From 8aa3e3439d697e70b09b029b85e8a83a6edb7bc4 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Mon, 18 May 2020 21:33:03 -0300 Subject: [PATCH] actions: Removes Rule parameter from runtime execute Generals organization on the Action class --- headers/modsecurity/actions/action.h | 146 +- headers/modsecurity/audit_log.h | 2 +- headers/modsecurity/rules_exceptions.h | 5 +- headers/modsecurity/transaction.h | 10 +- src/actions/accuracy.cc | 17 +- src/actions/accuracy.h | 18 +- src/actions/action.cc | 36 - .../action_allowed_in_sec_default_action.h | 34 + src/actions/action_type_rule_metadata.h | 51 + src/actions/action_with_run_time_string.h | 43 +- src/actions/audit_log.cc | 7 +- src/actions/audit_log.h | 19 +- src/actions/block.cc | 18 +- src/actions/block.h | 29 +- src/actions/capture.cc | 18 +- src/actions/capture.h | 15 +- src/actions/chain.cc | 14 +- src/actions/chain.h | 23 +- src/actions/ctl/audit_log_parts.cc | 42 +- src/actions/ctl/audit_log_parts.h | 18 +- src/actions/ctl/request_body_access.cc | 22 +- src/actions/ctl/request_body_access.h | 16 +- .../ctl/request_body_processor_json.cc | 6 +- src/actions/ctl/request_body_processor_json.h | 10 +- .../ctl/request_body_processor_urlencoded.cc | 7 +- .../ctl/request_body_processor_urlencoded.h | 10 +- src/actions/ctl/request_body_processor_xml.cc | 6 +- src/actions/ctl/request_body_processor_xml.h | 10 +- src/actions/ctl/rule_engine.cc | 10 +- src/actions/ctl/rule_engine.h | 14 +- src/actions/ctl/rule_remove_by_id.cc | 11 +- src/actions/ctl/rule_remove_by_id.h | 13 +- src/actions/ctl/rule_remove_by_tag.cc | 8 +- src/actions/ctl/rule_remove_by_tag.h | 13 +- src/actions/ctl/rule_remove_target_by_id.cc | 8 +- src/actions/ctl/rule_remove_target_by_id.h | 13 +- src/actions/ctl/rule_remove_target_by_tag.cc | 8 +- src/actions/ctl/rule_remove_target_by_tag.h | 12 +- src/actions/data/status.cc | 10 +- src/actions/data/status.h | 24 +- src/actions/disruptive/allow.cc | 15 +- src/actions/disruptive/allow.h | 27 +- src/actions/disruptive/deny.cc | 19 +- src/actions/disruptive/deny.h | 20 +- src/actions/disruptive/disruptive_action.h | 45 + src/actions/disruptive/drop.cc | 24 +- src/actions/disruptive/drop.h | 16 +- src/actions/disruptive/pass.cc | 14 +- src/actions/disruptive/pass.h | 15 +- src/actions/disruptive/redirect.cc | 29 +- src/actions/disruptive/redirect.h | 36 +- src/actions/exec.cc | 15 +- src/actions/exec.h | 10 +- src/actions/init_col.cc | 17 +- src/actions/init_col.h | 18 +- src/actions/log.cc | 14 +- src/actions/log.h | 23 +- src/actions/log_data.cc | 12 +- src/actions/log_data.h | 27 +- src/actions/maturity.cc | 16 +- src/actions/maturity.h | 16 +- src/actions/msg.cc | 15 +- src/actions/msg.h | 15 +- src/actions/multi_match.cc | 11 +- src/actions/multi_match.h | 25 +- src/actions/no_audit_log.cc | 9 +- src/actions/no_audit_log.h | 21 +- src/actions/no_log.cc | 15 +- src/actions/no_log.h | 21 +- src/actions/phase.cc | 16 +- src/actions/phase.h | 30 +- src/actions/rev.cc | 14 +- src/actions/rev.h | 21 +- src/actions/rule_id.cc | 14 +- src/actions/rule_id.h | 26 +- src/actions/set_env.cc | 14 +- src/actions/set_env.h | 15 +- src/actions/set_rsc.cc | 10 +- src/actions/set_rsc.h | 15 +- src/actions/set_sid.cc | 10 +- src/actions/set_sid.h | 15 +- src/actions/set_uid.cc | 10 +- src/actions/set_uid.h | 16 +- src/actions/set_var.cc | 16 +- src/actions/set_var.h | 47 +- src/actions/severity.cc | 19 +- src/actions/severity.h | 22 +- src/actions/skip.cc | 16 +- src/actions/skip.h | 9 +- src/actions/skip_after.cc | 11 +- src/actions/skip_after.h | 18 +- src/actions/tag.cc | 19 +- src/actions/tag.h | 26 +- src/actions/transformations/base64_decode.cc | 14 +- src/actions/transformations/base64_decode.h | 22 +- .../transformations/base64_decode_ext.cc | 14 +- .../transformations/base64_decode_ext.h | 22 +- src/actions/transformations/base64_encode.cc | 14 +- src/actions/transformations/base64_encode.h | 22 +- src/actions/transformations/cmd_line.cc | 13 +- src/actions/transformations/cmd_line.h | 22 +- .../transformations/compress_whitespace.cc | 14 +- .../transformations/compress_whitespace.h | 22 +- src/actions/transformations/css_decode.cc | 20 +- src/actions/transformations/css_decode.h | 24 +- .../transformations/escape_seq_decode.cc | 17 +- .../transformations/escape_seq_decode.h | 26 +- src/actions/transformations/hex_decode.cc | 19 +- src/actions/transformations/hex_decode.h | 23 +- src/actions/transformations/hex_encode.cc | 15 +- src/actions/transformations/hex_encode.h | 23 +- .../transformations/html_entity_decode.cc | 18 +- .../transformations/html_entity_decode.h | 25 +- src/actions/transformations/js_decode.cc | 17 +- src/actions/transformations/js_decode.h | 23 +- src/actions/transformations/length.cc | 14 +- src/actions/transformations/length.h | 22 +- src/actions/transformations/lower_case.cc | 11 +- src/actions/transformations/lower_case.h | 22 +- src/actions/transformations/md5.cc | 15 +- src/actions/transformations/md5.h | 22 +- src/actions/transformations/none.cc | 14 +- src/actions/transformations/none.h | 28 +- src/actions/transformations/normalise_path.cc | 16 +- src/actions/transformations/normalise_path.h | 22 +- .../transformations/normalise_path_win.cc | 17 +- .../transformations/normalise_path_win.h | 19 +- .../transformations/parity_even_7bit.cc | 15 +- .../transformations/parity_even_7bit.h | 23 +- .../transformations/parity_odd_7bit.cc | 15 +- src/actions/transformations/parity_odd_7bit.h | 24 +- .../transformations/parity_zero_7bit.cc | 15 +- .../transformations/parity_zero_7bit.h | 23 +- .../transformations/remove_comments.cc | 15 +- src/actions/transformations/remove_comments.h | 19 +- .../transformations/remove_comments_char.cc | 14 +- .../transformations/remove_comments_char.h | 22 +- src/actions/transformations/remove_nulls.cc | 16 +- src/actions/transformations/remove_nulls.h | 22 +- .../transformations/remove_whitespace.cc | 17 +- .../transformations/remove_whitespace.h | 22 +- .../transformations/replace_comments.cc | 15 +- .../transformations/replace_comments.h | 22 +- src/actions/transformations/replace_nulls.cc | 14 +- src/actions/transformations/replace_nulls.h | 22 +- src/actions/transformations/sha1.cc | 19 +- src/actions/transformations/sha1.h | 22 +- src/actions/transformations/sql_hex_decode.cc | 24 +- src/actions/transformations/sql_hex_decode.h | 22 +- src/actions/transformations/transformation.cc | 133 +- src/actions/transformations/transformation.h | 31 +- src/actions/transformations/trim.cc | 17 +- src/actions/transformations/trim.h | 27 +- src/actions/transformations/trim_left.cc | 16 +- src/actions/transformations/trim_left.h | 23 +- src/actions/transformations/trim_right.cc | 16 +- src/actions/transformations/trim_right.h | 23 +- src/actions/transformations/upper_case.cc | 12 +- src/actions/transformations/upper_case.h | 22 +- src/actions/transformations/url_decode.cc | 17 +- src/actions/transformations/url_decode.h | 24 +- src/actions/transformations/url_decode_uni.cc | 24 +- src/actions/transformations/url_decode_uni.h | 24 +- src/actions/transformations/url_encode.cc | 17 +- src/actions/transformations/url_encode.h | 23 +- .../transformations/utf8_to_unicode.cc | 21 +- src/actions/transformations/utf8_to_unicode.h | 32 +- src/actions/ver.cc | 14 +- src/actions/ver.h | 19 +- src/actions/xmlns.cc | 10 +- src/actions/xmlns.h | 9 +- src/parser/seclang-parser.cc | 1645 ++++++++--------- src/parser/seclang-parser.yy | 115 +- src/rule_message.cc | 2 +- src/rule_with_actions.cc | 253 +-- src/rule_with_actions.h | 18 +- src/rules_exceptions.cc | 37 +- src/transaction.cc | 44 +- test/cppcheck_suppressions.txt | 2 +- test/test-cases/regression/action-block.json | 4 +- .../regression/action-tnf-base64.json | 4 +- test/test-cases/regression/auditlog-ctl.json | 240 +++ ...llection-regular_expression_selection.json | 4 +- .../regression/config-secdefaultaction.json | 8 +- .../misc-variable-under-quotes.json | 8 +- .../regression/offset-variable.json | 16 +- .../regression/tempCodeRunnerFile.json | 38 + .../regression/transformations.json | 4 +- 188 files changed, 3096 insertions(+), 2758 deletions(-) create mode 100644 src/actions/action_allowed_in_sec_default_action.h create mode 100644 src/actions/action_type_rule_metadata.h create mode 100644 src/actions/disruptive/disruptive_action.h create mode 100644 test/test-cases/regression/auditlog-ctl.json create mode 100644 test/test-cases/regression/tempCodeRunnerFile.json diff --git a/headers/modsecurity/actions/action.h b/headers/modsecurity/actions/action.h index b1b277ec..5ccd9bdb 100644 --- a/headers/modsecurity/actions/action.h +++ b/headers/modsecurity/actions/action.h @@ -16,14 +16,9 @@ #ifdef __cplusplus #include -#include -#include #endif -#include "modsecurity/intervention.h" -#include "modsecurity/rule.h" - #ifndef HEADERS_MODSECURITY_ACTIONS_ACTION_H_ #define HEADERS_MODSECURITY_ACTIONS_ACTION_H_ @@ -32,99 +27,68 @@ namespace modsecurity { class Transaction; -class RuleWithActions; -class RunTimeString; - namespace actions { class Action { public: - explicit Action(const std::string& _action) - : m_actionKind(2), - m_name(nullptr), - m_parser_payload("") { - set_name_and_payload(_action); - } + Action() + : m_name(""), + m_parserPayload("") + { } + + + explicit Action(const std::string& action) + : m_name(sort_name(action)), + m_parserPayload(sort_payload(action)) + { } - Action(const std::string& _action, int kind) - : m_actionKind(kind), - m_name(nullptr), - m_parser_payload("") { - set_name_and_payload(_action); - } Action(const Action &a) - : m_actionKind(a.m_actionKind), - m_name(a.m_name), - m_parser_payload(a.m_parser_payload) { } + : m_name(a.m_name), + m_parserPayload(a.m_parserPayload) + { } + Action &operator=(const Action& a) { - m_actionKind = a.m_actionKind; m_name = a.m_name; - m_parser_payload = a.m_parser_payload; + m_parserPayload = a.m_parserPayload; return *this; } - virtual ~Action() { } - virtual bool init(std::string *error) { return true; } + virtual ~Action() + { } - virtual std::string execute(const std::string &exp, - Transaction *transaction); - virtual bool execute(RuleWithActions *rule, - Transaction *transaction); - /** - * This method is meant to be used by transformations — a particular - * type of action. - * - */ - virtual void execute(Transaction *t, - ModSecString &in, - ModSecString &out) { - }; - virtual bool isDisruptive() { return false; } + virtual bool init(std::string *error) { + return true; + } - /** - * - * Define the action kind regarding to the execution time. - * - * - */ - enum Kind { - /** - * - * Action that are executed while loading the configuration. For instance - * the rule ID or the rule phase. - * - */ - ConfigurationKind, - /** - * - * Those are actions that demands to be executed before call the operator. - * For instance the tranformations. - * - * - */ - RunTimeBeforeMatchAttemptKind, - /** - * - * Actions that are executed after the execution of the operator, only if - * the operator returned Match (or True). For instance the disruptive - * actions. - * - */ - RunTimeOnlyIfMatchKind, - }; - int m_actionKind; - std::shared_ptr m_name; - std::string m_parser_payload; + virtual bool execute(Transaction *transaction = nullptr) noexcept { + return true; + } + + + virtual bool isDisruptive() { + return false; + } + + + const std::string *getName() { + return &m_name; + } + + + protected: + std::string m_parserPayload; + private: + std::string m_name; - void set_name_and_payload(const std::string& data) { + static size_t get_payload_pos(const std::string& data) { size_t pos = data.find(":"); std::string t = "t:"; @@ -132,18 +96,34 @@ class Action { pos = data.find(":", 2); } + return pos; + } + + + static std::string sort_name(const std::string& data) { + size_t pos = get_payload_pos(data); if (pos == std::string::npos) { - m_name = std::shared_ptr(new std::string(data)); - return; + return data; } - m_name = std::shared_ptr(new std::string(data, 0, pos)); - m_parser_payload = std::string(data, pos + 1, data.length()); + std::string ret(data, 0, pos); + return ret; + } - if (m_parser_payload.at(0) == '\'' && m_parser_payload.size() > 2) { - m_parser_payload.erase(0, 1); - m_parser_payload.pop_back(); + + static std::string sort_payload(const std::string& data) { + size_t pos = get_payload_pos(data); + std::string ret(""); + if (pos != std::string::npos) { + ret = std::string(data, pos + 1, data.length()); + + if (ret.at(0) == '\'' && ret.size() > 2) { + ret.erase(0, 1); + ret.pop_back(); + } } + + return ret; } }; diff --git a/headers/modsecurity/audit_log.h b/headers/modsecurity/audit_log.h index 08ffdbfe..18862772 100644 --- a/headers/modsecurity/audit_log.h +++ b/headers/modsecurity/audit_log.h @@ -61,7 +61,7 @@ class AuditLog { NativeAuditLogFormat }; - enum AuditLogParts { + enum AuditLogPartsEnum { /** * Audit log header (mandatory). * diff --git a/headers/modsecurity/rules_exceptions.h b/headers/modsecurity/rules_exceptions.h index a8bcf173..ec3a552d 100644 --- a/headers/modsecurity/rules_exceptions.h +++ b/headers/modsecurity/rules_exceptions.h @@ -37,6 +37,9 @@ namespace modsecurity { namespace actions { class Action; +namespace transformations { +class Transformation; +} } namespace variables { class Variable; @@ -79,7 +82,7 @@ class RulesExceptions { std::unordered_multimap> m_variable_update_target_by_id; std::unordered_multimap> m_action_pre_update_target_by_id; + std::shared_ptr> m_action_transformation_update_target_by_id; std::unordered_multimap> m_action_pos_update_target_by_id; std::list m_remove_rule_by_msg; diff --git a/headers/modsecurity/transaction.h b/headers/modsecurity/transaction.h index 0752780c..9a1d2806 100644 --- a/headers/modsecurity/transaction.h +++ b/headers/modsecurity/transaction.h @@ -48,6 +48,8 @@ typedef struct Rules_t RulesSet; #include "modsecurity/variable_value.h" #include "modsecurity/collection/collection.h" #include "modsecurity/variable_origin.h" +#include "modsecurity/actions/action.h" + #ifndef NO_LOGS #define ms_dbg(b, c) \ @@ -567,12 +569,12 @@ class Transaction : public TransactionAnchoredVariables, public TransactionSecMa int m_requestBodyAccess; /** - * The list m_auditLogModifier contains modifications to the `auditlogs' - * for this specific request, those modifications can happens via the - * utilization of the action: `ctl:auditLogParts=' + * m_auditLogParts contains auditlog parts for this specific request, + * it also holds the modifications can happens via the utilization of + * the action: `ctl:auditLogParts=' * */ - std::list< std::pair > m_auditLogModifier; + int m_auditLogParts; /** * Holds the request body, in case of any. diff --git a/src/actions/accuracy.cc b/src/actions/accuracy.cc index 51514fb0..da59bbb4 100644 --- a/src/actions/accuracy.cc +++ b/src/actions/accuracy.cc @@ -13,16 +13,11 @@ * */ + #include "src/actions/accuracy.h" -#include #include -#include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "src/rule_with_actions.h" - namespace modsecurity { namespace actions { @@ -30,9 +25,9 @@ namespace actions { bool Accuracy::init(std::string *error) { try { - m_accuracy = std::stoi(m_parser_payload); + m_accuracy = std::stoi(m_parserPayload); } catch (...) { - error->assign("Accuracy: The input \"" + m_parser_payload + "\" is " \ + error->assign("Accuracy: The input \"" + m_parserPayload + "\" is " \ "not a number."); return false; } @@ -40,11 +35,5 @@ bool Accuracy::init(std::string *error) { } -bool Accuracy::execute(RuleWithActions *rule, Transaction *transaction) { - rule->setAccuracy(m_accuracy); - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/accuracy.h b/src/actions/accuracy.h index 03279610..99b802ee 100644 --- a/src/actions/accuracy.h +++ b/src/actions/accuracy.h @@ -13,29 +13,31 @@ * */ + #include -#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" + #ifndef SRC_ACTIONS_ACCURACY_H_ #define SRC_ACTIONS_ACCURACY_H_ -class Transaction; namespace modsecurity { -class Transaction; namespace actions { -class Accuracy : public Action { +class Accuracy : public ActionTypeRuleMetaData { public: - explicit Accuracy(const std::string &action) - : Action(action, ConfigurationKind), + explicit Accuracy(const std::string &action) + : Action(action), m_accuracy(0) { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; - int getAccuracy() const { return m_accuracy; } + + void configure(RuleWithActions *rule) override { + rule->setAccuracy(m_accuracy); + } private: int m_accuracy; diff --git a/src/actions/action.cc b/src/actions/action.cc index 51621cab..cf11ade8 100644 --- a/src/actions/action.cc +++ b/src/actions/action.cc @@ -15,46 +15,10 @@ #include "modsecurity/actions/action.h" -#include -#include - -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "src/utils/string.h" - -#include "src/actions/block.h" -#include "src/actions/chain.h" -#include "src/actions/disruptive/deny.h" -#include "src/actions/disruptive/redirect.h" -#include "src/actions/data/status.h" -#include "src/actions/rule_id.h" -#include "src/actions/phase.h" -#include "src/actions/severity.h" -#include "src/actions/capture.h" -#include "src/actions/disruptive/pass.h" -#include "src/actions/log.h" -#include "src/actions/no_log.h" -#include "src/actions/no_audit_log.h" -#include "src/actions/multi_match.h" - - -#define IF_MATCH(a) \ - if (op.compare(1, std::strlen(#a), #a) == 0) namespace modsecurity { namespace actions { -std::string Action::execute(const std::string &value, - Transaction *transaction) { - return value; -} - - -bool Action::execute(RuleWithActions *rule, Transaction *transaction) { - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/action_allowed_in_sec_default_action.h b/src/actions/action_allowed_in_sec_default_action.h new file mode 100644 index 00000000..1d23f08e --- /dev/null +++ b/src/actions/action_allowed_in_sec_default_action.h @@ -0,0 +1,34 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 - 2020 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include "modsecurity/actions/action.h" + +#ifndef SRC_ACTIONS_ACTION_ALLOWED_IN_SEC_DEFAULT_ACTION_H_ +#define SRC_ACTIONS_ACTION_ALLOWED_IN_SEC_DEFAULT_ACTION_H_ + + +namespace modsecurity { +namespace actions { + + +class ActionAllowedAsSecDefaultAction : public virtual Action { + public: +}; + + +} // namespace actions +} // namespace modsecurity + +#endif // SRC_ACTIONS_ACTION_ALLOWED_IN_SEC_DEFAULT_ACTION_H_ diff --git a/src/actions/action_type_rule_metadata.h b/src/actions/action_type_rule_metadata.h new file mode 100644 index 00000000..a3ba810c --- /dev/null +++ b/src/actions/action_type_rule_metadata.h @@ -0,0 +1,51 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 - 2020 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + + +#include "modsecurity/actions/action.h" +#include "src/rule_with_actions.h" + +#ifndef SRC_ACTIONS_ACTION_TYPE_CONFIGURE_H_ +#define SRC_ACTIONS_ACTION_TYPE_CONFIGURE_H_ + + +namespace modsecurity { +namespace actions { + + +class ActionTypeRuleMetaData : public virtual Action { + public: + /** + * + * Action that are executed while loading the configuration. For instance + * the rule ID or the rule phase. + * + */ + ActionTypeRuleMetaData() + : Action() + { }; + + bool execute(Transaction *t) noexcept override { + return true; + } + + virtual void configure(RuleWithActions *rule) = 0; +}; + + +} // namespace actions +} // namespace modsecurity + +#endif // SRC_ACTIONS_ACTION_TYPE_CONFIGURE_H_ diff --git a/src/actions/action_with_run_time_string.h b/src/actions/action_with_run_time_string.h index 0c38a27a..7b87bb85 100644 --- a/src/actions/action_with_run_time_string.h +++ b/src/actions/action_with_run_time_string.h @@ -13,49 +13,32 @@ * */ +#include +#include +#include + #include "modsecurity/actions/action.h" #include "src/run_time_string.h" #ifndef SRC_ACTIONS_ACTION_WITH_RUN_TIME_STRING_H_ #define SRC_ACTIONS_ACTION_WITH_RUN_TIME_STRING_H_ + namespace modsecurity { namespace actions { -class ActionWithRunTimeString : public Action { + +class ActionWithRunTimeString : public virtual Action { public: - ActionWithRunTimeString( - const std::string &name, - int king, - std::unique_ptr string) - : Action(name, king), - m_string(std::move(string)) - { }; - - ActionWithRunTimeString(const std::string &name, - std::unique_ptr string) - : Action(name), - m_string(std::move(string)) - { }; - - ActionWithRunTimeString(const std::string &name, - int king) - : Action(name, king), - m_string(nullptr) - { }; - - ActionWithRunTimeString(const std::string &name) - : Action(name), - m_string(nullptr) - { }; + explicit ActionWithRunTimeString(std::unique_ptr string = nullptr) + : m_string(std::move(string)) + { } ActionWithRunTimeString(const ActionWithRunTimeString &a) - : Action(a), - m_string(a.m_string?std::unique_ptr(new RunTimeString(*a.m_string.get())):nullptr) - { }; + : m_string(a.m_string?std::unique_ptr(new RunTimeString(*a.m_string.get())):nullptr) + { } - ActionWithRunTimeString& operator=(const ActionWithRunTimeString& a) - { + ActionWithRunTimeString& operator=(const ActionWithRunTimeString& a) { m_string = std::unique_ptr(new RunTimeString(*a.m_string.get())); return *this; } diff --git a/src/actions/audit_log.cc b/src/actions/audit_log.cc index 9a2d876f..153442e9 100644 --- a/src/actions/audit_log.cc +++ b/src/actions/audit_log.cc @@ -15,19 +15,16 @@ #include "src/actions/audit_log.h" -#include #include -#include #include "modsecurity/transaction.h" -#include "modsecurity/rule_message.h" -#include "modsecurity/rules_set.h" + namespace modsecurity { namespace actions { -bool AuditLog::execute(RuleWithActions *rule, Transaction *transaction) { +bool AuditLog::execute(Transaction *transaction) noexcept { transaction->messageSetNoAuditLog(false); return true; } diff --git a/src/actions/audit_log.h b/src/actions/audit_log.h index e6f5bffc..7f48354d 100644 --- a/src/actions/audit_log.h +++ b/src/actions/audit_log.h @@ -13,34 +13,29 @@ * */ -#include -#include -#include "modsecurity/actions/action.h" +#include "src/actions/action_allowed_in_sec_default_action.h" #ifndef SRC_ACTIONS_AUDIT_LOG_H_ #define SRC_ACTIONS_AUDIT_LOG_H_ -#ifdef __cplusplus -class Transaction; namespace modsecurity { -class Transaction; - namespace actions { -class AuditLog : public Action { +class AuditLog : public ActionAllowedAsSecDefaultAction { public: - explicit AuditLog(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + AuditLog() + : Action("auditLog") + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; }; } // namespace actions } // namespace modsecurity -#endif + #endif // SRC_ACTIONS_AUDIT_LOG_H_ diff --git a/src/actions/block.cc b/src/actions/block.cc index b929d228..31b1a8b6 100644 --- a/src/actions/block.cc +++ b/src/actions/block.cc @@ -13,29 +13,13 @@ * */ + #include "src/actions/block.h" -#include -#include -#include - -#include "modsecurity/rules_set.h" -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "modsecurity/intervention.h" -#include "src/actions/data/status.h" -#include "src/rule_with_actions.h" - namespace modsecurity { namespace actions { -bool Block::execute(RuleWithActions *rule, Transaction *transaction) { - ms_dbg_a(transaction, 8, "Marking request as disruptive."); - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/block.h b/src/actions/block.h index db876304..8800ea05 100644 --- a/src/actions/block.h +++ b/src/actions/block.h @@ -13,34 +13,37 @@ * */ + #include #include -#include "modsecurity/actions/action.h" -#include "modsecurity/rule_message.h" +#include "src/actions/action_type_rule_metadata.h" +#include "src/actions/action_allowed_in_sec_default_action.h" -#ifndef SRC_ACTIONS_DISRUPTIVE_BLOCK_H_ -#define SRC_ACTIONS_DISRUPTIVE_BLOCK_H_ -#ifdef __cplusplus -class Transaction; +#ifndef SRC_ACTIONS_BLOCK_H_ +#define SRC_ACTIONS_BLOCK_H_ + namespace modsecurity { -class Transaction; - namespace actions { -class Block : public Action { +class Block : public ActionTypeRuleMetaData, + public ActionAllowedAsSecDefaultAction { public: - explicit Block(const std::string &action) : Action(action) { } + Block() + : Action("block") + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + void configure(RuleWithActions *rule) override { + rule->setHasBlockAction(true); + } }; } // namespace actions } // namespace modsecurity -#endif -#endif // SRC_ACTIONS_DISRUPTIVE_BLOCK_H_ + +#endif // SRC_ACTIONS_BLOCK_H_ diff --git a/src/actions/capture.cc b/src/actions/capture.cc index dd164f28..83abc16c 100644 --- a/src/actions/capture.cc +++ b/src/actions/capture.cc @@ -13,29 +13,13 @@ * */ + #include "src/actions/capture.h" -#include -#include -#include - -#include "modsecurity/transaction.h" - -#include "modsecurity/rule.h" -#include "src/operators/operator.h" -#include "src/operators/pm.h" -#include "src/operators/rx.h" -#include "src/operators/contains.h" -#include "src/operators/detect_sqli.h" namespace modsecurity { namespace actions { -bool Capture::execute(RuleWithActions *rule, Transaction *transaction) { - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/capture.h b/src/actions/capture.h index cbc2369e..041635a5 100644 --- a/src/actions/capture.h +++ b/src/actions/capture.h @@ -13,25 +13,28 @@ * */ + #include -#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" + #ifndef SRC_ACTIONS_CAPTURE_H_ #define SRC_ACTIONS_CAPTURE_H_ namespace modsecurity { -class RuleWithOperator; namespace actions { -class Capture : public Action { +class Capture : public ActionTypeRuleMetaData { public: - explicit Capture(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + Capture() + : Action("capture") { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + void configure(RuleWithActions *rule) override { + rule->setHasCaptureAction(true); + } }; diff --git a/src/actions/chain.cc b/src/actions/chain.cc index db9e6c68..8fe94919 100644 --- a/src/actions/chain.cc +++ b/src/actions/chain.cc @@ -13,25 +13,13 @@ * */ + #include "src/actions/chain.h" -#include -#include - -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "src/rule_with_actions.h" - namespace modsecurity { namespace actions { -bool Chain::execute(RuleWithActions *rule, Transaction *transaction) { - rule->setHasChainAction(true); - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/chain.h b/src/actions/chain.h index cafb64f2..f1b55f89 100644 --- a/src/actions/chain.h +++ b/src/actions/chain.h @@ -13,33 +13,34 @@ * */ + #include -#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" + #ifndef SRC_ACTIONS_CHAIN_H_ #define SRC_ACTIONS_CHAIN_H_ -#ifdef __cplusplus -class Transaction; namespace modsecurity { -class Transaction; -class RuleWithOperator; - namespace actions { -class Chain : public Action { +class Chain : public ActionTypeRuleMetaData { public: - explicit Chain(const std::string &action) - : Action(action, ConfigurationKind) { } + Chain() + : Action("chain") + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + void configure(RuleWithActions *rule) override { + rule->setHasChainAction(true); + } }; + } // namespace actions } // namespace modsecurity -#endif + #endif // SRC_ACTIONS_CHAIN_H_ diff --git a/src/actions/ctl/audit_log_parts.cc b/src/actions/ctl/audit_log_parts.cc index cfe62638..3ee05bb4 100644 --- a/src/actions/ctl/audit_log_parts.cc +++ b/src/actions/ctl/audit_log_parts.cc @@ -13,13 +13,20 @@ * */ + #include "src/actions/ctl/audit_log_parts.h" -#include #include #include #include "modsecurity/transaction.h" +#include "modsecurity/audit_log.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" + namespace modsecurity { namespace actions { @@ -27,20 +34,39 @@ namespace ctl { bool AuditLogParts::init(std::string *error) { - std::string what(m_parser_payload, 14, 1); - mParts = std::string(m_parser_payload, 15, m_parser_payload.length()-15); + std::string what(m_parserPayload, 14, 1); + std::string parts_str(m_parserPayload, 15, m_parserPayload.length()-15); + + if ((what != "-") && (what != "+")) { + error->assign("ctl:auditLogParts modificators expects add or " \ + "remove (+/-) in front of the modificator. Got: " + what); + return false; + } + + int flags = AuditLog::addParts(0, parts_str); + if (what == "+") { - mPartsAction = 0; + m_partsToModify = flags; } else { - mPartsAction = 1; + m_partsToModify = -1 * flags; } return true; } -bool AuditLogParts::execute(RuleWithActions *rule, Transaction *transaction) { - transaction->m_auditLogModifier.push_back( - std::make_pair(mPartsAction, mParts)); + +bool AuditLogParts::execute(Transaction *transaction) noexcept { + ms_dbg_a(transaction, 7, "AuditLog parts before modification: " + + std::to_string(transaction->m_auditLogParts) + "."); + + if (m_partsToModify < 0) { + transaction->m_auditLogParts = \ + transaction->m_auditLogParts & ~(m_partsToModify * -1); + } else { + transaction->m_auditLogParts = \ + transaction->m_auditLogParts | m_partsToModify; + } + return true; } diff --git a/src/actions/ctl/audit_log_parts.h b/src/actions/ctl/audit_log_parts.h index ea9572ae..7d1a8d6d 100644 --- a/src/actions/ctl/audit_log_parts.h +++ b/src/actions/ctl/audit_log_parts.h @@ -13,14 +13,17 @@ * */ + #include #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" + #ifndef SRC_ACTIONS_CTL_AUDIT_LOG_PARTS_H_ #define SRC_ACTIONS_CTL_AUDIT_LOG_PARTS_H_ + namespace modsecurity { namespace actions { namespace ctl { @@ -28,17 +31,17 @@ namespace ctl { class AuditLogParts : public Action { public: - explicit AuditLogParts(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), - mPartsAction(0), - mParts("") { } + explicit AuditLogParts(const std::string &action) + : Action(action), + m_partsToModify(0) + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; + bool execute(Transaction *transaction) noexcept override; + protected: - int mPartsAction; - std::string mParts; + int m_partsToModify; }; @@ -46,4 +49,5 @@ class AuditLogParts : public Action { } // namespace actions } // namespace modsecurity + #endif // SRC_ACTIONS_CTL_AUDIT_LOG_PARTS_H_ diff --git a/src/actions/ctl/request_body_access.cc b/src/actions/ctl/request_body_access.cc index 8634deb5..24fe6115 100644 --- a/src/actions/ctl/request_body_access.cc +++ b/src/actions/ctl/request_body_access.cc @@ -13,40 +13,44 @@ * */ + #include "src/actions/ctl/request_body_access.h" -#include #include #include "modsecurity/rules_set_properties.h" #include "modsecurity/transaction.h" + namespace modsecurity { namespace actions { namespace ctl { bool RequestBodyAccess::init(std::string *error) { - std::string what(m_parser_payload, 18, m_parser_payload.size() - 18); + std::string what(m_parserPayload, 18, m_parserPayload.size() - 18); if (what == "true") { - m_request_body_access = true; + m_requestBodyAccess = true; } else if (what == "false") { - m_request_body_access = false; + m_requestBodyAccess = false; } else { error->assign("Internal error. Expected: true or false, got: " \ - + m_parser_payload); + + m_parserPayload); return false; } return true; } -bool RequestBodyAccess::execute(RuleWithActions *rule, Transaction *transaction) { - if (m_request_body_access) { - transaction->m_requestBodyAccess = RulesSetProperties::TrueConfigBoolean; + +bool RequestBodyAccess::execute(Transaction *transaction) noexcept { + if (m_requestBodyAccess) { + transaction->m_requestBodyAccess = + RulesSetProperties::TrueConfigBoolean; } else { - transaction->m_requestBodyAccess = RulesSetProperties::FalseConfigBoolean; + transaction->m_requestBodyAccess = + RulesSetProperties::FalseConfigBoolean; } return true; diff --git a/src/actions/ctl/request_body_access.h b/src/actions/ctl/request_body_access.h index ddc5e20f..403b4770 100644 --- a/src/actions/ctl/request_body_access.h +++ b/src/actions/ctl/request_body_access.h @@ -13,6 +13,7 @@ * */ + #include #include "modsecurity/actions/action.h" @@ -22,6 +23,7 @@ #ifndef SRC_ACTIONS_CTL_REQUEST_BODY_ACCESS_H_ #define SRC_ACTIONS_CTL_REQUEST_BODY_ACCESS_H_ + namespace modsecurity { namespace actions { namespace ctl { @@ -29,14 +31,17 @@ namespace ctl { class RequestBodyAccess : public Action { public: - explicit RequestBodyAccess(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), - m_request_body_access(false) { } + explicit RequestBodyAccess(const std::string &action) + : Action(action), + m_requestBodyAccess(false) + { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; - bool m_request_body_access; + bool execute(Transaction *transaction) noexcept override; + + private: + bool m_requestBodyAccess; }; @@ -44,4 +49,5 @@ class RequestBodyAccess : public Action { } // namespace actions } // namespace modsecurity + #endif // SRC_ACTIONS_CTL_REQUEST_BODY_ACCESS_H_ diff --git a/src/actions/ctl/request_body_processor_json.cc b/src/actions/ctl/request_body_processor_json.cc index 14d7fa8a..a68d41e6 100644 --- a/src/actions/ctl/request_body_processor_json.cc +++ b/src/actions/ctl/request_body_processor_json.cc @@ -13,20 +13,20 @@ * */ + #include "src/actions/ctl/request_body_processor_json.h" -#include #include #include "modsecurity/transaction.h" + namespace modsecurity { namespace actions { namespace ctl { -bool RequestBodyProcessorJSON::execute(RuleWithActions *rule, - Transaction *transaction) { +bool RequestBodyProcessorJSON::execute(Transaction *transaction) noexcept { transaction->m_requestBodyProcessor = Transaction::JSONRequestBody; transaction->m_variableReqbodyProcessor.set("JSON", transaction->m_variableOffset); diff --git a/src/actions/ctl/request_body_processor_json.h b/src/actions/ctl/request_body_processor_json.h index 846eb89b..0cec2a8c 100644 --- a/src/actions/ctl/request_body_processor_json.h +++ b/src/actions/ctl/request_body_processor_json.h @@ -13,14 +13,17 @@ * */ + #include #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" + #ifndef SRC_ACTIONS_CTL_REQUEST_BODY_PROCESSOR_JSON_H_ #define SRC_ACTIONS_CTL_REQUEST_BODY_PROCESSOR_JSON_H_ + namespace modsecurity { namespace actions { namespace ctl { @@ -28,10 +31,11 @@ namespace ctl { class RequestBodyProcessorJSON : public Action { public: - explicit RequestBodyProcessorJSON(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + explicit RequestBodyProcessorJSON(const std::string &action) + : Action(action) + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; }; diff --git a/src/actions/ctl/request_body_processor_urlencoded.cc b/src/actions/ctl/request_body_processor_urlencoded.cc index 433a9530..12c0f7e9 100644 --- a/src/actions/ctl/request_body_processor_urlencoded.cc +++ b/src/actions/ctl/request_body_processor_urlencoded.cc @@ -13,20 +13,21 @@ * */ + #include "src/actions/ctl/request_body_processor_urlencoded.h" -#include #include #include "modsecurity/transaction.h" + namespace modsecurity { namespace actions { namespace ctl { -bool RequestBodyProcessorURLENCODED::execute(RuleWithActions *rule, - Transaction *transaction) { +bool RequestBodyProcessorURLENCODED::execute( + Transaction *transaction) noexcept { transaction->m_requestBodyType = Transaction::WWWFormUrlEncoded; transaction->m_variableReqbodyProcessor.set("URLENCODED", transaction->m_variableOffset); diff --git a/src/actions/ctl/request_body_processor_urlencoded.h b/src/actions/ctl/request_body_processor_urlencoded.h index e437961e..a4c94e97 100644 --- a/src/actions/ctl/request_body_processor_urlencoded.h +++ b/src/actions/ctl/request_body_processor_urlencoded.h @@ -13,14 +13,17 @@ * */ + #include #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" + #ifndef SRC_ACTIONS_CTL_REQUEST_BODY_PROCESSOR_URLENCODED_H_ #define SRC_ACTIONS_CTL_REQUEST_BODY_PROCESSOR_URLENCODED_H_ + namespace modsecurity { namespace actions { namespace ctl { @@ -28,10 +31,11 @@ namespace ctl { class RequestBodyProcessorURLENCODED : public Action { public: - explicit RequestBodyProcessorURLENCODED(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + explicit RequestBodyProcessorURLENCODED(const std::string &action) + : Action(action) + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; }; diff --git a/src/actions/ctl/request_body_processor_xml.cc b/src/actions/ctl/request_body_processor_xml.cc index d2a32d38..5331dc55 100644 --- a/src/actions/ctl/request_body_processor_xml.cc +++ b/src/actions/ctl/request_body_processor_xml.cc @@ -13,20 +13,20 @@ * */ + #include "src/actions/ctl/request_body_processor_xml.h" -#include #include #include "modsecurity/transaction.h" + namespace modsecurity { namespace actions { namespace ctl { -bool RequestBodyProcessorXML::execute(RuleWithActions *rule, - Transaction *transaction) { +bool RequestBodyProcessorXML::execute(Transaction *transaction) noexcept { transaction->m_requestBodyProcessor = Transaction::XMLRequestBody; transaction->m_variableReqbodyProcessor.set("XML", transaction->m_variableOffset); diff --git a/src/actions/ctl/request_body_processor_xml.h b/src/actions/ctl/request_body_processor_xml.h index 0d1b678c..fab8d358 100644 --- a/src/actions/ctl/request_body_processor_xml.h +++ b/src/actions/ctl/request_body_processor_xml.h @@ -13,14 +13,17 @@ * */ + #include #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" + #ifndef SRC_ACTIONS_CTL_REQUEST_BODY_PROCESSOR_XML_H_ #define SRC_ACTIONS_CTL_REQUEST_BODY_PROCESSOR_XML_H_ + namespace modsecurity { namespace actions { namespace ctl { @@ -28,10 +31,11 @@ namespace ctl { class RequestBodyProcessorXML : public Action { public: - explicit RequestBodyProcessorXML(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + explicit RequestBodyProcessorXML(const std::string &action) + : Action(action) + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; }; diff --git a/src/actions/ctl/rule_engine.cc b/src/actions/ctl/rule_engine.cc index 54e58159..cbd4d073 100644 --- a/src/actions/ctl/rule_engine.cc +++ b/src/actions/ctl/rule_engine.cc @@ -13,22 +13,23 @@ * */ + #include "src/actions/ctl/rule_engine.h" -#include #include #include "modsecurity/rules_set_properties.h" #include "modsecurity/rules_set.h" #include "modsecurity/transaction.h" + namespace modsecurity { namespace actions { namespace ctl { bool RuleEngine::init(std::string *error) { - std::string what(m_parser_payload, 11, m_parser_payload.size() - 11); + std::string what(m_parserPayload, 11, m_parserPayload.size() - 11); if (what == "on") { m_ruleEngine = RulesSetProperties::EnabledRuleEngine; @@ -38,14 +39,15 @@ bool RuleEngine::init(std::string *error) { m_ruleEngine = RulesSetProperties::DetectionOnlyRuleEngine; } else { error->assign("Internal error. Expected: On, Off or DetectionOnly; " \ - "got: " + m_parser_payload); + "got: " + m_parserPayload); return false; } return true; } -bool RuleEngine::execute(RuleWithActions *rule, Transaction *transaction) { + +bool RuleEngine::execute(Transaction *transaction) noexcept { std::stringstream a; a << "Setting SecRuleEngine to "; a << modsecurity::RulesSetProperties::ruleEngineStateString(m_ruleEngine); diff --git a/src/actions/ctl/rule_engine.h b/src/actions/ctl/rule_engine.h index a95be7eb..ee66d55b 100644 --- a/src/actions/ctl/rule_engine.h +++ b/src/actions/ctl/rule_engine.h @@ -13,16 +13,17 @@ * */ + #include #include "modsecurity/rules_set_properties.h" #include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" #ifndef SRC_ACTIONS_CTL_RULE_ENGINE_H_ #define SRC_ACTIONS_CTL_RULE_ENGINE_H_ + namespace modsecurity { namespace actions { namespace ctl { @@ -30,13 +31,16 @@ namespace ctl { class RuleEngine : public Action { public: - explicit RuleEngine(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), - m_ruleEngine(RulesSetProperties::PropertyNotSetRuleEngine) { } + explicit