github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 13:26:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Use 'equal_range' instead of full scan for rule exceptions

Browse Source 
The original author was @WGH-, this change was proposed at #2370
This commit is contained in:
Felipe Zimmerle 2020-08-10 09:51:02 -03:00
parent 5226c42f7c
commit b32182940d
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
1 changed files with 8 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/rule_with_actions.cc
View File

@ -235,12 +235,9 @@ void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans) const {
* FIXME: SecRuleUpdateActionBy should be runtime
*
*/
for (auto &b :
trans->m_rules->m_exceptions.m_action_pos_update_target_by_id) {
if (m_ruleId != b.first) {
continue;
}
ActionWithExecution *a = dynamic_cast<ActionWithExecution*>(b.second.get());
auto range = trans->m_rules->m_exceptions.m_action_pos_update_target_by_id.equal_range(m_ruleId);
for (auto it = range.first; it != range.second; ++it) {
ActionWithExecution *a = dynamic_cast<ActionWithExecution*>(it->second.get());
if (dynamic_cast<ActionDisruptive *>(a)) {
trans->messageGetLast()->setRule(this);
}
@ -327,23 +324,16 @@ void RuleWithActions::executeTransformations(
// FIXME: It can't be something different from transformation. Sort this
// on rules compile time.
for (auto &b :
trans->m_rules->m_exceptions.m_action_transformation_update_target_by_id) {
if (m_ruleId != b.first) {
continue;
}
Transformation *t = b.second.get();
auto range = trans->m_rules->m_exceptions.m_action_transformation_update_target_by_id.equal_range(m_ruleId);
for (auto it = range.first; it != range.second; ++it) {
Transformation *t = it->second.get();
if (dynamic_cast<actions::transformations::None *>(t)) {
none++;
}
}
for (auto &b :
trans->m_rules->m_exceptions.m_action_transformation_update_target_by_id) {
if (m_ruleId != b.first) {
continue;
}
Transformation *t = b.second.get();
for (auto it = range.first; it != range.second; ++it) {
Transformation *t = it->second.get();
if (none == 0) {
executeTransformation(trans, &results, t);
}