diff --git a/CHANGES b/CHANGES index 6f7077f6..1086a331 100644 --- a/CHANGES +++ b/CHANGES @@ -3,7 +3,7 @@ v3.x.y - YYYY-MMM-DD (to be released) - actions: Computes Rule association while loading the rules given a performance boost on run time. - [@zimmerle] + [@zimmerle, @martinhsv, @WGH-] - Regression: Mark the test as failed in case of segfault. [@zimmerle] - Replaced t:lowerCase backend for a better performance. diff --git a/headers/modsecurity/actions/action.h b/headers/modsecurity/actions/action.h index b1b277ec..5ccd9bdb 100644 --- a/headers/modsecurity/actions/action.h +++ b/headers/modsecurity/actions/action.h @@ -16,14 +16,9 @@ #ifdef __cplusplus #include -#include -#include #endif -#include "modsecurity/intervention.h" -#include "modsecurity/rule.h" - #ifndef HEADERS_MODSECURITY_ACTIONS_ACTION_H_ #define HEADERS_MODSECURITY_ACTIONS_ACTION_H_ @@ -32,99 +27,68 @@ namespace modsecurity { class Transaction; -class RuleWithActions; -class RunTimeString; - namespace actions { class Action { public: - explicit Action(const std::string& _action) - : m_actionKind(2), - m_name(nullptr), - m_parser_payload("") { - set_name_and_payload(_action); - } + Action() + : m_name(""), + m_parserPayload("") + { } + + + explicit Action(const std::string& action) + : m_name(sort_name(action)), + m_parserPayload(sort_payload(action)) + { } - Action(const std::string& _action, int kind) - : m_actionKind(kind), - m_name(nullptr), - m_parser_payload("") { - set_name_and_payload(_action); - } Action(const Action &a) - : m_actionKind(a.m_actionKind), - m_name(a.m_name), - m_parser_payload(a.m_parser_payload) { } + : m_name(a.m_name), + m_parserPayload(a.m_parserPayload) + { } + Action &operator=(const Action& a) { - m_actionKind = a.m_actionKind; m_name = a.m_name; - m_parser_payload = a.m_parser_payload; + m_parserPayload = a.m_parserPayload; return *this; } - virtual ~Action() { } - virtual bool init(std::string *error) { return true; } + virtual ~Action() + { } - virtual std::string execute(const std::string &exp, - Transaction *transaction); - virtual bool execute(RuleWithActions *rule, - Transaction *transaction); - /** - * This method is meant to be used by transformations — a particular - * type of action. - * - */ - virtual void execute(Transaction *t, - ModSecString &in, - ModSecString &out) { - }; - virtual bool isDisruptive() { return false; } + virtual bool init(std::string *error) { + return true; + } - /** - * - * Define the action kind regarding to the execution time. - * - * - */ - enum Kind { - /** - * - * Action that are executed while loading the configuration. For instance - * the rule ID or the rule phase. - * - */ - ConfigurationKind, - /** - * - * Those are actions that demands to be executed before call the operator. - * For instance the tranformations. - * - * - */ - RunTimeBeforeMatchAttemptKind, - /** - * - * Actions that are executed after the execution of the operator, only if - * the operator returned Match (or True). For instance the disruptive - * actions. - * - */ - RunTimeOnlyIfMatchKind, - }; - int m_actionKind; - std::shared_ptr m_name; - std::string m_parser_payload; + virtual bool execute(Transaction *transaction = nullptr) noexcept { + return true; + } + + + virtual bool isDisruptive() { + return false; + } + + + const std::string *getName() { + return &m_name; + } + + + protected: + std::string m_parserPayload; + private: + std::string m_name; - void set_name_and_payload(const std::string& data) { + static size_t get_payload_pos(const std::string& data) { size_t pos = data.find(":"); std::string t = "t:"; @@ -132,18 +96,34 @@ class Action { pos = data.find(":", 2); } + return pos; + } + + + static std::string sort_name(const std::string& data) { + size_t pos = get_payload_pos(data); if (pos == std::string::npos) { - m_name = std::shared_ptr(new std::string(data)); - return; + return data; } - m_name = std::shared_ptr(new std::string(data, 0, pos)); - m_parser_payload = std::string(data, pos + 1, data.length()); + std::string ret(data, 0, pos); + return ret; + } - if (m_parser_payload.at(0) == '\'' && m_parser_payload.size() > 2) { - m_parser_payload.erase(0, 1); - m_parser_payload.pop_back(); + + static std::string sort_payload(const std::string& data) { + size_t pos = get_payload_pos(data); + std::string ret(""); + if (pos != std::string::npos) { + ret = std::string(data, pos + 1, data.length()); + + if (ret.at(0) == '\'' && ret.size() > 2) { + ret.erase(0, 1); + ret.pop_back(); + } } + + return ret; } }; diff --git a/headers/modsecurity/audit_log.h b/headers/modsecurity/audit_log.h index 08ffdbfe..18862772 100644 --- a/headers/modsecurity/audit_log.h +++ b/headers/modsecurity/audit_log.h @@ -61,7 +61,7 @@ class AuditLog { NativeAuditLogFormat }; - enum AuditLogParts { + enum AuditLogPartsEnum { /** * Audit log header (mandatory). * diff --git a/headers/modsecurity/rules_exceptions.h b/headers/modsecurity/rules_exceptions.h index a8bcf173..ec3a552d 100644 --- a/headers/modsecurity/rules_exceptions.h +++ b/headers/modsecurity/rules_exceptions.h @@ -37,6 +37,9 @@ namespace modsecurity { namespace actions { class Action; +namespace transformations { +class Transformation; +} } namespace variables { class Variable; @@ -79,7 +82,7 @@ class RulesExceptions { std::unordered_multimap> m_variable_update_target_by_id; std::unordered_multimap> m_action_pre_update_target_by_id; + std::shared_ptr> m_action_transformation_update_target_by_id; std::unordered_multimap> m_action_pos_update_target_by_id; std::list m_remove_rule_by_msg; diff --git a/headers/modsecurity/transaction.h b/headers/modsecurity/transaction.h index 26e445de..7d14639b 100644 --- a/headers/modsecurity/transaction.h +++ b/headers/modsecurity/transaction.h @@ -48,6 +48,8 @@ typedef struct Rules_t RulesSet; #include "modsecurity/variable_value.h" #include "modsecurity/collection/collection.h" #include "modsecurity/variable_origin.h" +#include "modsecurity/actions/action.h" + #ifndef NO_LOGS #define ms_dbg(b, c) \ @@ -568,12 +570,12 @@ class Transaction : public TransactionAnchoredVariables, public TransactionSecMa int m_requestBodyAccess; /** - * The list m_auditLogModifier contains modifications to the `auditlogs' - * for this specific request, those modifications can happens via the - * utilization of the action: `ctl:auditLogParts=' + * m_auditLogParts contains auditlog parts for this specific request, + * it also holds the modifications can happens via the utilization of + * the action: `ctl:auditLogParts=' * */ - std::list< std::pair > m_auditLogModifier; + int m_auditLogParts; /** * Holds the request body, in case of any. diff --git a/src/actions/accuracy.cc b/src/actions/accuracy.cc index 51514fb0..da59bbb4 100644 --- a/src/actions/accuracy.cc +++ b/src/actions/accuracy.cc @@ -13,16 +13,11 @@ * */ + #include "src/actions/accuracy.h" -#include #include -#include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "src/rule_with_actions.h" - namespace modsecurity { namespace actions { @@ -30,9 +25,9 @@ namespace actions { bool Accuracy::init(std::string *error) { try { - m_accuracy = std::stoi(m_parser_payload); + m_accuracy = std::stoi(m_parserPayload); } catch (...) { - error->assign("Accuracy: The input \"" + m_parser_payload + "\" is " \ + error->assign("Accuracy: The input \"" + m_parserPayload + "\" is " \ "not a number."); return false; } @@ -40,11 +35,5 @@ bool Accuracy::init(std::string *error) { } -bool Accuracy::execute(RuleWithActions *rule, Transaction *transaction) { - rule->setAccuracy(m_accuracy); - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/accuracy.h b/src/actions/accuracy.h index 03279610..99b802ee 100644 --- a/src/actions/accuracy.h +++ b/src/actions/accuracy.h @@ -13,29 +13,31 @@ * */ + #include -#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" + #ifndef SRC_ACTIONS_ACCURACY_H_ #define SRC_ACTIONS_ACCURACY_H_ -class Transaction; namespace modsecurity { -class Transaction; namespace actions { -class Accuracy : public Action { +class Accuracy : public ActionTypeRuleMetaData { public: - explicit Accuracy(const std::string &action) - : Action(action, ConfigurationKind), + explicit Accuracy(const std::string &action) + : Action(action), m_accuracy(0) { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; - int getAccuracy() const { return m_accuracy; } + + void configure(RuleWithActions *rule) override { + rule->setAccuracy(m_accuracy); + } private: int m_accuracy; diff --git a/src/actions/action.cc b/src/actions/action.cc index 51621cab..cf11ade8 100644 --- a/src/actions/action.cc +++ b/src/actions/action.cc @@ -15,46 +15,10 @@ #include "modsecurity/actions/action.h" -#include -#include - -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "src/utils/string.h" - -#include "src/actions/block.h" -#include "src/actions/chain.h" -#include "src/actions/disruptive/deny.h" -#include "src/actions/disruptive/redirect.h" -#include "src/actions/data/status.h" -#include "src/actions/rule_id.h" -#include "src/actions/phase.h" -#include "src/actions/severity.h" -#include "src/actions/capture.h" -#include "src/actions/disruptive/pass.h" -#include "src/actions/log.h" -#include "src/actions/no_log.h" -#include "src/actions/no_audit_log.h" -#include "src/actions/multi_match.h" - - -#define IF_MATCH(a) \ - if (op.compare(1, std::strlen(#a), #a) == 0) namespace modsecurity { namespace actions { -std::string Action::execute(const std::string &value, - Transaction *transaction) { - return value; -} - - -bool Action::execute(RuleWithActions *rule, Transaction *transaction) { - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/action_allowed_in_sec_default_action.h b/src/actions/action_allowed_in_sec_default_action.h new file mode 100644 index 00000000..1d23f08e --- /dev/null +++ b/src/actions/action_allowed_in_sec_default_action.h @@ -0,0 +1,34 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 - 2020 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include "modsecurity/actions/action.h" + +#ifndef SRC_ACTIONS_ACTION_ALLOWED_IN_SEC_DEFAULT_ACTION_H_ +#define SRC_ACTIONS_ACTION_ALLOWED_IN_SEC_DEFAULT_ACTION_H_ + + +namespace modsecurity { +namespace actions { + + +class ActionAllowedAsSecDefaultAction : public virtual Action { + public: +}; + + +} // namespace actions +} // namespace modsecurity + +#endif // SRC_ACTIONS_ACTION_ALLOWED_IN_SEC_DEFAULT_ACTION_H_ diff --git a/src/actions/action_type_rule_metadata.h b/src/actions/action_type_rule_metadata.h new file mode 100644 index 00000000..a3ba810c --- /dev/null +++ b/src/actions/action_type_rule_metadata.h @@ -0,0 +1,51 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 - 2020 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + + +#include "modsecurity/actions/action.h" +#include "src/rule_with_actions.h" + +#ifndef