RuleEngine(const std::string &action) + : Action(action), + m_ruleEngine(RulesSetProperties::PropertyNotSetRuleEngine) + { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; + + private: RulesSetProperties::RuleEngine m_ruleEngine; }; diff --git a/src/actions/ctl/rule_remove_by_id.cc b/src/actions/ctl/rule_remove_by_id.cc index 43382733..846fee82 100644 --- a/src/actions/ctl/rule_remove_by_id.cc +++ b/src/actions/ctl/rule_remove_by_id.cc @@ -13,21 +13,25 @@ * */ + #include "src/actions/ctl/rule_remove_by_id.h" -#include #include +#include +#include #include "modsecurity/transaction.h" + #include "src/utils/string.h" + namespace modsecurity { namespace actions { namespace ctl { bool RuleRemoveById::init(std::string *error) { - std::string what(m_parser_payload, 15, m_parser_payload.size() - 15); + std::string what(m_parserPayload, 15, m_parserPayload.size() - 15); bool added = false; std::vector toRemove = utils::string::ssplit(what, ' '); for (std::string &a : toRemove) { @@ -83,7 +87,8 @@ bool RuleRemoveById::init(std::string *error) { return false; } -bool RuleRemoveById::execute(RuleWithActions *rule, Transaction *transaction) { + +bool RuleRemoveById::execute(Transaction *transaction) noexcept { for (auto &i : m_ids) { transaction->m_ruleRemoveById.push_back(i); } diff --git a/src/actions/ctl/rule_remove_by_id.h b/src/actions/ctl/rule_remove_by_id.h index 56ef7f41..debd6a66 100644 --- a/src/actions/ctl/rule_remove_by_id.h +++ b/src/actions/ctl/rule_remove_by_id.h @@ -13,7 +13,10 @@ * */ + #include +#include +#include #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" @@ -22,6 +25,7 @@ #ifndef SRC_ACTIONS_CTL_RULE_REMOVE_BY_ID_H_ #define SRC_ACTIONS_CTL_RULE_REMOVE_BY_ID_H_ + namespace modsecurity { namespace actions { namespace ctl { @@ -29,12 +33,15 @@ namespace ctl { class RuleRemoveById : public Action { public: - explicit RuleRemoveById(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + explicit RuleRemoveById(const std::string &action) + : Action(action) + { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; + + private: std::list > m_ranges; std::list m_ids; }; diff --git a/src/actions/ctl/rule_remove_by_tag.cc b/src/actions/ctl/rule_remove_by_tag.cc index 44ea217a..6ebdc31c 100644 --- a/src/actions/ctl/rule_remove_by_tag.cc +++ b/src/actions/ctl/rule_remove_by_tag.cc @@ -13,26 +13,28 @@ * */ + #include "src/actions/ctl/rule_remove_by_tag.h" -#include #include #include "modsecurity/transaction.h" + namespace modsecurity { namespace actions { namespace ctl { bool RuleRemoveByTag::init(std::string *error) { - std::string what(m_parser_payload, 16, m_parser_payload.size() - 16); + std::string what(m_parserPayload, 16, m_parserPayload.size() - 16); m_tag = what; return true; } -bool RuleRemoveByTag::execute(RuleWithActions *rule, Transaction *transaction) { + +bool RuleRemoveByTag::execute(Transaction *transaction) noexcept { transaction->m_ruleRemoveByTag.push_back(m_tag); return true; } diff --git a/src/actions/ctl/rule_remove_by_tag.h b/src/actions/ctl/rule_remove_by_tag.h index 4d072bc6..fa5fd53c 100644 --- a/src/actions/ctl/rule_remove_by_tag.h +++ b/src/actions/ctl/rule_remove_by_tag.h @@ -13,6 +13,7 @@ * */ + #include #include "modsecurity/actions/action.h" @@ -22,6 +23,7 @@ #ifndef SRC_ACTIONS_CTL_RULE_REMOVE_BY_TAG_H_ #define SRC_ACTIONS_CTL_RULE_REMOVE_BY_TAG_H_ + namespace modsecurity { namespace actions { namespace ctl { @@ -29,13 +31,16 @@ namespace ctl { class RuleRemoveByTag : public Action { public: - explicit RuleRemoveByTag(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), - m_tag("") { } + explicit RuleRemoveByTag(const std::string &action) + : Action(action), + m_tag("") + { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; + + private: std::string m_tag; }; diff --git a/src/actions/ctl/rule_remove_target_by_id.cc b/src/actions/ctl/rule_remove_target_by_id.cc index e82257f2..236dfa64 100644 --- a/src/actions/ctl/rule_remove_target_by_id.cc +++ b/src/actions/ctl/rule_remove_target_by_id.cc @@ -13,14 +13,15 @@ * */ + #include "src/actions/ctl/rule_remove_target_by_id.h" -#include #include #include #include #include "modsecurity/transaction.h" + #include "src/utils/string.h" @@ -30,7 +31,7 @@ namespace ctl { bool RuleRemoveTargetById::init(std::string *error) { - std::string what(m_parser_payload, 21, m_parser_payload.size() - 21); + std::string what(m_parserPayload, 21, m_parserPayload.size() - 21); std::vector param = utils::string::split(what, ';'); if (param.size() < 2) { @@ -51,7 +52,8 @@ bool RuleRemoveTargetById::init(std::string *error) { return true; } -bool RuleRemoveTargetById::execute(RuleWithActions *rule, Transaction *transaction) { + +bool RuleRemoveTargetById::execute(Transaction *transaction) noexcept { transaction->m_ruleRemoveTargetById.push_back( std::make_pair(m_id, m_target)); return true; diff --git a/src/actions/ctl/rule_remove_target_by_id.h b/src/actions/ctl/rule_remove_target_by_id.h index 6e8b927c..62ac870e 100644 --- a/src/actions/ctl/rule_remove_target_by_id.h +++ b/src/actions/ctl/rule_remove_target_by_id.h @@ -13,6 +13,7 @@ * */ + #include #include "modsecurity/actions/action.h" @@ -22,6 +23,7 @@ #ifndef SRC_ACTIONS_CTL_RULE_REMOVE_TARGET_BY_ID_H_ #define SRC_ACTIONS_CTL_RULE_REMOVE_TARGET_BY_ID_H_ + namespace modsecurity { namespace actions { namespace ctl { @@ -29,14 +31,17 @@ namespace ctl { class RuleRemoveTargetById : public Action { public: - explicit RuleRemoveTargetById(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), + explicit RuleRemoveTargetById(const std::string &action) + : Action(action), m_id(0), - m_target("") { } + m_target("") + { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; + + private: int m_id; std::string m_target; }; diff --git a/src/actions/ctl/rule_remove_target_by_tag.cc b/src/actions/ctl/rule_remove_target_by_tag.cc index 57ebd4bc..8d676a14 100644 --- a/src/actions/ctl/rule_remove_target_by_tag.cc +++ b/src/actions/ctl/rule_remove_target_by_tag.cc @@ -13,14 +13,15 @@ * */ + #include "src/actions/ctl/rule_remove_target_by_tag.h" -#include #include #include #include #include "modsecurity/transaction.h" + #include "src/utils/string.h" @@ -30,7 +31,7 @@ namespace ctl { bool RuleRemoveTargetByTag::init(std::string *error) { - std::string what(m_parser_payload, 22, m_parser_payload.size() - 22); + std::string what(m_parserPayload, 22, m_parserPayload.size() - 22); std::vector param = utils::string::split(what, ';'); if (param.size() < 2) { @@ -44,7 +45,8 @@ bool RuleRemoveTargetByTag::init(std::string *error) { return true; } -bool RuleRemoveTargetByTag::execute(RuleWithActions *rule, Transaction *transaction) { + +bool RuleRemoveTargetByTag::execute(Transaction *transaction) noexcept { transaction->m_ruleRemoveTargetByTag.push_back( std::make_pair(m_tag, m_target)); return true; diff --git a/src/actions/ctl/rule_remove_target_by_tag.h b/src/actions/ctl/rule_remove_target_by_tag.h index 0d8a7aa4..90ab530d 100644 --- a/src/actions/ctl/rule_remove_target_by_tag.h +++ b/src/actions/ctl/rule_remove_target_by_tag.h @@ -13,6 +13,7 @@ * */ + #include #include "modsecurity/actions/action.h" @@ -22,6 +23,7 @@ #ifndef SRC_ACTIONS_CTL_RULE_REMOVE_TARGET_BY_TAG_H_ #define SRC_ACTIONS_CTL_RULE_REMOVE_TARGET_BY_TAG_H_ + namespace modsecurity { namespace actions { namespace ctl { @@ -29,12 +31,15 @@ namespace ctl { class RuleRemoveTargetByTag : public Action { public: - explicit RuleRemoveTargetByTag(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + explicit RuleRemoveTargetByTag(const std::string &action) + : Action(action) + { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; + + private: std::string m_tag; std::string m_target; }; @@ -44,4 +49,5 @@ class RuleRemoveTargetByTag : public Action { } // namespace actions } // namespace modsecurity + #endif // SRC_ACTIONS_CTL_RULE_REMOVE_TARGET_BY_TAG_H_ diff --git a/src/actions/data/status.cc b/src/actions/data/status.cc index a31e5ffe..a6702e89 100644 --- a/src/actions/data/status.cc +++ b/src/actions/data/status.cc @@ -13,11 +13,10 @@ * */ + #include "src/actions/data/status.h" -#include #include -#include #include "modsecurity/transaction.h" @@ -26,11 +25,12 @@ namespace modsecurity { namespace actions { namespace data { + bool Status::init(std::string *error) { try { - m_status = std::stoi(m_parser_payload); + m_status = std::stoi(m_parserPayload); } catch (...) { - error->assign("Not a valid number: " + m_parser_payload); + error->assign("Not a valid number: " + m_parserPayload); return false; } @@ -38,7 +38,7 @@ bool Status::init(std::string *error) { } -bool Status::execute(RuleWithActions *rule, Transaction *transaction) { +bool Status::execute(Transaction *transaction) noexcept { transaction->m_it.status = m_status; return true; } diff --git a/src/actions/data/status.h b/src/actions/data/status.h index 87a30059..b96a3d4a 100644 --- a/src/actions/data/status.h +++ b/src/actions/data/status.h @@ -13,32 +13,36 @@ * */ + #include -#include #include "modsecurity/actions/action.h" -#include "modsecurity/rule_message.h" +#include "modsecurity/transaction.h" + +#include "src/actions/action_allowed_in_sec_default_action.h" + #ifndef SRC_ACTIONS_DATA_STATUS_H_ #define SRC_ACTIONS_DATA_STATUS_H_ -#ifdef __cplusplus -class Transaction; namespace modsecurity { -class Transaction; namespace actions { namespace data { -class Status : public Action { +class Status : public ActionAllowedAsSecDefaultAction { public: - explicit Status(const std::string &action) : Action(action, 2), - m_status(0) { } + explicit Status(const std::string &action) + : Action(action), + m_status(0) + { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; + + private: int m_status; }; @@ -46,6 +50,6 @@ class Status : public Action { } // namespace data } // namespace actions } // namespace modsecurity -#endif + #endif // SRC_ACTIONS_DATA_STATUS_H_ diff --git a/src/actions/disruptive/allow.cc b/src/actions/disruptive/allow.cc index ae22ddbf..9d1b0575 100644 --- a/src/actions/disruptive/allow.cc +++ b/src/actions/disruptive/allow.cc @@ -13,16 +13,19 @@ * */ + #include "src/actions/disruptive/allow.h" -#include #include -#include "modsecurity/rules_set.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" + #include "src/utils/string.h" -#include "modsecurity/modsecurity.h" namespace modsecurity { @@ -31,7 +34,7 @@ namespace disruptive { bool Allow::init(std::string *error) { - std::string a = utils::string::tolower(m_parser_payload); + std::string a = utils::string::tolower(m_parserPayload); if (a == "phase") { m_allowType = PhaseAllowType; @@ -49,7 +52,7 @@ bool Allow::init(std::string *error) { } -bool Allow::execute(RuleWithActions *rule, Transaction *transaction) { +bool Allow::execute(Transaction *transaction) noexcept { ms_dbg_a(transaction, 4, "Dropping the evaluation of upcoming rules " \ "in favor of an `allow' action of type: " \ + allowTypeToName(m_allowType)); diff --git a/src/actions/disruptive/allow.h b/src/actions/disruptive/allow.h index 49776066..2f94f961 100644 --- a/src/actions/disruptive/allow.h +++ b/src/actions/disruptive/allow.h @@ -13,20 +13,20 @@ * */ + #include #include "modsecurity/actions/action.h" +#include "modsecurity/transaction.h" + +#include "src/actions/disruptive/disruptive_action.h" + #ifndef SRC_ACTIONS_DISRUPTIVE_ALLOW_H_ #define SRC_ACTIONS_DISRUPTIVE_ALLOW_H_ -#ifdef __cplusplus -class Transaction; namespace modsecurity { -class Transaction; -class RuleWithOperator; - namespace actions { namespace disruptive { @@ -51,17 +51,18 @@ enum AllowType : int { }; -class Allow : public Action { +class Allow : public ActionDisruptive { public: - explicit Allow(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), - m_allowType(NoneAllowType) { } - + explicit Allow(const std::string &action) + : Action(action), + m_allowType(NoneAllowType) + { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; - bool isDisruptive() override { return true; } + bool execute(Transaction *transaction) noexcept override; + + private: AllowType m_allowType; static std::string allowTypeToName(AllowType a) { @@ -83,6 +84,6 @@ class Allow : public Action { } // namespace disruptive } // namespace actions } // namespace modsecurity -#endif + #endif // SRC_ACTIONS_DISRUPTIVE_ALLOW_H_ diff --git a/src/actions/disruptive/deny.cc b/src/actions/disruptive/deny.cc index 907e8874..89d2b871 100644 --- a/src/actions/disruptive/deny.cc +++ b/src/actions/disruptive/deny.cc @@ -13,22 +13,26 @@ * */ + #include "src/actions/disruptive/deny.h" -#include -#include #include -#include -#include #include "modsecurity/transaction.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" +#include "modsecurity/rule_message.h" + namespace modsecurity { namespace actions { namespace disruptive { -bool Deny::execute(RuleWithActions *rule, Transaction *transaction) { +bool Deny::execute(Transaction *transaction) noexcept { ms_dbg_a(transaction, 8, "Running action deny"); if (transaction->m_it.status == 200) { @@ -37,9 +41,10 @@ bool Deny::execute(RuleWithActions *rule, Transaction *transaction) { transaction->m_it.disruptive = true; intervention::freeLog(&transaction->m_it); - transaction->messageGetLast()->setRule(rule); transaction->m_it.log = strdup( - transaction->messageGetLast()->log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str()); + transaction->messageGetLast()->log( + RuleMessage::LogMessageInfo::ClientLogMessageInfo) + .c_str()); return true; } diff --git a/src/actions/disruptive/deny.h b/src/actions/disruptive/deny.h index 182b2162..703f3742 100644 --- a/src/actions/disruptive/deny.h +++ b/src/actions/disruptive/deny.h @@ -13,28 +13,31 @@ * */ -#include -#include -#include "modsecurity/rules_set.h" +#include + #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule_message.h" + +#include "src/actions/disruptive/disruptive_action.h" + #ifndef SRC_ACTIONS_DISRUPTIVE_DENY_H_ #define SRC_ACTIONS_DISRUPTIVE_DENY_H_ + namespace modsecurity { namespace actions { namespace disruptive { -class Deny : public Action { +class Deny : public ActionDisruptive { public: - explicit Deny(const std::string &action) : Action(action) { } + Deny() + : Action("deny") + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; - bool isDisruptive() override { return true; } + bool execute(Transaction *transaction) noexcept override; }; @@ -42,4 +45,5 @@ class Deny : public Action { } // namespace actions } // namespace modsecurity + #endif // SRC_ACTIONS_DISRUPTIVE_DENY_H_ diff --git a/src/actions/disruptive/disruptive_action.h b/src/actions/disruptive/disruptive_action.h new file mode 100644 index 00000000..5e139d5b --- /dev/null +++ b/src/actions/disruptive/disruptive_action.h @@ -0,0 +1,45 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 - 2020 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + + +#include + +#include "modsecurity/actions/action.h" +#include "src/actions/action_allowed_in_sec_default_action.h" + + +#ifndef SRC_ACTIONS_DISRUPTIVE_DISRUPTIVE_ACTION_H_ +#define SRC_ACTIONS_DISRUPTIVE_DISRUPTIVE_ACTION_H_ + + +namespace modsecurity { +namespace actions { +namespace disruptive { + + +class ActionDisruptive : public ActionAllowedAsSecDefaultAction { + public: + bool isDisruptive() override { + return true; + } +}; + + +} // namespace disruptive +} // namespace actions +} // namespace modsecurity + + +#endif // SRC_ACTIONS_DISRUPTIVE_DISRUPTIVE_ACTION_H_ diff --git a/src/actions/disruptive/drop.cc b/src/actions/disruptive/drop.cc index 848c05f9..3243e471 100644 --- a/src/actions/disruptive/drop.cc +++ b/src/actions/disruptive/drop.cc @@ -13,26 +13,26 @@ * */ + #include "src/actions/disruptive/drop.h" -#include -#include #include -#include -#include -#include "modsecurity/rules_set.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "src/utils/string.h" -#include "modsecurity/modsecurity.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" +#include "modsecurity/rule_message.h" + namespace modsecurity { namespace actions { namespace disruptive { -bool Drop::execute(RuleWithActions *rule, Transaction *transaction) { +bool Drop::execute(Transaction *transaction) noexcept { ms_dbg_a(transaction, 8, "Running action drop " \ "[executing deny instead of drop.]"); @@ -42,9 +42,11 @@ bool Drop::execute(RuleWithActions *rule, Transaction *transaction) { transaction->m_it.disruptive = true; intervention::freeLog(&transaction->m_it); - transaction->messageGetLast()->setRule(rule); + transaction->m_it.log = strdup( - transaction->messageGetLast()->log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str()); + transaction->messageGetLast()->log( + RuleMessage::LogMessageInfo::ClientLogMessageInfo) + .c_str()); return true; } diff --git a/src/actions/disruptive/drop.h b/src/actions/disruptive/drop.h index 2ff7d1f1..d9ac8be4 100644 --- a/src/actions/disruptive/drop.h +++ b/src/actions/disruptive/drop.h @@ -13,27 +13,31 @@ * */ + #include -#include #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule_message.h" + +#include "src/actions/disruptive/disruptive_action.h" + #ifndef SRC_ACTIONS_DISRUPTIVE_DROP_H_ #define SRC_ACTIONS_DISRUPTIVE_DROP_H_ + namespace modsecurity { namespace actions { namespace disruptive { -class Drop : public Action { +class Drop : public ActionDisruptive { public: - explicit Drop(const std::string &action) : Action(action) { } + Drop() + : Action("drop") + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; - bool isDisruptive() override { return true; } + bool execute(Transaction *transaction) noexcept override; }; diff --git a/src/actions/disruptive/pass.cc b/src/actions/disruptive/pass.cc index 232d3087..ee20ed14 100644 --- a/src/actions/disruptive/pass.cc +++ b/src/actions/disruptive/pass.cc @@ -13,23 +13,25 @@ * */ + #include "src/actions/disruptive/pass.h" -#include #include -#include -#include "modsecurity/rules_set.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "modsecurity/rule_message.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" + namespace modsecurity { namespace actions { namespace disruptive { -bool Pass::execute(RuleWithActions *rule, Transaction *transaction) { +bool Pass::execute(Transaction *transaction) noexcept { intervention::free(&transaction->m_it); intervention::reset(&transaction->m_it); diff --git a/src/actions/disruptive/pass.h b/src/actions/disruptive/pass.h index b729ee21..a09e3fa5 100644 --- a/src/actions/disruptive/pass.h +++ b/src/actions/disruptive/pass.h @@ -13,26 +13,31 @@ * */ + #include -#include #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" +#include "src/actions/disruptive/disruptive_action.h" + + #ifndef SRC_ACTIONS_DISRUPTIVE_PASS_H_ #define SRC_ACTIONS_DISRUPTIVE_PASS_H_ + namespace modsecurity { namespace actions { namespace disruptive { -class Pass : public Action { +class Pass : public ActionDisruptive { public: - explicit Pass(const std::string &action) : Action(action) { } + Pass() + : Action("pass") + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; - bool isDisruptive() override { return true; } + bool execute(Transaction *transaction) noexcept override; }; diff --git a/src/actions/disruptive/redirect.cc b/src/actions/disruptive/redirect.cc index 92436938..13a64643 100644 --- a/src/actions/disruptive/redirect.cc +++ b/src/actions/disruptive/redirect.cc @@ -13,32 +13,31 @@ * */ + #include "src/actions/disruptive/redirect.h" -#include -#include #include -#include #include "modsecurity/transaction.h" -#include "src/utils/string.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" +#include "modsecurity/rule_message.h" + namespace modsecurity { namespace actions { namespace disruptive { -bool Redirect::init(std::string *error) { - m_status = 302; - return true; -} - - -bool Redirect::execute(RuleWithActions *rule, Transaction *transaction) { +bool Redirect::execute(Transaction *transaction) noexcept { std::string m_urlExpanded(getEvaluatedRunTimeString(transaction)); /* if it was changed before, lets keep it. */ if (transaction->m_it.status == 200 - || (!(transaction->m_it.status <= 307 && transaction->m_it.status >= 301))) { + || (!(transaction->m_it.status <= 307 + && transaction->m_it.status >= 301))) { transaction->m_it.status = m_status; } @@ -46,9 +45,11 @@ bool Redirect::execute(RuleWithActions *rule, Transaction *transaction) { transaction->m_it.url = strdup(m_urlExpanded.c_str()); transaction->m_it.disruptive = true; intervention::freeLog(&transaction->m_it); - transaction->messageGetLast()->setRule(rule); + transaction->m_it.log = strdup( - transaction->messageGetLast()->log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str()); + transaction->messageGetLast()->log( + RuleMessage::LogMessageInfo::ClientLogMessageInfo) + .c_str()); return true; } diff --git a/src/actions/disruptive/redirect.h b/src/actions/disruptive/redirect.h index e0cceda8..6f00af7f 100644 --- a/src/actions/disruptive/redirect.h +++ b/src/actions/disruptive/redirect.h @@ -13,49 +13,49 @@ * */ + #include #include #include #include "modsecurity/actions/action.h" -#include "modsecurity/rule_message.h" +#include "modsecurity/transaction.h" + #include "src/actions/action_with_run_time_string.h" +#include "src/actions/disruptive/disruptive_action.h" +#include "src/run_time_string.h" + #ifndef SRC_ACTIONS_DISRUPTIVE_REDIRECT_H_ #define SRC_ACTIONS_DISRUPTIVE_REDIRECT_H_ -#ifdef __cplusplus -class Transaction; namespace modsecurity { -class Transaction; - namespace actions { namespace disruptive { -class Redirect : public ActionWithRunTimeString { +class Redirect : public ActionWithRunTimeString, public ActionDisruptive { public: explicit Redirect(std::unique_ptr runTimeString) - : ActionWithRunTimeString( - "redirert", - RunTimeOnlyIfMatchKind, - std::move(runTimeString)), - m_status(0) - { }; + : ActionWithRunTimeString(std::move(runTimeString)), + Action("redirect"), + m_status(302) + { } + explicit Redirect(const Redirect &action) : ActionWithRunTimeString(action), + ActionDisruptive(action), + Action(action), m_status(action.m_status) - { }; + { } - bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; - bool isDisruptive() override { return true; } - virtual ActionWithRunTimeString *clone() override { + ActionWithRunTimeString *clone() override { return new Redirect(*this); } @@ -67,6 +67,6 @@ class Redirect : public ActionWithRunTimeString { } // namespace disruptive } // namespace actions } // namespace modsecurity -#endif + #endif // SRC_ACTIONS_DISRUPTIVE_REDIRECT_H_ diff --git a/src/actions/exec.cc b/src/actions/exec.cc index 24b7f63d..3d8b6601 100644 --- a/src/actions/exec.cc +++ b/src/actions/exec.cc @@ -13,15 +13,18 @@ * */ + #include "src/actions/exec.h" -#include #include -#include "modsecurity/rules_set.h" -#include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" + #include "src/utils/system.h" #include "src/engine/lua.h" @@ -33,7 +36,7 @@ namespace actions { bool Exec::init(std::string *error) { std::string err; - m_script = utils::find_resource(m_parser_payload, "", &err); + m_script = utils::find_resource(m_parserPayload, "", &err); if (m_script.size() == 0) { error->assign("exec: Script not found: " + err); @@ -49,7 +52,7 @@ bool Exec::init(std::string *error) { } -bool Exec::execute(RuleWithActions *rule, Transaction *t) { +bool Exec::execute(Transaction *t) noexcept { ms_dbg_a(t, 8, "Running script... " + m_script); m_lua.run(t); return true; diff --git a/src/actions/exec.h b/src/actions/exec.h index cbe3f7b3..7fca049f 100644 --- a/src/actions/exec.h +++ b/src/actions/exec.h @@ -13,6 +13,7 @@ * */ + #include #include "modsecurity/actions/action.h" @@ -21,22 +22,21 @@ #ifndef SRC_ACTIONS_EXEC_H_ #define SRC_ACTIONS_EXEC_H_ -class Transaction; namespace modsecurity { -class Transaction; namespace actions { class Exec : public Action { public: - explicit Exec(const std::string &action) + explicit Exec(const std::string &action) : Action(action), - m_script("") { } + m_script("") + { } ~Exec() { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; bool init(std::string *error) override; private: diff --git a/src/actions/init_col.cc b/src/actions/init_col.cc index f3d6e536..2de14054 100644 --- a/src/actions/init_col.cc +++ b/src/actions/init_col.cc @@ -13,14 +13,17 @@ * */ + #include "src/actions/init_col.h" -#include #include -#include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" namespace modsecurity { @@ -28,9 +31,9 @@ namespace actions { bool InitCol::init(std::string *error) { - int posEquals = m_parser_payload.find("="); + int posEquals = m_parserPayload.find("="); - if (m_parser_payload.size() < 2) { + if (m_parserPayload.size() < 2) { error->assign("Something wrong with initcol format: too small"); return false; } @@ -40,7 +43,7 @@ bool InitCol::init(std::string *error) { return false; } - m_collection_key = std::string(m_parser_payload, 0, posEquals); + m_collection_key = std::string(m_parserPayload, 0, posEquals); if (m_collection_key != "ip" && m_collection_key != "global" && @@ -54,7 +57,7 @@ bool InitCol::init(std::string *error) { } -bool InitCol::execute(RuleWithActions *rule, Transaction *t) { +bool InitCol::execute(Transaction *t) noexcept { std::string collectionName(getEvaluatedRunTimeString(t)); if (m_collection_key == "ip") { diff --git a/src/actions/init_col.h b/src/actions/init_col.h index dacdd3af..3554a17d 100644 --- a/src/actions/init_col.h +++ b/src/actions/init_col.h @@ -13,6 +13,7 @@ * */ + #include #include #include @@ -33,23 +34,22 @@ class InitCol : public ActionWithRunTimeString { public: InitCol( const std::string &action, - std::unique_ptr runTimeString - ) : ActionWithRunTimeString( - action, - std::move(runTimeString) - ) - { }; + std::unique_ptr runTimeString) + : ActionWithRunTimeString(std::move(runTimeString)), + Action(action) + { } InitCol(const InitCol &action) : ActionWithRunTimeString(action), + Action(action), m_collection_key(action.m_collection_key) - { }; + { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; - virtual ActionWithRunTimeString *clone() override { + ActionWithRunTimeString *clone() override { return new InitCol(*this); } diff --git a/src/actions/log.cc b/src/actions/log.cc index 8619a8e7..3d0b5ae7 100644 --- a/src/actions/log.cc +++ b/src/actions/log.cc @@ -13,25 +13,13 @@ * */ + #include "src/actions/log.h" -#include -#include -#include - -#include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" -#include "src/operators/operator.h" -#include "modsecurity/rule_message.h" namespace modsecurity { namespace actions { -bool Log::execute(RuleWithActions *rule, Transaction *transaction) { - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/log.h b/src/actions/log.h index 7c90e761..caa968da 100644 --- a/src/actions/log.h +++ b/src/actions/log.h @@ -13,29 +13,36 @@ * */ -#include -#include #include "modsecurity/actions/action.h" +#include "src/actions/action_allowed_in_sec_default_action.h" +#include "src/actions/action_type_rule_metadata.h" +#include "src/rule_with_actions.h" + + #ifndef SRC_ACTIONS_LOG_H_ #define SRC_ACTIONS_LOG_H_ -class Transaction; namespace modsecurity { -class Transaction; namespace actions { -class Log : public Action { +class Log : public ActionTypeRuleMetaData, + public ActionAllowedAsSecDefaultAction { public: - explicit Log(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + Log() + : Action("log") + { } + + void configure(RuleWithActions *rule) override { + rule->setHasLogAction(true); + } - bool execute(RuleWithActions *rule, Transaction *transaction) override; }; + } // namespace actions } // namespace modsecurity diff --git a/src/actions/log_data.cc b/src/actions/log_data.cc index 20ea7e32..f9a73b7d 100644 --- a/src/actions/log_data.cc +++ b/src/actions/log_data.cc @@ -13,25 +13,21 @@ * */ + #include "src/actions/log_data.h" -#include #include -#include -#include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" #include "modsecurity/rule_message.h" namespace modsecurity { namespace actions { - -bool LogData::execute(RuleWithActions *rule, Transaction *transaction) { - transaction->messageGetLast()->m_data = getEvaluatedRunTimeString(transaction); - +bool LogData::execute(Transaction *transaction) noexcept { + transaction->messageGetLast()->m_data = + getEvaluatedRunTimeString(transaction); return true; } diff --git a/src/actions/log_data.h b/src/actions/log_data.h index f55c4f82..a4f8fabf 100644 --- a/src/actions/log_data.h +++ b/src/actions/log_data.h @@ -13,42 +13,39 @@ * */ -#include -#include -#include #include "modsecurity/actions/action.h" + #include "src/actions/action_with_run_time_string.h" +#include "src/run_time_string.h" + #ifndef SRC_ACTIONS_LOG_DATA_H_ #define SRC_ACTIONS_LOG_DATA_H_ -class Transaction; namespace modsecurity { -class Transaction; namespace actions { class LogData : public ActionWithRunTimeString { public: explicit LogData(std::unique_ptr runTimeString) - : ActionWithRunTimeString( - "logdata", - RunTimeOnlyIfMatchKind, - std::move(runTimeString) - ) - { }; + : ActionWithRunTimeString(std::move(runTimeString)), + Action("logdata") + { } explicit LogData(const LogData &data) - : ActionWithRunTimeString(data) - { }; + : ActionWithRunTimeString(data), + Action(data) + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; - virtual ActionWithRunTimeString *clone() override { + ActionWithRunTimeString *clone() override { return new LogData(*this); } + }; diff --git a/src/actions/maturity.cc b/src/actions/maturity.cc index b419d385..ee12200f 100644 --- a/src/actions/maturity.cc +++ b/src/actions/maturity.cc @@ -13,16 +13,11 @@ * */ + #include "src/actions/maturity.h" -#include #include -#include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "src/rule_with_actions.h" - namespace modsecurity { namespace actions { @@ -30,9 +25,9 @@ namespace actions { bool Maturity::init(std::string *error) { try { - m_maturity = std::stoi(m_parser_payload); + m_maturity = std::stoi(m_parserPayload); } catch (...) { - error->assign("Maturity: The input \"" + m_parser_payload + "\" is " \ + error->assign("Maturity: The input \"" + m_parserPayload + "\" is " \ "not a number."); return false; } @@ -40,10 +35,5 @@ bool Maturity::init(std::string *error) { } -bool Maturity::execute(RuleWithActions *rule, Transaction *transaction) { - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/maturity.h b/src/actions/maturity.h index e66f14d5..729476eb 100644 --- a/src/actions/maturity.h +++ b/src/actions/maturity.h @@ -13,9 +13,11 @@ * */ + #include -#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" + #ifndef SRC_ACTIONS_MATURITY_H_ #define SRC_ACTIONS_MATURITY_H_ @@ -27,15 +29,17 @@ class Transaction; namespace actions { -class Maturity : public Action { +class Maturity : public ActionTypeRuleMetaData { public: - explicit Maturity(const std::string &action) - : Action(action, ConfigurationKind), + explicit Maturity(const std::string &action) + : Action(action), m_maturity(0) { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; - int getMaturity() const { return m_maturity; } + + void configure(RuleWithActions *rule) override { + rule->setMaturity(m_maturity); + } private: int m_maturity; diff --git a/src/actions/msg.cc b/src/actions/msg.cc index 34d832dc..e882fab3 100644 --- a/src/actions/msg.cc +++ b/src/actions/msg.cc @@ -13,16 +13,19 @@ * */ + #include "src/actions/msg.h" -#include #include -#include -#include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "modsecurity/rule_message.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" + +#include "src/run_time_string.h" /* * Description: Assigns a custom message to the rule or chain in which it @@ -46,7 +49,7 @@ namespace modsecurity { namespace actions { -bool Msg::execute(RuleWithActions *rule, Transaction *transaction) { +bool Msg::execute(Transaction *transaction) noexcept { std::string msg = getEvaluatedRunTimeString(transaction); transaction->messageGetLast()->m_message = msg; ms_dbg_a(transaction, 9, "Saving msg: " + msg); diff --git a/src/actions/msg.h b/src/actions/msg.h index c9b6b12b..eea2ce67 100644 --- a/src/actions/msg.h +++ b/src/actions/msg.h @@ -13,6 +13,7 @@ * */ + #include #include #include @@ -34,20 +35,18 @@ namespace actions { class Msg : public ActionWithRunTimeString { public: explicit Msg(std::unique_ptr runTimeString) - : ActionWithRunTimeString( - "msg", - RunTimeOnlyIfMatchKind, - std::move(runTimeString) - ) + : ActionWithRunTimeString(std::move(runTimeString)), + Action("msg") { }; explicit Msg(const Msg &action) - : ActionWithRunTimeString(action) + : ActionWithRunTimeString(action), + Action(action) { }; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; - virtual ActionWithRunTimeString *clone() override { + ActionWithRunTimeString *clone() override { return new Msg(*this); } }; diff --git a/src/actions/multi_match.cc b/src/actions/multi_match.cc index 0956b7dc..cf39e150 100644 --- a/src/actions/multi_match.cc +++ b/src/actions/multi_match.cc @@ -13,22 +13,13 @@ * */ + #include "src/actions/multi_match.h" -#include -#include - -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" namespace modsecurity { namespace actions { -bool MultiMatch::execute(RuleWithActions *rule, Transaction *transaction) { - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/multi_match.h b/src/actions/multi_match.h index 1c62523a..f8a72694 100644 --- a/src/actions/multi_match.h +++ b/src/actions/multi_match.h @@ -13,33 +13,34 @@ * */ + #include -#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" + #ifndef SRC_ACTIONS_MULTI_MATCH_H_ #define SRC_ACTIONS_MULTI_MATCH_H_ -#ifdef __cplusplus -class Transaction; - namespace modsecurity { -class Transaction; -class RuleWithOperator; - namespace actions { -class MultiMatch : public Action { +class MultiMatch : public ActionTypeRuleMetaData { public: - explicit MultiMatch(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + MultiMatch() + : Action("multiMatch") + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + + void configure(RuleWithActions *rule) override { + rule->setHasMultimatchAction(true); + } }; + } // namespace actions } // namespace modsecurity -#endif + #endif // SRC_ACTIONS_MULTI_MATCH_H_ diff --git a/src/actions/no_audit_log.cc b/src/actions/no_audit_log.cc index fd857177..71a1d244 100644 --- a/src/actions/no_audit_log.cc +++ b/src/actions/no_audit_log.cc @@ -13,20 +13,17 @@ * */ + #include "src/actions/no_audit_log.h" -#include -#include - #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "modsecurity/rule_message.h" + namespace modsecurity { namespace actions { -bool NoAuditLog::execute(RuleWithActions *rule, Transaction *transaction) { +bool NoAuditLog::execute(Transaction *transaction) noexcept { transaction->messageSetNoAuditLog(true); return true; } diff --git a/src/actions/no_audit_log.h b/src/actions/no_audit_log.h index 1adcdd1b..cd1818d4 100644 --- a/src/actions/no_audit_log.h +++ b/src/actions/no_audit_log.h @@ -13,33 +13,32 @@ * */ -#include -#include #include "modsecurity/actions/action.h" +#include "modsecurity/transaction.h" +#include "src/actions/action_allowed_in_sec_default_action.h" + #ifndef SRC_ACTIONS_NO_AUDIT_LOG_H_ #define SRC_ACTIONS_NO_AUDIT_LOG_H_ -#ifdef __cplusplus -class Transaction; namespace modsecurity { -class Transaction; - namespace actions { -class NoAuditLog : public Action { +class NoAuditLog : public ActionAllowedAsSecDefaultAction { public: - explicit NoAuditLog(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + NoAuditLog() + : Action("noAuditLog") + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; }; + } // namespace actions } // namespace modsecurity -#endif + #endif // SRC_ACTIONS_NO_AUDIT_LOG_H_ diff --git a/src/actions/no_log.cc b/src/actions/no_log.cc index 910ac761..5375201e 100644 --- a/src/actions/no_log.cc +++ b/src/actions/no_log.cc @@ -13,26 +13,13 @@ * */ + #include "src/actions/no_log.h" -#include -#include -#include - -#include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" -#include "src/operators/operator.h" -#include "modsecurity/rule_message.h" - namespace modsecurity { namespace actions { -bool NoLog::execute(RuleWithActions *rule, Transaction *transaction) { - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/no_log.h b/src/actions/no_log.h index df07060b..126458d9 100644 --- a/src/actions/no_log.h +++ b/src/actions/no_log.h @@ -13,29 +13,34 @@ * */ -#include -#include #include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" +#include "src/actions/action_allowed_in_sec_default_action.h" + + #ifndef SRC_ACTIONS_NO_LOG_H_ #define SRC_ACTIONS_NO_LOG_H_ -class Transaction; namespace modsecurity { -class Transaction; namespace actions { -class NoLog : public Action { +class NoLog : public ActionTypeRuleMetaData, + public ActionAllowedAsSecDefaultAction { public: - explicit NoLog(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + NoLog() + : Action("noLog") + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + void configure(RuleWithActions *rule) override { + rule->setHasNoLogAction(true); + } }; + } // namespace actions } // namespace modsecurity diff --git a/src/actions/phase.cc b/src/actions/phase.cc index b6382a43..fe772bf3 100644 --- a/src/actions/phase.cc +++ b/src/actions/phase.cc @@ -15,25 +15,22 @@ #include "src/actions/phase.h" -#include #include #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "modsecurity/modsecurity.h" + #include "src/utils/string.h" -#include "src/rule_with_actions.h" namespace modsecurity { namespace actions { bool Phase::init(std::string *error) { - std::string a = utils::string::tolower(m_parser_payload); + std::string a = utils::string::tolower(m_parserPayload); m_phase = -1; try { - m_phase = std::stoi(m_parser_payload); + m_phase = std::stoi(m_parserPayload); if (m_phase == 0) { m_phase = modsecurity::Phases::ConnectionPhase; m_secRulesPhase = 0; @@ -53,7 +50,7 @@ bool Phase::init(std::string *error) { m_phase = modsecurity::Phases::LoggingPhase; m_secRulesPhase = 5; } else { - error->assign("Unknown phase: " + m_parser_payload); + error->assign("Unknown phase: " + m_parserPayload); return false; } } catch (...) { @@ -73,10 +70,5 @@ bool Phase::init(std::string *error) { } -bool Phase::execute(RuleWithActions *rule, Transaction *transaction) { - rule->setPhase(m_phase); - return true; -} - } // namespace actions } // namespace modsecurity diff --git a/src/actions/phase.h b/src/actions/phase.h index 82942b76..be1f0079 100644 --- a/src/actions/phase.h +++ b/src/actions/phase.h @@ -13,38 +13,48 @@ * */ + #include -#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" + #ifndef SRC_ACTIONS_PHASE_H_ #define SRC_ACTIONS_PHASE_H_ -#ifdef __cplusplus -class Transaction; namespace modsecurity { -class Transaction; -class RuleWithOperator; - namespace actions { -class Phase : public Action { +class Phase : public ActionTypeRuleMetaData { public: - explicit Phase(const std::string &action) : Action(action, ConfigurationKind), + explicit Phase(const std::string &action) + : Action(action), m_phase(0), m_secRulesPhase(0) { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + void configure(RuleWithActions *rule) override { + rule->setPhase(m_phase); + } + + int getSecRulePhase() const { + return m_secRulesPhase; + } + + int getPhase() const { + return m_phase; + } + + private: int m_phase; int m_secRulesPhase; }; + } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_PHASE_H_ diff --git a/src/actions/rev.cc b/src/actions/rev.cc index 4e2d94e0..49e1c1b5 100644 --- a/src/actions/rev.cc +++ b/src/actions/rev.cc @@ -13,28 +13,18 @@ * */ + #include "src/actions/rev.h" -#include #include -#include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "src/rule_with_actions.h" - namespace modsecurity { namespace actions { bool Rev::init(std::string *error) { - m_rev = m_parser_payload; - return true; -} - - -bool Rev::execute(RuleWithActions *rule, Transaction *transaction) { + m_revision = m_parserPayload; return true; } diff --git a/src/actions/rev.h b/src/actions/rev.h index ed8dbfdf..b577bd21 100644 --- a/src/actions/rev.h +++ b/src/actions/rev.h @@ -13,30 +13,35 @@ * */ + #include -#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" + #ifndef SRC_ACTIONS_REV_H_ #define SRC_ACTIONS_REV_H_ -class Transaction; namespace modsecurity { -class Transaction; namespace actions { -class Rev : public Action { +class Rev : public ActionTypeRuleMetaData { public: - explicit Rev(const std::string &action) : Action(action, ConfigurationKind) { } + explicit Rev(const std::string &action) + : Action(action), + m_revision("") + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; - std::string getRevision() const { return m_rev; } + + void configure(RuleWithActions *rule) override { + rule->setRevision(m_revision); + } private: - std::string m_rev; + std::string m_revision; }; diff --git a/src/actions/rule_id.cc b/src/actions/rule_id.cc index 7457e091..7cce70e4 100644 --- a/src/actions/rule_id.cc +++ b/src/actions/rule_id.cc @@ -13,22 +13,18 @@ * */ + #include "src/actions/rule_id.h" -#include #include -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "src/rule_with_actions.h" - namespace modsecurity { namespace actions { bool RuleId::init(std::string *error) { - std::string a = m_parser_payload; + std::string a = m_parserPayload; try { m_ruleId = std::stod(a); @@ -50,11 +46,5 @@ bool RuleId::init(std::string *error) { } -bool RuleId::execute(RuleWithActions *rule, Transaction *transaction) { - rule->setId(m_ruleId); - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/rule_id.h b/src/actions/rule_id.h index 74846f2d..8813c7c5 100644 --- a/src/actions/rule_id.h +++ b/src/actions/rule_id.h @@ -13,38 +13,40 @@ * */ + #include -#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" + #ifndef SRC_ACTIONS_RULE_ID_H_ #define SRC_ACTIONS_RULE_ID_H_ -#ifdef __cplusplus -class Transaction; namespace modsecurity { -class Transaction; -class RuleWithOperator; - namespace actions { -class RuleId : public Action { +class RuleId : public ActionTypeRuleMetaData { public: - explicit RuleId(const std::string &action) - : Action(action, ConfigurationKind), - m_ruleId(0) { } + explicit RuleId(const std::string &action) + : Action(action), + m_ruleId(0) + { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + + void configure(RuleWithActions *rule) override { + rule->setId(m_ruleId); + } private: double m_ruleId; }; + } // namespace actions } // namespace modsecurity -#endif + #endif // SRC_ACTIONS_RULE_ID_H_ diff --git a/src/actions/set_env.cc b/src/actions/set_env.cc index a96b6ec7..38131973 100644 --- a/src/actions/set_env.cc +++ b/src/actions/set_env.cc @@ -13,22 +13,26 @@ * */ + #include "src/actions/set_env.h" -#include #include #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "src/utils/string.h" -#include "src/rule_with_actions.