From c4e1ede358853f5acda7bb88396f258b5d131be8 Mon Sep 17 00:00:00 2001 From: brectanus Date: Tue, 22 Jan 2008 05:39:33 +0000 Subject: [PATCH] Fixed merging actionsets so we can build a more accurate rule for auditing. --- apache2/apache2_config.c | 41 ++-------- apache2/re.c | 166 ++++++++++++++++++++++++++++++--------- apache2/re.h | 19 ++++- apache2/re_actions.c | 51 +++++++++++- 4 files changed, 200 insertions(+), 77 deletions(-) diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c index 846a0c80..02551592 100644 --- a/apache2/apache2_config.c +++ b/apache2/apache2_config.c @@ -552,7 +552,7 @@ static const char *add_rule(cmd_parms *cmd, directory_config *dcfg, int type, cmd->directive->line_num, p1, p2, &my_error_msg); break; default : - rule = msre_rule_create(dcfg->ruleset, cmd->directive->filename, + rule = msre_rule_create(dcfg->ruleset, type, cmd->directive->filename, cmd->directive->line_num, p1, p2, p3, &my_error_msg); break; } @@ -721,7 +721,7 @@ static const char *add_marker(cmd_parms *cmd, directory_config *dcfg, const char } /* Create the rule now. */ - rule = msre_rule_create(dcfg->ruleset, cmd->directive->filename, cmd->directive->line_num, p1, p2, p3, &my_error_msg); + rule = msre_rule_create(dcfg->ruleset, RULE_TYPE_MARKER, cmd->directive->filename, cmd->directive->line_num, p1, p2, p3, &my_error_msg); if (rule == NULL) { return my_error_msg; } @@ -797,21 +797,7 @@ static const char *update_rule_action(cmd_parms *cmd, directory_config *dcfg, #ifdef DEBUG_CONF { - const apr_array_header_t *tarr = apr_table_elts(rule->actionset->actions); - const apr_table_entry_t *telts = (const apr_table_entry_t*)tarr->elts; - char *actions = NULL; - int i; - for (i = 0; i < tarr->nelts; i++) { - msre_action *action = (msre_action *)telts[i].val; - actions = apr_pstrcat(ruleset->mp, - (actions == NULL) ? "" : actions, - (actions == NULL) ? "" : ",", - action->metadata->name, - (action->param == NULL) ? "" : ":'", - (action->param == NULL) ? "" : action->param, - (action->param == NULL) ? "" : "'", - NULL); - } + char *actions = msre_actionset_generate_action_string(ruleset->mp, rule->actionset); ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_NOERRNO, 0, cmd->pool, "Updating rule %pp id=\"%s\" action: \"%s\"", rule, @@ -826,25 +812,12 @@ static const char *update_rule_action(cmd_parms *cmd, directory_config *dcfg, new_actionset, 1); msre_actionset_set_defaults(rule->actionset); - /* ENH: Change the unparsed string, but may be impossible. */ + /* Update the unparsed rule */ + rule->unparsed = msre_rule_generate_unparsed(ruleset->mp, rule, NULL, NULL, NULL); #ifdef DEBUG_CONF { - const apr_array_header_t *tarr = apr_table_elts(rule->actionset->actions); - const apr_table_entry_t *telts = (const apr_table_entry_t*)tarr->elts; - char *actions = NULL; - int i; - for (i = 0; i < tarr->nelts; i++) { - msre_action *action = (msre_action *)telts[i].val; - actions = apr_pstrcat(ruleset->mp, - (actions == NULL) ? "" : actions, - (actions == NULL) ? "" : ",", - action->metadata->name, - (action->param == NULL) ? "" : ":'", - (action->param == NULL) ? "" : action->param, - (action->param == NULL) ? "" : "'", - NULL); - } + char *actions = msre_actionset_generate_action_string(ruleset->mp, rule->actionset); ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_NOERRNO, 0, cmd->pool, "Updated rule %pp id=\"%s\" action: \"%s\"", rule, @@ -859,7 +832,7 @@ static const char *update_rule_action(cmd_parms *cmd, directory_config *dcfg, /* -- Configuration directives -- */ static const char *cmd_action(cmd_parms *cmd, void *_dcfg, const char *p1) { - return add_rule(cmd, (directory_config *)_dcfg, RULE_TYPE_NORMAL, SECACTION_TARGETS, SECACTION_ARGS, p1); + return add_rule(cmd, (directory_config *)_dcfg, RULE_TYPE_ACTION, SECACTION_TARGETS, SECACTION_ARGS, p1); } static const char *cmd_marker(cmd_parms *cmd, void *_dcfg, const char *p1) { diff --git a/apache2/re.c b/apache2/re.c index 80f8388d..606cde41 100644 --- a/apache2/re.c +++ b/apache2/re.c @@ -28,6 +28,65 @@ static const char *const severities[] = { /* -- Actions, variables, functions and operator functions ----------------- */ +/** + * Remove actions with the