diff --git a/headers/modsecurity/rules_properties.h b/headers/modsecurity/rules_properties.h index cdd613cb..4c526e2a 100644 --- a/headers/modsecurity/rules_properties.h +++ b/headers/modsecurity/rules_properties.h @@ -70,6 +70,23 @@ class RulesProperties { responseBodyLimit(0), responseBodyLimitAction(ProcessPartialBodyLimitAction), secRuleEngine(DetectionOnlyRuleEngine) { } + + +/* + RulesProperties(const RulesProperties &other) + : audit_log(other.audit_log), + m_debugLog(other.m_debugLog), + remoteRulesActionOnFailed(other.remoteRulesActionOnFailed), + requestBodyLimit(other.requestBodyLimit), + requestBodyNoFilesLimit(other.requestBodyNoFilesLimit), + requestBodyInMemoryLimit(other.requestBodyInMemoryLimit), + secRequestBodyAccess(other.secRequestBodyAccess), + secResponseBodyAccess(other.secResponseBodyAccess), + requestBodyLimitAction(other.requestBodyLimitAction), + responseBodyLimit(other.responseBodyLimit), + responseBodyLimitAction(other.responseBodyLimitAction), + secRuleEngine(other.secRuleEngine) { } +*/ ~RulesProperties() { delete m_debugLog; } diff --git a/src/actions/action.cc b/src/actions/action.cc index d49d2874..c0cf9260 100644 --- a/src/actions/action.cc +++ b/src/actions/action.cc @@ -61,7 +61,6 @@ Action *Action::instantiate(const std::string& name) { std::string block("block"); std::string phase("phase:"); std::string rule_id("id:"); - std::string severity("severity:"); if (name.compare(0, status.length(), status) == 0) { return new Status(name); diff --git a/src/actions/rule_id.h b/src/actions/rule_id.h index 5113bf4d..c17d1ff9 100644 --- a/src/actions/rule_id.h +++ b/src/actions/rule_id.h @@ -33,7 +33,8 @@ namespace actions { class RuleId : public Action { public: explicit RuleId(std::string action) - : Action(action, ConfigurationKind) { } + : Action(action, ConfigurationKind), + m_ruleId(0) { } bool init(std::string *error) override; bool evaluate(Rule *rule, Assay *assay) override; diff --git a/src/actions/set_var.cc b/src/actions/set_var.cc index e6cb416a..432fa065 100644 --- a/src/actions/set_var.cc +++ b/src/actions/set_var.cc @@ -101,7 +101,6 @@ void SetVar::dump() { bool SetVar::evaluate(Rule *rule, Assay *assay) { std::string targetValue; - int value = 0; std::string variableNameExpanded = MacroExpansion::expand(variableName, assay); std::string resolvedPre = MacroExpansion::expand(predicate, assay); @@ -112,6 +111,8 @@ bool SetVar::evaluate(Rule *rule, Assay *assay) { targetValue = std::string("1"); } else { int pre = 0; + int value = 0; + try { pre = stoi(resolvedPre); } catch (...) { diff --git a/src/actions/transformations/replace_comments.cc b/src/actions/transformations/replace_comments.cc index 8e798254..29235052 100644 --- a/src/actions/transformations/replace_comments.cc +++ b/src/actions/transformations/replace_comments.cc @@ -38,9 +38,7 @@ ReplaceComments::ReplaceComments(std::string action) std::string ReplaceComments::evaluate(std::string value, Assay *assay) { - uint64_t i, j, incomment; - int changed = 0; char *input = reinterpret_cast( malloc(sizeof(char) * value.size() + 1)); @@ -52,7 +50,6 @@ std::string ReplaceComments::evaluate(std::string value, if (incomment == 0) { if ((input[i] == '/') && (i + 1 < value.size()) && (input[i + 1] == '*')) { - changed = 1; incomment = 1; i += 2; } else { diff --git a/src/assay.cc b/src/assay.cc index 1323984f..2881300b 100644 --- a/src/assay.cc +++ b/src/assay.cc @@ -1083,11 +1083,11 @@ int Assay::processLogging(int returned_code) { /* If relevant, save this assay information at the audit_logs */ if (m_rules != NULL && m_rules->audit_log != NULL) { + int parts = -1; #ifndef NO_LOGS debug(8, "Checking if this request is suitable to be " \ "saved as an audit log."); #endif - int parts = -1; if (this->auditLogModifier.size() > 0) { #ifndef NO_LOGS @@ -1112,12 +1112,14 @@ int Assay::processLogging(int returned_code) { debug(8, "This request was marked to be " \ "saved via auditlog action."); } +#endif bool saved = this->m_rules->audit_log->saveIfRelevant(this, parts); if (saved) { +#ifndef NO_LOGS debug(8, "Request was relevant to be