if (driver.m_remoteRulesActionOnFailed == Rules::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction) {
|
if (driver.m_remoteRulesActionOnFailed == RulesSet::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction) {
|
||||||
/** TODO: Implement the server logging mechanism. */
|
/** TODO: Implement the server logging mechanism. */
|
||||||
}
|
}
|
||||||
if (driver.m_remoteRulesActionOnFailed == Rules::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction) {
|
if (driver.m_remoteRulesActionOnFailed == RulesSet::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction) {
|
||||||
driver.error (*driver.loc.back(), "", yytext + std::string(" - Failed to download: ") + c.error);
|
driver.error (*driver.loc.back(), "", yytext + std::string(" - Failed to download: ") + c.error);
|
||||||
throw p::syntax_error(*driver.loc.back(), "");
|
throw p::syntax_error(*driver.loc.back(), "");
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1308,10 +1308,10 @@ EQUALS_MINUS (?i:=\-)
|
|||||||
|
|
||||||
if (ret == false) {
|
if (ret == false) {
|
||||||
BEGIN(INITIAL);
|
BEGIN(INITIAL);
|
||||||
if (driver.m_remoteRulesActionOnFailed == Rules::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction) {
|
if (driver.m_remoteRulesActionOnFailed == RulesSet::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction) {
|
||||||
/** TODO: Implement the server logging mechanism. */
|
/** TODO: Implement the server logging mechanism. */
|
||||||
}
|
}
|
||||||
if (driver.m_remoteRulesActionOnFailed == Rules::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction) {
|
if (driver.m_remoteRulesActionOnFailed == RulesSet::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction) {
|
||||||
driver.error (*driver.loc.back(), "", yytext + std::string(" - Failed to download: ") + c.error);
|
driver.error (*driver.loc.back(), "", yytext + std::string(" - Failed to download: ") + c.error);
|
||||||
throw p::syntax_error(*driver.loc.back(), "");
|
throw p::syntax_error(*driver.loc.back(), "");
|
||||||
}
|
}
|
||||||
|
|||||||
@ -26,7 +26,7 @@
|
|||||||
#include <deque>
|
#include <deque>
|
||||||
|
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
#include "modsecurity/rules.h"
|
#include "modsecurity/rules_set.h"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -27,8 +27,8 @@
|
|||||||
#include <string>
|
#include <string>
|
||||||
#include <utility>
|
#include <utility>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/collection/collections.h"
|
#include "modsecurity/collection/collections.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
#include "src/utils/string.h"
|
#include "src/utils/string.h"
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -22,7 +22,7 @@
|
|||||||
#include <iostream>
|
#include <iostream>
|
||||||
|
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
#include "modsecurity/rules.h"
|
#include "modsecurity/rules_set.h"
|
||||||
|
|
||||||
#ifndef SRC_REQUEST_BODY_PROCESSOR_XML_H_
|
#ifndef SRC_REQUEST_BODY_PROCESSOR_XML_H_
|
||||||
#define SRC_REQUEST_BODY_PROCESSOR_XML_H_
|
#define SRC_REQUEST_BODY_PROCESSOR_XML_H_
|
||||||
|
|||||||
@ -25,13 +25,13 @@
|
|||||||
#include <utility>
|
#include <utility>
|
||||||
#include <memory>
|
#include <memory>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "src/operators/operator.h"
|
#include "src/operators/operator.h"
|
||||||
#include "modsecurity/actions/action.h"
|
#include "modsecurity/actions/action.h"
|
||||||
#include "modsecurity/modsecurity.h"
|
#include "modsecurity/modsecurity.h"
|
||||||
#include "src/actions/transformations/none.h"
|
#include "src/actions/transformations/none.h"
|
||||||
#include "src/actions/tag.h"
|
#include "src/actions/tag.h"
|
||||||
#include "src/utils/string.h"
|