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" + +#include "src/run_time_string.h" namespace modsecurity { namespace actions { -bool SetENV::execute(RuleWithActions *rule, Transaction *t) { +bool SetENV::execute(Transaction *t) noexcept { std::string colNameExpanded(getEvaluatedRunTimeString(t)); ms_dbg_a(t, 8, "Setting envoriment variable: " diff --git a/src/actions/set_env.h b/src/actions/set_env.h index 0fa1399e..d150b6aa 100644 --- a/src/actions/set_env.h +++ b/src/actions/set_env.h @@ -13,6 +13,7 @@ * */ + #include #include #include @@ -33,20 +34,18 @@ namespace actions { class SetENV : public ActionWithRunTimeString { public: explicit SetENV(std::unique_ptr runTimeString) - : ActionWithRunTimeString( - "setenv", - RunTimeOnlyIfMatchKind, - std::move(runTimeString) - ) + : ActionWithRunTimeString(std::move(runTimeString)), + Action("setenv") { }; explicit SetENV(const SetENV &action) - : ActionWithRunTimeString(action) + : ActionWithRunTimeString(action), + Action(action) { }; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; - virtual ActionWithRunTimeString *clone() override { + ActionWithRunTimeString *clone() override { return new SetENV(*this); } }; diff --git a/src/actions/set_rsc.cc b/src/actions/set_rsc.cc index e34e2c72..dc3ddbea 100644 --- a/src/actions/set_rsc.cc +++ b/src/actions/set_rsc.cc @@ -13,20 +13,24 @@ * */ + #include "src/actions/set_rsc.h" -#include #include #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" namespace modsecurity { namespace actions { -bool SetRSC::execute(RuleWithActions *rule, Transaction *t) { +bool SetRSC::execute(Transaction *t) noexcept { std::string colNameExpanded(getEvaluatedRunTimeString(t)); ms_dbg_a(t, 8, "RESOURCE initiated with value: \'" + colNameExpanded + "\'."); diff --git a/src/actions/set_rsc.h b/src/actions/set_rsc.h index 66a5f535..f83bd479 100644 --- a/src/actions/set_rsc.h +++ b/src/actions/set_rsc.h @@ -13,6 +13,7 @@ * */ + #include #include #include @@ -33,20 +34,18 @@ namespace actions { class SetRSC : public ActionWithRunTimeString { public: explicit SetRSC(std::unique_ptr runTimeString) - : ActionWithRunTimeString( - "setsrc", - RunTimeOnlyIfMatchKind, - std::move(runTimeString) - ) + : ActionWithRunTimeString(std::move(runTimeString)), + Action("setsrc") { }; explicit SetRSC(const SetRSC &action) - : ActionWithRunTimeString(action) + : ActionWithRunTimeString(action), + Action(action) { }; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; - virtual ActionWithRunTimeString *clone() override { + ActionWithRunTimeString *clone() override { return new SetRSC(*this); } }; diff --git a/src/actions/set_sid.cc b/src/actions/set_sid.cc index 9359ebcd..5983745e 100644 --- a/src/actions/set_sid.cc +++ b/src/actions/set_sid.cc @@ -13,20 +13,24 @@ * */ + #include "src/actions/set_sid.h" -#include #include #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" namespace modsecurity { namespace actions { -bool SetSID::execute(RuleWithActions *rule, Transaction *t) { +bool SetSID::execute(Transaction *t) noexcept { std::string colNameExpanded(getEvaluatedRunTimeString(t)); ms_dbg_a(t, 8, "Session ID initiated with value: \'" + colNameExpanded + "\'."); diff --git a/src/actions/set_sid.h b/src/actions/set_sid.h index 71305e90..d7b8c1a4 100644 --- a/src/actions/set_sid.h +++ b/src/actions/set_sid.h @@ -13,6 +13,7 @@ * */ + #include #include #include @@ -33,20 +34,18 @@ namespace actions { class SetSID : public ActionWithRunTimeString { public: explicit SetSID(std::unique_ptr runTimeString) - : ActionWithRunTimeString( - "setsid", - RunTimeOnlyIfMatchKind, - std::move(runTimeString) - ) + : ActionWithRunTimeString(std::move(runTimeString)), + Action("setsid") { }; SetSID(const SetSID &action) - : ActionWithRunTimeString(action) + : ActionWithRunTimeString(action), + Action(action) { }; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; - virtual ActionWithRunTimeString *clone() override { + ActionWithRunTimeString *clone() override { return new SetSID(*this); } }; diff --git a/src/actions/set_uid.cc b/src/actions/set_uid.cc index 1c60ab49..958d634b 100644 --- a/src/actions/set_uid.cc +++ b/src/actions/set_uid.cc @@ -13,20 +13,24 @@ * */ + #include "src/actions/set_uid.h" -#include #include #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" namespace modsecurity { namespace actions { -bool SetUID::execute(RuleWithActions *rule, Transaction *t) { +bool SetUID::execute(Transaction *t) noexcept { std::string colNameExpanded(getEvaluatedRunTimeString(t)); ms_dbg_a(t, 8, "User collection initiated with value: \'" + colNameExpanded + "\'."); diff --git a/src/actions/set_uid.h b/src/actions/set_uid.h index 0191e5ff..5eaa2a0c 100644 --- a/src/actions/set_uid.h +++ b/src/actions/set_uid.h @@ -13,6 +13,7 @@ * */ + #include #include #include @@ -33,23 +34,20 @@ namespace actions { class SetUID : public ActionWithRunTimeString { public: explicit SetUID(std::unique_ptr runTimeString) - : ActionWithRunTimeString( - "setuid", - RunTimeOnlyIfMatchKind, - std::move(runTimeString) - ) + : ActionWithRunTimeString(std::move(runTimeString)), + Action("setuid") { }; explicit SetUID(const SetUID &action) - : ActionWithRunTimeString(action) + : ActionWithRunTimeString(action), + Action(action) { }; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; - virtual ActionWithRunTimeString *clone() override { + ActionWithRunTimeString *clone() override { return new SetUID(*this); } - }; diff --git a/src/actions/set_var.cc b/src/actions/set_var.cc index 1fc6c084..2b07940c 100644 --- a/src/actions/set_var.cc +++ b/src/actions/set_var.cc @@ -13,24 +13,24 @@ * */ + #include "src/actions/set_var.h" -#include #include -#include -#include "modsecurity/rules_set.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "src/utils/string.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" + #include "src/variables/global.h" #include "src/variables/ip.h" #include "src/variables/resource.h" #include "src/variables/session.h" #include "src/variables/tx.h" #include "src/variables/user.h" -#include "src/variables/variable.h" -#include "src/rule_with_operator.h" namespace modsecurity { @@ -42,7 +42,7 @@ bool SetVar::init(std::string *error) { } -bool SetVar::execute(RuleWithActions *rule, Transaction *t) { +bool SetVar::execute(Transaction *t) noexcept { std::string targetValue; std::string resolvedPre; diff --git a/src/actions/set_var.h b/src/actions/set_var.h index 40f2b2b6..e200447c 100644 --- a/src/actions/set_var.h +++ b/src/actions/set_var.h @@ -13,23 +13,26 @@ * */ + #include #include #include #include "modsecurity/actions/action.h" +#include "modsecurity/transaction.h" #include "src/actions/action_with_run_time_string.h" #include "src/variables/variable_with_runtime_string.h" +#include "src/rule_with_operator.h" + #ifndef SRC_ACTIONS_SET_VAR_H_ #define SRC_ACTIONS_SET_VAR_H_ -namespace modsecurity { -class Transaction; -class RuleWithOperator; +namespace modsecurity { namespace actions { + enum SetVarOperation { /* Set variable to something */ setOperation, @@ -43,57 +46,66 @@ enum SetVarOperation { unsetOperation, }; + class SetVar : public ActionWithRunTimeString { public: SetVar(SetVarOperation operation, std::unique_ptr variable, std::unique_ptr predicate) - : ActionWithRunTimeString("setvar", std::move(predicate)), + : ActionWithRunTimeString(std::move(predicate)), m_operation(operation), - m_variable(std::move(variable)) - { }; + m_variable(std::move(variable)), + Action("setvar") + { } SetVar(SetVarOperation operation, std::unique_ptr variable) - : ActionWithRunTimeString("setvar"), + : ActionWithRunTimeString(), + Action("setvar"), m_operation(operation), m_variable(std::move(variable)) - { }; + { } SetVar(const SetVar &var) : ActionWithRunTimeString(var), + Action(var), m_operation(var.m_operation), - m_variable(var.m_variable) - { - variables::RuleVariable *rv = dynamic_cast(m_variable.get()); + m_variable(var.m_variable) { + variables::RuleVariable *rv = dynamic_cast( + m_variable.get()); if (rv != nullptr) { auto nrv = rv->clone(); rv = dynamic_cast(nrv); rv->populate(nullptr); m_variable = std::unique_ptr(nrv); } - }; + } - - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; bool init(std::string *error) override; void populate(RuleWithActions *rule) override { ActionWithRunTimeString::populate(rule); - variables::RuleVariable *rulev = dynamic_cast(m_variable.get()); + variables::RuleVariable *rulev = + dynamic_cast( + m_variable.get()); + if (rulev != nullptr) { rulev->populate(rule); } - variables::VariableWithRunTimeString *rulev2 = dynamic_cast(m_variable.get()); + variables::VariableWithRunTimeString *rulev2 = + dynamic_cast( + m_variable.get()); + if (rulev2 != nullptr) { rulev2->populate(rule); } } - virtual ActionWithRunTimeString *clone() override { + ActionWithRunTimeString *clone() override { return new SetVar(*this); } @@ -102,6 +114,7 @@ class SetVar : public ActionWithRunTimeString { std::shared_ptr m_variable; }; + } // namespace actions } // namespace modsecurity diff --git a/src/actions/severity.cc b/src/actions/severity.cc index cc0cd809..99f574be 100644 --- a/src/actions/severity.cc +++ b/src/actions/severity.cc @@ -13,18 +13,18 @@ * */ + #include "src/actions/severity.h" -#include #include -#include +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ #include "modsecurity/rules_set.h" -#include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" + #include "src/utils/string.h" -#include "modsecurity/rule_message.h" namespace modsecurity { @@ -32,7 +32,7 @@ namespace actions { bool Severity::init(std::string *error) { - std::string a = utils::string::tolower(m_parser_payload); + std::string a = utils::string::tolower(m_parserPayload); if (a == "emergency") { m_severity = 0; return true; @@ -71,10 +71,5 @@ bool Severity::init(std::string *error) { } -bool Severity::execute(RuleWithActions *rule, Transaction *transaction) { - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/severity.h b/src/actions/severity.h index ed373859..d40d102f 100644 --- a/src/actions/severity.h +++ b/src/actions/severity.h @@ -13,37 +13,41 @@ * */ + #include #include -#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" + #ifndef SRC_ACTIONS_SEVERITY_H_ #define SRC_ACTIONS_SEVERITY_H_ -#ifdef __cplusplus namespace modsecurity { -class Transaction; - namespace actions { -class Severity : public Action { +class Severity : public ActionTypeRuleMetaData { public: - explicit Severity(const std::string &action) + explicit Severity(const std::string &action) : Action(action), - m_severity(0) { } + m_severity(0) + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; + void configure(RuleWithActions *rule) override { + rule->setSeverity(m_severity); + } + + private: int m_severity; }; } // namespace actions } // namespace modsecurity -#endif + #endif // SRC_ACTIONS_SEVERITY_H_ diff --git a/src/actions/skip.cc b/src/actions/skip.cc index 8611dee3..07e69693 100644 --- a/src/actions/skip.cc +++ b/src/actions/skip.cc @@ -13,14 +13,18 @@ * */ + #include "src/actions/skip.h" -#include #include -#include "modsecurity/rules_set.h" -#include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" + namespace modsecurity { namespace actions { @@ -28,9 +32,9 @@ namespace actions { bool Skip::init(std::string *error) { try { - m_skip_next = std::stoi(m_parser_payload); + m_skip_next = std::stoi(m_parserPayload); } catch (...) { - error->assign("Skip: The input \"" + m_parser_payload + "\" is " \ + error->assign("Skip: The input \"" + m_parserPayload + "\" is " \ "not a number."); return false; } @@ -38,7 +42,7 @@ bool Skip::init(std::string *error) { } -bool Skip::execute(RuleWithActions *rule, Transaction *transaction) { +bool Skip::execute(Transaction *transaction) noexcept { ms_dbg_a(transaction, 5, "Skipping the next " + \ std::to_string(m_skip_next) + " rules."); diff --git a/src/actions/skip.h b/src/actions/skip.h index 78bff450..35898e2b 100644 --- a/src/actions/skip.h +++ b/src/actions/skip.h @@ -13,10 +13,12 @@ * */ + #include #include "modsecurity/actions/action.h" + #ifndef SRC_ACTIONS_SKIP_H_ #define SRC_ACTIONS_SKIP_H_ @@ -29,13 +31,14 @@ namespace actions { class Skip : public Action { public: - explicit Skip(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), + explicit Skip(const std::string &action) + : Action(action), m_skip_next(0) { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; + private: int m_skip_next; }; diff --git a/src/actions/skip_after.cc b/src/actions/skip_after.cc index 9e1bae39..5033df95 100644 --- a/src/actions/skip_after.cc +++ b/src/actions/skip_after.cc @@ -13,21 +13,24 @@ * */ + #include "src/actions/skip_after.h" -#include #include -#include "modsecurity/rules_set.h" -#include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" namespace modsecurity { namespace actions { -bool SkipAfter::execute(RuleWithActions *rule, Transaction *transaction) { +bool SkipAfter::execute(Transaction *transaction) noexcept { ms_dbg_a(transaction, 5, "Setting skipAfter for: " + *m_skipName); transaction->addMarker(m_skipName); return true; diff --git a/src/actions/skip_after.h b/src/actions/skip_after.h index c90c188b..6c812b89 100644 --- a/src/actions/skip_after.h +++ b/src/actions/skip_after.h @@ -13,34 +13,38 @@ * */ + #include #include #include "modsecurity/actions/action.h" + #ifndef SRC_ACTIONS_SKIP_AFTER_H_ #define SRC_ACTIONS_SKIP_AFTER_H_ -class Transaction; namespace modsecurity { -class Transaction; namespace actions { class SkipAfter : public Action { public: - explicit SkipAfter(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), - m_skipName(std::make_shared(m_parser_payload)) { } + explicit SkipAfter(const std::string &action) + : Action(action), + m_skipName(std::make_shared(m_parserPayload)) + { } + + bool execute(Transaction *transaction) noexcept override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; private: - std::shared_ptr m_skipName; + // FIXME: This should be a regular pointer instead of a shared pointer. + std::shared_ptr m_skipName; }; } // namespace actions } // namespace modsecurity + #endif // SRC_ACTIONS_SKIP_AFTER_H_ diff --git a/src/actions/tag.cc b/src/actions/tag.cc index 4ae4a6ed..0ec22abb 100644 --- a/src/actions/tag.cc +++ b/src/actions/tag.cc @@ -13,16 +13,18 @@ * */ + #include "src/actions/tag.h" -#include #include -#include -#include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "modsecurity/rule_message.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" + /** * Description: Assigns a tag (category) to a rule or a chain. @@ -50,11 +52,8 @@ namespace modsecurity { namespace actions { -bool Tag::execute(RuleWithActions *rule, Transaction *transaction) { - std::string tag = getTagName(transaction); - ms_dbg_a(transaction, 9, "Rule tag: " + tag); - - transaction->messageGetLast()->m_tags.push_back(tag); +bool Tag::execute(Transaction *transaction) noexcept { + ms_dbg_a(transaction, 9, "Rule tag: " + getTagName(transaction)); return true; } diff --git a/src/actions/tag.h b/src/actions/tag.h index d41857c3..8ff9ebbc 100644 --- a/src/actions/tag.h +++ b/src/actions/tag.h @@ -13,44 +13,44 @@ * */ + #include #include #include #include "modsecurity/actions/action.h" #include "src/actions/action_with_run_time_string.h" +#include "src/actions/action_allowed_in_sec_default_action.h" #ifndef SRC_ACTIONS_TAG_H_ #define SRC_ACTIONS_TAG_H_ -class Transaction; namespace modsecurity { -class Transaction; namespace actions { -class Tag : public ActionWithRunTimeString { +class Tag : public ActionWithRunTimeString, + public ActionAllowedAsSecDefaultAction { public: explicit Tag(std::unique_ptr runTimeString) - : ActionWithRunTimeString( - "tag", - RunTimeOnlyIfMatchKind, - std::move(runTimeString) - ) - { }; + : ActionWithRunTimeString(std::move(runTimeString)), + Action("tag") + { } explicit Tag(const Tag &action) - : ActionWithRunTimeString(action) - { }; + : ActionWithRunTimeString(action), + Action(action) + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; inline std::string getTagName(Transaction *transaction) const { return getEvaluatedRunTimeString(transaction); } - virtual ActionWithRunTimeString *clone() override { + + ActionWithRunTimeString *clone() override { return new Tag(*this); } }; diff --git a/src/actions/transformations/base64_decode.cc b/src/actions/transformations/base64_decode.cc index 40a7a442..eda000c1 100644 --- a/src/actions/transformations/base64_decode.cc +++ b/src/actions/transformations/base64_decode.cc @@ -13,17 +13,13 @@ * */ + #include "src/actions/transformations/base64_decode.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" #include "src/utils/base64.h" @@ -32,9 +28,9 @@ namespace actions { namespace transformations { -void Base64Decode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void Base64Decode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { std::string value(in.c_str(), in.size()); std::string ret = Utils::Base64::decode(value); out.assign(ret.c_str(), ret.size()); diff --git a/src/actions/transformations/base64_decode.h b/src/actions/transformations/base64_decode.h index e96c1e15..bfaa5275 100644 --- a/src/actions/transformations/base64_decode.h +++ b/src/actions/transformations/base64_decode.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_BASE64_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_BASE64_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class Base64Decode : public Transformation { public: - explicit Base64Decode(const std::string &action) - : Transformation(action) { } + Base64Decode() + : Action("t:base64Decode") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_BASE64_DECODE_H_ diff --git a/src/actions/transformations/base64_decode_ext.cc b/src/actions/transformations/base64_decode_ext.cc index f582d7e4..a267ccac 100644 --- a/src/actions/transformations/base64_decode_ext.cc +++ b/src/actions/transformations/base64_decode_ext.cc @@ -13,17 +13,13 @@ * */ + #include "src/actions/transformations/base64_decode_ext.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" #include "src/utils/base64.h" @@ -32,9 +28,9 @@ namespace actions { namespace transformations { -void Base64DecodeExt::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void Base64DecodeExt::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { std::string ret = Utils::Base64::decode_forgiven(in.c_str()); out.assign(ret.c_str(), ret.size()); } diff --git a/src/actions/transformations/base64_decode_ext.h b/src/actions/transformations/base64_decode_ext.h index 3f36fc9f..c08c2c7f 100644 --- a/src/actions/transformations/base64_decode_ext.h +++ b/src/actions/transformations/base64_decode_ext.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_BASE64_DECODE_EXT_H_ #define SRC_ACTIONS_TRANSFORMATIONS_BASE64_DECODE_EXT_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class Base64DecodeExt : public Transformation { public: - explicit Base64DecodeExt(const std::string &action) - : Transformation(action) { } + Base64DecodeExt() + : Action("t:base64DecodeExt") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_BASE64_DECODE_EXT_H_ diff --git a/src/actions/transformations/base64_encode.cc b/src/actions/transformations/base64_encode.cc index 3560d6eb..6a3d740a 100644 --- a/src/actions/transformations/base64_encode.cc +++ b/src/actions/transformations/base64_encode.cc @@ -13,17 +13,13 @@ * */ + #include "src/actions/transformations/base64_encode.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" #include "src/utils/base64.h" @@ -32,9 +28,9 @@ namespace actions { namespace transformations { -void Base64Encode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void Base64Encode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { std::string ret = Utils::Base64::encode( std::string(in.c_str(), in.size())); out.assign(ret.c_str(), ret.size()); diff --git a/src/actions/transformations/base64_encode.h b/src/actions/transformations/base64_encode.h index 1158a5c5..c9531878 100644 --- a/src/actions/transformations/base64_encode.h +++ b/src/actions/transformations/base64_encode.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_BASE64_ENCODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_BASE64_ENCODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class Base64Encode : public Transformation { public: - explicit Base64Encode(const std::string &action) - : Transformation(action) { } + Base64Encode() + : Action("t:base64Encode") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_BASE64_ENCODE_H_ diff --git a/src/actions/transformations/cmd_line.cc b/src/actions/transformations/cmd_line.cc index 4082bed6..edf0befc 100644 --- a/src/actions/transformations/cmd_line.cc +++ b/src/actions/transformations/cmd_line.cc @@ -15,15 +15,10 @@ #include "src/actions/transformations/cmd_line.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -31,9 +26,9 @@ namespace actions { namespace transformations { -void CmdLine::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void CmdLine::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { int space = 0; for (auto& a : in) { diff --git a/src/actions/transformations/cmd_line.h b/src/actions/transformations/cmd_line.h index 3724b515..0c92edd0 100644 --- a/src/actions/transformations/cmd_line.h +++ b/src/actions/transformations/cmd_line.h @@ -13,36 +13,40 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_CMD_LINE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_CMD_LINE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class CmdLine : public Transformation { public: - explicit CmdLine(const std::string &action) - : Transformation(action) { } + CmdLine() + : Action("t:cmdLine") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_CMD_LINE_H_ diff --git a/src/actions/transformations/compress_whitespace.cc b/src/actions/transformations/compress_whitespace.cc index 7d1af976..319367bf 100644 --- a/src/actions/transformations/compress_whitespace.cc +++ b/src/actions/transformations/compress_whitespace.cc @@ -13,17 +13,13 @@ * */ + #include "src/actions/transformations/compress_whitespace.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -31,9 +27,9 @@ namespace actions { namespace transformations { -void CompressWhitespace::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void CompressWhitespace::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { int inWhiteSpace = 0; size_t i = 0; out.reserve(in.size()); diff --git a/src/actions/transformations/compress_whitespace.h b/src/actions/transformations/compress_whitespace.h index de14f33a..ba4c56f2 100644 --- a/src/actions/transformations/compress_whitespace.h +++ b/src/actions/transformations/compress_whitespace.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_COMPRESS_WHITESPACE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_COMPRESS_WHITESPACE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class CompressWhitespace : public Transformation { public: - explicit CompressWhitespace(const std::string &action) - : Transformation(action) { } + CompressWhitespace() + : Action("t:compressWhitespace") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_COMPRESS_WHITESPACE_H_ diff --git a/src/actions/transformations/css_decode.cc b/src/actions/transformations/css_decode.cc index 1ca7a824..afaaa2d0 100644 --- a/src/actions/transformations/css_decode.cc +++ b/src/actions/transformations/css_decode.cc @@ -13,19 +13,14 @@ * */ + #include "src/actions/transformations/css_decode.h" -#include - -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/utils/string.h" @@ -34,9 +29,9 @@ namespace actions { namespace transformations { -void CssDecode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void CssDecode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { size_t s = in.size(); char *tmp = reinterpret_cast( @@ -44,7 +39,8 @@ void CssDecode::execute(Transaction *t, memcpy(tmp, in.c_str(), s + 1); tmp[s] = '\0'; - size_t r = CssDecode::css_decode_inplace(reinterpret_cast(tmp), + size_t r = CssDecode::css_decode_inplace( + reinterpret_cast(tmp), s); out.assign(tmp, r); diff --git a/src/actions/transformations/css_decode.h b/src/actions/transformations/css_decode.h index 1be00f48..c584ee5b 100644 --- a/src/actions/transformations/css_decode.h +++ b/src/actions/transformations/css_decode.h @@ -13,32 +13,37 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_CSS_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_CSS_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { class CssDecode : public Transformation { public: - explicit CssDecode(const std::string &action) - : Transformation(action) { } + CssDecode() + : Action("t:cssDecode") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; - static int css_decode_inplace(unsigned char *input, int64_t input_len); + private: + static int css_decode_inplace(unsigned char *input, + int64_t input_len); }; @@ -46,6 +51,5 @@ class CssDecode : public Transformation { } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_CSS_DECODE_H_ diff --git a/src/actions/transformations/escape_seq_decode.cc b/src/actions/transformations/escape_seq_decode.cc index 073d314f..3bbcf9d2 100644 --- a/src/actions/transformations/escape_seq_decode.cc +++ b/src/actions/transformations/escape_seq_decode.cc @@ -13,20 +13,17 @@ * */ + #include "src/actions/transformations/escape_seq_decode.h" -#include #include -#include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/utils/string.h" + namespace modsecurity { namespace actions { namespace transformations { @@ -135,9 +132,9 @@ int EscapeSeqDecode::ansi_c_sequences_decode_inplace(unsigned char *input, } -void EscapeSeqDecode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void EscapeSeqDecode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *tmp = (unsigned char *) malloc(sizeof(char) * in.size() + 1); memcpy(tmp, in.c_str(), in.size() + 1); diff --git a/src/actions/transformations/escape_seq_decode.h b/src/actions/transformations/escape_seq_decode.h index 7b690687..9dd4f296 100644 --- a/src/actions/transformations/escape_seq_decode.h +++ b/src/actions/transformations/escape_seq_decode.h @@ -13,37 +13,43 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_ESCAPE_SEQ_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_ESCAPE_SEQ_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class EscapeSeqDecode : public Transformation { public: - explicit EscapeSeqDecode(const std::string &action) - : Transformation(action) { } + EscapeSeqDecode() + : Action("t:escapeSeqDecode") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; - static int ansi_c_sequences_decode_inplace(unsigned char *input, int input_len); + private: + static int ansi_c_sequences_decode_inplace(unsigned char *input, + int input_len); }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_ESCAPE_SEQ_DECODE_H_ diff --git a/src/actions/transformations/hex_decode.cc b/src/actions/transformations/hex_decode.cc index 212bcbee..b90bf1a0 100644 --- a/src/actions/transformations/hex_decode.cc +++ b/src/actions/transformations/hex_decode.cc @@ -13,28 +13,27 @@ * */ + #include "src/actions/transformations/hex_decode.h" -#include #include -#include -#include -#include -#include -#include #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + +#include "modsecurity/modsecurity.h" +#include "modsecurity/transaction.h" + #include "src/utils/string.h" + namespace modsecurity { namespace actions { namespace transformations { -void HexDecode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void HexDecode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *input; int size = 0; diff --git a/src/actions/transformations/hex_decode.h b/src/actions/transformations/hex_decode.h index 58645cea..4af8bfc9 100644 --- a/src/actions/transformations/hex_decode.h +++ b/src/actions/transformations/hex_decode.h @@ -13,37 +13,42 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_HEX_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_HEX_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class HexDecode : public Transformation { public: - explicit HexDecode(const std::string &action) - : Transformation(action) { } + HexDecode() + : Action("t:hexDecode") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; + private: static int inplace(unsigned char *data, int len); }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_HEX_DECODE_H_ diff --git a/src/actions/transformations/hex_encode.cc b/src/actions/transformations/hex_encode.cc index 4a70e896..b1676f22 100644 --- a/src/actions/transformations/hex_encode.cc +++ b/src/actions/transformations/hex_encode.cc @@ -13,18 +13,13 @@ * */ + #include "src/actions/transformations/hex_encode.h" -#include #include -#include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -32,9 +27,9 @@ namespace actions { namespace transformations { -void HexEncode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void HexEncode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { std::stringstream result; for (std::size_t i=0; i < in.length(); i++) { int ii = reinterpret_cast(in[i]); diff --git a/src/actions/transformations/hex_encode.h b/src/actions/transformations/hex_encode.h index 1e6ae842..545bf046 100644 --- a/src/actions/transformations/hex_encode.h +++ b/src/actions/transformations/hex_encode.h @@ -13,36 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_HEX_ENCODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_HEX_ENCODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class HexEncode : public Transformation { public: - explicit HexEncode(const std::string &action) - : Transformation(action) { } - - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + HexEncode() + : Action("t:hexEncode") + { } + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_HEX_ENCODE_H_ diff --git a/src/actions/transformations/html_entity_decode.cc b/src/actions/transformations/html_entity_decode.cc index c2909e09..6e922ff0 100644 --- a/src/actions/transformations/html_entity_decode.cc +++ b/src/actions/transformations/html_entity_decode.cc @@ -13,19 +13,15 @@ * */ + #include "src/actions/transformations/html_entity_decode.h" -#include - -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + +#include "src/utils/string.h" namespace modsecurity { @@ -33,9 +29,9 @@ namespace actions { namespace transformations { -void HtmlEntityDecode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void HtmlEntityDecode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *input; input = reinterpret_cast diff --git a/src/actions/transformations/html_entity_decode.h b/src/actions/transformations/html_entity_decode.h index f315fb91..5413dd07 100644 --- a/src/actions/transformations/html_entity_decode.h +++ b/src/actions/transformations/html_entity_decode.h @@ -13,33 +13,35 @@ * */ -#include -#include +#include + +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" -#include "src/utils/string.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_HTML_ENTITY_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_HTML_ENTITY_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { class HtmlEntityDecode : public Transformation { public: - explicit HtmlEntityDecode(const std::string &action) - : Transformation(action) { } + HtmlEntityDecode() + : Action("t:htmlEntityDecode") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; + private: static int inplace(unsigned char *input, uint64_t input_len); }; @@ -48,6 +50,5 @@ class HtmlEntityDecode : public Transformation { } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_HTML_ENTITY_DECODE_H_ diff --git a/src/actions/transformations/js_decode.cc b/src/actions/transformations/js_decode.cc index 32640cad..e659457c 100644 --- a/src/actions/transformations/js_decode.cc +++ b/src/actions/transformations/js_decode.cc @@ -13,19 +13,14 @@ * */ + #include "src/actions/transformations/js_decode.h" -#include - -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/utils/string.h" @@ -34,9 +29,9 @@ namespace actions { namespace transformations { -void JsDecode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void JsDecode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *input; input = reinterpret_cast diff --git a/src/actions/transformations/js_decode.h b/src/actions/transformations/js_decode.h index c029e611..b0c15cda 100644 --- a/src/actions/transformations/js_decode.h +++ b/src/actions/transformations/js_decode.h @@ -13,37 +13,42 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_JS_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_JS_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class JsDecode : public Transformation { public: - explicit JsDecode(const std::string &action) - : Transformation(action) { } + JsDecode() + : Action("t:jsDecode") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; + private: static int inplace(unsigned char *input, uint64_t input_len); }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_JS_DECODE_H_ diff --git a/src/actions/transformations/length.cc b/src/actions/transformations/length.cc index 57f6ae2f..7aaeadcf 100644 --- a/src/actions/transformations/length.cc +++ b/src/actions/transformations/length.cc @@ -13,17 +13,13 @@ * */ + #include "src/actions/transformations/length.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -31,9 +27,9 @@ namespace actions { namespace transformations { -void Length::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void Length::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { out.assign(std::to_string(in.size()).c_str()); } diff --git a/src/actions/transformations/length.h b/src/actions/transformations/length.h index 39828159..38227be7 100644 --- a/src/actions/transformations/length.h +++ b/src/actions/transformations/length.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_LENGTH_H_ #define SRC_ACTIONS_TRANSFORMATIONS_LENGTH_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class Length : public Transformation { public: - explicit Length(const std::string &action) - : Transformation(action) { }; + Length() + : Action("t:length") + { }; - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_LENGTH_H_ diff --git a/src/actions/transformations/lower_case.cc b/src/actions/transformations/lower_case.cc index 60d3df98..1fb39c29 100644 --- a/src/actions/transformations/lower_case.cc +++ b/src/actions/transformations/lower_case.cc @@ -13,23 +13,24 @@ * */ + #include "src/actions/transformations/lower_case.h" #include #include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" -#include "modsecurity/actions/action.h" + namespace modsecurity { namespace actions { namespace transformations { -void LowerCase::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void LowerCase::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { out.resize(in.size()); std::transform(in.begin(), in.end(), out.begin(), ::tolower); } diff --git a/src/actions/transformations/lower_case.h b/src/actions/transformations/lower_case.h index 79852094..b072a037 100644 --- a/src/actions/transformations/lower_case.h +++ b/src/actions/transformations/lower_case.h @@ -13,37 +13,39 @@ * */ -#include -#include +#include + +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_LOWER_CASE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_LOWER_CASE_H_ -#ifdef __cplusplus namespace modsecurity { -class Transaction; namespace actions { namespace transformations { class LowerCase : public Transformation { public: - explicit LowerCase(const std::string &action) - : Transformation(action) { }; + LowerCase() + : Action("t:lowerCase") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_LOWER_CASE_H_ diff --git a/src/actions/transformations/md5.cc b/src/actions/transformations/md5.cc index a179e174..4e833fa5 100644 --- a/src/actions/transformations/md5.cc +++ b/src/actions/transformations/md5.cc @@ -13,17 +13,14 @@ * */ + #include "src/actions/transformations/md5.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/utils/md5.h" namespace modsecurity { @@ -31,9 +28,9 @@ namespace actions { namespace transformations { -void Md5::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void Md5::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { std::string ret = Utils::Md5::digest(std::string(in.c_str(), in.size())); out.assign(ret.c_str(), ret.size()); diff --git a/src/actions/transformations/md5.h b/src/actions/transformations/md5.h index 5b86b0ca..7cae8fe1 100644 --- a/src/actions/transformations/md5.h +++ b/src/actions/transformations/md5.