github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-16 01:22:18 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds new method for rule merge

Browse Source 
IMPORTANT: SecDefaultAction specified on a child configuration will
overwrite the ones specified on the parent; Previously it was
concatenating.
This commit is contained in:
Felipe Zimmerle
2020-04-14 11:33:17 -03:00
parent 7d1c37a42b
commit be4d242a75
115 changed files with 2136 additions and 1517 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/actions/accuracy.cc
View File

@@ -40,7 +40,6 @@ bool Accuracy::init(std::string *error) {
bool Accuracy::evaluate(RuleWithActions *rule, Transaction *transaction) {
rule->m_accuracy = m_accuracy;
return true;
}

1
src/actions/accuracy.h
View File

@@ -35,6 +35,7 @@ class Accuracy : public Action {
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
bool init(std::string *error) override;
int getAccuracy() const { return m_accuracy; }
private:
int m_accuracy;

7
src/actions/audit_log.cc
View File

@@ -28,11 +28,8 @@ namespace actions {
bool AuditLog::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) {
rm->m_noAuditLog = false;
ms_dbg_a(transaction, 9, "Saving transaction to logs");
rm->m_saveMessage = true;
RuleMessage &rm) {
transaction->messageSetNoAuditLog(false);
return true;
}

2
src/actions/audit_log.h
View File

@@ -36,7 +36,7 @@ class AuditLog : public Action {
: Action(action, RunTimeOnlyIfMatchKind) { }
bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override;
RuleMessage &rm) override;
};

10
src/actions/block.cc
View File

@@ -30,16 +30,8 @@ namespace actions {
bool Block::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) {
RuleMessage &rm) {
ms_dbg_a(transaction, 8, "Marking request as disruptive.");
for (auto &a : transaction->m_rules->m_rulesSetPhases[rule->getPhase()]->m_defaultActions) {
if (a->isDisruptive() == false) {
continue;
}
a->evaluate(rule, transaction, rm);
}
return true;
}

2
src/actions/block.h
View File

@@ -36,7 +36,7 @@ class Block : public Action {
explicit Block(const std::string &action) : Action(action) { }
bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override;
RuleMessage &rm) override;
};

2
src/actions/chain.cc
View File

@@ -26,7 +26,7 @@ namespace actions {
bool Chain::evaluate(RuleWithActions *rule, Transaction *transaction) {
rule->setChained(true);
rule->setHasChainAction(true);
return true;
}

2
src/actions/data/status.cc
View File

@@ -39,7 +39,7 @@ bool Status::init(std::string *error) {
bool Status::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) {
RuleMessage &rm) {
transaction->m_it.status = m_status;
return true;
}

2
src/actions/data/status.h
View File

@@ -38,7 +38,7 @@ class Status : public Action {
bool init(std::string *error) override;
bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override;
RuleMessage &rm) override;
int m_status;
};

6
src/actions/disruptive/deny.cc
View File

@@ -29,7 +29,7 @@ namespace disruptive {
bool Deny::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) {
RuleMessage &rm) {
ms_dbg_a(transaction, 8, "Running action deny");
if (transaction->m_it.status == 200) {
@@ -38,9 +38,9 @@ bool Deny::evaluate(RuleWithActions *rule, Transaction *transaction,
transaction->m_it.disruptive = true;
intervention::freeLog(&transaction->m_it);
rm->m_isDisruptive = true;
rm.setRule(rule);
transaction->m_it.log = strdup(
rm->log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str());
rm.log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str());
return true;
}

2
src/actions/disruptive/deny.h
View File

@@ -34,7 +34,7 @@ class Deny : public Action {
explicit Deny(const std::string &action) : Action(action) { }
bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override;
RuleMessage &rm) override;
bool isDisruptive() override { return true; }
};

6
src/actions/disruptive/drop.cc
View File

@@ -33,7 +33,7 @@ namespace disruptive {
bool Drop::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) {
RuleMessage &rm) {
ms_dbg_a(transaction, 8, "Running action drop " \
"[executing deny instead of drop.]");
@@ -43,9 +43,9 @@ bool Drop::evaluate(RuleWithActions *rule, Transaction *transaction,
transaction->m_it.disruptive = true;
intervention::freeLog(&transaction->m_it);
rm->m_isDisruptive = true;
rm.setRule(rule);
transaction->m_it.log = strdup(
rm->log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str());
rm.log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str());
return true;
}

2
src/actions/disruptive/drop.h
View File

@@ -33,7 +33,7 @@ class Drop : public Action {
explicit Drop(const std::string &action) : Action(action) { }
bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override;
RuleMessage &rm) override;
bool isDisruptive() override { return true; }
};

2
src/actions/disruptive/pass.cc
View File

@@ -30,7 +30,7 @@ namespace disruptive {
bool Pass::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) {
RuleMessage &rm) {
intervention::free(&transaction->m_it);
intervention::reset(&transaction->m_it);

2
src/actions/disruptive/pass.h
View File

@@ -32,7 +32,7 @@ class Pass : public Action {
explicit Pass(const std::string &action) : Action(action) { }
bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override;
RuleMessage &rm) override;
bool isDisruptive() override { return true; }
};

6
src/actions/disruptive/redirect.cc
View File

@@ -35,7 +35,7 @@ bool Redirect::init(std::string *error) {
bool Redirect::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) {
RuleMessage &rm) {
std::string m_urlExpanded(m_string->evaluate(transaction));
/* if it was changed before, lets keep it. */
if (transaction->m_it.status == 200
@@ -47,9 +47,9 @@ bool Redirect::evaluate(RuleWithActions *rule, Transaction *transaction,
transaction->m_it.url = strdup(m_urlExpanded.c_str());
transaction->m_it.disruptive = true;
intervention::freeLog(&transaction->m_it);
rm->m_isDisruptive = true;
rm.setRule(rule);
transaction->m_it.log = strdup(
rm->log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str());
rm.log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str());
return true;
}

2
src/actions/disruptive/redirect.h
View File

@@ -47,7 +47,7 @@ class Redirect : public Action {
m_string(std::move(z)) { }
bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override;
RuleMessage &rm) override;
bool init(std::string *error) override;
bool isDisruptive() override { return true; }

2
src/actions/init_col.h
View File

@@ -42,7 +42,7 @@ class InitCol : public Action {
bool init(std::string *error) override;
private:
std::string m_collection_key;
std::unique_ptr<RunTimeString> m_string;
std::shared_ptr<RunTimeString> m_string;
};

4
src/actions/log.cc
View File

@@ -29,9 +29,7 @@ namespace actions {
bool Log::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) {
ms_dbg_a(transaction, 9, "Saving transaction to logs");
rm->m_saveMessage = true;
RuleMessage &rm) {
return true;
}

2
src/actions/log.h
View File

@@ -34,7 +34,7 @@ class Log : public Action {
: Action(action, RunTimeOnlyIfMatchKind) { }
bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override;
RuleMessage &rm) override;
};
} // namespace actions

4
src/actions/log_data.cc
View File

@@ -30,8 +30,8 @@ namespace actions {
bool LogData::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) {
rm->m_data = data(transaction);
RuleMessage &rm) {
rm.m_data = data(transaction);
return true;
}

4
src/actions/log_data.h
View File

@@ -40,11 +40,11 @@ class LogData : public Action {
m_string(std::move(z)) { }
bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override;
RuleMessage &rm) override;
std::string data(Transaction *Transaction);
std::unique_ptr<RunTimeString> m_string;
std::shared_ptr<RunTimeString> m_string;
};

1
src/actions/maturity.cc
View File

@@ -40,7 +40,6 @@ bool Maturity::init(std::string *error) {
bool Maturity::evaluate(RuleWithActions *rule, Transaction *transaction) {
rule->m_maturity = m_maturity;
return true;
}

1
src/actions/maturity.h
View File

@@ -35,6 +35,7 @@ class Maturity : public Action {
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
bool init(std::string *error) override;
int getMaturity() const { return m_maturity; }
private:
int m_maturity;

4
src/actions/msg.cc
View File

@@ -47,9 +47,9 @@ namespace actions {
bool Msg::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) {
RuleMessage &rm) {
std::string msg = data(transaction);
rm->m_message = msg;
rm.m_message = msg;
ms_dbg_a(transaction, 9, "Saving msg: " + msg);
return true;

4
src/actions/msg.h
View File

@@ -41,10 +41,10 @@ class Msg : public Action {
m_string(std::move(z)) { }
bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override;
RuleMessage &rm) override;
std::string data(Transaction *Transaction);
std::unique_ptr<RunTimeString> m_string;
std::shared_ptr<RunTimeString> m_string;
};

6
src/actions/no_audit_log.cc
View File

@@ -27,10 +27,8 @@ namespace actions {
bool NoAuditLog::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) {
rm->m_noAuditLog = true;
rm->m_saveMessage = false;
RuleMessage &rm) {
transaction->messageSetNoAuditLog(true);
return true;
}

2
src/actions/no_audit_log.h
View File

@@ -36,7 +36,7 @@ class NoAuditLog : public Action {
: Action(action, RunTimeOnlyIfMatchKind) { }
bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override;
RuleMessage &rm) override;
};
} // namespace actions

3
src/actions/no_log.cc
View File

@@ -30,8 +30,7 @@ namespace actions {
bool NoLog::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) {
rm->m_saveMessage = false;
RuleMessage &rm) {
return true;
}

2
src/actions/no_log.h
View File

@@ -34,7 +34,7 @@ class NoLog : public Action {
: Action(action, RunTimeOnlyIfMatchKind) { }
bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override;
RuleMessage &rm) override;
};
} // namespace actions

1
src/actions/rev.cc
View File

@@ -34,7 +34,6 @@ bool Rev::init(std::string *error) {
bool Rev::evaluate(RuleWithActions *rule, Transaction *transaction) {
rule->m_rev = m_rev;
return true;
}

3
src/actions/rev.h
View File

@@ -33,9 +33,10 @@ class Rev : public Action {
bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
bool init(std::string *error) override;
std::string getRevision() const { return m_rev; }
private:
std::string m_rev;
std::string m_rev;
};