#include "src/utils/string.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
#include "modsecurity/rule_message.h"
|
#include "modsecurity/rule_message.h"
|
||||||
#include "src/actions/msg.h"
|
#include "src/actions/msg.h"
|
||||||
#include "src/actions/log_data.h"
|
#include "src/actions/log_data.h"
|
||||||
@ -561,7 +561,7 @@ void Rule::executeAction(Transaction *trans,
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (trans->getRuleEngineState() == Rules::EnabledRuleEngine) {
|
if (trans->getRuleEngineState() == RulesSet::EnabledRuleEngine) {
|
||||||
ms_dbg_a(trans, 4, "Running (disruptive) action: " + a->m_name + \
|
ms_dbg_a(trans, 4, "Running (disruptive) action: " + a->m_name + \
|
||||||
".");
|
".");
|
||||||
a->evaluate(this, trans, ruleMessage);
|
a->evaluate(this, trans, ruleMessage);
|
||||||
|
|||||||
@ -13,10 +13,9 @@
|
|||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
|
|
||||||
#include "modsecurity/rule_message.h"
|
#include "modsecurity/rule_message.h"
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/modsecurity.h"
|
#include "modsecurity/modsecurity.h"
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
#include "src/utils/string.h"
|
#include "src/utils/string.h"
|
||||||
|
|||||||
@ -18,6 +18,7 @@
|
|||||||
#include <memory>
|
#include <memory>
|
||||||
#include <vector>
|
#include <vector>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/rule.h"
|
#include "modsecurity/rule.h"
|
||||||
#include "src/engine/lua.h"
|
#include "src/engine/lua.h"
|
||||||
#include "src/operators/operator.h"
|
#include "src/operators/operator.h"
|
||||||
@ -26,7 +27,6 @@
|
|||||||
#include "src/actions/transformations/none.h"
|
#include "src/actions/transformations/none.h"
|
||||||
#include "src/actions/tag.h"
|
#include "src/actions/tag.h"
|
||||||
#include "src/utils/string.h"
|
#include "src/utils/string.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
#include "modsecurity/rule_message.h"
|
#include "modsecurity/rule_message.h"
|
||||||
#include "src/actions/msg.h"
|
#include "src/actions/msg.h"
|
||||||
#include "src/actions/log_data.h"
|
#include "src/actions/log_data.h"
|
||||||
|
|||||||
46
src/rules.cc
46
src/rules.cc
@ -13,14 +13,13 @@
|
|||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
|
|
||||||
#include <ctime>
|
#include <ctime>
|
||||||
#include <iostream>
|
#include <iostream>
|
||||||
#include <fstream>
|
#include <fstream>
|
||||||
#include <string>
|
#include <string>
|
||||||
#include <vector>
|
#include <vector>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/modsecurity.h"
|
#include "modsecurity/modsecurity.h"
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
#include "src/parser/driver.h"
|
#include "src/parser/driver.h"
|
||||||
@ -47,7 +46,7 @@ namespace modsecurity {
|
|||||||
* @return Number of the current transactions using this rules
|
* @return Number of the current transactions using this rules
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
void Rules::incrementReferenceCount(void) {
|
void RulesSet::incrementReferenceCount(void) {
|
||||||
this->m_referenceCount++;
|
this->m_referenceCount++;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -60,7 +59,7 @@ void Rules::incrementReferenceCount(void) {
|
|||||||
* @return Number of the current transactions using this rules
|
* @return Number of the current transactions using this rules
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
void Rules::decrementReferenceCount(void) {
|
void RulesSet::decrementReferenceCount(void) {
|
||||||
this->m_referenceCount--;
|
this->m_referenceCount--;
|
||||||
if (this->m_referenceCount == 0) {
|
if (this->m_referenceCount == 0) {
|
||||||
/**
|
/**
|
||||||
@ -92,7 +91,7 @@ void Rules::decrementReferenceCount(void) {
|
|||||||
* @retval false Problem loading the rules.
