github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Makes Rule a shared pointer

Browse Source
This commit is contained in:
Felipe Zimmerle
2018-11-22 10:48:33 -03:00
parent f1d22f9b02
commit 9d158611cf
16 changed files with 930 additions and 935 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
src/parser/driver.cc
View File

@@ -29,7 +29,7 @@ Driver::Driver()
: RulesSetProperties(),
trace_scanning(false),
trace_parsing(false),
lastRule(NULL) { }
m_lastRule(nullptr) { }
Driver::~Driver() {
@@ -43,15 +43,15 @@ Driver::~Driver() {
int Driver::addSecMarker(std::string marker) {
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
Rule *rule = new Rule(marker);
std::unique_ptr<Rule> rule(new Rule(marker));
rule->m_phase = i;
m_rulesSetPhases.insert(rule);
m_rulesSetPhases.insert(std::move(rule));
}
return 0;
}
int Driver::addSecAction(Rule *rule) {
int Driver::addSecAction(std::unique_ptr<Rule> rule) {
if (rule->m_phase >= modsecurity::Phases::NUMBER_OF_PHASES) {
m_parserError << "Unknown phase: " << std::to_string(rule->m_phase);
m_parserError << std::endl;
@@ -59,55 +59,40 @@ int Driver::addSecAction(Rule *rule) {
}
m_rulesSetPhases.insert(rule);
m_rulesSetPhases.insert(std::move(rule));
return true;
}
int Driver::addSecRuleScript(RuleScript *rule) {
m_rulesSetPhases.insert(rule);
int Driver::addSecRuleScript(std::unique_ptr<RuleScript> rule) {
m_rulesSetPhases.insert(std::move(rule));
return true;
}
int Driver::addSecRule(Rule *rule) {
if (rule->m_phase >= modsecurity::Phases::NUMBER_OF_PHASES) {
m_parserError << "Unknown phase: " << std::to_string(rule->m_phase);
int Driver::addSecRule(std::unique_ptr<Rule> r) {
if (r->m_phase >= modsecurity::Phases::NUMBER_OF_PHASES) {
m_parserError << "Unknown phase: " << std::to_string(r->m_phase);
m_parserError << std::endl;
return false;
}
if (lastRule && lastRule->m_chained) {
if (lastRule->m_chainedRuleChild == NULL) {
rule->m_phase = lastRule->m_phase;
if (rule->m_theDisruptiveAction) {
m_parserError << "Disruptive actions can only be specified by";
m_parserError << " chain starter rules.";
return false;
}
lastRule->m_chainedRuleChild = rule;
rule->m_chainedRuleParent = lastRule;
return true;
} else {
Rule *a = lastRule->m_chainedRuleChild;
while (a->m_chained && a->m_chainedRuleChild != NULL) {
a = a->m_chainedRuleChild;
}
if (a->m_chained && a->m_chainedRuleChild == NULL) {
a->m_chainedRuleChild = rule;
rule->m_chainedRuleParent = a;
if (a->m_theDisruptiveAction) {
m_parserError << "Disruptive actions can only be ";
m_parserError << "specified by chain starter rules.";
return false;
}
return true;
}
/* is it a chained rule? */
if (m_lastRule != nullptr && m_lastRule->m_chained) {
r->m_phase = m_lastRule->m_phase;
if (r->m_theDisruptiveAction) {
m_parserError << "Disruptive actions can only be specified by";
m_parserError << " chain starter rules.";
return false;
}
m_lastRule->m_chainedRuleChild = std::move(r);
m_lastRule->m_chainedRuleChild->m_chainedRuleParent = m_lastRule;
m_lastRule = m_lastRule->m_chainedRuleChild.get();
return true;
}
std::shared_ptr<Rule> rule(std::move(r));
/*
* Checking if the rule has an ID and also checking if this ID is not used
* by other rule
@@ -118,6 +103,7 @@ int Driver::addSecRule(Rule *rule) {
m_parserError << std::to_string(rule->m_lineNumber) << std::endl;
return false;
}
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
Rules *rules = m_rulesSetPhases[i];
for (int j = 0; j < rules->size(); j++) {
@@ -129,14 +115,15 @@ int Driver::addSecRule(Rule *rule) {
}
}
lastRule = rule;
m_lastRule = rule.get();
m_rulesSetPhases.insert(rule);
return true;
}
int Driver::parse(const std::string &f, const std::string &ref) {
lastRule = NULL;
m_lastRule = nullptr;
loc.push_back(new yy::location());
if (ref.empty()) {
loc.back()->begin.filename = loc.back()->end.filename = new std::string("<<reference missing or not informed>>");
@@ -155,6 +142,19 @@ int Driver::parse(const std::string &f, const std::string &ref) {
int res = parser.parse();
scan_end();
/*
* need to check for rules marked as chained but without
* a chained rule.
*
*/
/*
if (m_lastRule != nullptr && m_lastRule->m_chained) {
m_parserError << "Last rule is marked as chained but there " \
"isn't a subsequent rule." << std::endl;
return false;
}
*/
/*
if (m_auditLog->init(&error) == false) {
m_parserError << "Problems while initializing the audit logs: " \