SRC_ACTIONS_ACTION_TYPE_CONFIGURE_H_ +#define SRC_ACTIONS_ACTION_TYPE_CONFIGURE_H_ + + +namespace modsecurity { +namespace actions { + + +class ActionTypeRuleMetaData : public virtual Action { + public: + /** + * + * Action that are executed while loading the configuration. For instance + * the rule ID or the rule phase. + * + */ + ActionTypeRuleMetaData() + : Action() + { }; + + bool execute(Transaction *t) noexcept override { + return true; + } + + virtual void configure(RuleWithActions *rule) = 0; +}; + + +} // namespace actions +} // namespace modsecurity + +#endif // SRC_ACTIONS_ACTION_TYPE_CONFIGURE_H_ diff --git a/src/actions/action_with_run_time_string.h b/src/actions/action_with_run_time_string.h index 0c38a27a..7b87bb85 100644 --- a/src/actions/action_with_run_time_string.h +++ b/src/actions/action_with_run_time_string.h @@ -13,49 +13,32 @@ * */ +#include +#include +#include + #include "modsecurity/actions/action.h" #include "src/run_time_string.h" #ifndef SRC_ACTIONS_ACTION_WITH_RUN_TIME_STRING_H_ #define SRC_ACTIONS_ACTION_WITH_RUN_TIME_STRING_H_ + namespace modsecurity { namespace actions { -class ActionWithRunTimeString : public Action { + +class ActionWithRunTimeString : public virtual Action { public: - ActionWithRunTimeString( - const std::string &name, - int king, - std::unique_ptr string) - : Action(name, king), - m_string(std::move(string)) - { }; - - ActionWithRunTimeString(const std::string &name, - std::unique_ptr string) - : Action(name), - m_string(std::move(string)) - { }; - - ActionWithRunTimeString(const std::string &name, - int king) - : Action(name, king), - m_string(nullptr) - { }; - - ActionWithRunTimeString(const std::string &name) - : Action(name), - m_string(nullptr) - { }; + explicit ActionWithRunTimeString(std::unique_ptr string = nullptr) + : m_string(std::move(string)) + { } ActionWithRunTimeString(const ActionWithRunTimeString &a) - : Action(a), - m_string(a.m_string?std::unique_ptr(new RunTimeString(*a.m_string.get())):nullptr) - { }; + : m_string(a.m_string?std::unique_ptr(new RunTimeString(*a.m_string.get())):nullptr) + { } - ActionWithRunTimeString& operator=(const ActionWithRunTimeString& a) - { + ActionWithRunTimeString& operator=(const ActionWithRunTimeString& a) { m_string = std::unique_ptr(new RunTimeString(*a.m_string.get())); return *this; } diff --git a/src/actions/audit_log.cc b/src/actions/audit_log.cc index 9a2d876f..153442e9 100644 --- a/src/actions/audit_log.cc +++ b/src/actions/audit_log.cc @@ -15,19 +15,16 @@ #include "src/actions/audit_log.h" -#include #include -#include #include "modsecurity/transaction.h" -#include "modsecurity/rule_message.h" -#include "modsecurity/rules_set.h" + namespace modsecurity { namespace actions { -bool AuditLog::execute(RuleWithActions *rule, Transaction *transaction) { +bool AuditLog::execute(Transaction *transaction) noexcept { transaction->messageSetNoAuditLog(false); return true; } diff --git a/src/actions/audit_log.h b/src/actions/audit_log.h index e6f5bffc..7f48354d 100644 --- a/src/actions/audit_log.h +++ b/src/actions/audit_log.h @@ -13,34 +13,29 @@ * */ -#include -#include -#include "modsecurity/actions/action.h" +#include "src/actions/action_allowed_in_sec_default_action.h" #ifndef SRC_ACTIONS_AUDIT_LOG_H_ #define SRC_ACTIONS_AUDIT_LOG_H_ -#ifdef __cplusplus -class Transaction; namespace modsecurity { -class Transaction; - namespace actions { -class AuditLog : public Action { +class AuditLog : public ActionAllowedAsSecDefaultAction { public: - explicit AuditLog(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + