Refactoring: how to report to error logs

src/actions/disruptive/allow.cc

@@ -0,0 +1,64 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "src/actions/disruptive/allow.h"
+
+#include <iostream>
+#include <string>
+
+#include "modsecurity/transaction.h"
+#include "modsecurity/rule.h"
+#include "src/utils/string.h"
+#include "modsecurity/modsecurity.h"
+
+
+namespace modsecurity {
+namespace actions {
+namespace disruptive {
+
+
+bool Allow::init(std::string *error) {
+    std::string a = utils::string::tolower(m_parser_payload);
+
+    if (a == "phase") {
+        m_allowType = PhaseAllowType;
+    } else if (a == "request") {
+        m_allowType = RequestAllowType;
+    } else if (a == "") {
+        m_allowType = FromNowOneAllowType;
+    } else {
+        error->assign("Allow: if specified, the parameter " \
+            "most be: phase, request");
+        return false;
+    }
+
+    return true;
+}
+
+
+bool Allow::evaluate(Rule *rule, Transaction *transaction) {
+    transaction->debug(4, "Dropping the evaluation of upcoming rules " \
+        "in favor of an `allow' action of type: " \
+        + allowTypeToName(m_allowType));
+
+    transaction->m_allowType = m_allowType;
+
+    return true;
+}
+
+
+}  // namespace disruptive
+}  // namespace actions
+}  // namespace modsecurity

src/actions/disruptive/allow.h

@@ -0,0 +1,87 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+
+#include "modsecurity/actions/action.h"
+
+#ifndef SRC_ACTIONS_ALLOW_H_
+#define SRC_ACTIONS_ALLOW_H_
+
+#ifdef __cplusplus
+class Transaction;
+
+namespace modsecurity {
+class Transaction;
+class Rule;
+
+namespace actions {
+namespace disruptive {
+
+
+enum AllowType : int {
+  /**
+   *
+   */
+  NoneAllowType,
+  /**
+   *
+   */
+  RequestAllowType,
+  /**
+   *
+   */
+  PhaseAllowType,
+  /**
+   *
+   */
+  FromNowOneAllowType,
+};
+
+
+class Allow : public Action {
+ public:
+    explicit Allow(std::string action)
+        : Action(action, RunTimeOnlyIfMatchKind),
+        m_allowType(NoneAllowType) { }
+
+
+    bool init(std::string *error) override;
+    bool evaluate(Rule *rule, Transaction *transaction) override;
+
+    AllowType m_allowType;
+
+    static std::string allowTypeToName(AllowType a) {
+        if (a == NoneAllowType) {
+            return "None";
+        } else if (a == RequestAllowType) {
+            return "Request";
+        } else if (a == PhaseAllowType) {
+            return "Phase";
+        } else if (a == FromNowOneAllowType) {
+            return "FromNowOne";
+        } else {
+            return "Unknown";
+        }
+    }
+};
+
+
+}  // namespace disruptive
+}  // namespace actions
+}  // namespace modsecurity
+#endif
+
+#endif  // SRC_ACTIONS_ALLOW_H_

src/actions/disruptive/block.cc

@@ -0,0 +1,50 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "src/actions/disruptive/block.h"
+
+#include <iostream>
+#include <string>
+
+#include "modsecurity/transaction.h"
+#include "modsecurity/rule.h"
+#include "modsecurity/rules.h"
+#include "modsecurity/intervention.h"
+#include "src/actions/data/status.h"
+
+namespace modsecurity {
+namespace actions {
+namespace disruptive {
+
+
+bool Block::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
+    std::string log;
+
+    transaction->debug(8, "Marking request as disruptive.");
+
+    for (Action *a : transaction->m_rules->defaultActions[rule->phase]) {
+        if (a->isDisruptive() == false) {
+            continue;
+        }
+        a->evaluate(rule, transaction, rm);
+    }
+
+    return true;
+}
+
+
+}  // namespace disruptive
+}  // namespace actions
+}  // namespace modsecurity

src/actions/disruptive/block.h

@@ -0,0 +1,49 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+
+#include "modsecurity/actions/action.h"
+#include "modsecurity/rule_message.h"
+
+#ifndef SRC_ACTIONS_BLOCK_H_
+#define SRC_ACTIONS_BLOCK_H_
+
+#ifdef __cplusplus
+class Transaction;
+
+namespace modsecurity {
+class Transaction;
+
+namespace actions {
+namespace disruptive {
+
+
+class Block : public Action {
+ public:
+    explicit Block(std::string action) : Action(action) { }
+
+    bool evaluate(Rule *rule, Transaction *transaction,
+        RuleMessage *rm) override;
+    bool isDisruptive() override { return true; }
+};
+
+
+}  // namespace disruptive
+}  // namespace actions
+}  // namespace modsecurity
+#endif
+
+#endif  // SRC_ACTIONS_BLOCK_H_

