github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Introduces ActionWithExecution

Browse Source
This commit is contained in:
Felipe Zimmerle 2020-06-08 13:09:47 -03:00
parent 69ed4d5884
commit c19cdcbadd
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
65 changed files with 737 additions and 604 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
headers/modsecurity/actions/action.h
View File

@ -69,12 +69,6 @@ class Action {
return true; return true;
} }
virtual bool execute(Transaction *transaction = nullptr) noexcept {
return true;
}
const std::string *getName() const noexcept { const std::string *getName() const noexcept {
return &m_name; return &m_name;
} }

4
src/actions/action_type_rule_metadata.h
View File

@ -37,10 +37,6 @@ class ActionTypeRuleMetaData : public virtual Action {
: Action() : Action()
{ }; { };
bool execute(Transaction *t) noexcept override {
return true;
}
virtual void configure(RuleWithActions *rule) = 0; virtual void configure(RuleWithActions *rule) = 0;
}; };

41
src/actions/action_with_execution.h Normal file
View File

@ -0,0 +1,41 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2020 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include "modsecurity/actions/action.h"
#include "src/rule_with_actions.h"
#ifndef SRC_ACTIONS_ACTION_WITH_EXECUTION_H_
#define SRC_ACTIONS_ACTION_WITH_EXECUTION_H_
namespace modsecurity {
namespace actions {
class ActionWithExecution : public virtual Action {
public:
ActionWithExecution()
: Action()
{ };
virtual bool execute(Transaction *t) const noexcept = 0;
};
} // namespace actions
} // namespace modsecurity
#endif // SRC_ACTIONS_ACTION_WITH_EXECUTION_H_

2
src/actions/ctl/audit_log_parts.cc
View File

@ -55,7 +55,7 @@ bool AuditLogParts::init(std::string *error) {
} }
bool AuditLogParts::execute(Transaction *transaction) noexcept { bool AuditLogParts::execute(Transaction *transaction) const noexcept {
ms_dbg_a(transaction, 7, "AuditLog parts before modification: " + ms_dbg_a(transaction, 7, "AuditLog parts before modification: " +
std::to_string(transaction->m_auditLogParts) + "."); std::to_string(transaction->m_auditLogParts) + ".");

5
src/actions/ctl/audit_log_parts.h
View File

@ -18,6 +18,7 @@
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_CTL_AUDIT_LOG_PARTS_H_ #ifndef SRC_ACTIONS_CTL_AUDIT_LOG_PARTS_H_
@ -29,7 +30,7 @@ namespace actions {
namespace ctl { namespace ctl {
class AuditLogParts : public Action { class AuditLogParts : public ActionWithExecution {
public: public:
explicit AuditLogParts(const std::string &action) explicit AuditLogParts(const std::string &action)
: Action(action), : Action(action),
@ -38,7 +39,7 @@ class AuditLogParts : public Action {
bool init(std::string *error) override; bool init(std::string *error) override;
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
protected: protected:
int m_partsToModify; int m_partsToModify;

2
src/actions/ctl/request_body_access.cc
View File

@ -44,7 +44,7 @@ bool RequestBodyAccess::init(std::string *error) {
} }
bool RequestBodyAccess::execute(Transaction *transaction) noexcept { bool RequestBodyAccess::execute(Transaction *transaction) const noexcept {
if (m_requestBodyAccess) { if (m_requestBodyAccess) {
transaction->m_requestBodyAccess = transaction->m_requestBodyAccess =
RulesSetProperties::TrueConfigBoolean; RulesSetProperties::TrueConfigBoolean;

5
src/actions/ctl/request_body_access.h
View File

@ -18,6 +18,7 @@
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_CTL_REQUEST_BODY_ACCESS_H_ #ifndef SRC_ACTIONS_CTL_REQUEST_BODY_ACCESS_H_
@ -29,7 +30,7 @@ namespace actions {
namespace ctl { namespace ctl {
class RequestBodyAccess : public Action { class RequestBodyAccess : public ActionWithExecution {
public: public:
explicit RequestBodyAccess(const std::string &action) explicit RequestBodyAccess(const std::string &action)
: Action(action), : Action(action),
@ -38,7 +39,7 @@ class RequestBodyAccess : public Action {
bool init(std::string *error) override; bool init(std::string *error) override;
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
private: private:
bool m_requestBodyAccess; bool m_requestBodyAccess;

2
src/actions/ctl/request_body_processor_json.cc
View File

@ -26,7 +26,7 @@ namespace actions {
namespace ctl { namespace ctl {
bool RequestBodyProcessorJSON::execute(Transaction *transaction) noexcept { bool RequestBodyProcessorJSON::execute(Transaction *transaction) const noexcept {
transaction->m_requestBodyProcessor = Transaction::JSONRequestBody; transaction->m_requestBodyProcessor = Transaction::JSONRequestBody;
transaction->m_variableReqbodyProcessor.set("JSON", transaction->m_variableReqbodyProcessor.set("JSON",
transaction->m_variableOffset); transaction->m_variableOffset);

5
src/actions/ctl/request_body_processor_json.h
View File

@ -18,6 +18,7 @@
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_CTL_REQUEST_BODY_PROCESSOR_JSON_H_ #ifndef SRC_ACTIONS_CTL_REQUEST_BODY_PROCESSOR_JSON_H_
@ -29,13 +30,13 @@ namespace actions {
namespace ctl { namespace ctl {
class RequestBodyProcessorJSON : public Action { class RequestBodyProcessorJSON : public ActionWithExecution {
public: public:
explicit RequestBodyProcessorJSON(const std::string &action) explicit RequestBodyProcessorJSON(const std::string &action)
: Action(action) : Action(action)
{ } { }
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
}; };

2
src/actions/ctl/request_body_processor_urlencoded.cc
View File

@ -27,7 +27,7 @@ namespace ctl {
bool RequestBodyProcessorURLENCODED::execute( bool RequestBodyProcessorURLENCODED::execute(
Transaction *transaction) noexcept { Transaction *transaction) const noexcept {
transaction->m_requestBodyType = Transaction::WWWFormUrlEncoded; transaction->m_requestBodyType = Transaction::WWWFormUrlEncoded;
transaction->m_variableReqbodyProcessor.set("URLENCODED", transaction->m_variableReqbodyProcessor.set("URLENCODED",
transaction->m_variableOffset); transaction->m_variableOffset);

5
src/actions/ctl/request_body_processor_urlencoded.h
View File

@ -18,6 +18,7 @@
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_CTL_REQUEST_BODY_PROCESSOR_URLENCODED_H_ #ifndef SRC_ACTIONS_CTL_REQUEST_BODY_PROCESSOR_URLENCODED_H_
@ -29,13 +30,13 @@ namespace actions {
namespace ctl { namespace ctl {
class RequestBodyProcessorURLENCODED : public Action { class RequestBodyProcessorURLENCODED : public ActionWithExecution {
public: public:
explicit RequestBodyProcessorURLENCODED(const std::string &action) explicit RequestBodyProcessorURLENCODED(const std::string &action)
: Action(action) : Action(action)
{ } { }
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
}; };

