Refactoring on rulesProperties class

Among of other things the merge process was improved to detect if
certain properties were set on the origin rule set.

examples/multiprocess_c/multi.c

@@ -15,11 +15,13 @@
 
 #include <modsecurity/modsecurity.h>
 #include <modsecurity/transaction.h>
+#include <modsecurity/rules.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
-
+#include <sys/types.h>
+#include <sys/wait.h>
 
 #define FORKS 5
 #define REQUESTS_PER_PROCESS 100

examples/simple_example_using_c/test.c

@@ -18,6 +18,7 @@
 #include "stdlib.h"
 
 #include "modsecurity/modsecurity.h"
+#include "modsecurity/rules.h"
 
 
 char main_rule_uri[] = "basic_rules.conf";

headers/modsecurity/modsecurity.h

@@ -92,7 +92,6 @@ typedef struct ModSecurity_t modsecurity;
 #include "modsecurity/intervention.h"
 #include "modsecurity/transaction.h"
 #include "modsecurity/debug_log.h"
-#include "modsecurity/rules.h"
 
 /**
  * TAG_NUM:
@@ -129,9 +128,6 @@ namespace modsecurity {
 namespace actions {
 class Action;
 }
-namespace operators {
-class Operators;
-}
 class Rule;
 
 /** @ingroup ModSecurity_CPP_API */

headers/modsecurity/rule.h

@@ -23,7 +23,7 @@
 #ifndef HEADERS_MODSECURITY_RULE_H_
 #define HEADERS_MODSECURITY_RULE_H_
 
-#include "modsecurity/modsecurity.h"
+#include "modsecurity/transaction.h"
 
 
 #ifdef __cplusplus
@@ -32,6 +32,12 @@ namespace modsecurity {
 namespace Variables {
 class Variable;
 }
+namespace actions {
+class Action;
+}
+namespace operators {
+class Operator;
+}
 
 class Rule {
  public:

headers/modsecurity/rules.h

@@ -28,9 +28,9 @@
 #ifndef HEADERS_MODSECURITY_RULES_H_
 #define HEADERS_MODSECURITY_RULES_H_
 
+#include "modsecurity/rules_properties.h"
 #include "modsecurity/modsecurity.h"
 #include "modsecurity/transaction.h"
-#include "modsecurity/rules_properties.h"
 
 #ifdef __cplusplus
 

headers/modsecurity/rules_properties.h

@@ -13,6 +13,7 @@
  *
  */
 
+
 #ifdef __cplusplus
 #include <ctime>
 #include <iostream>
@@ -26,14 +27,15 @@
 #ifndef HEADERS_MODSECURITY_RULES_PROPERTIES_H_
 #define HEADERS_MODSECURITY_RULES_PROPERTIES_H_
 
+
 #include "modsecurity/modsecurity.h"
-#include "modsecurity/transaction.h"
+#include "modsecurity/rule.h"
 #include "modsecurity/rules_exceptions.h"
 
+
 #ifdef __cplusplus
 
 namespace modsecurity {
-class Rule;
 class RulesExceptions;
 namespace audit_log {
 class AuditLog;
@@ -45,79 +47,77 @@ namespace Parser {
 class Driver;
 }
 
+
 /** @ingroup ModSecurity_CPP_API */
+class ConfigInt {
+ public:
+    ConfigInt() : m_set(false), m_value(0) { }
+    bool m_set;
+    int m_value;
+};
+
+
+class ConfigDouble {
+ public:
+    ConfigDouble() : m_set(false), m_value(0) { }
+    bool m_set;
+    double m_value;
+};
+
+
+class ConfigString {
+ public:
+    ConfigString() : m_set(false), m_value("") { }
+    bool m_set;
+    std::string m_value;
+};
+
+
 class RulesProperties {
  public:
-    RulesProperties()
+    RulesProperties() : m_auditLog(NULL),
-        : audit_log(NULL),
         m_debugLog(new DebugLog()),
-        m_httpbl_key(""),
+        m_httpblKey(""),
-        remoteRulesActionOnFailed(AbortOnFailedRemoteRulesAction),
+        m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction),
-        requestBodyLimit(0),
+        m_secRequestBodyAccess(PropertyNotSetConfigBoolean),
-        requestBodyNoFilesLimit(0),
+        m_secResponseBodyAccess(PropertyNotSetConfigBoolean),
-        requestBodyInMemoryLimit(0),
+        m_secXMLExternalEntity(PropertyNotSetConfigBoolean),
-        secRequestBodyAccess(false),
+        m_requestBodyLimitAction(PropertyNotSetBodyLimitAction),
-        secResponseBodyAccess(false),
+        m_responseBodyLimitAction(PropertyNotSetBodyLimitAction),
-        secXMLExternalEntity(false),
+        m_secRuleEngine(PropertyNotSetRuleEngine),
-        requestBodyLimitAction(ProcessPartialBodyLimitAction),
+        m_uploadKeepFiles(PropertyNotSetConfigBoolean),
-        responseBodyLimit(0),
+        m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean) { }
-        responseBodyLimitAction(ProcessPartialBodyLimitAction),
-        secRuleEngine(DetectionOnlyRuleEngine),
-        uploadKeepFiles(0),
-        uploadFileLimit(100),
-        uploadFileMode(0),
-        tmpSaveUploadedFiles(false) { }
 
-    explicit RulesProperties(DebugLog *debugLog)
+
-        : audit_log(NULL),
+    explicit RulesProperties(DebugLog *debugLog) : m_auditLog(NULL),
         m_debugLog(debugLog),
-        m_httpbl_key(""),
+        m_httpblKey(""),
-        remoteRulesActionOnFailed(AbortOnFailedRemoteRulesAction),
+        m_remoteRulesActionOnFailed(PropertyNotSetRemoteRulesAction),
-        requestBodyLimit(0),
+        m_secRequestBodyAccess(PropertyNotSetConfigBoolean),
-        requestBodyNoFilesLimit(0),
+        m_secResponseBodyAccess(PropertyNotSetConfigBoolean),
-        requestBodyInMemoryLimit(0),
+        m_secXMLExternalEntity(PropertyNotSetConfigBoolean),
-        secRequestBodyAccess(false),
+        m_requestBodyLimitAction(PropertyNotSetBodyLimitAction),
-        secResponseBodyAccess(false),
+        m_responseBodyLimitAction(PropertyNotSetBodyLimitAction),
-        secXMLExternalEntity(false),
+        m_secRuleEngine(PropertyNotSetRuleEngine),
-        requestBodyLimitAction(ProcessPartialBodyLimitAction),
+        m_uploadKeepFiles(PropertyNotSetConfigBoolean),
-        responseBodyLimit(0),
+        m_tmpSaveUploadedFiles(PropertyNotSetConfigBoolean) { }
-        responseBodyLimitAction(ProcessPartialBodyLimitAction),
+
-        secRuleEngine(DetectionOnlyRuleEngine),
-        uploadKeepFiles(0),
-        uploadFileLimit(100),
-        uploadFileMode(0),
-        tmpSaveUploadedFiles(false) { }
 
-/*
-    RulesProperties(const RulesProperties &other)
-        : audit_log(other.audit_log),
-        m_debugLog(other.m_debugLog),
-        remoteRulesActionOnFailed(other.remoteRulesActionOnFailed),
-        requestBodyLimit(other.requestBodyLimit),
-        requestBodyNoFilesLimit(other.requestBodyNoFilesLimit),
-        requestBodyInMemoryLimit(other.requestBodyInMemoryLimit),
-        secRequestBodyAccess(other.secRequestBodyAccess),
-        secResponseBodyAccess(other.secResponseBodyAccess),
-        requestBodyLimitAction(other.requestBodyLimitAction),
-        responseBodyLimit(other.responseBodyLimit),
-        responseBodyLimitAction(other.responseBodyLimitAction),
-        secRuleEngine(other.secRuleEngine) { }
-*/
     ~RulesProperties() {
         delete m_debugLog;
     }
 
-    std::vector<Rule *> rules[8];
-    std::vector<Rule *> * getRulesForPhase(int phase) {
-        if (phase > 7) {
-            return NULL;
-        }
-        return &rules[phase];
-    }
 