AuditLog() + : Action("auditLog") + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; }; } // namespace actions } // namespace modsecurity -#endif + #endif // SRC_ACTIONS_AUDIT_LOG_H_ diff --git a/src/actions/block.cc b/src/actions/block.cc index b929d228..31b1a8b6 100644 --- a/src/actions/block.cc +++ b/src/actions/block.cc @@ -13,29 +13,13 @@ * */ + #include "src/actions/block.h" -#include -#include -#include - -#include "modsecurity/rules_set.h" -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "modsecurity/intervention.h" -#include "src/actions/data/status.h" -#include "src/rule_with_actions.h" - namespace modsecurity { namespace actions { -bool Block::execute(RuleWithActions *rule, Transaction *transaction) { - ms_dbg_a(transaction, 8, "Marking request as disruptive."); - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/block.h b/src/actions/block.h index db876304..8800ea05 100644 --- a/src/actions/block.h +++ b/src/actions/block.h @@ -13,34 +13,37 @@ * */ + #include #include -#include "modsecurity/actions/action.h" -#include "modsecurity/rule_message.h" +#include "src/actions/action_type_rule_metadata.h" +#include "src/actions/action_allowed_in_sec_default_action.h" -#ifndef SRC_ACTIONS_DISRUPTIVE_BLOCK_H_ -#define SRC_ACTIONS_DISRUPTIVE_BLOCK_H_ -#ifdef __cplusplus -class Transaction; +#ifndef SRC_ACTIONS_BLOCK_H_ +#define SRC_ACTIONS_BLOCK_H_ + namespace modsecurity { -class Transaction; - namespace actions { -class Block : public Action { +class Block : public ActionTypeRuleMetaData, + public ActionAllowedAsSecDefaultAction { public: - explicit Block(const std::string &action) : Action(action) { } + Block() + : Action("block") + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + void configure(RuleWithActions *rule) override { + rule->setHasBlockAction(true); + } }; } // namespace actions } // namespace modsecurity -#endif -#endif // SRC_ACTIONS_DISRUPTIVE_BLOCK_H_ + +#endif // SRC_ACTIONS_BLOCK_H_ diff --git a/src/actions/capture.cc b/src/actions/capture.cc index dd164f28..83abc16c 100644 --- a/src/actions/capture.cc +++ b/src/actions/capture.cc @@ -13,29 +13,13 @@ * */ + #include "src/actions/capture.h" -#include -#include -#include - -#include "modsecurity/transaction.h" - -#include "modsecurity/rule.h" -#include "src/operators/operator.h" -#include "src/operators/pm.h" -#include "src/operators/rx.h" -#include "src/operators/contains.h" -#include "src/operators/detect_sqli.h" namespace modsecurity { namespace actions { -bool Capture::execute(RuleWithActions *rule, Transaction *transaction) { - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/capture.h b/src/actions/capture.h index cbc2369e..041635a5 100644 --- a/src/actions/capture.h +++ b/src/actions/capture.h @@ -13,25 +13,28 @@ * */ + #include -#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" + #ifndef SRC_ACTIONS_CAPTURE_H_ #define SRC_ACTIONS_CAPTURE_H_ namespace modsecurity { -class RuleWithOperator; namespace actions { -class Capture : public Action { +class Capture : public ActionTypeRuleMetaData { public: - explicit Capture(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + Capture() + : Action("capture") { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + void configure(RuleWithActions *rule) override { + rule->setHasCaptureAction(true); + } }; diff --git a/src/actions/chain.cc b/src/actions/chain.cc index db9e6c68..8fe94919 100644 --- a/src/actions/chain.cc +++ b/src/actions/chain.cc @@ -13,25 +13,13 @@ * */ + #include "src/actions/chain.h" -#include -#include - -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "src/rule_with_actions.h" - namespace