2
src/actions/set_env.h
View File

@@ -43,7 +43,7 @@ class SetENV : public Action {
bool init(std::string *error) override;
private:
std::unique_ptr<RunTimeString> m_string;
std::shared_ptr<RunTimeString> m_string;
};

2
src/actions/set_rsc.h
View File

@@ -43,7 +43,7 @@ class SetRSC : public Action {
bool init(std::string *error) override;
private:
std::unique_ptr<RunTimeString> m_string;
std::shared_ptr<RunTimeString> m_string;
};

2
src/actions/set_sid.h
View File

@@ -43,7 +43,7 @@ class SetSID : public Action {
bool init(std::string *error) override;
private:
std::unique_ptr<RunTimeString> m_string;
std::shared_ptr<RunTimeString> m_string;
};

2
src/actions/set_uid.h
View File

@@ -43,7 +43,7 @@ class SetUID : public Action {
bool init(std::string *error) override;
private:
std::unique_ptr<RunTimeString> m_string;
std::shared_ptr<RunTimeString> m_string;
};

4
src/actions/set_var.h
View File

@@ -63,8 +63,8 @@ class SetVar : public Action {
private:
SetVarOperation m_operation;
std::unique_ptr<modsecurity::variables::Variable> m_variable;
std::unique_ptr<RunTimeString> m_string;
std::shared_ptr<modsecurity::variables::Variable> m_variable;
std::shared_ptr<RunTimeString> m_string;
};
} // namespace actions

12
src/actions/severity.cc
View File

@@ -72,17 +72,7 @@ bool Severity::init(std::string *error) {
bool Severity::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) {
ms_dbg_a(transaction, 9, "This rule severity is: " + \
std::to_string(this->m_severity) + " current transaction is: " + \
std::to_string(transaction->m_highestSeverityAction));
rm->m_severity = m_severity;
if (transaction->m_highestSeverityAction > this->m_severity) {
transaction->m_highestSeverityAction = this->m_severity;
}
RuleMessage &rm) {
return true;
}

2
src/actions/severity.h
View File

@@ -36,7 +36,7 @@ class Severity : public Action {
m_severity(0) { }
bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override;
RuleMessage &rm) override;
bool init(std::string *error) override;
int m_severity;

4
src/actions/tag.cc
View File

@@ -57,11 +57,11 @@ std::string Tag::getName(Transaction *transaction) {
bool Tag::evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) {
RuleMessage &rm) {
std::string tag = getName(transaction);
ms_dbg_a(transaction, 9, "Rule tag: " + tag);
rm->m_tags.push_back(tag);
rm.m_tags.push_back(tag);
return true;
}

4
src/actions/tag.h
View File

@@ -39,10 +39,10 @@ class Tag : public Action {
std::string getName(Transaction *transaction);
bool evaluate(RuleWithActions *rule, Transaction *transaction,
std::shared_ptr<RuleMessage> rm) override;
RuleMessage &rm) override;
protected:
std::unique_ptr<RunTimeString> m_string;
std::shared_ptr<RunTimeString> m_string;
};

1
src/actions/ver.cc
View File

@@ -28,7 +28,6 @@ namespace actions {
bool Ver::evaluate(RuleWithActions *rule, Transaction *transaction) {
rule->m_ver = m_parser_payload;
return true;
}

7
src/audit_log/audit_log.cc
View File

@@ -295,12 +295,7 @@ bool AuditLog::saveIfRelevant(Transaction *transaction, int parts) {
return true;
}
for (RuleMessage &i : transaction->m_rulesMessages) {
if (i.m_noAuditLog == false) {
saveAnyway = true;
break;
}
}
saveAnyway = transaction->messageSaveAuditLog();
if ((m_status == RelevantOnlyAuditLogStatus
&& this->isRelevant(transaction->m_httpCodeReturned) == false)

4
src/modsecurity.cc
View File

@@ -190,7 +190,7 @@ const std::string& ModSecurity::getConnectorInformation() const {
return m_connector;
}
void ModSecurity::serverLog(void *data, std::shared_ptr<RuleMessage> rm) {
void ModSecurity::serverLog(void *data, RuleMessage *rm) {
if (m_logCb == NULL) {
std::cerr << "Server log callback is not set -- " << rm->errorLog();
std::cerr << std::endl;
@@ -209,7 +209,7 @@ void ModSecurity::serverLog(void *data, std::shared_ptr<RuleMessage> rm) {
}
if (m_logProperties & RuleMessageLogProperty) {
const void *a = static_cast<const void *>(rm.get());
const void *a = static_cast<const void *>(rm);
if (m_logProperties & IncludeFullHighlightLogProperty) {
m_logCb(data, a);
return;

2
src/operators/begins_with.cc
View File

@@ -25,7 +25,7 @@ namespace operators {
bool BeginsWith::evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
const std::string &str, RuleMessage *ruleMessage) {
std::string p(m_string->evaluate(transaction));
if (str.size() < p.size()) {

2
src/operators/begins_with.h
View File

@@ -33,7 +33,7 @@ class BeginsWith : public Operator {
: Operator("BeginsWith", std::move(param)) { }
bool evaluate(Transaction *transaction, RuleWithActions *rule, const std::string &str,
std::shared_ptr<RuleMessage> ruleMessage) override;
RuleMessage *ruleMessage) override;
};
} // namespace operators

2
src/operators/contains.cc
View File

@@ -22,7 +22,7 @@ namespace modsecurity {
namespace operators {
bool Contains::evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
const std::string &input, RuleMessage *ruleMessage) {
std::string p(m_string->evaluate(transaction));
size_t offset = input.find(p);

2
src/operators/contains.h
View File

@@ -36,7 +36,7 @@ class Contains : public Operator {
: Operator("Contains", std::move(param)) { }
bool evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string &str,
std::shared_ptr<RuleMessage> ruleMessage) override;
RuleMessage *ruleMessage) override;
};
} // namespace operators

2
src/operators/contains_word.cc
View File

@@ -37,7 +37,7 @@ bool ContainsWord::acceptableChar(const std::string& a, size_t pos) {
}
bool ContainsWord::evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
const std::string &str, RuleMessage *ruleMessage) {
std::string paramTarget(m_string->evaluate(transaction));
if (paramTarget.empty()) {

2
src/operators/contains_word.h
View File

@@ -34,7 +34,7 @@ class ContainsWord : public Operator {
bool evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string &str,
std::shared_ptr<RuleMessage> ruleMessage) override;
RuleMessage *ruleMessage) override;
private:
static bool acceptableChar(const std::string& a, size_t pos);

2
src/operators/detect_sqli.cc
View File

@@ -26,7 +26,7 @@ namespace operators {
bool DetectSQLi::evaluate(Transaction *t, RuleWithActions *rule,
const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
const std::string& input, RuleMessage *ruleMessage) {
char fingerprint[8];
int issqli;

2
src/operators/detect_sqli.h
View File

@@ -34,7 +34,7 @@ class DetectSQLi : public Operator {
bool evaluate(Transaction *t, RuleWithActions *rule,
const std::string& input,
std::shared_ptr<RuleMessage> ruleMessage) override;
RuleMessage *ruleMessage) override;
};
} // namespace operators

2
src/operators/detect_xss.cc
View File

@@ -26,7 +26,7 @@ namespace operators {
bool DetectXSS::evaluate(Transaction *t, RuleWithActions *rule,
const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
const std::string& input, RuleMessage *ruleMessage) {
int is_xss;
is_xss = libinjection_xss(input.c_str(), input.length());

2
src/operators/detect_xss.h
View File

@@ -33,7 +33,7 @@ class DetectXSS : public Operator {
bool evaluate(Transaction *t, RuleWithActions *rule,
const std::string& input,
std::shared_ptr<RuleMessage> ruleMessage) override;
RuleMessage *ruleMessage) override;
};
} // namespace operators

2
src/operators/ends_with.cc
View File

@@ -24,7 +24,7 @@ namespace operators {
bool EndsWith::evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
const std::string &str, RuleMessage *ruleMessage) {
bool ret = false;
std::string p(m_string->evaluate(transaction));

2
src/operators/ends_with.h
View File

@@ -35,7 +35,7 @@ class EndsWith : public Operator {
}
bool evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string &str,
std::shared_ptr<RuleMessage> ruleMessage) override;
RuleMessage *ruleMessage) override;
};

2
src/operators/operator.cc
View File

@@ -71,7 +71,7 @@ namespace operators {
bool Operator::evaluateInternal(Transaction *transaction,
RuleWithActions *rule, const std::string& a, std::shared_ptr<RuleMessage> rm) {
RuleWithActions *rule, const std::string& a, RuleMessage *rm) {
bool res = evaluate(transaction, rule, a, rm);
if (m_negation) {

6
src/operators/operator.h
View File

@@ -114,7 +114,7 @@ class Operator {
bool evaluateInternal(Transaction *t, RuleWithActions *rule,
const std::string& a);
bool evaluateInternal(Transaction *t, RuleWithActions *rule,
const std::string& a, std::shared_ptr<RuleMessage> ruleMessage);
const std::string& a, RuleMessage *ruleMessage);
virtual bool evaluate(Transaction *transaction, const std::string &str);
@@ -123,11 +123,11 @@ class Operator {
return evaluate(transaction, str);
}
virtual bool evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
const std::string &str, RuleMessage *ruleMessage) {
return evaluate(transaction, str);
}
static void logOffset(std::shared_ptr<RuleMessage> ruleMessage, int offset, int len) {
static void logOffset(RuleMessage *ruleMessage, int offset, int len) {
if (ruleMessage) {
ruleMessage->m_reference.append("o"
+ std::to_string(offset) + ","

4
src/operators/pm.cc
View File

@@ -82,8 +82,8 @@ void Pm::postOrderTraversal(acmp_btree_node_t *node) {
bool Pm::evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
int rc;
const std::string &input, RuleMessage *ruleMessage) {
int rc = -1;
ACMPT pt;
pt.parser = m_p;
pt.ptr = NULL;

