Uses an enumeration to determine the state of the SecRuleEngine

2025-08-14 05:45:59 +03:00 · 2015-07-09 16:10:32 -03:00 · 2015-07-09 16:10:32 -03:00 · 75a9cfa273
commit 75a9cfa273
parent cb8d6249a8
4 changed files with 43 additions and 7 deletions
--- a/headers/modsecurity/rules.h
+++ b/headers/modsecurity/rules.h
@ -74,7 +74,43 @@ class Rules {

    std::vector<Rule *> rules[7];  // Number of Phases.

-    int sec_rule_engine;
+    /**
+     *
+     * The RuleEngine enumerator consists in mapping the different states
+     * of the rule engine.
+     *
+     */
+    enum RuleEngine {
+    /**
+     * Rules won't be evaluated if Rule Engine is set to DisabledRuleEngine
+     *
+     */
+     DisabledRuleEngine,
+    /**
+     * Rules will be evaluated and disturb actions will take place if needed.
+     *
+     */
+     EnabledRuleEngine,
+    /**
+     * Rules will be evaluated but it won't generate any disruptive action.
+     *
+     */
+     DetectionOnlyRuleEngine
+    };
+
+    static const char *ruleEngineStateString(RuleEngine i) {
+      switch (i) {
+      case DisabledRuleEngine:
+          return "Disabled";
+      case EnabledRuleEngine:
+          return "Enabled";
+      case DetectionOnlyRuleEngine:
+          return "DetectionOnly";
+      }
+      return NULL;
+    }
+
+    RuleEngine secRuleEngine;
    int sec_audit_type;
    bool sec_audit_engine;
    bool sec_request_body_access;
--- a/src/parser/driver.h
+++ b/src/parser/driver.h
@ -81,7 +81,7 @@ class Driver {

    std::vector<Rule *> rules[7];  // Number of Phases.

-    int sec_rule_engine;
+    ModSecurity::Rules::RuleEngine secRuleEngine;
    int sec_audit_type;
    bool sec_audit_engine;
    bool sec_request_body_access;
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@ -186,15 +186,15 @@ expression:
      }
    | CONFIG_DIR_RULE_ENG SPACE CONFIG_VALUE_OFF
      {
-        driver.sec_rule_engine = 0;
+        driver.secRuleEngine = ModSecurity::Rules::DisabledRuleEngine;
      }
    | CONFIG_DIR_RULE_ENG SPACE CONFIG_VALUE_ON
      {
-        driver.sec_rule_engine = 1;
+        driver.secRuleEngine = ModSecurity::Rules::EnabledRuleEngine;
      }
    | CONFIG_DIR_RULE_ENG SPACE CONFIG_VALUE_DETC
      {
-        driver.sec_rule_engine = 2;
+        driver.secRuleEngine = ModSecurity::Rules::DetectionOnlyRuleEngine;
      }
    | CONFIG_DIR_REQ_BODY SPACE CONFIG_VALUE_ON
      {
--- a/src/rules.cc
+++ b/src/rules.cc
@ -154,7 +154,7 @@ int Rules::merge(Driver *from) {
        }
    }

-    this->sec_rule_engine = from->sec_rule_engine;
+    this->secRuleEngine = from->secRuleEngine;
    this->sec_audit_type = from->sec_audit_type;
    this->sec_audit_engine = from->sec_audit_engine;
    this->sec_request_body_access = from->sec_request_body_access;
@ -189,7 +189,7 @@ int Rules::merge(Rules *from) {
        }
    }

-    this->sec_rule_engine = from->sec_rule_engine;
+    this->secRuleEngine = from->secRuleEngine;
    this->sec_audit_type = from->sec_audit_type;
    this->sec_audit_engine = from->sec_audit_engine;
    this->sec_request_body_access = from->sec_request_body_access;