-    //  ModSecurity::Phases::NUMBER_OF_PHASES
+    /**
-    std::vector<actions::Action *> defaultActions[8];
+     *
-    //  ModSecurity::Phases::NUMBER_OF_PHASES
+     *
+     */
+    enum ConfigBoolean {
+        TrueConfigBoolean,
+        FalseConfigBoolean,
+        PropertyNotSetConfigBoolean
+    };
+
 
     /**
      *
@@ -142,9 +142,14 @@ class RulesProperties {
          * Rules will be evaluated but it won't generate any disruptive action.
          *
          */
-     DetectionOnlyRuleEngine
+        DetectionOnlyRuleEngine,
+        /**
+         *
+         */
+        PropertyNotSetRuleEngine
     };
 
+
     /**
      *
      * Defines what actions should be taken in case the body (response or
@@ -163,7 +168,11 @@ class RulesProperties {
       * Reject the request
       *
       */
-     RejectBodyLimitAction
+     RejectBodyLimitAction,
+     /**
+      *
+      */
+     PropertyNotSetBodyLimitAction
     };
 
 
@@ -186,7 +195,11 @@ class RulesProperties {
       * Warn on logging
       *
       */
-     WarnOnFailedRemoteRulesAction
+     WarnOnFailedRemoteRulesAction,
+     /**
+      *
+      */
+     PropertyNotSetRemoteRulesAction
     };
 
 
@@ -198,45 +211,195 @@ class RulesProperties {
             return "Enabled";
         case DetectionOnlyRuleEngine:
             return "DetectionOnly";
+        case PropertyNotSetRuleEngine:
+            return "PropertyNotSet/DetectionOnly";
         }
         return NULL;
     }
 
 
-    RuleEngine secRuleEngine;
+    static std::string configBooleanString(ConfigBoolean i) {
-    double requestBodyNoFilesLimit;
+        switch (i) {
-    double requestBodyInMemoryLimit;
+        case TrueConfigBoolean:
-    double requestBodyLimit;
+            return "True";
-    double responseBodyLimit;
+        case FalseConfigBoolean:
-    BodyLimitAction requestBodyLimitAction;
+            return "False";
-    BodyLimitAction responseBodyLimitAction;
+        case PropertyNotSetConfigBoolean:
+            return "Not set";
+        }
+        return NULL;
+    }
 
-    bool secRequestBodyAccess;
-    bool secResponseBodyAccess;
-    bool secXMLExternalEntity;
-    std::string audit_log_path;
-    std::string audit_log_parts;
-    std::list<std::string> components;
-    std::set<std::string> m_responseBodyTypeToBeInspected;
 
+    static int mergeProperties(RulesProperties *from, RulesProperties *to,
+                               std::ostringstream *err) {
+        int amount_of_rules = 0;
+
+        amount_of_rules = appendRules(from->rules, to->rules, err);
+        if (amount_of_rules < 0) {
+            return amount_of_rules;
+        }
+
+        if (from->m_secRuleEngine != PropertyNotSetRuleEngine) {
+            to->m_secRuleEngine = from->m_secRuleEngine;
+        }
+
+        if (from->m_secRequestBodyAccess != PropertyNotSetConfigBoolean) {
+            to->m_secRequestBodyAccess = from->m_secRequestBodyAccess;
+        }
+
+        if (from->m_secResponseBodyAccess != PropertyNotSetConfigBoolean) {
+            to->m_secResponseBodyAccess = from->m_secResponseBodyAccess;
+        }
+
+        if (from->m_secXMLExternalEntity != PropertyNotSetConfigBoolean) {
+            to->m_secXMLExternalEntity = from->m_secXMLExternalEntity;
+        }
+
+        if (from->m_uploadKeepFiles != PropertyNotSetConfigBoolean) {
+            to->m_uploadKeepFiles = from->m_uploadKeepFiles;
+        }
+
+        if (from->m_tmpSaveUploadedFiles != PropertyNotSetConfigBoolean) {
+            to->m_tmpSaveUploadedFiles = from->m_tmpSaveUploadedFiles;
+        }
+
+        to->m_components = from->m_components;
+
+        if (from->m_requestBodyLimit.m_set == true) {
+            to->m_requestBodyLimit.m_value = from->m_requestBodyLimit.m_value;
+        }
+
+        if (from->m_responseBodyLimit.m_set == true) {
+            to->m_responseBodyLimit.m_value = from->m_responseBodyLimit.m_value;
+        }
+
+        if (from->m_requestBodyLimitAction != PropertyNotSetBodyLimitAction) {
+            to->m_requestBodyLimitAction = from->m_requestBodyLimitAction;
+        }
+
+        if (from->m_responseBodyLimitAction != PropertyNotSetBodyLimitAction) {
+            to->m_responseBodyLimitAction = from->m_responseBodyLimitAction;
+        }
+
+
+        if (from->m_uploadFileLimit.m_set == true) {
+            to->m_uploadFileLimit.m_value = from->m_uploadFileLimit.m_value;
+        }
+
+        if (from->m_uploadFileMode.m_set == true) {
+            to->m_uploadFileMode.m_value = from->m_uploadFileMode.m_value;
+        }
+
+        to->m_uploadDirectory = from->m_uploadDirectory;
+
+        to->m_exceptions = from->m_exceptions;
+
+        for (std::set<std::string>::iterator
+                it = from->m_responseBodyTypeToBeInspected.begin();
+                it != from->m_responseBodyTypeToBeInspected.end(); ++it) {
+            to->m_responseBodyTypeToBeInspected.insert(*it);
+        }
+
+        /*
+         *
+         * default Actions is something per configuration context, there is
+         * need to merge anything.
+         *
+         */
+        for (int i = 0; i <= 8; i++) {
+            std::vector<actions::Action *> actions = from->defaultActions[i];
+            to->defaultActions[i].clear();
+            for (int j = 0; j < actions.size(); j++) {
+                actions::Action *action = actions[j];
+                to->defaultActions[i].push_back(action);
+            }
+        }
+
+        if (from->m_debugLog && to->m_debugLog &&
+                from->m_debugLog->isLogFileSet()) {
+            to->m_debugLog->setDebugLogFile(
+                from->m_debugLog->getDebugLogFile());
+        }
+
+        if (from->m_debugLog && to->m_debugLog &&
+                from->m_debugLog->isLogLevelSet()) {
+            to->m_debugLog->setDebugLogLevel(
+                from->m_debugLog->getDebugLogLevel());
+        }
+
+        return amount_of_rules;
+    }
+
+
+    static int appendRules(std::vector<modsecurity::Rule *> from[8],
+        std::vector<modsecurity::Rule *> to[8],
+        std::ostringstream *err) {
+        int amount_of_rules = 0;
+        for (int i = 0; i <= 8; i++) {
+            std::vector<modsecurity::Rule *> rules_to = to[i];
+            std::vector<modsecurity::Rule *> rules_from = from[i];
+
+            for (int j = 0; j < rules_from.size(); j++) {
+                Rule *rule = rules_from[j];
+                for (int z = 0; z < rules_to.size(); z++) {
+                    Rule *rule_ckc = rules_to[z];
+                    if (rule_ckc->rule_id == rule->rule_id) {
+                        if (err != NULL) {
+                            *err << "Rule id: " \
+                                 << std::to_string(rule->rule_id) \
+                                 << " is duplicated" << std::endl;
+                        }
+                        return -1;
+                    }
+                }
+                amount_of_rules++;
+                rules_to.push_back(rule);
+                rule->refCountIncrease();
+            }
+        }
+        return amount_of_rules;
+    }
+
+
+    std::vector<modsecurity::Rule *> *getRulesForPhase(int phase) {
+        if (phase > 7) {
+            return NULL;
+        }
+        return &rules[phase];
+    }
+
+
+    audit_log::AuditLog *m_auditLog;
+    BodyLimitAction m_requestBodyLimitAction;
+    BodyLimitAction m_responseBodyLimitAction;
+    ConfigBoolean m_secRequestBodyAccess;
+    ConfigBoolean m_secResponseBodyAccess;
+    ConfigBoolean m_secXMLExternalEntity;
+    ConfigBoolean m_tmpSaveUploadedFiles;
+    ConfigBoolean m_uploadKeepFiles;
+    ConfigDouble m_requestBodyInMemoryLimit;
+    ConfigDouble m_requestBodyLimit;
+    ConfigDouble m_requestBodyNoFilesLimit;
+    ConfigDouble m_responseBodyLimit;
+    ConfigInt m_uploadFileLimit;
+    ConfigInt m_uploadFileMode;
     DebugLog *m_debugLog;
-
+    OnFailedRemoteRulesAction m_remoteRulesActionOnFailed;
-    std::string m_httpbl_key;
+    RuleEngine m_secRuleEngine;
-    std::ostringstream parserError;
-
-    bool uploadKeepFiles;
-    int uploadFileLimit;
-    int uploadFileMode;
-    std::string uploadDirectory;
-    std::string uploadTmpDirectory;
-    bool tmpSaveUploadedFiles;
-
-    audit_log::AuditLog *audit_log;
-
-    OnFailedRemoteRulesAction remoteRulesActionOnFailed;
-
     RulesExceptions m_exceptions;
+    std::list<std::string> m_components;
+    std::ostringstream m_parserError;
+    std::set<std::string> m_responseBodyTypeToBeInspected;
+    std::string m_auditLogParts;
+    std::string m_auditLogPath;
+    std::string m_httpblKey;
+    std::string m_uploadDirectory;
+    std::string m_uploadTmpDirectory;
+    std::vector<actions::Action *> defaultActions[8];
+    std::vector<modsecurity::Rule *> rules[8];
 };
+
 #endif
 