saved."); - } #endif + } } return true; diff --git a/src/debug_log_writer.cc b/src/debug_log_writer.cc index ecc7c07d..445829fe 100644 --- a/src/debug_log_writer.cc +++ b/src/debug_log_writer.cc @@ -56,11 +56,10 @@ void DebugLogWriter::close(const std::string& fileName) { void DebugLogWriter::write(const std::string& file, const std::string &msg) { std::map::iterator it; - DebugLogWriterAgent *agent; it = agents.find(file); if (it != agents.end()) { - agent = it->second; + DebugLogWriterAgent *agent = it->second; agent->write(msg); } else { std::cout << file << ": " << msg << std::endl; diff --git a/src/operators/detect_sqli.cc b/src/operators/detect_sqli.cc index 60a1d7a0..a2994967 100644 --- a/src/operators/detect_sqli.cc +++ b/src/operators/detect_sqli.cc @@ -16,6 +16,7 @@ #include "operators/detect_sqli.h" #include +#include #include "operators/operator.h" #include "others/libinjection/src/libinjection.h" diff --git a/src/operators/detect_xss.cc b/src/operators/detect_xss.cc index 67a5e359..7a202f4a 100644 --- a/src/operators/detect_xss.cc +++ b/src/operators/detect_xss.cc @@ -30,19 +30,15 @@ bool DetectXSS::evaluate(Assay *assay, const std::string &input) { is_xss = libinjection_xss(input.c_str(), input.length()); - if (is_xss) { - if (assay) { + if (assay) { #ifndef NO_LOGS + if (is_xss) { assay->debug(5, "detected XSS using libinjection."); -#endif - } - } else { - if (assay) { -#ifndef NO_LOGS + } else { assay->debug(9, "libinjection was not able to " \ "find any XSS in: " + input); -#endif } +#endif } if (negation) { diff --git a/src/operators/operator.cc b/src/operators/operator.cc index eb3afd95..39083ff5 100644 --- a/src/operators/operator.cc +++ b/src/operators/operator.cc @@ -75,33 +75,29 @@ bool Operator::debug(Assay *assay, int x, std::string a) { bool Operator::evaluate(Assay *assay) { - if (assay) { #ifndef NO_LOGS + if (assay) { assay->debug(2, "Operator: " + this->op + \ " is not implemented or malfunctioning."); -#endif } else { -#ifndef NO_LOGS std::cerr << "Operator: " + this->op + \ " is not implemented or malfunctioning."; -#endif } +#endif return true; } bool Operator::evaluate(Assay *assay, const std::string& a) { - if (assay) { #ifndef NO_LOGS + if (assay) { assay->debug(2, "Operator: " + this->op + \ " is not implemented or malfunctioning."); -#endif } else { -#ifndef NO_LOGS std::cerr << "Operator: " + this->op + \ " is not implemented or malfunctioning."; -#endif } +#endif return true; } diff --git a/src/operators/verify_cc.cc b/src/operators/verify_cc.cc index 5908fce1..75c3883a 100644 --- a/src/operators/verify_cc.cc +++ b/src/operators/verify_cc.cc @@ -70,7 +70,6 @@ int VerifyCC::luhnVerify(const char *ccnumber, int len) { bool VerifyCC::init(const std::string ¶m2, const char **error) { - std::vector vec; const char *errptr = NULL; int erroffset = 0; diff --git a/src/operators/verify_cc.h b/src/operators/verify_cc.h index 9257e8cc..dae52a93 100644 --- a/src/operators/verify_cc.h +++ b/src/operators/verify_cc.h @@ -28,7 +28,9 @@ class VerifyCC : public Operator { public: /** @ingroup ModSecurity_Operator */ VerifyCC(std::string op, std::string param, bool negation) - : Operator(op, param, negation) { } + : Operator(op, param, negation), + m_pc(NULL), + m_pce(NULL) { } int luhnVerify(const char *ccnumber, int len); bool evaluate(Assay *assay, const std::string &input) override; diff --git a/src/rule.cc b/src/rule.cc index 45b9fe11..4fa26994 100644 --- a/src/rule.cc +++ b/src/rule.cc @@ -138,7 +138,7 @@ Rule::Rule(Operator *_op, bool Rule::evaluateActions(Assay *assay) { int none = 0; bool containsDisruptive = false; - int transformations = 0; + // int transformations = 0; for (Action *a : this->actions_runtime_pre) { None *z = dynamic_cast(a); if (z != NULL) { diff --git a/src/utils.cc b/src/utils.cc index 8a42c6a3..b227f742 100644 --- a/src/utils.cc +++ b/src/utils.cc @@ -1014,7 +1014,6 @@ std::string limitTo(int amount, const std::string &str) { std::string toHexIfNeeded(const std::string &str) { std::stringstream res; - size_t pos; for (int i = 0; i < str.size(); i++) { int c = str.at(i);