2
src/operators/pm.h
View File

@@ -43,7 +43,7 @@ class Pm : public Operator {
~Pm();
bool evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string &str,
std::shared_ptr<RuleMessage> ruleMessage) override;
RuleMessage *ruleMessage) override;
bool init(const std::string &file, std::string *error) override;

2
src/operators/rbl.cc
View File

@@ -202,7 +202,7 @@ void Rbl::furtherInfo(struct sockaddr_in *sin, const std::string &ipStr,
bool Rbl::evaluate(Transaction *t, RuleWithActions *rule,
const std::string& ipStr,
std::shared_ptr<RuleMessage> ruleMessage) {
RuleMessage *ruleMessage) {
struct addrinfo *info = NULL;
std::string host = Rbl::mapIpToAddress(ipStr, t);
int rc = 0;

2
src/operators/rbl.h
View File

@@ -78,7 +78,7 @@ class Rbl : public Operator {
}
bool evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string& input,
std::shared_ptr<RuleMessage> ruleMessage) override;
RuleMessage *ruleMessage) override;
std::string mapIpToAddress(const std::string &ipStr, Transaction *trans) const;

2
src/operators/rx.cc
View File

@@ -37,7 +37,7 @@ bool Rx::init(const std::string &arg, std::string *error) {
bool Rx::evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
const std::string& input, RuleMessage *ruleMessage) {
Regex *re;
if (m_param.empty() && !m_string->m_containsMacro) {

2
src/operators/rx.h
View File

@@ -51,7 +51,7 @@ class Rx : public Operator {
bool evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string& input,
std::shared_ptr<RuleMessage> ruleMessage) override;
RuleMessage *ruleMessage) override;
bool init(const std::string &arg, std::string *error) override;

2
src/operators/rx_global.cc
View File

@@ -37,7 +37,7 @@ bool RxGlobal::init(const std::string &arg, std::string *error) {
bool RxGlobal::evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
const std::string& input, RuleMessage *ruleMessage) {
Regex *re;
if (m_param.empty() && !m_string->m_containsMacro) {

2
src/operators/rx_global.h
View File

@@ -51,7 +51,7 @@ class RxGlobal : public Operator {
bool evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string& input,
std::shared_ptr<RuleMessage> ruleMessage) override;
RuleMessage *ruleMessage) override;
bool init(const std::string &arg, std::string *error) override;

2
src/operators/validate_byte_range.cc
View File

@@ -111,7 +111,7 @@ bool ValidateByteRange::init(const std::string &file,
bool ValidateByteRange::evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
const std::string &input, RuleMessage *ruleMessage) {
bool ret = true;
size_t count = 0;

2
src/operators/validate_byte_range.h
View File

@@ -39,7 +39,7 @@ class ValidateByteRange : public Operator {
bool evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string &input,
std::shared_ptr<RuleMessage> ruleMessage) override;
RuleMessage *ruleMessage) override;
bool getRange(const std::string &rangeRepresentation, std::string *error);
bool init(const std::string& file, std::string *error) override;
private:

2
src/operators/validate_url_encoding.cc
View File

@@ -69,7 +69,7 @@ int ValidateUrlEncoding::validate_url_encoding(const char *input,
bool ValidateUrlEncoding::evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
const std::string &input, RuleMessage *ruleMessage) {
size_t offset = 0;
bool res = false;

2
src/operators/validate_url_encoding.h
View File

@@ -33,7 +33,7 @@ class ValidateUrlEncoding : public Operator {
bool evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string &input,
std::shared_ptr<RuleMessage> ruleMessage) override;
RuleMessage *ruleMessage) override;
static int validate_url_encoding(const char *input, uint64_t input_length,
size_t *offset);

2
src/operators/validate_utf8_encoding.cc
View File

@@ -114,7 +114,7 @@ int ValidateUtf8Encoding::detect_utf8_character(
}
bool ValidateUtf8Encoding::evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
const std::string &str, RuleMessage *ruleMessage) {
unsigned int i, bytes_left;
const char *str_c = str.c_str();

2
src/operators/validate_utf8_encoding.h
View File

@@ -40,7 +40,7 @@ class ValidateUtf8Encoding : public Operator {
bool evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string &str,
std::shared_ptr<RuleMessage> ruleMessage) override;
RuleMessage *ruleMessage) override;
static int detect_utf8_character(const unsigned char *p_read,
unsigned int length);

2
src/operators/verify_cc.cc
View File

@@ -118,7 +118,7 @@ bool VerifyCC::init(const std::string &param2, std::string *error) {
bool VerifyCC::evaluate(Transaction *t, RuleWithActions *rule,
const std::string& i, std::shared_ptr<RuleMessage> ruleMessage) {
const std::string& i, RuleMessage *ruleMessage) {
int offset = 0;
int target_length = i.length();

2
src/operators/verify_cc.h
View File

@@ -37,7 +37,7 @@ class VerifyCC : public Operator {
bool evaluate(Transaction *t, RuleWithActions *rule,
const std::string& input,
std::shared_ptr<RuleMessage> ruleMessage) override;
RuleMessage *ruleMessage) override;
bool init(const std::string &param, std::string *error) override;
private:
pcre *m_pc;

2
src/operators/verify_cpf.cc
View File

@@ -109,7 +109,7 @@ bool VerifyCPF::verify(const char *cpfnumber, int len) {
bool VerifyCPF::evaluate(Transaction *t, RuleWithActions *rule,
const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
const std::string& input, RuleMessage *ruleMessage) {
std::list<SMatch> matches;
bool is_cpf = false;
int i;

2
src/operators/verify_cpf.h
View File

@@ -48,7 +48,7 @@ class VerifyCPF : public Operator {
bool evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string& input,
std::shared_ptr<RuleMessage> ruleMessage) override;
RuleMessage *ruleMessage) override;
bool verify(const char *ssnumber, int len);

2
src/operators/verify_ssn.cc
View File

@@ -111,7 +111,7 @@ invalid:
bool VerifySSN::evaluate(Transaction *t, RuleWithActions *rule,
const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
const std::string& input, RuleMessage *ruleMessage) {
std::list<SMatch> matches;
bool is_ssn = false;
int i;

2
src/operators/verify_ssn.h
View File

@@ -48,7 +48,7 @@ class VerifySSN : public Operator {
bool evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string& input,
std::shared_ptr<RuleMessage> ruleMessage) override;
RuleMessage *ruleMessage) override;

2
src/operators/verify_svnr.cc
View File

@@ -78,7 +78,7 @@ bool VerifySVNR::verify(const char *svnrnumber, int len) {
bool VerifySVNR::evaluate(Transaction *t, RuleWithActions *rule,
const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
const std::string& input, RuleMessage* ruleMessage) {
std::list<SMatch> matches;
bool is_svnr = false;
int i;

2
src/operators/verify_svnr.h
View File

@@ -34,7 +34,7 @@ class VerifySVNR : public Operator {
bool evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string& input,
std::shared_ptr<RuleMessage> ruleMessage) override;
RuleMessage *ruleMessage) override;
bool verify(const char *ssnumber, int len);

2
src/operators/within.cc
View File

@@ -25,7 +25,7 @@ namespace operators {
bool Within::evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
const std::string &str, RuleMessage *ruleMessage) {
bool res = false;
size_t pos = 0;
std::string paramTarget(m_string->evaluate(transaction));

2
src/operators/within.h
View File

@@ -34,7 +34,7 @@ class Within : public Operator {
m_couldContainsMacro = true;
}
bool evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) override;
const std::string &str, RuleMessage *ruleMessage) override;
};
} // namespace operators

71
src/parser/driver.cc
View File

@@ -81,7 +81,7 @@ int Driver::addSecRule(std::unique_ptr<RuleWithActions> r) {
}
/* is it a chained rule? */
if (m_lastRule != nullptr && m_lastRule->isChained()) {
if (m_lastRule != nullptr && m_lastRule->hasChainAction()) {
r->setPhase(m_lastRule->getPhase());
if (r->hasDisruptiveAction()) {
m_parserError << "Disruptive actions can only be specified by";
@@ -91,6 +91,74 @@ int Driver::addSecRule(std::unique_ptr<RuleWithActions> r) {
m_lastRule->m_chainedRuleChild = std::move(r);
m_lastRule->m_chainedRuleChild->m_chainedRuleParent = m_lastRule;
m_lastRule = m_lastRule->m_chainedRuleChild.get();
/* Lets set all meta-data to the first rule */
RuleWithActions *firstRule = m_lastRule;
if (!firstRule->hasChainAction()) {
while (firstRule->m_chainedRuleParent != nullptr) {
if (firstRule->hasMessageAction()) {
firstRule->m_chainedRuleParent->setMessageAction(
firstRule->getMessageAction()
);
firstRule->setMessageAction(nullptr);
}
if (firstRule->hasLogDataAction()) {
firstRule->m_chainedRuleParent->setLogDataAction(
firstRule->getLogDataAction()
);
firstRule->setLogDataAction(nullptr);
}
if (firstRule->hasSeverityAction()) {
firstRule->m_chainedRuleParent->setSeverity(
firstRule->getSeverity()
);
}
if (firstRule->hasRevisionAction()) {
firstRule->m_chainedRuleParent->setRevision(
firstRule->getRevision()
);
}
if (firstRule->hasVersionAction()) {
firstRule->m_chainedRuleParent->setVersion(
firstRule->getVersion()
);
}
if (firstRule->hasAccuracyAction()) {
firstRule->m_chainedRuleParent->setAccuracy(
firstRule->getAccuracy()
);
}
if (firstRule->hasMaturityAction()) {
firstRule->m_chainedRuleParent->setMaturity(
firstRule->getMaturity()
);
}
if (firstRule->hasTagAction()) {
firstRule->m_chainedRuleParent->setTags(
firstRule->getTagsAction()
);
firstRule->cleanTags();
}
if (firstRule->hasDisruptiveAction()) {
firstRule->m_chainedRuleParent->setDisruptiveAction(
firstRule->getDisruptiveAction()
);
firstRule->setDisruptiveAction(nullptr);
}
firstRule->m_chainedRuleParent->setHasBlockAction(
firstRule->hasBlockAction()
);
firstRule->m_chainedRuleParent->setHasLogAction(
firstRule->hasLogAction()
);
firstRule->m_chainedRuleParent->setHasLogAction(
firstRule->hasNoLogAction()
);
firstRule = firstRule->m_chainedRuleParent;
}
}
return true;
}
@@ -119,6 +187,7 @@ int Driver::addSecRule(std::unique_ptr<RuleWithActions> r) {
}
m_lastRule = rule.get();
m_rulesSetPhases.insert(rule);
return true;