|
* @retval false Problem loading the rules.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
int Rules::loadFromUri(const char *uri) {
|
int RulesSet::loadFromUri(const char *uri) {
|
||||||
Driver *driver = new Driver();
|
Driver *driver = new Driver();
|
||||||
|
|
||||||
if (driver->parseFile(uri) == false) {
|
if (driver->parseFile(uri) == false) {
|
||||||
@ -108,7 +107,7 @@ int Rules::loadFromUri(const char *uri) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int Rules::load(const char *file, const std::string &ref) {
|
int RulesSet::load(const char *file, const std::string &ref) {
|
||||||
Driver *driver = new Driver();
|
Driver *driver = new Driver();
|
||||||
|
|
||||||
if (driver->parse(file, ref) == false) {
|
if (driver->parse(file, ref) == false) {
|
||||||
@ -128,7 +127,7 @@ int Rules::load(const char *file, const std::string &ref) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int Rules::loadRemote(const char *key, const char *uri) {
|
int RulesSet::loadRemote(const char *key, const char *uri) {
|
||||||
HttpsClient client;
|
HttpsClient client;
|
||||||
client.setKey(key);
|
client.setKey(key);
|
||||||
bool ret = client.download(uri);
|
bool ret = client.download(uri);
|
||||||
@ -141,17 +140,17 @@ int Rules::loadRemote(const char *key, const char *uri) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int Rules::load(const char *plainRules) {
|
int RulesSet::load(const char *plainRules) {
|
||||||
return this->load(plainRules, "");
|
return this->load(plainRules, "");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
std::string Rules::getParserError() {
|
std::string RulesSet::getParserError() {
|
||||||
return this->m_parserError.str();
|
return this->m_parserError.str();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int Rules::evaluate(int phase, Transaction *t) {
|
int RulesSet::evaluate(int phase, Transaction *t) {
|
||||||
if (phase >= modsecurity::Phases::NUMBER_OF_PHASES) {
|
if (phase >= modsecurity::Phases::NUMBER_OF_PHASES) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -266,7 +265,7 @@ int Rules::evaluate(int phase, Transaction *t) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int Rules::merge(Driver *from) {
|
int RulesSet::merge(Driver *from) {
|
||||||
int amount_of_rules = 0;
|
int amount_of_rules = 0;
|
||||||
amount_of_rules = mergeProperties(
|
amount_of_rules = mergeProperties(
|
||||||
dynamic_cast<RulesProperties *>(from),
|
dynamic_cast<RulesProperties *>(from),
|
||||||
@ -277,7 +276,7 @@ int Rules::merge(Driver *from) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int Rules::merge(Rules *from) {
|
int RulesSet::merge(RulesSet *from) {
|
||||||
int amount_of_rules = 0;
|
int amount_of_rules = 0;
|
||||||
amount_of_rules = mergeProperties(
|
amount_of_rules = mergeProperties(
|
||||||
dynamic_cast<RulesProperties *>(from),
|
dynamic_cast<RulesProperties *>(from),
|
||||||
@ -288,7 +287,7 @@ int Rules::merge(Rules *from) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void Rules::debug(int level, const std::string &id,
|
void RulesSet::debug(int level, const std::string &id,
|
||||||
const std::string &uri, const std::string &msg) {
|
const std::string &uri, const std::string &msg) {
|
||||||
if (m_debugLog != NULL) {
|
if (m_debugLog != NULL) {
|
||||||
m_debugLog->write(level, id, uri, msg);
|
m_debugLog->write(level, id, uri, msg);
|
||||||
@ -296,7 +295,8 @@ void Rules::debug(int level, const std::string &id,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void Rules::dump() const {
|
|
||||||
|
void RulesSet::dump() const {
|
||||||
std::cout << "Rules: " << std::endl;
|
std::cout << "Rules: " << std::endl;
|
||||||
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
|
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
|
||||||
std::vector<Rule *> rules = m_rules[i];
|
std::vector<Rule *> rules = m_rules[i];
|
||||||