same cardinality group from the actionset. + */ +static void msre_actionset_cardinality_fixup(msre_actionset *actionset, msre_action *action) { + const apr_array_header_t *tarr = apr_table_elts(actionset->actions); + const apr_table_entry_t *telts = (const apr_table_entry_t*)tarr->elts; + int i; + + if ((actionset == NULL) || (action == NULL)) return; + + for (i = 0; i < tarr->nelts; i++) { + msre_action *target = (msre_action *)telts[i].val; + if (target->metadata->cardinality_group == action->metadata->cardinality_group) { + + apr_table_unset(actionset->actions, target->metadata->name); + } + } +} + +/** + * Generate an action string from an actionset. + */ +char *msre_actionset_generate_action_string(apr_pool_t *pool, const msre_actionset *actionset) +{ + const apr_array_header_t *tarr = apr_table_elts(actionset->actions); + const apr_table_entry_t *telts = (const apr_table_entry_t*)tarr->elts; + char *actions = NULL; + int i; + + for (i = 0; i < tarr->nelts; i++) { + msre_action *action = (msre_action *)telts[i].val; + int use_quotes = 0; + + /* Check if we need any quotes */ + if (action->param != NULL) { + int j; + for(j = 0; action->param[j] != '\0'; j++) { + if (isspace(action->param[j])) { + use_quotes = 1; + break; + } + } + if (j == 0) use_quotes = 1; + } + + actions = apr_pstrcat(pool, + (actions == NULL) ? "" : actions, + (actions == NULL) ? "" : ",", + action->metadata->name, + (action->param == NULL) ? "" : ":", + (use_quotes) ? "'" : "", + (action->param == NULL) ? "" : action->param, + (use_quotes) ? "'" : "", + NULL); + } + + return actions; +} + /** * Creates msre_var instances (rule variables) out of the * given text string and places them into the supplied table. @@ -100,6 +159,10 @@ apr_status_t msre_parse_actions(msre_engine *engine, msre_actionset *actionset, action->metadata->init(engine, actionset, action); } + if (action->metadata->cardinality_group != ACTION_CGROUP_NONE) { + msre_actionset_cardinality_fixup(actionset, action); + } + if (action->metadata->cardinality == ACTION_CARDINALITY_ONE) { /* One action per actionlist. */ apr_table_setn(actionset->actions, action->metadata->name, (void *)action); @@ -536,6 +599,11 @@ msre_actionset *msre_actionset_merge(msre_engine *engine, msre_actionset *parent telts = (const apr_table_entry_t*)tarr->elts; for (i = 0; i < tarr->nelts; i++) { msre_action *action = (msre_action *)telts[i].val; + + if (action->metadata->cardinality_group != ACTION_CGROUP_NONE) { + msre_actionset_cardinality_fixup(merged, action); + } + if (action->metadata->cardinality == ACTION_CARDINALITY_ONE) { apr_table_setn(merged->actions, action->metadata->name, (void *)action); } else { @@ -1248,11 +1316,63 @@ char *msre_format_metadata(modsec_rec *msr, msre_actionset *actionset) { return apr_pstrcat(msr->mp, fn, id, rev, msg, logdata, severity, tags, NULL); } +char * msre_rule_generate_unparsed(apr_pool_t *pool, const msre_rule *rule, const char *targets, + const char *args, const char *actions) +{ + char *unparsed = NULL; + const char *r_targets = targets; + const char *r_args = args; + const char *r_actions = actions; + + if (r_targets == NULL) { + r_targets = rule->p1; + } + if (r_args == NULL) { + r_args = apr_pstrcat(pool, (rule->op_negated ? "!" : ""), "@", rule->op_name, " ", rule->op_param, NULL); + } + if (r_actions == NULL) { + r_actions = msre_actionset_generate_action_string(pool, rule->actionset); + } + + switch (rule->type) { + case RULE_TYPE_NORMAL: + if (r_actions == NULL) { + unparsed = apr_psprintf(pool, "SecRule \"%s\" \"%s\"", + log_escape(pool, r_targets), log_escape(pool, r_args)); + } + else { + unparsed = apr_psprintf(pool, "SecRule \"%s\" \"%s\" \"%s\"", + log_escape(pool, r_targets), log_escape(pool, r_args), + log_escape(pool, r_actions)); + } + break; + case RULE_TYPE_ACTION: + unparsed = apr_psprintf(pool, "SecAction \"%s\"", + log_escape(pool, r_actions)); + break; + case RULE_TYPE_MARKER: + unparsed = apr_psprintf(pool, "SecMarker \"%s\"", rule->actionset->id); + break; + case RULE_TYPE_LUA: + /* SecRuleScript */ + if (r_actions == NULL) { + unparsed = apr_psprintf(pool, "SecRuleScript \"%s\"", r_args); + } + else { + unparsed = apr_psprintf(pool, "SecRuleScript \"%s\" \"%s\"", + r_args, log_escape(pool, r_actions)); + } + break; + } + + return unparsed; +} + /** * Assembles a new rule using the strings that contain a list * of targets (variables), arguments, and actions. */ -msre_rule *msre_rule_create(msre_ruleset *ruleset, +msre_rule *msre_rule_create(msre_ruleset *ruleset, int type, const char *fn, int line, const char *targets, const char *args, const char *actions, char **error_msg) { @@ -1266,36 +1386,14 @@ msre_rule *msre_rule_create(msre_ruleset *ruleset, rule = (msre_rule *)apr_pcalloc(ruleset->mp, sizeof(msre_rule)); if (rule == NULL) return NULL; + + rule->type = type; rule->ruleset = ruleset; rule->targets = apr_array_make(ruleset->mp, 10, sizeof(const msre_var *)); rule->p1 = apr_pstrdup(ruleset->mp, targets); rule->filename = apr_pstrdup(ruleset->mp, fn); rule->line_num = line; - /* Add the unparsed rule */ - if ((strcmp(SECACTION_TARGETS, targets) == 0) && (strcmp(SECACTION_ARGS, args) == 0)) { - rule->unparsed = apr_psprintf(ruleset->mp, "SecAction \"%s\"", - log_escape(ruleset->mp, actions)); - } - else - if ((strcmp(SECMARKER_TARGETS, targets) == 0) - && (strcmp(SECMARKER_ARGS, args) == 0) - && (strncmp(SECMARKER_BASE_ACTIONS, actions, strlen(SECMARKER_BASE_ACTIONS)) == 0)) - { - rule->unparsed = apr_psprintf(ruleset->mp, "SecMarker \"%s\"", - log_escape(ruleset->mp, actions + strlen(SECMARKER_BASE_ACTIONS))); - } - else { - if (actions == NULL) { - rule->unparsed = apr_psprintf(ruleset->mp, "SecRule \"%s\" \"%s\"", - log_escape(ruleset->mp, targets), log_escape(ruleset->mp, args)); - } else { - rule->unparsed = apr_psprintf(ruleset->mp, "SecRule \"%s\" \"%s\" \"%s\"", - log_escape(ruleset->mp, targets), log_escape(ruleset->mp, args), - log_escape(ruleset->mp, actions)); - } - } - /* Parse targets */ rc = msre_parse_targets(ruleset, targets, rule->targets, &my_error_msg); if (rc < 0) { @@ -1353,6 +1451,9 @@ msre_rule *msre_rule_create(msre_ruleset *ruleset, } } + /* Add the unparsed rule */ + rule->unparsed = msre_rule_generate_unparsed(ruleset->mp, rule, targets, args, NULL); + return rule; } @@ -1371,20 +1472,12 @@ msre_rule *msre_rule_lua_create(msre_ruleset *ruleset, rule = (msre_rule *)apr_pcalloc(ruleset->mp, sizeof(msre_rule)); if (rule == NULL) return NULL; + + rule->type = RULE_TYPE_LUA; rule->ruleset = ruleset; rule->filename = apr_pstrdup(ruleset->mp, fn); rule->line_num = line; - rule->type = RULE_TYPE_LUA; - - if (actions == NULL) { - rule->unparsed = apr_psprintf(ruleset->mp, "SecRuleScript \"%s\"", - script_filename); - } else { - rule->unparsed = apr_psprintf(ruleset->mp, "SecRuleScript \"%s\" \"%s\"", - script_filename, log_escape(ruleset->mp, actions)); - } - /* Compile script. */ *error_msg = lua_compile(&rule->script, script_filename, ruleset->mp); if (*error_msg != NULL) { @@ -1401,6 +1494,9 @@ msre_rule *msre_rule_lua_create(msre_ruleset *ruleset, } } + /* Add the unparsed rule */ + rule->unparsed = msre_rule_generate_unparsed(ruleset->mp, rule, NULL, script_filename, NULL); + return rule; } diff --git a/apache2/re.h b/apache2/re.h index 2be763da..62a20f4b 100644 --- a/apache2/re.h +++ b/apache2/re.h @@ -122,9 +122,10 @@ int DSOLOCAL msre_ruleset_phase_rule_remove_with_exception(msre_ruleset *ruleset #define RULE_PH_SKIPAFTER 1 /* Implicit placeholder for skipAfter */ #define RULE_PH_MARKER 2 /* Explicit placeholder for SecMarker */ -#define RULE_TYPE_NORMAL 0 -#define RULE_TYPE_ACTION 1 -#define RULE_TYPE_LUA 2 +#define RULE_TYPE_NORMAL 0 /* SecRule */ +#define RULE_TYPE_ACTION 1 /* SecAction */ +#define RULE_TYPE_MARKER 2 /* SecMarker */ +#define RULE_TYPE_LUA 3 /* SecRuleScript */ struct msre_rule { apr_array_header_t *targets; @@ -153,7 +154,9 @@ struct msre_rule { msc_script *script; }; -msre_rule DSOLOCAL *msre_rule_create(msre_ruleset *ruleset, +char DSOLOCAL *msre_rule_generate_unparsed(apr_pool_t *pool, const msre_rule *rule, const char *targets, const char *args, const char *actions); + +msre_rule DSOLOCAL *msre_rule_create(msre_ruleset *ruleset, int type, const char *fn, int line, const char *targets, const char *args, const char *actions, char **error_msg); @@ -274,6 +277,8 @@ struct