1573
src/parser/seclang-parser.cc
View File

File diff suppressed because it is too large Load Diff

27
src/parser/seclang-parser.yy
View File

@@ -1075,10 +1075,12 @@ expression:
| DIRECTIVE variables op actions
{
std::vector<actions::Action *> *a = new std::vector<actions::Action *>();
std::vector<actions::transformations::Transformation *> *t = new std::vector<actions::transformations::Transformation *>();
std::vector<std::shared_ptr<actions::transformations::Transformation> > *t = new std::vector<std::shared_ptr<actions::transformations::Transformation> >();
for (auto &i : *$4.get()) {
if (dynamic_cast<actions::transformations::Transformation *>(i.get())) {
t->push_back(dynamic_cast<actions::transformations::Transformation *>(i.release()));
std::shared_ptr<actions::Action> at = std::move(i);
std::shared_ptr<actions::transformations::Transformation> t2 = std::static_pointer_cast<actions::transformations::Transformation>(std::move(at));
t->push_back(std::move(t2));
} else {
a->push_back(i.release());
}
@@ -1124,10 +1126,12 @@ expression:
| CONFIG_DIR_SEC_ACTION actions
{
std::vector<actions::Action *> *a = new std::vector<actions::Action *>();
std::vector<actions::transformations::Transformation *> *t = new std::vector<actions::transformations::Transformation *>();
std::vector<std::shared_ptr<actions::transformations::Transformation> > *t = new std::vector<std::shared_ptr<actions::transformations::Transformation> >();
for (auto &i : *$2.get()) {
if (dynamic_cast<actions::transformations::Transformation *>(i.get())) {
t->push_back(dynamic_cast<actions::transformations::Transformation *>(i.release()));
std::shared_ptr<actions::Action> at = std::move(i);
std::shared_ptr<actions::transformations::Transformation> t2 = std::static_pointer_cast<actions::transformations::Transformation>(std::move(at));
t->push_back(std::move(t2));
} else {
a->push_back(i.release());
}
@@ -1144,10 +1148,12 @@ expression:
{
std::string err;
std::vector<actions::Action *> *a = new std::vector<actions::Action *>();
std::vector<actions::transformations::Transformation *> *t = new std::vector<actions::transformations::Transformation *>();
std::vector<std::shared_ptr<actions::transformations::Transformation> > *t = new std::vector<std::shared_ptr<actions::transformations::Transformation> >();
for (auto &i : *$2.get()) {
if (dynamic_cast<actions::transformations::Transformation *>(i.get())) {
t->push_back(dynamic_cast<actions::transformations::Transformation *>(i.release()));
std::shared_ptr<actions::Action> at = std::move(i);
std::shared_ptr<actions::transformations::Transformation> t2 = std::static_pointer_cast<actions::transformations::Transformation>(std::move(at));
t->push_back(std::move(t2));
} else {
a->push_back(i.release());
}
@@ -1219,8 +1225,13 @@ expression:
}
for (actions::Action *a : checkedActions) {
driver.m_rulesSetPhases[definedPhase]->m_defaultActions.push_back(
std::unique_ptr<actions::Action>(a));
if (dynamic_cast<actions::transformations::Transformation *>(a)) {
driver.m_rulesSetPhases[definedPhase]->m_defaultTransformations.push_back(
std::shared_ptr<actions::transformations::Transformation>(
dynamic_cast<actions::transformations::Transformation *>(a)));
} else {
driver.m_rulesSetPhases[definedPhase]->m_defaultActions.push_back(std::unique_ptr<Action>(a));
}
}
delete actions;

37
src/rule_message.cc
View File

@@ -26,27 +26,25 @@ namespace modsecurity {
std::string RuleMessage::_details(const RuleMessage *rm) {
std::string msg;
msg.append(" [file \"" + std::string(*rm->m_ruleFile.get()) + "\"]");
msg.append(" [line \"" + std::to_string(rm->m_ruleLine) + "\"]");
msg.append(" [id \"" + std::to_string(rm->m_ruleId) + "\"]");
msg.append(" [rev \"" + rm->m_rev + "\"]");
msg.append(" [file \"" + rm->getFileName() + "\"]");
msg.append(" [line \"" + std::to_string(rm->getLineNumber()) + "\"]");
msg.append(" [id \"" + std::to_string(rm->getRuleId()) + "\"]");
msg.append(" [rev \"" + rm->getRev() + "\"]");
msg.append(" [msg \"" + rm->m_message + "\"]");
msg.append(" [data \"" + utils::string::limitTo(200, rm->m_data) + "\"]");
msg.append(" [severity \"" +
std::to_string(rm->m_severity) + "\"]");
msg.append(" [ver \"" + rm->m_ver + "\"]");
msg.append(" [maturity \"" + std::to_string(rm->m_maturity) + "\"]");
msg.append(" [accuracy \"" + std::to_string(rm->m_accuracy) + "\"]");
msg.append(" [ver \"" + rm->getVer() + "\"]");
msg.append(" [maturity \"" + std::to_string(rm->getMaturity()) + "\"]");
msg.append(" [accuracy \"" + std::to_string(rm->getAccuracy()) + "\"]");
for (auto &a : rm->m_tags) {
msg.append(" [tag \"" + a + "\"]");
}
msg.append(" [hostname \"" + *rm->m_serverIpAddress.get() \
+ "\"]");
msg.append(" [uri \"" + utils::string::limitTo(200, *rm->m_uriNoQueryStringDecoded.get()) + "\"]");
msg.append(" [unique_id \"" + *rm->m_id + "\"]");
msg.append(" [ref \"" + utils::string::limitTo(200, rm->m_reference) + "\"]");
msg.append(" [hostname \"" + rm->getServerIpAddress() + "\"]");
msg.append(" [uri \"" + utils::string::limitTo(200, rm->getUri()) + "\"]");
msg.append(" [unique_id \"" + rm->getRequestId() + "\"]");
msg.append(" [ref \"" + rm->m_reference + "\"]");
return msg;
}
@@ -55,9 +53,9 @@ std::string RuleMessage::_details(const RuleMessage *rm) {
std::string RuleMessage::_errorLogTail(const RuleMessage *rm) {
std::string msg;
msg.append("[hostname \"" + *rm->m_serverIpAddress.get() + "\"]");
msg.append(" [uri \"" + utils::string::limitTo(200, *rm->m_uriNoQueryStringDecoded.get()) + "\"]");
msg.append(" [unique_id \"" + *rm->m_id + "\"]");
msg.append("[hostname \"" + rm->getServerIpAddress() + "\"]");
msg.append(" [uri \"" + rm->getUri() + "\"]");
msg.append(" [unique_id \"" + rm->getRequestId() + "\"]");
return msg;
}
@@ -68,10 +66,11 @@ std::string RuleMessage::log(const RuleMessage *rm, int props, int code) {
msg.reserve(2048);
if (props & ClientLogMessageInfo) {
msg.append("[client " + std::string(*rm->m_clientIpAddress.get()) + "] ");
msg.append("[client " + rm->getClientIpAddress() + "] ");
}
if (rm->m_isDisruptive) {
if (rm->isDisruptive()
&& (rm->m_transaction->getRuleEngineState() == RulesSet::EnabledRuleEngine)) {
msg.append("ModSecurity: Access denied with code ");
if (code == -1) {
msg.append("%d");
@@ -79,7 +78,7 @@ std::string RuleMessage::log(const RuleMessage *rm, int props, int code) {
msg.append(std::to_string(code));
}
msg.append(" (phase ");
msg.append(std::to_string(rm->m_rule->getPhase() - 1) + "). ");
msg.append(std::to_string(rm->getPhase() - 1) + "). ");
} else {
msg.append("ModSecurity: Warning. ");
}

11
src/rule_script.cc
View File

@@ -19,23 +19,22 @@
namespace modsecurity {
bool RuleScript::init(std::string *err) {
return m_lua.load(m_name, err);
return m_lua->load(m_name, err);
}
bool RuleScript::evaluate(Transaction *trans,
std::shared_ptr<RuleMessage> ruleMessage) {
bool RuleScript::evaluate(Transaction *trans) {
ms_dbg_a(trans, 4, " Executing script: " + m_name + ".");
bool containsDisruptive = false;
executeActionsIndependentOfChainedRuleResult(trans,
&containsDisruptive, ruleMessage);
&containsDisruptive);
bool ret = m_lua.run(trans);
bool ret = m_lua->run(trans);
if (ret) {
executeActionsAfterFullMatch(trans, containsDisruptive, ruleMessage);
executeActionsAfterFullMatch(trans, containsDisruptive);
}
return ret;

15
src/rule_script.h
View File

@@ -50,15 +50,20 @@ class RuleScript : public RuleWithActions {
std::unique_ptr<std::string> fileName,
int lineNumber)
: RuleWithActions(actions, t, std::move(fileName), lineNumber),
m_name(name) { }
m_name(name),
m_lua(std::unique_ptr<engine::Lua>(new engine::Lua())) { }
RuleScript(const RuleScript &rs)
: RuleWithActions(rs),
m_name(rs.m_name),
m_lua(rs.m_lua) { }
bool init(std::string *err);
bool evaluate(Transaction *trans,
std::shared_ptr<RuleMessage> ruleMessage) override;
bool evaluate(Transaction *trans) override;
std::string m_name;
engine::Lua m_lua;
std::shared_ptr<engine::Lua> m_lua;
};
} // namespace modsecurity

