diff --git a/headers/modsecurity/actions/action.h b/headers/modsecurity/actions/action.h index db0d2540..7abe072e 100644 --- a/headers/modsecurity/actions/action.h +++ b/headers/modsecurity/actions/action.h @@ -32,6 +32,7 @@ namespace modsecurity { class Transaction; class Rule; +class RuleWithActions; namespace actions { @@ -59,8 +60,8 @@ class Action { virtual std::string evaluate(const std::string &exp, Transaction *transaction); - virtual bool evaluate(Rule *rule, Transaction *transaction); - virtual bool evaluate(Rule *rule, Transaction *transaction, + virtual bool evaluate(RuleWithActions *rule, Transaction *transaction); + virtual bool evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr ruleMessage) { return evaluate(rule, transaction); } diff --git a/headers/modsecurity/rule.h b/headers/modsecurity/rule.h index adc8c06d..459a5caa 100644 --- a/headers/modsecurity/rule.h +++ b/headers/modsecurity/rule.h @@ -60,6 +60,8 @@ using TransformationResults = std::list; using Transformation = actions::transformations::Transformation; using Transformations = std::vector; +using Actions = std::vector; + using Tags = std::vector; using SetVars = std::vector; using MatchActions = std::vector; @@ -137,49 +139,21 @@ class RuleMarker : public RuleBase { }; -class Rule : public RuleBase { +class RuleWithActions : public RuleBase { public: - Rule(operators::Operator *op, - variables::Variables *variables, - std::vector *actions, - Transformations *transformations, - std::unique_ptr fileName, - int lineNumber); - explicit Rule(const std::string &marker, - std::unique_ptr fileName, - int lineNumber); - virtual ~Rule(); + RuleWithActions( + Actions *a, + Transformations *t, + std::unique_ptr fileName, + int lineNumber); - virtual bool evaluate(Transaction *transaction, - std::shared_ptr rm) override; + ~RuleWithActions(); - void organizeActions(std::vector *actions); - void cleanUpActions(); void executeAction(Transaction *trans, - bool containsBlock, std::shared_ptr ruleMessage, - actions::Action *a, bool context); - - - void getVariablesExceptions(Transaction *t, - variables::Variables *exclusion, variables::Variables *addition); - inline void getFinalVars(variables::Variables *vars, - variables::Variables *eclusion, Transaction *trans); - void executeActionsAfterFullMatch(Transaction *trasn, - bool containsDisruptive, std::shared_ptr ruleMessage); - - bool executeOperatorAt(Transaction *trasn, const std::string &key, - std::string value, std::shared_ptr rm); - void executeActionsIndependentOfChainedRuleResult(Transaction *trasn, - bool *b, std::shared_ptr ruleMessage); - static inline void updateMatchedVars(Transaction *trasn, const std::string &key, - const std::string &value); - static inline void cleanMatchedVars(Transaction *trasn); - - std::vector getActionsByName(const std::string& name, - Transaction *t); - bool containsTag(const std::string& name, Transaction *t); - bool containsMsg(const std::string& name, Transaction *t); - + bool containsBlock, + std::shared_ptr ruleMessage, + actions::Action *a, + bool context); void executeTransformations( Transaction *trasn, const std::string &value, TransformationResults &ret); @@ -191,15 +165,22 @@ class Rule : public RuleBase { std::string *path, int *nth) const; + void executeActionsIndependentOfChainedRuleResult(Transaction *trasn, + bool *b, std::shared_ptr ruleMessage); + void executeActionsAfterFullMatch(Transaction *trasn, + bool containsDisruptive, std::shared_ptr ruleMessage); - - inline bool isUnconditional() const { return m_operator == NULL; } + std::vector getActionsByName(const std::string& name, + Transaction *t); + bool containsTag(const std::string& name, Transaction *t); + bool containsMsg(const std::string& name, Transaction *t); inline bool isChained() const { return m_isChained == true; } inline bool hasCaptureAction() const { return m_containsCaptureAction == true; } inline void setChained(bool b) { m_isChained = b; } inline bool hasDisruptiveAction() const { return m_disruptiveAction != NULL; } - + inline bool hasBlockAction() const { return m_containsStaticBlockAction == true; } + inline bool hasMultimatch() const { return m_containsMultiMatchAction == true; } inline bool hasLogData() const { return m_logData != NULL; } std::string logData(Transaction *t); @@ -208,27 +189,14 @@ class Rule : public RuleBase { inline bool hasSeverity() const { return m_severity != NULL; } int severity() const; - std::string getOperatorName() const; - - int64_t m_ruleId; - - virtual std::string getReference() override { - return std::to_string(m_ruleId); - } - - std::unique_ptr m_chainedRuleChild; - Rule *m_chainedRuleParent; - - std::string m_marker; std::string m_rev; std::string m_ver; int m_accuracy; int m_maturity; - private: - modsecurity::variables::Variables *m_variables; - operators::Operator *m_operator; + int64_t m_ruleId; + private: /* actions */ actions::Action *m_disruptiveAction; actions::LogData *m_logData; @@ -245,11 +213,51 @@ class Rule : public RuleBase { bool m_containsMultiMatchAction:1; bool m_containsStaticBlockAction:1; bool m_isChained:1; - bool m_isSecMarker:1; +}; + + +class Rule : public RuleWithActions { + public: + Rule(operators::Operator *op, + variables::Variables *variables, + std::vector *actions, + Transformations *transformations, + std::unique_ptr fileName, + int lineNumber); + + virtual ~Rule(); + + bool evaluate(Transaction *transaction, + std::shared_ptr rm) override; + + void getVariablesExceptions(Transaction *t, + variables::Variables *exclusion, variables::Variables *addition); + inline void getFinalVars(variables::Variables *vars, + variables::Variables *eclusion, Transaction *trans); + + bool executeOperatorAt(Transaction *trasn, const std::string &key, + std::string value, std::shared_ptr rm); + + static void updateMatchedVars(Transaction *trasn, const std::string &key, + const std::string &value); + static void cleanMatchedVars(Transaction *trasn); + + inline bool isUnconditional() const { return m_operator == NULL; } + + std::string getOperatorName() const; + + virtual std::string getReference() override { + return std::to_string(m_ruleId); + } + + std::unique_ptr m_chainedRuleChild; + Rule *m_chainedRuleParent; + + private: + modsecurity::variables::Variables *m_variables; + operators::Operator *m_operator; + bool m_unconditional:1; - - - }; } // namespace modsecurity diff --git a/src/actions/accuracy.cc b/src/actions/accuracy.cc index b02d2130..58a26f37 100644 --- a/src/actions/accuracy.cc +++ b/src/actions/accuracy.cc @@ -39,7 +39,7 @@ bool Accuracy::init(std::string *error) { } -bool Accuracy::evaluate(Rule *rule, Transaction *transaction) { +bool Accuracy::evaluate(RuleWithActions *rule, Transaction *transaction) { rule->m_accuracy = m_accuracy; return true; } diff --git a/src/actions/accuracy.h b/src/actions/accuracy.h index da7b9588..761a0bcc 100644 --- a/src/actions/accuracy.h +++ b/src/actions/accuracy.h @@ -33,7 +33,7 @@ class Accuracy : public Action { : Action(action, ConfigurationKind), m_accuracy(0) { } - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; private: diff --git a/src/actions/action.cc b/src/actions/action.cc index e07a3b0a..8a2409d1 100644 --- a/src/actions/action.cc +++ b/src/actions/action.cc @@ -51,7 +51,7 @@ std::string Action::evaluate(const std::string &value, } -bool Action::evaluate(Rule *rule, Transaction *transaction) { +bool Action::evaluate(RuleWithActions *rule, Transaction *transaction) { return true; } diff --git a/src/actions/audit_log.cc b/src/actions/audit_log.cc index 6be014e0..e0af6a74 100644 --- a/src/actions/audit_log.cc +++ b/src/actions/audit_log.cc @@ -27,7 +27,7 @@ namespace modsecurity { namespace actions { -bool AuditLog::evaluate(Rule *rule, Transaction *transaction, +bool AuditLog::evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) { rm->m_noAuditLog = false; ms_dbg_a(transaction, 9, "Saving transaction to logs"); diff --git a/src/actions/audit_log.h b/src/actions/audit_log.h index 10e37200..c0b3b849 100644 --- a/src/actions/audit_log.h +++ b/src/actions/audit_log.h @@ -35,7 +35,7 @@ class AuditLog : public Action { explicit AuditLog(const std::string &action) : Action(action, RunTimeOnlyIfMatchKind) { } - bool evaluate(Rule *rule, Transaction *transaction, + bool evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) override; }; diff --git a/src/actions/block.cc b/src/actions/block.cc index a32b03b2..df1a23ab 100644 --- a/src/actions/block.cc +++ b/src/actions/block.cc @@ -29,7 +29,7 @@ namespace modsecurity { namespace actions { -bool Block::evaluate(Rule *rule, Transaction *transaction, +bool Block::evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) { ms_dbg_a(transaction, 8, "Marking request as disruptive."); diff --git a/src/actions/block.h b/src/actions/block.h index 83439c62..b5f33b47 100644 --- a/src/actions/block.h +++ b/src/actions/block.h @@ -35,7 +35,7 @@ class Block : public Action { public: explicit Block(const std::string &action) : Action(action) { } - bool evaluate(Rule *rule, Transaction *transaction, + bool evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) override; }; diff --git a/src/actions/capture.cc b/src/actions/capture.cc index 222143ae..966b240d 100644 --- a/src/actions/capture.cc +++ b/src/actions/capture.cc @@ -32,7 +32,7 @@ namespace modsecurity { namespace actions { -bool Capture::evaluate(Rule *rule, Transaction *transaction) { +bool Capture::evaluate(RuleWithActions *rule, Transaction *transaction) { return true; } diff --git a/src/actions/capture.h b/src/actions/capture.h index f0ebf9b0..20ea1de9 100644 --- a/src/actions/capture.h +++ b/src/actions/capture.h @@ -31,7 +31,7 @@ class Capture : public Action { explicit Capture(const std::string &action) : Action(action, RunTimeOnlyIfMatchKind) { } - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; }; diff --git a/src/actions/chain.cc b/src/actions/chain.cc index 73b54c85..06419c34 100644 --- a/src/actions/chain.cc +++ b/src/actions/chain.cc @@ -25,7 +25,7 @@ namespace modsecurity { namespace actions { -bool Chain::evaluate(Rule *rule, Transaction *transaction) { +bool Chain::evaluate(RuleWithActions *rule, Transaction *transaction) { rule->setChained(true); return true; } diff --git a/src/actions/chain.h b/src/actions/chain.h index 15725239..411e95e4 100644 --- a/src/actions/chain.h +++ b/src/actions/chain.h @@ -35,7 +35,7 @@ class Chain : public Action { explicit Chain(const std::string &action) : Action(action, ConfigurationKind) { } - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; }; } // namespace actions diff --git a/src/actions/ctl/audit_log_parts.cc b/src/actions/ctl/audit_log_parts.cc index 267e7d1a..2a8d7f01 100644 --- a/src/actions/ctl/audit_log_parts.cc +++ b/src/actions/ctl/audit_log_parts.cc @@ -38,7 +38,7 @@ bool AuditLogParts::init(std::string *error) { return true; } -bool AuditLogParts::evaluate(Rule *rule, Transaction *transaction) { +bool AuditLogParts::evaluate(RuleWithActions *rule, Transaction *transaction) { transaction->m_auditLogModifier.push_back( std::make_pair(mPartsAction, mParts)); return true; diff --git a/src/actions/ctl/audit_log_parts.h b/src/actions/ctl/audit_log_parts.h index 829f8c31..6638fa0f 100644 --- a/src/actions/ctl/audit_log_parts.h +++ b/src/actions/ctl/audit_log_parts.h @@ -33,7 +33,7 @@ class AuditLogParts : public Action { mPartsAction(0), mParts("") { } - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; protected: diff --git a/src/actions/ctl/request_body_access.cc b/src/actions/ctl/request_body_access.cc index 1527c495..5f7edc25 100644 --- a/src/actions/ctl/request_body_access.cc +++ b/src/actions/ctl/request_body_access.cc @@ -42,7 +42,7 @@ bool RequestBodyAccess::init(std::string *error) { return true; } -bool RequestBodyAccess::evaluate(Rule *rule, Transaction *transaction) { +bool RequestBodyAccess::evaluate(RuleWithActions *rule, Transaction *transaction) { if (m_request_body_access) { transaction->m_requestBodyAccess = RulesSetProperties::TrueConfigBoolean; } else { diff --git a/src/actions/ctl/request_body_access.h b/src/actions/ctl/request_body_access.h index 8cdef577..4bbd8f68 100644 --- a/src/actions/ctl/request_body_access.h +++ b/src/actions/ctl/request_body_access.h @@ -34,7 +34,7 @@ class RequestBodyAccess : public Action { m_request_body_access(false) { } bool init(std::string *error) override; - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; bool m_request_body_access; }; diff --git a/src/actions/ctl/request_body_processor_json.cc b/src/actions/ctl/request_body_processor_json.cc index f8cb0b1c..a80c4ede 100644 --- a/src/actions/ctl/request_body_processor_json.cc +++ b/src/actions/ctl/request_body_processor_json.cc @@ -25,7 +25,7 @@ namespace actions { namespace ctl { -bool RequestBodyProcessorJSON::evaluate(Rule *rule, +bool RequestBodyProcessorJSON::evaluate(RuleWithActions *rule, Transaction *transaction) { transaction->m_requestBodyProcessor = Transaction::JSONRequestBody; transaction->m_variableReqbodyProcessor.set("JSON", diff --git a/src/actions/ctl/request_body_processor_json.h b/src/actions/ctl/request_body_processor_json.h index 7e9c997b..42a63723 100644 --- a/src/actions/ctl/request_body_processor_json.h +++ b/src/actions/ctl/request_body_processor_json.h @@ -31,7 +31,7 @@ class RequestBodyProcessorJSON : public Action { explicit RequestBodyProcessorJSON(const std::string &action) : Action(action, RunTimeOnlyIfMatchKind) { } - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; }; diff --git a/src/actions/ctl/request_body_processor_urlencoded.cc b/src/actions/ctl/request_body_processor_urlencoded.cc index cd67eeb7..222970e7 100644 --- a/src/actions/ctl/request_body_processor_urlencoded.cc +++ b/src/actions/ctl/request_body_processor_urlencoded.cc @@ -25,7 +25,7 @@ namespace actions { namespace ctl { -bool RequestBodyProcessorURLENCODED::evaluate(Rule *rule, +bool RequestBodyProcessorURLENCODED::evaluate(RuleWithActions *rule, Transaction *transaction) { transaction->m_requestBodyType = Transaction::WWWFormUrlEncoded; transaction->m_variableReqbodyProcessor.set("URLENCODED", diff --git a/src/actions/ctl/request_body_processor_urlencoded.h b/src/actions/ctl/request_body_processor_urlencoded.h index 24aacdc7..05648815 100644 --- a/src/actions/ctl/request_body_processor_urlencoded.h +++ b/src/actions/ctl/request_body_processor_urlencoded.h @@ -31,7 +31,7 @@ class RequestBodyProcessorURLENCODED : public Action { explicit RequestBodyProcessorURLENCODED(const std::string &action) : Action(action, RunTimeOnlyIfMatchKind) { } - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; }; diff --git a/src/actions/ctl/request_body_processor_xml.cc b/src/actions/ctl/request_body_processor_xml.cc index a3711751..4876c20b 100644 --- a/src/actions/ctl/request_body_processor_xml.cc +++ b/src/actions/ctl/request_body_processor_xml.cc @@ -25,7 +25,7 @@ namespace actions { namespace ctl { -bool RequestBodyProcessorXML::evaluate(Rule *rule, +bool RequestBodyProcessorXML::evaluate(RuleWithActions *rule, Transaction *transaction) { transaction->m_requestBodyProcessor = Transaction::XMLRequestBody; transaction->m_variableReqbodyProcessor.set("XML", diff --git a/src/actions/ctl/request_body_processor_xml.h b/src/actions/ctl/request_body_processor_xml.h index 0d33e8c9..509c0f74 100644 --- a/src/actions/ctl/request_body_processor_xml.h +++ b/src/actions/ctl/request_body_processor_xml.h @@ -31,7 +31,7 @@ class RequestBodyProcessorXML : public Action { explicit RequestBodyProcessorXML(const std::string &action) : Action(action, RunTimeOnlyIfMatchKind) { } - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; }; diff --git a/src/actions/ctl/rule_engine.cc b/src/actions/ctl/rule_engine.cc index c682621f..10f1b2e8 100644 --- a/src/actions/ctl/rule_engine.cc +++ b/src/actions/ctl/rule_engine.cc @@ -45,7 +45,7 @@ bool RuleEngine::init(std::string *error) { return true; } -bool RuleEngine::evaluate(Rule *rule, Transaction *transaction) { +bool RuleEngine::evaluate(RuleWithActions *rule, Transaction *transaction) { std::stringstream a; a << "Setting SecRuleEngine to "; a << modsecurity::RulesSetProperties::ruleEngineStateString(m_ruleEngine); diff --git a/src/actions/ctl/rule_engine.h b/src/actions/ctl/rule_engine.h index 6456b6fe..304389bd 100644 --- a/src/actions/ctl/rule_engine.h +++ b/src/actions/ctl/rule_engine.h @@ -35,7 +35,7 @@ class RuleEngine : public Action { m_ruleEngine(RulesSetProperties::PropertyNotSetRuleEngine) { } bool init(std::string *error) override; - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; RulesSetProperties::RuleEngine m_ruleEngine; }; diff --git a/src/actions/ctl/rule_remove_by_id.cc b/src/actions/ctl/rule_remove_by_id.cc index a59d1ecb..431a7a9c 100644 --- a/src/actions/ctl/rule_remove_by_id.cc +++ b/src/actions/ctl/rule_remove_by_id.cc @@ -83,7 +83,7 @@ bool RuleRemoveById::init(std::string *error) { return false; } -bool RuleRemoveById::evaluate(Rule *rule, Transaction *transaction) { +bool RuleRemoveById::evaluate(RuleWithActions *rule, Transaction *transaction) { for (auto &i : m_ids) { transaction->m_ruleRemoveById.push_back(i); } diff --git a/src/actions/ctl/rule_remove_by_id.h b/src/actions/ctl/rule_remove_by_id.h index 260005b7..7af416a6 100644 --- a/src/actions/ctl/rule_remove_by_id.h +++ b/src/actions/ctl/rule_remove_by_id.h @@ -33,7 +33,7 @@ class RuleRemoveById : public Action { : Action(action, RunTimeOnlyIfMatchKind) { } bool init(std::string *error) override; - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; std::list > m_ranges; std::list m_ids; diff --git a/src/actions/ctl/rule_remove_by_tag.cc b/src/actions/ctl/rule_remove_by_tag.cc index 62da0dae..c6c9ffe0 100644 --- a/src/actions/ctl/rule_remove_by_tag.cc +++ b/src/actions/ctl/rule_remove_by_tag.cc @@ -32,7 +32,7 @@ bool RuleRemoveByTag::init(std::string *error) { return true; } -bool RuleRemoveByTag::evaluate(Rule *rule, Transaction *transaction) { +bool RuleRemoveByTag::evaluate(RuleWithActions *rule, Transaction *transaction) { transaction->m_ruleRemoveByTag.push_back(m_tag); return true; } diff --git a/src/actions/ctl/rule_remove_by_tag.h b/src/actions/ctl/rule_remove_by_tag.h index 24bbb37d..bd38ec03 100644 --- a/src/actions/ctl/rule_remove_by_tag.h +++ b/src/actions/ctl/rule_remove_by_tag.h @@ -34,7 +34,7 @@ class RuleRemoveByTag : public Action { m_tag("") { } bool init(std::string *error) override; - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; std::string m_tag; }; diff --git a/src/actions/ctl/rule_remove_target_by_id.cc b/src/actions/ctl/rule_remove_target_by_id.cc index 88f71636..233a0ae0 100644 --- a/src/actions/ctl/rule_remove_target_by_id.cc +++ b/src/actions/ctl/rule_remove_target_by_id.cc @@ -51,7 +51,7 @@ bool RuleRemoveTargetById::init(std::string *error) { return true; } -bool RuleRemoveTargetById::evaluate(Rule *rule, Transaction *transaction) { +bool RuleRemoveTargetById::evaluate(RuleWithActions *rule, Transaction *transaction) { transaction->m_ruleRemoveTargetById.push_back( std::make_pair(m_id, m_target)); return true; diff --git a/src/actions/ctl/rule_remove_target_by_id.h b/src/actions/ctl/rule_remove_target_by_id.h index 21684409..e001c288 100644 --- a/src/actions/ctl/rule_remove_target_by_id.h +++ b/src/actions/ctl/rule_remove_target_by_id.h @@ -35,7 +35,7 @@ class RuleRemoveTargetById : public Action { m_target("") { } bool init(std::string *error) override; - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; int m_id; std::string m_target; diff --git a/src/actions/ctl/rule_remove_target_by_tag.cc b/src/actions/ctl/rule_remove_target_by_tag.cc index 5fdd79ee..25ec2ca8 100644 --- a/src/actions/ctl/rule_remove_target_by_tag.cc +++ b/src/actions/ctl/rule_remove_target_by_tag.cc @@ -44,7 +44,7 @@ bool RuleRemoveTargetByTag::init(std::string *error) { return true; } -bool RuleRemoveTargetByTag::evaluate(Rule *rule, Transaction *transaction) { +bool RuleRemoveTargetByTag::evaluate(RuleWithActions *rule, Transaction *transaction) { transaction->m_ruleRemoveTargetByTag.push_back( std::make_pair(m_tag, m_target)); return true; diff --git a/src/actions/ctl/rule_remove_target_by_tag.h b/src/actions/ctl/rule_remove_target_by_tag.h index d1f6ed37..2a23a34e 100644 --- a/src/actions/ctl/rule_remove_target_by_tag.h +++ b/src/actions/ctl/rule_remove_target_by_tag.h @@ -33,7 +33,7 @@ class RuleRemoveTargetByTag : public Action { : Action(action, RunTimeOnlyIfMatchKind) { } bool init(std::string *error) override; - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; std::string m_tag; std::string m_target; diff --git a/src/actions/data/status.cc b/src/actions/data/status.cc index 44cb3aaf..1317b1d3 100644 --- a/src/actions/data/status.cc +++ b/src/actions/data/status.cc @@ -38,7 +38,7 @@ bool Status::init(std::string *error) { } -bool Status::evaluate(Rule *rule, Transaction *transaction, +bool Status::evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) { transaction->m_it.status = m_status; return true; diff --git a/src/actions/data/status.h b/src/actions/data/status.h index 4fdb6c41..214cbcff 100644 --- a/src/actions/data/status.h +++ b/src/actions/data/status.h @@ -37,7 +37,7 @@ class Status : public Action { m_status(0) { } bool init(std::string *error) override; - bool evaluate(Rule *rule, Transaction *transaction, + bool evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) override; int m_status; diff --git a/src/actions/disruptive/allow.cc b/src/actions/disruptive/allow.cc index f715e3c6..3a360b55 100644 --- a/src/actions/disruptive/allow.cc +++ b/src/actions/disruptive/allow.cc @@ -49,7 +49,7 @@ bool Allow::init(std::string *error) { } -bool Allow::evaluate(Rule *rule, Transaction *transaction) { +bool Allow::evaluate(RuleWithActions *rule, Transaction *transaction) { ms_dbg_a(transaction, 4, "Dropping the evaluation of upcoming rules " \ "in favor of an `allow' action of type: " \ + allowTypeToName(m_allowType)); diff --git a/src/actions/disruptive/allow.h b/src/actions/disruptive/allow.h index 17c916b8..11f68cab 100644 --- a/src/actions/disruptive/allow.h +++ b/src/actions/disruptive/allow.h @@ -59,7 +59,7 @@ class Allow : public Action { bool init(std::string *error) override; - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; bool isDisruptive() override { return true; } AllowType m_allowType; diff --git a/src/actions/disruptive/deny.cc