Refactoring on the variable read/store methods

Now it is ready to received two (or more) variables with same key.
2025-09-30 03:34:29 +03:00 · 2015-07-14 00:25:59 -03:00
parent f13a1bd880
commit 80f13437e3
6 changed files with 59 additions and 37 deletions
--- a/headers/modsecurity/assay.h
+++ b/headers/modsecurity/assay.h
@@ -21,6 +21,7 @@
 #include <string>
 #include <sstream>
 #include <unordered_map>
 #include <map>
 #include <fstream>
 #include <vector>
 #endif
@@ -91,7 +92,7 @@ class ModSecurityCollectionsVariables :
 class ModSecurityStringVariables :
-    public std::unordered_map<std::string, std::string> {
+    public std::unordered_multimap<std::string, std::string> {
 public:
 };
@@ -135,11 +136,10 @@ class Assay {
    const char *getResponseBody();
    int getResponseBodyLenth();
-    std::string resolve_variable(std::string);
+    std::list<std::string> resolve_variable(std::string var);
    std::string* resolve_variable_first(std::string);
    void store_variable(std::string, std::string);
    void store_variable(std::string,
        std::unordered_map<std::string, std::string>);
    ModSecurityStringVariables m_variables_strings;
@@ -172,6 +172,9 @@ class Assay {
    const char *m_protocol;
    const char *m_httpVersion;
    std::string m_namesResponse;
    std::string m_namesRequest;
    std::ostringstream m_requestBody;
    std::ostringstream m_responseBody;
    ModSecurityCollectionsVariables m_variables_collections;
--- a/src/assay.cc
+++ b/src/assay.cc
@@ -26,6 +26,7 @@
 #include <fstream>
 #include <vector>
 #include <iomanip>
 #include <set>
 #include "modsecurity/modsecurity.h"
 #include "modsecurity/intervention.h"
@@ -259,18 +260,16 @@ int Assay::processRequestHeaders() {
 */
 int Assay::addRequestHeader(const std::string& key,
    const std::string& value) {
    std::string *names = resolve_variable_first("REQUEST_HEADERS_NAMES");
-    std::string names = resolve_variable("REQUEST_HEADERS_NAMES");
+    if (names == NULL) {
-
+        this->store_variable("REQUEST_HEADERS_NAMES", m_namesRequest);
-    this->store_variable("REQUEST_HEADERS:" + key, value);
+        m_namesRequest = key;
    if (names.length() > 0) {
        names = names + " " + key;
    } else {
-        names = key;
+        m_namesRequest = m_namesRequest + " " + key;
    }
-    this->store_variable("REQUEST_HEADERS_NAMES", names + " " + key);
+    this->store_variable("REQUEST_HEADERS:" + key, value);
    return 1;
 }
@@ -432,17 +431,16 @@ int Assay::processResponseHeaders() {
 */
 int Assay::addResponseHeader(const std::string& key,
    const std::string& value) {
-    std::string names = resolve_variable("RESPONSE_HEADERS_NAMES");
+    std::string *names = resolve_variable_first("RESPONSE_HEADERS_NAMES");
-    this->store_variable("RESPONSE_HEADERS:" + key, value);
+    if (names == NULL) {
-
+        this->store_variable("RESPONSE_HEADERS_NAMES", m_namesResponse);
-    if (names.length() > 0) {
+        m_namesRequest = key;
        names = names + " " + key;
    } else {
-        names = key;
+        m_namesRequest = m_namesRequest + " " + key;
    }
-    this->store_variable("RESPONSE_HEADERS_NAMES", names + " " + key);
+    this->store_variable("RESPONSE_HEADERS:" + key, value);
    return 1;
 }
@@ -699,12 +697,13 @@ std::string Assay::toOldAuditLogFormatIndex(const std::string &filename,
    strftime(tstr, 299, "[%d/%b/%Y:%H:%M:%S %z]", &timeinfo);
-    ss << dash_if_empty(this->resolve_variable("REQUEST_HEADERS:Host")) << " ";
+    ss << dash_if_empty(
        *this->resolve_variable_first("REQUEST_HEADERS:Host")) << " ";
    ss << dash_if_empty(this->m_clientIpAddress) << " ";
    /** TODO: Check variable */
-    ss << dash_if_empty(this->resolve_variable("REMOTE_USER")) << " ";
+    ss << dash_if_empty(*this->resolve_variable_first("REMOTE_USER")) << " ";
    /** TODO: Check variable */
