github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-16 17:41:52 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3231 from eduar-hte/remove-copies-transformations

Browse Source 
Remove unnecessary heap allocated copies in Transformation actions
This commit is contained in:
Ervin Hegedus
2024-08-28 14:33:59 +02:00
committed by GitHub
parent 4951702d45 a6d64bf615
commit 9148668571
146 changed files with 1185 additions and 2816 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
src/utils/base64.cc
View File

@@ -23,33 +23,30 @@
#include "mbedtls/base64.h"
template<typename Operation>
inline std::string base64Helper(const char *data, const unsigned int len, Operation op) {
size_t out_len = 0;
op(nullptr, 0, &out_len,
reinterpret_cast<const unsigned char *>(data), len);
std::string ret(out_len, {});
if(out_len > 0) {
op(reinterpret_cast<unsigned char *>(ret.data()), ret.size(), &out_len,
reinterpret_cast<const unsigned char *>(data), len);
ret.resize(out_len);
}
return ret;
}
namespace modsecurity {
namespace Utils {
std::string Base64::encode(const std::string& data) {
size_t encoded_len = 0;
unsigned char *d;
std::string ret;
mbedtls_base64_encode(NULL, 0, &encoded_len,
reinterpret_cast<const unsigned char*>(data.c_str()), data.size());
d = reinterpret_cast<unsigned char*>(malloc(sizeof(char) * encoded_len));
if (d == NULL) {
return data;
}
memset(d, '\0', encoded_len);
mbedtls_base64_encode(d, encoded_len, &encoded_len,
(unsigned char*) data.c_str(), data.size());
ret.assign(reinterpret_cast<const char*>(d), encoded_len);
free(d);
return ret;
return base64Helper(data.c_str(), data.size(), mbedtls_base64_encode);
}
@@ -63,53 +60,12 @@ std::string Base64::decode(const std::string& data, bool forgiven) {
std::string Base64::decode(const std::string& data) {
size_t decoded_len = 0;
unsigned char *d;
std::string ret;
size_t len = strlen(data.c_str());
mbedtls_base64_decode(NULL, 0, &decoded_len,
reinterpret_cast<const unsigned char*>(data.c_str()), len);
d = reinterpret_cast<unsigned char*>(malloc(sizeof(char) * decoded_len));
if (d == NULL) {
return data;
}
memset(d, '\0', decoded_len);
mbedtls_base64_decode(d, decoded_len, &decoded_len,
reinterpret_cast<const unsigned char*>(data.c_str()), len);
ret.assign(reinterpret_cast<const char*>(d), decoded_len);
free(d);
return ret;
return base64Helper(data.c_str(), strlen(data.c_str()), mbedtls_base64_decode);
}
std::string Base64::decode_forgiven(const std::string& data) {
size_t decoded_len = 0;
unsigned char *d;
std::string ret;
decode_forgiven_engine(NULL, 0, &decoded_len,
reinterpret_cast<const unsigned char*>(data.c_str()), data.size());
d = reinterpret_cast<unsigned char*>(malloc(sizeof(char) * decoded_len));
if (d == NULL) {
return data;
}
memset(d, '\0', decoded_len);
decode_forgiven_engine(d, decoded_len, &decoded_len,
reinterpret_cast<const unsigned char*>(data.c_str()), data.size());
ret.assign(reinterpret_cast<const char*>(d), decoded_len);
free(d);
return ret;
return base64Helper(data.c_str(), data.size(), decode_forgiven_engine);
}
@@ -215,6 +171,5 @@ void Base64::decode_forgiven_engine(unsigned char *plain_text,
}
}
} // namespace Utils
} // namespace modsecurity