b/src/actions/disruptive/deny.cc index 7b5960a7..40572ede 100644 --- a/src/actions/disruptive/deny.cc +++ b/src/actions/disruptive/deny.cc @@ -28,7 +28,7 @@ namespace actions { namespace disruptive { -bool Deny::evaluate(Rule *rule, Transaction *transaction, +bool Deny::evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) { ms_dbg_a(transaction, 8, "Running action deny"); diff --git a/src/actions/disruptive/deny.h b/src/actions/disruptive/deny.h index 3f9cfb48..4e72ba17 100644 --- a/src/actions/disruptive/deny.h +++ b/src/actions/disruptive/deny.h @@ -33,7 +33,7 @@ class Deny : public Action { public: explicit Deny(const std::string &action) : Action(action) { } - bool evaluate(Rule *rule, Transaction *transaction, + bool evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) override; bool isDisruptive() override { return true; } }; diff --git a/src/actions/disruptive/drop.cc b/src/actions/disruptive/drop.cc index b9d4ae09..097bd568 100644 --- a/src/actions/disruptive/drop.cc +++ b/src/actions/disruptive/drop.cc @@ -32,7 +32,7 @@ namespace actions { namespace disruptive { -bool Drop::evaluate(Rule *rule, Transaction *transaction, +bool Drop::evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) { ms_dbg_a(transaction, 8, "Running action drop " \ "[executing deny instead of drop.]"); diff --git a/src/actions/disruptive/drop.h b/src/actions/disruptive/drop.h index 05f817a3..2da823c8 100644 --- a/src/actions/disruptive/drop.h +++ b/src/actions/disruptive/drop.h @@ -32,7 +32,7 @@ class Drop : public Action { public: explicit Drop(const std::string &action) : Action(action) { } - bool evaluate(Rule *rule, Transaction *transaction, + bool evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) override; bool isDisruptive() override { return true; } }; diff --git a/src/actions/disruptive/pass.cc b/src/actions/disruptive/pass.cc index 6634607c..4b4c8fad 100644 --- a/src/actions/disruptive/pass.cc +++ b/src/actions/disruptive/pass.cc @@ -29,7 +29,7 @@ namespace actions { namespace disruptive { -bool Pass::evaluate(Rule *rule, Transaction *transaction, +bool Pass::evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) { intervention::free(&transaction->m_it); intervention::reset(&transaction->m_it); diff --git a/src/actions/disruptive/pass.h b/src/actions/disruptive/pass.h index 3f63a9cf..dc1f6a58 100644 --- a/src/actions/disruptive/pass.h +++ b/src/actions/disruptive/pass.h @@ -31,7 +31,7 @@ class Pass : public Action { public: explicit Pass(const std::string &action) : Action(action) { } - bool evaluate(Rule *rule, Transaction *transaction, + bool evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) override; bool isDisruptive() override { return true; } }; diff --git a/src/actions/disruptive/redirect.cc b/src/actions/disruptive/redirect.cc index a1789357..07ac2625 100644 --- a/src/actions/disruptive/redirect.cc +++ b/src/actions/disruptive/redirect.cc @@ -34,7 +34,7 @@ bool Redirect::init(std::string *error) { } -bool Redirect::evaluate(Rule *rule, Transaction *transaction, +bool Redirect::evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) { std::string m_urlExpanded(m_string->evaluate(transaction)); /* if it was changed before, lets keep it. */ diff --git a/src/actions/disruptive/redirect.h b/src/actions/disruptive/redirect.h index c4430b8b..69889541 100644 --- a/src/actions/disruptive/redirect.h +++ b/src/actions/disruptive/redirect.h @@ -46,7 +46,7 @@ class Redirect : public Action { m_status(0), m_string(std::move(z)) { } - bool evaluate(Rule *rule, Transaction *transaction, + bool evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) override; bool init(std::string *error) override; bool isDisruptive() override { return true; } diff --git a/src/actions/exec.cc b/src/actions/exec.cc index a7aae656..93cc5ff2 100644 --- a/src/actions/exec.cc +++ b/src/actions/exec.cc @@ -49,7 +49,7 @@ bool Exec::init(std::string *error) { } -bool Exec::evaluate(Rule *rule, Transaction *t) { +bool Exec::evaluate(RuleWithActions *rule, Transaction *t) { ms_dbg_a(t, 8, "Running script... " + m_script); m_lua.run(t); return true; diff --git a/src/actions/exec.h b/src/actions/exec.h index 3687084d..42537d03 100644 --- a/src/actions/exec.h +++ b/src/actions/exec.h @@ -36,7 +36,7 @@ class Exec : public Action { ~Exec() { } - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; private: diff --git a/src/actions/init_col.cc b/src/actions/init_col.cc index e4cb303f..24608450 100644 --- a/src/actions/init_col.cc +++ b/src/actions/init_col.cc @@ -54,7 +54,7 @@ bool InitCol::init(std::string *error) { } -bool InitCol::evaluate(Rule *rule, Transaction *t) { +bool InitCol::evaluate(RuleWithActions *rule, Transaction *t) { std::string collectionName(m_string->evaluate(t)); if (m_collection_key == "ip") { diff --git a/src/actions/init_col.h b/src/actions/init_col.h index b629720e..a7086204 100644 --- a/src/actions/init_col.h +++ b/src/actions/init_col.h @@ -38,7 +38,7 @@ class InitCol : public Action { : Action(action, RunTimeOnlyIfMatchKind), m_string(std::move(z)) { } - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; private: std::string m_collection_key; diff --git a/src/actions/log.cc b/src/actions/log.cc index 9db16ba9..320c0bf4 100644 --- a/src/actions/log.cc +++ b/src/actions/log.cc @@ -28,7 +28,7 @@ namespace modsecurity { namespace actions { -bool Log::evaluate(Rule *rule, Transaction *transaction, +bool Log::evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) { ms_dbg_a(transaction, 9, "Saving transaction to logs"); rm->m_saveMessage = true; diff --git a/src/actions/log.h b/src/actions/log.h index 7bac4763..07726ad9 100644 --- a/src/actions/log.h +++ b/src/actions/log.h @@ -33,7 +33,7 @@ class Log : public Action { explicit Log(const std::string &action) : Action(action, RunTimeOnlyIfMatchKind) { } - bool evaluate(Rule *rule, Transaction *transaction, + bool evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) override; }; diff --git a/src/actions/log_data.cc b/src/actions/log_data.cc index 53a91dcf..359dd299 100644 --- a/src/actions/log_data.cc +++ b/src/actions/log_data.cc @@ -29,7 +29,7 @@ namespace modsecurity { namespace actions { -bool LogData::evaluate(Rule *rule, Transaction *transaction, +bool LogData::evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) { rm->m_data = data(transaction); diff --git a/src/actions/log_data.h b/src/actions/log_data.h index c15729e7..486d826b 100644 --- a/src/actions/log_data.h +++ b/src/actions/log_data.h @@ -39,7 +39,7 @@ class LogData : public Action { : Action("logdata", RunTimeOnlyIfMatchKind), m_string(std::move(z)) { } - bool evaluate(Rule *rule, Transaction *transaction, + bool evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) override; std::string data(Transaction *Transaction); diff --git a/src/actions/maturity.cc b/src/actions/maturity.cc index 15795f6e..b601208d 100644 --- a/src/actions/maturity.cc +++ b/src/actions/maturity.cc @@ -39,7 +39,7 @@ bool Maturity::init(std::string *error) { } -bool Maturity::evaluate(Rule *rule, Transaction *transaction) { +bool Maturity::evaluate(RuleWithActions *rule, Transaction *transaction) { rule->m_maturity = m_maturity; return true; } diff --git a/src/actions/maturity.h b/src/actions/maturity.h index 1f45a3ea..4fa5a5ed 100644 --- a/src/actions/maturity.h +++ b/src/actions/maturity.h @@ -33,7 +33,7 @@ class Maturity : public Action { : Action(action, ConfigurationKind), m_maturity(0) { } - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; private: diff --git a/src/actions/msg.cc b/src/actions/msg.cc index c3b91ffe..c553b1d6 100644 --- a/src/actions/msg.cc +++ b/src/actions/msg.cc @@ -46,7 +46,7 @@ namespace modsecurity { namespace actions { -bool Msg::evaluate(Rule *rule, Transaction *transaction, +bool Msg::evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) { std::string msg = data(transaction); rm->m_message = msg; diff --git a/src/actions/msg.h b/src/actions/msg.h index 367e945e..8f6ad06f 100644 --- a/src/actions/msg.h +++ b/src/actions/msg.h @@ -40,7 +40,7 @@ class Msg : public Action { : Action("msg", RunTimeOnlyIfMatchKind), m_string(std::move(z)) { } - bool evaluate(Rule *rule, Transaction *transaction, + bool evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) override; std::string data(Transaction *Transaction); diff --git a/src/actions/multi_match.cc b/src/actions/multi_match.cc index b10324af..71189c2c 100644 --- a/src/actions/multi_match.cc +++ b/src/actions/multi_match.cc @@ -25,7 +25,7 @@ namespace modsecurity { namespace actions { -bool MultiMatch::evaluate(Rule *rule, Transaction *transaction) { +bool MultiMatch::evaluate(RuleWithActions *rule, Transaction *transaction) { return true; } diff --git a/src/actions/multi_match.h b/src/actions/multi_match.h index 6571149c..f28c2c1b 100644 --- a/src/actions/multi_match.h +++ b/src/actions/multi_match.h @@ -35,7 +35,7 @@ class MultiMatch : public Action { explicit MultiMatch(const std::string &action) : Action(action, RunTimeOnlyIfMatchKind) { } - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; }; } // namespace actions diff --git a/src/actions/no_audit_log.cc b/src/actions/no_audit_log.cc index ae5e8adb..ef5d8bb2 100644 --- a/src/actions/no_audit_log.cc +++ b/src/actions/no_audit_log.cc @@ -26,7 +26,7 @@ namespace modsecurity { namespace actions { -bool NoAuditLog::evaluate(Rule *rule, Transaction *transaction, +bool NoAuditLog::evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) { rm->m_noAuditLog = true; rm->m_saveMessage = false; diff --git a/src/actions/no_audit_log.h b/src/actions/no_audit_log.h index 6b4c0b68..fbcac6d6 100644 --- a/src/actions/no_audit_log.h +++ b/src/actions/no_audit_log.h @@ -35,7 +35,7 @@ class NoAuditLog : public Action { explicit NoAuditLog(const std::string &action) : Action(action, RunTimeOnlyIfMatchKind) { } - bool evaluate(Rule *rule, Transaction *transaction, + bool evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) override; }; diff --git a/src/actions/no_log.cc b/src/actions/no_log.cc index 275343bf..4b282406 100644 --- a/src/actions/no_log.cc +++ b/src/actions/no_log.cc @@ -29,7 +29,7 @@ namespace modsecurity { namespace actions { -bool NoLog::evaluate(Rule *rule, Transaction *transaction, +bool NoLog::evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) { rm->m_saveMessage = false; return true; diff --git a/src/actions/no_log.h b/src/actions/no_log.h index d0df6bef..78e1892d 100644 --- a/src/actions/no_log.h +++ b/src/actions/no_log.h @@ -33,7 +33,7 @@ class NoLog : public Action { explicit NoLog(const std::string &action) : Action(action, RunTimeOnlyIfMatchKind) { } - bool evaluate(Rule *rule, Transaction *transaction, + bool evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) override; }; diff --git a/src/actions/phase.cc b/src/actions/phase.cc index 2633f82d..d82cbe02 100644 --- a/src/actions/phase.cc +++ b/src/actions/phase.cc @@ -72,7 +72,7 @@ bool Phase::init(std::string *error) { } -bool Phase::evaluate(Rule *rule, Transaction *transaction) { +bool Phase::evaluate(RuleWithActions *rule, Transaction *transaction) { rule->setPhase(m_phase); return true; } diff --git a/src/actions/phase.h b/src/actions/phase.h index 94647c07..7811851f 100644 --- a/src/actions/phase.h +++ b/src/actions/phase.h @@ -37,7 +37,7 @@ class Phase : public Action { m_secRulesPhase(0) { } bool init(std::string *error) override; - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; int m_phase; int m_secRulesPhase; diff --git a/src/actions/rev.cc b/src/actions/rev.cc index 1cc11bf5..7d886b96 100644 --- a/src/actions/rev.cc +++ b/src/actions/rev.cc @@ -33,7 +33,7 @@ bool Rev::init(std::string *error) { } -bool Rev::evaluate(Rule *rule, Transaction *transaction) { +bool Rev::evaluate(RuleWithActions *rule, Transaction *transaction) { rule->m_rev = m_rev; return true; } diff --git a/src/actions/rev.h b/src/actions/rev.h index 7302c49f..feb1012d 100644 --- a/src/actions/rev.h +++ b/src/actions/rev.h @@ -31,7 +31,7 @@ class Rev : public Action { public: explicit Rev(const std::string &action) : Action(action, ConfigurationKind) { } - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; private: diff --git a/src/actions/rule_id.cc b/src/actions/rule_id.cc index 048e650f..a5b64612 100644 --- a/src/actions/rule_id.cc +++ b/src/actions/rule_id.cc @@ -48,7 +48,7 @@ bool RuleId::init(std::string *error) { } -bool RuleId::evaluate(Rule *rule, Transaction *transaction) { +bool RuleId::evaluate(RuleWithActions *rule, Transaction *transaction) { rule->m_ruleId = m_ruleId; return true; } diff --git a/src/actions/rule_id.h b/src/actions/rule_id.h index 3fa321f4..3e815e74 100644 --- a/src/actions/rule_id.h +++ b/src/actions/rule_id.h @@ -37,7 +37,7 @@ class RuleId : public Action { m_ruleId(0) { } bool init(std::string *error) override; - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; private: double m_ruleId; diff --git a/src/actions/set_env.cc b/src/actions/set_env.cc index 2f6a5793..75419163 100644 --- a/src/actions/set_env.cc +++ b/src/actions/set_env.cc @@ -31,7 +31,7 @@ bool SetENV::init(std::string *error) { } -bool SetENV::evaluate(Rule *rule, Transaction *t) { +bool SetENV::evaluate(RuleWithActions *rule, Transaction *t) { std::string colNameExpanded(m_string->evaluate(t)); ms_dbg_a(t, 8, "Setting envoriment variable: " diff --git a/src/actions/set_env.h b/src/actions/set_env.h index 57231d56..fcfc411f 100644 --- a/src/actions/set_env.h +++ b/src/actions/set_env.h @@ -39,7 +39,7 @@ class SetENV : public Action { : Action("setenv", RunTimeOnlyIfMatchKind), m_string(std::move(z)) { } - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; private: diff --git a/src/actions/set_rsc.cc b/src/actions/set_rsc.cc index d42a9a45..34db37b2 100644 --- a/src/actions/set_rsc.cc +++ b/src/actions/set_rsc.cc @@ -31,7 +31,7 @@ bool SetRSC::init(std::string *error) { } -bool SetRSC::evaluate(Rule *rule, Transaction *t) { +bool SetRSC::evaluate(RuleWithActions *rule, Transaction *t) { std::string colNameExpanded(m_string->evaluate(t)); ms_dbg_a(t, 8, "RESOURCE initiated with value: \'" + colNameExpanded + "\'."); diff --git a/src/actions/set_rsc.h b/src/actions/set_rsc.h index fd6c334a..013e0662 100644 --- a/src/actions/set_rsc.h +++ b/src/actions/set_rsc.h @@ -39,7 +39,7 @@ class SetRSC : public Action { : Action("setsrc", RunTimeOnlyIfMatchKind), m_string(std::move(z)) { } - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; private: diff --git a/src/actions/set_sid.cc b/src/actions/set_sid.cc index 3f0f5c03..e4c53111 100644 --- a/src/actions/set_sid.cc +++ b/src/actions/set_sid.cc @@ -31,7 +31,7 @@ bool SetSID::init(std::string *error) { } -bool SetSID::evaluate(Rule *rule, Transaction *t) { +bool SetSID::evaluate(RuleWithActions *rule, Transaction *t) { std::string colNameExpanded(m_string->evaluate(t)); ms_dbg_a(t, 8, "Session ID initiated with value: \'" + colNameExpanded + "\'."); diff --git a/src/actions/set_sid.h