2
src/actions/ctl/request_body_processor_xml.cc
View File

@ -26,7 +26,7 @@ namespace actions {
namespace ctl { namespace ctl {
bool RequestBodyProcessorXML::execute(Transaction *transaction) noexcept { bool RequestBodyProcessorXML::execute(Transaction *transaction) const noexcept {
transaction->m_requestBodyProcessor = Transaction::XMLRequestBody; transaction->m_requestBodyProcessor = Transaction::XMLRequestBody;
transaction->m_variableReqbodyProcessor.set("XML", transaction->m_variableReqbodyProcessor.set("XML",
transaction->m_variableOffset); transaction->m_variableOffset);

5
src/actions/ctl/request_body_processor_xml.h
View File

@ -18,6 +18,7 @@
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_CTL_REQUEST_BODY_PROCESSOR_XML_H_ #ifndef SRC_ACTIONS_CTL_REQUEST_BODY_PROCESSOR_XML_H_
@ -29,13 +30,13 @@ namespace actions {
namespace ctl { namespace ctl {
class RequestBodyProcessorXML : public Action { class RequestBodyProcessorXML : public ActionWithExecution {
public: public:
explicit RequestBodyProcessorXML(const std::string &action) explicit RequestBodyProcessorXML(const std::string &action)
: Action(action) : Action(action)
{ } { }
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
}; };

2
src/actions/ctl/rule_engine.cc
View File

@ -47,7 +47,7 @@ bool RuleEngine::init(std::string *error) {
} }
bool RuleEngine::execute(Transaction *transaction) noexcept { bool RuleEngine::execute(Transaction *transaction) const noexcept {
std::stringstream a; std::stringstream a;
a << "Setting SecRuleEngine to "; a << "Setting SecRuleEngine to ";
a << modsecurity::RulesSetProperties::ruleEngineStateString(m_ruleEngine); a << modsecurity::RulesSetProperties::ruleEngineStateString(m_ruleEngine);

5
src/actions/ctl/rule_engine.h
View File

@ -18,6 +18,7 @@
#include "modsecurity/rules_set_properties.h" #include "modsecurity/rules_set_properties.h"
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_CTL_RULE_ENGINE_H_ #ifndef SRC_ACTIONS_CTL_RULE_ENGINE_H_
@ -29,7 +30,7 @@ namespace actions {
namespace ctl { namespace ctl {
class RuleEngine : public Action { class RuleEngine : public ActionWithExecution {
public: public:
explicit RuleEngine(const std::string &action) explicit RuleEngine(const std::string &action)
: Action(action), : Action(action),
@ -38,7 +39,7 @@ class RuleEngine : public Action {
bool init(std::string *error) override; bool init(std::string *error) override;
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
private: private:
RulesSetProperties::RuleEngine m_ruleEngine; RulesSetProperties::RuleEngine m_ruleEngine;

2
src/actions/ctl/rule_remove_by_id.cc
View File

@ -88,7 +88,7 @@ bool RuleRemoveById::init(std::string *error) {
} }
bool RuleRemoveById::execute(Transaction *transaction) noexcept { bool RuleRemoveById::execute(Transaction *transaction) const noexcept {
for (auto &i : m_ids) { for (auto &i : m_ids) {
transaction->m_ruleRemoveById.push_back(i); transaction->m_ruleRemoveById.push_back(i);
} }

5
src/actions/ctl/rule_remove_by_id.h
View File

@ -20,6 +20,7 @@
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_CTL_RULE_REMOVE_BY_ID_H_ #ifndef SRC_ACTIONS_CTL_RULE_REMOVE_BY_ID_H_
@ -31,7 +32,7 @@ namespace actions {
namespace ctl { namespace ctl {
class RuleRemoveById : public Action { class RuleRemoveById : public ActionWithExecution {
public: public:
explicit RuleRemoveById(const std::string &action) explicit RuleRemoveById(const std::string &action)
: Action(action) : Action(action)
@ -39,7 +40,7 @@ class RuleRemoveById : public Action {
bool init(std::string *error) override; bool init(std::string *error) override;
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
private: private:
std::list<std::pair<int, int> > m_ranges; std::list<std::pair<int, int> > m_ranges;

2
src/actions/ctl/rule_remove_by_tag.cc
View File

@ -34,7 +34,7 @@ bool RuleRemoveByTag::init(std::string *error) {
} }
bool RuleRemoveByTag::execute(Transaction *transaction) noexcept { bool RuleRemoveByTag::execute(Transaction *transaction) const noexcept {
transaction->m_ruleRemoveByTag.push_back(m_tag); transaction->m_ruleRemoveByTag.push_back(m_tag);
return true; return true;
} }

5
src/actions/ctl/rule_remove_by_tag.h
View File

@ -18,6 +18,7 @@
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_CTL_RULE_REMOVE_BY_TAG_H_ #ifndef SRC_ACTIONS_CTL_RULE_REMOVE_BY_TAG_H_
@ -29,7 +30,7 @@ namespace actions {
namespace ctl { namespace ctl {
class RuleRemoveByTag : public Action { class RuleRemoveByTag : public ActionWithExecution {
public: public:
explicit RuleRemoveByTag(const std::string &action) explicit RuleRemoveByTag(const std::string &action)
: Action(action), : Action(action),
@ -38,7 +39,7 @@ class RuleRemoveByTag : public Action {
bool init(std::string *error) override; bool init(std::string *error) override;
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
private: private:
std::string m_tag; std::string m_tag;

2
src/actions/ctl/rule_remove_target_by_id.cc
View File

@ -53,7 +53,7 @@ bool RuleRemoveTargetById::init(std::string *error) {
} }
bool RuleRemoveTargetById::execute(Transaction *transaction) noexcept { bool RuleRemoveTargetById::execute(Transaction *transaction) const noexcept {
transaction->m_ruleRemoveTargetById.push_back( transaction->m_ruleRemoveTargetById.push_back(
std::make_pair(m_id, m_target)); std::make_pair(m_id, m_target));
return true; return true;

5
src/actions/ctl/rule_remove_target_by_id.h
View File

@ -18,6 +18,7 @@
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_CTL_RULE_REMOVE_TARGET_BY_ID_H_ #ifndef SRC_ACTIONS_CTL_RULE_REMOVE_TARGET_BY_ID_H_
@ -29,7 +30,7 @@ namespace actions {
namespace ctl { namespace ctl {
class RuleRemoveTargetById : public Action { class RuleRemoveTargetById : public ActionWithExecution {
public: public:
explicit RuleRemoveTargetById(const std::string &action) explicit RuleRemoveTargetById(const std::string &action)
: Action(action), : Action(action),
@ -39,7 +40,7 @@ class RuleRemoveTargetById : public Action {
bool init(std::string *error) override; bool init(std::string *error) override;
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
private: private:
int m_id; int m_id;

2
src/actions/ctl/rule_remove_target_by_tag.cc
View File

@ -46,7 +46,7 @@ bool RuleRemoveTargetByTag::init(std::string *error) {
} }
bool RuleRemoveTargetByTag::execute(Transaction *transaction) noexcept { bool RuleRemoveTargetByTag::execute(Transaction *transaction) const noexcept {
transaction->m_ruleRemoveTargetByTag.push_back( transaction->m_ruleRemoveTargetByTag.push_back(
std::make_pair(m_tag, m_target)); std::make_pair(m_tag, m_target));
return true; return true;