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_MD5_H_ #define SRC_ACTIONS_TRANSFORMATIONS_MD5_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class Md5 : public Transformation { public: - explicit Md5(const std::string &action) - : Transformation(action) { } + Md5() + : Action("t:md5") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_MD5_H_ diff --git a/src/actions/transformations/none.cc b/src/actions/transformations/none.cc index 00b5aadc..425c371d 100644 --- a/src/actions/transformations/none.cc +++ b/src/actions/transformations/none.cc @@ -13,17 +13,13 @@ * */ + #include "src/actions/transformations/none.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -31,9 +27,9 @@ namespace actions { namespace transformations { -void None::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { } +void None::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { } } // namespace transformations diff --git a/src/actions/transformations/none.h b/src/actions/transformations/none.h index 130cbb74..30a22d90 100644 --- a/src/actions/transformations/none.h +++ b/src/actions/transformations/none.h @@ -13,40 +13,40 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_NONE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_NONE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class None : public Transformation { public: - explicit None(const std::string &action) - : Transformation(action) - { } + None() + : + Action("t:none") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; - - bool isNone() override { - return true; - } + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_NONE_H_ diff --git a/src/actions/transformations/normalise_path.cc b/src/actions/transformations/normalise_path.cc index c7ff95a9..fee87f3b 100644 --- a/src/actions/transformations/normalise_path.cc +++ b/src/actions/transformations/normalise_path.cc @@ -13,19 +13,13 @@ * */ + #include "src/actions/transformations/normalise_path.h" -#include - -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -33,9 +27,9 @@ namespace actions { namespace transformations { -void NormalisePath::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void NormalisePath::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { int changed = 0; char *tmp = reinterpret_cast( diff --git a/src/actions/transformations/normalise_path.h b/src/actions/transformations/normalise_path.h index 7fd91fc1..3015637e 100644 --- a/src/actions/transformations/normalise_path.h +++ b/src/actions/transformations/normalise_path.h @@ -13,38 +13,42 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_NORMALISE_PATH_H_ #define SRC_ACTIONS_TRANSFORMATIONS_NORMALISE_PATH_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class NormalisePath : public Transformation { public: - explicit NormalisePath(const std::string &action) - : Transformation(action) { }; + NormalisePath() + : Action("t:normalisePath") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; static int normalize_path_inplace(unsigned char *input, int input_len, int win, int *changed); }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_NORMALISE_PATH_H_ diff --git a/src/actions/transformations/normalise_path_win.cc b/src/actions/transformations/normalise_path_win.cc index a3746618..5f8b0c76 100644 --- a/src/actions/transformations/normalise_path_win.cc +++ b/src/actions/transformations/normalise_path_win.cc @@ -13,19 +13,16 @@ * */ + #include "src/actions/transformations/normalise_path_win.h" #include - -#include #include -#include -#include -#include -#include + +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/actions/transformations/normalise_path.h" @@ -34,9 +31,9 @@ namespace actions { namespace transformations { -void NormalisePathWin::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void NormalisePathWin::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { int changed; char *tmp = reinterpret_cast( diff --git a/src/actions/transformations/normalise_path_win.h b/src/actions/transformations/normalise_path_win.h index 3d7c8d75..e919a87e 100644 --- a/src/actions/transformations/normalise_path_win.h +++ b/src/actions/transformations/normalise_path_win.h @@ -13,31 +13,36 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_NORMALISE_PATH_WIN_H_ #define SRC_ACTIONS_TRANSFORMATIONS_NORMALISE_PATH_WIN_H_ namespace modsecurity { -class Transaction; - namespace actions { namespace transformations { + class NormalisePathWin : public Transformation { public: - explicit NormalisePathWin(const std::string &action) - : Transformation(action) { } + NormalisePathWin() + : Action("t:normalisePathWin") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity diff --git a/src/actions/transformations/parity_even_7bit.cc b/src/actions/transformations/parity_even_7bit.cc index 29d547da..ce7a313c 100644 --- a/src/actions/transformations/parity_even_7bit.cc +++ b/src/actions/transformations/parity_even_7bit.cc @@ -13,18 +13,13 @@ * */ + #include "src/actions/transformations/parity_even_7bit.h" -#include #include -#include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -32,9 +27,9 @@ namespace actions { namespace transformations { -void ParityEven7bit::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void ParityEven7bit::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *input; input = reinterpret_cast diff --git a/src/actions/transformations/parity_even_7bit.h b/src/actions/transformations/parity_even_7bit.h index de250260..d73b6d7a 100644 --- a/src/actions/transformations/parity_even_7bit.h +++ b/src/actions/transformations/parity_even_7bit.h @@ -13,37 +13,42 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_PARITY_EVEN_7BIT_H_ #define SRC_ACTIONS_TRANSFORMATIONS_PARITY_EVEN_7BIT_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class ParityEven7bit : public Transformation { public: - explicit ParityEven7bit(const std::string &action) - : Transformation(action) { } + ParityEven7bit() + : Action("t:parityEven7bit") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; + private: static bool inplace(unsigned char *input, uint64_t input_len); }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_PARITY_EVEN_7BIT_H_ diff --git a/src/actions/transformations/parity_odd_7bit.cc b/src/actions/transformations/parity_odd_7bit.cc index d2695826..735f3e93 100644 --- a/src/actions/transformations/parity_odd_7bit.cc +++ b/src/actions/transformations/parity_odd_7bit.cc @@ -13,18 +13,13 @@ * */ + #include "src/actions/transformations/parity_odd_7bit.h" -#include #include -#include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -32,9 +27,9 @@ namespace actions { namespace transformations { -void ParityOdd7bit::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void ParityOdd7bit::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *input; input = reinterpret_cast diff --git a/src/actions/transformations/parity_odd_7bit.h b/src/actions/transformations/parity_odd_7bit.h index 823b7fc7..3442e1ad 100644 --- a/src/actions/transformations/parity_odd_7bit.h +++ b/src/actions/transformations/parity_odd_7bit.h @@ -13,37 +13,43 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_PARITY_ODD_7BIT_H_ #define SRC_ACTIONS_TRANSFORMATIONS_PARITY_ODD_7BIT_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class ParityOdd7bit : public Transformation { public: - explicit ParityOdd7bit(const std::string &action) - : Transformation(action) { } + ParityOdd7bit() + : Action("t:parityOdd7bit") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; + private: static bool inplace(unsigned char *input, uint64_t input_len); }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif + #endif // SRC_ACTIONS_TRANSFORMATIONS_PARITY_ODD_7BIT_H_ diff --git a/src/actions/transformations/parity_zero_7bit.cc b/src/actions/transformations/parity_zero_7bit.cc index 25e24f42..6ddd8ef3 100644 --- a/src/actions/transformations/parity_zero_7bit.cc +++ b/src/actions/transformations/parity_zero_7bit.cc @@ -13,18 +13,13 @@ * */ + #include "src/actions/transformations/parity_zero_7bit.h" -#include #include -#include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -32,9 +27,9 @@ namespace actions { namespace transformations { -void ParityZero7bit::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void ParityZero7bit::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *input; input = reinterpret_cast diff --git a/src/actions/transformations/parity_zero_7bit.h b/src/actions/transformations/parity_zero_7bit.h index 3dff4d33..e0bd4b76 100644 --- a/src/actions/transformations/parity_zero_7bit.h +++ b/src/actions/transformations/parity_zero_7bit.h @@ -13,37 +13,42 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_PARITY_ZERO_7BIT_H_ #define SRC_ACTIONS_TRANSFORMATIONS_PARITY_ZERO_7BIT_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class ParityZero7bit : public Transformation { public: - explicit ParityZero7bit(const std::string &action) - : Transformation(action) { } + ParityZero7bit() + : Action("t:parityZero7bit") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; + private: static bool inplace(unsigned char *input, uint64_t input_len); }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_PARITY_ZERO_7BIT_H_ diff --git a/src/actions/transformations/remove_comments.cc b/src/actions/transformations/remove_comments.cc index 86b29320..4fcdcac5 100644 --- a/src/actions/transformations/remove_comments.cc +++ b/src/actions/transformations/remove_comments.cc @@ -13,18 +13,13 @@ * */ + #include "src/actions/transformations/remove_comments.h" -#include #include -#include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -32,9 +27,9 @@ namespace actions { namespace transformations { -void RemoveComments::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void RemoveComments::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *input; input = reinterpret_cast diff --git a/src/actions/transformations/remove_comments.h b/src/actions/transformations/remove_comments.h index 804a468f..fca978e4 100644 --- a/src/actions/transformations/remove_comments.h +++ b/src/actions/transformations/remove_comments.h @@ -13,30 +13,32 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_REMOVE_COMMENTS_H_ #define SRC_ACTIONS_TRANSFORMATIONS_REMOVE_COMMENTS_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { class RemoveComments : public Transformation { public: - explicit RemoveComments(const std::string &action) - : Transformation(action) { } + RemoveComments() + : Action("t:removeComments") { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override;; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override;; }; @@ -44,6 +46,5 @@ class RemoveComments : public Transformation { } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_REMOVE_COMMENTS_H_ diff --git a/src/actions/transformations/remove_comments_char.cc b/src/actions/transformations/remove_comments_char.cc index db9c50b2..132a2f17 100644 --- a/src/actions/transformations/remove_comments_char.cc +++ b/src/actions/transformations/remove_comments_char.cc @@ -13,17 +13,13 @@ * */ + #include "src/actions/transformations/remove_comments_char.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -31,9 +27,9 @@ namespace actions { namespace transformations { -void RemoveCommentsChar::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void RemoveCommentsChar::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { int64_t i; out = in; diff --git a/src/actions/transformations/remove_comments_char.h b/src/actions/transformations/remove_comments_char.h index 53ac44ac..97d1099c 100644 --- a/src/actions/transformations/remove_comments_char.h +++ b/src/actions/transformations/remove_comments_char.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_REMOVE_COMMENTS_CHAR_H_ #define SRC_ACTIONS_TRANSFORMATIONS_REMOVE_COMMENTS_CHAR_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class RemoveCommentsChar : public Transformation { public: - explicit RemoveCommentsChar(const std::string &action) - : Transformation(action) { }; + RemoveCommentsChar() + : Action("t:removeCommentsChar") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_REMOVE_COMMENTS_CHAR_H_ diff --git a/src/actions/transformations/remove_nulls.cc b/src/actions/transformations/remove_nulls.cc index 5ee5fdf4..1f6c4f73 100644 --- a/src/actions/transformations/remove_nulls.cc +++ b/src/actions/transformations/remove_nulls.cc @@ -13,19 +13,13 @@ * */ + #include "src/actions/transformations/remove_nulls.h" -#include - -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -33,9 +27,9 @@ namespace actions { namespace transformations { -void RemoveNulls::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void RemoveNulls::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { int64_t i; out = in; diff --git a/src/actions/transformations/remove_nulls.h b/src/actions/transformations/remove_nulls.h index 00adf316..664fdb14 100644 --- a/src/actions/transformations/remove_nulls.h +++ b/src/actions/transformations/remove_nulls.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_REMOVE_NULLS_H_ #define SRC_ACTIONS_TRANSFORMATIONS_REMOVE_NULLS_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class RemoveNulls : public Transformation { public: - explicit RemoveNulls(const std::string &action) - : Transformation(action) { } + RemoveNulls() + : Action("t:removeNulls") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_REMOVE_NULLS_H_ diff --git a/src/actions/transformations/remove_whitespace.cc b/src/actions/transformations/remove_whitespace.cc index 7d758fad..3e665057 100644 --- a/src/actions/transformations/remove_whitespace.cc +++ b/src/actions/transformations/remove_whitespace.cc @@ -13,28 +13,25 @@ * */ + #include "src/actions/transformations/remove_whitespace.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" -#define NBSP 160 // non breaking space char +#include "src/utils/string.h" + namespace modsecurity { namespace actions { namespace transformations { -void RemoveWhitespace::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void RemoveWhitespace::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { out = in; int64_t i = 0; diff --git a/src/actions/transformations/remove_whitespace.h b/src/actions/transformations/remove_whitespace.h index 71119be1..e4a388f6 100644 --- a/src/actions/transformations/remove_whitespace.h +++ b/src/actions/transformations/remove_whitespace.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_REMOVE_WHITESPACE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_REMOVE_WHITESPACE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class RemoveWhitespace : public Transformation { public: - explicit RemoveWhitespace(const std::string &action) - : Transformation(action) { }; + RemoveWhitespace() + : Action("t:removeWhitespace") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_REMOVE_WHITESPACE_H_ diff --git a/src/actions/transformations/replace_comments.cc b/src/actions/transformations/replace_comments.cc index 25fdac9f..220a551f 100644 --- a/src/actions/transformations/replace_comments.cc +++ b/src/actions/transformations/replace_comments.cc @@ -13,18 +13,13 @@ * */ + #include "src/actions/transformations/replace_comments.h" -#include #include -#include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -32,9 +27,9 @@ namespace actions { namespace transformations { -void ReplaceComments::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void ReplaceComments::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { uint64_t i, j, incomment; char *input = reinterpret_cast( diff --git a/src/actions/transformations/replace_comments.h b/src/actions/transformations/replace_comments.h index c09c65a4..024f6a20 100644 --- a/src/actions/transformations/replace_comments.h +++ b/src/actions/transformations/replace_comments.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_REPLACE_COMMENTS_H_ #define SRC_ACTIONS_TRANSFORMATIONS_REPLACE_COMMENTS_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class ReplaceComments : public Transformation { public: - explicit ReplaceComments(const std::string &action) - : Transformation(action) { }; + ReplaceComments() + : Action("t:removeComments") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_REPLACE_COMMENTS_H_ diff --git a/src/actions/transformations/replace_nulls.cc b/src/actions/transformations/replace_nulls.cc index bcd28497..97b0ae24 100644 --- a/src/actions/transformations/replace_nulls.cc +++ b/src/actions/transformations/replace_nulls.cc @@ -13,17 +13,13 @@ * */ + #include "src/actions/transformations/replace_nulls.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -31,9 +27,9 @@ namespace actions { namespace transformations { -void ReplaceNulls::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void ReplaceNulls::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { int64_t i; out = in; diff --git a/src/actions/transformations/replace_nulls.h b/src/actions/transformations/replace_nulls.h index 544f256d..d1625004 100644 --- a/src/actions/transformations/replace_nulls.h +++ b/src/actions/transformations/replace_nulls.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_REPLACE_NULLS_H_ #define SRC_ACTIONS_TRANSFORMATIONS_REPLACE_NULLS_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class ReplaceNulls : public Transformation { public: - explicit ReplaceNulls(const std::string &action) - : Transformation(action) { }; + ReplaceNulls() + : Action("t:replaceNulls") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_REPLACE_NULLS_H_ diff --git a/src/actions/transformations/sha1.cc b/src/actions/transformations/sha1.cc index 995922b9..24601032 100644 --- a/src/actions/transformations/sha1.cc +++ b/src/actions/transformations/sha1.cc @@ -13,17 +13,14 @@ * */ + #include "src/actions/transformations/sha1.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/utils/sha1.h" @@ -32,13 +29,11 @@ namespace actions { namespace transformations { -void Sha1::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { - +void Sha1::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { auto a = Utils::Sha1::digest( - std::string(in.c_str(), in.size()) - ); + std::string(in.c_str(), in.size())); out.assign(a.c_str(), a.size()); } diff --git a/src/actions/transformations/sha1.h b/src/actions/transformations/sha1.h index fce9aa75..1437e6c9 100644 --- a/src/actions/transformations/sha1.h +++ b/src/actions/transformations/sha1.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_SHA1_H_ #define SRC_ACTIONS_TRANSFORMATIONS_SHA1_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class Sha1 : public Transformation { public: - explicit Sha1(const std::string &action) - : Transformation(action) { }; + Sha1() + : Action("t:sha1") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_SHA1_H_ diff --git a/src/actions/transformations/sql_hex_decode.cc b/src/actions/transformations/sql_hex_decode.cc index da7fc301..20676c34 100644 --- a/src/actions/transformations/sql_hex_decode.cc +++ b/src/actions/transformations/sql_hex_decode.cc @@ -13,18 +13,14 @@ * */ + #include "src/actions/transformations/sql_hex_decode.h" -#include #include -#include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/utils/string.h" @@ -32,18 +28,10 @@ namespace modsecurity { namespace actions { namespace transformations { -#ifndef VALID_HEX -#define VALID_HEX(X) (((X >= '0') && (X <= '9')) \ - || ((X >= 'a') && (X <= 'f')) \ - || ((X >= 'A') && (X <= 'F'))) -#endif -#ifndef ISODIGIT -#define ISODIGIT(X) ((X >= '0') && (X <= '7')) -#endif -void SqlHexDecode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void SqlHexDecode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *input; int size = 0; diff --git a/src/actions/transformations/sql_hex_decode.h b/src/actions/transformations/sql_hex_decode.h index 7e0d4dd4..fc6e979a 100644 --- a/src/actions/transformations/sql_hex_decode.h +++ b/src/actions/transformations/sql_hex_decode.h @@ -13,30 +13,34 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_SQL_HEX_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_SQL_HEX_DECODE_H_ -#ifdef __cplusplus namespace modsecurity { -class Transaction; - namespace actions { namespace transformations { + class SqlHexDecode : public Transformation { public: - explicit SqlHexDecode(const std::string &action) - : Transformation(action) { } + SqlHexDecode() + : Action("t:sqlHexDecode") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; + private: static int inplace(unsigned char *data, int len); static int mytolower(int ch) { @@ -47,10 +51,10 @@ class SqlHexDecode : public Transformation { } }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_SQL_HEX_DECODE_H_ diff --git a/src/actions/transformations/transformation.cc b/src/actions/transformations/transformation.cc index f039c5ab..5ae32c38 100644 --- a/src/actions/transformations/transformation.cc +++ b/src/actions/transformations/transformation.cc @@ -13,15 +13,14 @@ * */ + #include "src/actions/transformations/transformation.h" -#include - -#include #include #include "modsecurity/transaction.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/base64_decode_ext.h" #include "src/actions/transformations/base64_decode.h" #include "src/actions/transformations/base64_encode.h" @@ -60,58 +59,94 @@ #include "src/actions/transformations/utf8_to_unicode.h" -#define IF_MATCH(b) \ - if (a.compare(2, std::strlen(#b), #b) == 0) - - namespace modsecurity { namespace actions { namespace transformations { -Transformation* Transformation::instantiate(std::string a) { - IF_MATCH(base64DecodeExt) { return new Base64DecodeExt(a); } - IF_MATCH(base64Decode) { return new Base64Decode(a); } - IF_MATCH(base64Encode) { return new Base64Encode(a); } - IF_MATCH(cmd_line) { return new CmdLine(a); } - IF_MATCH(compress_whitespace) { return new CompressWhitespace(a); } - IF_MATCH(cssDecode) { return new CssDecode(a); } - IF_MATCH(escapeSeqDecode) { return new EscapeSeqDecode(a); } - IF_MATCH(hexDecode) { return new HexDecode(a); } - IF_MATCH(hexEncode) { return new HexEncode(a); } - IF_MATCH(htmlEntityDecode) { return new HtmlEntityDecode(a); } - IF_MATCH(jsDecode) { return new JsDecode(a); } - IF_MATCH(length) { return new Length(a); } - IF_MATCH(lowercase) { return new LowerCase(a); } - IF_MATCH(md5) { return new Md5(a); } - IF_MATCH(none) { return new None(a); } - IF_MATCH(normalizePathWin) { return new NormalisePathWin(a); } - IF_MATCH(normalisePathWin) { return new NormalisePathWin(a); } - IF_MATCH(normalizePath) { return new NormalisePath(a); } - IF_MATCH(normalisePath) { return new NormalisePath(a); } - IF_MATCH(parityEven7bit) { return new ParityEven7bit(a); } - IF_MATCH(parityOdd7bit) { return new ParityOdd7bit(a); } - IF_MATCH(parityZero7bit) { return new ParityZero7bit(a); } - IF_MATCH(removeCommentsChar) { return new RemoveCommentsChar(a); } - IF_MATCH(removeComments) { return new RemoveComments(a); } - IF_MATCH(removeNulls) { return new RemoveNulls(a); } - IF_MATCH(removeWhitespace) { return new RemoveWhitespace(a); } - IF_MATCH(compressWhitespace) { return new CompressWhitespace(a); } - IF_MATCH(replaceComments) { return new ReplaceComments(a); } - IF_MATCH(replaceNulls) { return new ReplaceNulls(a); } - IF_MATCH(sha1) { return new Sha1(a); } - IF_MATCH(sqlHexDecode) { return new SqlHexDecode(a); } - IF_MATCH(transformation) { return new Transformation(a); } - IF_MATCH(trimLeft) { return new TrimLeft(a); } - IF_MATCH(trimRight) { return new TrimRight(a); } - IF_MATCH(trim) { return new Trim(a); } - IF_MATCH(uppercase) { return new UpperCase(a); } - IF_MATCH(urlDecodeUni) { return new UrlDecodeUni(a); } - IF_MATCH(urlDecode) { return new UrlDecode(a); } - IF_MATCH(urlEncode) { return new UrlEncode(a); } - IF_MATCH(utf8toUnicode) { return new Utf8ToUnicode(a); } +class TransformationDoesNotExist: public std::exception { + public: + explicit TransformationDoesNotExist(const std::string& name) + : m_transformation(name) + { } - return new Transformation(a); + virtual const char* what() const throw() { + return std::string("Transformation not found: " + m_transformation + \ + ". Make sure that the new transformation is registered at: " + \ + "transformation.cc").c_str(); + } + + private: + std::string m_transformation; +}; + + +Transformation* Transformation::instantiate( + const std::string &transformationName) { + /** + * + * FIXME: Once part of ModSecurity, the transformation needs to register + * here. That is necessary to load transformations from external + * resources such as Python and Lua, not to mention the + * unit/regression framework. + * + * Today this registration is manual; as seen below, the idea is to + * have those automatically generated. To avoid transformations not + * to be listed. + */ + + std::string name(transformationName); + name.erase(std::remove(name.begin(), name.end(), '_'), name.end()); + + if (match(name, "t:base64DecodeExt")) { return new Base64DecodeExt(); } + if (match(name, "t:base64Decode")) { return new Base64Decode(); } + if (match(name, "t:base64Encode")) { return new Base64Encode(); } + if (match(name, "t:cmdLine")) { return new CmdLine(); } + if (match(name, "t:compressWhitespace")) { + return new CompressWhitespace(); + } + if (match(name, "t:cssDecode")) { return new CssDecode(); } + if (match(name, "t:escapeSeqDecode")) { return new EscapeSeqDecode(); } + if (match(name, "t:hexDecode")) { return new HexDecode(); } + if (match(name, "t:hexEncode")) { return new HexEncode(); } + if (match(name, "t:htmlEntityDecode")) { return new HtmlEntityDecode(); } + if (match(name, "t:jsDecode")) { return new JsDecode(); } + if (match(name, "t:length")) { return new Length(); } + if (match(name, "t:lowercase")) { return new LowerCase(); } + if (match(name, "t:md5")) { return new Md5(); } + if (match(name, "t:none")) { return new None(); } + if (match(name, "t:normalizePathWin")) { return new NormalisePathWin(); } + if (match(name, "t:normalisePathWin")) { return new NormalisePathWin(); } + if (match(name, "t:normalizePath")) { return new NormalisePath(); } + if (match(name, "t:normalisePath")) { return new NormalisePath(); } + if (match(name, "t:parityEven7bit")) { return new ParityEven7bit(); } + if (match(name, "t:parityOdd7bit")) { return new ParityOdd7bit(); } + if (match(name, "t:parityZero7bit")) { return new ParityZero7bit(); } + if (match(name, "t:removeCommentsChar")) { + return new RemoveCommentsChar(); + } + if (match(name, "t:removeComments")) { return new RemoveComments(); } + if (match(name, "t:removeNulls")) { return new RemoveNulls(); } + if (match(name, "t:removeWhitespace")) { return new RemoveWhitespace(); } + if (match(name, "t:compressWhitespace")) { + return new CompressWhitespace(); + } + if (match(name, "t:replaceComments")) { return new ReplaceComments(); } + if (match(name, "t:replaceNulls")) { return new ReplaceNulls(); } + if (match(name, "t:sha1")) { return new Sha1(); } + if (match(name, "t:sqlHexDecode")) { return new SqlHexDecode(); } + if (match(name, "t:trimLeft")) { return new TrimLeft(); } + if (match(name, "t:trimRight")) { return new TrimRight(); } + if (match(name, "t:trim")) { return new Trim(); } + if (match(name, "t:uppercase")) { return new UpperCase(); } + if (match(name, "t:urlDecodeUni")) { return new UrlDecodeUni(); } + if (match(name, "t:urlDecode")) { return new UrlDecode(); } + if (match(name, "t:urlEncode")) { return new UrlEncode(); } + if (match(name, "t:utf8toUnicode")) { return new Utf8ToUnicode(); } + + throw TransformationDoesNotExist(name); + + return nullptr; } diff --git a/src/actions/transformations/transformation.h b/src/actions/transformations/transformation.h index 9bedeb3f..e614d3b4 100644 --- a/src/actions/transformations/transformation.h +++ b/src/actions/transformations/transformation.h @@ -13,30 +13,47 @@ * */ + +#include #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" +#include "src/actions/action_allowed_in_sec_default_action.h" + + #ifndef SRC_ACTIONS_TRANSFORMATIONS_TRANSFORMATION_H_ #define SRC_ACTIONS_TRANSFORMATIONS_TRANSFORMATION_H_ namespace modsecurity { -class Transaction; - namespace actions { namespace transformations { -class Transformation : public Action { + +class Transformation : public ActionAllowedAsSecDefaultAction { public: - explicit Transformation(const std::string& _action) - : Action(_action, RunTimeBeforeMatchAttemptKind) { } + virtual void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept = 0; - virtual bool isNone() { return false; } + virtual ~Transformation() + { } - static Transformation* instantiate(std::string a); + static Transformation* instantiate(const std::string &name); + + private: + static bool match(const std::string &a, const std::string &b) noexcept { + return ((a.size() == b.size()) + && std::equal(a.begin(), a.end(), b.begin(), + [](const char & c1, const char & c2) { + return (c1 == c2 || std::toupper(c1) == std::toupper(c2)); + })); + } }; + } // namespace transformations } // namespace actions } // namespace modsecurity diff --git a/src/actions/transformations/trim.cc b/src/actions/transformations/trim.cc index 251d75df..983c74a8 100644 --- a/src/actions/transformations/trim.cc +++ b/src/actions/transformations/trim.cc @@ -13,18 +13,15 @@ * */ + #include "src/actions/transformations/trim.h" -#include -#include -#include #include -#include -#include +#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" -#include "modsecurity/actions/action.h" + namespace modsecurity { namespace actions { @@ -49,9 +46,9 @@ void Trim::trim(ModSecString *s) { } -void Trim::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void Trim::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { out = in; trim(&out); }; diff --git a/src/actions/transformations/trim.h b/src/actions/transformations/trim.h index 6a390fd6..ff909182 100644 --- a/src/actions/transformations/trim.h +++ b/src/actions/transformations/trim.h @@ -13,39 +13,48 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_TRIM_H_ #define SRC_ACTIONS_TRANSFORMATIONS_TRIM_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class Trim : public Transformation { public: - explicit Trim(const std::string &action) - : Transformation(action) { }; + Trim() + : Action("t:trim") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + explicit Trim(const std::string &trim) + : Action(trim) + { } + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; + + protected: void ltrim(ModSecString *s); void rtrim(ModSecString *s); void trim(ModSecString *s); }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_TRIM_H_ diff --git a/src/actions/transformations/trim_left.cc b/src/actions/transformations/trim_left.cc index bdf099e2..9ad9487e 100644 --- a/src/actions/transformations/trim_left.cc +++ b/src/actions/transformations/trim_left.cc @@ -13,28 +13,24 @@ * */ + #include "src/actions/transformations/trim_left.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/actions/transformations/trim.h" -#include "modsecurity/actions/action.h" namespace modsecurity { namespace actions { namespace transformations { -void TrimLeft::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void TrimLeft::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { out = in; ltrim(&out); }; diff --git a/src/actions/transformations/trim_left.h b/src/actions/transformations/trim_left.h index 02b40685..d9d7cef3 100644 --- a/src/actions/transformations/trim_left.h +++ b/src/actions/transformations/trim_left.h @@ -13,36 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" + #include "src/actions/transformations/trim.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_TRIM_LEFT_H_ #define SRC_ACTIONS_TRANSFORMATIONS_TRIM_LEFT_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class TrimLeft : public Trim { public: - explicit TrimLeft(const std::string &action) - : Trim(action) { }; + TrimLeft() + : Trim("t:trimLeft") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_TRIM_LEFT_H_ diff --git a/src/actions/transformations/trim_right.cc b/src/actions/transformations/trim_right.cc index 91898e18..21bd85dc 100644 --- a/src/actions/transformations/trim_right.cc +++ b/src/actions/transformations/trim_right.cc @@ -13,27 +13,23 @@ * */ + #include "src/actions/transformations/trim_right.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" -#include "modsecurity/actions/action.h" + namespace modsecurity { namespace actions { namespace transformations { -void TrimRight::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void TrimRight::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { out = in; rtrim(&out); }; diff --git a/src/actions/transformations/trim_right.h b/src/actions/transformations/trim_right.h index 5300559d..9241e241 100644 --- a/src/actions/transformations/trim_right.h +++ b/src/actions/transformations/trim_right.h @@ -13,36 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" + #include "src/actions/transformations/trim.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_TRIM_RIGHT_H_ #define SRC_ACTIONS_TRANSFORMATIONS_TRIM_RIGHT_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class TrimRight : public Trim { public: - explicit TrimRight(const std::string &action) - : Trim(action) { }; + TrimRight() + : Trim("t:trimRight") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_TRIM_RIGHT_H_ diff --git a/src/actions/transformations/upper_case.cc b/src/actions/transformations/upper_case.cc index 2e6eaf24..431d4b59 100644 --- a/src/actions/transformations/upper_case.cc +++ b/src/actions/transformations/upper_case.cc @@ -13,23 +13,23 @@ * */ + #include "src/actions/transformations/upper_case.h" -#include #include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" -#include "modsecurity/actions/action.h" + namespace modsecurity { namespace actions { namespace transformations { -void UpperCase::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void UpperCase::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { std::locale loc; out.reserve(in.size()); for (std::string::size_type i=0; i < in.size(); ++i) { diff --git a/src/actions/transformations/upper_case.h b/src/actions/transformations/upper_case.h index 37c10444..9082cb77 100644 --- a/src/actions/transformations/upper_case.h +++ b/src/actions/transformations/upper_case.h @@ -13,37 +13,39 @@ * */ -#include -#include +#include + +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_UPPER_CASE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_UPPER_CASE_H_ -#ifdef __cplusplus namespace modsecurity { -class Transaction; namespace actions { namespace transformations { class UpperCase : public Transformation { public: - explicit UpperCase(const std::string &action) - : Transformation(action) { }; + UpperCase() + : Action("t:upperCase") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_UPPER_CASE_H_ diff --git a/src/actions/transformations/url_decode.cc b/src/actions/transformations/url_decode.cc index e5f32afd..4ec251fd 100644 --- a/src/actions/transformations/url_decode.cc +++ b/src/actions/transformations/url_decode.cc @@ -13,28 +13,25 @@ * */ + #include "src/actions/transformations/url_decode.h" -#include #include -#include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/utils/decode.h" + namespace modsecurity { namespace actions { namespace transformations { -void UrlDecode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void UrlDecode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *val(NULL); int invalid_count = 0; int changed; diff --git a/src/actions/transformations/url_decode.h b/src/actions/transformations/url_decode.h index 03535f2f..938bb005 100644 --- a/src/actions/transformations/url_decode.h +++ b/src/actions/transformations/url_decode.h @@ -13,37 +13,39 @@ * */ -#include -#include +#include + +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { class UrlDecode : public Transformation { public: - explicit UrlDecode(const std::string &action) - : Transformation(action) { }; + UrlDecode() + : Action("t:urlDecode") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_H_ diff --git a/src/actions/transformations/url_decode_uni.cc b/src/actions/transformations/url_decode_uni.cc index 18326d24..377c1329 100644 --- a/src/actions/transformations/url_decode_uni.cc +++ b/src/actions/transformations/url_decode_uni.cc @@ -13,24 +13,16 @@ * */ + #include "src/actions/transformations/url_decode_uni.h" -#include - -#include #include -#include -#include -#include -#include -#include -#include "modsecurity/rules_set_properties.h" -#include "modsecurity/rules_set.h" +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" +#include "modsecurity/rules_set.h" + #include "src/utils/string.h" -#include "src/utils/system.h" namespace modsecurity { @@ -38,9 +30,9 @@ namespace actions { namespace transformations { -void UrlDecodeUni::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void UrlDecodeUni::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *input; input = reinterpret_cast @@ -64,7 +56,7 @@ void UrlDecodeUni::execute(Transaction *t, * IMP1 Assumes NUL-terminated */ int UrlDecodeUni::inplace(unsigned char *input, uint64_t input_len, - Transaction *t) { + const Transaction *t) { unsigned char *d = input; int64_t i, count, fact, j, xv; int Code, hmap = -1; diff --git a/src/actions/transformations/url_decode_uni.h b/src/actions/transformations/url_decode_uni.h index 4b739919..5f053fef 100644 --- a/src/actions/transformations/url_decode_uni.h +++ b/src/actions/transformations/url_decode_uni.h @@ -13,39 +13,43 @@ * */ + #include -#include "modsecurity/rules_set_properties.h" +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_UNI_H_ #define SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_UNI_H_ -#ifdef __cplusplus namespace modsecurity { -class Transaction; namespace actions { namespace transformations { + class UrlDecodeUni : public Transformation { public: - explicit UrlDecodeUni(const std::string &action) - : Transformation(action) { } + UrlDecodeUni() + : Action("t:urlDecodeUni") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; + private: static int inplace(unsigned char *input, uint64_t input_len, - Transaction *transaction); + const Transaction *transaction); }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_UNI_H_ diff --git a/src/actions/transformations/url_encode.cc b/src/actions/transformations/url_encode.cc index aa722883..139e2aa3 100644 --- a/src/actions/transformations/url_encode.cc +++ b/src/actions/transformations/url_encode.cc @@ -13,19 +13,18 @@ * */ + #include "src/actions/transformations/url_encode.h" -#include #include -#include -#include -#include -#include + +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/utils/string.h" + namespace modsecurity { namespace actions { namespace transformations { @@ -81,9 +80,9 @@ std::string UrlEncode::url_enc(const char *input, } -void UrlEncode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void UrlEncode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { int changed; std::string ret = url_enc(in.c_str(), in.size(), &changed); diff --git a/src/actions/transformations/url_encode.h b/src/actions/transformations/url_encode.h index d4d23e63..d6e342b1 100644 --- a/src/actions/transformations/url_encode.h +++ b/src/actions/transformations/url_encode.h @@ -13,38 +13,43 