@ -311,18 +311,18 @@ void Rules::dump() const {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
extern "C" Rules *msc_create_rules_set(void) {
|
extern "C" RulesSet *msc_create_rules_set(void) {
|
||||||
return new Rules();
|
return new RulesSet();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
extern "C" void msc_rules_dump(Rules *rules) {
|
extern "C" void msc_rules_dump(RulesSet *rules) {
|
||||||
rules->dump();
|
rules->dump();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
extern "C" int msc_rules_merge(Rules *rules_dst,
|
extern "C" int msc_rules_merge(RulesSet *rules_dst,
|
||||||
Rules *rules_from, const char **error) {
|
RulesSet *rules_from, const char **error) {
|
||||||
int ret = rules_dst->merge(rules_from);
|
int ret = rules_dst->merge(rules_from);
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
*error = strdup(rules_dst->getParserError().c_str());
|
*error = strdup(rules_dst->getParserError().c_str());
|
||||||
@ -331,7 +331,7 @@ extern "C" int msc_rules_merge(Rules *rules_dst,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
extern "C" int msc_rules_add_remote(Rules *rules,
|
extern "C" int msc_rules_add_remote(RulesSet *rules,
|
||||||
const char *key, const char *uri, const char **error) {
|
const char *key, const char *uri, const char **error) {
|
||||||
int ret = rules->loadRemote(key, uri);
|
int ret = rules->loadRemote(key, uri);
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
@ -341,7 +341,7 @@ extern "C" int msc_rules_add_remote(Rules *rules,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
extern "C" int msc_rules_add_file(Rules *rules, const char *file,
|
extern "C" int msc_rules_add_file(RulesSet *rules, const char *file,
|
||||||
const char **error) {
|
const char **error) {
|
||||||
int ret = rules->loadFromUri(file);
|
int ret = rules->loadFromUri(file);
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
@ -351,7 +351,7 @@ extern "C" int msc_rules_add_file(Rules *rules, const char *file,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
extern "C" int msc_rules_add(Rules *rules, const char *plain_rules,
|
extern "C" int msc_rules_add(RulesSet *rules, const char *plain_rules,
|
||||||
const char **error) {
|
const char **error) {
|
||||||
int ret = rules->load(plain_rules);
|
int ret = rules->load(plain_rules);
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
@ -361,7 +361,7 @@ extern "C" int msc_rules_add(Rules *rules, const char *plain_rules,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
extern "C" int msc_rules_cleanup(Rules *rules) {
|
extern "C" int msc_rules_cleanup(RulesSet *rules) {
|
||||||
delete rules;
|
delete rules;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -99,7 +99,7 @@ namespace modsecurity {
|
|||||||
* @endcode
|
* @endcode
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData)
|
Transaction::Transaction(ModSecurity *ms, RulesSet *rules, void *logCbData)
|
||||||
: m_creationTimeStamp(utils::cpu_seconds()),
|
: m_creationTimeStamp(utils::cpu_seconds()),
|
||||||
m_clientIpAddress(""),
|
m_clientIpAddress(""),
|
||||||
m_httpVersion(""),
|
m_httpVersion(""),
|
||||||
@ -120,7 +120,7 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData)
|
|||||||
m_ruleRemoveByTag(),
|
m_ruleRemoveByTag(),
|
||||||
m_ruleRemoveTargetByTag(),
|
m_ruleRemoveTargetByTag(),
|
||||||
m_ruleRemoveTargetById(),
|
m_ruleRemoveTargetById(),
|
||||||
m_requestBodyAccess(Rules::PropertyNotSetConfigBoolean),
|
m_requestBodyAccess(RulesSet::PropertyNotSetConfigBoolean),
|
||||||
m_auditLogModifier(),
|
m_auditLogModifier(),
|
||||||
m_rulesMessages(),
|
m_rulesMessages(),
|
||||||
m_requestBody(),
|
m_requestBody(),
|
||||||
@ -173,7 +173,7 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData)
|
|||||||
intervention::clean(&m_it);
|
intervention::clean(&m_it);
|
||||||
}
|
}
|
||||||
|
|
||||||
Transaction::Transaction(ModSecurity *ms, Rules *rules, char *id, void *logCbData)
|