5
src/actions/ctl/rule_remove_target_by_tag.h
View File

@ -18,6 +18,7 @@
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_CTL_RULE_REMOVE_TARGET_BY_TAG_H_ #ifndef SRC_ACTIONS_CTL_RULE_REMOVE_TARGET_BY_TAG_H_
@ -29,7 +30,7 @@ namespace actions {
namespace ctl { namespace ctl {
class RuleRemoveTargetByTag : public Action { class RuleRemoveTargetByTag : public ActionWithExecution {
public: public:
explicit RuleRemoveTargetByTag(const std::string &action) explicit RuleRemoveTargetByTag(const std::string &action)
: Action(action) : Action(action)
@ -37,7 +38,7 @@ class RuleRemoveTargetByTag : public Action {
bool init(std::string *error) override; bool init(std::string *error) override;
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
private: private:
std::string m_tag; std::string m_tag;

2
src/actions/data/status.cc
View File

@ -38,7 +38,7 @@ bool Status::init(std::string *error) {
} }
bool Status::execute(Transaction *transaction) noexcept { bool Status::execute(Transaction *transaction) const noexcept {
transaction->m_it.status = m_status; transaction->m_it.status = m_status;
return true; return true;
} }

5
src/actions/data/status.h
View File

@ -20,6 +20,7 @@
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "src/actions/action_allowed_in_sec_default_action.h" #include "src/actions/action_allowed_in_sec_default_action.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_DATA_STATUS_H_ #ifndef SRC_ACTIONS_DATA_STATUS_H_
@ -31,7 +32,7 @@ namespace actions {
namespace data { namespace data {
class Status : public ActionAllowedAsSecDefaultAction { class Status : public ActionAllowedAsSecDefaultAction, public ActionWithExecution {
public: public:
explicit Status(const std::string &action) explicit Status(const std::string &action)
: Action(action), : Action(action),
@ -40,7 +41,7 @@ class Status : public ActionAllowedAsSecDefaultAction {
bool init(std::string *error) override; bool init(std::string *error) override;
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
private: private:
int m_status; int m_status;

2
src/actions/disruptive/allow.cc
View File

@ -52,7 +52,7 @@ bool Allow::init(std::string *error) {
} }
bool Allow::execute(Transaction *transaction) noexcept { bool Allow::execute(Transaction *transaction) const noexcept {
ms_dbg_a(transaction, 4, "Dropping the evaluation of upcoming rules " \ ms_dbg_a(transaction, 4, "Dropping the evaluation of upcoming rules " \
"in favor of an `allow' action of type: " \ "in favor of an `allow' action of type: " \
+ allowTypeToName(m_allowType)); + allowTypeToName(m_allowType));

5
src/actions/disruptive/allow.h
View File

@ -20,6 +20,7 @@
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "src/actions/disruptive/disruptive_action.h" #include "src/actions/disruptive/disruptive_action.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_DISRUPTIVE_ALLOW_H_ #ifndef SRC_ACTIONS_DISRUPTIVE_ALLOW_H_
@ -51,7 +52,7 @@ enum AllowType : int {
}; };
class Allow : public ActionDisruptive { class Allow : public ActionDisruptive, public ActionWithExecution {
public: public:
explicit Allow(const std::string &action) explicit Allow(const std::string &action)
: Action(action), : Action(action),
@ -60,7 +61,7 @@ class Allow : public ActionDisruptive {
bool init(std::string *error) override; bool init(std::string *error) override;
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
private: private:
AllowType m_allowType; AllowType m_allowType;

2
src/actions/disruptive/deny.cc
View File

@ -32,7 +32,7 @@ namespace actions {
namespace disruptive { namespace disruptive {
bool Deny::execute(Transaction *transaction) noexcept { bool Deny::execute(Transaction *transaction) const noexcept {
ms_dbg_a(transaction, 8, "Running action deny"); ms_dbg_a(transaction, 8, "Running action deny");
if (transaction->m_it.status == 200) { if (transaction->m_it.status == 200) {

5
src/actions/disruptive/deny.h
View File

@ -20,6 +20,7 @@
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "src/actions/disruptive/disruptive_action.h" #include "src/actions/disruptive/disruptive_action.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_DISRUPTIVE_DENY_H_ #ifndef SRC_ACTIONS_DISRUPTIVE_DENY_H_
@ -31,13 +32,13 @@ namespace actions {
namespace disruptive { namespace disruptive {
class Deny : public ActionDisruptive { class Deny : public ActionDisruptive, public ActionWithExecution {
public: public:
Deny() Deny()
: Action("deny") : Action("deny")
{ } { }
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
}; };

2
src/actions/disruptive/drop.cc
View File

@ -32,7 +32,7 @@ namespace actions {
namespace disruptive { namespace disruptive {
bool Drop::execute(Transaction *transaction) noexcept { bool Drop::execute(Transaction *transaction) const noexcept {
ms_dbg_a(transaction, 8, "Running action drop " \ ms_dbg_a(transaction, 8, "Running action drop " \
"[executing deny instead of drop.]"); "[executing deny instead of drop.]");

5
src/actions/disruptive/drop.h
View File

@ -20,6 +20,7 @@
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "src/actions/disruptive/disruptive_action.h" #include "src/actions/disruptive/disruptive_action.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_DISRUPTIVE_DROP_H_ #ifndef SRC_ACTIONS_DISRUPTIVE_DROP_H_
@ -31,13 +32,13 @@ namespace actions {
namespace disruptive { namespace disruptive {
class Drop : public ActionDisruptive { class Drop : public ActionDisruptive, public ActionWithExecution {
public: public:
Drop() Drop()
: Action("drop") : Action("drop")
{ } { }
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
}; };

2
src/actions/disruptive/pass.cc
View File

@ -31,7 +31,7 @@ namespace actions {
namespace disruptive { namespace disruptive {
bool Pass::execute(Transaction *transaction) noexcept { bool Pass::execute(Transaction *transaction) const noexcept {
intervention::free(&transaction->m_it); intervention::free(&transaction->m_it);
intervention::reset(&transaction->m_it); intervention::reset(&transaction->m_it);

5
src/actions/disruptive/pass.h
View File

@ -20,6 +20,7 @@
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "src/actions/disruptive/disruptive_action.h" #include "src/actions/disruptive/disruptive_action.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_DISRUPTIVE_PASS_H_ #ifndef SRC_ACTIONS_DISRUPTIVE_PASS_H_
@ -31,13 +32,13 @@ namespace actions {
namespace disruptive { namespace disruptive {
class Pass : public ActionDisruptive { class Pass : public ActionDisruptive, public ActionWithExecution {
public: public:
Pass() Pass()
: Action("pass") : Action("pass")
{ } { }
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
}; };

2
src/actions/disruptive/redirect.cc
View File

@ -32,7 +32,7 @@ namespace actions {
namespace disruptive { namespace disruptive {
bool Redirect::execute(Transaction *transaction) noexcept { bool Redirect::execute(Transaction *transaction) const noexcept {
std::string m_urlExpanded(getEvaluatedRunTimeString(transaction)); std::string m_urlExpanded(getEvaluatedRunTimeString(transaction));
/* if it was changed before, lets keep it. */ /* if it was changed before, lets keep it. */
if (transaction->m_it.status == 200 if (transaction->m_it.status == 200