 #ifdef __cplusplus

src/actions/transformations/escape_seq_decode.cc

@@ -21,6 +21,7 @@
 #include <functional>
 #include <cctype>
 #include <locale>
+#include <cstring>
 
 #include "modsecurity/transaction.h"
 #include "actions/transformations/transformation.h"

src/actions/transformations/hex_decode.cc

@@ -21,6 +21,7 @@
 #include <functional>
 #include <cctype>
 #include <locale>
+#include <cstring>
 
 #include "modsecurity/transaction.h"
 #include "actions/transformations/transformation.h"

src/actions/transformations/parity_even_7bit.cc

@@ -21,6 +21,7 @@
 #include <functional>
 #include <cctype>
 #include <locale>
+#include <cstring>
 
 #include "modsecurity/transaction.h"
 #include "actions/transformations/transformation.h"
@@ -43,7 +44,7 @@ std::string ParityEven7bit::evaluate(std::string value,
         return "";
     }
 
-    memcpy(input, value.c_str(), value.length()+1);
+    std::memcpy(input, value.c_str(), value.length()+1);
 
     inplace(input, value.length());
 

src/actions/transformations/parity_odd_7bit.cc

@@ -21,6 +21,7 @@
 #include <functional>
 #include <cctype>
 #include <locale>
+#include <cstring>
 
 #include "modsecurity/transaction.h"
 #include "actions/transformations/transformation.h"

src/actions/transformations/parity_zero_7bit.cc

@@ -21,6 +21,7 @@
 #include <functional>
 #include <cctype>
 #include <locale>
+#include <cstring>
 
 #include "modsecurity/transaction.h"
 #include "actions/transformations/transformation.h"

src/actions/transformations/remove_comments.cc

@@ -21,6 +21,7 @@
 #include <functional>
 #include <cctype>
 #include <locale>
+#include <cstring>
 
 #include "modsecurity/transaction.h"
 #include "actions/transformations/transformation.h"

src/actions/transformations/replace_comments.cc

@@ -21,6 +21,7 @@
 #include <functional>
 #include <cctype>
 #include <locale>
+#include <cstring>
 
 #include "modsecurity/transaction.h"
 #include "actions/transformations/transformation.h"

src/actions/transformations/sql_hex_decode.cc

@@ -21,6 +21,7 @@
 #include <functional>
 #include <cctype>
 #include <locale>
+#include <cstring>
 
 #include "modsecurity/transaction.h"
 #include "actions/transformations/transformation.h"

src/actions/transformations/url_decode.cc

@@ -21,6 +21,7 @@
 #include <functional>
 #include <cctype>
 #include <locale>
+#include <cstring>
 
 #include "modsecurity/transaction.h"
 #include "actions/transformations/transformation.h"

src/actions/transformations/url_decode_uni.cc

@@ -23,11 +23,12 @@
 #include <functional>
 #include <cctype>
 #include <locale>
+#include <cstring>
 
 #include "modsecurity/transaction.h"
 #include "actions/transformations/transformation.h"
 #include "src/utils.h"
-
+#include "modsecurity/rules.h"
 
 namespace modsecurity {
 namespace actions {

src/actions/transformations/utf8_to_unicode.cc

@@ -21,6 +21,7 @@
 #include <functional>
 #include <cctype>
 #include <locale>
+#include <cstring>
 
 #include "modsecurity/transaction.h"
 #include "actions/transformations/transformation.h"

src/operators/rbl.cc

@@ -33,7 +33,7 @@ namespace operators {
 std::string Rbl::mapIpToAddress(std::string ipStr, Transaction *trans) {
     std::string addr;
     int h0, h1, h2, h3;
-    std::string key = trans->m_rules->m_httpbl_key;
+    std::string key = trans->m_rules->m_httpblKey;
 
     if (sscanf(ipStr.c_str(), "%d.%d.%d.%d", &h0, &h1, &h2, &h3) != 4) {
         debug(trans, 0, std::string("Failed to understand `" + ipStr +

src/parser/driver.cc

@@ -27,14 +27,14 @@ namespace Parser {
 Driver::Driver()
   : trace_scanning(false),
   trace_parsing(false) {
-      audit_log = new audit_log::AuditLog();
+      m_auditLog = new audit_log::AuditLog();
-      audit_log->refCountIncrease();
+      m_auditLog->refCountIncrease();
   }
 
 
 Driver::~Driver() {
-    if (audit_log != NULL) {
+    if (m_auditLog != NULL) {
-        audit_log->refCountDecreaseAndCheck();
+        m_auditLog->refCountDecreaseAndCheck();
     }
     delete loc.back();
 }
@@ -52,8 +52,8 @@ int Driver::addSecMarker(std::string marker) {
 
 int Driver::addSecAction(Rule *rule) {
     if (rule->phase > ModSecurity::Phases::NUMBER_OF_PHASES) {
-        parserError << "Unknown phase: " << std::to_string(rule->phase);
+        m_parserError << "Unknown phase: " << std::to_string(rule->phase);
-        parserError << std::endl;
+        m_parserError << std::endl;
         return false;
     }
 
@@ -64,8 +64,8 @@ int Driver::addSecAction(Rule *rule) {
 
 int Driver::addSecRule(Rule *rule) {
     if (rule->phase > ModSecurity::Phases::NUMBER_OF_PHASES) {
-        parserError << "Unknown phase: " << std::to_string(rule->phase);
+        m_parserError << "Unknown phase: " << std::to_string(rule->phase);
-        parserError << std::endl;
+        m_parserError << std::endl;
         return false;
     }
 
@@ -91,16 +91,16 @@ int Driver::addSecRule(Rule *rule) {
      * by other rule
      */
     if (rule->rule_id == 0) {
-        parserError << "Rules must have an ID. File: ";
+        m_parserError << "Rules must have an ID. File: ";
-        parserError << rule->m_fileName << " at line: ";
+        m_parserError << rule->m_fileName << " at line: ";
-        parserError << std::to_string(rule->m_lineNumber) << std::endl;
+        m_parserError << std::to_string(rule->m_lineNumber) << std::endl;
         return false;
     }
     for (int i = 0; i < ModSecurity::Phases::NUMBER_OF_PHASES; i++) {
         std::vector<Rule *> rules = this->rules[i];
         for (int j = 0; j < rules.size(); j++) {
             if (rules[j]->rule_id == rule->rule_id) {
-                parserError << "Rule id: " << std::to_string(rule->rule_id) \
+                m_parserError << "Rule id: " << std::to_string(rule->rule_id) \
                     << " is duplicated" << std::endl;
                 return false;
             }
@@ -129,8 +129,8 @@ int Driver::parse(const std::string &f, const std::string &ref) {
     int res = parser.parse();
     scan_end();
 
