mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-09-29 11:16:33 +03:00
Creates RuleUnconditional
Makes RuleScript child of RuleWithActions instead of Operator
This commit is contained in:
Felipe Zimmerle
@@ -73,6 +73,8 @@ class Rule {
|
||||
m_phase(modsecurity::Phases::RequestHeadersPhase) {
|
||||
}
|
||||
|
||||
virtual bool evaluate(Transaction *transaction) = 0;
|
||||
|
||||
virtual bool evaluate(Transaction *transaction,
|
||||
std::shared_ptr<RuleMessage> rm) = 0;
|
||||
|
||||
|
||||
@@ -47,7 +47,10 @@ class RuleMarker : public Rule {
|
||||
|
||||
virtual bool evaluate(Transaction *transaction,
|
||||
std::shared_ptr<RuleMessage> rm) override {
|
||||
return evaluate(transaction);
|
||||
}
|
||||
|
||||
virtual bool evaluate(Transaction *transaction) override {
|
||||
if (transaction->isInsideAMarker()) {
|
||||
if (*transaction->getCurrentMarker() == *m_name) {
|
||||
transaction->removeMarker();
|
||||
|
||||
@@ -42,7 +42,13 @@ class RuleMessage {
|
||||
ClientLogMessageInfo = 4
|
||||
};
|
||||
|
||||
explicit RuleMessage(RuleWithOperator *rule, Transaction *trans) :
|
||||
/**
|
||||
*
|
||||
* FIXME: RuleMessage is currently too big, doing a lot of
|
||||
* unnecessary data duplication. Needs to be shrink down.
|
||||
*
|
||||
*/
|
||||
RuleMessage(RuleWithActions *rule, Transaction *trans) :
|
||||
m_accuracy(rule->m_accuracy),
|
||||
m_clientIpAddress(trans->m_clientIpAddress),
|
||||
m_data(""),
|
||||
@@ -66,6 +72,38 @@ class RuleMessage {
|
||||
m_ver(rule->m_ver)
|
||||
{ }
|
||||
|
||||
explicit RuleMessage(RuleMessage *rule) :
|
||||
m_accuracy(rule->m_accuracy),
|
||||
m_clientIpAddress(rule->m_clientIpAddress),
|
||||
m_data(rule->m_data),
|
||||
m_id(rule->m_id),
|
||||
m_isDisruptive(rule->m_isDisruptive),
|
||||
m_match(rule->m_match),
|
||||
m_maturity(rule->m_maturity),
|
||||
m_message(rule->m_message),
|
||||
m_noAuditLog(rule->m_noAuditLog),
|
||||
m_phase(rule->m_phase),
|
||||
m_reference(rule->m_reference),
|
||||
m_rev(rule->m_rev),
|
||||
m_rule(rule->m_rule),
|
||||
m_ruleFile(rule->m_ruleFile),
|
||||
m_ruleId(rule->m_ruleId),
|
||||
m_ruleLine(rule->m_ruleLine),
|
||||
m_saveMessage(rule->m_saveMessage),
|
||||
m_serverIpAddress(rule->m_serverIpAddress),
|
||||
m_severity(rule->m_severity),
|
||||
m_uriNoQueryStringDecoded(rule->m_uriNoQueryStringDecoded),
|
||||
m_ver(rule->m_ver)
|
||||
{ }
|
||||
|
||||
void clean() {
|
||||
m_data = "";
|
||||
m_match = "";
|
||||
m_isDisruptive = false;
|
||||
m_reference = "";
|
||||
m_severity = 0;
|
||||
m_ver = "";
|
||||
}
|
||||
|
||||
std::string log() {
|
||||
return log(this, 0);
|
||||
@@ -104,7 +142,7 @@ class RuleMessage {
|
||||
int m_phase;
|
||||
std::string m_reference;
|
||||
std::string m_rev;
|
||||
RuleWithOperator *m_rule;
|
||||
RuleWithActions *m_rule;
|
||||
std::shared_ptr<std::string> m_ruleFile;
|
||||
int m_ruleId;
|
||||
int m_ruleLine;
|
||||
|
||||
59
headers/modsecurity/rule_unconditional.h
Normal file
59
headers/modsecurity/rule_unconditional.h
Normal file
@@ -0,0 +1,59 @@
|
||||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* If any of the files related to licensing are missing or if you have any
|
||||
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||
* directly using the email address security@modsecurity.org.