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_URL_ENCODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_URL_ENCODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class UrlEncode : public Transformation { public: - explicit UrlEncode(const std::string &action) - : Transformation(action) { }; + UrlEncode() + : Action("t:urlEncode") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; + private: static std::string url_enc(const char *input, unsigned int input_len, int *changed); }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_URL_ENCODE_H_ diff --git a/src/actions/transformations/utf8_to_unicode.cc b/src/actions/transformations/utf8_to_unicode.cc index ab848f4e..ad5f314e 100644 --- a/src/actions/transformations/utf8_to_unicode.cc +++ b/src/actions/transformations/utf8_to_unicode.cc @@ -13,18 +13,14 @@ * */ + #include "src/actions/transformations/utf8_to_unicode.h" -#include #include -#include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/utils/string.h" @@ -33,10 +29,9 @@ namespace actions { namespace transformations { -void Utf8ToUnicode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { - +void Utf8ToUnicode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *input; int changed = 0; char *out2; @@ -71,8 +66,8 @@ char *Utf8ToUnicode::inplace(unsigned char *input, unsigned char unicode[8]; *changed = 0; - /* RFC3629 states that UTF-8 are encoded using sequences of 1 to 4 octets. */ - /* Max size per character should fit in 4 bytes */ + /* RFC3629 states that UTF-8 are encoded using sequences of 1 to 4 */ + /* octets. Max size per character should fit in 4 bytes */ len = input_len * 4 + 1; data = reinterpret_cast(malloc(sizeof(char) * len)); if (data == NULL) { diff --git a/src/actions/transformations/utf8_to_unicode.h b/src/actions/transformations/utf8_to_unicode.h index ffc863bc..468d6dbf 100644 --- a/src/actions/transformations/utf8_to_unicode.h +++ b/src/actions/transformations/utf8_to_unicode.h @@ -13,40 +13,48 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_UTF8_TO_UNICODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_UTF8_TO_UNICODE_H_ -#define UNICODE_ERROR_CHARACTERS_MISSING -1 -#define UNICODE_ERROR_INVALID_ENCODING -2 -#define UNICODE_ERROR_OVERLONG_CHARACTER -3 -#define UNICODE_ERROR_RESTRICTED_CHARACTER -4 -#define UNICODE_ERROR_DECODING_ERROR -5 namespace modsecurity { -class Transaction; - namespace actions { namespace transformations { + class Utf8ToUnicode : public Transformation { public: - explicit Utf8ToUnicode(const std::string &action) - : Transformation(action) { } + Utf8ToUnicode() + : Action("t:utf8toUnicode") + { } + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + private: + enum UnicodeError { + UNICODE_ERROR_CHARACTERS_MISSING = -1, + UNICODE_ERROR_INVALID_ENCODING = -2, + UNICODE_ERROR_OVERLONG_CHARACTER = -3, + UNICODE_ERROR_RESTRICTED_CHARACTER = -4, + UNICODE_ERROR_DECODING_ERROR = -5 + }; static char *inplace(unsigned char *input, uint64_t input_len, int *changed); }; + } // namespace transformations } // namespace actions } // namespace modsecurity diff --git a/src/actions/ver.cc b/src/actions/ver.cc index a169bb23..5fa44344 100644 --- a/src/actions/ver.cc +++ b/src/actions/ver.cc @@ -13,25 +13,13 @@ * */ + #include "src/actions/ver.h" -#include -#include - -#include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "src/rule_with_actions.h" - namespace modsecurity { namespace actions { -bool Ver::execute(RuleWithActions *rule, Transaction *transaction) { - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/ver.h b/src/actions/ver.h index b568c007..d4420800 100644 --- a/src/actions/ver.h +++ b/src/actions/ver.h @@ -13,28 +13,33 @@ * */ + #include -#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" + #ifndef SRC_ACTIONS_VER_H_ #define SRC_ACTIONS_VER_H_ -class Transaction; namespace modsecurity { -class Transaction; namespace actions { -class Ver : public Action { +class Ver : public ActionTypeRuleMetaData { public: - explicit Ver(const std::string &action) : Action(action, ConfigurationKind) { } + explicit Ver(const std::string &action) + : Action(action), + m_version("") + { }; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + void configure(RuleWithActions *rule) override { + rule->setVersion(m_version); + } private: - std::string m_ver; + std::string m_version; }; diff --git a/src/actions/xmlns.cc b/src/actions/xmlns.cc index 7b90361b..512bc621 100644 --- a/src/actions/xmlns.cc +++ b/src/actions/xmlns.cc @@ -13,13 +13,13 @@ * */ + #include "src/actions/xmlns.h" -#include #include #include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" + namespace modsecurity { namespace actions { @@ -29,13 +29,13 @@ bool XmlNS::init(std::string *error) { size_t pos; std::string http = "http://"; - pos = m_parser_payload.find("="); + pos = m_parserPayload.find("="); if (pos == std::string::npos) { error->assign("XMLS: Bad format, missing equals sign."); return false; } - m_scope = std::string(m_parser_payload, 0, pos); - m_href = std::string(m_parser_payload, pos+1, m_parser_payload.size()); + m_scope = std::string(m_parserPayload, 0, pos); + m_href = std::string(m_parserPayload, pos+1, m_parserPayload.size()); if (m_href.empty() || m_scope.empty()) { error->assign("XMLS: XMLNS is invalid. Expecting a " \ diff --git a/src/actions/xmlns.h b/src/actions/xmlns.h index 9dae3347..d03b48b9 100644 --- a/src/actions/xmlns.h +++ b/src/actions/xmlns.h @@ -13,6 +13,7 @@ * */ + #include #include "modsecurity/actions/action.h" @@ -20,10 +21,8 @@ #ifndef SRC_ACTIONS_XMLNS_H_ #define SRC_ACTIONS_XMLNS_H_ -class Transaction; namespace modsecurity { -class Transaction; namespace actions { @@ -41,11 +40,6 @@ class XmlNS : public Action { m_href(o.m_href) { }; - - bool execute(RuleWithActions *rule, Transaction *transaction) override { - return true; - } - bool init(std::string *error) override; std::string getScope() const { @@ -65,4 +59,5 @@ class XmlNS : public Action { } // namespace actions } // namespace modsecurity + #endif // SRC_ACTIONS_XMLNS_H_ diff --git a/src/parser/seclang-parser.cc b/src/parser/seclang-parser.cc index 0450111a..433c0ee6 100644 --- a/src/parser/seclang-parser.cc +++ b/src/parser/seclang-parser.cc @@ -2286,7 +2286,7 @@ namespace yy { for (auto &i : *yystack_[0].value.as < std::unique_ptr > > > ().get()) { if (dynamic_cast(i.get())) { std::shared_ptr at = std::move(i); - std::shared_ptr t2 = std::static_pointer_cast(std::move(at)); + std::shared_ptr t2 = std::dynamic_pointer_cast(std::move(at)); t->push_back(std::move(t2)); } else { a->push_back(i.release()); @@ -2345,7 +2345,7 @@ namespace yy { for (auto &i : *yystack_[0].value.as < std::unique_ptr > > > ().get()) { if (dynamic_cast(i.get())) { std::shared_ptr at = std::move(i); - std::shared_ptr t2 = std::static_pointer_cast(std::move(at)); + std::shared_ptr t2 = std::dynamic_pointer_cast(std::move(at)); t->push_back(std::move(t2)); } else { a->push_back(i.release()); @@ -2371,7 +2371,7 @@ namespace yy { for (auto &i : *yystack_[0].value.as < std::unique_ptr > > > ().get()) { if (dynamic_cast(i.get())) { std::shared_ptr at = std::move(i); - std::shared_ptr t2 = std::static_pointer_cast(std::move(at)); + std::shared_ptr t2 = std::dynamic_pointer_cast(std::move(at)); t->push_back(std::move(t2)); } else { a->push_back(i.release()); @@ -2413,19 +2413,14 @@ namespace yy { hasDisruptive = true; } if (phase != NULL) { - definedPhase = phase->m_phase; - secRuleDefinedPhase = phase->m_secRulesPhase; + definedPhase = phase->getPhase(); + secRuleDefinedPhase = phase->getSecRulePhase(); delete phase; - } else if (a->m_actionKind == actions::Action::RunTimeOnlyIfMatchKind || - a->m_actionKind == actions::Action::RunTimeBeforeMatchAttemptKind) { - actions::transformations::None *none = dynamic_cast(a); - if (none != NULL) { - driver.error(yystack_[2].location, "The transformation none is not suitable to be part of the SecDefaultActions"); - YYERROR; - } + } else if (dynamic_cast(a) + && !dynamic_cast(a)) { checkedActions.push_back(a); } else { - driver.error(yystack_[2].location, "The action '" + *a->m_name.get() + "' is not suitable to be part of the SecDefaultActions"); + driver.error(yystack_[2].location, "The action '" + *a->getName() + "' is not suitable to be part of the SecDefaultActions"); YYERROR; } } @@ -2459,78 +2454,78 @@ namespace yy { delete actions; } -#line 2463 "seclang-parser.cc" +#line 2458 "seclang-parser.cc" break; case 80: // expression: "CONFIG_DIR_SEC_MARKER" -#line 1240 "seclang-parser.yy" +#line 1235 "seclang-parser.yy" { driver.addSecMarker(modsecurity::utils::string::removeBracketsIfNeeded(yystack_[0].value.as < std::string > ()), /* file name */ std::unique_ptr(new std::string(*yystack_[0].location.end.filename)), /* line number */ yystack_[0].location.end.line ); } -#line 2474 "seclang-parser.cc" +#line 2469 "seclang-parser.cc" break; case 81: // expression: "CONFIG_DIR_RULE_ENG" "CONFIG_VALUE_OFF" -#line 1247 "seclang-parser.yy" +#line 1242 "seclang-parser.yy" { driver.m_secRuleEngine = modsecurity::RulesSet::DisabledRuleEngine; } -#line 2482 "seclang-parser.cc" +#line 2477 "seclang-parser.cc" break; case 82: // expression: "CONFIG_DIR_RULE_ENG" "CONFIG_VALUE_ON" -#line 1251 "seclang-parser.yy" +#line 1246 "seclang-parser.yy" { driver.m_secRuleEngine = modsecurity::RulesSet::EnabledRuleEngine; } -#line 2490 "seclang-parser.cc" +#line 2485 "seclang-parser.cc" break; case 83: // expression: "CONFIG_DIR_RULE_ENG" "CONFIG_VALUE_DETC" -#line 1255 "seclang-parser.yy" +#line 1250 "seclang-parser.yy" { driver.m_secRuleEngine = modsecurity::RulesSet::DetectionOnlyRuleEngine; } -#line 2498 "seclang-parser.cc" +#line 2493 "seclang-parser.cc" break; case 84: // expression: "CONFIG_DIR_REQ_BODY" "CONFIG_VALUE_ON" -#line 1259 "seclang-parser.yy" +#line 1254 "seclang-parser.yy" { driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean; } -#line 2506 "seclang-parser.cc" +#line 2501 "seclang-parser.cc" break; case 85: // expression: "CONFIG_DIR_REQ_BODY" "CONFIG_VALUE_OFF" -#line 1263 "seclang-parser.yy" +#line 1258 "seclang-parser.yy" { driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::FalseConfigBoolean; } -#line 2514 "seclang-parser.cc" +#line 2509 "seclang-parser.cc" break; case 86: // expression: "CONFIG_DIR_RES_BODY" "CONFIG_VALUE_ON" -#line 1267 "seclang-parser.yy" +#line 1262 "seclang-parser.yy" { driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean; } -#line 2522 "seclang-parser.cc" +#line 2517 "seclang-parser.cc" break; case 87: // expression: "CONFIG_DIR_RES_BODY" "CONFIG_VALUE_OFF" -#line 1271 "seclang-parser.yy" +#line 1266 "seclang-parser.yy" { driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::FalseConfigBoolean; } -#line 2530 "seclang-parser.cc" +#line 2525 "seclang-parser.cc" break; case 88: // expression: "CONFIG_SEC_ARGUMENT_SEPARATOR" -#line 1275 "seclang-parser.yy" +#line 1270 "seclang-parser.yy" { if (yystack_[0].value.as < std::string > ().length() != 1) { driver.error(yystack_[1].location, "Argument separator should be set to a single character."); @@ -2539,259 +2534,259 @@ namespace yy { driver.m_secArgumentSeparator.m_value = yystack_[0].value.as < std::string > (); driver.m_secArgumentSeparator.m_set = true; } -#line 2543 "seclang-parser.cc" +#line 2538 "seclang-parser.cc" break; case 89: // expression: "CONFIG_COMPONENT_SIG" -#line 1284 "seclang-parser.yy" +#line 1279 "seclang-parser.yy" { driver.m_components.push_back(yystack_[0].value.as < std::string > ()); } -#line 2551 "seclang-parser.cc" +#line 2546 "seclang-parser.cc" break; case 90: // expression: "CONFIG_CONN_ENGINE" "CONFIG_VALUE_ON" -#line 1288 "seclang-parser.yy" +#line 1283 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecConnEngine is not yet supported."); YYERROR; } -#line 2560 "seclang-parser.cc" +#line 2555 "seclang-parser.cc" break; case 91: // expression: "CONFIG_CONN_ENGINE" "CONFIG_VALUE_OFF" -#line 1293 "seclang-parser.yy" +#line 1288 "seclang-parser.yy" { } -#line 2567 "seclang-parser.cc" +#line 2562 "seclang-parser.cc" break; case 92: // expression: "CONFIG_SEC_WEB_APP_ID" -#line 1296 "seclang-parser.yy" +#line 1291 "seclang-parser.yy" { driver.m_secWebAppId.m_value = yystack_[0].value.as < std::string > (); driver.m_secWebAppId.m_set = true; } -#line 2576 "seclang-parser.cc" +#line 2571 "seclang-parser.cc" break; case 93: // expression: "CONFIG_SEC_SERVER_SIG" -#line 1301 "seclang-parser.yy" +#line 1296 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecServerSignature is not supported."); YYERROR; } -#line 2585 "seclang-parser.cc" +#line 2580 "seclang-parser.cc" break; case 94: // expression: "CONFIG_SEC_CACHE_TRANSFORMATIONS" -#line 1306 "seclang-parser.yy" +#line 1301 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecCacheTransformations is not supported."); YYERROR; } -#line 2594 "seclang-parser.cc" +#line 2589 "seclang-parser.cc" break; case 95: // expression: "CONFIG_SEC_DISABLE_BACKEND_COMPRESS" "CONFIG_VALUE_ON" -#line 1311 "seclang-parser.yy" +#line 1306 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecDisableBackendCompression is not supported."); YYERROR; } -#line 2603 "seclang-parser.cc" +#line 2598 "seclang-parser.cc" break; case 96: // expression: "CONFIG_SEC_DISABLE_BACKEND_COMPRESS" "CONFIG_VALUE_OFF" -#line 1316 "seclang-parser.yy" +#line 1311 "seclang-parser.yy" { } -#line 2610 "seclang-parser.cc" +#line 2605 "seclang-parser.cc" break; case 97: // expression: "CONFIG_CONTENT_INJECTION" "CONFIG_VALUE_ON" -#line 1319 "seclang-parser.yy" +#line 1314 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecContentInjection is not yet supported."); YYERROR; } -#line 2619 "seclang-parser.cc" +#line 2614 "seclang-parser.cc" break; case 98: // expression: "CONFIG_CONTENT_INJECTION" "CONFIG_VALUE_OFF" -#line 1324 "seclang-parser.yy" +#line 1319 "seclang-parser.yy" { } -#line 2626 "seclang-parser.cc" +#line 2621 "seclang-parser.cc" break; case 99: // expression: "CONFIG_SEC_CHROOT_DIR" -#line 1327 "seclang-parser.yy" +#line 1322 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecChrootDir is not supported."); YYERROR; } -#line 2635 "seclang-parser.cc" +#line 2630 "seclang-parser.cc" break; case 100: // expression: "CONFIG_SEC_HASH_ENGINE" "CONFIG_VALUE_ON" -#line 1332 "seclang-parser.yy" +#line 1327 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecHashEngine is not yet supported."); YYERROR; } -#line 2644 "seclang-parser.cc" +#line 2639 "seclang-parser.cc" break; case 101: // expression: "CONFIG_SEC_HASH_ENGINE" "CONFIG_VALUE_OFF" -#line 1337 "seclang-parser.yy" +#line 1332 "seclang-parser.yy" { } -#line 2651 "seclang-parser.cc" +#line 2646 "seclang-parser.cc" break; case 102: // expression: "CONFIG_SEC_HASH_KEY" -#line 1340 "seclang-parser.yy" +#line 1335 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecHashKey is not yet supported."); YYERROR; } -#line 2660 "seclang-parser.cc" +#line 2655 "seclang-parser.cc" break; case 103: // expression: "CONFIG_SEC_HASH_PARAM" -#line 1345 "seclang-parser.yy" +#line 1340 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecHashParam is not yet supported."); YYERROR; } -#line 2669 "seclang-parser.cc" +#line 2664 "seclang-parser.cc" break; case 104: // expression: "CONFIG_SEC_HASH_METHOD_RX" -#line 1350 "seclang-parser.yy" +#line 1345 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecHashMethodRx is not yet supported."); YYERROR; } -#line 2678 "seclang-parser.cc" +#line 2673 "seclang-parser.cc" break; case 105: // expression: "CONFIG_SEC_HASH_METHOD_PM" -#line 1355 "seclang-parser.yy" +#line 1350 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecHashMethodPm is not yet supported."); YYERROR; } -#line 2687 "seclang-parser.cc" +#line 2682 "seclang-parser.cc" break; case 106: // expression: "CONFIG_DIR_GSB_DB" -#line 1360 "seclang-parser.yy" +#line 1355 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecGsbLookupDb is not supported."); YYERROR; } -#line 2696 "seclang-parser.cc" +#line 2691 "seclang-parser.cc" break; case 107: // expression: "CONFIG_SEC_GUARDIAN_LOG" -#line 1365 "seclang-parser.yy" +#line 1360 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecGuardianLog is not supported."); YYERROR; } -#line 2705 "seclang-parser.cc" +#line 2700 "seclang-parser.cc" break; case 108: // expression: "CONFIG_SEC_INTERCEPT_ON_ERROR" "CONFIG_VALUE_ON" -#line 1370 "seclang-parser.yy" +#line 1365 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecInterceptOnError is not yet supported."); YYERROR; } -#line 2714 "seclang-parser.cc" +#line 2709 "seclang-parser.cc" break; case 109: // expression: "CONFIG_SEC_INTERCEPT_ON_ERROR" "CONFIG_VALUE_OFF" -#line 1375 "seclang-parser.yy" +#line 1370 "seclang-parser.yy" { } -#line 2721 "seclang-parser.cc" +#line 2716 "seclang-parser.cc" break; case 110: // expression: "CONFIG_SEC_CONN_R_STATE_LIMIT" -#line 1378 "seclang-parser.yy" +#line 1373 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecConnReadStateLimit is not yet supported."); YYERROR; } -#line 2730 "seclang-parser.cc" +#line 2725 "seclang-parser.cc" break; case 111: // expression: "CONFIG_SEC_CONN_W_STATE_LIMIT" -#line 1383 "seclang-parser.yy" +#line 1378 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecConnWriteStateLimit is not yet supported."); YYERROR; } -#line 2739 "seclang-parser.cc" +#line 2734 "seclang-parser.cc" break; case 112: // expression: "CONFIG_SEC_SENSOR_ID" -#line 1388 "seclang-parser.yy" +#line 1383 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecSensorId is not yet supported."); YYERROR; } -#line 2748 "seclang-parser.cc" +#line 2743 "seclang-parser.cc" break; case 113: // expression: "CONFIG_SEC_RULE_INHERITANCE" "CONFIG_VALUE_ON" -#line 1393 "seclang-parser.yy" +#line 1388 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecRuleInheritance is not yet supported."); YYERROR; } -#line 2757 "seclang-parser.cc" +#line 2752 "seclang-parser.cc" break; case 114: // expression: "CONFIG_SEC_RULE_INHERITANCE" "CONFIG_VALUE_OFF" -#line 1398 "seclang-parser.yy" +#line 1393 "seclang-parser.yy" { } -#line 2764 "seclang-parser.cc" +#line 2759 "seclang-parser.cc" break; case 115: // expression: "CONFIG_SEC_RULE_PERF_TIME" -#line 1401 "seclang-parser.yy" +#line 1396 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecRulePerfTime is not yet supported."); YYERROR; } -#line 2773 "seclang-parser.cc" +#line 2768 "seclang-parser.cc" break; case 116: // expression: "CONFIG_SEC_STREAM_IN_BODY_INSPECTION" -#line 1406 "seclang-parser.yy" +#line 1401 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecStreamInBodyInspection is not supported."); YYERROR; } -#line 2782 "seclang-parser.cc" +#line 2777 "seclang-parser.cc" break; case 117: // expression: "CONFIG_SEC_STREAM_OUT_BODY_INSPECTION" -#line 1411 "seclang-parser.yy" +#line 1406 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecStreamOutBodyInspection is not supported."); YYERROR; } -#line 2791 "seclang-parser.cc" +#line 2786 "seclang-parser.cc" break; case 118: // expression: "CONFIG_SEC_RULE_REMOVE_BY_ID" -#line 1416 "seclang-parser.yy" +#line 1411 "seclang-parser.yy" { std::string error; if (driver.m_exceptions.load(yystack_[0].value.as < std::string > (), &error) == false) { @@ -2804,11 +2799,11 @@ namespace yy { YYERROR; } } -#line 2808 "seclang-parser.cc" +#line 2803 "seclang-parser.cc" break; case 119: // expression: "CONFIG_SEC_RULE_REMOVE_BY_TAG" -#line 1429 "seclang-parser.yy" +#line 1424 "seclang-parser.yy" { std::string error; if (driver.m_exceptions.loadRemoveRuleByTag(yystack_[0].value.as < std::string > (), &error) == false) { @@ -2821,11 +2816,11 @@ namespace yy { YYERROR; } } -#line 2825 "seclang-parser.cc" +#line 2820 "seclang-parser.cc" break; case 120: // expression: "CONFIG_SEC_RULE_REMOVE_BY_MSG" -#line 1442 "seclang-parser.yy" +#line 1437 "seclang-parser.yy" { std::string error; if (driver.m_exceptions.loadRemoveRuleByMsg(yystack_[0].value.as < std::string > (), &error) == false) { @@ -2838,11 +2833,11 @@ namespace yy { YYERROR; } } -#line 2842 "seclang-parser.cc" +#line 2837 "seclang-parser.cc" break; case 121: // expression: "CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG" variables_pre_process -#line 1455 "seclang-parser.yy" +#line 1450 "seclang-parser.yy" { std::string error; if (driver.m_exceptions.loadUpdateTargetByTag(yystack_[1].value.as < std::string > (), std::move(yystack_[0].value.as < std::unique_ptr > > > ()), &error) == false) { @@ -2855,11 +2850,11 @@ namespace yy { YYERROR; } } -#line 2859 "seclang-parser.cc" +#line 2854 "seclang-parser.cc" break; case 122: // expression: "CONFIG_SEC_RULE_UPDATE_TARGET_BY_MSG" variables_pre_process -#line 1468 "seclang-parser.yy" +#line 1463 "seclang-parser.yy" { std::string error; if (driver.m_exceptions.loadUpdateTargetByMsg(yystack_[1].value.as < std::string > (), std::move(yystack_[0].value.as < std::unique_ptr > > > ()), &error) == false) { @@ -2872,11 +2867,11 @@ namespace yy { YYERROR; } } -#line 2876 "seclang-parser.cc" +#line 2871 "seclang-parser.cc" break; case 123: // expression: "CONFIG_SEC_RULE_UPDATE_TARGET_BY_ID" variables_pre_process -#line 1481 "seclang-parser.yy" +#line 1476 "seclang-parser.yy" { std::string error; double ruleId; @@ -2902,11 +2897,11 @@ namespace yy { YYERROR; } } -#line 2906 "seclang-parser.cc" +#line 2901 "seclang-parser.cc" break; case 124: // expression: "CONFIG_SEC_RULE_UPDATE_ACTION_BY_ID" actions -#line 1507 "seclang-parser.yy" +#line 1502 "seclang-parser.yy" { std::string error; double ruleId; @@ -2933,11 +2928,11 @@ namespace yy { YYERROR; } } -#line 2937 "seclang-parser.cc" +#line 2932 "seclang-parser.cc" break; case 125: // expression: "CONFIG_DIR_DEBUG_LVL" -#line 1535 "seclang-parser.yy" +#line 1530 "seclang-parser.yy" { if (driver.m_debugLog != NULL) { driver.m_debugLog->setDebugLogLevel(atoi(yystack_[0].value.as < std::string > ().c_str())); @@ -2949,11 +2944,11 @@ namespace yy { YYERROR; } } -#line 2953 "seclang-parser.cc" +#line 2948 "seclang-parser.cc" break; case 126: // expression: "CONFIG_DIR_DEBUG_LOG" -#line 1547 "seclang-parser.yy" +#line 1542 "seclang-parser.yy" { if (driver.m_debugLog != NULL) { std::string error; @@ -2972,11 +2967,11 @@ namespace yy { YYERROR; } } -#line 2976 "seclang-parser.cc" +#line 2971 "seclang-parser.cc" break; case 127: // expression: "CONFIG_DIR_GEO_DB" -#line 1567 "seclang-parser.yy" +#line 1562 "seclang-parser.yy" { #if defined(WITH_GEOIP) or defined(WITH_MAXMIND) std::string err; @@ -3003,38 +2998,38 @@ namespace yy { YYERROR; #endif // WITH_GEOIP } -#line 3007 "seclang-parser.cc" +#line 3002 "seclang-parser.cc" break; case 128: // expression: "CONFIG_DIR_ARGS_LIMIT" -#line 1594 "seclang-parser.yy" +#line 1589 "seclang-parser.yy" { driver.m_argumentsLimit.m_set = true; driver.m_argumentsLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str()); } -#line 3016 "seclang-parser.cc" +#line 3011 "seclang-parser.cc" break; case 129: // expression: "CONFIG_DIR_REQ_BODY_LIMIT" -#line 1600 "seclang-parser.yy" +#line 1595 "seclang-parser.yy" { driver.m_requestBodyLimit.m_set = true; driver.m_requestBodyLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str()); } -#line 3025 "seclang-parser.cc" +#line 3020 "seclang-parser.cc" break; case 130: // expression: "CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT" -#line 1605 "seclang-parser.yy" +#line 1600 "seclang-parser.yy" { driver.m_requestBodyNoFilesLimit.m_set = true; driver.m_requestBodyNoFilesLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str()); } -#line 3034 "seclang-parser.cc" +#line 3029 "seclang-parser.cc" break; case 131: // expression: "CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT" -#line 1610 "seclang-parser.yy" +#line 1605 "seclang-parser.yy" { std::stringstream ss; ss << "As of ModSecurity version 3.0, SecRequestBodyInMemoryLimit is no longer "; @@ -3043,68 +3038,68 @@ namespace yy { driver.error(yystack_[1].location, ss.str()); YYERROR; } -#line 3047 "seclang-parser.cc" +#line 3042 "seclang-parser.cc" break; case 132: // expression: "CONFIG_DIR_RES_BODY_LIMIT" -#line 1619 "seclang-parser.yy" +#line 1614 "seclang-parser.yy" { driver.m_responseBodyLimit.m_set = true; driver.m_responseBodyLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str()); } -#line 3056 "seclang-parser.cc" +#line 3051 "seclang-parser.cc" break; case 133: // expression: "CONFIG_DIR_REQ_BODY_LIMIT_ACTION" "CONFIG_VALUE_PROCESS_PARTIAL" -#line 1624 "seclang-parser.yy" +#line 1619 "seclang-parser.yy" { driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction; } -#line 3064 "seclang-parser.cc" +#line 3059 "seclang-parser.cc" break; case 134: // expression: "CONFIG_DIR_REQ_BODY_LIMIT_ACTION" "CONFIG_VALUE_REJECT" -#line 1628 "seclang-parser.yy" +#line 1623 "seclang-parser.yy" { driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction; } -#line 3072 "seclang-parser.cc" +#line 3067 "seclang-parser.cc" break; case 135: // expression: "CONFIG_DIR_RES_BODY_LIMIT_ACTION" "CONFIG_VALUE_PROCESS_PARTIAL" -#line 1632 "seclang-parser.yy" +#line 1627 "seclang-parser.yy" { driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction; } -#line 3080 "seclang-parser.cc" +#line 3075 "seclang-parser.cc" break; case 136: // expression: "CONFIG_DIR_RES_BODY_LIMIT_ACTION" "CONFIG_VALUE_REJECT" -#line 1636 "seclang-parser.yy" +#line 1631 "seclang-parser.yy" { driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction; } -#line 3088 "seclang-parser.cc" +#line 3083 "seclang-parser.cc" break; case 137: // expression: "CONFIG_SEC_REMOTE_RULES_FAIL_ACTION" "CONFIG_VALUE_ABORT" -#line 1640 "seclang-parser.yy" +#line 1635 "seclang-parser.yy" { driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction; } -#line 3096 "seclang-parser.cc" +#line 3091 "seclang-parser.cc" break; case 138: // expression: "CONFIG_SEC_REMOTE_RULES_FAIL_ACTION" "CONFIG_VALUE_WARN" -#line 1644 "seclang-parser.yy" +#line 1639 "seclang-parser.yy" { driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction; } -#line 3104 "seclang-parser.cc" +#line 3099 "seclang-parser.cc" break; case 141: // expression: "CONGIG_DIR_RESPONSE_BODY_MP" -#line 1658 "seclang-parser.yy" +#line 1653 "seclang-parser.yy" { std::istringstream buf(yystack_[0].value.as < std::string > ()); std::istream_iterator beg(buf), end; @@ -3116,37 +3111,37 @@ namespace yy { driver.m_responseBodyTypeToBeInspected.m_value.insert(*it); } } -#line 3120 "seclang-parser.cc" +#line 3115 "seclang-parser.cc" break; case 142: // expression: "CONGIG_DIR_RESPONSE_BODY_MP_CLEAR" -#line 1670 "seclang-parser.yy" +#line 1665 "seclang-parser.yy" { driver.m_responseBodyTypeToBeInspected.m_set = true; driver.m_responseBodyTypeToBeInspected.m_clear = true; driver.m_responseBodyTypeToBeInspected.m_value.clear(); } -#line 3130 "seclang-parser.cc" +#line 3125 "seclang-parser.cc" break; case 143: // expression: "CONFIG_XML_EXTERNAL_ENTITY" "CONFIG_VALUE_OFF" -#line 1676 "seclang-parser.yy" +#line 1671 "seclang-parser.yy" { driver.m_secXMLExternalEntity = modsecurity::RulesSetProperties::FalseConfigBoolean; } -#line 3138 "seclang-parser.cc" +#line 3133 "seclang-parser.cc" break; case 144: // expression: "CONFIG_XML_EXTERNAL_ENTITY" "CONFIG_VALUE_ON" -#line 1680 "seclang-parser.yy" +#line 1675 "seclang-parser.yy" { driver.m_secXMLExternalEntity = modsecurity::RulesSetProperties::TrueConfigBoolean; } -#line 3146 "seclang-parser.cc" +#line 3141 "seclang-parser.cc" break; case 145: // expression: "CONGIG_DIR_SEC_TMP_DIR" -#line 1684 "seclang-parser.yy" +#line 1679 "seclang-parser.yy" { /* Parser error disabled to avoid breaking default installations with modsecurity.conf-recommended std::stringstream ss; @@ -3157,31 +3152,31 @@ namespace yy { YYERROR; */ } -#line 3161 "seclang-parser.cc" +#line 3156 "seclang-parser.cc" break; case 148: // expression: "CONGIG_DIR_SEC_COOKIE_FORMAT" -#line 1705 "seclang-parser.yy" +#line 1700 "seclang-parser.yy" { if (atoi(yystack_[0].value.as < std::string > ().c_str()) == 1) { driver.error(yystack_[1].location, "SecCookieFormat 1 is not yet supported."); YYERROR; } } -#line 3172 "seclang-parser.cc" +#line 3167 "seclang-parser.cc" break; case 149: // expression: "CONFIG_SEC_COOKIEV0_SEPARATOR" -#line 1712 "seclang-parser.yy" +#line 1707 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecCookieV0Separator is not yet supported."); YYERROR; } -#line 3181 "seclang-parser.cc" +#line 3176 "seclang-parser.cc" break; case 151: // expression: "CONFIG_DIR_UNICODE_MAP_FILE" -#line 1722 "seclang-parser.yy" +#line 1717 "seclang-parser.yy" { std::string error; std::vector param; @@ -3235,31 +3230,31 @@ namespace yy { } } -#line 3239 "seclang-parser.cc" +#line 3234 "seclang-parser.cc" break; case 152: // expression: "CONFIG_SEC_COLLECTION_TIMEOUT" -#line 1776 "seclang-parser.yy" +#line 1771 "seclang-parser.yy" { /* Parser error disabled to avoid breaking default CRS installations with crs-setup.conf-recommended driver.error(@0, "SecCollectionTimeout is not yet supported."); YYERROR; */ } -#line 3250 "seclang-parser.cc" +#line 3245 "seclang-parser.cc" break; case 153: // expression: "CONFIG_SEC_HTTP_BLKEY" -#line 1783 "seclang-parser.yy" +#line 1778 "seclang-parser.yy" { driver.m_httpblKey.m_set = true; driver.m_httpblKey.m_value = yystack_[0].value.as < std::string > (); } -#line 3259 "seclang-parser.cc" +#line 3254 "seclang-parser.cc" break; case 154: // variables: variables_pre_process -#line 1791 "seclang-parser.yy" +#line 1786 "seclang-parser.yy" { std::unique_ptr > > originalList = std::move(yystack_[0].value.as < std::unique_ptr > > > ()); std::unique_ptr>> newList(new std::vector>()); @@ -3293,2363 +3288,2363 @@ namespace yy { } yylhs.value.as < std::unique_ptr > > > () = std::move(newNewList); } -#line 3297 "seclang-parser.cc" +#line 3292 "seclang-parser.cc" break; case 155: // variables_pre_process: variables_may_be_quoted -#line 1828 "seclang-parser.yy" +#line 1823 "seclang-parser.yy" { yylhs.value.as < std::unique_ptr > > > () = std::move(yystack_[0].value.as < std::unique_ptr > > > ()); } -#line 3305 "seclang-parser.cc" +#line 3300 "seclang-parser.cc" break; case 156: // variables_pre_process: "QUOTATION_MARK" variables_may_be_quoted "QUOTATION_MARK" -#line 1832 "seclang-parser.yy" +#line 1827 "seclang-parser.yy" { yylhs.value.as < std::unique_ptr > > > () = std::move(yystack_[1].value.as < std::unique_ptr > > > ()); } -#line 3313 "seclang-parser.cc" +#line 3308 "seclang-parser.cc" break; case 157: // variables_may_be_quoted: variables_may_be_quoted PIPE var -#line 1839 "seclang-parser.yy" +#line 1834 "seclang-parser.yy" { yystack_[2].value.as < std::unique_ptr > > > ()->push_back(std::move(yystack_[0].value.as < std::unique_ptr > ())); yylhs.value.as < std::unique_ptr > > > () = std::move(yystack_[2].value.as < std::unique_ptr > > > ()); } -#line 3322 "seclang-parser.cc" +#line 3317 "seclang-parser.cc" break; case 158: // variables_may_be_quoted: variables_may_be_quoted PIPE VAR_EXCLUSION var -#line 1844 "seclang-parser.yy" +#line 1839 "seclang-parser.yy" { std::unique_ptr c(new VariableModificatorExclusion(std::move(yystack_[0].value.as < std::unique_ptr > ()))); yystack_[3].value.as < std::unique_ptr > > > ()->push_back(std::move(c)); yylhs.value.as < std::unique_ptr > > > () = std::move(yystack_[3].value.as < std::unique_ptr > > > ()); } -#line 3332 "seclang-parser.cc" +#line 3327 "seclang-parser.cc" break; case 159: // variables_may_be_quoted: variables_may_be_quoted PIPE VAR_COUNT var -#line 1850 "seclang-parser.yy" +#line 1845 "seclang-parser.yy" { std::unique_ptr c(new VariableModificatorCount(std::move(yystack_[0].value.as < std::unique_ptr > ()))); yystack_[3].value.as < std::unique_ptr > > > ()->push_back(std::move(c)); yylhs.value.as < std::unique_ptr > > > () = std::move(yystack_[3].value.as < std::unique_ptr > > > ()); } -#line 3342 "seclang-parser.cc" +#line 3337 "seclang-parser.cc" break; case 160: // variables_may_be_quoted: var -#line 1856 "seclang-parser.yy" +#line 1851 "seclang-parser.yy" { std::unique_ptr>> b(new std::vector>()); b->push_back(std::move(yystack_[0].value.as < std::unique_ptr > ())); yylhs.value.as < std::unique_ptr > > > () = std::move(b); } -#line 3352 "seclang-parser.cc" +#line 3347 "seclang-parser.cc" break; case 161: // variables_may_be_quoted: VAR_EXCLUSION var -#line 1862 "seclang-parser.yy" +#line 1857 "seclang-parser.yy" { std::unique_ptr>> b(new std::vector>()); std::unique_ptr c(new VariableModificatorExclusion(std::move(yystack_[0].value.as < std::unique_ptr > ()))); b->push_back(std::move(c)); yylhs.value.as < std::unique_ptr > > > () = std::move(b); } -#line 3363 "seclang-parser.cc" +#line 3358 "seclang-parser.cc" break; case 162: // variables_may_be_quoted: VAR_COUNT var -#line 1869 "seclang-parser.yy" +#line 1864 "seclang-parser.yy" { std::unique_ptr>> b(new std::vector>()); std::unique_ptr c(new VariableModificatorCount(std::move(yystack_[0].value.as < std::unique_ptr > ()))); b->push_back(std::move(c)); yylhs.value.as < std::unique_ptr > > > () = std::move(b); } -#line 3374 "seclang-parser.cc" +#line 3369 "seclang-parser.cc" break; case 163: // var: VARIABLE_ARGS "Dictionary element" -#line 1879 "seclang-parser.yy" +#line 1874 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Args_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3382 "seclang-parser.cc" +#line 3377 "seclang-parser.cc" break; case 164: // var: VARIABLE_ARGS "Dictionary element, selected by regexp" -#line 1883 "seclang-parser.yy" +#line 1878 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Args_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3390 "seclang-parser.cc" +#line 3385 "seclang-parser.cc" break; case 165: // var: VARIABLE_ARGS -#line 1887 "seclang-parser.yy" +#line 1882 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Args_NoDictElement()); } -#line 3398 "seclang-parser.cc" +#line 3393 "seclang-parser.cc" break; case 166: // var: VARIABLE_ARGS_POST "Dictionary element" -#line 1891 "seclang-parser.yy" +#line 1886 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPost_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3406 "seclang-parser.cc" +#line 3401 "seclang-parser.cc" break; case 167: // var: VARIABLE_ARGS_POST "Dictionary element, selected by regexp" -#line 1895 "seclang-parser.yy" +#line 1890 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPost_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3414 "seclang-parser.cc" +#line 3409 "seclang-parser.cc" break; case 168: // var: VARIABLE_ARGS_POST -#line 1899 "seclang-parser.yy" +#line 1894 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPost_NoDictElement()); } -#line 3422 "seclang-parser.cc" +#line 3417 "seclang-parser.cc" break; case 169: // var: VARIABLE_ARGS_GET "Dictionary element" -#line 1903 "seclang-parser.yy" +#line 1898 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGet_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3430 "seclang-parser.cc" +#line 3425 "seclang-parser.cc" break; case 170: // var: VARIABLE_ARGS_GET "Dictionary element, selected by regexp" -#line 1907 "seclang-parser.yy" +#line 1902 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGet_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3438 "seclang-parser.cc" +#line 3433 "seclang-parser.cc" break; case 171: // var: VARIABLE_ARGS_GET -#line 1911 "seclang-parser.yy" +#line 1906 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGet_NoDictElement()); } -#line 3446 "seclang-parser.cc" +#line 3441 "seclang-parser.cc" break; case 172: // var: VARIABLE_FILES_SIZES "Dictionary element" -#line 1915 "seclang-parser.yy" +#line 1910 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesSizes_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3454 "seclang-parser.cc" +#line 3449 "seclang-parser.cc" break; case 173: // var: VARIABLE_FILES_SIZES "Dictionary element, selected by regexp" -#line 1919 "seclang-parser.yy" +#line 1914 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesSizes_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3462 "seclang-parser.cc" +#line 3457 "seclang-parser.cc" break; case 174: // var: VARIABLE_FILES_SIZES -#line 1923 "seclang-parser.yy" +#line 1918 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesSizes_NoDictElement()); } -#line 3470 "seclang-parser.cc" +#line 3465 "seclang-parser.cc" break; case 175: // var: VARIABLE_FILES_NAMES "Dictionary element" -#line 1927 "seclang-parser.yy" +#line 1922 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3478 "seclang-parser.cc" +#line 3473 "seclang-parser.cc" break; case 176: // var: VARIABLE_FILES_NAMES "Dictionary element, selected by regexp" -#line 1931 "seclang-parser.yy" +#line 1926 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3486 "seclang-parser.cc" +#line 3481 "seclang-parser.cc" break; case 177: // var: VARIABLE_FILES_NAMES -#line 1935 "seclang-parser.yy" +#line 1930 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesNames_NoDictElement()); } -#line 3494 "seclang-parser.cc" +#line 3489 "seclang-parser.cc" break; case 178: // var: VARIABLE_FILES_TMP_CONTENT "Dictionary element" -#line 1939 "seclang-parser.yy" +#line 1934 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpContent_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3502 "seclang-parser.cc" +#line 3497 "seclang-parser.cc" break; case 179: // var: VARIABLE_FILES_TMP_CONTENT "Dictionary element, selected by regexp" -#line 1943 "seclang-parser.yy" +#line 1938 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpContent_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3510 "seclang-parser.cc" +#line 3505 "seclang-parser.cc" break; case 180: // var: VARIABLE_FILES_TMP_CONTENT -#line 1947 "seclang-parser.yy" +#line 1942 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpContent_NoDictElement()); } -#line 3518 "seclang-parser.cc" +#line 3513 "seclang-parser.cc" break; case 181: // var: VARIABLE_MULTIPART_FILENAME "Dictionary element" -#line 1951 "seclang-parser.yy" +#line 1946 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartFileName_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3526 "seclang-parser.cc" +#line 3521 "seclang-parser.cc" break; case 182: // var: VARIABLE_MULTIPART_FILENAME "Dictionary element, selected by regexp" -#line 1955 "seclang-parser.yy" +#line 1950 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartFileName_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3534 "seclang-parser.cc" +#line 3529 "seclang-parser.cc" break; case 183: // var: VARIABLE_MULTIPART_FILENAME -#line 1959 "seclang-parser.yy" +#line 1954 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartFileName_NoDictElement()); } -#line 3542 "seclang-parser.cc" +#line 3537 "seclang-parser.cc" break; case 184: // var: VARIABLE_MULTIPART_NAME "Dictionary element" -#line 1963 "seclang-parser.yy" +#line 1958 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartName_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3550 "seclang-parser.cc" +#line 3545 "seclang-parser.cc" break; case 185: // var: VARIABLE_MULTIPART_NAME "Dictionary element, selected by regexp" -#line 1967 "seclang-parser.yy" +#line 1962 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartName_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3558 "seclang-parser.cc" +#line 3553 "seclang-parser.cc" break; case 186: // var: VARIABLE_MULTIPART_NAME -#line 1971 "seclang-parser.yy" +#line 1966 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartName_NoDictElement()); } -#line 3566 "seclang-parser.cc" +#line 3561 "seclang-parser.cc" break; case 187: // var: VARIABLE_MATCHED_VARS_NAMES "Dictionary element" -#line 1975 "seclang-parser.yy" +#line 1970 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVarsNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3574 "seclang-parser.cc" +#line 3569 "seclang-parser.cc" break; case 188: // var: VARIABLE_MATCHED_VARS_NAMES "Dictionary element, selected by regexp" -#line 1979 "seclang-parser.yy" +#line 1974 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVarsNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3582 "seclang-parser.cc" +#line 3577 "seclang-parser.cc" break; case 189: // var: VARIABLE_MATCHED_VARS_NAMES -#line 1983 "seclang-parser.yy" +#line 1978 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVarsNames_NoDictElement()); } -#line 3590 "seclang-parser.cc" +#line 3585 "seclang-parser.cc" break; case 190: // var: VARIABLE_MATCHED_VARS "Dictionary element" -#line 1987 "seclang-parser.yy" +#line 1982 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVars_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3598 "seclang-parser.cc" +#line 3593 "seclang-parser.cc" break; case 191: // var: VARIABLE_MATCHED_VARS "Dictionary element, selected by regexp" -#line 1991 "seclang-parser.yy" +#line 1986 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVars_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3606 "seclang-parser.cc" +#line 3601 "seclang-parser.cc" break; case 192: // var: VARIABLE_MATCHED_VARS -#line 1995 "seclang-parser.yy" +#line 1990 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVars_NoDictElement()); } -#line 3614 "seclang-parser.cc" +#line 3609 "seclang-parser.cc" break; case 193: // var: VARIABLE_FILES "Dictionary element" -#line 1999 "seclang-parser.yy" +#line 1994 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Files_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3622 "seclang-parser.cc" +#line 3617 "seclang-parser.cc" break; case 194: // var: VARIABLE_FILES "Dictionary element, selected by regexp" -#line 2003 "seclang-parser.yy" +#line 1998 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Files_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3630 "seclang-parser.cc" +#line 3625 "seclang-parser.cc" break; case 195: // var: VARIABLE_FILES -#line 2007 "seclang-parser.yy" +#line 2002 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Files_NoDictElement()); } -#line 3638 "seclang-parser.cc" +#line 3633 "seclang-parser.cc" break; case 196: // var: VARIABLE_REQUEST_COOKIES "Dictionary element" -#line 2011 "seclang-parser.yy" +#line 2006 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookies_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3646 "seclang-parser.cc" +#line 3641 "seclang-parser.cc" break; case 197: // var: VARIABLE_REQUEST_COOKIES "Dictionary element, selected by regexp" -#line 2015 "seclang-parser.yy" +#line 2010 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookies_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3654 "seclang-parser.cc" +#line 3649 "seclang-parser.cc" break; case 198: // var: VARIABLE_REQUEST_COOKIES -#line 2019 "seclang-parser.yy" +#line 2014 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookies_NoDictElement()); } -#line 3662 "seclang-parser.cc" +#line 3657 "seclang-parser.cc" break; case 199: // var: VARIABLE_REQUEST_HEADERS "Dictionary element" -#line 2023 "seclang-parser.yy" +#line 2018 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeaders_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3670 "seclang-parser.cc" +#line 3665 "seclang-parser.cc" break; case 200: // var: VARIABLE_REQUEST_HEADERS "Dictionary element, selected by regexp" -#line 2027 "seclang-parser.yy" +#line 2022 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeaders_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3678 "seclang-parser.cc" +#line 3673 "seclang-parser.cc" break; case 201: // var: VARIABLE_REQUEST_HEADERS -#line 2031 "seclang-parser.yy" +#line 2026 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeaders_NoDictElement()); } -#line 3686 "seclang-parser.cc" +#line 3681 "seclang-parser.cc" break; case 202: // var: VARIABLE_RESPONSE_HEADERS "Dictionary element" -#line 2035 "seclang-parser.yy" +#line 2030 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeaders_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3694 "seclang-parser.cc" +#line 3689 "seclang-parser.cc" break; case 203: // var: VARIABLE_RESPONSE_HEADERS "Dictionary element, selected by regexp" -#line 2039 "seclang-parser.yy" +#line 2034 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeaders_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3702 "seclang-parser.cc" +#line 3697 "seclang-parser.cc" break; case 204: // var: VARIABLE_RESPONSE_HEADERS -#line 2043 "seclang-parser.yy" +#line 2038 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeaders_NoDictElement()); } -#line 3710 "seclang-parser.cc" +#line 3705 "seclang-parser.cc" break; case 205: // var: VARIABLE_GEO "Dictionary element" -#line 2047 "seclang-parser.yy" +#line 2042 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Geo_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3718 "seclang-parser.cc" +#line 3713 "seclang-parser.cc" break; case 206: // var: VARIABLE_GEO "Dictionary element, selected by regexp" -#line 2051 "seclang-parser.yy" +#line 2046 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Geo_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3726 "seclang-parser.cc" +#line 3721 "seclang-parser.cc" break; case 207: // var: VARIABLE_GEO -#line 2055 "seclang-parser.yy" +#line 2050 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Geo_NoDictElement()); } -#line 3734 "seclang-parser.cc" +#line 3729 "seclang-parser.cc" break; case 208: // var: VARIABLE_REQUEST_COOKIES_NAMES "Dictionary element" -#line 2059 "seclang-parser.yy" +#line 2054 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookiesNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3742 "seclang-parser.cc" +#line 3737 "seclang-parser.cc" break; case 209: // var: VARIABLE_REQUEST_COOKIES_NAMES "Dictionary element, selected by regexp" -#line 2063 "seclang-parser.yy" +#line 2058 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookiesNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3750 "seclang-parser.cc" +#line 3745 "seclang-parser.cc" break; case 210: // var: VARIABLE_REQUEST_COOKIES_NAMES -#line 2067 "seclang-parser.yy" +#line 2062 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookiesNames_NoDictElement()); } -#line 3758 "seclang-parser.cc" +#line 3753 "seclang-parser.cc" break; case 211: // var: VARIABLE_RULE "Dictionary element" -#line 2071 "seclang-parser.yy" +#line 2066 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Rule_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3766 "seclang-parser.cc" +#line 3761 "seclang-parser.cc" break; case 212: // var: VARIABLE_RULE "Dictionary element, selected by regexp" -#line 2075 "seclang-parser.yy" +#line 2070 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Rule_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3774 "seclang-parser.cc" +#line 3769 "seclang-parser.cc" break; case 213: // var: VARIABLE_RULE -#line 2079 "seclang-parser.yy" +#line 2074 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Rule_NoDictElement()); } -#line 3782 "seclang-parser.cc" +#line 3777 "seclang-parser.cc" break; case 214: // var: "RUN_TIME_VAR_ENV" "Dictionary element" -#line 2083 "seclang-parser.yy" +#line 2078 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Env("ENV:" + yystack_[0].value.as < std::string > ())); } -#line 3790 "seclang-parser.cc" +#line 3785 "seclang-parser.cc" break; case 215: // var: "RUN_TIME_VAR_ENV" "Dictionary element, selected by regexp" -#line 2087 "seclang-parser.yy" +#line 2082 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Env("ENV:" + yystack_[0].value.as < std::string > ())); } -#line 3798 "seclang-parser.cc" +#line 3793 "seclang-parser.cc" break; case 216: // var: "RUN_TIME_VAR_ENV" -#line 2091 "seclang-parser.yy" +#line 2086 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Env("ENV")); } -#line 3806 "seclang-parser.cc" +#line 3801 "seclang-parser.cc" break; case 217: // var: "RUN_TIME_VAR_XML" "Dictionary element" -#line 2095 "seclang-parser.yy" +#line 2090 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::XML_WithNSPath(yystack_[0].value.as < std::string > ())); } -#line 3814 "seclang-parser.cc" +#line 3809 "seclang-parser.cc" break; case 218: // var: "RUN_TIME_VAR_XML" "Dictionary element, selected by regexp" -#line 2099 "seclang-parser.yy" +#line 2094 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::XML_WithNSPath(yystack_[0].value.as < std::string > ())); } -#line 3822 "seclang-parser.cc" +#line 3817 "seclang-parser.cc" break; case 219: // var: "RUN_TIME_VAR_XML" -#line 2103 "seclang-parser.yy" +#line 2098 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::XML_WithoutNSPath()); } -#line 3830 "seclang-parser.cc" +#line 3825 "seclang-parser.cc" break; case 220: // var: "FILES_TMPNAMES" "Dictionary element" -#line 2107 "seclang-parser.yy" +#line 2102 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3838 "seclang-parser.cc" +#line 3833 "seclang-parser.cc" break; case 221: // var: "FILES_TMPNAMES" "Dictionary element, selected by regexp" -#line 2111 "seclang-parser.yy" +#line 2106 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3846 "seclang-parser.cc" +#line 3841 "seclang-parser.cc" break; case 222: // var: "FILES_TMPNAMES" -#line 2115 "seclang-parser.yy" +#line 2110 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpNames_NoDictElement()); } -#line 3854 "seclang-parser.cc" +#line 3849 "seclang-parser.cc" break; case 223: // var: "RESOURCE" run_time_string -#line 2119 "seclang-parser.yy" +#line 2114 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Resource_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 3862 "seclang-parser.cc" +#line 3857 "seclang-parser.cc" break; case 224: // var: "RESOURCE" "Dictionary element" -#line 2123 "seclang-parser.yy" +#line 2118 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Resource_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3870 "seclang-parser.cc" +#line 3865 "seclang-parser.cc" break; case 225: // var: "RESOURCE" "Dictionary element, selected by regexp" -#line 2127 "seclang-parser.yy" +#line 2122 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Resource_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3878 "seclang-parser.cc" +#line 3873 "seclang-parser.cc" break; case 226: // var: "RESOURCE" -#line 2131 "seclang-parser.yy" +#line 2126 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Resource_NoDictElement()); } -#line 3886 "seclang-parser.cc" +#line 3881 "seclang-parser.cc" break; case 227: // var: "VARIABLE_IP" run_time_string -#line 2135 "seclang-parser.yy" +#line 2130 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Ip_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 3894 "seclang-parser.cc" +#line 3889 "seclang-parser.cc" break; case 228: // var: "VARIABLE_IP" "Dictionary element" -#line 2139 "seclang-parser.yy" +#line 2134 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Ip_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3902 "seclang-parser.cc" +#line 3897 "seclang-parser.cc" break; case 229: // var: "VARIABLE_IP" "Dictionary element, selected by regexp" -#line 2143 "seclang-parser.yy" +#line 2138 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Ip_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3910 "seclang-parser.cc" +#line 3905 "seclang-parser.cc" break; case 230: // var: "VARIABLE_IP" -#line 2147 "seclang-parser.yy" +#line 2142 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Ip_NoDictElement()); } -#line 3918 "seclang-parser.cc" +#line 3913 "seclang-parser.cc" break; case 231: // var: "VARIABLE_GLOBAL" run_time_string -#line 2151 "seclang-parser.yy" +#line 2146 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Global_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 3926 "seclang-parser.cc" +#line 3921 "seclang-parser.cc" break; case 232: // var: "VARIABLE_GLOBAL" "Dictionary element" -#line 2155 "seclang-parser.yy" +#line 2150 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Global_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3934 "seclang-parser.cc" +#line 3929 "seclang-parser.cc" break; case 233: // var: "VARIABLE_GLOBAL" "Dictionary element, selected by regexp" -#line 2159 "seclang-parser.yy" +#line 2154 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Global_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3942 "seclang-parser.cc" +#line 3937 "seclang-parser.cc" break; case 234: // var: "VARIABLE_GLOBAL" -#line 2163 "seclang-parser.yy" +#line 2158 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Global_NoDictElement()); } -#line 3950 "seclang-parser.cc" +#line 3945 "seclang-parser.cc" break; case 235: // var: "VARIABLE_USER" run_time_string -#line 2167 "seclang-parser.yy" +#line 2162 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::User_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 3958 "seclang-parser.cc" +#line 3953 "seclang-parser.cc" break; case 236: // var: "VARIABLE_USER" "Dictionary element" -#line 2171 "seclang-parser.yy" +#line 2166 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::User_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3966 "seclang-parser.cc" +#line 3961 "seclang-parser.cc" break; case 237: // var: "VARIABLE_USER" "Dictionary element, selected by regexp" -#line 2175 "seclang-parser.yy" +#line 2170 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::User_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3974 "seclang-parser.cc" +#line 3969 "seclang-parser.cc" break; case 238: // var: "VARIABLE_USER" -#line 2179 "seclang-parser.yy" +#line 2174 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::User_NoDictElement()); } -#line 3982 "seclang-parser.cc" +#line 3977 "seclang-parser.cc" break; case 239: // var: "VARIABLE_TX" run_time_string -#line 2183 "seclang-parser.yy" +#line 2178 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Tx_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 3990 "seclang-parser.cc" +#line 3985 "seclang-parser.cc" break; case 240: // var: "VARIABLE_TX" "Dictionary element" -#line 2187 "seclang-parser.yy" +#line 2182 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Tx_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3998 "seclang-parser.cc" +#line 3993 "seclang-parser.cc" break; case 241: // var: "VARIABLE_TX" "Dictionary element, selected by regexp" -#line 2191 "seclang-parser.yy" +#line 2186 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Tx_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4006 "seclang-parser.cc" +#line 4001 "seclang-parser.cc" break; case 242: // var: "VARIABLE_TX" -#line 2195 "seclang-parser.yy" +#line 2190 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Tx_NoDictElement()); } -#line 4014 "seclang-parser.cc" +#line 4009 "seclang-parser.cc" break; case 243: // var: "VARIABLE_SESSION" run_time_string -#line 2199 "seclang-parser.yy" +#line 2194 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Session_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 4022 "seclang-parser.cc" +#line 4017 "seclang-parser.cc" break; case 244: // var: "VARIABLE_SESSION" "Dictionary element" -#line 2203 "seclang-parser.yy" +#line 2198 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Session_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4030 "seclang-parser.cc" +#line 4025 "seclang-parser.cc" break; case 245: // var: "VARIABLE_SESSION" "Dictionary element, selected by regexp" -#line 2207 "seclang-parser.yy" +#line 2202 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Session_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4038 "seclang-parser.cc" +#line 4033 "seclang-parser.cc" break; case 246: // var: "VARIABLE_SESSION" -#line 2211 "seclang-parser.yy" +#line 2206 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Session_NoDictElement()); } -#line 4046 "seclang-parser.cc" +#line 4041 "seclang-parser.cc" break; case 247: // var: "Variable ARGS_NAMES" "Dictionary element" -#line 2215 "seclang-parser.yy" +#line 2210 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4054 "seclang-parser.cc" +#line 4049 "seclang-parser.cc" break; case 248: // var: "Variable ARGS_NAMES" "Dictionary element, selected by regexp" -#line 2219 "seclang-parser.yy" +#line 2214 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4062 "seclang-parser.cc" +#line 4057 "seclang-parser.cc" break; case 249: // var: "Variable ARGS_NAMES" -#line 2223 "seclang-parser.yy" +#line 2218 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsNames_NoDictElement()); } -#line 4070 "seclang-parser.cc" +#line 4065 "seclang-parser.cc" break; case 250: // var: VARIABLE_ARGS_GET_NAMES "Dictionary element" -#line 2227 "seclang-parser.yy" +#line 2222 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGetNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4078 "seclang-parser.cc" +#line 4073 "seclang-parser.cc" break; case 251: // var: VARIABLE_ARGS_GET_NAMES "Dictionary element, selected by regexp" -#line 2231 "seclang-parser.yy" +#line 2226 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGetNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4086 "seclang-parser.cc" +#line 4081 "seclang-parser.cc" break; case 252: // var: VARIABLE_ARGS_GET_NAMES -#line 2235 "seclang-parser.yy" +#line 2230 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGetNames_NoDictElement()); } -#line 4094 "seclang-parser.cc" +#line 4089 "seclang-parser.cc" break; case 253: // var: VARIABLE_ARGS_POST_NAMES "Dictionary element" -#line 2240 "seclang-parser.yy" +#line 2235 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPostNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4102 "seclang-parser.cc" +#line 4097 "seclang-parser.cc" break; case 254: // var: VARIABLE_ARGS_POST_NAMES "Dictionary element, selected by regexp" -#line 2244 "seclang-parser.yy" +#line 2239 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPostNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4110 "seclang-parser.cc" +#line 4105 "seclang-parser.cc" break; case 255: // var: VARIABLE_ARGS_POST_NAMES -#line 2248 "seclang-parser.yy" +#line 2243 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPostNames_NoDictElement()); } -#line 4118 "seclang-parser.cc" +#line 4113 "seclang-parser.cc" break; case 256: // var: VARIABLE_REQUEST_HEADERS_NAMES "Dictionary element" -#line 2253 "seclang-parser.yy" +#line 2248 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeadersNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4126 "seclang-parser.cc" +#line 4121 "seclang-parser.cc" break; case 257: // var: VARIABLE_REQUEST_HEADERS_NAMES "Dictionary element, selected by regexp" -#line 2257 "seclang-parser.yy" +#line 2252 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeadersNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4134 "seclang-parser.cc" +#line 4129 "seclang-parser.cc" break; case 258: // var: VARIABLE_REQUEST_HEADERS_NAMES -#line 2261 "seclang-parser.yy" +#line 2256 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeadersNames_NoDictElement()); } -#line 4142 "seclang-parser.cc" +#line 4137 "seclang-parser.cc" break; case 259: // var: VARIABLE_RESPONSE_CONTENT_TYPE -#line 2266 "seclang-parser.yy" +#line 2261 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseContentType()); } -#line 4150 "seclang-parser.cc" +#line 4145 "seclang-parser.cc" break; case 260: // var: VARIABLE_RESPONSE_HEADERS_NAMES "Dictionary element" -#line 2271 "seclang-parser.yy" +#line 2266 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeadersNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4158 "seclang-parser.cc" +#line 4153 "seclang-parser.cc" break; case 261: // var: VARIABLE_RESPONSE_HEADERS_NAMES "Dictionary element, selected by regexp" -#line 2275 "seclang-parser.yy" +#line 2270 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeadersNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4166 "seclang-parser.cc" +#line 4161 "seclang-parser.cc" break; case 262: // var: VARIABLE_RESPONSE_HEADERS_NAMES -#line 2279 "seclang-parser.yy" +#line 2274 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeadersNames_NoDictElement()); } -#line 4174 "seclang-parser.cc" +#line 4169 "seclang-parser.cc" break; case 263: // var: VARIABLE_ARGS_COMBINED_SIZE -#line 2283 "seclang-parser.yy" +#line 2278 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsCombinedSize()); } -#line 4182 "seclang-parser.cc" +#line 4177 "seclang-parser.cc" break; case 264: // var: "AUTH_TYPE" -#line 2287 "seclang-parser.yy" +#line 2282 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::AuthType()); } -#line 4190 "seclang-parser.cc" +#line 4185 "seclang-parser.cc" break; case 265: // var: "FILES_COMBINED_SIZE" -#line 2291 "seclang-parser.yy" +#line 2286 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesCombinedSize()); } -#line 4198 "seclang-parser.cc" +#line 4193 "seclang-parser.cc" break; case 266: // var: "FULL_REQUEST" -#line 2295 "seclang-parser.yy" +#line 2290 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FullRequest()); } -#line 4206 "seclang-parser.cc" +#line 4201 "seclang-parser.cc" break; case 267: // var: "FULL_REQUEST_LENGTH" -#line 2299 "seclang-parser.yy" +#line 2294 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FullRequestLength()); } -#line 4214 "seclang-parser.cc" +#line 4209 "seclang-parser.cc" break; case 268: // var: "INBOUND_DATA_ERROR" -#line 2303 "seclang-parser.yy" +#line 2298 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::InboundDataError()); } -#line 4222 "seclang-parser.cc" +#line 4217 "seclang-parser.cc" break; case 269: // var: "MATCHED_VAR" -#line 2307 "seclang-parser.yy" +#line 2302 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVar()); } -#line 4230 "seclang-parser.cc" +#line 4225 "seclang-parser.cc" break; case 270: // var: "MATCHED_VAR_NAME" -#line 2311 "seclang-parser.yy" +#line 2306 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVarName()); } -#line 4238 "seclang-parser.cc" +#line 4233 "seclang-parser.cc" break; case 271: // var: VARIABLE_MULTIPART_BOUNDARY_QUOTED -#line 2315 "seclang-parser.yy" +#line 2310 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartBoundaryQuoted()); } -#line 4246 "seclang-parser.cc" +#line 4241 "seclang-parser.cc" break; case 272: // var: VARIABLE_MULTIPART_BOUNDARY_WHITESPACE -#line 2319 "seclang-parser.yy" +#line 2314 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartBoundaryWhiteSpace()); } -#line 4254 "seclang-parser.cc" +#line 4249 "seclang-parser.cc" break; case 273: // var: "MULTIPART_CRLF_LF_LINES" -#line 2323 "seclang-parser.yy" +#line 2318 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartCrlfLFLines()); } -#line 4262 "seclang-parser.cc" +#line 4257 "seclang-parser.cc" break; case 274: // var: "MULTIPART_DATA_AFTER" -#line 2327 "seclang-parser.yy" +#line 2322 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartDateAfter()); } -#line 4270 "seclang-parser.cc" +#line 4265 "seclang-parser.cc" break; case 275: // var: VARIABLE_MULTIPART_DATA_BEFORE -#line 2331 "seclang-parser.yy" +#line 2326 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartDateBefore()); } -#line 4278 "seclang-parser.cc" +#line 4273 "seclang-parser.cc" break; case 276: // var: "MULTIPART_FILE_LIMIT_EXCEEDED" -#line 2335 "seclang-parser.yy" +#line 2330 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartFileLimitExceeded()); } -#line 4286 "seclang-parser.cc" +#line 4281 "seclang-parser.cc" break; case 277: // var: "MULTIPART_HEADER_FOLDING" -#line 2339 "seclang-parser.yy" +#line 2334 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartHeaderFolding()); } -#line 4294 "seclang-parser.cc" +#line 4289 "seclang-parser.cc" break; case 278: // var: "MULTIPART_INVALID_HEADER_FOLDING" -#line 2343 "seclang-parser.yy" +#line 2338 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartInvalidHeaderFolding()); } -#line 4302 "seclang-parser.cc" +#line 4297 "seclang-parser.cc" break; case 279: // var: VARIABLE_MULTIPART_INVALID_PART -#line 2347 "seclang-parser.yy" +#line 2342 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartInvalidPart()); } -#line 4310 "seclang-parser.cc" +#line 4305 "seclang-parser.cc" break; case 280: // var: "MULTIPART_INVALID_QUOTING" -#line 2351 "seclang-parser.yy" +#line 2346 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartInvalidQuoting()); } -#line 4318 "seclang-parser.cc" +#line 4313 "seclang-parser.cc" break; case 281: // var: VARIABLE_MULTIPART_LF_LINE -#line 2355 "seclang-parser.yy" +#line 2350 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartLFLine()); } -#line 4326 "seclang-parser.cc" +#line 4321 "seclang-parser.cc" break; case 282: // var: VARIABLE_MULTIPART_MISSING_SEMICOLON -#line 2359 "seclang-parser.yy" +#line 2354 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartMissingSemicolon()); } -#line 4334 "seclang-parser.cc" +#line 4329 "seclang-parser.cc" break; case 283: // var: VARIABLE_MULTIPART_SEMICOLON_MISSING -#line 2363 "seclang-parser.yy" +#line 2358 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartMissingSemicolon()); } -#line 4342 "seclang-parser.cc" +#line 4337 "seclang-parser.cc" break; case 284: // var: "MULTIPART_STRICT_ERROR" -#line 2367 "seclang-parser.yy" +#line 2362 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartStrictError()); } -#line 4350 "seclang-parser.cc" +#line 4345 "seclang-parser.cc" break; case 285: // var: "MULTIPART_UNMATCHED_BOUNDARY" -#line 2371 "seclang-parser.yy" +#line 2366 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartUnmatchedBoundary()); } -#line 4358 "seclang-parser.cc" +#line 4353 "seclang-parser.cc" break; case 286: // var: "OUTBOUND_DATA_ERROR" -#line 2375 "seclang-parser.yy" +#line 2370 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::OutboundDataError()); } -#line 4366 "seclang-parser.cc" +#line 4361 "seclang-parser.cc" break; case 287: // var: "PATH_INFO" -#line 2379 "seclang-parser.yy" +#line 2374 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::PathInfo()); } -#line 4374 "seclang-parser.cc" +#line 4369 "seclang-parser.cc" break; case 288: // var: "QUERY_STRING" -#line 2383 "seclang-parser.yy" +#line 2378 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::QueryString()); } -#line 4382 "seclang-parser.cc" +#line 4377 "seclang-parser.cc" break; case 289: // var: "REMOTE_ADDR" -#line 2387 "seclang-parser.yy" +#line 2382 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RemoteAddr()); } -#line 4390 "seclang-parser.cc" +#line 4385 "seclang-parser.cc" break; case 290: // var: "REMOTE_HOST" -#line 2391 "seclang-parser.yy" +#line 2386 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RemoteHost()); } -#line 4398 "seclang-parser.cc" +#line 4393 "seclang-parser.cc" break; case 291: // var: "REMOTE_PORT" -#line 2395 "seclang-parser.yy" +#line 2390 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RemotePort()); } -#line 4406 "seclang-parser.cc" +#line 4401 "seclang-parser.cc" break; case 292: // var: "REQBODY_ERROR" -#line 2399 "seclang-parser.yy" +#line 2394 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ReqbodyError()); } -#line 4414 "seclang-parser.cc" +#line 4409 "seclang-parser.cc" break; case 293: // var: "REQBODY_ERROR_MSG" -#line 2403 "seclang-parser.yy" +#line 2398 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ReqbodyErrorMsg()); } -#line 4422 "seclang-parser.cc" +#line 4417 "seclang-parser.cc" break; case 294: // var: "REQBODY_PROCESSOR" -#line 2407 "seclang-parser.yy" +#line 2402 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ReqbodyProcessor()); } -#line 4430 "seclang-parser.cc" +#line 4425 "seclang-parser.cc" break; case 295: // var: "REQBODY_PROCESSOR_ERROR" -#line 2411 "seclang-parser.yy" +#line 2406 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ReqbodyProcessorError()); } -#line 4438 "seclang-parser.cc" +#line 4433 "seclang-parser.cc" break; case 296: // var: "REQBODY_PROCESSOR_ERROR_MSG" -#line 2415 "seclang-parser.yy" +#line 2410 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ReqbodyProcessorErrorMsg()); } -#line 4446 "seclang-parser.cc" +#line 4441 "seclang-parser.cc" break; case 297: // var: "REQUEST_BASENAME" -#line 2419 "seclang-parser.yy" +#line 2414 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestBasename()); } -#line 4454 "seclang-parser.cc" +#line 4449 "seclang-parser.cc" break; case 298: // var: "REQUEST_BODY" -#line 2423 "seclang-parser.yy" +#line 2418 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestBody()); } -#line 4462 "seclang-parser.cc" +#line 4457 "seclang-parser.cc" break; case 299: // var: "REQUEST_BODY_LENGTH" -#line 2427 "seclang-parser.yy" +#line 2422 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestBodyLength()); } -#line 4470 "seclang-parser.cc" +#line 4465 "seclang-parser.cc" break; case 300: // var: "REQUEST_FILENAME" -#line 2431 "seclang-parser.yy" +#line 2426 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestFilename()); } -#line 4478 "seclang-parser.cc" +#line 4473 "seclang-parser.cc" break; case 301: // var: "REQUEST_LINE" -#line 2435 "seclang-parser.yy" +#line 2430 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestLine()); } -#line 4486 "seclang-parser.cc" +#line 4481 "seclang-parser.cc" break; case 302: // var: "REQUEST_METHOD" -#line 2439 "seclang-parser.yy" +#line 2434 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestMethod()); } -#line 4494 "seclang-parser.cc" +#line 4489 "seclang-parser.cc" break; case 303: // var: "REQUEST_PROTOCOL" -#line 2443 "seclang-parser.yy" +#line 2438 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestProtocol()); } -#line 4502 "seclang-parser.cc" +#line 4497 "seclang-parser.cc" break; case 304: // var: "REQUEST_URI" -#line 2447 "seclang-parser.yy" +#line 2442 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestURI()); } -#line 4510 "seclang-parser.cc" +#line 4505 "seclang-parser.cc" break; case 305: // var: "REQUEST_URI_RAW" -#line 2451 "seclang-parser.yy" +#line 2446 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestURIRaw()); } -#line 4518 "seclang-parser.cc" +#line 4513 "seclang-parser.cc" break; case 306: // var: "RESPONSE_BODY" -#line 2455 "seclang-parser.yy" +#line 2450 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseBody()); } -#line 4526 "seclang-parser.cc" +#line 4521 "seclang-parser.cc" break; case 307: // var: "RESPONSE_CONTENT_LENGTH" -#line 2459 "seclang-parser.yy" +#line 2454 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseContentLength()); } -#line 4534 "seclang-parser.cc" +#line 4529 "seclang-parser.cc" break; case 308: // var: "RESPONSE_PROTOCOL" -#line 2463 "seclang-parser.yy" +#line 2458 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseProtocol()); } -#line 4542 "seclang-parser.cc" +#line 4537 "seclang-parser.cc" break; case 309: // var: "RESPONSE_STATUS" -#line 2467 "seclang-parser.yy" +#line 2462 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseStatus()); } -#line 4550 "seclang-parser.cc" +#line 4545 "seclang-parser.cc" break; case 310: // var: "SERVER_ADDR" -#line 2471 "seclang-parser.yy" +#line 2466 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ServerAddr()); } -#line 4558 "seclang-parser.cc" +#line 4553 "seclang-parser.cc" break; case 311: // var: "SERVER_NAME" -#line 2475 "seclang-parser.yy" +#line 2470 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ServerName()); } -#line 4566 "seclang-parser.cc" +#line 4561 "seclang-parser.cc" break; case 312: // var: "SERVER_PORT" -#line 2479 "seclang-parser.yy" +#line 2474 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ServerPort()); } -#line 4574 "seclang-parser.cc" +#line 4569 "seclang-parser.cc" break; case 313: // var: "SESSIONID" -#line 2483 "seclang-parser.yy" +#line 2478 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::SessionID()); } -#line 4582 "seclang-parser.cc" +#line 4577 "seclang-parser.cc" break; case 314: // var: "UNIQUE_ID" -#line 2487 "seclang-parser.yy" +#line 2482 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::UniqueID()); } -#line 4590 "seclang-parser.cc" +#line 4585 "seclang-parser.cc" break; case 315: // var: "URLENCODED_ERROR" -#line 2491 "seclang-parser.yy" +#line 2486 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::UrlEncodedError()); } -#line 4598 "seclang-parser.cc" +#line 4593 "seclang-parser.cc" break; case 316: // var: "USERID" -#line 2495 "seclang-parser.yy" +#line 2490 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::UserID()); } -#line 4606 "seclang-parser.cc" +#line 4601 "seclang-parser.cc" break; case 317: // var: "VARIABLE_STATUS" -#line 2499 "seclang-parser.yy" +#line 2494 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Status()); } -#line 4614 "seclang-parser.cc" +#line 4609 "seclang-parser.cc" break; case 318: // var: "VARIABLE_STATUS_LINE" -#line 2503 "seclang-parser.yy" +#line 2498 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Status()); } -#line 4622 "seclang-parser.cc" +#line 4617 "seclang-parser.cc" break; case 319: // var: "WEBAPPID" -#line 2507 "seclang-parser.yy" +#line 2502 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::WebAppId()); } -#line 4630 "seclang-parser.cc" +#line 4625 "seclang-parser.cc" break; case 320: // var: "RUN_TIME_VAR_DUR" -#line 2511 "seclang-parser.yy" +#line 2506 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new Duration(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4641 "seclang-parser.cc" +#line 4636 "seclang-parser.cc" break; case 321: // var: "RUN_TIME_VAR_BLD" -#line 2519 "seclang-parser.yy" +#line 2514 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new ModsecBuild(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4652 "seclang-parser.cc" +#line 4647 "seclang-parser.cc" break; case 322: // var: "RUN_TIME_VAR_HSV" -#line 2526 "seclang-parser.yy" +#line 2521 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new HighestSeverity(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4663 "seclang-parser.cc" +#line 4658 "seclang-parser.cc" break; case 323: // var: "RUN_TIME_VAR_REMOTE_USER" -#line 2533 "seclang-parser.yy" +#line 2528 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new RemoteUser(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4674 "seclang-parser.cc" +#line 4669 "seclang-parser.cc" break; case 324: // var: "RUN_TIME_VAR_TIME" -#line 2540 "seclang-parser.yy" +#line 2535 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new Time(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4685 "seclang-parser.cc" +#line 4680 "seclang-parser.cc" break; case 325: // var: "RUN_TIME_VAR_TIME_DAY" -#line 2547 "seclang-parser.yy" +#line 2542 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeDay(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4696 "seclang-parser.cc" +#line 4691 "seclang-parser.cc" break; case 326: // var: "RUN_TIME_VAR_TIME_EPOCH" -#line 2554 "seclang-parser.yy" +#line 2549 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeEpoch(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4707 "seclang-parser.cc" +#line 4702 "seclang-parser.cc" break; case 327: // var: "RUN_TIME_VAR_TIME_HOUR" -#line 2561 "seclang-parser.yy" +#line 2556 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeHour(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4718 "seclang-parser.cc" +#line 4713 "seclang-parser.cc" break; case 328: // var: "RUN_TIME_VAR_TIME_MIN" -#line 2568 "seclang-parser.yy" +#line 2563 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeMin(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4729 "seclang-parser.cc" +#line 4724 "seclang-parser.cc" break; case 329: // var: "RUN_TIME_VAR_TIME_MON" -#line 2575 "seclang-parser.yy" +#line 2570 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeMon(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4740 "seclang-parser.cc" +#line 4735 "seclang-parser.cc" break; case 330: // var: "RUN_TIME_VAR_TIME_SEC" -#line 2582 "seclang-parser.yy" +#line 2577 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeSec(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4751 "seclang-parser.cc" +#line 4746 "seclang-parser.cc" break; case 331: // var: "RUN_TIME_VAR_TIME_WDAY" -#line 2589 "seclang-parser.yy" +#line 2584 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeWDay(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4762 "seclang-parser.cc" +#line 4757 "seclang-parser.cc" break; case 332: // var: "RUN_TIME_VAR_TIME_YEAR" -#line 2596 "seclang-parser.yy" +#line 2591 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeYear(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4773 "seclang-parser.cc" +#line 4768 "seclang-parser.cc" break; case 333: // act: "Accuracy" -#line 2606 "seclang-parser.yy" +#line 2601 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Accuracy(yystack_[0].value.as < std::string > ())); } -#line 4781 "seclang-parser.cc" +#line 4776 "seclang-parser.cc" break; case 334: // act: "Allow" -#line 2610 "seclang-parser.yy" +#line 2605 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Allow(yystack_[0].value.as < std::string > ())); } -#line 4789 "seclang-parser.cc" +#line 4784 "seclang-parser.cc" break; case 335: // act: "Append" -#line 2614 "seclang-parser.yy" +#line 2609 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("Append", yystack_[1].location); } -#line 4797 "seclang-parser.cc" +#line 4792 "seclang-parser.cc" break; case 336: // act: "AuditLog" -#line 2618 "seclang-parser.yy" +#line 2613 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::AuditLog(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::AuditLog()); } -#line 4805 "seclang-parser.cc" +#line 4800 "seclang-parser.cc" break; case 337: // act: "Block" -#line 2622 "seclang-parser.yy" +#line 2617 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Block(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Block()); } -#line 4813 "seclang-parser.cc" +#line 4808 "seclang-parser.cc" break; case 338: // act: "Capture" -#line 2626 "seclang-parser.yy" +#line 2621 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Capture(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Capture()); } -#line 4821 "seclang-parser.cc" +#line 4816 "seclang-parser.cc" break; case 339: // act: "Chain" -#line 2630 "seclang-parser.yy" +#line 2625 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Chain(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Chain()); } -#line 4829 "seclang-parser.cc" +#line 4824 "seclang-parser.cc" break; case 340: // act: "ACTION_CTL_AUDIT_ENGINE" "CONFIG_VALUE_ON" +#line 2629 "seclang-parser.yy" + { + //ACTION_NOT_SUPPORTED("CtlAuditEngine", @0); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); + } +#line 4833 "seclang-parser.cc" + break; + + case 341: // act: "ACTION_CTL_AUDIT_ENGINE" "CONFIG_VALUE_OFF" #line 2634 "seclang-parser.yy" { //ACTION_NOT_SUPPORTED("CtlAuditEngine", @0); ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); } -#line 4838 "seclang-parser.cc" +#line 4842 "seclang-parser.cc" break; - case 341: // act: "ACTION_CTL_AUDIT_ENGINE" "CONFIG_VALUE_OFF" + case 342: // act: "ACTION_CTL_AUDIT_ENGINE" "CONFIG_VALUE_RELEVANT_ONLY" #line 2639 "seclang-parser.yy" { //ACTION_NOT_SUPPORTED("CtlAuditEngine", @0); ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); } -#line 4847 "seclang-parser.cc" - break; - - case 342: // act: "ACTION_CTL_AUDIT_ENGINE" "CONFIG_VALUE_RELEVANT_ONLY" -#line 2644 "seclang-parser.yy" - { - //ACTION_NOT_SUPPORTED("CtlAuditEngine", @0); - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); - } -#line 4856 "seclang-parser.cc" +#line 4851 "seclang-parser.cc" break; case 343: // act: "ACTION_CTL_AUDIT_LOG_PARTS" -#line 2649 "seclang-parser.yy" +#line 2644 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::AuditLogParts(yystack_[0].value.as < std::string > ())); } -#line 4864 "seclang-parser.cc" +#line 4859 "seclang-parser.cc" break; case 344: // act: "ACTION_CTL_BDY_JSON" -#line 2653 "seclang-parser.yy" +#line 2648 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RequestBodyProcessorJSON(yystack_[0].value.as < std::string > ())); } -#line 4872 "seclang-parser.cc" +#line 4867 "seclang-parser.cc" break; case 345: // act: "ACTION_CTL_BDY_XML" -#line 2657 "seclang-parser.yy" +#line 2652 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RequestBodyProcessorXML(yystack_[0].value.as < std::string > ())); } -#line 4880 "seclang-parser.cc" +#line 4875 "seclang-parser.cc" break; case 346: // act: "ACTION_CTL_BDY_URLENCODED" -#line 2661 "seclang-parser.yy" +#line 2656 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RequestBodyProcessorURLENCODED(yystack_[0].value.as < std::string > ())); } -#line 4888 "seclang-parser.cc" +#line 4883 "seclang-parser.cc" break; case 347: // act: "ACTION_CTL_FORCE_REQ_BODY_VAR" "CONFIG_VALUE_ON" +#line 2660 "seclang-parser.yy" + { + //ACTION_NOT_SUPPORTED("CtlForceReequestBody", @0); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); + } +#line 4892 "seclang-parser.cc" + break; + + case 348: // act: "ACTION_CTL_FORCE_REQ_BODY_VAR" "CONFIG_VALUE_OFF" #line 2665 "seclang-parser.yy" { //ACTION_NOT_SUPPORTED("CtlForceReequestBody", @0); ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); } -#line 4897 "seclang-parser.cc" - break; - - case 348: // act: "ACTION_CTL_FORCE_REQ_BODY_VAR" "CONFIG_VALUE_OFF" -#line 2670 "seclang-parser.yy" - { - //ACTION_NOT_SUPPORTED("CtlForceReequestBody", @0); - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); - } -#line 4906 "seclang-parser.cc" +#line 4901 "seclang-parser.cc" break; case 349: // act: "ACTION_CTL_REQUEST_BODY_ACCESS" "CONFIG_VALUE_ON" -#line 2675 "seclang-parser.yy" +#line 2670 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RequestBodyAccess(yystack_[1].value.as < std::string > () + "true")); } -#line 4914 "seclang-parser.cc" +#line 4909 "seclang-parser.cc" break; case 350: // act: "ACTION_CTL_REQUEST_BODY_ACCESS" "CONFIG_VALUE_OFF" -#line 2679 "seclang-parser.yy" +#line 2674 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RequestBodyAccess(yystack_[1].value.as < std::string > () + "false")); } -#line 4922 "seclang-parser.cc" +#line 4917 "seclang-parser.cc" break; case 351: // act: "ACTION_CTL_RULE_ENGINE" "CONFIG_VALUE_ON" -#line 2683 "seclang-parser.yy" +#line 2678 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleEngine("ctl:RuleEngine=on")); } -#line 4930 "seclang-parser.cc" +#line 4925 "seclang-parser.cc" break; case 352: // act: "ACTION_CTL_RULE_ENGINE" "CONFIG_VALUE_OFF" -#line 2687 "seclang-parser.yy" +#line 2682 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleEngine("ctl:RuleEngine=off")); } -#line 4938 "seclang-parser.cc" +#line 4933 "seclang-parser.cc" break; case 353: // act: "ACTION_CTL_RULE_ENGINE" "CONFIG_VALUE_DETC" -#line 2691 "seclang-parser.yy" +#line 2686 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleEngine("ctl:RuleEngine=detectiononly")); } -#line 4946 "seclang-parser.cc" +#line 4941 "seclang-parser.cc" break; case 354: // act: "ACTION_CTL_RULE_REMOVE_BY_ID" -#line 2695 "seclang-parser.yy" +#line 2690 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleRemoveById(yystack_[0].value.as < std::string > ())); } -#line 4954 "seclang-parser.cc" +#line 4949 "seclang-parser.cc" break; case 355: // act: "ACTION_CTL_RULE_REMOVE_BY_TAG" -#line 2699 "seclang-parser.yy" +#line 2694 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleRemoveByTag(yystack_[0].value.as < std::string > ())); } -#line 4962 "seclang-parser.cc" +#line 4957 "seclang-parser.cc" break; case 356: // act: "ACTION_CTL_RULE_REMOVE_TARGET_BY_ID" -#line 2703 "seclang-parser.yy" +#line 2698 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleRemoveTargetById(yystack_[0].value.as < std::string > ())); } -#line 4970 "seclang-parser.cc" +#line 4965 "seclang-parser.cc" break; case 357: // act: "ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG" -#line 2707 "seclang-parser.yy" +#line 2702 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleRemoveTargetByTag(yystack_[0].value.as < std::string > ())); } -#line 4978 "seclang-parser.cc" +#line 4973 "seclang-parser.cc" break; case 358: // act: "Deny" -#line 2711 "seclang-parser.yy" +#line 2706 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Deny(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Deny()); } -#line 4986 "seclang-parser.cc" +#line 4981 "seclang-parser.cc" break; case 359: // act: "DeprecateVar" -#line 2715 "seclang-parser.yy" +#line 2710 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("DeprecateVar", yystack_[1].location); } -#line 4994 "seclang-parser.cc" +#line 4989 "seclang-parser.cc" break; case 360: // act: "Drop" -#line 2719 "seclang-parser.yy" +#line 2714 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Drop(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Drop()); } -#line 5002 "seclang-parser.cc" +#line 4997 "seclang-parser.cc" break; case 361: // act: "Exec" -#line 2723 "seclang-parser.yy" +#line 2718 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Exec(yystack_[0].value.as < std::string > ())); } -#line 5010 "seclang-parser.cc" +#line 5005 "seclang-parser.cc" break; case 362: // act: "ExpireVar" -#line 2727 "seclang-parser.yy" +#line 2722 "seclang-parser.yy" { //ACTION_NOT_SUPPORTED("ExpireVar", @0); ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[0].value.as < std::string > ())); } -#line 5019 "seclang-parser.cc" +#line 5014 "seclang-parser.cc" break; case 363: // act: "Id" -#line 2732 "seclang-parser.yy" +#line 2727 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::RuleId(yystack_[0].value.as < std::string > ())); } -#line 5027 "seclang-parser.cc" +#line 5022 "seclang-parser.cc" break; case 364: // act: "InitCol" run_time_string -#line 2736 "seclang-parser.yy" +#line 2731 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::InitCol(yystack_[1].value.as < std::string > (), std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5035 "seclang-parser.cc" +#line 5030 "seclang-parser.cc" break; case 365: // act: "LogData" run_time_string -#line 2740 "seclang-parser.yy" +#line 2735 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::LogData(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5043 "seclang-parser.cc" +#line 5038 "seclang-parser.cc" break; case 366: // act: "Log" -#line 2744 "seclang-parser.yy" +#line 2739 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Log(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Log()); } -#line 5051 "seclang-parser.cc" +#line 5046 "seclang-parser.cc" break; case 367: // act: "Maturity" -#line 2748 "seclang-parser.yy" +#line 2743 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Maturity(yystack_[0].value.as < std::string > ())); } -#line 5059 "seclang-parser.cc" +#line 5054 "seclang-parser.cc" break; case 368: // act: "Msg" run_time_string -#line 2752 "seclang-parser.yy" +#line 2747 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Msg(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5067 "seclang-parser.cc" +#line 5062 "seclang-parser.cc" break; case 369: // act: "MultiMatch" -#line 2756 "seclang-parser.yy" +#line 2751 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::MultiMatch(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::MultiMatch()); } -#line 5075 "seclang-parser.cc" +#line 5070 "seclang-parser.cc" break; case 370: // act: "NoAuditLog" -#line 2760 "seclang-parser.yy" +#line 2755 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::NoAuditLog(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::NoAuditLog()); } -#line 5083 "seclang-parser.cc" +#line 5078 "seclang-parser.cc" break; case 371: // act: "NoLog" -#line 2764 "seclang-parser.yy" +#line 2759 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::NoLog(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::NoLog()); } -#line 5091 "seclang-parser.cc" +#line 5086 "seclang-parser.cc" break; case 372: // act: "Pass" -#line 2768 "seclang-parser.yy" +#line 2763 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Pass(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Pass()); } -#line 5099 "seclang-parser.cc" +#line 5094 "seclang-parser.cc" break; case 373: // act: "Pause" -#line 2772 "seclang-parser.yy" +#line 2767 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("Pause", yystack_[1].location); } -#line 5107 "seclang-parser.cc" +#line 5102 "seclang-parser.cc" break; case 374: // act: "Phase" -#line 2776 "seclang-parser.yy" +#line 2771 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Phase(yystack_[0].value.as < std::string > ())); } -#line 5115 "seclang-parser.cc" +#line 5110 "seclang-parser.cc" break; case 375: // act: "Prepend" -#line 2780 "seclang-parser.yy" +#line 2775 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("Prepend", yystack_[1].location); } -#line 5123 "seclang-parser.cc" +#line 5118 "seclang-parser.cc" break; case 376: // act: "Proxy" -#line 2784 "seclang-parser.yy" +#line 2779 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("Proxy", yystack_[1].location); } -#line 5131 "seclang-parser.cc" +#line 5126 "seclang-parser.cc" break; case 377: // act: "Redirect" run_time_string -#line 2788 "seclang-parser.yy" +#line 2783 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Redirect(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5139 "seclang-parser.cc" +#line 5134 "seclang-parser.cc" break; case 378: // act: "Rev" -#line 2792 "seclang-parser.yy" +#line 2787 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Rev(yystack_[0].value.as < std::string > ())); } -#line 5147 "seclang-parser.cc" +#line 5142 "seclang-parser.cc" break; case 379: // act: "SanitiseArg" -#line 2796 "seclang-parser.yy" +#line 2791 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("SanitiseArg", yystack_[1].location); } -#line 5155 "seclang-parser.cc" +#line 5150 "seclang-parser.cc" break; case 380: // act: "SanitiseMatched" -#line 2800 "seclang-parser.yy" +#line 2795 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("SanitiseMatched", yystack_[1].location); } -#line 5163 "seclang-parser.cc" +#line 5158 "seclang-parser.cc" break; case 381: // act: "SanitiseMatchedBytes" -#line 2804 "seclang-parser.yy" +#line 2799 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("SanitiseMatchedBytes", yystack_[1].location); } -#line 5171 "seclang-parser.cc" +#line 5166 "seclang-parser.cc" break; case 382: // act: "SanitiseRequestHeader" -#line 2808 "seclang-parser.yy" +#line 2803 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("SanitiseRequestHeader", yystack_[1].location); } -#line 5179 "seclang-parser.cc" +#line 5174 "seclang-parser.cc" break; case 383: // act: "SanitiseResponseHeader" -#line 2812 "seclang-parser.yy" +#line 2807 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("SanitiseResponseHeader", yystack_[1].location); } -#line 5187 "seclang-parser.cc" +#line 5182 "seclang-parser.cc" break; case 384: // act: "SetEnv" run_time_string -#line 2816 "seclang-parser.yy" +#line 2811 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetENV(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5195 "seclang-parser.cc" +#line 5190 "seclang-parser.cc" break; case 385: // act: "SetRsc" run_time_string -#line 2820 "seclang-parser.yy" +#line 2815 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetRSC(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5203 "seclang-parser.cc" +#line 5198 "seclang-parser.cc" break; case 386: // act: "SetSid" run_time_string -#line 2824 "seclang-parser.yy" +#line 2819 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetSID(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5211 "seclang-parser.cc" +#line 5206 "seclang-parser.cc" break; case 387: // act: "SetUID" run_time_string -#line 2828 "seclang-parser.yy" +#line 2823 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetUID(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5219 "seclang-parser.cc" +#line 5214 "seclang-parser.cc" break; case 388: // act: "SetVar" setvar_action -#line 2832 "seclang-parser.yy" +#line 2827 "seclang-parser.yy" { yylhs.value.as < std::unique_ptr > () = std::move(yystack_[0].value.as < std::unique_ptr > ()); } -#line 5227 "seclang-parser.cc" +#line 5222 "seclang-parser.cc" break; case 389: // act: "Severity" -#line 2836 "seclang-parser.yy" +#line 2831 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Severity(yystack_[0].value.as < std::string > ())); } -#line 5235 "seclang-parser.cc" +#line 5230 "seclang-parser.cc" break; case 390: // act: "Skip" -#line 2840 "seclang-parser.yy" +#line 2835 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Skip(yystack_[0].value.as < std::string > ())); } -#line 5243 "seclang-parser.cc" +#line 5238 "seclang-parser.cc" break; case 391: // act: "SkipAfter" -#line 2844 "seclang-parser.yy" +#line 2839 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SkipAfter(yystack_[0].value.as < std::string > ())); } -#line 5251 "seclang-parser.cc" +#line 5246 "seclang-parser.cc" break; case 392: // act: "Status" -#line 2848 "seclang-parser.yy" +#line 2843 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::data::Status(yystack_[0].value.as < std::string > ())); } -#line 5259 "seclang-parser.cc" +#line 5254 "seclang-parser.cc" break; case 393: // act: "Tag" run_time_string -#line 2852 "seclang-parser.yy" +#line 2847 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Tag(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5267 "seclang-parser.cc" +#line 5262 "seclang-parser.cc" break; case 394: // act: "Ver" -#line 2856 "seclang-parser.yy" +#line 2851 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Ver(yystack_[0].value.as < std::string > ())); } -#line 5275 "seclang-parser.cc" +#line 5270 "seclang-parser.cc" break; case 395: // act: "xmlns" -#line 2860 "seclang-parser.yy" +#line 2855 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::XmlNS(yystack_[0].value.as < std::string > ())); } -#line 5283 "seclang-parser.cc" +#line 5278 "seclang-parser.cc" break; case 396: // act: "ACTION_TRANSFORMATION_PARITY_ZERO_7_BIT" -#line 2864 "seclang-parser.yy" +#line 2859 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ParityZero7bit(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ParityZero7bit()); } -#line 5291 "seclang-parser.cc" +#line 5286 "seclang-parser.cc" break; case 397: // act: "ACTION_TRANSFORMATION_PARITY_ODD_7_BIT" -#line 2868 "seclang-parser.yy" +#line 2863 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ParityOdd7bit(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ParityOdd7bit()); } -#line 5299 "seclang-parser.cc" +#line 5294 "seclang-parser.cc" break; case 398: // act: "ACTION_TRANSFORMATION_PARITY_EVEN_7_BIT" -#line 2872 "seclang-parser.yy" +#line 2867 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ParityEven7bit(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ParityEven7bit()); } -#line 5307 "seclang-parser.cc" +#line 5302 "seclang-parser.cc" break; case 399: // act: "ACTION_TRANSFORMATION_SQL_HEX_DECODE" -#line 2876 "seclang-parser.yy" +#line 2871 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::SqlHexDecode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::SqlHexDecode()); } -#line 5315 "seclang-parser.cc" +#line 5310 "seclang-parser.cc" break; case 400: // act: "ACTION_TRANSFORMATION_BASE_64_ENCODE" -#line 2880 "seclang-parser.yy" +#line 2875 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Base64Encode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Base64Encode()); } -#line 5323 "seclang-parser.cc" +#line 5318 "seclang-parser.cc" break; case 401: // act: "ACTION_TRANSFORMATION_BASE_64_DECODE" -#line 2884 "seclang-parser.yy" +#line 2879 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Base64Decode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Base64Decode()); } -#line 5331 "seclang-parser.cc" +#line 5326 "seclang-parser.cc" break; case 402: // act: "ACTION_TRANSFORMATION_BASE_64_DECODE_EXT" -#line 2888 "seclang-parser.yy" +#line 2883 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Base64DecodeExt(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Base64DecodeExt()); } -#line 5339 "seclang-parser.cc" +#line 5334 "seclang-parser.cc" break; case 403: // act: "ACTION_TRANSFORMATION_CMD_LINE" -#line 2892 "seclang-parser.yy" +#line 2887 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::CmdLine(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::CmdLine()); } -#line 5347 "seclang-parser.cc" +#line 5342 "seclang-parser.cc" break; case 404: // act: "ACTION_TRANSFORMATION_SHA1" -#line 2896 "seclang-parser.yy" +#line 2891 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Sha1(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Sha1()); } -#line 5355 "seclang-parser.cc" +#line 5350 "seclang-parser.cc" break; case 405: // act: "ACTION_TRANSFORMATION_MD5" -#line 2900 "seclang-parser.yy" +#line 2895 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Md5(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Md5()); } -#line 5363 "seclang-parser.cc" +#line 5358 "seclang-parser.cc" break; case 406: // act: "ACTION_TRANSFORMATION_ESCAPE_SEQ_DECODE" -#line 2904 "seclang-parser.yy" +#line 2899 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::EscapeSeqDecode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::EscapeSeqDecode()); } -#line 5371 "seclang-parser.cc" +#line 5366 "seclang-parser.cc" break; case 407: // act: "ACTION_TRANSFORMATION_HEX_ENCODE" -#line 2908 "seclang-parser.yy" +#line 2903 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::HexEncode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::HexEncode()); } -#line 5379 "seclang-parser.cc" +#line 5374 "seclang-parser.cc" break; case 408: // act: "ACTION_TRANSFORMATION_HEX_DECODE" -#line 2912 "seclang-parser.yy" +#line 2907 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::HexDecode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::HexDecode()); } -#line 5387 "seclang-parser.cc" +#line 5382 "seclang-parser.cc" break; case 409: // act: "ACTION_TRANSFORMATION_LOWERCASE" -#line 2916 "seclang-parser.yy" +#line 2911 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::LowerCase(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::LowerCase()); } -#line 5395 "seclang-parser.cc" +#line 5390 "seclang-parser.cc" break; case 410: // act: "ACTION_TRANSFORMATION_UPPERCASE" -#line 2920 "seclang-parser.yy" +#line 2915 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UpperCase(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UpperCase()); } -#line 5403 "seclang-parser.cc" +#line 5398 "seclang-parser.cc" break; case 411: // act: "ACTION_TRANSFORMATION_URL_DECODE_UNI" -#line 2924 "seclang-parser.yy" +#line 2919 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UrlDecodeUni(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UrlDecodeUni()); } -#line 5411 "seclang-parser.cc" +#line 5406 "seclang-parser.cc" break; case 412: // act: "ACTION_TRANSFORMATION_URL_DECODE" -#line 2928 "seclang-parser.yy" +#line 2923 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UrlDecode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UrlDecode()); } -#line 5419 "seclang-parser.cc" +#line 5414 "seclang-parser.cc" break; case 413: // act: "ACTION_TRANSFORMATION_URL_ENCODE" -#line 2932 "seclang-parser.yy" +#line 2927 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UrlEncode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UrlEncode()); } -#line 5427 "seclang-parser.cc" +#line 5422 "seclang-parser.cc" break; case 414: // act: "ACTION_TRANSFORMATION_NONE" -#line 2936 "seclang-parser.yy" +#line 2931 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::None(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::None()); } -#line 5435 "seclang-parser.cc" +#line 5430 "seclang-parser.cc" break; case 415: // act: "ACTION_TRANSFORMATION_COMPRESS_WHITESPACE" -#line 2940 "seclang-parser.yy" +#line 2935 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::CompressWhitespace(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::CompressWhitespace()); } -#line 5443 "seclang-parser.cc" +#line 5438 "seclang-parser.cc" break; case 416: // act: "ACTION_TRANSFORMATION_REMOVE_WHITESPACE" -#line 2944 "seclang-parser.yy" +#line 2939 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveWhitespace(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveWhitespace()); } -#line 5451 "seclang-parser.cc" +#line 5446 "seclang-parser.cc" break; case 417: // act: "ACTION_TRANSFORMATION_REPLACE_NULLS" -#line 2948 "seclang-parser.yy" +#line 2943 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ReplaceNulls(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ReplaceNulls()); } -#line 5459 "seclang-parser.cc" +#line 5454 "seclang-parser.cc" break; case 418: // act: "ACTION_TRANSFORMATION_REMOVE_NULLS" -#line 2952 "seclang-parser.yy" +#line 2947 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveNulls(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveNulls()); } -#line 5467 "seclang-parser.cc" +#line 5462 "seclang-parser.cc" break; case 419: // act: "ACTION_TRANSFORMATION_HTML_ENTITY_DECODE" -#line 2956 "seclang-parser.yy" +#line 2951 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::HtmlEntityDecode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::HtmlEntityDecode()); } -#line 5475 "seclang-parser.cc" +#line 5470 "seclang-parser.cc" break; case 420: // act: "ACTION_TRANSFORMATION_JS_DECODE" -#line 2960 "seclang-parser.yy" +#line 2955 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::JsDecode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::JsDecode()); } -#line 5483 "seclang-parser.cc" +#line 5478 "seclang-parser.cc" break; case 421: // act: "ACTION_TRANSFORMATION_CSS_DECODE" -#line 2964 "seclang-parser.yy" +#line 2959 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::CssDecode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::CssDecode()); } -#line 5491 "seclang-parser.cc" +#line 5486 "seclang-parser.cc" break; case 422: // act: "ACTION_TRANSFORMATION_TRIM" -#line 2968 "seclang-parser.yy" +#line 2963 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Trim(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Trim()); } -#line 5499 "seclang-parser.cc" +#line 5494 "seclang-parser.cc" break; case 423: // act: "ACTION_TRANSFORMATION_TRIM_LEFT" -#line 2972 "seclang-parser.yy" +#line 2967 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::TrimLeft(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::TrimLeft()); } -#line 5507 "seclang-parser.cc" +#line 5502 "seclang-parser.cc" break; case 424: // act: "ACTION_TRANSFORMATION_TRIM_RIGHT" -#line 2976 "seclang-parser.yy" +#line 2971 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::TrimRight(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::TrimRight()); } -#line 5515 "seclang-parser.cc" +#line 5510 "seclang-parser.cc" break; case 425: // act: "ACTION_TRANSFORMATION_NORMALISE_PATH_WIN" -#line 2980 "seclang-parser.yy" +#line 2975 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::NormalisePathWin(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::NormalisePathWin()); } -#line 5523 "seclang-parser.cc" +#line 5518 "seclang-parser.cc" break; case 426: // act: "ACTION_TRANSFORMATION_NORMALISE_PATH" -#line 2984 "seclang-parser.yy" +#line 2979 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::NormalisePath(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::NormalisePath()); } -#line 5531 "seclang-parser.cc" +#line 5526 "seclang-parser.cc" break; case 427: // act: "ACTION_TRANSFORMATION_LENGTH" -#line 2988 "seclang-parser.yy" +#line 2983 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Length(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Length()); } -#line 5539 "seclang-parser.cc" +#line 5534 "seclang-parser.cc" break; case 428: // act: "ACTION_TRANSFORMATION_UTF8_TO_UNICODE" -#line 2992 "seclang-parser.yy" +#line 2987 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Utf8ToUnicode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Utf8ToUnicode()); } -#line 5547 "seclang-parser.cc" +#line 5542 "seclang-parser.cc" break; case 429: // act: "ACTION_TRANSFORMATION_REMOVE_COMMENTS_CHAR" -#line 2996 "seclang-parser.yy" +#line 2991 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveCommentsChar(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveCommentsChar()); } -#line 5555 "seclang-parser.cc" +#line 5550 "seclang-parser.cc" break; case 430: // act: "ACTION_TRANSFORMATION_REMOVE_COMMENTS" -#line 3000 "seclang-parser.yy" +#line 2995 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveComments(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveComments()); } -#line 5563 "seclang-parser.cc" +#line 5558 "seclang-parser.cc" break; case 431: // act: "ACTION_TRANSFORMATION_REPLACE_COMMENTS" -#line 3004 "seclang-parser.yy" +#line 2999 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ReplaceComments(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ReplaceComments()); } -#line 5571 "seclang-parser.cc" +#line 5566 "seclang-parser.cc" break; case 432: // setvar_action: "NOT" var -#line 3011 "seclang-parser.yy" +#line 3006 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetVar(actions::SetVarOperation::unsetOperation, std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5579 "seclang-parser.cc" +#line 5574 "seclang-parser.cc" break; case 433: // setvar_action: var -#line 3015 "seclang-parser.yy" +#line 3010 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetVar(actions::SetVarOperation::setToOneOperation, std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5587 "seclang-parser.cc" +#line 5582 "seclang-parser.cc" break; case 434: // setvar_action: var SETVAR_OPERATION_EQUALS run_time_string -#line 3019 "seclang-parser.yy" +#line 3014 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetVar(actions::SetVarOperation::setOperation, std::move(yystack_[2].value.as < std::unique_ptr > ()), std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5595 "seclang-parser.cc" +#line 5590 "seclang-parser.cc" break; case 435: // setvar_action: var SETVAR_OPERATION_EQUALS_PLUS run_time_string -#line 3023 "seclang-parser.yy" +#line 3018 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetVar(actions::SetVarOperation::sumAndSetOperation, std::move(yystack_[2].value.as < std::unique_ptr > ()), std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5603 "seclang-parser.cc" +#line 5598 "seclang-parser.cc" break; case 436: // setvar_action: var SETVAR_OPERATION_EQUALS_MINUS run_time_string -#line 3027 "seclang-parser.yy" +#line 3022 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetVar(actions::SetVarOperation::substractAndSetOperation, std::move(yystack_[2].value.as < std::unique_ptr > ()), std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5611 "seclang-parser.cc" +#line 5606 "seclang-parser.cc" break; case 437: // run_time_string: run_time_string "FREE_TEXT_QUOTE_MACRO_EXPANSION" -#line 3034 "seclang-parser.yy" +#line 3029 "seclang-parser.yy" { yystack_[1].value.as < std::unique_ptr > ()->appendText(yystack_[0].value.as < std::string > ()); yylhs.value.as < std::unique_ptr > () = std::move(yystack_[1].value.as < std::unique_ptr > ()); } -#line 5620 "seclang-parser.cc" +#line 5615 "seclang-parser.cc" break; case 438: // run_time_string: run_time_string var -#line 3039 "seclang-parser.yy" +#line 3034 "seclang-parser.yy" { yystack_[1].value.as < std::unique_ptr > ()->appendVar(std::move(yystack_[0].value.as < std::unique_ptr > ())); yylhs.value.as < std::unique_ptr > () = std::move(yystack_[1].value.as < std::unique_ptr > ()); } -#line 5629 "seclang-parser.cc" +#line 5624 "seclang-parser.cc" break; case 439: // run_time_string: "FREE_TEXT_QUOTE_MACRO_EXPANSION" -#line 3044 "seclang-parser.yy" +#line 3039 "seclang-parser.yy" { std::unique_ptr r(new RunTimeString()); r->appendText(yystack_[0].value.as < std::string > ()); yylhs.value.as < std::unique_ptr > () = std::move(r); } -#line 5639 "seclang-parser.cc" +#line 5634 "seclang-parser.cc" break; case 440: // run_time_string: var -#line 3050 "seclang-parser.yy" +#line 3045 "seclang-parser.yy" { std::unique_ptr r(new RunTimeString()); r->appendVar(std::move(yystack_[0].value.as < std::unique_ptr > ())); yylhs.value.as < std::unique_ptr > () = std::move(r); } -#line 5649 "seclang-parser.cc" +#line 5644 "seclang-parser.cc" break; -#line 5653 "seclang-parser.cc" +#line 5648 "seclang-parser.cc" default: break; @@ -7150,43 +7145,43 @@ namespace yy { 966, 970, 974, 979, 984, 988, 992, 996, 1000, 1004, 1008, 1012, 1016, 1020, 1024, 1028, 1032, 1036, 1040, 1044, 1048, 1052, 1056, 1060, 1074, 1075, 1107, 1126, 1147, 1177, - 1239, 1246, 1250, 1254, 1258, 1262, 1266, 1270, 1274, 1283, - 1287, 1292, 1295, 1300, 1305, 1310, 1315, 1318, 1323, 1326, - 1331, 1336, 1339, 1344, 1349, 1354, 1359, 1364, 1369, 1374, - 1377, 1382, 1387, 1392, 1397, 1400, 1405, 1410, 1415, 1428, - 1441, 1454, 1467, 1480, 1506, 1534, 1546, 1566, 1593, 1599, - 1604, 1609, 1618, 1623, 1627, 1631, 1635, 1639, 1643, 1647, - 1652, 1657, 1669, 1675, 1679, 1683, 1694, 1703, 1704, 1711, - 1716, 1721, 1775, 1782, 1790, 1827, 1831, 1838, 1843, 1849, - 1855, 1861, 1868, 1878, 1882, 1886, 1890, 1894, 1898, 1902, - 1906, 1910, 1914, 1918, 1922, 1926, 1930, 1934, 1938, 1942, - 1946, 1950, 1954, 1958, 1962, 1966, 1970, 1974, 1978, 1982, - 1986, 1990, 1994, 1998, 2002, 2006, 2010, 2014, 2018, 2022, - 2026, 2030, 2034, 2038, 2042, 2046, 2050, 2054, 2058, 2062, - 2066, 2070, 2074, 2078, 2082, 2086, 2090, 2094, 2098, 2102, - 2106, 2110, 2114, 2118, 2122, 2126, 2130, 2134, 2138, 2142, - 2146, 2150, 2154, 2158, 2162, 2166, 2170, 2174, 2178, 2182, - 2186, 2190, 2194, 2198, 2202, 2206, 2210, 2214, 2218, 2222, - 2226, 2230, 2234, 2239, 2243, 2247, 2252, 2256, 2260, 2265, - 2270, 2274, 2278, 2282, 2286, 2290, 2294, 2298, 2302, 2306, - 2310, 2314, 2318, 2322, 2326, 2330, 2334, 2338, 2342, 2346, - 2350, 2354, 2358, 2362, 2366, 2370, 2374, 2378, 2382, 2386, - 2390, 2394, 2398, 2402, 2406, 2410, 2414, 2418, 2422, 2426, - 2430, 2434, 2438, 2442, 2446, 2450, 2454, 2458, 2462, 2466, - 2470, 2474, 2478, 2482, 2486, 2490, 2494, 2498, 2502, 2506, - 2510, 2518, 2525, 2532, 2539, 2546, 2553, 2560, 2567, 2574, - 2581, 2588, 2595, 2605, 2609, 2613, 2617, 2621, 2625, 2629, - 2633, 2638, 2643, 2648, 2652, 2656, 2660, 2664, 2669, 2674, - 2678, 2682, 2686, 2690, 2694, 2698, 2702, 2706, 2710, 2714, - 2718, 2722, 2726, 2731, 2735, 2739, 2743, 2747, 2751, 2755, - 2759, 2763, 2767, 2771, 2775, 2779, 2783, 2787, 2791, 2795, - 2799, 2803, 2807, 2811, 2815, 2819, 2823, 2827, 2831, 2835, - 2839, 2843, 2847, 2851, 2855, 2859, 2863, 2867, 2871, 2875, - 2879, 2883, 2887, 2891, 2895, 2899, 2903, 2907, 2911, 2915, - 2919, 2923, 2927, 2931, 2935, 2939, 2943, 2947, 2951, 2955, - 2959, 2963, 2967, 2971, 2975, 2979, 2983, 2987, 2991, 2995, - 2999, 3003, 3010, 3014, 3018, 3022, 3026, 3033, 3038, 3043, - 3049 + 1234, 1241, 1245, 1249, 1253, 1257, 1261, 1265, 1269, 1278, + 1282, 1287, 1290, 1295, 1300, 1305, 1310, 1313, 1318, 1321, + 1326, 1331, 1334, 1339, 1344, 1349, 1354, 1359, 1364, 1369, + 1372, 1377, 1382, 1387, 1392, 1395, 1400, 1405, 1410, 1423, + 1436, 1449, 1462, 1475, 1501, 1529, 1541, 1561, 1588, 1594, + 1599, 1604, 1613, 1618, 1622, 1626, 1630, 1634, 1638, 1642, + 1647, 1652, 1664, 1670, 1674, 1678, 1689, 1698, 1699, 1706, + 1711, 1716, 1770, 1777, 1785, 1822, 1826, 1833, 1838, 1844, + 1850, 1856, 1863, 1873, 1877, 1881, 1885, 1889, 1893, 1897, + 1901, 1905, 1909, 1913, 1917, 1921, 1925, 1929, 1933, 1937, + 1941, 1945, 1949, 1953, 1957, 1961, 1965, 1969, 1973, 1977, + 1981, 1985, 1989, 1993, 1997, 2001, 2005, 2009, 2013, 2017, + 2021, 2025, 2029, 2033, 2037, 2041, 2045, 2049, 2053, 2057, + 2061, 2065, 2069, 2073, 2077, 2081, 2085, 2089, 2093, 2097, + 2101, 2105, 2109, 2113, 2117, 2121, 2125, 2129, 2133, 2137, + 2141, 2145, 2149, 2153, 2157, 2161, 2165, 2169, 2173, 2177, + 2181, 2185, 2189, 2193, 2197, 2201, 2205, 2209, 2213, 2217, + 2221, 2225, 2229, 2234, 2238, 2242, 2247, 2251, 2255, 2260, + 2265, 2269, 2273, 2277, 2281, 2285, 2289, 2293, 2297, 2301, + 2305, 2309, 2313, 2317, 2321, 2325, 2329, 2333, 2337, 2341, + 2345, 2349, 2353, 2357, 2361, 2365, 2369, 2373, 2377, 2381, + 2385, 2389, 2393, 2397, 2401, 2405, 2409, 2413, 2417, 2421, + 2425, 2429, 2433, 2437, 2441, 2445, 2449, 2453, 2457, 2461, + 2465, 2469, 2473, 2477, 2481, 2485, 2489, 2493, 2497, 2501, + 2505, 2513, 2520, 2527, 2534, 2541, 2548, 2555, 2562, 2569, + 2576, 2583, 2590, 2600, 2604, 2608, 2612, 2616, 2620, 2624, + 2628, 2633, 2638, 2643, 2647, 2651, 2655, 2659, 2664, 2669, + 2673, 2677, 2681, 2685, 2689, 2693, 2697, 2701, 2705, 2709, + 2713, 2717, 2721, 2726, 2730, 2734, 2738, 2742, 2746, 2750, + 2754, 2758, 2762, 2766, 2770, 2774, 2778, 2782, 2786, 2790, + 2794, 2798, 2802, 2806, 2810, 2814, 2818, 2822, 2826, 2830, + 2834, 2838, 2842, 2846, 2850, 2854, 2858, 2862, 2866, 2870, + 2874, 2878, 2882, 2886, 2890, 2894, 2898, 2902, 2906, 2910, + 2914, 2918, 2922, 2926, 2930, 2934, 2938, 2942, 2946, 2950, + 2954, 2958, 2962, 2966, 2970, 2974, 2978, 2982, 2986, 2990, + 2994, 2998, 3005, 3009, 3013, 3017, 3021, 3028, 3033, 3038, + 3044 }; void @@ -7218,9 +7213,9 @@ namespace yy { } // yy -#line 7222 "seclang-parser.cc" +#line 7217 "seclang-parser.cc" -#line 3056 "seclang-parser.yy" +#line 3051 "seclang-parser.yy" void yy::seclang_parser::error (const location_type& l, const std::string& m) { diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy index 4137a9f8..0dd96771 100644 --- a/src/parser/seclang-parser.yy +++ b/src/parser/seclang-parser.yy @@ -1079,7 +1079,7 @@ expression: for (auto &i : *$4.get()) { if (dynamic_cast(i.get())) { std::shared_ptr at = std::move(i); - std::shared_ptr t2 = std::static_pointer_cast(std::move(at)); + std::shared_ptr t2 = std::dynamic_pointer_cast(std::move(at)); t->push_back(std::move(t2)); } else { a->push_back(i.release()); @@ -1130,7 +1130,7 @@ expression: for (auto &i : *$2.get()) { if (dynamic_cast(i.get())) { std::shared_ptr at = std::move(i); - std::shared_ptr t2 = std::static_pointer_cast(std::move(at)); + std::shared_ptr t2 = std::dynamic_pointer_cast(std::move(at)); t->push_back(std::move(t2)); } else { a->push_back(i.release()); @@ -1152,7 +1152,7 @@ expression: for (auto &i : *$2.get()) { if (dynamic_cast(i.get())) { std::shared_ptr at = std::move(i); - std::shared_ptr t2 = std::static_pointer_cast(std::move(at)); + std::shared_ptr t2 = std::dynamic_pointer_cast(std::move(at)); t->push_back(std::move(t2)); } else { a->push_back(i.release()); @@ -1190,19 +1190,14 @@ expression: hasDisruptive = true; } if (phase != NULL) { - definedPhase = phase->m_phase; - secRuleDefinedPhase = phase->m_secRulesPhase; + definedPhase = phase->getPhase(); + secRuleDefinedPhase = phase->getSecRulePhase(); delete phase; - } else if (a->m_actionKind == actions::Action::RunTimeOnlyIfMatchKind || - a->m_actionKind == actions::Action::RunTimeBeforeMatchAttemptKind) { - actions::transformations::None *none = dynamic_cast(a); - if (none != NULL) { - driver.error(@0, "The transformation none is not suitable to be part of the SecDefaultActions"); - YYERROR; - } + } else if (dynamic_cast(a) + && !dynamic_cast(a)) { checkedActions.push_back(a); } else { - driver.error(@0, "The action '" + *a->m_name.get() + "' is not suitable to be part of the SecDefaultActions"); + driver.error(@0, "The action '" + *a->getName() + "' is not suitable to be part of the SecDefaultActions"); YYERROR; } } @@ -2616,19 +2611,19 @@ act: } | ACTION_AUDIT_LOG { - ACTION_CONTAINER($$, new actions::AuditLog($1)); + ACTION_CONTAINER($$, new actions::AuditLog()); } | ACTION_BLOCK { - ACTION_CONTAINER($$, new actions::Block($1)); + ACTION_CONTAINER($$, new actions::Block()); } | ACTION_CAPTURE { - ACTION_CONTAINER($$, new actions::Capture($1)); + ACTION_CONTAINER($$, new actions::Capture()); } | ACTION_CHAIN { - ACTION_CONTAINER($$, new actions::Chain($1)); + ACTION_CONTAINER($$, new actions::Chain()); } | ACTION_CTL_AUDIT_ENGINE CONFIG_VALUE_ON { @@ -2709,7 +2704,7 @@ act: } | ACTION_DENY { - ACTION_CONTAINER($$, new actions::disruptive::Deny($1)); + ACTION_CONTAINER($$, new actions::disruptive::Deny()); } | ACTION_DEPRECATE_VAR { @@ -2717,7 +2712,7 @@ act: } | ACTION_DROP { - ACTION_CONTAINER($$, new actions::disruptive::Drop($1)); + ACTION_CONTAINER($$, new actions::disruptive::Drop()); } | ACTION_EXEC { @@ -2742,7 +2737,7 @@ act: } | ACTION_LOG { - ACTION_CONTAINER($$, new actions::Log($1)); + ACTION_CONTAINER($$, new actions::Log()); } | ACTION_MATURITY { @@ -2754,19 +2749,19 @@ act: } | ACTION_MULTI_MATCH { - ACTION_CONTAINER($$, new actions::MultiMatch($1)); + ACTION_CONTAINER($$, new actions::MultiMatch()); } | ACTION_NO_AUDIT_LOG { - ACTION_CONTAINER($$, new actions::NoAuditLog($1)); + ACTION_CONTAINER($$, new actions::NoAuditLog()); } | ACTION_NO_LOG { - ACTION_CONTAINER($$, new actions::NoLog($1)); + ACTION_CONTAINER($$, new actions::NoLog()); } | ACTION_PASS { - ACTION_CONTAINER($$, new actions::disruptive::Pass($1)); + ACTION_CONTAINER($$, new actions::disruptive::Pass()); } | ACTION_PAUSE { @@ -2862,147 +2857,147 @@ act: } | ACTION_TRANSFORMATION_PARITY_ZERO_7_BIT { - ACTION_CONTAINER($$, new actions::transformations::ParityZero7bit($1)); + ACTION_CONTAINER($$, new actions::transformations::ParityZero7bit()); } | ACTION_TRANSFORMATION_PARITY_ODD_7_BIT { - ACTION_CONTAINER($$, new actions::transformations::ParityOdd7bit($1)); + ACTION_CONTAINER($$, new actions::transformations::ParityOdd7bit()); } | ACTION_TRANSFORMATION_PARITY_EVEN_7_BIT { - ACTION_CONTAINER($$, new actions::transformations::ParityEven7bit($1)); + ACTION_CONTAINER($$, new actions::transformations::ParityEven7bit()); } | ACTION_TRANSFORMATION_SQL_HEX_DECODE { - ACTION_CONTAINER($$, new actions::transformations::SqlHexDecode($1)); + ACTION_CONTAINER($$, new actions::transformations::SqlHexDecode()); } | ACTION_TRANSFORMATION_BASE_64_ENCODE { - ACTION_CONTAINER($$, new actions::transformations::Base64Encode($1)); + ACTION_CONTAINER($$, new actions::transformations::Base64Encode()); } | ACTION_TRANSFORMATION_BASE_64_DECODE { - ACTION_CONTAINER($$, new actions::transformations::Base64Decode($1)); + ACTION_CONTAINER($$, new actions::transformations::Base64Decode()); } | ACTION_TRANSFORMATION_BASE_64_DECODE_EXT { - ACTION_CONTAINER($$, new actions::transformations::Base64DecodeExt($1)); + ACTION_CONTAINER($$, new actions::transformations::Base64DecodeExt()); } | ACTION_TRANSFORMATION_CMD_LINE { - ACTION_CONTAINER($$, new actions::transformations::CmdLine($1)); + ACTION_CONTAINER($$, new actions::transformations::CmdLine()); } | ACTION_TRANSFORMATION_SHA1 { - ACTION_CONTAINER($$, new actions::transformations::Sha1($1)); + ACTION_CONTAINER($$, new actions::transformations::Sha1()); } | ACTION_TRANSFORMATION_MD5 { - ACTION_CONTAINER($$, new actions::transformations::Md5($1)); + ACTION_CONTAINER($$, new actions::transformations::Md5()); } | ACTION_TRANSFORMATION_ESCAPE_SEQ_DECODE { - ACTION_CONTAINER($$, new actions::transformations::EscapeSeqDecode($1)); + ACTION_CONTAINER($$, new actions::transformations::EscapeSeqDecode()); } | ACTION_TRANSFORMATION_HEX_ENCODE { - ACTION_CONTAINER($$, new actions::transformations::HexEncode($1)); + ACTION_CONTAINER($$, new actions::transformations::HexEncode()); } | ACTION_TRANSFORMATION_HEX_DECODE { - ACTION_CONTAINER($$, new actions::transformations::HexDecode($1)); + ACTION_CONTAINER($$, new actions::transformations::HexDecode()); } | ACTION_TRANSFORMATION_LOWERCASE { - ACTION_CONTAINER($$, new actions::transformations::LowerCase($1)); + ACTION_CONTAINER($$, new actions::transformations::LowerCase()); } | ACTION_TRANSFORMATION_UPPERCASE { - ACTION_CONTAINER($$, new actions::transformations::UpperCase($1)); + ACTION_CONTAINER($$, new actions::transformations::UpperCase()); } | ACTION_TRANSFORMATION_URL_DECODE_UNI { - ACTION_CONTAINER($$, new actions::transformations::UrlDecodeUni($1)); + ACTION_CONTAINER($$, new actions::transformations::UrlDecodeUni()); } | ACTION_TRANSFORMATION_URL_DECODE { - ACTION_CONTAINER($$, new actions::transformations::UrlDecode($1)); + ACTION_CONTAINER($$, new actions::transformations::UrlDecode()); } | ACTION_TRANSFORMATION_URL_ENCODE { - ACTION_CONTAINER($$, new actions::transformations::UrlEncode($1)); + ACTION_CONTAINER($$, new actions::transformations::UrlEncode()); } | ACTION_TRANSFORMATION_NONE { - ACTION_CONTAINER($$, new actions::transformations::None($1)); + ACTION_CONTAINER($$, new actions::transformations::None()); } | ACTION_TRANSFORMATION_COMPRESS_WHITESPACE { - ACTION_CONTAINER($$, new actions::transformations::CompressWhitespace($1)); + ACTION_CONTAINER($$, new actions::transformations::CompressWhitespace()); } | ACTION_TRANSFORMATION_REMOVE_WHITESPACE { - ACTION_CONTAINER($$, new actions::transformations::RemoveWhitespace($1)); + ACTION_CONTAINER($$, new actions::transformations::RemoveWhitespace()); } | ACTION_TRANSFORMATION_REPLACE_NULLS { - ACTION_CONTAINER($$, new actions::transformations::ReplaceNulls($1)); + ACTION_CONTAINER($$, new actions::transformations::ReplaceNulls()); } | ACTION_TRANSFORMATION_REMOVE_NULLS { - ACTION_CONTAINER($$, new actions::transformations::RemoveNulls($1)); + ACTION_CONTAINER($$, new actions::transformations::RemoveNulls()); } | ACTION_TRANSFORMATION_HTML_ENTITY_DECODE { - ACTION_CONTAINER($$, new actions::transformations::HtmlEntityDecode($1)); + ACTION_CONTAINER($$, new actions::transformations::HtmlEntityDecode()); } | ACTION_TRANSFORMATION_JS_DECODE { - ACTION_CONTAINER($$, new actions::transformations::JsDecode($1)); + ACTION_CONTAINER($$, new actions::transformations::JsDecode()); } | ACTION_TRANSFORMATION_CSS_DECODE { - ACTION_CONTAINER($$, new actions::transformations::CssDecode($1)); + ACTION_CONTAINER($$, new actions::transformations::CssDecode()); } | ACTION_TRANSFORMATION_TRIM { - ACTION_CONTAINER($$, new actions::transformations::Trim($1)); + ACTION_CONTAINER($$, new actions::transformations::Trim()); } | ACTION_TRANSFORMATION_TRIM_LEFT { - ACTION_CONTAINER($$, new actions::transformations::TrimLeft($1)); + ACTION_CONTAINER($$, new actions::transformations::TrimLeft()); } | ACTION_TRANSFORMATION_TRIM_RIGHT { - ACTION_CONTAINER($$, new actions::transformations::TrimRight($1)); + ACTION_CONTAINER($$, new actions::transformations::TrimRight()); } | ACTION_TRANSFORMATION_NORMALISE_PATH_WIN { - ACTION_CONTAINER($$, new actions::transformations::NormalisePathWin($1)); + ACTION_CONTAINER($$, new actions::transformations::NormalisePathWin()); } | ACTION_TRANSFORMATION_NORMALISE_PATH { - ACTION_CONTAINER($$, new actions::transformations::NormalisePath($1)); + ACTION_CONTAINER($$, new actions::transformations::NormalisePath()); } | ACTION_TRANSFORMATION_LENGTH { - ACTION_CONTAINER($$, new actions::transformations::Length($1)); + ACTION_CONTAINER($$, new actions::transformations::Length()); } | ACTION_TRANSFORMATION_UTF8_TO_UNICODE { - ACTION_CONTAINER($$, new actions::transformations::Utf8ToUnicode($1)); + ACTION_CONTAINER($$, new actions::transformations::Utf8ToUnicode()); } | ACTION_TRANSFORMATION_REMOVE_COMMENTS_CHAR { - ACTION_CONTAINER($$, new actions::transformations::RemoveCommentsChar($1)); + ACTION_CONTAINER($$, new actions::transformations::RemoveCommentsChar()); } | ACTION_TRANSFORMATION_REMOVE_COMMENTS { - ACTION_CONTAINER($$, new actions::transformations::RemoveComments($1)); + ACTION_CONTAINER($$, new actions::transformations::RemoveComments()); } | ACTION_TRANSFORMATION_REPLACE_COMMENTS { - ACTION_CONTAINER($$, new actions::transformations::ReplaceComments($1)); + ACTION_CONTAINER($$, new actions::transformations::ReplaceComments()); } ; diff --git a/src/rule_message.cc b/src/rule_message.cc index 31bf1903..3c29789c 100644 --- a/src/rule_message.cc +++ b/src/rule_message.cc @@ -41,7 +41,7 @@ std::string RuleMessage::_details(const RuleMessage *rm) { msg.append(" [ver \"" + rm->getVer() + "\"]"); msg.append(" [maturity \"" + std::to_string(rm->getMaturity()) + "\"]"); msg.append(" [accuracy \"" + std::to_string(rm->getAccuracy()) + "\"]"); - for (auto &a : rm->m_tags) { + for (auto a : rm->m_tags) { msg.append(" [tag \"" + a + "\"]"); } msg.append(" [hostname \"" + rm->getServerIpAddress() + "\"]"); diff --git a/src/rule_with_actions.cc b/src/rule_with_actions.cc index 5ab4d86b..46f7cf54 100644 --- a/src/rule_with_actions.cc +++ b/src/rule_with_actions.cc @@ -44,9 +44,16 @@ #include "src/actions/severity.h" #include "src/actions/tag.h" #include "src/actions/transformations/transformation.h" +#include "src/actions/transformations/none.h" #include "src/actions/xmlns.h" #include "src/utils/string.h" #include "src/actions/action_with_run_time_string.h" +#include "src/actions/phase.h" +#include "src/actions/chain.h" +#include "src/actions/rule_id.h" +#include "src/actions/ver.h" +#include "src/actions/action_type_rule_metadata.h" + namespace modsecurity { @@ -113,58 +120,29 @@ void RuleWithActions::addDefaultAction(std::shared_ptr a) { arts->populate(this); } - if (a->m_actionKind == Action::ConfigurationKind) { - if (dynamic_cast(a.get())) { - actions::Accuracy *accuracy = dynamic_cast(a.get()); - m_defaultAccuracy = accuracy->getAccuracy(); - } else if (dynamic_cast(a.get())) { - actions::Rev *rev = dynamic_cast(a.get()); - m_defaultRevision = rev->getRevision(); - } else { - a->execute(this, NULL); - } + if (dynamic_cast(a.get())) { + ActionTypeRuleMetaData *conf = dynamic_cast(a.get()); + conf->configure(this); return; } - if (a->m_actionKind == Action::RunTimeOnlyIfMatchKind) { - if (dynamic_cast(a.get())) { - m_defaultContainsCaptureAction = true; - } else if (dynamic_cast(a.get())) { - m_defaultContainsMultiMatchAction = true; - } else if (dynamic_cast(a.get())) { - actions::Severity *severity = dynamic_cast(a.get()); - setDefaultActionSeverity(severity->m_severity); - } else if (dynamic_cast(a.get())) { - actions::Maturity *maturity = dynamic_cast(a.get()); - setDefaultActionMaturity(maturity->getMaturity()); - } else if (dynamic_cast(a.get())) { - m_defaultActionLogData = std::static_pointer_cast(a); - } else if (dynamic_cast(a.get())) { - m_defaultActionMsg = std::static_pointer_cast(a); - } else if (dynamic_cast(a.get())) { - actions::SetVar *var = dynamic_cast(a.get()); - m_actionsSetVar.push_back(std::unique_ptr(var)); - } else if (dynamic_cast(a.get())) { - m_defaultActionActionsTag.push_back(std::static_pointer_cast(a)); - } else if (dynamic_cast(a.get())) { - m_defaultContainsLogAction = true; - } else if (dynamic_cast(a.get())) { - m_defaultContainsNoLogAction = true; - } else if (dynamic_cast(a.get())) { - m_defaultActionActionsRuntimePos.push_back(a); - m_defaultContainsStaticBlockAction = true; - } else if (a->isDisruptive() == true) { - m_defaultActionDisruptiveAction = a; - } else { - m_defaultActionActionsRuntimePos.push_back(a); - } - return; + if (dynamic_cast(a.get())) { + m_defaultActionLogData.reset(dynamic_cast(a.get())); + } else if (dynamic_cast(a.get())) { + m_defaultActionMsg.reset(dynamic_cast(a.get())); + } else if (dynamic_cast(a.get())) { + actions::SetVar *var = dynamic_cast(a.get()); + m_actionsSetVar.push_back(std::unique_ptr(var)); + } else if (dynamic_cast(a.get())) { + m_defaultActionActionsTag.push_back(std::dynamic_pointer_cast(a)); + } else if (dynamic_cast(a.get())) { + m_defaultActionActionsRuntimePos.push_back(a); + m_defaultContainsStaticBlockAction = true; + } else if (a->isDisruptive() == true) { + m_defaultActionDisruptiveAction = a; + } else { + m_defaultActionActionsRuntimePos.push_back(a); } - - std::cout << "General failure, action: " << *a->m_name; - std::cout << " has an unknown type." << std::endl; - throw; - } void RuleWithActions::addAction(actions::Action *a) { @@ -175,68 +153,33 @@ void RuleWithActions::addAction(actions::Action *a) { arts->populate(this); } - if (a->m_actionKind == Action::ConfigurationKind) { - if (dynamic_cast(a)) { - actions::Accuracy *accuracy = dynamic_cast(a); - m_accuracy = accuracy->getAccuracy(); - } else if (dynamic_cast(a)) { - actions::Rev *rev = dynamic_cast(a); - m_revision = rev->getRevision(); - } else { - a->execute(this, NULL); - } + if (dynamic_cast(a)) { + ActionTypeRuleMetaData *conf = dynamic_cast(a); + conf->configure(this); delete a; return; } - if (a->m_actionKind == Action::RunTimeOnlyIfMatchKind) { - if (dynamic_cast(a)) { - m_containsCaptureAction = true; - delete a; - } else if (dynamic_cast(a)) { - m_containsMultiMatchAction = true; - delete a; - } else if (dynamic_cast(a)) { - actions::Severity *severity = dynamic_cast(a); - setSeverity(severity->m_severity); - delete a; - } else if (dynamic_cast(a)) { - m_logData = std::unique_ptr(dynamic_cast(a)); - } else if (dynamic_cast(a)) { - m_msg = std::unique_ptr(dynamic_cast(a)); - } else if (dynamic_cast(a)) { - actions::SetVar *var = dynamic_cast(a); - m_actionsSetVar.push_back(std::unique_ptr(var)); - } else if (dynamic_cast(a)) { - actions::Maturity *maturity = dynamic_cast(a); - m_maturity = maturity->getMaturity(); - delete a; - } else if (dynamic_cast(a)) { - m_containsLogAction = true; - delete a; - } else if (dynamic_cast(a)) { - m_containsNoLogAction = true; - delete a; - } else if (dynamic_cast(a)) { - m_actionsTag.push_back(std::unique_ptr(dynamic_cast(a))); - } else if (dynamic_cast(a)) { - m_actionsRuntimePos.push_back(std::unique_ptr(dynamic_cast(a))); - m_containsStaticBlockAction = true; - } else if (dynamic_cast(a)) { - m_XmlNSs.push_back(std::unique_ptr(dynamic_cast(a))); - } else if (a->isDisruptive() == true) { - m_disruptiveAction = std::unique_ptr(a); - } else { - m_actionsRuntimePos.push_back(std::unique_ptr(a)); - } - return; + + if (dynamic_cast(a)) { + m_logData = std::unique_ptr(dynamic_cast(a)); + } else if (dynamic_cast(a)) { + m_msg = std::unique_ptr(dynamic_cast(a)); + } else if (dynamic_cast(a)) { + actions::SetVar *var = dynamic_cast(a); + m_actionsSetVar.push_back(std::unique_ptr(var)); + } else if (dynamic_cast(a)) { + m_actionsTag.push_back(std::unique_ptr(dynamic_cast(a))); + } else if (dynamic_cast(a)) { + m_actionsRuntimePos.push_back(std::unique_ptr(dynamic_cast(a))); + m_containsStaticBlockAction = true; + } else if (dynamic_cast(a)) { + m_XmlNSs.push_back(std::unique_ptr(dynamic_cast(a))); + } else if (a->isDisruptive() == true) { + m_disruptiveAction = std::unique_ptr(a); + } else { + m_actionsRuntimePos.push_back(std::unique_ptr(a)); } - - std::cout << "General failure, action: " << *a->m_name; - std::cout << " has an unknown type." << std::endl; - delete a; - throw; - } @@ -255,24 +198,9 @@ void RuleWithActions::executeActionsIndependentOfChainedRuleResult(Transaction * for (actions::SetVar *a : getSetVarsActionsPtr()) { ms_dbg_a(trans, 4, "Running [independent] (non-disruptive) " \ - "action: " + *a->m_name.get()); + "action: " + *a->getName()); - a->execute(this, trans); - } - - for (auto &b : - trans->m_rules->m_exceptions.m_action_pre_update_target_by_id) { - if (m_ruleId != b.first) { - continue; - } - actions::Action *a = dynamic_cast(b.second.get()); - if (a->isDisruptive() == true && *a->m_name.get() == "block") { - ms_dbg_a(trans, 9, "Rule contains a `block' action"); - } else if (*a->m_name.get() == "setvar") { - ms_dbg_a(trans, 4, "Running [independent] (non-disruptive) " \ - "action: " + *a->m_name.get()); - a->execute(this, trans); - } + a->execute(trans); } } @@ -280,22 +208,10 @@ void RuleWithActions::executeActionsIndependentOfChainedRuleResult(Transaction * void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans) { bool disruptiveAlreadyExecuted = false; -#if 0 - for (auto &a : trans->m_rules->m_defaultActions[getPhase()]) { - if (a.get()->m_actionKind != actions::Action::RunTimeOnlyIfMatchKind) { - continue; - } - if (!a.get()->isDisruptive()) { - executeAction(trans, a.get(), true); - - } - } -#endif - for (actions::Tag *a : getTagsActionPtr()) { ms_dbg_a(trans, 4, "Running (non-disruptive) action: " \ - + *a->m_name.get()); - a->execute(this, trans); + + a->getTagName(trans)); + a->execute(trans); } /** @@ -309,20 +225,25 @@ void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans) { continue; } actions::Action *a = dynamic_cast(b.second.get()); + if (a->isDisruptive()) { + trans->messageGetLast()->setRule(this); + } executeAction(trans, a, false); - disruptiveAlreadyExecuted = true; + if (a->isDisruptive()) { + disruptiveAlreadyExecuted = true; + } } if (m_logData) { - m_logData->execute(this, trans); + m_logData->execute(trans); } else if (m_defaultActionLogData) { - m_defaultActionLogData->execute(this, trans); + m_defaultActionLogData->execute(trans); } if (m_msg) { - m_msg->execute(this, trans); + m_msg->execute(trans); } else if (m_defaultActionMsg) { - m_defaultActionMsg->execute(this, trans); + m_defaultActionMsg->execute(trans); } for (auto &a : getMatchActionsPtr()) { @@ -346,28 +267,27 @@ void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans) { void RuleWithActions::executeAction(Transaction *trans, Action *a, bool defaultContext) { - if (a->isDisruptive() == false && *a->m_name.get() != "block") { - ms_dbg_a(trans, 9, "Running " \ - "action: " + *a->m_name.get()); - a->execute(this, trans); + if (a->isDisruptive() == false) { + ms_dbg_a(trans, 9, "Running action: " + *a->getName()); + a->execute(trans); return; } if (defaultContext && !hasBlockAction()) { - ms_dbg_a(trans, 4, "Ignoring action: " + *a->m_name.get() + \ + ms_dbg_a(trans, 4, "Ignoring action: " + *a->getName() + \ " (rule does not cotains block)"); return; } if (trans->getRuleEngineState() == RulesSet::EnabledRuleEngine) { ms_dbg_a(trans, 4, "Running (disruptive) action: " + - *a->m_name.get() + "."); - a->execute(this, trans); + *a->getName() + "."); + a->execute(trans); return; } - ms_dbg_a(trans, 4, "Not running any disruptive action (or block): " \ - + *a->m_name.get() + ". SecRuleEngine is not On."); + ms_dbg_a(trans, 4, "Not running disruptive action: " \ + + *a->getName() + ". SecRuleEngine is not On."); } @@ -387,7 +307,7 @@ void RuleWithActions::executeTransformations( std::shared_ptr(new std::string(in)); for (Transformation *action : getTransformationPtr()) { - if (action->isNone()) { + if (dynamic_cast(action)) { none++; } } @@ -396,7 +316,7 @@ void RuleWithActions::executeTransformations( if (none == 0) { executeTransformation(trans, &results, t); } - if (t->isNone()) { + if (dynamic_cast(t)) { none--; } } @@ -404,40 +324,29 @@ void RuleWithActions::executeTransformations( // FIXME: It can't be something different from transformation. Sort this // on rules compile time. for (auto &b : - trans->m_rules->m_exceptions.m_action_pre_update_target_by_id) { + trans->m_rules->m_exceptions.m_action_transformation_update_target_by_id) { if (m_ruleId != b.first) { continue; } - Transformation *t = dynamic_cast(b.second.get()); - if (t->isNone()) { + Transformation *t = b.second.get(); + if (dynamic_cast(t)) { none++; } } for (auto &b : - trans->m_rules->m_exceptions.m_action_pre_update_target_by_id) { + trans->m_rules->m_exceptions.m_action_transformation_update_target_by_id) { if (m_ruleId != b.first) { continue; } - Transformation *t = dynamic_cast(b.second.get()); + Transformation *t = b.second.get(); if (none == 0) { executeTransformation(trans, &results, t); } - if (t->isNone()) { + if (dynamic_cast(t)) { none--; } } - -/* - if (hasMultimatchAction() == true) { - ms_dbg_a(trans, 9, "multiMatch is enabled. " \ - + std::to_string(results.size()) + \ - " values to be tested."); - } else { - //results.push_back(TransformationResult(nullptr, ssin)); - //results.pop_front(); - } -*/ } @@ -465,13 +374,13 @@ void RuleWithActions::executeTransformation( transformation->execute(transaction, in, out); ms_dbg_a(transaction, 9, " T (" + std::to_string(ret->size() - 1) + ") " + \ - *transformation->m_name.get() + ": \"" + \ + *transformation->getName() + ": \"" + \ utils::string::limitTo(80, out.c_str()) + "\""); ret->push_back( TransformationResult( - &out, - transformation->m_name.get() + out, + transformation->getName() ) ); } diff --git a/src/rule_with_actions.h b/src/rule_with_actions.h index a890d579..b81c2092 100644 --- a/src/rule_with_actions.h +++ b/src/rule_with_actions.h @@ -29,6 +29,8 @@ #include "modsecurity/modsecurity.h" #include "modsecurity/variable_value.h" #include "modsecurity/rule.h" +#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" #ifdef __cplusplus @@ -53,6 +55,7 @@ using Transformation = actions::transformations::Transformation; using Transformations = std::vector >; using TransformationsPtr = std::vector; using Action = actions::Action; +using ActionTypeRuleMetaData = actions::ActionTypeRuleMetaData; using Actions = std::vector; using Tags = std::vector >; using TagsPtr = std::vector; @@ -67,10 +70,10 @@ using XmlNSsPtr = std::vector; class TransformationResult { public: - TransformationResult( - ModSecString *after, - std::string *transformation) - : m_after(*after), + explicit TransformationResult( + ModSecString &after, + const std::string *transformation = nullptr) + : m_after(after), m_transformation(transformation) { }; explicit TransformationResult( @@ -88,14 +91,14 @@ class TransformationResult { } - std::string *getTransformationName() { + const std::string *getTransformationName() const { return m_transformation; } private: ModSecString m_after; - std::string *m_transformation; + const std::string *m_transformation; }; using TransformationsResults = std::list; @@ -218,7 +221,6 @@ class RuleWithActions : public Rule { Action *a, bool context); - static void executeTransformation( Transaction *transaction, TransformationsResults *ret, @@ -343,6 +345,7 @@ class RuleWithActions : public Rule { inline bool hasChainedParent() const { return m_chainedRuleParent != nullptr; } inline bool hasChainedChild() const { return m_chainedRuleChild.get() != nullptr; } + inline void setHasCaptureAction(bool b) { m_containsCaptureAction = b; } inline bool hasCaptureAction() const { return m_containsCaptureAction || m_defaultContainsCaptureAction; } inline bool hasDisruptiveAction() const { return m_disruptiveAction != nullptr || m_defaultActionDisruptiveAction != nullptr; } @@ -352,6 +355,7 @@ class RuleWithActions : public Rule { inline bool hasBlockAction() const { return m_containsStaticBlockAction || m_defaultContainsStaticBlockAction; } inline void setHasBlockAction(bool b) { m_containsStaticBlockAction = b; } + inline void setHasMultimatchAction(bool b) { m_containsMultiMatchAction = b; } inline bool hasMultimatchAction() const { return m_containsMultiMatchAction || m_defaultContainsMultiMatchAction; } inline bool hasLogAction() const { return m_containsLogAction == true; } diff --git a/src/rules_exceptions.cc b/src/rules_exceptions.cc index 4259ac09..aee9e8c0 100644 --- a/src/rules_exceptions.cc +++ b/src/rules_exceptions.cc @@ -19,6 +19,8 @@ #include "src/utils/string.h" #include "src/variables/variable.h" +#include "src/actions/action_type_rule_metadata.h" +#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -36,21 +38,26 @@ bool RulesExceptions::loadUpdateActionById(double id, std::string *error) { for (auto &a : *actions) { - if (a->m_actionKind == actions::Action::ConfigurationKind) { - std::cout << "General failure, action: " << a->m_name; + if (dynamic_cast(a.get())) { + std::cout << "General failure, action: " << *a->getName(); std::cout << " has not expected to be used with UpdateActionByID."; std::cout << std::endl; - } else if (a->m_actionKind - == actions::Action::RunTimeBeforeMatchAttemptKind) { - m_action_pre_update_target_by_id.emplace(std::pair>(id , std::move(a))); - } else if (a->m_actionKind == actions::Action::RunTimeOnlyIfMatchKind) { - m_action_pos_update_target_by_id.emplace(std::pair>(id , std::move(a))); - } else { - std::cout << "General failure, action: " << a->m_name; - std::cout << " has an unknown type." << std::endl; + continue; } + + if (dynamic_cast(a.get())) { + actions::transformations::Transformation *t = dynamic_cast(a.get()); + m_action_transformation_update_target_by_id.emplace( + std::pair>(id, std::unique_ptr(t)) + ); + continue; + } + + m_action_pos_update_target_by_id.emplace( + std::pair>(id , std::move(a)) + ); } return true; @@ -247,10 +254,10 @@ bool RulesExceptions::merge(RulesExceptions *from) { p.second)); } - for (auto &p : from->m_action_pre_update_target_by_id) { - m_action_pre_update_target_by_id.emplace( + for (auto &p : from->m_action_transformation_update_target_by_id) { + m_action_transformation_update_target_by_id.emplace( std::pair>(p.first, + std::shared_ptr>(p.first, p.second)); } diff --git a/src/transaction.cc b/src/transaction.cc index d768dc0c..be1b856e 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -53,7 +53,7 @@ #include "src/actions/disruptive/allow.h" #include "src/variables/remote_user.h" #include "src/rule_with_actions.h" - +#include "src/actions/ctl/audit_log_parts.h" using modsecurity::actions::Action; @@ -149,7 +149,7 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, void *logCbData) m_ruleRemoveTargetByTag(), m_ruleRemoveTargetById(), m_requestBodyAccess(RulesSet::PropertyNotSetConfigBoolean), - m_auditLogModifier(), + m_auditLogParts(0), m_requestBody(), m_responseBody(), /* m_id(), */ @@ -197,6 +197,10 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, void *logCbData) ms_dbg(4, "Initializing transaction"); + if (m_rules != NULL && m_rules->m_auditLog != NULL) { + m_auditLogParts = this->m_rules->m_auditLog->getParts(); + } + intervention::clean(&m_it); } @@ -222,7 +226,7 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, char *id, void *logCb m_ruleRemoveTargetByTag(), m_ruleRemoveTargetById(), m_requestBodyAccess(RulesSet::PropertyNotSetConfigBoolean), - m_auditLogModifier(), + m_auditLogParts(0), m_requestBody(), m_responseBody(), m_id(std::unique_ptr(new std::string(id))), @@ -267,6 +271,10 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, char *id, void *logCb ms_dbg(4, "Initializing transaction"); + if (m_rules != NULL && m_rules->m_auditLog != NULL) { + m_auditLogParts = this->m_rules->m_auditLog->getParts(); + } + intervention::clean(&m_it); } @@ -1406,35 +1414,15 @@ int Transaction::processLogging() { this->m_rules->evaluate(modsecurity::LoggingPhase, this); - /* If relevant, save this transaction information at the audit_logs */ - if (m_rules != NULL && m_rules->m_auditLog != NULL) { - int parts = this->m_rules->m_auditLog->getParts(); + if (m_auditLogParts != 0) { ms_dbg(8, "Checking if this request is suitable to be " \ "saved as an audit log."); - if (!this->m_auditLogModifier.empty()) { - ms_dbg(4, "There was an audit log modifier for this transaction."); - std::list>::iterator it; - ms_dbg(7, "AuditLog parts before modification(s): " + - std::to_string(parts) + "."); - for (it = m_auditLogModifier.begin(); - it != m_auditLogModifier.end(); ++it) { - std::pair p = *it; - if (p.first == 0) { // Add - parts = this->m_rules->m_auditLog->addParts(parts, - p.second); - } else { // Remove - parts = this->m_rules->m_auditLog->removeParts(parts, - p.second); - } - } - } - ms_dbg(8, "Checking if this request is relevant to be " \ - "part of the audit logs."); - bool saved = this->m_rules->m_auditLog->saveIfRelevant(this, parts); + // FIXME: m_auditLogParts can be accessed via Transaction. + bool saved = this->m_rules->m_auditLog->saveIfRelevant(this, m_auditLogParts); if (saved) { ms_dbg(8, "Request was relevant to be saved. Parts: " + - std::to_string(parts)); + std::to_string(m_auditLogParts)); } } @@ -1800,7 +1788,7 @@ std::string Transaction::toJSON(int parts) { reinterpret_cast("tags"), strlen("tags")); yajl_gen_array_open(g); - for (auto b : a->m_tags) { + for (auto &b : a->m_tags) { yajl_gen_string(g, reinterpret_cast(b.c_str()), strlen(b.c_str())); diff --git a/test/cppcheck_suppressions.txt b/test/cppcheck_suppressions.txt index 5a6fce7d..dbbaa62d 100644 --- a/test/cppcheck_suppressions.txt +++ b/test/cppcheck_suppressions.txt @@ -42,7 +42,7 @@ redundantAssignment:src/operators/pm.cc:94 functionStatic:src/operators/geo_lookup.h:39 useInitializationList:src/utils/shared_files.h:87 unmatchedSuppression:src/utils/msc_tree.cc -functionStatic:headers/modsecurity/transaction.h:452 +functionStatic:headers/modsecurity/transaction.h:454 duplicateBranch:src/audit_log/audit_log.cc:223 unreadVariable:src/request_body_processor/multipart.cc:435 stlcstrParam:src/audit_log/writer/parallel.cc:145 diff --git a/test/test-cases/regression/action-block.json b/test/test-cases/regression/action-block.json index 239df027..8bed1092 100644 --- a/test/test-cases/regression/action-block.json +++ b/test/test-cases/regression/action-block.json @@ -27,7 +27,7 @@ }, "rules":[ "SecRuleEngine On", - "SecDefaultAction \"phase:1,log,block,status:404\"", + "SecDefaultAction \"phase:1,log,status:404\"", "SecRule REQUEST_URI \"@contains path1\" \"phase:1,block,id:5\"" ] }, @@ -59,7 +59,7 @@ }, "rules":[ "SecRuleEngine On", - "SecDefaultAction \"phase:1,log,block,deny,status:400\"", + "SecDefaultAction \"phase:1,log,deny,status:400\"", "SecRule REQUEST_URI \"@contains path1\" \"phase:1,block,id:5\"" ] } diff --git a/test/test-cases/regression/action-tnf-base64.json b/test/test-cases/regression/action-tnf-base64.json index 7cb047ce..08875aaa 100644 --- a/test/test-cases/regression/action-tnf-base64.json +++ b/test/test-cases/regression/action-tnf-base64.json @@ -36,7 +36,7 @@ ] }, "expected":{ - "debug_log": "t:base64encode: \"dmFsdWUyCg==\"" + "debug_log": "t:base64Encode: \"dmFsdWUyCg==\"" }, "rules":[ "SecRuleEngine On", @@ -80,7 +80,7 @@ ] }, "expected":{ - "debug_log": "t:base64decode: \"value2\"" + "debug_log": "t:base64Decode: \"value2\"" }, "rules":[ "SecRuleEngine On", diff --git a/test/test-cases/regression/auditlog-ctl.json b/test/test-cases/regression/auditlog-ctl.json new file mode 100644 index 00000000..40a220b9 --- /dev/null +++ b/test/test-cases/regression/auditlog-ctl.json @@ -0,0 +1,240 @@ +[ + { + "enabled": 1, + "version_min": 300000, + "version_max": 0, + "title": "ctl:auditlogparts : +E", + "client": { + "ip": "200.249.12.31", + "port": 2313 + }, + "server": { + "ip": "200.249.12.31", + "port": 80 + }, + "request": { + "headers": { + "Host": "www.modsecurity.org", + "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", + "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", + "Accept-Language": "en-us,en;q=0.5", + "Accept-Encoding": "gzip,deflate", + "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", + "Keep-Alive": "300", + "Connection": "keep-alive", + "Pragma": "no-cache", + "Cache-Control": "no-cache" + }, + "uri": "\/test.pl?param1= test ¶m2=test2", + "method": "GET", + "http_version": 1.1, + "body": "" + }, + "response": { + "headers": { + "Content-Type": "plain\/text\n\r" + }, + "body": [ + "test" + ] + }, + "expected": { + "audit_log": "", + "debug_log": "Request was relevant to be saved. Parts: 34", + "error_log": "", + "http_code": 403 + }, + "rules": [ + "SecRuleEngine On", + "SecAuditEngine RelevantOnly", + "SecAuditLogParts A", + "SecAuditLogStorageDir /tmp/test", + "SecAuditLogDirMode 0766", + "SecAuditLogFileMode 0600", + "SecAuditLogType Parallel", + "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"", + "SecRule ARGS \"@contains test\" \"id:1,t:trim,ctl:auditlogparts=+E\"", + "SecRule ARGS \"@contains test\" \"id:2,t:trim,deny,auditlog\"" + ] + }, + { + "enabled": 1, + "version_min": 300000, + "version_max": 0, + "title": "ctl:auditlogparts : +E-E", + "client": { + "ip": "200.249.12.31", + "port": 2313 + }, + "server": { + "ip": "200.249.12.31", + "port": 80 + }, + "request": { + "headers": { + "Host": "www.modsecurity.org", + "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", + "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", + "Accept-Language": "en-us,en;q=0.5", + "Accept-Encoding": "gzip,deflate", + "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", + "Keep-Alive": "300", + "Connection": "keep-alive", + "Pragma": "no-cache", + "Cache-Control": "no-cache" + }, + "uri": "\/test.pl?param1= test ¶m2=test2", + "method": "GET", + "http_version": 1.1, + "body": "" + }, + "response": { + "headers": { + "Content-Type": "plain\/text\n\r" + }, + "body": [ + "test" + ] + }, + "expected": { + "audit_log": "", + "debug_log": "Request was relevant to be saved. Parts: 2", + "error_log": "", + "http_code": 403 + }, + "rules": [ + "SecRuleEngine On", + "SecAuditEngine RelevantOnly", + "SecAuditLogParts A", + "SecAuditLogStorageDir /tmp/test", + "SecAuditLogDirMode 0766", + "SecAuditLogFileMode 0600", + "SecAuditLogType Parallel", + "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"", + "SecRule ARGS \"@contains test\" \"id:1,t:trim,ctl:auditlogparts=+E\"", + "SecRule ARGS \"@contains test\" \"id:2,t:trim,ctl:auditlogparts=-E\"", + "SecRule ARGS \"@contains test\" \"id:3,t:trim,deny,auditlog\"" + ] + }, + { + "enabled": 1, + "version_min": 300000, + "version_max": 0, + "title": "ctl:auditlogparts : +E-E+E", + "client": { + "ip": "200.249.12.31", + "port": 2313 + }, + "server": { + "ip": "200.249.12.31", + "port": 80 + }, + "request": { + "headers": { + "Host": "www.modsecurity.org", + "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", + "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", + "Accept-Language": "en-us,en;q=0.5", + "Accept-Encoding": "gzip,deflate", + "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", + "Keep-Alive": "300", + "Connection": "keep-alive", + "Pragma": "no-cache", + "Cache-Control": "no-cache" + }, + "uri": "\/test.pl?param1= test ¶m2=test2", + "method": "GET", + "http_version": 1.1, + "body": "" + }, + "response": { + "headers": { + "Content-Type": "plain\/text\n\r" + }, + "body": [ + "test" + ] + }, + "expected": { + "audit_log": "", + "debug_log": "Request was relevant to be saved. Parts: 34", + "error_log": "", + "http_code": 403 + }, + "rules": [ + "SecRuleEngine On", + "SecAuditEngine RelevantOnly", + "SecAuditLogParts A", + "SecAuditLogStorageDir /tmp/test", + "SecAuditLogDirMode 0766", + "SecAuditLogFileMode 0600", + "SecAuditLogType Parallel", + "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"", + "SecRule ARGS \"@contains test\" \"id:1,t:trim,ctl:auditlogparts=+E\"", + "SecRule ARGS \"@contains test\" \"id:2,t:trim,ctl:auditlogparts=-E\"", + "SecRule ARGS \"@contains test\" \"id:3,t:trim,ctl:auditlogparts=+E\"", + "SecRule ARGS \"@contains test\" \"id:4,t:trim,deny,auditlog\"" + ] + }, + { + "enabled": 1, + "version_min": 300000, + "version_max": 0, + "title": "ctl:auditlogparts : +E-E+E+H", + "client": { + "ip": "200.249.12.31", + "port": 2313 + }, + "server": { + "ip": "200.249.12.31", + "port": 80 + }, + "request": { + "headers": { + "Host": "www.modsecurity.org", + "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", + "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", + "Accept-Language": "en-us,en;q=0.5", + "Accept-Encoding": "gzip,deflate", + "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", + "Keep-Alive": "300", + "Connection": "keep-alive", + "Pragma": "no-cache", + "Cache-Control": "no-cache" + }, + "uri": "\/test.pl?param1= test ¶m2=test2", + "method": "GET", + "http_version": 1.1, + "body": "" + }, + "response": { + "headers": { + "Content-Type": "plain\/text\n\r" + }, + "body": [ + "test" + ] + }, + "expected": { + "audit_log": "", + "debug_log": "Request was relevant to be saved. Parts: 290", + "error_log": "", + "http_code": 403 + }, + "rules": [ + "SecRuleEngine On", + "SecAuditEngine RelevantOnly", + "SecAuditLogParts A", + "SecAuditLogStorageDir /tmp/test", + "SecAuditLogDirMode 0766", + "SecAuditLogFileMode 0600", + "SecAuditLogType Parallel", + "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"", + "SecRule ARGS \"@contains test\" \"id:1,t:trim,ctl:auditlogparts=+E\"", + "SecRule ARGS \"@contains test\" \"id:2,t:trim,ctl:auditlogparts=-E\"", + "SecRule ARGS \"@contains test\" \"id:3,t:trim,ctl:auditlogparts=+E\"", + "SecRule ARGS \"@contains test\" \"id:4,t:trim,ctl:auditlogparts=+H\"", + "SecRule ARGS \"@contains test\" \"id:5,t:trim,deny,auditlog\"" + ] + } +] diff --git a/test/test-cases/regression/collection-regular_expression_selection.json b/test/test-cases/regression/collection-regular_expression_selection.json index cde06ac7..ec53d0c9 100644 --- a/test/test-cases/regression/collection-regular_expression_selection.json +++ b/test/test-cases/regression/collection-regular_expression_selection.json @@ -48,12 +48,12 @@ }, "expected":{ "audit_log":"", - "debug_log":"T \\(0\\) t:lowercase: \"test2\"", + "debug_log":"T \\(0\\) t:lowerCase: \"test2\"", "error_log":"" }, "rules":[ "SecRuleEngine On", - "SecRule ARGS:/^id_/ \"@contains nops\" \"id:1,t:lowercase,block,status:404\"" + "SecRule ARGS:/^id_/ \"@contains nops\" \"id:1,t:lowerCase,block,status:404\"" ] }, { diff --git a/test/test-cases/regression/config-secdefaultaction.json b/test/test-cases/regression/config-secdefaultaction.json index bb3d7d81..d4f71fed 100644 --- a/test/test-cases/regression/config-secdefaultaction.json +++ b/test/test-cases/regression/config-secdefaultaction.json @@ -48,14 +48,14 @@ }, "expected":{ "audit_log":"", - "debug_log":"lowercase: \"300\"", + "debug_log":"lowerCase: \"300\"", "error_log":"" }, "rules":[ "SecRuleEngine On", - "SecDefaultAction \"phase:2,t:lowercase,pass\"", + "SecDefaultAction \"phase:2,t:lowerCase,pass\"", "SecRule REQUEST_HEADERS \"@contains PHPSESSID\" \"phase:2,id:1,msg:'This is a test, %{REQUEST_HEADERS:Accept}%'\"", - "SecRule TX \"@contains to_test\" \"id:2,t:lowercase,t:none\"" + "SecRule TX \"@contains to_test\" \"id:2,t:lowerCase,t:none\"" ] }, { @@ -123,7 +123,7 @@ "version_max":0, "title":"Testing action :: SecDefaultAction: t:none", "expected":{ - "parser_error":"The transformation none is not suitable to be part of the SecDefaultActions" + "parser_error":"The action 't:none' is not suitable to be part of the SecDefaultActions" }, "rules":[ "SecRuleEngine On", diff --git a/test/test-cases/regression/misc-variable-under-quotes.json b/test/test-cases/regression/misc-variable-under-quotes.json index 5310f61e..c82c96e1 100644 --- a/test/test-cases/regression/misc-variable-under-quotes.json +++ b/test/test-cases/regression/misc-variable-under-quotes.json @@ -31,10 +31,10 @@ ] }, "expected":{ - "debug_log":"t:lowercase:" + "debug_log":"t:lowerCase:" }, "rules":[ - "SecRule \"REQUEST_LINE\" \"@contains index.php/admin/cms/wysiwyg/directive/\" \"id:1,t:lowercase,ctl:auditLogParts=+E\"" + "SecRule \"REQUEST_LINE\" \"@contains index.php/admin/cms/wysiwyg/directive/\" \"id:1,t:lowerCase,ctl:auditLogParts=+E\"" ] }, { @@ -69,10 +69,10 @@ ] }, "expected":{ - "debug_log":"t:lowercase:" + "debug_log":"t:lowerCase:" }, "rules":[ - "SecRule \"REQUEST_LINE\" \"index.php/admin/cms/wysiwyg/directive/\" \"id:1,t:lowercase,ctl:auditLogParts=+E\"" + "SecRule \"REQUEST_LINE\" \"index.php/admin/cms/wysiwyg/directive/\" \"id:1,t:lowerCase,ctl:auditLogParts=+E\"" ] } ] diff --git a/test/test-cases/regression/offset-variable.json b/test/test-cases/regression/offset-variable.json index 6f6b1233..20d87aa2 100644 --- a/test/test-cases/regression/offset-variable.json +++ b/test/test-cases/regression/offset-variable.json @@ -831,13 +831,13 @@ ] }, "expected":{ - "error_log":"o0,4v64,13t:lowercase", + "error_log":"o0,4v64,13t:lowerCase", "http_code": 403 }, "rules":[ "SecRequestBodyAccess On", "SecRuleEngine On", - "SecRule REQUEST_HEADERS_NAMES \"auth\" \"id:1,phase:2,pass,t:lowercase,msg:'ops',deny\"" + "SecRule REQUEST_HEADERS_NAMES \"auth\" \"id:1,phase:2,pass,t:lowerCase,msg:'ops',deny\"" ] }, { @@ -865,13 +865,13 @@ ] }, "expected":{ - "error_log":"o1,2v216,3t:lowercase", + "error_log":"o1,2v216,3t:lowerCase", "http_code":403 }, "rules":[ "SecRequestBodyAccess On", "SecRuleEngine On", - "SecRule REQUEST_COOKIES \"es\" \"id:1,phase:2,pass,t:lowercase,msg:'ops',deny\"" + "SecRule REQUEST_COOKIES \"es\" \"id:1,phase:2,pass,t:lowerCase,msg:'ops',deny\"" ] }, { @@ -899,13 +899,13 @@ ] }, "expected":{ - "error_log":"o0,1v223,1t:lowercase", + "error_log":"o0,1v223,1t:lowerCase", "http_code":403 }, "rules":[ "SecRequestBodyAccess On", "SecRuleEngine On", - "SecRule REQUEST_COOKIES \"z\" \"id:1,phase:2,pass,t:lowercase,msg:'ops',deny\"" + "SecRule REQUEST_COOKIES \"z\" \"id:1,phase:2,pass,t:lowerCase,msg:'ops',deny\"" ] }, { @@ -933,13 +933,13 @@ ] }, "expected":{ - "error_log":"o0,1v228,1t:lowercase", + "error_log":"o0,1v228,1t:lowerCase", "http_code": 403 }, "rules":[ "SecRequestBodyAccess On", "SecRuleEngine On", - "SecRule REQUEST_COOKIES \"b\" \"id:1,phase:2,pass,t:lowercase,msg:'ops',deny\"" + "SecRule REQUEST_COOKIES \"b\" \"id:1,phase:2,pass,t:lowerCase,msg:'ops',deny\"" ] }, { diff --git a/test/test-cases/regression/tempCodeRunnerFile.json b/test/test-cases/regression/tempCodeRunnerFile.json new file mode 100644 index 00000000..7437a22f --- /dev/null +++ b/test/test-cases/regression/tempCodeRunnerFile.json @@ -0,0 +1,38 @@ + + "enabled":1, + "version_min":300000, + "title":"Testing allow action (1/3)", + "expected":{ + "debug_log": "Skipped rule id 'action-allow.json:3' as request trough the utilization of an `allow' action", + "http_code": 200 + }, + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "User-Agent":"My sweet little browser", + "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120" + }, + "uri":"/?key=value&key=other_value", + "method":"GET" + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "rules":[ + "SecRuleEngine On", + "SecAction \"phase:1,allow,msg:'ALLOWED',id:500065\"", + "SecAction \"phase:1,deny,msg:'DENIED',id:500066\"" + ] + }, + { + "enabled":1, + "version_min":300000, + "title":"Testing allow action (2/3)", + "expected":{ \ No newline at end of file diff --git a/test/test-cases/regression/transformations.json b/test/test-cases/regression/transformations.json index dcb328f1..d49ae434 100644 --- a/test/test-cases/regression/transformations.json +++ b/test/test-cases/regression/transformations.json @@ -107,12 +107,12 @@ }, "expected": { "audit_log": "", - "debug_log": "lowercase: \"test", + "debug_log": "lowerCase: \"test", "error_log": "" }, "rules": [ "SecRuleEngine On", - "SecRule ARGS \"@contains test \" \"id:1,pass,t:trim,t:lowercase\"" + "SecRule ARGS \"@contains test \" \"id:1,pass,t:trim,t:lowerCase\"" ] } ]