Refactoring: how to report to error logs

src/actions/action.cc

@@ -22,16 +22,16 @@
 #include "modsecurity/rule.h"
 #include "src/utils/string.h"
 
-#include "src/actions/block.h"
+#include "src/actions/disruptive/block.h"
 #include "src/actions/chain.h"
-#include "src/actions/deny.h"
-#include "src/actions/redirect.h"
-#include "src/actions/status.h"
+#include "src/actions/disruptive/deny.h"
+#include "src/actions/disruptive/redirect.h"
+#include "src/actions/data/status.h"
 #include "src/actions/rule_id.h"
 #include "src/actions/phase.h"
 #include "src/actions/severity.h"
 #include "src/actions/capture.h"
-#include "src/actions/pass.h"
+#include "src/actions/disruptive/pass.h"
 #include "src/actions/log.h"
 #include "src/actions/no_log.h"
 #include "src/actions/multi_match.h"
@@ -55,9 +55,6 @@ bool Action::evaluate(Rule *rule, Transaction *transaction) {
 }
 
 
-void Action::fillIntervention(ModSecurityIntervention *i) {
-}
-
 Action *Action::instantiate(const std::string& name) {
     std::string status("status:");
     std::string redirect("redirect:");
@@ -66,13 +63,13 @@ Action *Action::instantiate(const std::string& name) {
     std::string rule_id("id:");
 
     if (name.compare(0, status.length(), status) == 0) {
-        return new Status(name);
+        return new data::Status(name);
     }
     if (name.compare(0, redirect.length(), redirect) == 0) {
-        return new Redirect(name);
+        return new disruptive::Redirect(name);
     }
     if (name.compare(0, block.length(), block) == 0) {
-        return new Block(name);
+        return new disruptive::Block(name);
     }
     if (name.compare(0, phase.length(), phase) == 0) {
         return new Phase(name);
@@ -87,10 +84,10 @@ Action *Action::instantiate(const std::string& name) {
         return new Capture(name);
     }
     if (name == "pass") {
-        return new Pass(name);
+        return new disruptive::Pass(name);
     }
     if (name == "deny") {
-        return new Deny(name);
+        return new disruptive::Deny(name);
     }
     if (name == "log") {
         return new Log(name);

src/actions/data/status.cc

@@ -13,7 +13,7 @@
  *
  */
 
-#include "src/actions/status.h"
+#include "src/actions/data/status.h"
 
 #include <iostream>
 #include <string>
@@ -23,7 +23,7 @@
 
 namespace modsecurity {
 namespace actions {
-
+namespace data {
 
 bool Status::init(std::string *error) {
     try {
@@ -38,16 +38,11 @@ bool Status::init(std::string *error) {
 
 
 bool Status::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
-    rm->m_tmp_actions.push_back(this);
+    transaction->m_it.status = m_status;
     return true;
 }
 
 
-void Status::fillIntervention(ModSecurityIntervention *i) {
-    i->status = m_status;
-    i->log = "Status";
-}
-
-
+}  // namespace data
 }  // namespace actions
 }  // namespace modsecurity

src/actions/data/status.h

@@ -27,6 +27,8 @@ class Transaction;
 namespace modsecurity {
 class Transaction;
 namespace actions {
+namespace data {
+
 
 class Status : public Action {
  public:
@@ -36,12 +38,12 @@ class Status : public Action {
     bool init(std::string *error) override;
     bool evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm)
         override;
-    void fillIntervention(ModSecurityIntervention *i) override;
 
- protected:
     int m_status;
 };
 
+
+}  // namespace data
 }  // namespace actions
 }  // namespace modsecurity
 #endif

src/actions/disruptive/allow.cc

@@ -13,7 +13,7 @@
  *
  */
 
-#include "src/actions/allow.h"
+#include "src/actions/disruptive/allow.h"
 
 #include <iostream>
 #include <string>
@@ -26,6 +26,8 @@
 
 namespace modsecurity {
 namespace actions {
+namespace disruptive {
+
 
 bool Allow::init(std::string *error) {
     std::string a = utils::string::tolower(m_parser_payload);
@@ -56,5 +58,7 @@ bool Allow::evaluate(Rule *rule, Transaction *transaction) {
     return true;
 }
 
+
+}  // namespace disruptive
 }  // namespace actions
 }  // namespace modsecurity

src/actions/disruptive/allow.h

@@ -28,6 +28,8 @@ class Transaction;
 class Rule;
 
 namespace actions {
+namespace disruptive {
+
 
 enum AllowType : int {
   /**
@@ -76,6 +78,8 @@ class Allow : public Action {
     }
 };
 