b/src/actions/set_sid.h index 8920da65..c8353854 100644 --- a/src/actions/set_sid.h +++ b/src/actions/set_sid.h @@ -39,7 +39,7 @@ class SetSID : public Action { : Action("setsid", RunTimeOnlyIfMatchKind), m_string(std::move(z)) { } - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; private: diff --git a/src/actions/set_uid.cc b/src/actions/set_uid.cc index 5d3315ad..90de7e47 100644 --- a/src/actions/set_uid.cc +++ b/src/actions/set_uid.cc @@ -31,7 +31,7 @@ bool SetUID::init(std::string *error) { } -bool SetUID::evaluate(Rule *rule, Transaction *t) { +bool SetUID::evaluate(RuleWithActions *rule, Transaction *t) { std::string colNameExpanded(m_string->evaluate(t)); ms_dbg_a(t, 8, "User collection initiated with value: \'" + colNameExpanded + "\'."); diff --git a/src/actions/set_uid.h b/src/actions/set_uid.h index 62476aa4..b2f341a6 100644 --- a/src/actions/set_uid.h +++ b/src/actions/set_uid.h @@ -39,7 +39,7 @@ class SetUID : public Action { : Action("setuid", RunTimeOnlyIfMatchKind), m_string(std::move(z)) { } - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; private: diff --git a/src/actions/set_var.cc b/src/actions/set_var.cc index 5d26835b..4cd57fe9 100644 --- a/src/actions/set_var.cc +++ b/src/actions/set_var.cc @@ -40,7 +40,7 @@ bool SetVar::init(std::string *error) { } -bool SetVar::evaluate(Rule *rule, Transaction *t) { +bool SetVar::evaluate(RuleWithActions *rule, Transaction *t) { std::string targetValue; std::string resolvedPre; @@ -112,7 +112,8 @@ bool SetVar::evaluate(Rule *rule, Transaction *t) { try { std::vector l; - m_variable->evaluate(t, rule, &l); + Rule *rr = dynamic_cast(rule); + m_variable->evaluate(t, rr, &l); if (l.size() == 0) { value = 0; } else { diff --git a/src/actions/set_var.h b/src/actions/set_var.h index fe3cbaa9..de3fb98b 100644 --- a/src/actions/set_var.h +++ b/src/actions/set_var.h @@ -58,7 +58,7 @@ class SetVar : public Action { m_operation(operation), m_variable(std::move(variable)) { } - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; private: diff --git a/src/actions/severity.cc b/src/actions/severity.cc index a88af7c8..f7db6bbd 100644 --- a/src/actions/severity.cc +++ b/src/actions/severity.cc @@ -71,7 +71,7 @@ bool Severity::init(std::string *error) { } -bool Severity::evaluate(Rule *rule, Transaction *transaction, +bool Severity::evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) { ms_dbg_a(transaction, 9, "This rule severity is: " + \ std::to_string(this->m_severity) + " current transaction is: " + \ diff --git a/src/actions/severity.h b/src/actions/severity.h index 63dafc54..b9cd8120 100644 --- a/src/actions/severity.h +++ b/src/actions/severity.h @@ -35,7 +35,7 @@ class Severity : public Action { : Action(action), m_severity(0) { } - bool evaluate(Rule *rule, Transaction *transaction, + bool evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) override; bool init(std::string *error) override; diff --git a/src/actions/skip.cc b/src/actions/skip.cc index 1a016e9d..1f7d2081 100644 --- a/src/actions/skip.cc +++ b/src/actions/skip.cc @@ -38,7 +38,7 @@ bool Skip::init(std::string *error) { } -bool Skip::evaluate(Rule *rule, Transaction *transaction) { +bool Skip::evaluate(RuleWithActions *rule, Transaction *transaction) { ms_dbg_a(transaction, 5, "Skipping the next " + \ std::to_string(m_skip_next) + " rules."); diff --git a/src/actions/skip.h b/src/actions/skip.h index 1faf9526..97d2c50f 100644 --- a/src/actions/skip.h +++ b/src/actions/skip.h @@ -34,7 +34,7 @@ class Skip : public Action { m_skip_next(0) { } bool init(std::string *error) override; - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; int m_skip_next; }; diff --git a/src/actions/skip_after.cc b/src/actions/skip_after.cc index 4969f1b1..dce03d49 100644 --- a/src/actions/skip_after.cc +++ b/src/actions/skip_after.cc @@ -27,7 +27,7 @@ namespace modsecurity { namespace actions { -bool SkipAfter::evaluate(Rule *rule, Transaction *transaction) { +bool SkipAfter::evaluate(RuleWithActions *rule, Transaction *transaction) { ms_dbg_a(transaction, 5, "Setting skipAfter for: " + *m_skipName); transaction->addMarker(m_skipName); return true; diff --git a/src/actions/skip_after.h b/src/actions/skip_after.h index 24e9f835..8a2148d8 100644 --- a/src/actions/skip_after.h +++ b/src/actions/skip_after.h @@ -34,7 +34,7 @@ class SkipAfter : public Action { : Action(action, RunTimeOnlyIfMatchKind), m_skipName(std::make_shared(m_parser_payload)) { } - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; private: std::shared_ptr m_skipName; }; diff --git a/src/actions/tag.cc b/src/actions/tag.cc index a5802368..3ec06cd1 100644 --- a/src/actions/tag.cc +++ b/src/actions/tag.cc @@ -56,7 +56,7 @@ std::string Tag::getName(Transaction *transaction) { } -bool Tag::evaluate(Rule *rule, Transaction *transaction, +bool Tag::evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) { std::string tag = getName(transaction); ms_dbg_a(transaction, 9, "Rule tag: " + tag); diff --git a/src/actions/tag.h b/src/actions/tag.h index 2d762cde..45d77892 100644 --- a/src/actions/tag.h +++ b/src/actions/tag.h @@ -38,7 +38,7 @@ class Tag : public Action { std::string getName(Transaction *transaction); - bool evaluate(Rule *rule, Transaction *transaction, + bool evaluate(RuleWithActions *rule, Transaction *transaction, std::shared_ptr rm) override; protected: diff --git a/src/actions/ver.cc b/src/actions/ver.cc index da13018e..5b4fd13b 100644 --- a/src/actions/ver.cc +++ b/src/actions/ver.cc @@ -27,7 +27,7 @@ namespace modsecurity { namespace actions { -bool Ver::evaluate(Rule *rule, Transaction *transaction) { +bool Ver::evaluate(RuleWithActions *rule, Transaction *transaction) { rule->m_ver = m_parser_payload; return true; } diff --git a/src/actions/ver.h b/src/actions/ver.h index 25e86186..0108188a 100644 --- a/src/actions/ver.h +++ b/src/actions/ver.h @@ -31,7 +31,7 @@ class Ver : public Action { public: explicit Ver(const std::string &action) : Action(action, ConfigurationKind) { } - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(RuleWithActions *rule, Transaction *transaction) override; private: std::string m_ver; diff --git a/src/actions/xmlns.h b/src/actions/xmlns.h index edb0ac17..9dda7900 100644 --- a/src/actions/xmlns.h +++ b/src/actions/xmlns.h @@ -31,7 +31,7 @@ class XmlNS : public Action { public: explicit XmlNS(const std::string &action) : Action(action) { } - bool evaluate(Rule *rule, Transaction *transaction) override { + bool evaluate(RuleWithActions *rule, Transaction *transaction) override { return true; } diff --git a/src/rule.cc b/src/rule.cc index eaac01c6..11455ea1 100644 --- a/src/rule.cc +++ b/src/rule.cc @@ -51,52 +51,18 @@ using variables::Variable; using actions::transformations::None; using actions::transformations::Transformation; -Rule::Rule(const std::string &marker, - std::unique_ptr fileName, - int lineNumber) - : RuleBase(std::move(fileName), lineNumber), - m_ruleId(0), - m_chainedRuleChild(nullptr), - m_chainedRuleParent(NULL), - m_marker(marker), - m_rev(""), - m_ver(""), - m_accuracy(0), - m_maturity(0), - m_variables(NULL), - m_operator(NULL), - m_disruptiveAction(nullptr), - m_logData(nullptr), - m_msg(nullptr), - m_severity(nullptr), - m_actionsRuntimePos(), - m_actionsSetVar(), - m_actionsTag(), - m_transformations(), - m_containsCaptureAction(false), - m_containsMultiMatchAction(false), - m_containsStaticBlockAction(false), - m_isChained(false), - m_isSecMarker(true), - m_unconditional(false) { } -Rule::Rule(Operator *op, - variables::Variables *variables, - std::vector *actions, +RuleWithActions::RuleWithActions( + Actions *actions, Transformations *transformations, std::unique_ptr fileName, int lineNumber) : RuleBase(std::move(fileName), lineNumber), - m_ruleId(0), - m_chainedRuleChild(nullptr), - m_chainedRuleParent(NULL), - m_marker(""), m_rev(""), m_ver(""), m_accuracy(0), m_maturity(0), - m_variables(variables), - m_operator(op), + m_ruleId(0), m_disruptiveAction(nullptr), m_logData(nullptr), m_msg(nullptr), @@ -108,83 +74,55 @@ Rule::Rule(Operator *op, m_containsCaptureAction(false), m_containsMultiMatchAction(false), m_containsStaticBlockAction(false), - m_isChained(false), - m_isSecMarker(false), - m_unconditional(false) { - - organizeActions(actions); - - delete actions; -} - - -Rule::~Rule() { - if (m_operator != NULL) { - delete m_operator; - } - - cleanUpActions(); - - while (m_variables != NULL && m_variables->empty() == false) { - auto *a = m_variables->back(); - m_variables->pop_back(); - delete a; - } - - if (m_variables != NULL) { - delete m_variables; - } -} - - -void Rule::organizeActions(std::vector *actions) { - if (!actions) { - return; - } - for (Action *a : *actions) { - if (a->action_kind == Action::ConfigurationKind) { - a->evaluate(this, NULL); - delete a; - } else if (a->action_kind == Action::RunTimeOnlyIfMatchKind) { - if (dynamic_cast(a)) { - m_containsCaptureAction = true; + m_isChained(false) { + if (actions) { + for (Action *a : *actions) { + if (a->action_kind == Action::ConfigurationKind) { + a->evaluate(this, NULL); delete a; - } else if (dynamic_cast(a)) { - m_containsMultiMatchAction = true; - delete a; - } else if (dynamic_cast(a)) { - m_severity = dynamic_cast(a); - } else if (dynamic_cast(a)) { - m_logData = dynamic_cast(a); - } else if (dynamic_cast(a)) { - m_msg = dynamic_cast(a); - } else if (dynamic_cast(a)) { - m_actionsSetVar.push_back( - dynamic_cast(a)); - } else if (dynamic_cast(a)) { - m_actionsTag.push_back(dynamic_cast(a)); - } else if (dynamic_cast(a)) { - m_actionsRuntimePos.push_back(a); - m_containsStaticBlockAction = true; - } else if (a->isDisruptive() == true) { - if (m_disruptiveAction != nullptr) { - delete m_disruptiveAction; - m_disruptiveAction = nullptr; + + } else if (a->action_kind == Action::RunTimeOnlyIfMatchKind) { + if (dynamic_cast(a)) { + m_containsCaptureAction = true; + delete a; + } else if (dynamic_cast(a)) { + m_containsMultiMatchAction = true; + delete a; + } else if (dynamic_cast(a)) { + m_severity = dynamic_cast(a); + } else if (dynamic_cast(a)) { + m_logData = dynamic_cast(a); + } else if (dynamic_cast(a)) { + m_msg = dynamic_cast(a); + } else if (dynamic_cast(a)) { + m_actionsSetVar.push_back( + dynamic_cast(a)); + } else if (dynamic_cast(a)) { + m_actionsTag.push_back(dynamic_cast(a)); + } else if (dynamic_cast(a)) { + m_actionsRuntimePos.push_back(a); + m_containsStaticBlockAction = true; + } else if (a->isDisruptive() == true) { + if (m_disruptiveAction != nullptr) { + delete m_disruptiveAction; + m_disruptiveAction = nullptr; + } + m_disruptiveAction = a; + } else { + m_actionsRuntimePos.push_back(a); } - m_disruptiveAction = a; } else { - m_actionsRuntimePos.push_back(a); + delete a; + std::cout << "General failure, action: " << a->m_name; + std::cout << " has an unknown type." << std::endl; + throw; } - } else { - std::cout << "General failure, action: " << a->m_name; - std::cout << " has an unknown type." << std::endl; - delete a; } + delete actions; } } - -void Rule::cleanUpActions() { +RuleWithActions::~RuleWithActions() { if (m_severity) { delete m_severity; m_severity = nullptr; @@ -223,28 +161,7 @@ void Rule::cleanUpActions() { } } - -inline void Rule::updateMatchedVars(Transaction *trans, const std::string &key, - const std::string &value) { - ms_dbg_a(trans, 9, "Matched vars updated."); - trans->m_variableMatchedVar.set(value, trans->m_variableOffset); - trans->m_variableMatchedVarName.set(key, trans->m_variableOffset); - - trans->m_variableMatchedVars.set(key, value, trans->m_variableOffset); - trans->m_variableMatchedVarsNames.set(key, key, trans->m_variableOffset); -} - - -inline void Rule::cleanMatchedVars(Transaction *trans) { - ms_dbg_a(trans, 9, "Matched vars cleaned."); - trans->m_variableMatchedVar.unset(); - trans->m_variableMatchedVars.unset(); - trans->m_variableMatchedVarName.unset(); - trans->m_variableMatchedVarsNames.unset(); -} - - -void Rule::executeActionsIndependentOfChainedRuleResult(Transaction *trans, +void RuleWithActions::executeActionsIndependentOfChainedRuleResult(Transaction *trans, bool *containsBlock, std::shared_ptr ruleMessage) { for (actions::SetVar *a : m_actionsSetVar) { @@ -284,36 +201,7 @@ void Rule::executeActionsIndependentOfChainedRuleResult(Transaction *trans, } -bool Rule::executeOperatorAt(Transaction *trans, const std::string &key, - std::string value, std::shared_ptr ruleMessage) { -#if MSC_EXEC_CLOCK_ENABLED - clock_t begin = clock(); - clock_t end; - double elapsed_s = 0; -#endif - bool ret; - - ms_dbg_a(trans, 9, "Target value: \"" + utils::string::limitTo(80, - utils::string::toHexIfNeeded(value)) \ - + "\" (Variable: " + key + ")"); - - ret = this->m_operator->evaluateInternal(trans, this, value, ruleMessage); - if (ret == false) { - return false; - } - -#if MSC_EXEC_CLOCK_ENABLED - end = clock(); - elapsed_s = static_cast(end - begin) / CLOCKS_PER_SEC; - - ms_dbg_a(trans, 5, "Operator completed in " + \ - std::to_string(elapsed_s) + " seconds"); -#endif - return ret; -} - - -inline void Rule::executeTransformation( +inline void RuleWithActions::executeTransformation( actions::transformations::Transformation *a, std::shared_ptr *value, Transaction *trans, @@ -345,8 +233,7 @@ inline void Rule::executeTransformation( utils::string::limitTo(80, newValue) +"\""); } - -void Rule::executeTransformations( +void RuleWithActions::executeTransformations( Transaction *trans, const std::string &in, TransformationResults &ret) { int none = 0; int transformations = 0; @@ -437,6 +324,146 @@ void Rule::executeTransformations( } } +void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans, + bool containsBlock, std::shared_ptr ruleMessage) { + bool disruptiveAlreadyExecuted = false; + + for (auto &a : trans->m_rules->m_defaultActions[getPhase()]) { + if (a.get()->action_kind != actions::Action::RunTimeOnlyIfMatchKind) { + continue; + } + if (!a.get()->isDisruptive()) { + executeAction(trans, containsBlock, ruleMessage, a.get(), true); + } + } + + for (actions::Tag *a : this->m_actionsTag) { + ms_dbg_a(trans, 4, "Running (non-disruptive) action: " \ + + *a->m_name.get()); + a->evaluate(this, trans, ruleMessage); + } + + for (auto &b : + trans->m_rules->m_exceptions.m_action_pos_update_target_by_id) { + if (m_ruleId != b.first) { + continue; + } + actions::Action *a = dynamic_cast(b.second.get()); + executeAction(trans, containsBlock, ruleMessage, a, false); + disruptiveAlreadyExecuted = true; + } + for (Action *a : this->m_actionsRuntimePos) { + if (!a->isDisruptive() + && !