msre_actionset { int auditlog; }; +char DSOLOCAL *msre_actionset_generate_action_string(apr_pool_t *pool, const msre_actionset *actionset); + void DSOLOCAL msre_engine_variable_register(msre_engine *engine, const char *name, unsigned int type, unsigned int argc_min, unsigned int argc_max, fn_var_validate_t validate, fn_var_generate_t generate, @@ -306,6 +311,11 @@ typedef apr_status_t (*fn_action_execute_t)(modsec_rec *msr, apr_pool_t *mptmp, #define ACTION_CARDINALITY_ONE 1 #define ACTION_CARDINALITY_MANY 2 +#define ACTION_CGROUP_NONE 0 +#define ACTION_CGROUP_DISRUPTIVE 1 +#define ACTION_CGROUP_LOG 2 +#define ACTION_CGROUP_AUDITLOG 3 + struct msre_action_metadata { const char *name; unsigned int type; @@ -313,6 +323,7 @@ struct msre_action_metadata { unsigned int argc_max; unsigned int allow_param_plusminus; unsigned int cardinality; + unsigned int cardinality_group; fn_action_validate_t validate; fn_action_init_t init; fn_action_execute_t execute; diff --git a/apache2/re_actions.c b/apache2/re_actions.c index dd076a5e..180ec60a 100644 --- a/apache2/re_actions.c +++ b/apache2/re_actions.c @@ -14,10 +14,11 @@ /** * Register action with the engine. */ -static void msre_engine_action_register(msre_engine *engine, const char *name, unsigned int type, - unsigned int argc_min, unsigned int argc_max, unsigned int allow_param_plusminus, - unsigned int cardinality, fn_action_validate_t validate, fn_action_init_t init, - fn_action_execute_t execute) +static void msre_engine_action_register(msre_engine *engine, const char *name, + unsigned int type, unsigned int argc_min, unsigned int argc_max, + unsigned int allow_param_plusminus, unsigned int cardinality, + unsigned int cardinality_group, fn_action_validate_t validate, + fn_action_init_t init, fn_action_execute_t execute) { msre_action_metadata *metadata = (msre_action_metadata *)apr_pcalloc(engine->mp, sizeof(msre_action_metadata)); @@ -29,6 +30,7 @@ static void msre_engine_action_register(msre_engine *engine, const char *name, u metadata->argc_max = argc_max; metadata->allow_param_plusminus = allow_param_plusminus; metadata->cardinality = cardinality; + metadata->cardinality_group = cardinality_group; metadata->validate = validate; metadata->init = init; metadata->execute = execute; @@ -1619,6 +1621,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_NONE, NULL, msre_action_id_init, NULL @@ -1631,6 +1634,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_NONE, NULL, msre_action_rev_init, NULL @@ -1643,6 +1647,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_NONE, NULL, msre_action_msg_init, NULL @@ -1655,6 +1660,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_NONE, NULL, msre_action_logdata_init, NULL @@ -1667,6 +1673,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_NONE, NULL, msre_action_severity_init, NULL @@ -1679,6 +1686,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 0, 0, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_NONE, NULL, msre_action_chain_init, NULL @@ -1691,6 +1699,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 0, 0, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_LOG, NULL, msre_action_log_init, NULL @@ -1703,6 +1712,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 0, 0, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_LOG, NULL, msre_action_nolog_init, NULL @@ -1715,6 +1725,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 0, 0, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_AUDITLOG, NULL, msre_action_auditlog_init, NULL @@ -1727,6 +1738,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 0, 0, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_AUDITLOG, NULL, msre_action_noauditlog_init, NULL @@ -1739,6 +1751,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 0, 0, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_DISRUPTIVE, NULL, msre_action_deny_init, NULL @@ -1751,6 +1764,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_NONE, msre_action_status_validate, msre_action_status_init, NULL @@ -1763,6 +1777,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 0, 0, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_DISRUPTIVE, NULL, msre_action_drop_init, NULL @@ -1775,6 +1790,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_NONE, msre_action_pause_validate, msre_action_pause_init, NULL @@ -1787,6 +1803,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_DISRUPTIVE, msre_action_redirect_validate, msre_action_redirect_init, msre_action_redirect_execute @@ -1799,6 +1816,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_DISRUPTIVE, msre_action_proxy_validate, msre_action_proxy_init, msre_action_proxy_execute @@ -1811,6 +1829,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 0, 0, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_DISRUPTIVE, NULL, msre_action_pass_init, NULL @@ -1823,6 +1842,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_DISRUPTIVE, msre_action_skip_validate, msre_action_skip_init, NULL @@ -1835,6 +1855,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_DISRUPTIVE, msre_action_skipAfter_validate, msre_action_skipAfter_init, NULL @@ -1847,6 +1868,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 0, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_DISRUPTIVE, msre_action_allow_validate, msre_action_allow_init, NULL @@ -1859,6 +1881,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_NONE, msre_action_phase_validate, msre_action_phase_init, NULL @@ -1871,6 +1894,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, ALLOW_PLUS_MINUS, ACTION_CARDINALITY_MANY, + ACTION_CGROUP_NONE, msre_action_t_validate, msre_action_t_init, NULL @@ -1883,6 +1907,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_MANY, + ACTION_CGROUP_NONE, msre_action_ctl_validate, msre_action_ctl_init, msre_action_ctl_execute @@ -1895,6 +1920,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_MANY, + ACTION_CGROUP_NONE, msre_action_xmlns_validate, NULL, NULL @@ -1907,6 +1933,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 0, 0, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_NONE, NULL, NULL, NULL @@ -1919,6 +1946,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_MANY, + ACTION_CGROUP_NONE, NULL, NULL, msre_action_sanitiseArg_execute @@ -1931,6 +1959,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 0, 0, NO_PLUS_MINUS, ACTION_CARDINALITY_MANY, + ACTION_CGROUP_NONE, NULL, NULL, msre_action_sanitiseMatched_execute @@ -1943,6 +1972,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_MANY, + ACTION_CGROUP_NONE, NULL, NULL, msre_action_sanitiseRequestHeader_execute @@ -1955,6 +1985,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_MANY, + ACTION_CGROUP_NONE, NULL, NULL, msre_action_sanitiseResponseHeader_execute @@ -1967,6 +1998,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_MANY, + ACTION_CGROUP_NONE, NULL, NULL, msre_action_setenv_execute @@ -1979,6 +2011,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_MANY, + ACTION_CGROUP_NONE, NULL, NULL, msre_action_setvar_execute @@ -1991,6 +2024,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_MANY, + ACTION_CGROUP_NONE, NULL, NULL, msre_action_expirevar_execute @@ -2003,6 +2037,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_MANY, + ACTION_CGROUP_NONE, NULL, NULL, msre_action_deprecatevar_execute @@ -2015,6 +2050,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_MANY, + ACTION_CGROUP_NONE, NULL, NULL, msre_action_initcol_execute @@ -2027,6 +2063,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_NONE, NULL, NULL, msre_action_setsid_execute @@ -2039,6 +2076,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_NONE, NULL, NULL, msre_action_setuid_execute @@ -2051,6 +2089,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_MANY, + ACTION_CGROUP_NONE, msre_action_exec_validate, NULL, msre_action_exec_execute @@ -2063,6 +2102,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 0, 0, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_NONE, NULL, NULL, NULL @@ -2075,6 +2115,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_MANY, + ACTION_CGROUP_NONE, NULL, NULL, NULL @@ -2087,6 +2128,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_NONE, NULL, NULL, msre_action_prepend_execute @@ -2099,6 +2141,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { 1, 1, NO_PLUS_MINUS, ACTION_CARDINALITY_ONE, + ACTION_CGROUP_NONE, NULL, NULL, msre_action_append_execute