6
src/actions/disruptive/redirect.h
View File

@ -24,6 +24,7 @@
#include "src/actions/action_with_run_time_string.h" #include "src/actions/action_with_run_time_string.h"
#include "src/actions/disruptive/disruptive_action.h" #include "src/actions/disruptive/disruptive_action.h"
#include "src/run_time_string.h" #include "src/run_time_string.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_DISRUPTIVE_REDIRECT_H_ #ifndef SRC_ACTIONS_DISRUPTIVE_REDIRECT_H_
@ -35,7 +36,8 @@ namespace actions {
namespace disruptive { namespace disruptive {
class Redirect : public ActionWithRunTimeString, public ActionDisruptive { class Redirect : public ActionWithRunTimeString, public ActionDisruptive,
public ActionWithExecution {
public: public:
explicit Redirect(std::unique_ptr<RunTimeString> runTimeString) explicit Redirect(std::unique_ptr<RunTimeString> runTimeString)
: ActionWithRunTimeString(std::move(runTimeString)), : ActionWithRunTimeString(std::move(runTimeString)),
@ -52,7 +54,7 @@ class Redirect : public ActionWithRunTimeString, public ActionDisruptive {
{ } { }
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
ActionWithRunTimeString *clone() override { ActionWithRunTimeString *clone() override {

2
src/actions/exec.cc
View File

@ -52,7 +52,7 @@ bool Exec::init(std::string *error) {
} }
bool Exec::execute(Transaction *t) noexcept { bool Exec::execute(Transaction *t) const noexcept {
ms_dbg_a(t, 8, "Running script... " + m_script); ms_dbg_a(t, 8, "Running script... " + m_script);
m_lua.run(t); m_lua.run(t);
return true; return true;

6
src/actions/exec.h
View File

@ -18,6 +18,8 @@
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "src/engine/lua.h" #include "src/engine/lua.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_EXEC_H_ #ifndef SRC_ACTIONS_EXEC_H_
#define SRC_ACTIONS_EXEC_H_ #define SRC_ACTIONS_EXEC_H_
@ -27,7 +29,7 @@ namespace modsecurity {
namespace actions { namespace actions {
class Exec : public Action { class Exec : public ActionWithExecution {
public: public:
explicit Exec(const std::string &action) explicit Exec(const std::string &action)
: Action(action), : Action(action),
@ -36,7 +38,7 @@ class Exec : public Action {
~Exec() { } ~Exec() { }
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
bool init(std::string *error) override; bool init(std::string *error) override;
private: private:

54
src/actions/expire_var.h Normal file
View File

@ -0,0 +1,54 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2020 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#include <memory>
#include <string>
#include <utility>
#include "modsecurity/actions/action.h"
#include "modsecurity/transaction.h"
#include "src/actions/action_with_run_time_string.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_EXPIRE_VAR_H_
#define SRC_ACTIONS_EXPIRE_VAR_H_
namespace modsecurity {
namespace actions {
class ExpireVar : public ActionWithExecution {
public:
explicit ExpireVar(const std::string &action)
: Action(action)
{ }
~ExpireVar() { }
bool execute(Transaction *transaction) const noexcept override { return true; };
bool init(std::string *error) override { return true; };
private:
};
} // namespace actions
} // namespace modsecurity
#endif // SRC_ACTIONS_EXPIRE_VAR_H_

2
src/actions/init_col.cc
View File

@ -57,7 +57,7 @@ bool InitCol::init(std::string *error) {
} }
bool InitCol::execute(Transaction *t) noexcept { bool InitCol::execute(Transaction *t) const noexcept {
std::string collectionName(getEvaluatedRunTimeString(t)); std::string collectionName(getEvaluatedRunTimeString(t));
if (m_collection_key == "ip") { if (m_collection_key == "ip") {

6
src/actions/init_col.h
View File

@ -20,6 +20,8 @@
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "src/actions/action_with_run_time_string.h" #include "src/actions/action_with_run_time_string.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_INIT_COL_H_ #ifndef SRC_ACTIONS_INIT_COL_H_
#define SRC_ACTIONS_INIT_COL_H_ #define SRC_ACTIONS_INIT_COL_H_
@ -30,7 +32,7 @@ class Transaction;
namespace actions { namespace actions {
class InitCol : public ActionWithRunTimeString { class InitCol : public ActionWithRunTimeString, public ActionWithExecution {
public: public:
InitCol( InitCol(
const std::string &action, const std::string &action,
@ -47,7 +49,7 @@ class InitCol : public ActionWithRunTimeString {
bool init(std::string *error) override; bool init(std::string *error) override;
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
ActionWithRunTimeString *clone() override { ActionWithRunTimeString *clone() override {
return new InitCol(*this); return new InitCol(*this);

2
src/actions/log_data.cc
View File

@ -25,7 +25,7 @@
namespace modsecurity { namespace modsecurity {
namespace actions { namespace actions {
bool LogData::execute(Transaction *transaction) noexcept { bool LogData::execute(Transaction *transaction) const noexcept {
transaction->messageGetLast()->m_data = transaction->messageGetLast()->m_data =
getEvaluatedRunTimeString(transaction); getEvaluatedRunTimeString(transaction);
return true; return true;

5
src/actions/log_data.h
View File

@ -18,6 +18,7 @@
#include "src/actions/action_with_run_time_string.h" #include "src/actions/action_with_run_time_string.h"
#include "src/run_time_string.h" #include "src/run_time_string.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_LOG_DATA_H_ #ifndef SRC_ACTIONS_LOG_DATA_H_
@ -28,7 +29,7 @@ namespace modsecurity {
namespace actions { namespace actions {
class LogData : public ActionWithRunTimeString { class LogData : public ActionWithRunTimeString, public ActionWithExecution {
public: public:
explicit LogData(std::unique_ptr<RunTimeString> runTimeString) explicit LogData(std::unique_ptr<RunTimeString> runTimeString)
: ActionWithRunTimeString(std::move(runTimeString)), : ActionWithRunTimeString(std::move(runTimeString)),
@ -40,7 +41,7 @@ class LogData : public ActionWithRunTimeString {
Action(data) Action(data)
{ } { }
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
ActionWithRunTimeString *clone() override { ActionWithRunTimeString *clone() override {
return new LogData(*this); return new LogData(*this);

2
src/actions/msg.cc
View File

@ -49,7 +49,7 @@ namespace modsecurity {
namespace actions { namespace actions {
bool Msg::execute(Transaction *transaction) noexcept { bool Msg::execute(Transaction *transaction) const noexcept {
std::string msg = getEvaluatedRunTimeString(transaction); std::string msg = getEvaluatedRunTimeString(transaction);
transaction->messageGetLast()->m_message = msg; transaction->messageGetLast()->m_message = msg;
ms_dbg_a(transaction, 9, "Saving msg: " + msg); ms_dbg_a(transaction, 9, "Saving msg: " + msg);

6
src/actions/msg.h
View File

@ -21,6 +21,8 @@
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "modsecurity/rule_message.h" #include "modsecurity/rule_message.h"
#include "src/actions/action_with_run_time_string.h" #include "src/actions/action_with_run_time_string.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_MSG_H_ #ifndef SRC_ACTIONS_MSG_H_
#define SRC_ACTIONS_MSG_H_ #define SRC_ACTIONS_MSG_H_
@ -32,7 +34,7 @@ class Transaction;
namespace actions { namespace actions {
class Msg : public ActionWithRunTimeString { class Msg : public ActionWithRunTimeString, public ActionWithExecution {
public: public:
explicit Msg(std::unique_ptr<RunTimeString> runTimeString) explicit Msg(std::unique_ptr<RunTimeString> runTimeString)
: ActionWithRunTimeString(std::move(runTimeString)), : ActionWithRunTimeString(std::move(runTimeString)),
@ -44,7 +46,7 @@ class Msg : public ActionWithRunTimeString {
Action(action) Action(action)
{ }; { };
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
ActionWithRunTimeString *clone() override { ActionWithRunTimeString *clone() override {
return new Msg(*this); return new Msg(*this);