69
src/utils/decode.cc
View File

@@ -17,68 +17,60 @@
#include "modsecurity/modsecurity.h"
#include "src/utils/string.h"
using namespace modsecurity::utils::string;
namespace modsecurity {
namespace utils {
namespace modsecurity::utils {
int urldecode_nonstrict_inplace(unsigned char *input,
uint64_t input_len, int *invalid_count, int *changed) {
unsigned char *d = (unsigned char *)input;
uint64_t i, count;
bool urldecode_nonstrict_inplace(std::string &val,
int &invalid_count) {
unsigned char *d = (unsigned char *)val.data();
unsigned char *s = d;
const unsigned char *e = s + val.size();
*changed = 0;
invalid_count = 0;
bool changed = false;
if (input == NULL) {
return -1;
}
i = count = 0;
while (i < input_len) {
if (input[i] == '%') {
while (s != e) {
if (*s == '%') {
/* Character is a percent sign. */
/* Are there enough bytes available? */
if (i + 2 < input_len) {
char c1 = input[i + 1];
char c2 = input[i + 2];
if (s + 2 < e) {
const auto c1 = *(s + 1);
const auto c2 = *(s + 2);
if (VALID_HEX(c1) && VALID_HEX(c2)) {
uint64_t uni = string::x2c(&input[i + 1]);
const auto uni = string::x2c(s + 1);
*d++ = (wchar_t)uni;
count++;
i += 3;
*changed = 1;
*d++ = uni;
s += 3;
changed = true;
} else {
/* Not a valid encoding, skip this % */
*d++ = input[i++];
count++;
(*invalid_count)++;
*d++ = *s++;
invalid_count++;
}
} else {
/* Not enough bytes available, copy the raw bytes. */
*d++ = input[i++];
count++;
(*invalid_count)++;
*d++ = *s++;
invalid_count++;
}
} else {
/* Character is not a percent sign. */
if (input[i] == '+') {
if (*s == '+') {
*d++ = ' ';
*changed = 1;
changed = true;
} else {
*d++ = input[i];
*d++ = *s;
}
count++;
i++;
s++;
}
}
#if 0
*d = '\0';
#endif
if (changed)
val.resize((char*) d - val.c_str());
return count;
return changed;
}
@@ -120,5 +112,4 @@ std::string uri_decode(const std::string & sSrc) {
}
} // namespace utils
} // namespace modsecurity
} // namespace modsecurity::utils

4
src/utils/decode.h
View File

@@ -29,8 +29,8 @@ namespace modsecurity {
namespace utils {
int urldecode_nonstrict_inplace(unsigned char *input,
uint64_t input_len, int *invalid_count, int *changed);
bool urldecode_nonstrict_inplace(std::string &val,
int &invalid_count);
std::string uri_decode(const std::string & sSrc);

40
src/utils/md5.cc
View File

@@ -1,40 +0,0 @@
#include "src/utils/md5.h"
#include "mbedtls/md5.h"
namespace modsecurity {
namespace Utils {
std::string Md5::hexdigest(const std::string& input) {
unsigned char digest[16];
mbedtls_md5(reinterpret_cast<const unsigned char *>(input.c_str()),
input.size(), digest);
char buf[33];
for (int i = 0; i < 16; i++) {
sprintf(buf+i*2, "%02x", digest[i]);
}
return std::string(buf, 32);
}
std::string Md5::digest(const std::string& input) {
unsigned char output[16];
std::string ret;
mbedtls_md5(reinterpret_cast<const unsigned char *>(input.c_str()),
input.size(), output);
ret.assign(reinterpret_cast<const char *>(output), 16);
return ret;
}
} // namespace Utils
} // namespace modsecurity

23
src/utils/md5.h
View File

@@ -13,29 +13,20 @@
*
*/
#include <string>
#include "modsecurity/actions/action.h"
#include "src/actions/transformations/transformation.h"
#ifndef SRC_UTILS_MD5_H_
#define SRC_UTILS_MD5_H_
#include <cstring>
#include <iostream>
#include "src/utils/sha1.h"
#include "mbedtls/md5.h"
#include <string>
namespace modsecurity {
namespace Utils {
namespace modsecurity::Utils {
class Md5 {
public:
Md5() { }
static std::string hexdigest(const std::string& input);
static std::string digest(const std::string& input);
class Md5 : public DigestImpl<&mbedtls_md5, 16> {
};
} // namespace Utils
} // namespace modsecurity
} // namespace modsecurity::Utils
#endif // SRC_UTILS_MD5_H_

60
src/utils/sha1.cc
View File

@@ -1,60 +0,0 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include "src/utils/sha1.h"
#include "mbedtls/sha1.h"
#include <fstream>
#include <iostream>
#include <cstring>
namespace modsecurity {
namespace Utils {
std::string Sha1::hexdigest(const std::string& input) {
unsigned char digest[20] = { 0 };
static const char* const lut = "0123456789abcdef";
mbedtls_sha1(reinterpret_cast<const unsigned char *>(input.c_str()),
input.size(), digest);
std::string a;
for (int i = 0; i < 20; i++) {
const unsigned char c = digest[i];
a.push_back(lut[c >> 4]);
a.push_back(lut[c & 15]);
}
return a;
}
std::string Sha1::digest(const std::string& input) {
unsigned char output[20];
std::string ret;
mbedtls_sha1(reinterpret_cast<const unsigned char *>(input.c_str()),
input.size(), output);
ret.assign(reinterpret_cast<const char *>(output), 20);
return ret;
}
} // namespace Utils
} // namespace modsecurity