8
src/parser/driver.h
View File

@@ -66,10 +66,10 @@ class Driver : public RulesSetProperties {
Driver();
virtual ~Driver();
int addSecRule(Rule *rule);
int addSecAction(Rule *rule);
int addSecRule(std::unique_ptr<Rule> rule);
int addSecAction(std::unique_ptr<Rule> rule);
int addSecMarker(std::string marker);
int addSecRuleScript(RuleScript *rule);
int addSecRuleScript(std::unique_ptr<RuleScript> rule);
bool scan_begin();
void scan_end();
@@ -89,7 +89,7 @@ class Driver : public RulesSetProperties {
std::list<yy::location *> loc;
std::string buffer;
Rule *lastRule;
Rule *m_lastRule;
RulesSetPhases m_rulesSetPhases;
};

2
src/parser/location.hh
View File

@@ -1,4 +1,4 @@
// A Bison parser, made by GNU Bison 3.5.2.
// A Bison parser, made by GNU Bison 3.5.3.
// Locations for Bison parsers in C++

2
src/parser/position.hh
View File

@@ -1,4 +1,4 @@
// A Bison parser, made by GNU Bison 3.5.2.
// A Bison parser, made by GNU Bison 3.5.3.
// Starting with Bison 3.2, this file is useless: the structure it
// used to define is now defined in "location.hh".

1592
src/parser/seclang-parser.cc
View File

File diff suppressed because it is too large Load Diff

2
src/parser/seclang-parser.hh
View File

@@ -1,4 +1,4 @@
// A Bison parser, made by GNU Bison 3.5.2.
// A Bison parser, made by GNU Bison 3.5.3.
// Skeleton interface for Bison LALR(1) parsers in C++

28
src/parser/seclang-parser.yy
View File

@@ -1076,16 +1076,15 @@ expression:
}
Operator *op = $3.release();
Rule *rule = new Rule(
std::unique_ptr<Rule> rule(new Rule(
/* op */ op,
/* variables */ v,
/* actions */ a,
/* file name */ *@1.end.filename,
/* line number */ @1.end.line
);
));
if (driver.addSecRule(rule) == false) {
delete rule;
if (driver.addSecRule(std::move(rule)) == false) {
YYERROR;
}
}
@@ -1096,15 +1095,14 @@ expression:
v->push_back(i.release());
}
Rule *rule = new Rule(
std::unique_ptr<Rule> rule(new Rule(
/* op */ $3.release(),
/* variables */ v,
/* actions */ NULL,
/* file name */ *@1.end.filename,
/* line number */ @1.end.line
);
if (driver.addSecRule(rule) == false) {
delete rule;
));
if (driver.addSecRule(std::move(rule)) == false) {
YYERROR;
}
}
@@ -1114,14 +1112,14 @@ expression:
for (auto &i : *$2.get()) {
a->push_back(i.release());
}
Rule *rule = new Rule(
std::unique_ptr<Rule> rule(new Rule(
/* op */ NULL,
/* variables */ NULL,
/* actions */ a,
/* file name */ *@1.end.filename,
/* line number */ @1.end.line
);
driver.addSecAction(rule);
));
driver.addSecAction(std::move(rule));
}
| DIRECTIVE_SECRULESCRIPT actions
{
@@ -1130,20 +1128,18 @@ expression:
for (auto &i : *$2.get()) {
a->push_back(i.release());
}
RuleScript *r = new RuleScript(
std::unique_ptr<RuleScript> r(new RuleScript(
/* path to script */ $1,
/* actions */ a,
/* file name */ *@1.end.filename,
/* line number */ @1.end.line
);
));
if (r->init(&err) == false) {
driver.error(@0, "Failed to load script: " + err);
delete r;
YYERROR;
}
if (driver.addSecRuleScript(r) == false) {
delete r;
if (driver.addSecRuleScript(std::move(r)) == false) {
YYERROR;
}
}

2
src/parser/stack.hh
View File

@@ -1,4 +1,4 @@
// A Bison parser, made by GNU Bison 3.5.2.
// A Bison parser, made by GNU Bison 3.5.3.
// Starting with Bison 3.2, this file is useless: the structure it
// used to define is now defined with the parser itself.