2
src/actions/set_env.cc
View File

@ -32,7 +32,7 @@ namespace modsecurity {
namespace actions { namespace actions {
bool SetENV::execute(Transaction *t) noexcept { bool SetENV::execute(Transaction *t) const noexcept {
std::string colNameExpanded(getEvaluatedRunTimeString(t)); std::string colNameExpanded(getEvaluatedRunTimeString(t));
ms_dbg_a(t, 8, "Setting envoriment variable: " ms_dbg_a(t, 8, "Setting envoriment variable: "

6
src/actions/set_env.h
View File

@ -20,6 +20,8 @@
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "src/actions/action_with_run_time_string.h" #include "src/actions/action_with_run_time_string.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_SET_ENV_H_ #ifndef SRC_ACTIONS_SET_ENV_H_
#define SRC_ACTIONS_SET_ENV_H_ #define SRC_ACTIONS_SET_ENV_H_
@ -31,7 +33,7 @@ class Transaction;
namespace actions { namespace actions {
class SetENV : public ActionWithRunTimeString { class SetENV : public ActionWithRunTimeString, public ActionWithExecution {
public: public:
explicit SetENV(std::unique_ptr<RunTimeString> runTimeString) explicit SetENV(std::unique_ptr<RunTimeString> runTimeString)
: ActionWithRunTimeString(std::move(runTimeString)), : ActionWithRunTimeString(std::move(runTimeString)),
@ -43,7 +45,7 @@ class SetENV : public ActionWithRunTimeString {
Action(action) Action(action)
{ }; { };
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
ActionWithRunTimeString *clone() override { ActionWithRunTimeString *clone() override {
return new SetENV(*this); return new SetENV(*this);

2
src/actions/set_rsc.cc
View File

@ -30,7 +30,7 @@ namespace modsecurity {
namespace actions { namespace actions {
bool SetRSC::execute(Transaction *t) noexcept { bool SetRSC::execute(Transaction *t) const noexcept {
std::string colNameExpanded(getEvaluatedRunTimeString(t)); std::string colNameExpanded(getEvaluatedRunTimeString(t));
ms_dbg_a(t, 8, "RESOURCE initiated with value: \'" ms_dbg_a(t, 8, "RESOURCE initiated with value: \'"
+ colNameExpanded + "\'."); + colNameExpanded + "\'.");

6
src/actions/set_rsc.h
View File

@ -20,6 +20,8 @@
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "src/actions/action_with_run_time_string.h" #include "src/actions/action_with_run_time_string.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_SET_RSC_H_ #ifndef SRC_ACTIONS_SET_RSC_H_
#define SRC_ACTIONS_SET_RSC_H_ #define SRC_ACTIONS_SET_RSC_H_
@ -31,7 +33,7 @@ class Transaction;
namespace actions { namespace actions {
class SetRSC : public ActionWithRunTimeString { class SetRSC : public ActionWithRunTimeString, public ActionWithExecution {
public: public:
explicit SetRSC(std::unique_ptr<RunTimeString> runTimeString) explicit SetRSC(std::unique_ptr<RunTimeString> runTimeString)
: ActionWithRunTimeString(std::move(runTimeString)), : ActionWithRunTimeString(std::move(runTimeString)),
@ -43,7 +45,7 @@ class SetRSC : public ActionWithRunTimeString {
Action(action) Action(action)
{ }; { };
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
ActionWithRunTimeString *clone() override { ActionWithRunTimeString *clone() override {
return new SetRSC(*this); return new SetRSC(*this);

2
src/actions/set_sid.cc
View File

@ -30,7 +30,7 @@ namespace modsecurity {
namespace actions { namespace actions {
bool SetSID::execute(Transaction *t) noexcept { bool SetSID::execute(Transaction *t) const noexcept {
std::string colNameExpanded(getEvaluatedRunTimeString(t)); std::string colNameExpanded(getEvaluatedRunTimeString(t));
ms_dbg_a(t, 8, "Session ID initiated with value: \'" ms_dbg_a(t, 8, "Session ID initiated with value: \'"
+ colNameExpanded + "\'."); + colNameExpanded + "\'.");

6
src/actions/set_sid.h
View File

@ -20,6 +20,8 @@
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "src/actions/action_with_run_time_string.h" #include "src/actions/action_with_run_time_string.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_SET_SID_H_ #ifndef SRC_ACTIONS_SET_SID_H_
#define SRC_ACTIONS_SET_SID_H_ #define SRC_ACTIONS_SET_SID_H_
@ -31,7 +33,7 @@ class Transaction;
namespace actions { namespace actions {
class SetSID : public ActionWithRunTimeString { class SetSID : public ActionWithRunTimeString, public ActionWithExecution {
public: public:
explicit SetSID(std::unique_ptr<RunTimeString> runTimeString) explicit SetSID(std::unique_ptr<RunTimeString> runTimeString)
: ActionWithRunTimeString(std::move(runTimeString)), : ActionWithRunTimeString(std::move(runTimeString)),
@ -43,7 +45,7 @@ class SetSID : public ActionWithRunTimeString {
Action(action) Action(action)
{ }; { };
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
ActionWithRunTimeString *clone() override { ActionWithRunTimeString *clone() override {
return new SetSID(*this); return new SetSID(*this);

2
src/actions/set_uid.cc
View File

@ -30,7 +30,7 @@ namespace modsecurity {
namespace actions { namespace actions {
bool SetUID::execute(Transaction *t) noexcept { bool SetUID::execute(Transaction *t) const noexcept {
std::string colNameExpanded(getEvaluatedRunTimeString(t)); std::string colNameExpanded(getEvaluatedRunTimeString(t));
ms_dbg_a(t, 8, "User collection initiated with value: \'" ms_dbg_a(t, 8, "User collection initiated with value: \'"
+ colNameExpanded + "\'."); + colNameExpanded + "\'.");

6
src/actions/set_uid.h
View File

@ -20,6 +20,8 @@
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "src/actions/action_with_run_time_string.h" #include "src/actions/action_with_run_time_string.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_SET_UID_H_ #ifndef SRC_ACTIONS_SET_UID_H_
#define SRC_ACTIONS_SET_UID_H_ #define SRC_ACTIONS_SET_UID_H_
@ -31,7 +33,7 @@ class Transaction;
namespace actions { namespace actions {
class SetUID : public ActionWithRunTimeString { class SetUID : public ActionWithRunTimeString, public ActionWithExecution {
public: public:
explicit SetUID(std::unique_ptr<RunTimeString> runTimeString) explicit SetUID(std::unique_ptr<RunTimeString> runTimeString)
: ActionWithRunTimeString(std::move(runTimeString)), : ActionWithRunTimeString(std::move(runTimeString)),
@ -43,7 +45,7 @@ class SetUID : public ActionWithRunTimeString {
Action(action) Action(action)
{ }; { };
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
ActionWithRunTimeString *clone() override { ActionWithRunTimeString *clone() override {
return new SetUID(*this); return new SetUID(*this);