(disruptiveAlreadyExecuted + && dynamic_cast(a))) { + executeAction(trans, containsBlock, ruleMessage, a, false); + } + } + if (!disruptiveAlreadyExecuted && m_disruptiveAction != nullptr) { + executeAction(trans, containsBlock, ruleMessage, + m_disruptiveAction, false); + } +} + +bool RuleWithActions::containsTag(const std::string& name, Transaction *t) { + for (auto &tag : m_actionsTag) { + if (tag != NULL && tag->getName(t) == name) { + return true; + } + } + return false; +} + + +bool RuleWithActions::containsMsg(const std::string& name, Transaction *t) { + return m_msg && m_msg->data(t) == name; +} + +std::string RuleWithActions::logData(Transaction *t) { return m_logData->data(t); } +std::string RuleWithActions::msg(Transaction *t) { return m_msg->data(t); } +int RuleWithActions::severity() const { return m_severity->m_severity; } + + +Rule::Rule(Operator *op, + variables::Variables *_variables, + std::vector *actions, + Transformations *transformations, + std::unique_ptr fileName, + int lineNumber) + : RuleWithActions(actions, transformations, std::move(fileName), lineNumber), + m_chainedRuleChild(nullptr), + m_chainedRuleParent(NULL), + + m_operator(op), + m_variables(_variables), + m_unconditional(false) { /* */ } + + +Rule::~Rule() { + if (m_operator != NULL) { + delete m_operator; + } + + while (m_variables != NULL && m_variables->empty() == false) { + auto *a = m_variables->back(); + m_variables->pop_back(); + delete a; + } + + if (m_variables != NULL) { + delete m_variables; + } +} + + +void Rule::updateMatchedVars(Transaction *trans, const std::string &key, + const std::string &value) { + ms_dbg_a(trans, 9, "Matched vars updated."); + trans->m_variableMatchedVar.set(value, trans->m_variableOffset); + trans->m_variableMatchedVarName.set(key, trans->m_variableOffset); + + trans->m_variableMatchedVars.set(key, value, trans->m_variableOffset); + trans->m_variableMatchedVarsNames.set(key, key, trans->m_variableOffset); +} + + +void Rule::cleanMatchedVars(Transaction *trans) { + ms_dbg_a(trans, 9, "Matched vars cleaned."); + trans->m_variableMatchedVar.unset(); + trans->m_variableMatchedVars.unset(); + trans->m_variableMatchedVarName.unset(); + trans->m_variableMatchedVarsNames.unset(); +} + + +bool Rule::executeOperatorAt(Transaction *trans, const std::string &key, + std::string value, std::shared_ptr ruleMessage) { +#if MSC_EXEC_CLOCK_ENABLED + clock_t begin = clock(); + clock_t end; + double elapsed_s = 0; +#endif + bool ret; + + ms_dbg_a(trans, 9, "Target value: \"" + utils::string::limitTo(80, + utils::string::toHexIfNeeded(value)) \ + + "\" (Variable: " + key + ")"); + + ret = this->m_operator->evaluateInternal(trans, this, value, ruleMessage); + if (ret == false) { + return false; + } + +#if MSC_EXEC_CLOCK_ENABLED + end = clock(); + elapsed_s = static_cast(end - begin) / CLOCKS_PER_SEC; + + ms_dbg_a(trans, 5, "Operator completed in " + \ + std::to_string(elapsed_s) + " seconds"); +#endif + return ret; +} + void Rule::getVariablesExceptions(Transaction *t, variables::Variables *exclusion, variables::Variables *addition) { @@ -523,7 +550,7 @@ inline void Rule::getFinalVars(variables::Variables *vars, -void Rule::executeAction(Transaction *trans, +void RuleWithActions::executeAction(Transaction *trans, bool containsBlock, std::shared_ptr ruleMessage, Action *a, bool defaultContext) { if (a->isDisruptive() == false && *a->m_name.get() != "block") { @@ -551,55 +578,12 @@ void Rule::executeAction(Transaction *trans, } - -void Rule::executeActionsAfterFullMatch(Transaction *trans, - bool containsBlock, std::shared_ptr ruleMessage) { - bool disruptiveAlreadyExecuted = false; - - for (auto &a : trans->m_rules->m_defaultActions[getPhase()]) { - if (a.get()->action_kind != actions::Action::RunTimeOnlyIfMatchKind) { - continue; - } - if (!a.get()->isDisruptive()) { - executeAction(trans, containsBlock, ruleMessage, a.get(), true); - } - } - - for (actions::Tag *a : this->m_actionsTag) { - ms_dbg_a(trans, 4, "Running (non-disruptive) action: " \ - + *a->m_name.get()); - a->evaluate(this, trans, ruleMessage); - } - - for (auto &b : - trans->m_rules->m_exceptions.m_action_pos_update_target_by_id) { - if (m_ruleId != b.first) { - continue; - } - actions::Action *a = dynamic_cast(b.second.get()); - executeAction(trans, containsBlock, ruleMessage, a, false); - disruptiveAlreadyExecuted = true; - } - for (Action *a : this->m_actionsRuntimePos) { - if (!a->isDisruptive() - && !(disruptiveAlreadyExecuted - && dynamic_cast(a))) { - executeAction(trans, containsBlock, ruleMessage, a, false); - } - } - if (!disruptiveAlreadyExecuted && m_disruptiveAction != nullptr) { - executeAction(trans, containsBlock, ruleMessage, - m_disruptiveAction, false); - } -} - - bool Rule::evaluate(Transaction *trans, std::shared_ptr ruleMessage) { bool globalRet = false; variables::Variables *variables = this->m_variables; bool recursiveGlobalRet; - bool containsBlock = m_containsStaticBlockAction; + bool containsBlock = hasBlockAction(); std::string eparam; variables::Variables vars; vars.reserve(4); @@ -721,7 +705,7 @@ bool Rule::evaluate(Transaction *trans, &containsBlock, ruleMessage); bool isItToBeLogged = ruleMessage->m_saveMessage; - if (m_containsMultiMatchAction && isItToBeLogged) { + if (hasMultimatch() && isItToBeLogged) { /* warn */ trans->m_rulesMessages.push_back(*ruleMessage); @@ -778,21 +762,20 @@ end_exec: /* last rule in the chain. */ bool isItToBeLogged = (ruleMessage->m_saveMessage && (m_chainedRuleParent == nullptr)); - if (isItToBeLogged && !m_containsMultiMatchAction) { + if (isItToBeLogged && !hasMultimatch()) { /* warn */ trans->m_rulesMessages.push_back(*ruleMessage); /* error */ if (!ruleMessage->m_isDisruptive) { trans->serverLog(ruleMessage); + } } - } - return true; } -std::vector Rule::getActionsByName(const std::string& name, +std::vector RuleWithActions::getActionsByName(const std::string& name, Transaction *trans) { std::vector ret; for (auto &z : m_actionsRuntimePos) { @@ -829,23 +812,6 @@ std::vector Rule::getActionsByName(const std::string& name, } -bool Rule::containsTag(const std::string& name, Transaction *t) { - for (auto &tag : m_actionsTag) { - if (tag != NULL && tag->getName(t) == name) { - return true; - } - } - return false; -} - - -bool Rule::containsMsg(const std::string& name, Transaction *t) { - return m_msg && m_msg->data(t) == name; -} - std::string Rule::getOperatorName() const { return m_operator->m_op; } -std::string Rule::logData(Transaction *t) { return m_logData->data(t); } -std::string Rule::msg(Transaction *t) { return m_msg->data(t); } -int Rule::severity() const { return m_severity->m_severity; } } // namespace modsecurity diff --git a/src/run_time_string.cc b/src/run_time_string.cc index 4d718365..1cf91358 100644 --- a/src/run_time_string.cc +++ b/src/run_time_string.cc @@ -51,14 +51,16 @@ std::string RunTimeString::evaluate(Transaction *t) { } -std::string RunTimeString::evaluate(Transaction *t, Rule *r) { +std::string RunTimeString::evaluate(Transaction *t, RuleBase *r) { std::string s; for (auto &z : m_elements) { if (z->m_string.size() > 0) { s.append(z->m_string); } else if (z->m_var != NULL && t != NULL) { std::vector l; - z->m_var->evaluate(t, r, &l); + // FIXME: This cast should be removed. + Rule *rr = dynamic_cast(r); + z->m_var->evaluate(t, rr, &l); if (l.size() > 0) { s.append(l[0]->getValue()); } diff --git a/src/run_time_string.h b/src/run_time_string.h index 85b02dd0..37c6f682 100644 --- a/src/run_time_string.h +++ b/src/run_time_string.h @@ -49,7 +49,7 @@ class RunTimeString { void appendText(const std::string &text); void appendVar(std::unique_ptr var); std::string evaluate(Transaction *t); - std::string evaluate(Transaction *t, Rule *r); + std::string evaluate(Transaction *t, RuleBase *r); std::string evaluate() { return evaluate(NULL); }