11
src/rule_unconditional.cc
View File

@@ -19,9 +19,8 @@
namespace modsecurity {
bool RuleUnconditional::evaluate(Transaction *trans,
std::shared_ptr<RuleMessage> ruleMessage) {
RuleWithActions::evaluate(trans, ruleMessage);
bool RuleUnconditional::evaluate(Transaction *trans) {
RuleWithActions::evaluate(trans);
// FIXME: This needs to be romeved on the runtime exeption review.
bool containsBlock = false;
@@ -30,11 +29,11 @@ bool RuleUnconditional::evaluate(Transaction *trans,
+ ") Executing unconditional rule...");
executeActionsIndependentOfChainedRuleResult(trans,
&containsBlock, ruleMessage);
&containsBlock);
executeActionsAfterFullMatch(trans, containsBlock, ruleMessage);
executeActionsAfterFullMatch(trans, containsBlock);
performLogging(trans, ruleMessage);
trans->logMatchLastRuleOnTheChain(this);
return true;
}

396
src/rule_with_actions.cc
View File

@@ -34,8 +34,13 @@
#include "src/utils/string.h"
#include "modsecurity/rule_message.h"
#include "modsecurity/rule_with_actions.h"
#include "src/actions/accuracy.h"
#include "src/actions/maturity.h"
#include "src/actions/msg.h"
#include "src/actions/log.h"
#include "src/actions/no_log.h"
#include "src/actions/log_data.h"
#include "src/actions/rev.h"
#include "src/actions/severity.h"
#include "src/actions/capture.h"
#include "src/actions/multi_match.h"
@@ -60,126 +65,182 @@ RuleWithActions::RuleWithActions(
std::unique_ptr<std::string> fileName,
int lineNumber)
: Rule(std::move(fileName), lineNumber),
m_rev(""),
m_ver(""),
m_accuracy(0),
m_maturity(0),
m_ruleId(0),
m_chainedRuleChild(nullptr),
m_chainedRuleParent(nullptr),
m_disruptiveAction(nullptr),
m_logData(nullptr),
m_msg(nullptr),
m_severity(nullptr),
m_actionsRuntimePos(),
m_actionsSetVar(),
m_actionsTag(),
m_transformations(transformations != NULL ? *transformations : Transformations()),
m_defaultActionDisruptiveAction(nullptr),
m_defaultActionLogData(nullptr),
m_defaultActionMsg(nullptr),
m_defaultActionActionsRuntimePos(),
m_defaultActionActionsSetVar(),
m_defaultActionActionsTag(),
m_transformations(transformations != nullptr ? *transformations : Transformations()),
m_defaultTransformations(),
m_severity(SEVERITY_NOT_SET),
m_revision(""),
m_version(""),
m_accuracy(ACCURACY_NOT_SET),
m_maturity(MATURITY_NOT_SET),
m_containsCaptureAction(false),
m_containsLogAction(false),
m_containsNoLogAction(false),
m_containsMultiMatchAction(false),
m_containsStaticBlockAction(false),
m_defaultSeverity(SEVERITY_NOT_SET),
m_defaultRevision(""),
m_defaultVersion(""),
m_defaultAccuracy(ACCURACY_NOT_SET),
m_defaultMaturity(MATURITY_NOT_SET),
m_defaultContainsCaptureAction(false),
m_defaultContainsLogAction(false),
m_defaultContainsNoLogAction(false),
m_defaultContainsMultiMatchAction(false),
m_defaultContainsStaticBlockAction(false),
m_isChained(false) {
if (actions) {
for (Action *a : *actions) {
if (a->action_kind == Action::ConfigurationKind) {
a->evaluate(this, NULL);
delete a;
} else if (a->action_kind == Action::RunTimeOnlyIfMatchKind) {
if (dynamic_cast<actions::Capture *>(a)) {
m_containsCaptureAction = true;
delete a;
} else if (dynamic_cast<actions::MultiMatch *>(a)) {
m_containsMultiMatchAction = true;
delete a;
} else if (dynamic_cast<actions::Severity *>(a)) {
m_severity = dynamic_cast<actions::Severity *>(a);
} else if (dynamic_cast<actions::LogData *>(a)) {
m_logData = dynamic_cast<actions::LogData*>(a);
} else if (dynamic_cast<actions::Msg *>(a)) {
m_msg = dynamic_cast<actions::Msg*>(a);
} else if (dynamic_cast<actions::SetVar *>(a)) {
m_actionsSetVar.push_back(
dynamic_cast<actions::SetVar *>(a));
} else if (dynamic_cast<actions::Tag *>(a)) {
m_actionsTag.push_back(dynamic_cast<actions::Tag *>(a));
} else if (dynamic_cast<actions::Block *>(a)) {
m_actionsRuntimePos.push_back(a);
m_containsStaticBlockAction = true;
} else if (a->isDisruptive() == true) {
if (m_disruptiveAction != nullptr) {
delete m_disruptiveAction;
m_disruptiveAction = nullptr;
}
m_disruptiveAction = a;
} else {
m_actionsRuntimePos.push_back(a);
}
} else {
delete a;
std::cout << "General failure, action: " << a->m_name;
std::cout << " has an unknown type." << std::endl;
throw;
}
for (actions::Action *a : *actions) {
addAction(a);
}
delete actions;
}
}
RuleWithActions::~RuleWithActions() {
if (m_severity) {
delete m_severity;
m_severity = nullptr;
void RuleWithActions::addDefaultAction(std::shared_ptr<actions::Action> a) {
if (a->action_kind == Action::ConfigurationKind) {
a->evaluate(this, NULL);
return;
}
if (m_logData) {
delete m_logData;
m_logData = nullptr;
if (a->action_kind == Action::ConfigurationKind) {
if (dynamic_cast<actions::Accuracy *>(a.get())) {
actions::Accuracy *accuracy = dynamic_cast<actions::Accuracy *>(a.get());
m_defaultAccuracy = accuracy->getAccuracy();
} else if (dynamic_cast<actions::Rev *>(a.get())) {
actions::Rev *rev = dynamic_cast<actions::Rev *>(a.get());
m_defaultRevision = rev->getRevision();
} else {
a->evaluate(this, NULL);
}
return;
}
if (m_msg) {
delete m_msg;
m_msg = nullptr;
}
while (m_transformations.empty() == false) {
auto *a = m_transformations.back();
m_transformations.pop_back();
delete a;
}
while (m_actionsRuntimePos.empty() == false) {
auto *a = m_actionsRuntimePos.back();
m_actionsRuntimePos.pop_back();
delete a;
}
while (m_actionsSetVar.empty() == false) {
auto *a = m_actionsSetVar.back();
m_actionsSetVar.pop_back();
delete a;
}
while (m_actionsTag.empty() == false) {
auto *a = m_actionsTag.back();
m_actionsTag.pop_back();
delete a;
}
if (m_disruptiveAction != nullptr) {
delete m_disruptiveAction;
m_disruptiveAction = nullptr;
if (a->action_kind == Action::RunTimeOnlyIfMatchKind) {
if (dynamic_cast<actions::Capture *>(a.get())) {
m_defaultContainsCaptureAction = true;
} else if (dynamic_cast<actions::MultiMatch *>(a.get())) {
m_defaultContainsMultiMatchAction = true;
} else if (dynamic_cast<actions::Severity *>(a.get())) {
actions::Severity *severity = dynamic_cast<actions::Severity *>(a.get());
setDefaultActionSeverity(severity->m_severity);
} else if (dynamic_cast<actions::Maturity *>(a.get())) {
actions::Maturity *maturity = dynamic_cast<actions::Maturity *>(a.get());
setDefaultActionMaturity(maturity->getMaturity());
} else if (dynamic_cast<actions::LogData *>(a.get())) {
m_defaultActionLogData = std::static_pointer_cast<actions::LogData>(a);
} else if (dynamic_cast<actions::Msg *>(a.get())) {
m_defaultActionMsg = std::static_pointer_cast<actions::Msg>(a);
} else if (dynamic_cast<actions::SetVar *>(a.get())) {
m_defaultActionActionsSetVar.push_back(std::static_pointer_cast<actions::SetVar>(a));
} else if (dynamic_cast<actions::Tag *>(a.get())) {
m_defaultActionActionsTag.push_back(std::static_pointer_cast<actions::Tag>(a));
} else if (dynamic_cast<actions::Log *>(a.get())) {
m_defaultContainsLogAction = true;
} else if (dynamic_cast<actions::NoLog *>(a.get())) {
m_defaultContainsNoLogAction = true;
} else if (dynamic_cast<actions::Block *>(a.get())) {
m_defaultActionActionsRuntimePos.push_back(a);
m_defaultContainsStaticBlockAction = true;
} else if (a->isDisruptive() == true) {
m_defaultActionDisruptiveAction = a;
} else {
m_defaultActionActionsRuntimePos.push_back(a);
}
return;
}
std::cout << "General failure, action: " << *a->m_name;
std::cout << " has an unknown type." << std::endl;
throw;
}
void RuleWithActions::addAction(actions::Action *a) {
if (a->action_kind == Action::ConfigurationKind) {
if (dynamic_cast<actions::Accuracy *>(a)) {
actions::Accuracy *accuracy = dynamic_cast<actions::Accuracy *>(a);
m_accuracy = accuracy->getAccuracy();
} else if (dynamic_cast<actions::Rev *>(a)) {
actions::Rev *rev = dynamic_cast<actions::Rev *>(a);
m_revision = rev->getRevision();
} else {
a->evaluate(this, NULL);
}
delete a;
return;
}
if (a->action_kind == Action::RunTimeOnlyIfMatchKind) {
if (dynamic_cast<actions::Capture *>(a)) {
m_containsCaptureAction = true;
delete a;
} else if (dynamic_cast<actions::MultiMatch *>(a)) {
m_containsMultiMatchAction = true;
delete a;
} else if (dynamic_cast<actions::Severity *>(a)) {
actions::Severity *severity = dynamic_cast<actions::Severity *>(a);
setSeverity(severity->m_severity);
delete a;
} else if (dynamic_cast<actions::LogData *>(a)) {
m_logData = std::unique_ptr<actions::LogData>(dynamic_cast<actions::LogData*>(a));
} else if (dynamic_cast<actions::Msg *>(a)) {
m_msg = std::unique_ptr<actions::Msg>(dynamic_cast<actions::Msg*>(a));
} else if (dynamic_cast<actions::SetVar *>(a)) {
m_actionsSetVar.push_back(std::unique_ptr<actions::SetVar>(dynamic_cast<actions::SetVar *>(a)));
} else if (dynamic_cast<actions::Maturity *>(a)) {
actions::Maturity *maturity = dynamic_cast<actions::Maturity *>(a);
m_maturity = maturity->getMaturity();
delete a;
} else if (dynamic_cast<actions::Log *>(a)) {
m_containsLogAction = true;
delete a;
} else if (dynamic_cast<actions::NoLog *>(a)) {
m_containsNoLogAction = true;
delete a;
} else if (dynamic_cast<actions::Tag *>(a)) {
m_actionsTag.push_back(std::unique_ptr<actions::Tag>(dynamic_cast<actions::Tag *>(a)));
} else if (dynamic_cast<actions::Block *>(a)) {