2
src/actions/set_var.cc
View File

@ -42,7 +42,7 @@ bool SetVar::init(std::string *error) {
} }
bool SetVar::execute(Transaction *t) noexcept { bool SetVar::execute(Transaction *t) const noexcept {
std::string targetValue; std::string targetValue;
std::string resolvedPre; std::string resolvedPre;

5
src/actions/set_var.h
View File

@ -23,6 +23,7 @@
#include "src/actions/action_with_run_time_string.h" #include "src/actions/action_with_run_time_string.h"
#include "src/variables/variable_with_runtime_string.h" #include "src/variables/variable_with_runtime_string.h"
#include "src/rule_with_operator.h" #include "src/rule_with_operator.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_SET_VAR_H_ #ifndef SRC_ACTIONS_SET_VAR_H_
@ -47,7 +48,7 @@ enum SetVarOperation {
}; };
class SetVar : public ActionWithRunTimeString { class SetVar : public ActionWithRunTimeString, public ActionWithExecution {
public: public:
SetVar(SetVarOperation operation, SetVar(SetVarOperation operation,
std::unique_ptr<modsecurity::variables::Variable> variable, std::unique_ptr<modsecurity::variables::Variable> variable,
@ -84,7 +85,7 @@ class SetVar : public ActionWithRunTimeString {
} }
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
bool init(std::string *error) override; bool init(std::string *error) override;
void populate(RuleWithActions *rule) override { void populate(RuleWithActions *rule) override {

2
src/actions/skip.cc
View File

@ -42,7 +42,7 @@ bool Skip::init(std::string *error) {
} }
bool Skip::execute(Transaction *transaction) noexcept { bool Skip::execute(Transaction *transaction) const noexcept {
ms_dbg_a(transaction, 5, "Skipping the next " + \ ms_dbg_a(transaction, 5, "Skipping the next " + \
std::to_string(m_skip_next) + " rules."); std::to_string(m_skip_next) + " rules.");

5
src/actions/skip.h
View File

@ -17,6 +17,7 @@
#include <string> #include <string>
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_SKIP_H_ #ifndef SRC_ACTIONS_SKIP_H_
@ -29,14 +30,14 @@ class Transaction;
namespace actions { namespace actions {
class Skip : public Action { class Skip : public ActionWithExecution {
public: public:
explicit Skip(const std::string &action) explicit Skip(const std::string &action)
: Action(action), : Action(action),
m_skip_next(0) { } m_skip_next(0) { }
bool init(std::string *error) override; bool init(std::string *error) override;
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
private: private:
int m_skip_next; int m_skip_next;

2
src/actions/skip_after.cc
View File

@ -30,7 +30,7 @@ namespace modsecurity {
namespace actions { namespace actions {
bool SkipAfter::execute(Transaction *transaction) noexcept { bool SkipAfter::execute(Transaction *transaction) const noexcept {
ms_dbg_a(transaction, 5, "Setting skipAfter for: " + *m_skipName); ms_dbg_a(transaction, 5, "Setting skipAfter for: " + *m_skipName);
transaction->addMarker(m_skipName); transaction->addMarker(m_skipName);
return true; return true;

5
src/actions/skip_after.h
View File

@ -18,6 +18,7 @@
#include <memory> #include <memory>
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_SKIP_AFTER_H_ #ifndef SRC_ACTIONS_SKIP_AFTER_H_
@ -28,14 +29,14 @@ namespace modsecurity {
namespace actions { namespace actions {
class SkipAfter : public Action { class SkipAfter : public ActionWithExecution {
public: public:
explicit SkipAfter(const std::string &action) explicit SkipAfter(const std::string &action)
: Action(action), : Action(action),
m_skipName(std::make_shared<std::string>(m_parserPayload)) m_skipName(std::make_shared<std::string>(m_parserPayload))
{ } { }
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
private: private:
// FIXME: This should be a regular pointer instead of a shared pointer. // FIXME: This should be a regular pointer instead of a shared pointer.

2
src/actions/tag.cc
View File

@ -52,7 +52,7 @@ namespace modsecurity {
namespace actions { namespace actions {
bool Tag::execute(Transaction *transaction) noexcept { bool Tag::execute(Transaction *transaction) const noexcept {
ms_dbg_a(transaction, 9, "Rule tag: " + getTagName(transaction)); ms_dbg_a(transaction, 9, "Rule tag: " + getTagName(transaction));
return true; return true;
} }

6
src/actions/tag.h
View File

@ -21,6 +21,8 @@
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "src/actions/action_with_run_time_string.h" #include "src/actions/action_with_run_time_string.h"
#include "src/actions/action_allowed_in_sec_default_action.h" #include "src/actions/action_allowed_in_sec_default_action.h"
#include "src/actions/action_with_execution.h"
#ifndef SRC_ACTIONS_TAG_H_ #ifndef SRC_ACTIONS_TAG_H_
#define SRC_ACTIONS_TAG_H_ #define SRC_ACTIONS_TAG_H_
@ -31,7 +33,7 @@ namespace actions {
class Tag : public ActionWithRunTimeString, class Tag : public ActionWithRunTimeString,
public ActionAllowedAsSecDefaultAction { public ActionAllowedAsSecDefaultAction, public ActionWithExecution {
public: public:
explicit Tag(std::unique_ptr<RunTimeString> runTimeString) explicit Tag(std::unique_ptr<RunTimeString> runTimeString)
: ActionWithRunTimeString(std::move(runTimeString)), : ActionWithRunTimeString(std::move(runTimeString)),
@ -43,7 +45,7 @@ class Tag : public ActionWithRunTimeString,
Action(action) Action(action)
{ } { }
bool execute(Transaction *transaction) noexcept override; bool execute(Transaction *transaction) const noexcept override;
inline std::string getTagName(Transaction *transaction) const { inline std::string getTagName(Transaction *transaction) const {
return getEvaluatedRunTimeString(transaction); return getEvaluatedRunTimeString(transaction);

945
src/parser/seclang-parser.cc
View File

File diff suppressed because it is too large Load Diff

7
src/parser/seclang-parser.hh
View File

@ -84,6 +84,7 @@ class Driver;
#include "src/actions/disruptive/redirect.h" #include "src/actions/disruptive/redirect.h"
#include "src/actions/init_col.h" #include "src/actions/init_col.h"
#include "src/actions/exec.h" #include "src/actions/exec.h"
#include "src/actions/expire_var.h"
#include "src/actions/log_data.h" #include "src/actions/log_data.h"
#include "src/actions/log.h" #include "src/actions/log.h"
#include "src/actions/maturity.h" #include "src/actions/maturity.h"
@ -351,7 +352,7 @@ using namespace modsecurity::operators;
a = std::move(c); a = std::move(c);
#line 355 "seclang-parser.hh" #line 356 "seclang-parser.hh"
# include <cassert> # include <cassert>
# include <cstdlib> // std::abort # include <cstdlib> // std::abort
@ -485,7 +486,7 @@ using namespace modsecurity::operators;
#endif #endif
namespace yy { namespace yy {
#line 489 "seclang-parser.hh" #line 490 "seclang-parser.hh"
@ -8586,7 +8587,7 @@ switch (yykind)
} }
} // yy } // yy
#line 8590 "seclang-parser.hh" #line 8591 "seclang-parser.hh"