-    ss << dash_if_empty(this->resolve_variable("LOCAL_USER")) << " ";
+    ss << dash_if_empty(*this->resolve_variable_first("LOCAL_USER")) << " ";
    ss << tstr << " ";
    ss << "\"";
@@ -716,13 +715,14 @@ std::string Assay::toOldAuditLogFormatIndex(const std::string &filename,
    ss << this->httpCodeReturned << " ";
    ss << this->m_responseBody.tellp();
    /** TODO: Check variable */
-    ss << dash_if_empty(this->resolve_variable("REFERER")) << " ";
+    ss << dash_if_empty(*this->resolve_variable_first("REFERER")) << " ";
    ss << "\"";
-    ss << dash_if_empty(this->resolve_variable("REQUEST_HEADERS:User-Agent"));
+    ss << dash_if_empty(
        *this->resolve_variable_first("REQUEST_HEADERS:User-Agent"));
    ss << "\" ";
    ss << this->id << " ";
    /** TODO: Check variable */
-    ss << dash_if_empty(this->resolve_variable("REFERER")) << " ";
+    ss << dash_if_empty(*this->resolve_variable_first("REFERER")) << " ";
    ss << filename << " ";
    ss << "0" << " ";
@@ -972,19 +972,31 @@ std::string Assay::to_json(int parts) {
 }
 void Assay::store_variable(std::string key, std::string value) {
-    this->m_variables_strings[key] = value;
+    this->m_variables_strings.emplace(key, value);
 }
-void Assay::store_variable(std::string key,
+std::list<std::string> Assay::resolve_variable(std::string var) {
-    std::unordered_map<std::string, std::string> value) {
+    std::list<std::string> l;
-    std::cout << "Storing variable: " << key << ", value is a collection." \
+    auto range = m_variables_strings.equal_range(var);
-        << std::endl;
+
    for (auto it = range.first; it != range.second; ++it) {
        std::cout << it->first << ' ' << it->second << '\n';
        l.push_back(it->second);
    }
    return l;
 }
-std::string Assay::resolve_variable(std::string var) {
+std::string* Assay::resolve_variable_first(std::string var) {
-    return this->m_variables_strings[var];
+    auto range = m_variables_strings.equal_range(var);
    for (auto it = range.first; it != range.second; ++it) {
        return &it->second;
    }
    return NULL;
 }
--- a/src/rule.cc
+++ b/src/rule.cc
@@ -20,6 +20,7 @@
 #include <iostream>
 #include <string>
 #include <cstring>
 #include <list>
 #include "operators/operator.h"
 #include "actions/action.h"
@@ -120,8 +121,12 @@ bool Rule::evaluate(Assay *assay) {
        } else {
            bool ret = false;
            try {
-                ret = this->op->evaluate(assay,
+                std::list<std::string> e = assay->resolve_variable(
-                  assay->m_variables_strings.at(variable.name));
+                    variable.name);
                for (std::string value : e) {
                    ret = this->op->evaluate(assay,
                        value);
                }
            } catch (...) {
            }
--- a/src/utils.cc
+++ b/src/utils.cc
@@ -58,7 +58,7 @@ double random_number(const double from, const double to) {
 std::string dash_if_empty(const std::string& str) {
-    if (str.empty()) {
+    if (&str == NULL || str.empty()) {
        return "-";
    }
--- a/src/variable.cc
+++ b/src/variable.cc
@@ -18,12 +18,13 @@
 #include <iostream>
 #include <string>
 #include <vector>
 #include <list>
 #include "modsecurity/assay.h"
 namespace ModSecurity {
-std::string Variable::evaluate(Assay *assay) {
+std::list<std::string> Variable::evaluate(Assay *assay) {
    return assay->resolve_variable(this->name);
 }
--- a/src/variable.h
+++ b/src/variable.h
@@ -15,6 +15,7 @@
 #include <vector>
 #include <string>
 #include <list>
 #ifndef SRC_VARIABLE_H_
 #define SRC_VARIABLE_H_
@@ -29,7 +30,7 @@ class Variable {
        : name(_name) { }
    static std::string to_s(std::vector<Variable> *variables);
-    std::string evaluate(Assay *assay);
+    std::list<std::string> evaluate(Assay *assay);
    std::string name;
 };