59
src/utils/sha1.h
View File

@@ -13,26 +13,63 @@
*
*/
#ifndef SRC_UTILS_SHA1_H_
#define SRC_UTILS_SHA1_H_
#include <algorithm>
#include <iostream>
#include <string>
#include <cassert>
namespace modsecurity {
namespace Utils {
#include "src/utils/string.h"
#include "mbedtls/sha1.h"
class Sha1 {
namespace modsecurity::Utils {
using DigestOp = int (*)(const unsigned char *, size_t, unsigned char []);
template<DigestOp digestOp, int DigestSize>
class DigestImpl {
public:
Sha1() { }
static std::string hexdigest(const std::string& input);
static std::string digest(const std::string& input);
static std::string digest(const std::string& input) {
return digestHelper(input, [](const auto digest) {
return std::string(digest);
});
}
static void digestReplace(std::string& value) {
digestHelper(value, [&value](const auto digest) mutable {
value = digest;
});
}
static std::string hexdigest(const std::string &input) {
return digestHelper(input, [](const auto digest) {
return utils::string::string_to_hex(digest);
});
}
private:
template<typename ConvertOp>
static auto digestHelper(const std::string &input,
ConvertOp convertOp) -> auto {
char digest[DigestSize];
auto ret = digestOp(reinterpret_cast<const unsigned char *>(input.c_str()),
input.size(), reinterpret_cast<unsigned char *>(digest));
assert(ret == 0);
return convertOp(std::string_view(digest, DigestSize));
}
};
} // namespace Utils
} // namespace modsecurity
class Sha1 : public DigestImpl<&mbedtls_sha1, 20> {
};
} // namespace modsecurity::Utils
#endif // SRC_UTILS_SHA1_H_

48
src/utils/string.h
View File

@@ -13,6 +13,9 @@
*
*/
#ifndef SRC_UTILS_STRING_H_
#define SRC_UTILS_STRING_H_
#include <ctime>
#include <string>
#include <cstring>
@@ -27,18 +30,21 @@
#include "src/compat/msvc.h"
#endif
#ifndef SRC_UTILS_STRING_H_
#define SRC_UTILS_STRING_H_
namespace modsecurity::utils::string {
#define VALID_HEX(X) (((X >= '0') && (X <= '9')) || \
((X >= 'a') && (X <= 'f')) || ((X >= 'A') && (X <= 'F')))
#define ISODIGIT(X) ((X >= '0') && (X <= '7'))
#define NBSP 160
template<typename CharT>
constexpr bool VALID_HEX(CharT X) {
return ((X >= '0') && (X <= '9'))
|| ((X >= 'a') && (X <= 'f'))
|| ((X >= 'A') && (X <= 'F'));
}
template<typename CharT>
constexpr bool ISODIGIT(CharT X) {
return (X >= '0') && (X <= '7');
}
namespace modsecurity {
namespace utils {
namespace string {
constexpr unsigned char NBSP = 160;
const char HEX2DEC[256] = {
/* 0 1 2 3 4 5 6 7 8 9 A B C D E F */
@@ -235,18 +241,18 @@ inline unsigned char *c2x(unsigned what, unsigned char *where) {
}
inline std::string string_to_hex(const std::string& input) {
static const char* const lut = "0123456789ABCDEF";
size_t len = input.length();
inline std::string string_to_hex(std::string_view input) {
static const char* const lut = "0123456789abcdef";
std::string output;
output.reserve(2 * len);
for (size_t i = 0; i < len; ++i) {
const unsigned char c = input[i];
output.push_back(lut[c >> 4]);
output.push_back(lut[c & 15]);
std::string a(input.size()*2, 0);
char *d = a.data();
for (const unsigned char c : input) {
*d++ = lut[c >> 4];
*d++ = lut[c & 15];
}
return output;
return a;
}
@@ -271,8 +277,6 @@ inline std::string toupper(std::string str) { // cppcheck-suppress passedByValue
}
} // namespace string
} // namespace utils
} // namespace modsecurity
} // namespace modsecurity::utils::string
#endif // SRC_UTILS_STRING_H_