+
+}  // namespace disruptive
 }  // namespace actions
 }  // namespace modsecurity
 #endif

src/actions/disruptive/block.cc

@@ -13,36 +13,38 @@
  *
  */
 
-#include "src/actions/block.h"
+#include "src/actions/disruptive/block.h"
 
 #include <iostream>
 #include <string>
 
 #include "modsecurity/transaction.h"
 #include "modsecurity/rule.h"
+#include "modsecurity/rules.h"
 #include "modsecurity/intervention.h"
+#include "src/actions/data/status.h"
 
 namespace modsecurity {
 namespace actions {
+namespace disruptive {
 
 
 bool Block::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
-#ifndef NO_LOGS
-    transaction->debug(8, "Running action block");
-#endif
-    for (Action *a : rule->m_actionsRuntimePos) {
-        if (a->isDisruptive() == true) {
-            rm->m_tmp_actions.push_back(a);
+    std::string log;
+
+    transaction->debug(8, "Marking request as disruptive.");
+
+    for (Action *a : transaction->m_rules->defaultActions[rule->phase]) {
+        if (a->isDisruptive() == false) {
+            continue;
         }
+        a->evaluate(rule, transaction, rm);
     }
+
     return true;
 }
 
 
-void Block::fillIntervention(ModSecurityIntervention *i) {
-    i->disruptive = true;
-}
-
-
+}  // namespace disruptive
 }  // namespace actions
 }  // namespace modsecurity

src/actions/disruptive/block.h

@@ -28,6 +28,7 @@ namespace modsecurity {
 class Transaction;
 
 namespace actions {
+namespace disruptive {
 
 
 class Block : public Action {
@@ -36,11 +37,11 @@ class Block : public Action {
 
     bool evaluate(Rule *rule, Transaction *transaction,
         RuleMessage *rm) override;
-    void fillIntervention(ModSecurityIntervention *i) override;
     bool isDisruptive() override { return true; }
 };
 
 
+}  // namespace disruptive
 }  // namespace actions
 }  // namespace modsecurity
 #endif

src/actions/disruptive/deny.cc

@@ -13,34 +13,41 @@
  *
  */
 
-#include "src/actions/deny.h"
+#include "src/actions/disruptive/deny.h"
 
 #include <iostream>
 #include <string>
+#include <cstring>
+#include <string.h>
 
 #include "modsecurity/transaction.h"
 
 namespace modsecurity {
 namespace actions {
+namespace disruptive {
 
 
 bool Deny::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
 #ifndef NO_LOGS
     transaction->debug(8, "Running action deny");
 #endif
-    rm->m_tmp_actions.push_back(this);
+    std::string log;
+
+    if (transaction->m_it.status == 200) {
+        transaction->m_it.status = 403;
+    }
+
+    log.append("Access denied with code %d");
+    log.append(" (phase ");
+    log.append(std::to_string(rm->m_rule->phase - 1) + "). ");
+
+    transaction->m_it.disruptive = true;
+    transaction->m_it.log = strdup(rm->disruptiveErrorLog(transaction, log).c_str());
+
     return true;
 }
 
 
-void Deny::fillIntervention(ModSecurityIntervention *i) {
-    if (i->status == 200) {
-        i->status = 403;
-    }
-    i->log = "Deny action";
-    i->disruptive = true;
-}
-
-
+}  // namespace disruptive
 }  // namespace actions
 }  // namespace modsecurity

src/actions/disruptive/deny.h

@@ -24,6 +24,7 @@
 
 namespace modsecurity {
 namespace actions {
+namespace disruptive {
 
 
 class Deny : public Action {
@@ -32,11 +33,11 @@ class Deny : public Action {
 
     bool evaluate(Rule *rule, Transaction *transaction,
         RuleMessage *rm) override;
-    void fillIntervention(ModSecurityIntervention *i) override;
     bool isDisruptive() override { return true; }
 };
 
 
+}  // namespace disruptive
 }  // namespace actions
 }  // namespace modsecurity
 

src/actions/disruptive/pass.cc

@@ -13,7 +13,7 @@
  *
  */
 
-#include "src/actions/pass.h"
+#include "src/actions/disruptive/pass.h"
 
 #include <iostream>
 #include <string>
@@ -24,13 +24,22 @@
 
 namespace modsecurity {
 namespace actions {
+namespace disruptive {
 
 
 bool Pass::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
-    rm->m_tmp_actions.clear();
+    transaction->m_it.status = 200;
+    transaction->m_it.disruptive = false;
+    transaction->m_it.url = NULL;
+    transaction->m_it.log = NULL;
+    transaction->m_it.pause = 0;
+
+    transaction->debug(8, "Running action pass");
+
     return true;
 }
 