modsecurity { namespace actions { -bool Chain::execute(RuleWithActions *rule, Transaction *transaction) { - rule->setHasChainAction(true); - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/chain.h b/src/actions/chain.h index cafb64f2..f1b55f89 100644 --- a/src/actions/chain.h +++ b/src/actions/chain.h @@ -13,33 +13,34 @@ * */ + #include -#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" + #ifndef SRC_ACTIONS_CHAIN_H_ #define SRC_ACTIONS_CHAIN_H_ -#ifdef __cplusplus -class Transaction; namespace modsecurity { -class Transaction; -class RuleWithOperator; - namespace actions { -class Chain : public Action { +class Chain : public ActionTypeRuleMetaData { public: - explicit Chain(const std::string &action) - : Action(action, ConfigurationKind) { } + Chain() + : Action("chain") + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + void configure(RuleWithActions *rule) override { + rule->setHasChainAction(true); + } }; + } // namespace actions } // namespace modsecurity -#endif + #endif // SRC_ACTIONS_CHAIN_H_ diff --git a/src/actions/ctl/audit_log_parts.cc b/src/actions/ctl/audit_log_parts.cc index cfe62638..3ee05bb4 100644 --- a/src/actions/ctl/audit_log_parts.cc +++ b/src/actions/ctl/audit_log_parts.cc @@ -13,13 +13,20 @@ * */ + #include "src/actions/ctl/audit_log_parts.h" -#include #include #include #include "modsecurity/transaction.h" +#include "modsecurity/audit_log.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" + namespace modsecurity { namespace actions { @@ -27,20 +34,39 @@ namespace ctl { bool AuditLogParts::init(std::string *error) { - std::string what(m_parser_payload, 14, 1); - mParts = std::string(m_parser_payload, 15, m_parser_payload.length()-15); + std::string what(m_parserPayload, 14, 1); + std::string parts_str(m_parserPayload, 15, m_parserPayload.length()-15); + + if ((what != "-") && (what != "+")) { + error->assign("ctl:auditLogParts modificators expects add or " \ + "remove (+/-) in front of the modificator. Got: " + what); + return false; + } + + int flags = AuditLog::addParts(0, parts_str); + if (what == "+") { - mPartsAction = 0; + m_partsToModify = flags; } else { - mPartsAction = 1; + m_partsToModify = -1 * flags; } return true; } -bool AuditLogParts::execute(RuleWithActions *rule, Transaction *transaction) { - transaction->m_auditLogModifier.push_back( - std::make_pair(mPartsAction, mParts)); + +bool AuditLogParts::execute(Transaction *transaction) noexcept { + ms_dbg_a(transaction, 7, "AuditLog parts before modification: " + + std::to_string(transaction->m_auditLogParts) + "."); + + if (m_partsToModify < 0) { + transaction->m_auditLogParts = \ + transaction->m_auditLogParts & ~(m_partsToModify * -1); + } else { + transaction->m_auditLogParts = \ + transaction->m_auditLogParts | m_partsToModify; + } + return true; } diff --git a/src/actions/ctl/audit_log_parts.h b/src/actions/ctl/audit_log_parts.h index ea9572ae..7d1a8d6d 100644 --- a/src/actions/ctl/audit_log_parts.h +++ b/src/actions/ctl/audit_log_parts.h @@ -13,14 +13,17 @@ * */ + #include #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" + #ifndef SRC_ACTIONS_CTL_AUDIT_LOG_PARTS_H_ #define SRC_ACTIONS_CTL_AUDIT_LOG_PARTS_H_ + namespace modsecurity { namespace actions { namespace ctl { @@ -28,17 +31,17 @@ namespace ctl { class AuditLogParts : public Action { public: - explicit AuditLogParts(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), - mPartsAction(0), - mParts("") { } + explicit AuditLogParts(const std::string &action) + : Action(action), + m_partsToModify(0) + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; + bool