Transaction::Transaction(ModSecurity *ms, RulesSet *rules, char *id, void *logCbData)
|
||||||
: m_creationTimeStamp(utils::cpu_seconds()),
|
: m_creationTimeStamp(utils::cpu_seconds()),
|
||||||
m_clientIpAddress(""),
|
m_clientIpAddress(""),
|
||||||
m_httpVersion(""),
|
m_httpVersion(""),
|
||||||
@ -194,7 +194,7 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, char *id, void *logCbDat
|
|||||||
m_ruleRemoveByTag(),
|
m_ruleRemoveByTag(),
|
||||||
m_ruleRemoveTargetByTag(),
|
m_ruleRemoveTargetByTag(),
|
||||||
m_ruleRemoveTargetById(),
|
m_ruleRemoveTargetById(),
|
||||||
m_requestBodyAccess(Rules::PropertyNotSetConfigBoolean),
|
m_requestBodyAccess(RulesSet::PropertyNotSetConfigBoolean),
|
||||||
m_auditLogModifier(),
|
m_auditLogModifier(),
|
||||||
m_rulesMessages(),
|
m_rulesMessages(),
|
||||||
m_requestBody(),
|
m_requestBody(),
|
||||||
@ -563,7 +563,7 @@ int Transaction::processURI(const char *uri, const char *method,
|
|||||||
int Transaction::processRequestHeaders() {
|
int Transaction::processRequestHeaders() {
|
||||||
ms_dbg(4, "Starting phase REQUEST_HEADERS. (SecRules 1)");
|
ms_dbg(4, "Starting phase REQUEST_HEADERS. (SecRules 1)");
|
||||||
|
|
||||||
if (getRuleEngineState() == Rules::DisabledRuleEngine) {
|
if (getRuleEngineState() == RulesSet::DisabledRuleEngine) {
|
||||||
ms_dbg(4, "Rule engine disabled, returning...");
|
ms_dbg(4, "Rule engine disabled, returning...");
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
@ -1004,7 +1004,7 @@ int Transaction::appendRequestBody(const unsigned char *buf, size_t len) {
|
|||||||
ms_dbg(5, "Request body is bigger than the maximum expected.");
|
ms_dbg(5, "Request body is bigger than the maximum expected.");
|
||||||
|
|
||||||
if (this->m_rules->m_requestBodyLimitAction ==
|
if (this->m_rules->m_requestBodyLimitAction ==
|
||||||
Rules::BodyLimitAction::ProcessPartialBodyLimitAction) {
|
RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction) {
|
||||||
size_t spaceLeft = this->m_rules->m_requestBodyLimit.m_value
|
size_t spaceLeft = this->m_rules->m_requestBodyLimit.m_value
|
||||||
- current_size;
|
- current_size;
|
||||||
this->m_requestBody.write(reinterpret_cast<const char*>(buf),
|
this->m_requestBody.write(reinterpret_cast<const char*>(buf),
|
||||||
@ -1013,10 +1013,10 @@ int Transaction::appendRequestBody(const unsigned char *buf, size_t len) {
|
|||||||
return false;
|
return false;
|
||||||
} else {
|
} else {
|
||||||
if (this->m_rules->m_requestBodyLimitAction ==
|
if (this->m_rules->m_requestBodyLimitAction ==
|
||||||
Rules::BodyLimitAction::RejectBodyLimitAction) {
|
RulesSet::BodyLimitAction::RejectBodyLimitAction) {
|
||||||
ms_dbg(5, "Request body limit is marked to reject the " \
|
ms_dbg(5, "Request body limit is marked to reject the " \
|
||||||
"request");
|
"request");
|
||||||
if (getRuleEngineState() == Rules::EnabledRuleEngine) {
|
if (getRuleEngineState() == RulesSet::EnabledRuleEngine) {
|
||||||
intervention::free(&m_it);
|
intervention::free(&m_it);
|
||||||
m_it.log = strdup("Request body limit is marked to " \
|
m_it.log = strdup("Request body limit is marked to " \
|
||||||
"reject the request");
|
"reject the request");
|
||||||
@ -1061,7 +1061,7 @@ int Transaction::processResponseHeaders(int code, const std::string& proto) {
|
|||||||
m_variableResponseStatus.set(std::to_string(code), m_variableOffset);
|
m_variableResponseStatus.set(std::to_string(code), m_variableOffset);
|
||||||
m_variableResponseProtocol.set(proto, m_variableOffset);
|
m_variableResponseProtocol.set(proto, m_variableOffset);
|
||||||
|
|
||||||
if (getRuleEngineState() == Rules::DisabledRuleEngine) {
|
if (getRuleEngineState() == RulesSet::DisabledRuleEngine) {
|
||||||
ms_dbg(4, "Rule engine disabled, returning...");
|
ms_dbg(4, "Rule engine disabled, returning...");
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