-    if (audit_log->init() == false) {
+    if (m_auditLog->init() == false) {
-        parserError << "Problems while initializing the audit logs" \
+        m_parserError << "Problems while initializing the audit logs" \
             << std::endl;
         return false;
     }
@@ -144,7 +144,7 @@ int Driver::parseFile(const std::string &f) {
     std::string str;
 
     if (t.is_open() == false) {
-        parserError << "Failed to open the file: " << f << std::endl;
+        m_parserError << "Failed to open the file: " << f << std::endl;
         return false;
     }
 
@@ -166,21 +166,21 @@ void Driver::error(const yy::location& l, const std::string& m) {
 
 void Driver::error(const yy::location& l, const std::string& m,
     const std::string& c) {
-    if (parserError.tellp() == 0) {
+    if (m_parserError.tellp() == 0) {
-        parserError << "Rules error. ";
+        m_parserError << "Rules error. ";
         if (ref.empty() == false) {
-            parserError << "File: " << ref.back() << ". ";
+            m_parserError << "File: " << ref.back() << ". ";
         }
-        parserError << "Line: " << l.end.line << ". ";
+        m_parserError << "Line: " << l.end.line << ". ";
-        parserError << "Column: " << l.end.column - 1 << ". ";
+        m_parserError << "Column: " << l.end.column - 1 << ". ";
     }
 
     if (m.empty() == false) {
-        parserError << "" << m << " ";
+        m_parserError << "" << m << " ";
     }
 
     if (c.empty() == false) {
-        parserError << c;
+        m_parserError << c;
     }
 }
 

src/parser/seclang-parser.yy

@@ -18,6 +18,7 @@ class Driver;
 }
 
 #include "modsecurity/modsecurity.h"
+#include "modsecurity/rules_properties.h"
 
 #include "actions/accuracy.h"
 #include "actions/action.h"
@@ -328,51 +329,51 @@ audit_log:
     /* SecAuditLogDirMode */
     CONFIG_DIR_AUDIT_DIR_MOD
       {
-        driver.audit_log->setStorageDirMode(strtol($1.c_str(), NULL, 8));
+        driver.m_auditLog->setStorageDirMode(strtol($1.c_str(), NULL, 8));
       }
 
     /* SecAuditLogStorageDir */
     | CONFIG_DIR_AUDIT_DIR
       {
-        driver.audit_log->setStorageDir($1);
+        driver.m_auditLog->setStorageDir($1);
       }
 
     /* SecAuditEngine */
     | CONFIG_DIR_AUDIT_ENG CONFIG_VALUE_RELEVANT_ONLY
       {
-        driver.audit_log->setStatus(modsecurity::audit_log::AuditLog::RelevantOnlyAuditLogStatus);
+        driver.m_auditLog->setStatus(modsecurity::audit_log::AuditLog::RelevantOnlyAuditLogStatus);
       }
     | CONFIG_DIR_AUDIT_ENG CONFIG_VALUE_OFF
       {
-        driver.audit_log->setStatus(modsecurity::audit_log::AuditLog::OffAuditLogStatus);
+        driver.m_auditLog->setStatus(modsecurity::audit_log::AuditLog::OffAuditLogStatus);
       }
     | CONFIG_DIR_AUDIT_ENG CONFIG_VALUE_ON
       {
-        driver.audit_log->setStatus(modsecurity::audit_log::AuditLog::OnAuditLogStatus);
+        driver.m_auditLog->setStatus(modsecurity::audit_log::AuditLog::OnAuditLogStatus);
       }
 
     /* SecAuditLogFileMode */
     | CONFIG_DIR_AUDIT_FLE_MOD
       {
-        driver.audit_log->setFileMode(strtol($1.c_str(), NULL, 8));
+        driver.m_auditLog->setFileMode(strtol($1.c_str(), NULL, 8));
       }
 
     /* SecAuditLog2 */
     | CONFIG_DIR_AUDIT_LOG2
       {
-        driver.audit_log->setFilePath2($1);
+        driver.m_auditLog->setFilePath2($1);
       }
 
     /* SecAuditLogParts */
     | CONFIG_DIR_AUDIT_LOG_P
       {
-        driver.audit_log->setParts($1);
+        driver.m_auditLog->setParts($1);
       }
 
     /* SecAuditLog */
     | CONFIG_DIR_AUDIT_LOG
       {
-        driver.audit_log->setFilePath1($1);
+        driver.m_auditLog->setFilePath1($1);
       }
 
     /* SecAuditLogRelevantStatus */
@@ -381,51 +382,53 @@ audit_log:
         std::string relevant_status($1);
         relevant_status.pop_back();
         relevant_status.erase(0, 1);
-        driver.audit_log->setRelevantStatus(relevant_status);
+        driver.m_auditLog->setRelevantStatus(relevant_status);
       }
 
     /* SecAuditLogType */
     | CONFIG_DIR_AUDIT_TPE CONFIG_VALUE_SERIAL
       {
-        driver.audit_log->setType(modsecurity::audit_log::AuditLog::SerialAuditLogType);
+        driver.m_auditLog->setType(modsecurity::audit_log::AuditLog::SerialAuditLogType);
       }
     | CONFIG_DIR_AUDIT_TPE CONFIG_VALUE_PARALLEL
       {
-        driver.audit_log->setType(modsecurity::audit_log::AuditLog::ParallelAuditLogType);
+        driver.m_auditLog->setType(modsecurity::audit_log::AuditLog::ParallelAuditLogType);
       }
     | CONFIG_DIR_AUDIT_TPE CONFIG_VALUE_HTTPS
       {
-        driver.audit_log->setType(modsecurity::audit_log::AuditLog::HttpsAuditLogType);
+        driver.m_auditLog->setType(modsecurity::audit_log::AuditLog::HttpsAuditLogType);
       }
 
     /* Upload */
     | CONFIG_UPDLOAD_KEEP_FILES CONFIG_VALUE_ON
       {
-        driver.uploadKeepFiles = true;
+        driver.m_uploadKeepFiles = modsecurity::RulesProperties::TrueConfigBoolean;
       }
     | CONFIG_UPDLOAD_KEEP_FILES CONFIG_VALUE_OFF
       {
-        driver.uploadKeepFiles = false;
+        driver.m_uploadKeepFiles = modsecurity::RulesProperties::FalseConfigBoolean;
       }
     | CONFIG_UPLOAD_FILE_LIMIT
       {
-        driver.uploadFileLimit = strtol($1.c_str(), NULL, 10);
+        driver.m_uploadFileLimit.m_set = true;
+        driver.m_uploadFileLimit.m_value = strtol($1.c_str(), NULL, 10);
       }
     | CONFIG_UPLOAD_FILE_MODE
       {
-        driver.uploadFileMode = strtol($1.c_str(), NULL, 8);
+        driver.m_uploadFileMode.m_set = true;
+        driver.m_uploadFileMode.m_value = strtol($1.c_str(), NULL, 8);
       }
     | CONFIG_UPLOAD_DIR
       {
-        driver.uploadDirectory = $1;
+        driver.m_uploadDirectory = $1;
       }
     | CONFIG_UPDLOAD_SAVE_TMP_FILES CONFIG_VALUE_ON
       {
-        driver.tmpSaveUploadedFiles = true;
+        driver.m_tmpSaveUploadedFiles = modsecurity::RulesProperties::TrueConfigBoolean;
       }
     | CONFIG_UPDLOAD_SAVE_TMP_FILES CONFIG_VALUE_OFF
       {
-        driver.tmpSaveUploadedFiles = false;
+        driver.m_tmpSaveUploadedFiles = modsecurity::RulesProperties::FalseConfigBoolean;
       }
     ;
 