|
||||
*
|
||||
*/
|
||||
|
||||
#ifdef __cplusplus
|
||||
#include <stack>
|
||||
#include <vector>
|
||||
#include <string>
|
||||
#include <list>
|
||||
#include <memory>
|
||||
#include <utility>
|
||||
#endif
|
||||
|
||||
#ifndef HEADERS_MODSECURITY_RULE_UNCONDITIONAL_H_
|
||||
#define HEADERS_MODSECURITY_RULE_UNCONDITIONAL_H_
|
||||
|
||||
#include "modsecurity/modsecurity.h"
|
||||
#include "modsecurity/variable_value.h"
|
||||
#include "modsecurity/rule.h"
|
||||
#include "modsecurity/rules_set.h"
|
||||
#include "modsecurity/rule_with_actions.h"
|
||||
#include "modsecurity/actions/action.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
namespace modsecurity {
|
||||
|
||||
|
||||
class RuleUnconditional : public RuleWithActions {
|
||||
public:
|
||||
RuleUnconditional(
|
||||
std::vector<actions::Action *> *actions,
|
||||
Transformations *transformations,
|
||||
std::unique_ptr<std::string> fileName,
|
||||
int lineNumber)
|
||||
: RuleWithActions(actions, transformations, std::move(fileName), lineNumber) { }
|
||||
|
||||
virtual bool evaluate(Transaction *transaction, std::shared_ptr<RuleMessage> ruleMessage) override;
|
||||
|
||||
private:
|
||||
};
|
||||
|
||||
|
||||
} // namespace modsecurity
|
||||
|
||||
#endif
|
||||
|
||||
#endif // HEADERS_MODSECURITY_RULE_UNCONDITIONAL_H_
|
||||
@@ -45,6 +45,21 @@ class RuleWithActions : public Rule {
|
||||
|
||||
~RuleWithActions();
|
||||
|
||||
virtual bool evaluate(Transaction *transaction, std::shared_ptr<RuleMessage> ruleMessage) override;
|
||||
|
||||
virtual bool evaluate(Transaction *transaction) override;
|
||||
|
||||
|
||||
void executeActionsIndependentOfChainedRuleResult(
|
||||
Transaction *trasn,
|
||||
bool *containsDisruptive,
|
||||
std::shared_ptr<RuleMessage> ruleMessage);
|
||||
|
||||
void executeActionsAfterFullMatch(
|
||||
Transaction *trasn,
|
||||
bool containsDisruptive,
|
||||
std::shared_ptr<RuleMessage> ruleMessage);
|
||||
|
||||
void executeAction(Transaction *trans,
|
||||
bool containsBlock,
|
||||
std::shared_ptr<RuleMessage> ruleMessage,
|
||||
@@ -63,10 +78,6 @@ class RuleWithActions : public Rule {
|
||||
std::string *path,
|
||||
int *nth) const;
|
||||
|
||||
void executeActionsIndependentOfChainedRuleResult(Transaction *trasn,
|
||||
bool *b, std::shared_ptr<RuleMessage> ruleMessage);
|
||||
void executeActionsAfterFullMatch(Transaction *trasn,
|
||||
bool containsDisruptive, std::shared_ptr<RuleMessage> ruleMessage);
|
||||
|
||||
std::vector<actions::Action *> getActionsByName(const std::string& name,
|
||||
Transaction *t);
|
||||
@@ -95,6 +106,9 @@ class RuleWithActions : public Rule {
|
||||
|
||||
int64_t m_ruleId;
|
||||
|
||||
std::unique_ptr<RuleWithActions> m_chainedRuleChild;
|
||||
RuleWithActions *m_chainedRuleParent;
|
||||
|
||||
private:
|
||||
/* actions */
|
||||
actions::Action *m_disruptiveAction;
|
||||
@@ -118,4 +132,4 @@ class RuleWithActions : public Rule {
|
||||
#endif
|
||||
|
||||
|
||||
#endif // HEADERS_MODSECURITY_RULE_WITH_ACTIONS_H_
|
||||
#endif // HEADERS_MODSECURITY_RULE_WITH_ACTIONS_H_
|
||||
|
||||
@@ -62,7 +62,6 @@ class RuleWithOperator : public RuleWithActions {
|
||||
const std::string &value);
|
||||
static void cleanMatchedVars(Transaction *trasn);
|
||||
|
||||
inline bool isUnconditional() const { return m_operator == NULL; }
|
||||
|
||||
std::string getOperatorName() const;
|
||||
|
||||
@@ -70,15 +69,9 @@ class RuleWithOperator : public RuleWithActions {
|
||||
return std::to_string(m_ruleId);
|
||||
}
|
||||
|
||||
std::unique_ptr<RuleWithOperator> m_chainedRuleChild;
|
||||
RuleWithOperator *m_chainedRuleParent;
|
||||
|
||||
private:
|
||||
modsecurity::variables::Variables *m_variables;
|
||||
operators::Operator *m_operator;
|
||||
|
||||
|
||||
bool m_unconditional:1;
|
||||
};
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user