@ -1182,7 +1182,7 @@ int Transaction::addResponseHeader(const unsigned char *key, size_t key_n,
|
|||||||
int Transaction::processResponseBody() {
|
int Transaction::processResponseBody() {
|
||||||
ms_dbg(4, "Starting phase RESPONSE_BODY. (SecRules 4)");
|
ms_dbg(4, "Starting phase RESPONSE_BODY. (SecRules 4)");
|
||||||
|
|
||||||
if (getRuleEngineState() == Rules::DisabledRuleEngine) {
|
if (getRuleEngineState() == RulesSet::DisabledRuleEngine) {
|
||||||
ms_dbg(4, "Rule engine disabled, returning...");
|
ms_dbg(4, "Rule engine disabled, returning...");
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
@ -1263,7 +1263,7 @@ int Transaction::appendResponseBody(const unsigned char *buf, size_t len) {
|
|||||||
m_variableOutboundDataError.set("1", m_variableOffset);
|
m_variableOutboundDataError.set("1", m_variableOffset);
|
||||||
ms_dbg(5, "Response body is bigger than the maximum expected.");
|
ms_dbg(5, "Response body is bigger than the maximum expected.");
|
||||||
if (this->m_rules->m_responseBodyLimitAction ==
|
if (this->m_rules->m_responseBodyLimitAction ==
|
||||||
Rules::BodyLimitAction::ProcessPartialBodyLimitAction) {
|
RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction) {
|
||||||
size_t spaceLeft = this->m_rules->m_responseBodyLimit.m_value \
|
size_t spaceLeft = this->m_rules->m_responseBodyLimit.m_value \
|
||||||
- current_size;
|
- current_size;
|
||||||
this->m_responseBody.write(reinterpret_cast<const char*>(buf),
|
this->m_responseBody.write(reinterpret_cast<const char*>(buf),
|
||||||
@ -1272,10 +1272,10 @@ int Transaction::appendResponseBody(const unsigned char *buf, size_t len) {
|
|||||||
return false;
|
return false;
|
||||||
} else {
|
} else {
|
||||||
if (this->m_rules->m_responseBodyLimitAction ==
|
if (this->m_rules->m_responseBodyLimitAction ==
|
||||||
Rules::BodyLimitAction::RejectBodyLimitAction) {
|
RulesSet::BodyLimitAction::RejectBodyLimitAction) {
|
||||||
ms_dbg(5, "Response body limit is marked to reject the " \
|
ms_dbg(5, "Response body limit is marked to reject the " \
|
||||||
"request");
|
"request");
|
||||||
if (getRuleEngineState() == Rules::EnabledRuleEngine) {
|
if (getRuleEngineState() == RulesSet::EnabledRuleEngine) {
|
||||||
intervention::free(&m_it);
|
intervention::free(&m_it);
|
||||||
m_it.log = strdup("Response body limit is marked to reject " \
|
m_it.log = strdup("Response body limit is marked to reject " \
|
||||||
"the request");
|
"the request");
|
||||||
@ -1370,7 +1370,7 @@ size_t Transaction::getRequestBodyLength() {
|
|||||||
int Transaction::processLogging() {
|
int Transaction::processLogging() {
|
||||||
ms_dbg(4, "Starting phase LOGGING. (SecRules 5)");
|
ms_dbg(4, "Starting phase LOGGING. (SecRules 5)");
|
||||||
|
|
||||||
if (getRuleEngineState() == Rules::DisabledRuleEngine) {
|
if (getRuleEngineState() == RulesSet::DisabledRuleEngine) {
|
||||||
ms_dbg(4, "Rule engine disabled, returning...");
|
ms_dbg(4, "Rule engine disabled, returning...");
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
@ -1726,7 +1726,7 @@ std::string Transaction::toJSON(int parts) {
|
|||||||
|
|
||||||
/* producer > engine state */
|
/* producer > engine state */
|
||||||
LOGFY_ADD("secrules_engine",
|
LOGFY_ADD("secrules_engine",
|
||||||
Rules::ruleEngineStateString(
|
RulesSet::ruleEngineStateString(
|
||||||
(RulesProperties::RuleEngine) getRuleEngineState()));
|
(RulesProperties::RuleEngine) getRuleEngineState()));
|
||||||
|
|
||||||
/* producer > components */
|
/* producer > components */
|
||||||
@ -1865,11 +1865,11 @@ int Transaction::updateStatusCode(int code) {
|
|||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
extern "C" Transaction *msc_new_transaction(ModSecurity *ms,
|
extern "C" Transaction *msc_new_transaction(ModSecurity *ms,
|
||||||
Rules *rules, void *logCbData) {
|
RulesSet *rules, void *logCbData) {
|
||||||
return new Transaction(ms, rules, logCbData);
|