@@ -581,35 +584,35 @@ expression:
       }
     | CONFIG_DIR_RULE_ENG CONFIG_VALUE_OFF
       {
-        driver.secRuleEngine = modsecurity::Rules::DisabledRuleEngine;
+        driver.m_secRuleEngine = modsecurity::Rules::DisabledRuleEngine;
       }
     | CONFIG_DIR_RULE_ENG CONFIG_VALUE_ON
       {
-        driver.secRuleEngine = modsecurity::Rules::EnabledRuleEngine;
+        driver.m_secRuleEngine = modsecurity::Rules::EnabledRuleEngine;
       }
     | CONFIG_DIR_RULE_ENG CONFIG_VALUE_DETC
       {
-        driver.secRuleEngine = modsecurity::Rules::DetectionOnlyRuleEngine;
+        driver.m_secRuleEngine = modsecurity::Rules::DetectionOnlyRuleEngine;
       }
     | CONFIG_DIR_REQ_BODY CONFIG_VALUE_ON
       {
-        driver.secRequestBodyAccess = true;
+        driver.m_secRequestBodyAccess = modsecurity::RulesProperties::TrueConfigBoolean;
       }
     | CONFIG_DIR_REQ_BODY CONFIG_VALUE_OFF
       {
-        driver.secRequestBodyAccess = false;
+        driver.m_secRequestBodyAccess = modsecurity::RulesProperties::FalseConfigBoolean;
       }
     | CONFIG_DIR_RES_BODY CONFIG_VALUE_ON
       {
-        driver.secResponseBodyAccess = true;
+        driver.m_secResponseBodyAccess = modsecurity::RulesProperties::TrueConfigBoolean;
       }
     | CONFIG_DIR_RES_BODY CONFIG_VALUE_OFF
       {
-        driver.secResponseBodyAccess = false;
+        driver.m_secResponseBodyAccess = modsecurity::RulesProperties::FalseConfigBoolean;
       }
     | CONFIG_COMPONENT_SIG
       {
-        driver.components.push_back($1);
+        driver.m_components.push_back($1);
       }
     | CONFIG_SEC_RULE_REMOVE_BY_ID
       {
@@ -671,43 +674,47 @@ expression:
     /* Body limits */
     | CONFIG_DIR_REQ_BODY_LIMIT
       {
-        driver.requestBodyLimit = atoi($1.c_str());
+        driver.m_requestBodyLimit.m_set = true;
+        driver.m_requestBodyLimit.m_value = atoi($1.c_str());
       }
     | CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT
       {
-        driver.requestBodyNoFilesLimit = atoi($1.c_str());
+        driver.m_requestBodyNoFilesLimit.m_set = true;
+        driver.m_requestBodyNoFilesLimit.m_value = atoi($1.c_str());
       }
     | CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT
       {
-        driver.requestBodyInMemoryLimit = atoi($1.c_str());
+        driver.m_requestBodyInMemoryLimit.m_set = true;
+        driver.m_requestBodyInMemoryLimit.m_value = atoi($1.c_str());
       }
     | CONFIG_DIR_RES_BODY_LIMIT
       {
-        driver.responseBodyLimit = atoi($1.c_str());
+        driver.m_responseBodyLimit.m_set = true;
+        driver.m_responseBodyLimit.m_value = atoi($1.c_str());
       }
     | CONFIG_DIR_REQ_BODY_LIMIT_ACTION CONFIG_VALUE_PROCESS_PARTIAL
       {
-        driver.requestBodyLimitAction = modsecurity::Rules::BodyLimitAction::ProcessPartialBodyLimitAction;
+        driver.m_requestBodyLimitAction = modsecurity::Rules::BodyLimitAction::ProcessPartialBodyLimitAction;
       }
     | CONFIG_DIR_REQ_BODY_LIMIT_ACTION CONFIG_VALUE_REJECT
       {
-        driver.requestBodyLimitAction = modsecurity::Rules::BodyLimitAction::RejectBodyLimitAction;
+        driver.m_requestBodyLimitAction = modsecurity::Rules::BodyLimitAction::RejectBodyLimitAction;
       }
     | CONFIG_DIR_RES_BODY_LIMIT_ACTION CONFIG_VALUE_PROCESS_PARTIAL
       {
-        driver.responseBodyLimitAction = modsecurity::Rules::BodyLimitAction::ProcessPartialBodyLimitAction;
+        driver.m_responseBodyLimitAction = modsecurity::Rules::BodyLimitAction::ProcessPartialBodyLimitAction;
       }
     | CONFIG_DIR_RES_BODY_LIMIT_ACTION CONFIG_VALUE_REJECT
       {
-        driver.responseBodyLimitAction = modsecurity::Rules::BodyLimitAction::RejectBodyLimitAction;
+        driver.m_responseBodyLimitAction = modsecurity::Rules::BodyLimitAction::RejectBodyLimitAction;
       }
     | CONFIG_SEC_REMOTE_RULES_FAIL_ACTION CONFIG_VALUE_ABORT
       {
-        driver.remoteRulesActionOnFailed = Rules::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction;
+        driver.m_remoteRulesActionOnFailed = Rules::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction;
       }
     | CONFIG_SEC_REMOTE_RULES_FAIL_ACTION CONFIG_VALUE_WARN
       {
-        driver.remoteRulesActionOnFailed = Rules::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction;
+        driver.m_remoteRulesActionOnFailed = Rules::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction;
       }
     | CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION
     | CONFIG_DIR_PCRE_MATCH_LIMIT
@@ -724,11 +731,11 @@ expression:
       }
     | CONFIG_XML_EXTERNAL_ENTITY CONFIG_VALUE_OFF
       {
-        driver.secXMLExternalEntity = false;
+        driver.m_secXMLExternalEntity = modsecurity::RulesProperties::FalseConfigBoolean;
       }
     | CONFIG_XML_EXTERNAL_ENTITY CONFIG_VALUE_ON
       {
-        driver.secXMLExternalEntity = true;
+        driver.m_secXMLExternalEntity = modsecurity::RulesProperties::TrueConfigBoolean;
       }
     | CONGIG_DIR_SEC_TMP_DIR
     | CONGIG_DIR_SEC_DATA_DIR
@@ -949,7 +956,7 @@ act:
         $$ = Action::instantiate($1);
 
         if ($$->init(&error) == false) {
-            driver.parserError << error;
+            driver.m_parserError << error;
             YYERROR;
         }
       }
@@ -1067,7 +1074,7 @@ act:
         SetSID *setSID = new SetSID($1);
 
         if (setSID->init(&error) == false) {
-            driver.parserError << error;
+            driver.m_parserError << error;
             YYERROR;
         }
 
@@ -1079,7 +1086,7 @@ act:
         SetUID *setUID = new SetUID($1);
 
         if (setUID->init(&error) == false) {
-            driver.parserError << error;
+            driver.m_parserError << error;
             YYERROR;
         }
 
@@ -1091,7 +1098,7 @@ act:
         SetVar *setVar = new SetVar($1);
 
         if (setVar->init(&error) == false) {
-            driver.parserError << error;
+            driver.m_parserError << error;
             YYERROR;
         }
 

src/parser/seclang-scanner.ll

@@ -540,10 +540,10 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
 
     if (ret == false) {
         BEGIN(INITIAL);
-        if (driver.remoteRulesActionOnFailed == Rules::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction) {
+        if (driver.m_remoteRulesActionOnFailed == Rules::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction) {
             /** TODO: Implement the server logging mechanism. */
         }
-        if (driver.remoteRulesActionOnFailed == Rules::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction) {
+        if (driver.m_remoteRulesActionOnFailed == Rules::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction) {
             driver.error (*driver.loc.back(), "", yytext + std::string(" - Failed to download: ") + c.error);
             throw yy::seclang_parser::syntax_error(*driver.loc.back(), "");
         }

src/request_body_processor/multipart.cc

@@ -27,6 +27,7 @@
 #include <string>
 
 #include "modsecurity/collection/collections.h"
+#include "modsecurity/rules.h"
 #include "src/utils.h"
 
 namespace modsecurity {
@@ -65,10 +66,12 @@ Multipart::Multipart(std:: string header, Transaction *transaction)
 
 Multipart::~Multipart() {
     debug(4, "Multipart: Cleanup started (remove files " \
-        + std::to_string(!m_transaction->m_rules->uploadKeepFiles) \
+        + RulesProperties::configBooleanString(
+            m_transaction->m_rules->m_uploadKeepFiles) \
         + ")");
 
-    if (m_transaction->m_rules->uploadKeepFiles == false) {
+    if (m_transaction->m_rules->m_uploadKeepFiles
+        != RulesProperties::TrueConfigBoolean) {
         for (MultipartPart *m : m_parts) {
             if (m->m_type == MULTIPART_FILE) {
                 if (!m->m_tmp_file_name.empty()) {
@@ -405,8 +408,8 @@ int Multipart::tmp_file_name(std::string *filename) {
 
     localtime_r(&tt, &timeinfo);
 