4
src/parser/seclang-parser.yy
View File

@ -45,6 +45,7 @@ class Driver;
#include "src/actions/disruptive/redirect.h" #include "src/actions/disruptive/redirect.h"
#include "src/actions/init_col.h" #include "src/actions/init_col.h"
#include "src/actions/exec.h" #include "src/actions/exec.h"
#include "src/actions/expire_var.h"
#include "src/actions/log_data.h" #include "src/actions/log_data.h"
#include "src/actions/log.h" #include "src/actions/log.h"
#include "src/actions/maturity.h" #include "src/actions/maturity.h"
@ -2715,8 +2716,7 @@ act:
} }
| ACTION_EXPIRE_VAR | ACTION_EXPIRE_VAR
{ {
//ACTION_NOT_SUPPORTED("ExpireVar", @0); ACTION_CONTAINER($$, new actions::ExpireVar($1));
ACTION_CONTAINER($$, new actions::Action($1));
} }
| ACTION_ID | ACTION_ID
{ {

38
src/rule_with_actions.cc
View File

@ -141,12 +141,12 @@ void RuleWithActions::addDefaultAction(std::shared_ptr<actions::Action> a) {
} else if (dynamic_cast<actions::Tag *>(a.get())) { } else if (dynamic_cast<actions::Tag *>(a.get())) {
m_defaultActionActionsTag.push_back(std::dynamic_pointer_cast<actions::Tag>(a)); m_defaultActionActionsTag.push_back(std::dynamic_pointer_cast<actions::Tag>(a));
} else if (dynamic_cast<actions::Block *>(a.get())) { } else if (dynamic_cast<actions::Block *>(a.get())) {
m_defaultActionActionsRuntimePos.push_back(a); m_defaultActionActionsRuntimePos.push_back(std::dynamic_pointer_cast<ActionWithExecution>(a));
m_defaultContainsStaticBlockAction = true; m_defaultContainsStaticBlockAction = true;
} else if (std::dynamic_pointer_cast<actions::disruptive::ActionDisruptive>(a) != NULL) { } else if (std::dynamic_pointer_cast<ActionDisruptive>(a) != NULL) {
m_defaultActionDisruptiveAction = a; m_defaultActionDisruptiveAction = std::dynamic_pointer_cast<ActionDisruptive>(a);
} else { } else {
m_defaultActionActionsRuntimePos.push_back(a); m_defaultActionActionsRuntimePos.push_back(std::dynamic_pointer_cast<ActionWithExecution>(a));
} }
} }
@ -165,7 +165,6 @@ void RuleWithActions::addAction(actions::Action *a) {
return; return;
} }
if (dynamic_cast<actions::LogData *>(a)) { if (dynamic_cast<actions::LogData *>(a)) {
m_logData = std::unique_ptr<actions::LogData>(dynamic_cast<actions::LogData*>(a)); m_logData = std::unique_ptr<actions::LogData>(dynamic_cast<actions::LogData*>(a));
} else if (dynamic_cast<actions::Msg *>(a)) { } else if (dynamic_cast<actions::Msg *>(a)) {
@ -176,14 +175,14 @@ void RuleWithActions::addAction(actions::Action *a) {
} else if (dynamic_cast<actions::Tag *>(a)) { } else if (dynamic_cast<actions::Tag *>(a)) {
m_actionsTag.push_back(std::unique_ptr<actions::Tag>(dynamic_cast<actions::Tag *>(a))); m_actionsTag.push_back(std::unique_ptr<actions::Tag>(dynamic_cast<actions::Tag *>(a)));
} else if (dynamic_cast<actions::Block *>(a)) { } else if (dynamic_cast<actions::Block *>(a)) {
m_actionsRuntimePos.push_back(std::unique_ptr<actions::Block>(dynamic_cast<actions::Block *>(a))); m_actionsRuntimePos.push_back(std::unique_ptr<ActionWithExecution>(dynamic_cast<ActionWithExecution *>(a)));
m_containsStaticBlockAction = true; m_containsStaticBlockAction = true;
} else if (dynamic_cast<actions::XmlNS *>(a)) { } else if (dynamic_cast<actions::XmlNS *>(a)) {
m_XmlNSs.push_back(std::unique_ptr<actions::XmlNS>(dynamic_cast<actions::XmlNS *>(a))); m_XmlNSs.push_back(std::unique_ptr<actions::XmlNS>(dynamic_cast<actions::XmlNS *>(a)));
} else if (dynamic_cast<actions::disruptive::ActionDisruptive *>(a) != NULL) { } else if (dynamic_cast<ActionDisruptive *>(a) != NULL) {
m_disruptiveAction = std::unique_ptr<Action>(a); m_disruptiveAction = std::unique_ptr<ActionDisruptive>(dynamic_cast<ActionDisruptive *>(a));
} else { } else {
m_actionsRuntimePos.push_back(std::unique_ptr<Action>(a)); m_actionsRuntimePos.push_back(std::unique_ptr<ActionWithExecution >(dynamic_cast<ActionWithExecution *>(a)));
} }
} }
@ -241,23 +240,22 @@ void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans) {
if (m_ruleId != b.first) { if (m_ruleId != b.first) {
continue; continue;
} }
actions::Action *a = dynamic_cast<actions::Action*>(b.second.get()); ActionWithExecution *a = dynamic_cast<ActionWithExecution*>(b.second.get());
if (dynamic_cast<actions::disruptive::ActionDisruptive *>(a) != NULL) { if (dynamic_cast<ActionDisruptive *>(a) != NULL) {
trans->messageGetLast()->setRule(this); trans->messageGetLast()->setRule(this);
} }
executeAction(trans, a, false); executeAction(trans, a, false);
if (dynamic_cast<actions::disruptive::ActionDisruptive *>(a) != NULL) { if (dynamic_cast<ActionDisruptive *>(a) != NULL) {
disruptiveAlreadyExecuted = true; disruptiveAlreadyExecuted = true;
} }
} }
for (auto &a : getMatchActionsPtr()) { for (auto &a : getMatchActionsPtr()) {
if (!dynamic_cast<actions::disruptive::ActionDisruptive *>(a) != NULL if (!dynamic_cast<ActionDisruptive *>(a) != NULL
&& !(disruptiveAlreadyExecuted && !(disruptiveAlreadyExecuted
&& dynamic_cast<actions::Block *>(a))) { && dynamic_cast<actions::Block *>(a))) {
executeAction(trans, a, false); executeAction(trans, a, false);
} }
} }
if (!disruptiveAlreadyExecuted && m_disruptiveAction != nullptr) { if (!disruptiveAlreadyExecuted && m_disruptiveAction != nullptr) {
executeAction(trans, executeAction(trans,
m_disruptiveAction.get(), false); m_disruptiveAction.get(), false);
@ -270,13 +268,14 @@ void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans) {
void RuleWithActions::executeAction(Transaction *trans, void RuleWithActions::executeAction(Transaction *trans,
Action *a, bool defaultContext) { ActionWithExecution *a, bool defaultContext) {
if (dynamic_cast<actions::disruptive::ActionDisruptive *>(a) == NULL) {
ms_dbg_a(trans, 9, "Running action: " + *a->getName()); ms_dbg_a(trans, 9, "Running action: " + *a->getName());
a->execute(trans); a->execute(trans);
return;
} }
void RuleWithActions::executeAction(Transaction *trans,
ActionDisruptive *a, bool defaultContext) {
if (defaultContext && !hasBlockAction()) { if (defaultContext && !hasBlockAction()) {
ms_dbg_a(trans, 4, "Ignoring action: " + *a->getName() + \ ms_dbg_a(trans, 4, "Ignoring action: " + *a->getName() + \
" (rule does not cotains block)"); " (rule does not cotains block)");
@ -284,9 +283,10 @@ void RuleWithActions::executeAction(Transaction *trans,
} }
if (trans->getRuleEngineState() == RulesSet::EnabledRuleEngine) { if (trans->getRuleEngineState() == RulesSet::EnabledRuleEngine) {
ms_dbg_a(trans, 4, "Running (disruptive) action: " + ms_dbg_a(trans, 4, "Running (disruptive) action: " + \
*a->getName() + "."); *a->getName() + ".");
a->execute(trans); ActionWithExecution *ae = dynamic_cast<ActionWithExecution *>(a);
ae->execute(trans);
return; return;
} }