 
+}  // namespace disruptive
 }  // namespace actions
 }  // namespace modsecurity

src/actions/disruptive/pass.h

@@ -18,11 +18,12 @@
 #include "modsecurity/actions/action.h"
 #include "modsecurity/transaction.h"
 
-#ifndef SRC_ACTIONS_PASS_H_
-#define SRC_ACTIONS_PASS_H_
+#ifndef SRC_ACTIONS_DISRUPTIVE_PASS_H_
+#define SRC_ACTIONS_DISRUPTIVE_PASS_H_
 
 namespace modsecurity {
 namespace actions {
+namespace disruptive {
 
 
 class Pass : public Action {
@@ -34,8 +35,10 @@ class Pass : public Action {
     bool isDisruptive() override { return true; }
 };
 
+
+}  // namespace disruptive
 }  // namespace actions
 }  // namespace modsecurity
 
 
-#endif  // SRC_ACTIONS_PASS_H_
+#endif  // SRC_ACTIONS_DISRUPTIVE_PASS_H_

src/actions/disruptive/redirect.cc

@@ -13,16 +13,19 @@
  *
  */
 
-#include "src/actions/redirect.h"
+#include "src/actions/disruptive/redirect.h"
 
 #include <iostream>
 #include <string>
+#include <string.h>
+
 
 #include "modsecurity/transaction.h"
 #include "src/macro_expansion.h"
 
 namespace modsecurity {
 namespace actions {
+namespace disruptive {
 
 
 bool Redirect::init(std::string *error) {
@@ -32,23 +35,26 @@ bool Redirect::init(std::string *error) {
 }
 
 
-bool Redirect::evaluate(Rule *rule, Transaction *transaction) {
+bool Redirect::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
     m_urlExpanded = MacroExpansion::expand(m_url, transaction);
-    transaction->m_actions.push_back(this);
+    std::string log;
+
+    /* if it was changed before, lets keep it. */
+    if (transaction->m_it.status == 200) {
+        transaction->m_it.status = m_status;
+    }
+    log.append("Access denied with code %d");
+    log.append(" (phase ");
+    log.append(std::to_string(rm->m_rule->phase - 1) + "). ");
+
+    transaction->m_it.url = strdup(m_urlExpanded.c_str());
+    transaction->m_it.disruptive = true;
+    transaction->m_it.log = strdup(rm->disruptiveErrorLog(transaction, log).c_str());
+
     return true;
 }
 
 
-void Redirect::fillIntervention(ModSecurityIntervention *i) {
-    /* if it was changed before, lets keep it. */
-    if (i->status == 200) {
-        i->status = m_status;
-    }
-    i->url = m_urlExpanded.c_str();
-    i->log = "Redirecting";
-    i->disruptive = true;
-}
-
-
+}  // namespace disruptive
 }  // namespace actions
 }  // namespace modsecurity

src/actions/disruptive/redirect.h

@@ -16,6 +16,7 @@
 #include <string>
 
 #include "modsecurity/actions/action.h"
+#include "modsecurity/rule_message.h"
 
 #ifndef SRC_ACTIONS_REDIRECT_H_
 #define SRC_ACTIONS_REDIRECT_H_
@@ -27,6 +28,8 @@ namespace modsecurity {
 class Transaction;
 
 namespace actions {
+namespace disruptive {
+
 
 class Redirect : public Action {
  public:
@@ -36,9 +39,8 @@ class Redirect : public Action {
         m_urlExpanded(""),
         m_url("") { }
 
-    bool evaluate(Rule *rule, Transaction *transaction) override;
+    bool evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) override;
     bool init(std::string *error) override;
-    void fillIntervention(ModSecurityIntervention *i) override;
     bool isDisruptive() override { return true; }
 
  private:
@@ -47,6 +49,8 @@ class Redirect : public Action {
     std::string m_url;
 };
 
+
+}  // namespace disruptive
 }  // namespace actions
 }  // namespace modsecurity
 #endif

src/actions/msg.cc

@@ -48,10 +48,12 @@ namespace actions {
 
 bool Msg::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
     std::string msg = data(transaction);
-    transaction->debug(9, "Saving msg: " + msg);
     rm->m_message = msg;
+    transaction->debug(9, "Saving msg: " + msg);
 
     transaction->m_collections.storeOrUpdateFirst("RULE:msg", msg);
+
+    rm->m_server_logs.push_back(rm->errorLog(transaction));
     return true;
 }