-    path = m_transaction->m_rules->uploadDirectory;
+    path = m_transaction->m_rules->m_uploadDirectory;
-    mode = m_transaction->m_rules->uploadFileMode;
+    mode = m_transaction->m_rules->m_uploadFileMode.m_value;
 
     memset(tstr, '\0', 300);
     strftime(tstr, 299, "/%Y%m%d-%H%M%S", &timeinfo);
@@ -454,8 +457,10 @@ int Multipart::process_part_data(std::string *error) {
 
     /* add data to the part we are building */
     if (m_mpp->m_type == MULTIPART_FILE) {
-        int extract = m_transaction->m_rules->uploadKeepFiles \
+        bool extract = m_transaction->m_rules->m_uploadKeepFiles \
-            || m_transaction->m_rules->tmpSaveUploadedFiles;
+            == RulesProperties::TrueConfigBoolean \
+            || m_transaction->m_rules->m_tmpSaveUploadedFiles \
+            == RulesProperties::TrueConfigBoolean;
 
         /* remember where we started */
         if (m_mpp->m_length == 0) {
@@ -463,14 +468,17 @@ int Multipart::process_part_data(std::string *error) {
         }
 
         /* check if the file limit has been reached */
-        if (extract && m_transaction->m_rules->uploadFileLimit
+        if (extract && m_transaction->m_rules->m_uploadFileLimit.m_value
-            && (m_nfiles >= m_transaction->m_rules->uploadFileLimit)) {
+            && (m_nfiles >=
+                m_transaction->m_rules->m_uploadFileLimit.m_value)) {
             if (m_flag_file_limit_exceeded == 0) {
                debug(1, "Multipart: Upload file limit exceeded " \
-                + std::to_string(m_transaction->m_rules->uploadFileLimit) \
+                + std::to_string(
+                    m_transaction->m_rules->m_uploadFileLimit.m_value) \
                 + ". Use SecUploadFileLimit to change the limit.");
                error->assign("Multipart: Upload file limit exceeded " \
-                + std::to_string(m_transaction->m_rules->uploadFileLimit) \
+                + std::to_string(
+                    m_transaction->m_rules->m_uploadFileLimit.m_value) \
                 + ". Use SecUploadFileLimit to change the limit.");
                 m_flag_file_limit_exceeded = 1;
             }

src/request_body_processor/xml.cc

@@ -42,7 +42,8 @@ XML::~XML() {
 
 bool XML::init() {
     xmlParserInputBufferCreateFilenameFunc entity;
-    if (m_transaction->m_rules->secXMLExternalEntity == true) {
+    if (m_transaction->m_rules->m_secXMLExternalEntity
+        == RulesProperties::TrueConfigBoolean) {
         entity = xmlParserInputBufferCreateFilenameDefault(
             __xmlParserInputBufferCreateFilename);
     } else {

src/rule.cc

@@ -220,7 +220,7 @@ bool Rule::evaluateActions(Transaction *trasn) {
                         " (rule contains a disruptive action)");
 #endif
                 } else {
-                    if (trasn->m_rules->secRuleEngine
+                    if (trasn->m_rules->m_secRuleEngine
                         == Rules::EnabledRuleEngine) {
 #ifndef NO_LOGS
                         trasn->debug(4, "(SecDefaultAction) " \
@@ -250,7 +250,7 @@ bool Rule::evaluateActions(Transaction *trasn) {
 
     for (Action *a : this->actions_runtime_pos) {
         if (a->isDisruptive()
-            && trasn->m_rules->secRuleEngine
+            && trasn->m_rules->m_secRuleEngine
                 == Rules::EnabledRuleEngine) {
 #ifndef NO_LOGS
             trasn->debug(4, "Running (disruptive) action: " + a->m_name);
@@ -406,7 +406,8 @@ bool Rule::evaluate(Transaction *trasn) {
                         this->op->op + "' with parameter `" +
                         limitTo(200, this->op->param) +
                         "' against variable `" + v->m_key + "' (Value: `" +
-                        limitTo(100, toHexIfNeeded(value)) + "' ) \" at " + v->m_key;
+                        limitTo(100, toHexIfNeeded(value)) + "' ) \" at " +
+                        v->m_key;
                 } else {
                     ruleMessage->m_match = this->op->m_match_message;
                 }
@@ -460,7 +461,7 @@ bool Rule::evaluate(Transaction *trasn) {
                                         " (rule contains a disruptive action)");
 #endif
                                 } else {
-                                    if (trasn->m_rules->secRuleEngine
+                                    if (trasn->m_rules->m_secRuleEngine
                                         == Rules::EnabledRuleEngine) {
 #ifndef NO_LOGS
                                         trasn->debug(4, "(SecDefaultAction) " \
@@ -492,7 +493,7 @@ bool Rule::evaluate(Transaction *trasn) {
                     for (Action *a :
                         this->actions_runtime_pos) {
                         if (a->isDisruptive()
-                            && trasn->m_rules->secRuleEngine
+                            && trasn->m_rules->m_secRuleEngine
                                 == Rules::EnabledRuleEngine
                             && containsPassAction == false) {
 #ifndef NO_LOGS
@@ -543,9 +544,11 @@ bool Rule::evaluate(Transaction *trasn) {
         }
     }
 
-    if (globalRet == true && rule_id != 0 && ruleMessage->m_saveMessage == true) {
+    if (globalRet == true && rule_id != 0
+        && ruleMessage->m_saveMessage == true) {
         ruleMessage->m_message = m_log_message;
-        trasn->debug(4, "Saving on the server log: " + ruleMessage->errorLog(trasn));
+        trasn->debug(4, "Saving on the server log: "
+            + ruleMessage->errorLog(trasn));
         trasn->serverLog(ruleMessage->errorLog(trasn));
     } else {
         delete ruleMessage;

src/rules.cc

@@ -52,6 +52,7 @@ void Rules::incrementReferenceCount(void) {
     this->m_referenceCount++;
 }
 
+
 /**
  * @name    decrementReferenceCount
  * @brief   Decrement the number of transactions using this class
@@ -98,8 +99,8 @@ Rules::~Rules() {
         }
     }
     /** Cleanup audit log */
-    if (audit_log) {
+    if (m_auditLog) {
-        audit_log->refCountDecreaseAndCheck();
+        m_auditLog->refCountDecreaseAndCheck();
     }
 
     free(unicode_map_table);
@@ -125,7 +126,7 @@ int Rules::loadFromUri(const char *uri) {
     Driver *driver = new Driver();
 
     if (driver->parseFile(uri) == false) {
-        parserError << driver->parserError.str();
+        m_parserError << driver->m_parserError.str();
         return -1;
     }
 
@@ -135,17 +136,18 @@ int Rules::loadFromUri(const char *uri) {
     return rules;
 }
 
+
 int Rules::load(const char *file, const std::string &ref) {
     Driver *driver = new Driver();
 
     if (driver->parse(file, ref) == false) {
-        parserError << driver->parserError.str();
+        m_parserError << driver->m_parserError.str();
         delete driver;
         return -1;
     }
     int rules = this->merge(driver);
     if (rules == -1) {
-        parserError << driver->parserError.str();
+        m_parserError << driver->m_parserError.str();
         delete driver;
         return -1;
     }
@@ -174,7 +176,7 @@ int Rules::load(const char *plainRules) {
 
 
 std::string Rules::getParserError() {
-    return this->parserError.str();
+    return this->m_parserError.str();
 }
 
 
@@ -238,83 +240,20 @@ int Rules::evaluate(int phase, Transaction *transaction) {
 
 int Rules::merge(Driver *from) {
     int amount_of_rules = 0;
-    for (int i = 0; i <= ModSecurity::Phases::NUMBER_OF_PHASES; i++) {
+    amount_of_rules = mergeProperties(
-        std::vector<Rule *> rules = from->rules[i];
+        reinterpret_cast<RulesProperties *>(from),
-        std::vector<Rule *> rules_here = this->rules[i];
+        reinterpret_cast<RulesProperties *>(this),
+        &m_parserError);
 