31
src/rule_with_actions.h
View File

@ -31,6 +31,8 @@
#include "modsecurity/rule.h" #include "modsecurity/rule.h"
#include "modsecurity/actions/action.h" #include "modsecurity/actions/action.h"
#include "src/actions/action_type_rule_metadata.h" #include "src/actions/action_type_rule_metadata.h"
#include "src/actions/action_with_execution.h"
#include "src/actions/disruptive/disruptive_action.h"
#ifdef __cplusplus #ifdef __cplusplus
@ -54,15 +56,20 @@ class Transformation;
using Transformation = actions::transformations::Transformation; using Transformation = actions::transformations::Transformation;
using Transformations = std::vector<std::shared_ptr<Transformation> >; using Transformations = std::vector<std::shared_ptr<Transformation> >;
using TransformationsPtr = std::vector<Transformation *>; using TransformationsPtr = std::vector<Transformation *>;
using Action = actions::Action;
using ActionTypeRuleMetaData = actions::ActionTypeRuleMetaData;
using Actions = std::vector<actions::Action *>; using Actions = std::vector<actions::Action *>;
using ActionWithExecution = actions::ActionWithExecution;
using ActionTypeRuleMetaData = actions::ActionTypeRuleMetaData;
using ActionDisruptive = actions::disruptive::ActionDisruptive;
using MatchActions = std::vector<std::shared_ptr<ActionWithExecution > >;
using MatchActionsPtr = std::vector<ActionWithExecution *>;
using Tags = std::vector<std::shared_ptr<actions::Tag> >; using Tags = std::vector<std::shared_ptr<actions::Tag> >;
using TagsPtr = std::vector<actions::Tag *>; using TagsPtr = std::vector<actions::Tag *>;
using SetVars = std::vector<std::shared_ptr<actions::SetVar> >; using SetVars = std::vector<std::shared_ptr<actions::SetVar> >;
using SetVarsPtr = std::vector<actions::SetVar *>; using SetVarsPtr = std::vector<actions::SetVar *>;
using MatchActions = std::vector<std::shared_ptr<actions::Action > >;
using MatchActionsPtr = std::vector<actions::Action *>;
using XmlNSs = std::vector<std::shared_ptr<actions::XmlNS> >; using XmlNSs = std::vector<std::shared_ptr<actions::XmlNS> >;
using XmlNSsPtr = std::vector<actions::XmlNS *>; using XmlNSsPtr = std::vector<actions::XmlNS *>;
@ -110,7 +117,6 @@ class RuleWithActions : public Rule {
int ACCURACY_NOT_SET = 10; int ACCURACY_NOT_SET = 10;
int MATURITY_NOT_SET = 10; int MATURITY_NOT_SET = 10;
RuleWithActions( RuleWithActions(
Actions *a, Actions *a,
Transformations *t, Transformations *t,
@ -226,7 +232,11 @@ class RuleWithActions : public Rule {
Transaction *trasn); Transaction *trasn);
void executeAction(Transaction *trans, void executeAction(Transaction *trans,
Action *a, ActionWithExecution *a,
bool context);
void executeAction(Transaction *trans,
ActionDisruptive *a,
bool context); bool context);
static void executeTransformation( static void executeTransformation(
@ -357,8 +367,8 @@ class RuleWithActions : public Rule {
inline bool hasCaptureAction() const { return m_containsCaptureAction || m_defaultContainsCaptureAction; } inline bool hasCaptureAction() const { return m_containsCaptureAction || m_defaultContainsCaptureAction; }
inline bool hasDisruptiveAction() const { return m_disruptiveAction != nullptr || m_defaultActionDisruptiveAction != nullptr; } inline bool hasDisruptiveAction() const { return m_disruptiveAction != nullptr || m_defaultActionDisruptiveAction != nullptr; }
inline void setDisruptiveAction(const std::shared_ptr<actions::Action> &a) { m_disruptiveAction = a; } inline void setDisruptiveAction(const std::shared_ptr<ActionDisruptive> &a) { m_disruptiveAction = a; }
inline std::shared_ptr<actions::Action> getDisruptiveAction() const { return m_disruptiveAction; } inline std::shared_ptr<ActionDisruptive> getDisruptiveAction() const { return m_disruptiveAction; }
inline bool hasBlockAction() const { return m_containsStaticBlockAction || m_defaultContainsStaticBlockAction; } inline bool hasBlockAction() const { return m_containsStaticBlockAction || m_defaultContainsStaticBlockAction; }
inline void setHasBlockAction(bool b) { m_containsStaticBlockAction = b; } inline void setHasBlockAction(bool b) { m_containsStaticBlockAction = b; }
@ -518,7 +528,7 @@ class RuleWithActions : public Rule {
RuleWithActions *m_chainedRuleParent; RuleWithActions *m_chainedRuleParent;
/* actions */ /* actions */
std::shared_ptr<actions::Action> m_disruptiveAction; std::shared_ptr<ActionDisruptive> m_disruptiveAction;
std::shared_ptr<actions::LogData> m_logData; std::shared_ptr<actions::LogData> m_logData;
std::shared_ptr<actions::Msg> m_msg; std::shared_ptr<actions::Msg> m_msg;
MatchActions m_actionsRuntimePos; MatchActions m_actionsRuntimePos;
@ -527,9 +537,10 @@ class RuleWithActions : public Rule {
XmlNSs m_XmlNSs; XmlNSs m_XmlNSs;
/* actions || SecDefaultAction */ /* actions || SecDefaultAction */
std::shared_ptr<actions::Action> m_defaultActionDisruptiveAction; std::shared_ptr<ActionDisruptive> m_defaultActionDisruptiveAction;
std::shared_ptr<actions::LogData> m_defaultActionLogData; std::shared_ptr<actions::LogData> m_defaultActionLogData;
std::shared_ptr<actions::Msg> m_defaultActionMsg; std::shared_ptr<actions::Msg> m_defaultActionMsg;
MatchActions m_defaultActionActionsRuntimePos; MatchActions m_defaultActionActionsRuntimePos;
SetVars m_defaultActionActionsSetVar; SetVars m_defaultActionActionsSetVar;
Tags m_defaultActionActionsTag; Tags m_defaultActionActionsTag;