return new Transaction(ms, rules, logCbData);
|
||||||
}
|
}
|
||||||
extern "C" Transaction *msc_new_transaction_with_id(ModSecurity *ms,
|
extern "C" Transaction *msc_new_transaction_with_id(ModSecurity *ms,
|
||||||
Rules *rules, char *id, void *logCbData) {
|
RulesSet *rules, char *id, void *logCbData) {
|
||||||
return new Transaction(ms, rules, id, logCbData);
|
return new Transaction(ms, rules, id, logCbData);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -21,9 +21,9 @@
|
|||||||
#include <vector>
|
#include <vector>
|
||||||
#include <deque>
|
#include <deque>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
#include "modsecurity/rule.h"
|
#include "modsecurity/rule.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
#include "src/utils/string.h"
|
#include "src/utils/string.h"
|
||||||
#include "src/utils/regex.h"
|
#include "src/utils/regex.h"
|
||||||
|
|
||||||
|
|||||||
@ -37,7 +37,7 @@
|
|||||||
|
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
#include "modsecurity/rules_properties.h"
|
#include "modsecurity/rules_properties.h"
|
||||||
#include "modsecurity/rules.h"
|
#include "modsecurity/rules_set.h"
|
||||||
|
|
||||||
#include "src/request_body_processor/xml.h"
|
#include "src/request_body_processor/xml.h"
|
||||||
#include "modsecurity/actions/action.h"
|
#include "modsecurity/actions/action.h"
|
||||||
|
|||||||
@ -19,8 +19,8 @@
|
|||||||
#include <iostream>
|
#include <iostream>
|
||||||
#include <string>
|
#include <string>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/modsecurity.h"
|
#include "modsecurity/modsecurity.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
|
|
||||||
using modsecurity::Transaction;
|
using modsecurity::Transaction;
|
||||||
|
|
||||||
@ -71,14 +71,14 @@ int main(int argc, char *argv[]) {
|
|||||||
}
|
}
|
||||||
std::cout << "Doing " << NUM_REQUESTS << " transactions...\n";
|
std::cout << "Doing " << NUM_REQUESTS << " transactions...\n";
|
||||||
modsecurity::ModSecurity *modsec;
|
modsecurity::ModSecurity *modsec;
|
||||||
modsecurity::Rules *rules;
|
modsecurity::RulesSet *rules;
|
||||||
modsecurity::ModSecurityIntervention it;
|
modsecurity::ModSecurityIntervention it;
|
||||||
modsecurity::intervention::reset(&it);
|
modsecurity::intervention::reset(&it);
|
||||||
modsec = new modsecurity::ModSecurity();
|
modsec = new modsecurity::ModSecurity();
|
||||||
modsec->setConnectorInformation("ModSecurity-benchmark v0.0.1-alpha" \
|
modsec->setConnectorInformation("ModSecurity-benchmark v0.0.1-alpha" \
|
||||||
" (ModSecurity benchmark utility)");
|
" (ModSecurity benchmark utility)");
|
||||||
|
|
||||||
rules = new modsecurity::Rules();
|
rules = new modsecurity::RulesSet();
|
||||||
if (rules->loadFromUri(rules_file) < 0) {
|
if (rules->loadFromUri(rules_file) < 0) {
|
||||||
std::cout << "Problems loading the rules..." << std::endl;
|
std::cout << "Problems loading the rules..." << std::endl;
|
||||||
std::cout << rules->m_parserError.str() << std::endl;
|
std::cout << rules->m_parserError.str() << std::endl;
|
||||||
|
|||||||
@ -15,9 +15,8 @@
|
|||||||
|
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/modsecurity.h"
|
#include "modsecurity/modsecurity.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
#include "src/actions/transformations/transformation.h"
|
#include "src/actions/transformations/transformation.h"
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -135,7 +134,7 @@ int main(int argc, char** argv) {
|
|||||||
std::string z = lastString;
|
std::string z = lastString;
|
||||||
|
|
||||||
ModSecurity *ms = new ModSecurity();
|
ModSecurity *ms = new ModSecurity();
|
||||||
Rules *rules = new Rules();
|
RulesSet *rules = new RulesSet();
|
||||||
// Here it is possible to load a real transaction from a JSON.
|
// Here it is possible to load a real transaction from a JSON.
|
||||||
// like we do on the regression tests.
|
// like we do on the regression tests.