-        for (int j = 0; j < rules.size(); j++) {
+    if (from->m_auditLog != NULL && this->m_auditLog != NULL) {
-            Rule *rule = rules[j];
+        this->m_auditLog->refCountDecreaseAndCheck();
-            for (int z = 0; z < rules_here.size(); z++) {
-                Rule *rule_ckc = rules_here[z];
-                if (rule_ckc->rule_id == rule->rule_id) {
-                    parserError << "Rule id: " \
-                        << std::to_string(rule->rule_id) \
-                        << " is duplicated" << std::endl;
-                    return -1;
-                }
-            }
-            amount_of_rules++;
-            this->rules[i].push_back(rule);
-            rule->refCountIncrease();
-        }
     }
 
-    this->secRuleEngine = from->secRuleEngine;
+    if (from->m_auditLog) {
-    this->secRequestBodyAccess = from->secRequestBodyAccess;
+        this->m_auditLog = from->m_auditLog;
-    this->secResponseBodyAccess = from->secResponseBodyAccess;
-    this->secXMLExternalEntity = from->secXMLExternalEntity;
-    if (from->m_debugLog && this->m_debugLog &&
-        from->m_debugLog->isLogFileSet()) {
-        this->m_debugLog->setDebugLogFile(from->m_debugLog->getDebugLogFile());
     }
-    if (from->m_debugLog && this->m_debugLog &&
+    if (this->m_auditLog != NULL) {
-        from->m_debugLog->isLogLevelSet()) {
+        this->m_auditLog->refCountIncrease();
-        this->m_debugLog->setDebugLogLevel(
-            from->m_debugLog->getDebugLogLevel());
-    }
-    this->components = from->components;
-    this->requestBodyLimit = from->requestBodyLimit;
-    this->responseBodyLimit = from->responseBodyLimit;
-    this->requestBodyLimitAction = from->requestBodyLimitAction;
-    this->responseBodyLimitAction = from->responseBodyLimitAction;
-
-    this->uploadKeepFiles = from->uploadKeepFiles;
-    this->uploadFileLimit = from->uploadFileLimit;
-    this->uploadFileMode = from->uploadFileMode;
-    this->uploadDirectory = from->uploadDirectory;
-    this->tmpSaveUploadedFiles = from->tmpSaveUploadedFiles;
-
-    for (std::set<std::string>::iterator
-        it = from->m_responseBodyTypeToBeInspected.begin();
-        it != from->m_responseBodyTypeToBeInspected.end(); ++it) {
-        m_responseBodyTypeToBeInspected.insert(*it);
-    }
-
-    this->m_exceptions = from->m_exceptions;
-
-    /*
-     *
-     * default Actions is something per configuration context, there is
-     * need to merge anything.
-     *
-     */
-    for (int i = 0; i <= ModSecurity::Phases::NUMBER_OF_PHASES; i++) {
-        std::vector<Action *> actions = from->defaultActions[i];
-        this->defaultActions[i].clear();
-        for (int j = 0; j < actions.size(); j++) {
-            Action *action = actions[j];
-            this->defaultActions[i].push_back(action);
-        }
-    }
-
-    if (from->audit_log != NULL && this->audit_log != NULL) {
-        this->audit_log->refCountDecreaseAndCheck();
-    }
-    if (from->audit_log) {
-        this->audit_log = from->audit_log;
-    }
-    if (this->audit_log != NULL) {
-        this->audit_log->refCountIncrease();
     }
 
     return amount_of_rules;
@@ -323,66 +262,26 @@ int Rules::merge(Driver *from) {
 
 int Rules::merge(Rules *from) {
     int amount_of_rules = 0;
-    for (int i = 0; i <= ModSecurity::Phases::NUMBER_OF_PHASES; i++) {
+    amount_of_rules = mergeProperties(
-        std::vector<Rule *> rules = from->rules[i];
+        reinterpret_cast<RulesProperties *>(from),
-        std::vector<Rule *> rules_here = this->rules[i];
+        reinterpret_cast<RulesProperties *>(this),
+        &m_parserError);
 
-        for (int j = 0; j < rules.size(); j++) {
+    if (from->m_auditLog != NULL && this->m_auditLog != NULL) {
-            Rule *rule = rules[j];
+        this->m_auditLog->refCountDecreaseAndCheck();
-            for (int z = 0; z < rules_here.size(); z++) {
-                Rule *rule_ckc = rules_here[z];
-                if (rule_ckc->rule_id == rule->rule_id) {
-                    parserError << "Rule id: " \
-                        << std::to_string(rule->rule_id) \
-                        << " is duplicated" << std::endl;
-                    return -1;
     }
+    if (from->m_auditLog) {
+        this->m_auditLog = from->m_auditLog;
     }
-            amount_of_rules++;
+    if (this->m_auditLog != NULL) {
-            this->rules[i].push_back(rule);
+        this->m_auditLog->refCountIncrease();
-            rule->refCountIncrease();
-        }
-    }
-
-    this->secRuleEngine = from->secRuleEngine;
-    this->secRequestBodyAccess = from->secRequestBodyAccess;
-    this->secResponseBodyAccess = from->secResponseBodyAccess;
-    this->components = from->components;
-    this->requestBodyLimit = from->requestBodyLimit;
-    this->responseBodyLimit = from->responseBodyLimit;
-    this->requestBodyLimitAction = from->requestBodyLimitAction;
-    this->responseBodyLimitAction = from->responseBodyLimitAction;
-
-    this->uploadKeepFiles = from->uploadKeepFiles;
-    this->uploadFileLimit = from->uploadFileLimit;
-    this->uploadFileMode = from->uploadFileMode;
-    this->uploadDirectory = from->uploadDirectory;
-    this->tmpSaveUploadedFiles = from->tmpSaveUploadedFiles;
-
-    if (from->m_debugLog && this->m_debugLog &&
-        from->m_debugLog->isLogFileSet()) {
-        this->m_debugLog->setDebugLogFile(from->m_debugLog->getDebugLogFile());
-    }
-    if (from->m_debugLog && this->m_debugLog &&
-        from->m_debugLog->isLogLevelSet()) {
-        this->m_debugLog->setDebugLogLevel(
-            from->m_debugLog->getDebugLogLevel());
-    }
-
-    if (from->audit_log != NULL && this->audit_log != NULL) {
-        this->audit_log->refCountDecreaseAndCheck();
-    }
-    if (from->audit_log) {
-        this->audit_log = from->audit_log;
-    }
-    if (this->audit_log != NULL) {
-        this->audit_log->refCountIncrease();
     }
 
     return amount_of_rules;
 }
 
 
+
 void Rules::debug(int level, std::string message) {
     if (m_debugLog != NULL) {
         m_debugLog->write(level, message);

src/transaction.cc

@@ -453,7 +453,7 @@ int Transaction::processRequestHeaders() {
     debug(4, "Starting phase REQUEST_HEADERS.  (SecRules 1)");
 #endif
 
-    if (m_rules->secRuleEngine == Rules::DisabledRuleEngine) {
+    if (m_rules->m_secRuleEngine == Rules::DisabledRuleEngine) {
 #ifndef NO_LOGS
         debug(4, "Rule engine disabled, returning...");
 #endif
@@ -618,7 +618,7 @@ int Transaction::processRequestBody() {
     debug(4, "Starting phase REQUEST_BODY. (SecRules 2)");
 #endif
 
-    if (m_rules->secRuleEngine == Rules::DisabledRuleEngine) {
+    if (m_rules->m_secRuleEngine == Rules::DisabledRuleEngine) {
 #ifndef NO_LOGS
         debug(4, "Rule engine disabled, returning...");
 #endif
@@ -800,7 +800,8 @@ int Transaction::requestBodyFromFile(const char *path) {
 
 #ifndef NO_LOGS
     debug(9, "Adding request body: " + std::to_string(len) + " bytes. " \
-        "Limit set to: " + std::to_string(this->m_rules->requestBodyLimit));
+        "Limit set to: "
+        + std::to_string(this->m_rules->m_requestBodyLimit.m_value));
 #endif
 
     return appendRequestBody(reinterpret_cast<const unsigned char*>(buf), len);
@@ -811,18 +812,20 @@ int Transaction::appendRequestBody(const unsigned char *buf, size_t len) {
 