m_actionsRuntimePos.push_back(std::unique_ptr<actions::Block>(dynamic_cast<actions::Block*>(a)));
m_containsStaticBlockAction = true;
} else if (a->isDisruptive() == true) {
m_disruptiveAction = std::unique_ptr<Action>(a);
} else {
m_actionsRuntimePos.push_back(std::unique_ptr<Action>(a));
}
return;
}
std::cout << "General failure, action: " << *a->m_name;
std::cout << " has an unknown type." << std::endl;
delete a;
throw;
}
RuleWithActions::~RuleWithActions() { }
bool RuleWithActions::evaluate(Transaction *transaction) {
RuleMessage rm(this, transaction);
std::shared_ptr<RuleMessage> rm2 = std::make_shared<RuleMessage>(&rm);
return evaluate(transaction, rm2);
}
bool RuleWithActions::evaluate(Transaction *transaction,
std::shared_ptr<RuleMessage> ruleMessage) {
/* Rule evaluate is pure virtual.
*
* Rule::evaluate(transaction, ruleMessage);
* Rule::evaluate(transaction);
*/
/* Matched vars needs to be clear at every new rule execution */
@@ -190,9 +251,9 @@ bool RuleWithActions::evaluate(Transaction *transaction,
void RuleWithActions::executeActionsIndependentOfChainedRuleResult(Transaction *trans,
bool *containsBlock, std::shared_ptr<RuleMessage> ruleMessage) {
bool *containsBlock) {
for (actions::SetVar *a : m_actionsSetVar) {
for (actions::SetVar *a : getSetVarsActionsPtr()) {
ms_dbg_a(trans, 4, "Running [independent] (non-disruptive) " \
"action: " + *a->m_name.get());
@@ -211,30 +272,31 @@ void RuleWithActions::executeActionsIndependentOfChainedRuleResult(Transaction *
} else if (*a->m_name.get() == "setvar") {
ms_dbg_a(trans, 4, "Running [independent] (non-disruptive) " \
"action: " + *a->m_name.get());
a->evaluate(this, trans, ruleMessage);
a->evaluate(this, trans, *trans->messageGetLast());
}
}
}
void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans,
bool containsBlock, std::shared_ptr<RuleMessage> ruleMessage) {
bool containsBlock) {
bool disruptiveAlreadyExecuted = false;
for (auto &a : trans->m_rules->m_rulesSetPhases[getPhase()]->m_defaultActions) {
#if 0
for (auto &a : trans->m_rules->m_defaultActions[getPhase()]) {
if (a.get()->action_kind != actions::Action::RunTimeOnlyIfMatchKind) {
continue;
}
if (!a.get()->isDisruptive()) {
executeAction(trans, containsBlock, ruleMessage, a.get(), true);
executeAction(trans, containsBlock, a.get(), true);
}
}
#endif
for (actions::Tag *a : this->m_actionsTag) {
for (actions::Tag *a : getTagsActionPtr()) {
ms_dbg_a(trans, 4, "Running (non-disruptive) action: " \
+ *a->m_name.get());
a->evaluate(this, trans, ruleMessage);
a->evaluate(this, trans, *trans->messageGetLast());
}
for (auto &b :
@@ -243,41 +305,47 @@ void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans,
continue;
}
actions::Action *a = dynamic_cast<actions::Action*>(b.second.get());
executeAction(trans, containsBlock, ruleMessage, a, false);
executeAction(trans, containsBlock, a, false);
disruptiveAlreadyExecuted = true;
}
if (m_severity) {
m_severity->evaluate(this, trans, ruleMessage);
}
if (m_logData) {
m_logData->evaluate(this, trans, ruleMessage);
m_logData->evaluate(this, trans, *trans->messageGetLast());
} else if (m_defaultActionLogData) {
m_defaultActionLogData->evaluate(this, trans, *trans->messageGetLast());
}
if (m_msg) {
m_msg->evaluate(this, trans, ruleMessage);
m_msg->evaluate(this, trans, *trans->messageGetLast());
} else if (m_defaultActionMsg) {
m_defaultActionMsg->evaluate(this, trans, *trans->messageGetLast());
}
for (Action *a : this->m_actionsRuntimePos) {
for (auto &a : getMatchActionsPtr()) {
if (!a->isDisruptive()
&& !(disruptiveAlreadyExecuted
&& dynamic_cast<actions::Block *>(a))) {
executeAction(trans, containsBlock, ruleMessage, a, false);
executeAction(trans, containsBlock, a, false);
}
}
if (!disruptiveAlreadyExecuted && m_disruptiveAction != nullptr) {
executeAction(trans, containsBlock, ruleMessage,
m_disruptiveAction, false);
executeAction(trans, containsBlock,
m_disruptiveAction.get(), false);
} else if (!disruptiveAlreadyExecuted && hasBlockAction()
&& m_defaultActionDisruptiveAction != nullptr) {
executeAction(trans, containsBlock,
m_defaultActionDisruptiveAction.get(), false);
}
}
void RuleWithActions::executeAction(Transaction *trans,
bool containsBlock, std::shared_ptr<RuleMessage> ruleMessage,
bool containsBlock,
Action *a, bool defaultContext) {
if (a->isDisruptive() == false && *a->m_name.get() != "block") {
ms_dbg_a(trans, 9, "Running " \
"action: " + *a->m_name.get());
a->evaluate(this, trans, ruleMessage);
a->evaluate(this, trans, *trans->messageGetLast());
return;
}
@@ -290,7 +358,7 @@ void RuleWithActions::executeAction(Transaction *trans,
if (trans->getRuleEngineState() == RulesSet::EnabledRuleEngine) {
ms_dbg_a(trans, 4, "Running (disruptive) action: " + *a->m_name.get() + \
".");
a->evaluate(this, trans, ruleMessage);
a->evaluate(this, trans, *trans->messageGetLast());
return;
}
@@ -339,37 +407,20 @@ void RuleWithActions::executeTransformations(
std::shared_ptr<std::string> value =
std::shared_ptr<std::string>(new std::string(in));
if (m_containsMultiMatchAction == true) {
if (hasMultimatchAction()) {
/* keep the original value */
ret.push_back(std::make_pair(
std::shared_ptr<std::string>(new std::string(*value)),
std::shared_ptr<std::string>(new std::string(path))));
}
for (Action *a : m_transformations) {
for (Action *a : getTransformationPtr()) {
if (a->m_isNone) {
none++;
}
}
// Check for transformations on the SecDefaultAction
// Notice that first we make sure that won't be a t:none
// on the target rule.
if (none == 0) {
for (auto &a : trans->m_rules->m_rulesSetPhases[getPhase()]->m_defaultActions) {
if (a->action_kind \
!= actions::Action::RunTimeBeforeMatchAttemptKind) {
continue;
}
// FIXME: here the object needs to be a transformation already.
Transformation *t = dynamic_cast<Transformation *>(a.get());
executeTransformation(t, &value, trans, &ret, &path,
&transformations);
}
}
for (Transformation *a : m_transformations) {
for (Transformation *a : getTransformationPtr()) {
if (none == 0) {
Transformation *t = dynamic_cast<Transformation *>(a);
executeTransformation(t, &value, trans, &ret, &path,
@@ -423,8 +474,8 @@ void RuleWithActions::executeTransformations(
}
bool RuleWithActions::containsTag(const std::string& name, Transaction *t) {
for (auto &tag : m_actionsTag) {
bool RuleWithActions::containsTag(const std::string& name, Transaction *t) const {
for (auto &tag : getTagsAction()) {
if (tag != NULL && tag->getName(t) == name) {
return true;
}
@@ -441,12 +492,12 @@ bool RuleWithActions::containsMsg(const std::string& name, Transaction *t) {
std::vector<actions::Action *> RuleWithActions::getActionsByName(const std::string& name,
Transaction *trans) {
std::vector<actions::Action *> ret;
for (auto &z : m_actionsRuntimePos) {
for (auto &z : getMatchActionsPtr()) {
if (*z->m_name.get() == name) {
ret.push_back(z);
}
}
for (auto &z : m_transformations) {
for (auto &z : getTransformationPtr()) {
if (*z->m_name.get() == name) {
ret.push_back(z);
}
@@ -474,76 +525,9 @@ std::vector<actions::Action *> RuleWithActions::getActionsByName(const std::stri
return ret;
}
void RuleWithActions::performLogging(Transaction *trans,
std::shared_ptr<RuleMessage> ruleMessage,
bool lastLog,
bool chainedParentNull) {
std::string RuleWithActions::getLogData(Transaction *t) { return m_logData->data(t); }
std::string RuleWithActions::getMessage(Transaction *t) { return m_msg->data(t); }
/* last rule in the chain. */
bool isItToBeLogged = ruleMessage->m_saveMessage;
/**
*
* RuleMessage is stacked allocated for the rule execution,
* anything beyond this may lead to invalid pointer access.
*
* In case of a warning, o set of messages is saved to be read
* at audit log generation. Therefore demands a copy here.
*
* FIXME: Study an way to avoid the copy.
*
**/
if (lastLog) {
if (chainedParentNull) {
isItToBeLogged = (ruleMessage->m_saveMessage && (m_chainedRuleParent == nullptr));
if (isItToBeLogged && !hasMultimatch()) {
/* warn */
trans->m_rulesMessages.push_back(*ruleMessage);
/* error */
if (!ruleMessage->m_isDisruptive) {
trans->serverLog(ruleMessage);
}
}
} else if (hasBlockAction() && !hasMultimatch()) {
/* warn */
trans->m_rulesMessages.push_back(*ruleMessage);
/* error */
if (!ruleMessage->m_isDisruptive) {
trans->serverLog(ruleMessage);
}
} else {
if (isItToBeLogged && !hasMultimatch()
&& !ruleMessage->m_message.empty()) {
/* warn */
trans->m_rulesMessages.push_back(*ruleMessage);
/* error */
if (!ruleMessage->m_isDisruptive) {
trans->serverLog(ruleMessage);
}
}
}
} else {
if (hasMultimatch() && isItToBeLogged) {
/* warn */
trans->m_rulesMessages.push_back(*ruleMessage.get());
/* error */
if (!ruleMessage->m_isDisruptive) {
trans->serverLog(ruleMessage);
}
RuleMessage *rm = new RuleMessage(this, trans);
rm->m_saveMessage = ruleMessage->m_saveMessage;
ruleMessage.reset(rm);
}
}
}
std::string RuleWithActions::logData(Transaction *t) { return m_logData->data(t); }
std::string RuleWithActions::msg(Transaction *t) { return m_msg->data(t); }
int RuleWithActions::severity() const { return m_severity->m_severity; }
} // namespace modsecurity