|
||||||
Transaction *t = new Transaction(ms, rules, NULL);
|
Transaction *t = new Transaction(ms, rules, NULL);
|
||||||
|
|||||||
@ -20,8 +20,8 @@
|
|||||||
#include <string>
|
#include <string>
|
||||||
#include <list>
|
#include <list>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/modsecurity.h"
|
#include "modsecurity/modsecurity.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
#include "src/utils/system.h"
|
#include "src/utils/system.h"
|
||||||
#include "src/parser/driver.h"
|
#include "src/parser/driver.h"
|
||||||
#include "src/utils/https_client.h"
|
#include "src/utils/https_client.h"
|
||||||
@ -36,7 +36,7 @@ void print_help() {
|
|||||||
|
|
||||||
|
|
||||||
int main(int argc, char **argv) {
|
int main(int argc, char **argv) {
|
||||||
modsecurity::Rules *modsecRules = new modsecurity::Rules();
|
modsecurity::RulesSet *modsecRules = new modsecurity::RulesSet();
|
||||||
std::list<std::string> files;
|
std::list<std::string> files;
|
||||||
int total = 0;
|
int total = 0;
|
||||||
|
|
||||||
|
|||||||
@ -23,9 +23,8 @@
|
|||||||
#include <list>
|
#include <list>
|
||||||
#include <algorithm>
|
#include <algorithm>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/modsecurity.h"
|
#include "modsecurity/modsecurity.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
|
|
||||||
#include "test/common/modsecurity_test.h"
|
#include "test/common/modsecurity_test.h"
|
||||||
#include "test/common/colors.h"
|
#include "test/common/colors.h"
|
||||||
#include "test/regression/regression_test.h"
|
#include "test/regression/regression_test.h"
|
||||||
@ -99,7 +98,7 @@ void perform_unit_test(ModSecurityTest<RegressionTest> *test,
|
|||||||
for (RegressionTest *t : *tests) {
|
for (RegressionTest *t : *tests) {
|
||||||
CustomDebugLog *debug_log = new CustomDebugLog();
|
CustomDebugLog *debug_log = new CustomDebugLog();
|
||||||
modsecurity::ModSecurity *modsec = NULL;
|
modsecurity::ModSecurity *modsec = NULL;
|
||||||
modsecurity::Rules *modsec_rules = NULL;
|
modsecurity::RulesSet *modsec_rules = NULL;
|
||||||
modsecurity::Transaction *modsec_transaction = NULL;
|
modsecurity::Transaction *modsec_transaction = NULL;
|
||||||
ModSecurityTestResults<RegressionTest> r;
|
ModSecurityTestResults<RegressionTest> r;
|
||||||
std::stringstream serverLog;
|
std::stringstream serverLog;
|
||||||
@ -148,7 +147,7 @@ void perform_unit_test(ModSecurityTest<RegressionTest> *test,
|
|||||||
modsec->setConnectorInformation("ModSecurity-regression v0.0.1-alpha" \
|
modsec->setConnectorInformation("ModSecurity-regression v0.0.1-alpha" \
|
||||||
" (ModSecurity regression test utility)");
|
" (ModSecurity regression test utility)");
|
||||||
modsec->setServerLogCb(logCb);
|
modsec->setServerLogCb(logCb);
|
||||||
modsec_rules = new modsecurity::Rules(debug_log);
|
modsec_rules = new modsecurity::RulesSet(debug_log);
|
||||||
|
|
||||||
bool found = true;
|
bool found = true;
|
||||||
if (t->resource.empty() == false) {
|
if (t->resource.empty() == false) {
|
||||||
|
|||||||
@ -20,9 +20,8 @@
|
|||||||
#include <ctime>
|
#include <ctime>
|
||||||
#include <string>
|
#include <string>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/modsecurity.h"
|
#include "modsecurity/modsecurity.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
#include "src/operators/operator.h"
|
#include "src/operators/operator.h"
|
||||||
#include "src/actions/transformations/transformation.h"
|
#include "src/actions/transformations/transformation.h"
|
||||||
#include "modsecurity/transaction.h"
|
#include "modsecurity/transaction.h"
|
||||||
|
|||||||
@ -21,8 +21,8 @@
|
|||||||
#include <iostream>
|
#include <iostream>
|
||||||
#include <string>
|
#include <string>
|
||||||
|
|
||||||
|
#include "modsecurity/rules_set.h"
|
||||||
#include "modsecurity/modsecurity.h"
|
#include "modsecurity/modsecurity.h"
|
||||||
#include "modsecurity/rules.h"
|
|
||||||
|
|
||||||
|
|
||||||
void print_help(const char *name) {
|
void print_help(const char *name) {
|
||||||
@ -32,9 +32,9 @@ void print_help(const char *name) {
|
|||||||
|
|
||||||
|
|
||||||
int main(int argc, char **argv) {
|
int main(int argc, char **argv) {
|
||||||
modsecurity::Rules *rules;
|
modsecurity::RulesSet *rules;
|
||||||
char **args = argv;
|
char **args = argv;
|
||||||
rules = new modsecurity::Rules();
|
rules = new modsecurity::RulesSet();
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
args++;
|
args++;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user