 #ifndef NO_LOGS
     debug(9, "Appending request body: " + std::to_string(len) + " bytes. " \
-        "Limit set to: " + std::to_string(this->m_rules->requestBodyLimit));
+        "Limit set to: "
+        + std::to_string(this->m_rules->m_requestBodyLimit.m_value));
 #endif
 
-    if (this->m_rules->requestBodyLimit > 0
+    if (this->m_rules->m_requestBodyLimit.m_value > 0
-        && this->m_rules->requestBodyLimit < len + current_size) {
+        && this->m_rules->m_requestBodyLimit.m_value < len + current_size) {
         m_collections.store("INBOUND_DATA_ERROR", "1");
 #ifndef NO_LOGS
         debug(5, "Request body is bigger than the maximum expected.");
 #endif
-        if (this->m_rules->requestBodyLimitAction ==
+        if (this->m_rules->m_requestBodyLimitAction ==
             Rules::BodyLimitAction::ProcessPartialBodyLimitAction) {
-            size_t spaceLeft = this->m_rules->requestBodyLimit - current_size;
+            size_t spaceLeft = this->m_rules->m_requestBodyLimit.m_value
+                - current_size;
             this->m_requestBody.write(reinterpret_cast<const char*>(buf),
                 spaceLeft);
 #ifndef NO_LOGS
@@ -830,7 +833,7 @@ int Transaction::appendRequestBody(const unsigned char *buf, size_t len) {
 #endif
             return false;
         } else {
-            if (this->m_rules->requestBodyLimitAction ==
+            if (this->m_rules->m_requestBodyLimitAction ==
                 Rules::BodyLimitAction::RejectBodyLimitAction) {
 #ifndef NO_LOGS
                 debug(5, "Request body limit is marked to reject the " \
@@ -876,7 +879,7 @@ int Transaction::processResponseHeaders(int code, const std::string& proto) {
     this->m_collections.store("STATUS", std::to_string(code));
     m_collections.store("RESPONSE_PROTOCOL", proto);
 
-    if (m_rules->secRuleEngine == Rules::DisabledRuleEngine) {
+    if (m_rules->m_secRuleEngine == Rules::DisabledRuleEngine) {
 #ifndef NO_LOGS
         debug(4, "Rule engine disabled, returning...");
 #endif
@@ -997,7 +1000,7 @@ int Transaction::processResponseBody() {
     debug(4, "Starting phase RESPONSE_BODY. (SecRules 4)");
 #endif
 
-    if (m_rules->secRuleEngine == Rules::DisabledRuleEngine) {
+    if (m_rules->m_secRuleEngine == Rules::DisabledRuleEngine) {
 #ifndef NO_LOGS
         debug(4, "Rule engine disabled, returning...");
 #endif
@@ -1067,18 +1070,19 @@ int Transaction::appendResponseBody(const unsigned char *buf, size_t len) {
 #ifndef NO_LOGS
     debug(9, "Appending response body: " + std::to_string(len + current_size)
         + " bytes. Limit set to: " +
-        std::to_string(this->m_rules->responseBodyLimit));
+        std::to_string(this->m_rules->m_responseBodyLimit.m_value));
 #endif
 
-    if (this->m_rules->responseBodyLimit > 0
+    if (this->m_rules->m_responseBodyLimit.m_value > 0
-        && this->m_rules->responseBodyLimit < len + current_size) {
+        && this->m_rules->m_responseBodyLimit.m_value < len + current_size) {
         m_collections.store("OUTBOUND_DATA_ERROR", "1");
 #ifndef NO_LOGS
         debug(5, "Response body is bigger than the maximum expected.");
 #endif
-        if (this->m_rules->responseBodyLimitAction ==
+        if (this->m_rules->m_responseBodyLimitAction ==
             Rules::BodyLimitAction::ProcessPartialBodyLimitAction) {
-            size_t spaceLeft = this->m_rules->responseBodyLimit - current_size;
+            size_t spaceLeft = this->m_rules->m_responseBodyLimit.m_value \
+                - current_size;
             this->m_responseBody.write(reinterpret_cast<const char*>(buf),
                 spaceLeft);
 #ifndef NO_LOGS
@@ -1086,7 +1090,7 @@ int Transaction::appendResponseBody(const unsigned char *buf, size_t len) {
 #endif
             return false;
         } else {
-            if (this->m_rules->responseBodyLimitAction ==
+            if (this->m_rules->m_responseBodyLimitAction ==
                 Rules::BodyLimitAction::RejectBodyLimitAction) {
 #ifndef NO_LOGS
                 debug(5, "Response body limit is marked to reject the " \
@@ -1171,7 +1175,7 @@ int Transaction::processLogging() {
     debug(4, "Starting phase LOGGING. (SecRules 5)");
 #endif
 
-    if (m_rules->secRuleEngine == Rules::DisabledRuleEngine) {
+    if (m_rules->m_secRuleEngine == Rules::DisabledRuleEngine) {
 #ifndef NO_LOGS
         debug(4, "Rule engine disabled, returning...");
 #endif
@@ -1181,7 +1185,7 @@ int Transaction::processLogging() {
     this->m_rules->evaluate(ModSecurity::LoggingPhase, this);
 
     /* If relevant, save this transaction information at the audit_logs */
-    if (m_rules != NULL && m_rules->audit_log != NULL) {
+    if (m_rules != NULL && m_rules->m_auditLog != NULL) {
         int parts = -1;
 #ifndef NO_LOGS
         debug(8, "Checking if this request is suitable to be " \
@@ -1193,17 +1197,17 @@ int Transaction::processLogging() {
             debug(4, "There was an audit log modifier for this transaction.");
 #endif
             std::list<std::pair<int, std::string>>::iterator it;
-            parts = this->m_rules->audit_log->m_parts;
+            parts = this->m_rules->m_auditLog->m_parts;
             debug(7, "AuditLog parts before modification(s): " +
                 std::to_string(parts) + ".");
             for (it = m_auditLogModifier.begin();
                 it != m_auditLogModifier.end(); ++it) {
                 std::pair <int, std::string> p = *it;
                 if (p.first == 0) {  // Add
-                    parts = this->m_rules->audit_log->addParts(parts,
+                    parts = this->m_rules->m_auditLog->addParts(parts,
                         p.second);
                 } else {  // Remove
-                    parts = this->m_rules->audit_log->removeParts(parts,
+                    parts = this->m_rules->m_auditLog->removeParts(parts,
                         p.second);
                 }
             }
@@ -1216,7 +1220,7 @@ int Transaction::processLogging() {
 #endif
         debug(8, "Checking if this request is relevant to be " \
             "part of the audit logs.");
-        bool saved = this->m_rules->audit_log->saveIfRelevant(this, parts);
+        bool saved = this->m_rules->m_auditLog->saveIfRelevant(this, parts);
         if (saved) {
 #ifndef NO_LOGS
             debug(8, "Request was relevant to be saved. Parts: " +
@@ -1497,7 +1501,7 @@ std::string Transaction::toJSON(int parts) {
 
         /* producer > engine state */
         LOGFY_ADD("secrules_engine",
-            Rules::ruleEngineStateString(m_rules->secRuleEngine));
+            Rules::ruleEngineStateString(m_rules->m_secRuleEngine));
 
         /* producer > components */
         yajl_gen_string(g,
@@ -1505,7 +1509,7 @@ std::string Transaction::toJSON(int parts) {
             strlen("components"));
 
         yajl_gen_array_open(g);
-        for (auto a : m_rules->components) {
+        for (auto a : m_rules->m_components) {
             yajl_gen_string(g,
                 reinterpret_cast<const unsigned char*>
                     (a.c_str()), a.length());

test/benchmark/benchmark.cc

@@ -81,7 +81,7 @@ int main(int argc, char *argv[]) {
     rules = new modsecurity::Rules();
     if (rules->loadFromUri(rules_file) < 0) {
         std::cout << "Problems loading the rules..." << std::endl;
-        std::cout << rules->parserError.str() << std::endl;
+        std::cout << rules->m_parserError.str() << std::endl;
         return -1;
     }