64
src/rule_with_operator.cc
View File

@@ -58,24 +58,13 @@ RuleWithOperator::RuleWithOperator(Operator *op,
std::unique_ptr<std::string> fileName,
int lineNumber)
: RuleWithActions(actions, transformations, std::move(fileName), lineNumber),
m_variables(_variables),
m_operator(op) { /* */ }
m_variables(std::unique_ptr<variables::Variables>(_variables)),
m_operator(std::unique_ptr<Operator>(op)) { /* */ }
RuleWithOperator::~RuleWithOperator() {
if (m_operator != NULL) {
delete m_operator;
}
while (m_variables != NULL && m_variables->empty() == false) {
auto *a = m_variables->back();
m_variables->pop_back();
delete a;
}
if (m_variables != NULL) {
delete m_variables;
}
}
@@ -101,7 +90,7 @@ void RuleWithOperator::cleanMatchedVars(Transaction *trans) {
bool RuleWithOperator::executeOperatorAt(Transaction *trans, const std::string &key,
std::string value, std::shared_ptr<RuleMessage> ruleMessage) {
std::string value) {
#if MSC_EXEC_CLOCK_ENABLED
clock_t begin = clock();
clock_t end;
@@ -113,7 +102,7 @@ bool RuleWithOperator::executeOperatorAt(Transaction *trans, const std::string &
utils::string::toHexIfNeeded(value)) \
+ "\" (Variable: " + key + ")");
ret = this->m_operator->evaluateInternal(trans, this, value, ruleMessage);
ret = m_operator->evaluateInternal(trans, this, value, trans->messageGetLast());
if (ret == false) {
return false;
@@ -213,10 +202,9 @@ inline void RuleWithOperator::getFinalVars(variables::Variables *vars,
}
bool RuleWithOperator::evaluate(Transaction *trans,
std::shared_ptr<RuleMessage> ruleMessage) {
bool RuleWithOperator::evaluate(Transaction *trans) {
bool globalRet = false;
variables::Variables *variables = this->m_variables;
variables::Variables *variables = m_variables.get();
bool recursiveGlobalRet;
bool containsBlock = hasBlockAction();
std::string eparam;
@@ -224,8 +212,7 @@ bool RuleWithOperator::evaluate(Transaction *trans,
vars.reserve(4);
variables::Variables exclusion;
RuleWithActions::evaluate(trans, ruleMessage);
RuleWithActions::evaluate(trans);
// FIXME: Make a class runTimeException to handle this cases.
for (auto &i : trans->m_ruleRemoveById) {
@@ -311,21 +298,21 @@ bool RuleWithOperator::evaluate(Transaction *trans,
bool ret;
std::string valueAfterTrans = std::move(*valueTemp.first);
ret = executeOperatorAt(trans, key, valueAfterTrans, ruleMessage);
ret = executeOperatorAt(trans, key, valueAfterTrans);
if (ret == true) {
ruleMessage->m_match = m_operator->resolveMatchMessage(trans,
trans->messageGetLast()->m_match = m_operator->resolveMatchMessage(trans,
key, value);
for (auto &i : v->getOrigin()) {
ruleMessage->m_reference.append(i->toText());
trans->messageGetLast()->m_reference.append(i->toText());
}
ruleMessage->m_reference.append(*valueTemp.second);
trans->messageGetLast()->m_reference.append(*valueTemp.second);
updateMatchedVars(trans, key, valueAfterTrans);
executeActionsIndependentOfChainedRuleResult(trans,
&containsBlock, ruleMessage);
performLogging(trans, ruleMessage, false);
&containsBlock);
globalRet = true;
}
@@ -344,7 +331,7 @@ bool RuleWithOperator::evaluate(Transaction *trans,
}
ms_dbg_a(trans, 4, "Rule returned 1.");
if (this->isChained() == false) {
if (this->hasChainAction() == false) {
goto end_exec;
}
@@ -356,7 +343,7 @@ bool RuleWithOperator::evaluate(Transaction *trans,
}
ms_dbg_a(trans, 4, "Executing chained rule.");
recursiveGlobalRet = m_chainedRuleChild->evaluate(trans, ruleMessage);
recursiveGlobalRet = m_chainedRuleChild->evaluate(trans);
if (recursiveGlobalRet == true) {
goto end_exec;
@@ -366,10 +353,21 @@ end_clean:
return false;
end_exec:
executeActionsAfterFullMatch(trans, containsBlock, ruleMessage);
executeActionsAfterFullMatch(trans, containsBlock);
/* last rule in the chain. */
performLogging(trans, ruleMessage, true, true);
trans->logMatchLastRuleOnTheChain(this);
if (hasSeverityAction()) {
ms_dbg_a(trans, 9, "This rule severity is: " + \
std::to_string(getSeverity()) + " current transaction is: " + \
std::to_string(trans->m_highestSeverityAction));
if (trans->m_highestSeverityAction > getSeverity()) {
trans->m_highestSeverityAction = getSeverity();
}
}
return true;
}

40
src/rules_set.cc
View File

@@ -31,6 +31,46 @@ using modsecurity::Utils::HttpsClient;
namespace modsecurity {
void Rules::fixDefaultActions() {
for (size_t i = 0; i < m_rules.size(); i++) {
auto &rule = m_rules[i];
RuleWithActions *r = dynamic_cast<RuleWithActions *>(rule.get());
if (!r) {
continue;
}
if (dynamic_cast<RuleWithOperator *>(rule.get())) {
RuleWithOperator *op = new RuleWithOperator(*dynamic_cast<RuleWithOperator *>(rule.get()));
std::unique_ptr<RuleWithOperator> nrp(op);
m_rules[i] = std::move(nrp);
} else if (dynamic_cast<RuleUnconditional *>(rule.get())) {
RuleUnconditional *un = new RuleUnconditional(*dynamic_cast<RuleUnconditional *>(rule.get()));
std::unique_ptr<RuleUnconditional> nrp(un);
m_rules[i] = std::move(nrp);
} else if (dynamic_cast<RuleScript *>(rule.get())) {
RuleScript *rs = new RuleScript(*dynamic_cast<RuleScript *>(rule.get()));
std::unique_ptr<RuleScript> nrp(rs);
m_rules[i] = std::move(nrp);
} else {
RuleWithActions *nr = new RuleWithActions(*dynamic_cast<RuleWithActions *>(rule.get()));
std::unique_ptr<RuleWithActions> nrp(nr);
m_rules[i] = std::move(nrp);
}
RuleWithActions *nr = dynamic_cast<RuleWithActions *>(m_rules[i].get());
nr->clearDefaultActions();
for (auto a : m_defaultActions) {
nr->addDefaultAction(a);
}
for (auto a : m_defaultTransformations) {
nr->addDefaultTransformation(a);
}
}
}
/**
* @name loadFromUri

24
src/rules_set_phases.cc
View File

@@ -62,11 +62,27 @@ int RulesSetPhases::append(RulesSetPhases *from, std::ostringstream *err) {
}
amount_of_rules = amount_of_rules + res;
std::vector<std::shared_ptr<actions::Action> > *actions_from = &from->at(phase)->m_defaultActions;
std::vector<std::shared_ptr<actions::Action> > *actions_to = &at(phase)->m_defaultActions;
for (size_t j = 0; j < actions_from->size(); j++) {
actions_to->push_back(actions_from->at(j));
/**
* An action set in a child will overwrite an action set on a parent.
*
*/
std::vector<std::shared_ptr<actions::Action> > *actions_to = &at(phase)->m_defaultActions;
std::vector<std::shared_ptr<actions::transformations::Transformation> > *actions_t_to = &at(phase)->m_defaultTransformations;
if (actions_to->size() == 0 || actions_t_to->size() == 0) {
std::vector<std::shared_ptr<actions::Action> > *actions_from = &from->at(phase)->m_defaultActions;
actions_to->clear();
for (size_t j = 0; j < actions_from->size(); j++) {
actions_to->push_back(actions_from->at(j));
}
std::vector<std::shared_ptr<actions::transformations::Transformation> > *actions_t_from = &from->at(phase)->m_defaultTransformations;
actions_t_to->clear();
for (size_t j = 0; j < actions_t_from->size(); j++) {
actions_t_to->push_back(actions_t_from->at(j));
}
at(phase)->fixDefaultActions();
}
}