21
src/rule.cc
View File

@@ -68,7 +68,7 @@ Rule::Rule(const std::string &marker)
m_phase(-1),
m_variables(NULL),
m_op(NULL),
m_chainedRuleChild(NULL),
m_chainedRuleChild(nullptr),
m_chainedRuleParent(NULL),
m_fileName(""),
m_marker(marker),
@@ -78,9 +78,7 @@ Rule::Rule(const std::string &marker)
m_actionsRuntimePre(),
m_actionsSetVar(),
m_actionsTag(),
m_unconditional(false),
m_referenceCount(1) { }
m_unconditional(false) { }
Rule::Rule(Operator *_op,
variables::Variables *_variables,
@@ -103,7 +101,7 @@ Rule::Rule(Operator *_op,
m_phase(-1),
m_variables(_variables),
m_op(_op),
m_chainedRuleChild(NULL),
m_chainedRuleChild(nullptr),
m_chainedRuleParent(NULL),
m_fileName(fileName),
m_marker(""),
@@ -113,9 +111,7 @@ Rule::Rule(Operator *_op,
m_actionsRuntimePre(),
m_actionsSetVar(),
m_actionsTag(),
m_unconditional(false),
m_referenceCount(1)
{
m_unconditional(false) {
/* */
organizeActions(actions);
@@ -149,10 +145,6 @@ Rule::~Rule() {
if (m_variables != NULL) {
delete m_variables;
}
if (m_chainedRuleChild != NULL) {
delete m_chainedRuleChild;
}
}
@@ -779,14 +771,15 @@ bool Rule::evaluate(Transaction *trans,
goto end_exec;
}
if (this->m_chainedRuleChild == NULL) {
/* FIXME: this check should happens on the parser. */
if (this->m_chainedRuleChild == nullptr) {
ms_dbg_a(trans, 4, "Rule is marked as chained but there " \
"isn't a subsequent rule.");
goto end_clean;
}
ms_dbg_a(trans, 4, "Executing chained rule.");
recursiveGlobalRet = this->m_chainedRuleChild->evaluate(trans, ruleMessage);
recursiveGlobalRet = m_chainedRuleChild->evaluate(trans, ruleMessage);
if (recursiveGlobalRet == true) {
goto end_exec;

4
src/rules_set.cc
View File

@@ -111,7 +111,7 @@ int RulesSet::evaluate(int phase, Transaction *t) {
return 0;
}
std::vector<Rule *> *rules = m_rulesSetPhases[phase];
Rules *rules = m_rulesSetPhases[phase];
ms_dbg_a(t, 9, "This phase consists of " \
+ std::to_string(rules->size()) + " rule(s).");
@@ -133,7 +133,7 @@ int RulesSet::evaluate(int phase, Transaction *t) {
//}
for (int i = 0; i < rules->size(); i++) {
Rule *rule = rules->at(i);
Rule *rule = rules->at(i).get();
if (t->m_marker.empty() == false) {
ms_dbg_a(t, 9, "Skipped rule id '" + std::to_string(rule->m_ruleId) \
+ "' due to a SecMarker: " + t->m_marker);

38
src/rules_set_phases.cc
View File

@@ -29,24 +29,13 @@
namespace modsecurity {
RulesSetPhases::~RulesSetPhases() {
/** Cleanup the rules */
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
Rules *rules = &m_rules[i];
while (rules->empty() == false) {
Rule *rule = rules->back();
rules->pop_back();
if (rule->refCountDecreaseAndCheck()) {
rule = NULL;
}
}
}
}
bool RulesSetPhases::insert(Rule *rule) {
bool RulesSetPhases::insert(std::shared_ptr<Rule> rule) {
if (rule->m_phase >= modsecurity::Phases::NUMBER_OF_PHASES) {
return false;
}
m_rules[rule->m_phase].push_back(rule);
m_rules[rule->m_phase].insert(rule);
return true;
}
@@ -58,7 +47,7 @@ int RulesSetPhases::append(RulesSetPhases *from, std::ostringstream *err) {
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
v.reserve(m_rules[i].size());
for (size_t z = 0; z < m_rules[i].size(); z++) {
Rule *rule_ckc = m_rules[i].at(z);
Rule *rule_ckc = m_rules[i].at(z).get();
if (rule_ckc->m_secMarker == true) {
continue;
}
@@ -67,19 +56,9 @@ int RulesSetPhases::append(RulesSetPhases *from, std::ostringstream *err) {
}
std::sort (v.begin(), v.end());
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
for (size_t j = 0; j < from->at(i)->size(); j++) {
Rule *rule = from->at(i)->at(j);
if (std::binary_search(v.begin(), v.end(), rule->m_ruleId)) {
if (err != NULL) {
*err << "Rule id: " << std::to_string(rule->m_ruleId) \
<< " is duplicated" << std::endl;
}
return -1;
}
amount_of_rules++;
rule->refCountIncrease();
m_rules[i].push_back(rule);
for (int phase = 0; phase < modsecurity::Phases::NUMBER_OF_PHASES; phase++) {
if (m_rules[phase].append(from->at(phase), v, err) < 0) {
return -1;
}
}
@@ -91,10 +70,7 @@ void RulesSetPhases::dump() const {
std::cout << "Phase: " << std::to_string(i);
std::cout << " (" << std::to_string(m_rules[i].size());
std::cout << " rules)" << std::endl;
for (int j = 0; j < m_rules[i].size(); j++) {
std::cout << " Rule ID: " << std::to_string(m_rules[i][j]->m_ruleId);
std::cout << "--" << m_rules[i][j] << std::endl;
}
m_rules[i].dump();
}
}