src/actions/disruptive/deny.cc

@@ -0,0 +1,53 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "src/actions/disruptive/deny.h"
+
+#include <iostream>
+#include <string>
+#include <cstring>
+#include <string.h>
+
+#include "modsecurity/transaction.h"
+
+namespace modsecurity {
+namespace actions {
+namespace disruptive {
+
+
+bool Deny::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
+#ifndef NO_LOGS
+    transaction->debug(8, "Running action deny");
+#endif
+    std::string log;
+
+    if (transaction->m_it.status == 200) {
+        transaction->m_it.status = 403;
+    }
+
+    log.append("Access denied with code %d");
+    log.append(" (phase ");
+    log.append(std::to_string(rm->m_rule->phase - 1) + "). ");
+
+    transaction->m_it.disruptive = true;
+    transaction->m_it.log = strdup(rm->disruptiveErrorLog(transaction, log).c_str());
+
+    return true;
+}
+
+
+}  // namespace disruptive
+}  // namespace actions
+}  // namespace modsecurity

src/actions/disruptive/deny.h

@@ -0,0 +1,44 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+
+#include "modsecurity/actions/action.h"
+#include "modsecurity/transaction.h"
+#include "modsecurity/rule_message.h"
+
+#ifndef SRC_ACTIONS_DENY_H_
+#define SRC_ACTIONS_DENY_H_
+
+namespace modsecurity {
+namespace actions {
+namespace disruptive {
+
+
+class Deny : public Action {
+ public:
+    explicit Deny(std::string action) : Action(action) { }
+
+    bool evaluate(Rule *rule, Transaction *transaction,
+        RuleMessage *rm) override;
+    bool isDisruptive() override { return true; }
+};
+
+
+}  // namespace disruptive
+}  // namespace actions
+}  // namespace modsecurity
+
+#endif  // SRC_ACTIONS_DENY_H_

src/actions/disruptive/pass.cc

@@ -0,0 +1,45 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "src/actions/disruptive/pass.h"
+
+#include <iostream>
+#include <string>
+
+#include "modsecurity/transaction.h"
+#include "modsecurity/rule.h"
+#include "modsecurity/rule_message.h"
+
+namespace modsecurity {
+namespace actions {
+namespace disruptive {
+
+
+bool Pass::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
+    transaction->m_it.status = 200;
+    transaction->m_it.disruptive = false;
+    transaction->m_it.url = NULL;
+    transaction->m_it.log = NULL;
+    transaction->m_it.pause = 0;
+
+    transaction->debug(8, "Running action pass");
+
+    return true;
+}
+
+
+}  // namespace disruptive
+}  // namespace actions
+}  // namespace modsecurity

src/actions/disruptive/pass.h

@@ -0,0 +1,44 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+
+#include "modsecurity/actions/action.h"
+#include "modsecurity/transaction.h"
+
+#ifndef SRC_ACTIONS_DISRUPTIVE_PASS_H_
+#define SRC_ACTIONS_DISRUPTIVE_PASS_H_
+
+namespace modsecurity {
+namespace actions {
+namespace disruptive {
+
+
+class Pass : public Action {
+ public:
+    explicit Pass(std::string action) : Action(action) { }
+
+    bool evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm)
+        override;
+    bool isDisruptive() override { return true; }
+};
+
+
+}  // namespace disruptive
+}  // namespace actions
+}  // namespace modsecurity
+
+
+#endif  // SRC_ACTIONS_DISRUPTIVE_PASS_H_

src/actions/disruptive/redirect.cc

@@ -0,0 +1,60 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "src/actions/disruptive/redirect.h"
+
+#include <iostream>
+#include <string>
+#include <string.h>
+
+
+#include "modsecurity/transaction.h"
+#include "src/macro_expansion.h"
+
+namespace modsecurity {
+namespace actions {
+namespace disruptive {
+
+
+bool Redirect::init(std::string *error) {
+    m_url = m_parser_payload;
+    m_status = 302;
+    return true;
+}
+
+
+bool Redirect::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
+    m_urlExpanded = MacroExpansion::expand(m_url, transaction);
+    std::string log;
+
+    /* if it was changed before, lets keep it. */
+    if (transaction->m_it.status == 200) {
+        transaction->m_it.status = m_status;
+    }
+    log.append("Access denied with code %d");
+    log.append(" (phase ");
+    log.append(std::to_string(rm->m_rule->phase - 1) + "). ");
+
+    transaction->m_it.url = strdup(m_urlExpanded.c_str());
+    transaction->m_it.disruptive = true;
+    transaction->m_it.log = strdup(rm->disruptiveErrorLog(transaction, log).c_str());
+
+    return true;
+}
+
+
+}  // namespace disruptive
+}  // namespace actions
+}  // namespace modsecurity

src/actions/disruptive/redirect.h

@@ -0,0 +1,58 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+
+#include "modsecurity/actions/action.h"
+#include "modsecurity/rule_message.h"
+
+#ifndef SRC_ACTIONS_REDIRECT_H_
+#define SRC_ACTIONS_REDIRECT_H_
+
+#ifdef __cplusplus
+class Transaction;
+
+namespace modsecurity {
+class Transaction;
+
+namespace actions {
+namespace disruptive {
+
+
+class Redirect : public Action {
+ public:
+    explicit Redirect(const std::string &action)
+        : Action(action, RunTimeOnlyIfMatchKind),
+        m_status(0),
+        m_urlExpanded(""),
+        m_url("") { }
+
+    bool evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) override;
+    bool init(std::string *error) override;
+    bool isDisruptive() override { return true; }
+
+ private:
+    int m_status;
+    std::string m_urlExpanded;
+    std::string m_url;
+};
+
+
+}  // namespace disruptive
+}  // namespace actions
+}  // namespace modsecurity
+#endif
+
+#endif  // SRC_ACTIONS_REDIRECT_H_