71
src/transaction.cc
View File

@@ -61,6 +61,33 @@ using modsecurity::RequestBodyProcessor::XML;
namespace modsecurity {
RuleMessage *TransactionRuleMessageManagement::messageGetLast() {
return m_rulesMessages.back();
}
void TransactionRuleMessageManagement::logMatchLastRuleOnTheChain(RuleWithActions *rule) {
RuleMessage *rm = m_rulesMessages.back();
rm->setRule(rule);
if (rule->hasDisruptiveAction() &&
(m_transaction->getRuleEngineState() == RulesSet::DetectionOnlyRuleEngine)) {
/* error */
// The error goes over the disruptive massage. We don't need it here.
//m_transaction->serverLog(rm);
} else if (rule->hasBlockAction() && (!rule->hasNoLogAction()) || rule->hasLogAction()) {
/* Log as warning. */
m_transaction->serverLog(rm);
messageNew();
}
}
void TransactionRuleMessageManagement::messageNew() {
m_rulesMessages.push_back(new RuleMessage(m_transaction));
}
/**
* @name Transaction
* @brief Represents the inspection on an entire request.
@@ -122,7 +149,6 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, void *logCbData)
m_ruleRemoveTargetById(),
m_requestBodyAccess(RulesSet::PropertyNotSetConfigBoolean),
m_auditLogModifier(),
m_rulesMessages(),
m_requestBody(),
m_responseBody(),
/* m_id(), */
@@ -160,7 +186,8 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, void *logCbData)
m_variableTimeWDay(""),
m_variableTimeYear(""),
m_logCbData(logCbData),
TransactionAnchoredVariables(this) {
TransactionAnchoredVariables(this),
TransactionRuleMessageManagement(this) {
m_id = std::unique_ptr<std::string>(
new std::string(
std::to_string(m_timeStamp)));
@@ -195,7 +222,6 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, char *id, void *logCb
m_ruleRemoveTargetById(),
m_requestBodyAccess(RulesSet::PropertyNotSetConfigBoolean),
m_auditLogModifier(),
m_rulesMessages(),
m_requestBody(),
m_responseBody(),
m_id(std::unique_ptr<std::string>(new std::string(id))),
@@ -233,7 +259,8 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, char *id, void *logCb
m_variableTimeWDay(""),
m_variableTimeYear(""),
m_logCbData(logCbData),
TransactionAnchoredVariables(this) {
TransactionAnchoredVariables(this),
TransactionRuleMessageManagement(this) {
m_variableUrlEncodedError.set("0", 0);
@@ -250,7 +277,7 @@ Transaction::~Transaction() {
m_requestBody.str(std::string());
m_requestBody.clear();
m_rulesMessages.clear();
messageClear();
intervention::free(&m_it);
intervention::clean(&m_it);
@@ -1590,8 +1617,8 @@ std::string Transaction::toOldAuditLogFormat(int parts,
}
if (parts & audit_log::AuditLog::HAuditLogPart) {
audit_log << "--" << trailer << "-" << "H--" << std::endl;
for (auto a : m_rulesMessages) {
audit_log << a.log(0, m_httpCodeReturned) << std::endl;
for (auto a : messageGetAll()) {
audit_log << a->log(0, m_httpCodeReturned) << std::endl;
}
audit_log << std::endl;
/** TODO: write audit_log H part. */
@@ -1753,36 +1780,36 @@ std::string Transaction::toJSON(int parts) {
reinterpret_cast<const unsigned char*>("messages"),
strlen("messages"));
yajl_gen_array_open(g);
for (auto a : m_rulesMessages) {
for (auto a : messageGetAll()) {
yajl_gen_map_open(g);
LOGFY_ADD("message", a.m_message.c_str());
LOGFY_ADD("message", a->m_message.c_str());
yajl_gen_string(g,
reinterpret_cast<const unsigned char*>("details"),
strlen("details"));
yajl_gen_map_open(g);
LOGFY_ADD("match", a.m_match.c_str());
LOGFY_ADD("reference", a.m_reference.c_str());
LOGFY_ADD("ruleId", std::to_string(a.m_ruleId).c_str());
LOGFY_ADD("file", a.m_ruleFile->c_str());
LOGFY_ADD("lineNumber", std::to_string(a.m_ruleLine).c_str());
LOGFY_ADD("data", a.m_data.c_str());
LOGFY_ADD("severity", std::to_string(a.m_severity).c_str());
LOGFY_ADD("ver", a.m_ver.c_str());
LOGFY_ADD("rev", a.m_rev.c_str());
LOGFY_ADD("match", a->m_match.c_str());
LOGFY_ADD("reference", a->m_reference.c_str());
LOGFY_ADD("ruleId", std::to_string(a->getRuleId()).c_str());
LOGFY_ADD("file", a->getFileName().c_str());
LOGFY_ADD("lineNumber", std::to_string(a->getLineNumber()).c_str());
LOGFY_ADD("data", a->m_data.c_str());
LOGFY_ADD("severity", std::to_string(a->m_severity).c_str());
LOGFY_ADD("ver", a->getVer().c_str());
LOGFY_ADD("rev", a->getRev().c_str());
yajl_gen_string(g,
reinterpret_cast<const unsigned char*>("tags"),
strlen("tags"));
yajl_gen_array_open(g);
for (auto b : a.m_tags) {
for (auto b : a->m_tags) {
yajl_gen_string(g,
reinterpret_cast<const unsigned char*>(b.c_str()),
strlen(b.c_str()));
}
yajl_gen_array_close(g);
LOGFY_ADD("maturity", std::to_string(a.m_maturity).c_str());
LOGFY_ADD("accuracy", std::to_string(a.m_accuracy).c_str());
LOGFY_ADD("maturity", std::to_string(a->getMaturity()).c_str());
LOGFY_ADD("accuracy", std::to_string(a->getAccuracy()).c_str());
yajl_gen_map_close(g);
yajl_gen_map_close(g);
}
@@ -1811,7 +1838,7 @@ std::string Transaction::toJSON(int parts) {
}
void Transaction::serverLog(std::shared_ptr<RuleMessage> rm) {
void Transaction::serverLog(RuleMessage *rm) {
m_ms->serverLog(m_logCbData, rm);
}

58
src/variables/rule.h
View File

@@ -42,10 +42,6 @@ class Rule_DictElement : public VariableDictElement { \
std::vector<const VariableValue *> *l) {
RuleWithActions *r = rule;
while (r && r->m_ruleId == 0) {
r = r->m_chainedRuleParent;
}
if (!r || r->m_ruleId == 0) {
return;
}
@@ -67,24 +63,22 @@ class Rule_DictElement : public VariableDictElement { \
std::vector<const VariableValue *> *l) {
RuleWithActions *r = rule;
while (r && r->m_rev.empty()) {
r = r->m_chainedRuleParent;
}
if (!r) {
return;
}
std::unique_ptr<VariableOrigin> origin(new VariableOrigin());
std::string *a = new std::string(r->m_rev);
VariableValue *var = new VariableValue(&m_rule, &m_rule_rev,
a
);
delete a;
origin->m_offset = 0;
origin->m_length = 0;
var->addOrigin(std::move(origin));
l->push_back(var);
if (r->hasRevisionAction()) {
std::unique_ptr<VariableOrigin> origin(new VariableOrigin());
std::string *a = new std::string(r->getRevision());
VariableValue *var = new VariableValue(&m_rule, &m_rule_rev,
a
);
delete a;
origin->m_offset = 0;
origin->m_length = 0;
var->addOrigin(std::move(origin));
l->push_back(var);
}
}
@@ -93,13 +87,13 @@ class Rule_DictElement : public VariableDictElement { \
std::vector<const VariableValue *> *l) {
RuleWithActions *r = rule;
while (r && !r->hasSeverity()) {
r = r->m_chainedRuleParent;
if (!r) {
return;
}
if (r && r->hasSeverity()) {
if (r->hasSeverityAction()) {
std::unique_ptr<VariableOrigin> origin(new VariableOrigin());
std::string *a = new std::string(std::to_string(r->severity()));
std::string *a = new std::string(std::to_string(r->getSeverity()));
VariableValue *var = new VariableValue(&m_rule, &m_rule_severity,
a
);
@@ -117,13 +111,13 @@ class Rule_DictElement : public VariableDictElement { \
std::vector<const VariableValue *> *l) {
RuleWithActions *r = rule;
while (r && !r->hasLogData()) {
r = r->m_chainedRuleParent;
if (!r) {
return;
}
if (r && r->hasLogData()) {
if (r->hasLogDataAction()) {
std::unique_ptr<VariableOrigin> origin(new VariableOrigin());
std::string *a = new std::string(r->logData(t));
std::string *a = new std::string(r->getLogData(t));
VariableValue *var = new VariableValue(&m_rule, &m_rule_logdata,
a
);
@@ -140,13 +134,13 @@ class Rule_DictElement : public VariableDictElement { \
std::vector<const VariableValue *> *l) {
RuleWithActions *r = rule;
while (r && !r->hasMsg()) {
r = r->m_chainedRuleParent;
if (!r) {
return;
}
if (r && r->hasMsg()) {
if (r->hasMessageAction()) {
std::unique_ptr<VariableOrigin> origin(new VariableOrigin());
std::string *a = new std::string(r->msg(t));
std::string *a = new std::string(r->getMessage(t));
VariableValue *var = new VariableValue(&m_rule, &m_rule_msg,
a
);
@@ -165,11 +159,11 @@ class Rule_DictElement : public VariableDictElement { \
id(t, rule, l);
return;
}
if (rule && m_dictElement == "rev") {
if (m_dictElement == "rev") {
rev(t, rule, l);
return;
}
if (rule && m_dictElement == "severity") {
if (m_dictElement == "severity") {
severity(t, rule, l);
return;
}