execute(Transaction *transaction) noexcept override; + protected: - int mPartsAction; - std::string mParts; + int m_partsToModify; }; @@ -46,4 +49,5 @@ class AuditLogParts : public Action { } // namespace actions } // namespace modsecurity + #endif // SRC_ACTIONS_CTL_AUDIT_LOG_PARTS_H_ diff --git a/src/actions/ctl/request_body_access.cc b/src/actions/ctl/request_body_access.cc index 8634deb5..24fe6115 100644 --- a/src/actions/ctl/request_body_access.cc +++ b/src/actions/ctl/request_body_access.cc @@ -13,40 +13,44 @@ * */ + #include "src/actions/ctl/request_body_access.h" -#include #include #include "modsecurity/rules_set_properties.h" #include "modsecurity/transaction.h" + namespace modsecurity { namespace actions { namespace ctl { bool RequestBodyAccess::init(std::string *error) { - std::string what(m_parser_payload, 18, m_parser_payload.size() - 18); + std::string what(m_parserPayload, 18, m_parserPayload.size() - 18); if (what == "true") { - m_request_body_access = true; + m_requestBodyAccess = true; } else if (what == "false") { - m_request_body_access = false; + m_requestBodyAccess = false; } else { error->assign("Internal error. Expected: true or false, got: " \ - + m_parser_payload); + + m_parserPayload); return false; } return true; } -bool RequestBodyAccess::execute(RuleWithActions *rule, Transaction *transaction) { - if (m_request_body_access) { - transaction->m_requestBodyAccess = RulesSetProperties::TrueConfigBoolean; + +bool RequestBodyAccess::execute(Transaction *transaction) noexcept { + if (m_requestBodyAccess) { + transaction->m_requestBodyAccess = + RulesSetProperties::TrueConfigBoolean; } else { - transaction->m_requestBodyAccess = RulesSetProperties::FalseConfigBoolean; + transaction->m_requestBodyAccess = + RulesSetProperties::FalseConfigBoolean; } return true; diff --git a/src/actions/ctl/request_body_access.h b/src/actions/ctl/request_body_access.h index ddc5e20f..403b4770 100644 --- a/src/actions/ctl/request_body_access.h +++ b/src/actions/ctl/request_body_access.h @@ -13,6 +13,7 @@ * */ + #include #include "modsecurity/actions/action.h" @@ -22,6 +23,7 @@ #ifndef SRC_ACTIONS_CTL_REQUEST_BODY_ACCESS_H_ #define SRC_ACTIONS_CTL_REQUEST_BODY_ACCESS_H_ + namespace modsecurity { namespace actions { namespace ctl { @@ -29,14 +31,17 @@ namespace ctl { class RequestBodyAccess : public Action { public: - explicit RequestBodyAccess(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), - m_request_body_access(false) { } + explicit RequestBodyAccess(const std::string &action) + : Action(action), + m_requestBodyAccess(false) + { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; - bool m_request_body_access; + bool execute(Transaction *transaction) noexcept override; + + private: + bool m_requestBodyAccess; }; @@ -44,4 +49,5 @@ class RequestBodyAccess : public Action { } // namespace actions } // namespace modsecurity + #endif // SRC_ACTIONS_CTL_REQUEST_BODY_ACCESS_H_ diff --git a/src/actions/ctl/request_body_processor_json.cc b/src/actions/ctl/request_body_processor_json.cc index 14d7fa8a..a68d41e6 100644 --- a/src/actions/ctl/request_body_processor_json.cc +++ b/src/actions/ctl/request_body_processor_json.cc @@ -13,20 +13,20 @@ * */ + #include "src/actions/ctl/request_body_processor_json.h" -#include #include #include "modsecurity/transaction.h" + namespace modsecurity { namespace actions { namespace ctl { -bool RequestBodyProcessorJSON::execute(RuleWithActions *rule, - Transaction *transaction) { +bool RequestBodyProcessorJSON::execute(Transaction *transaction) noexcept { transaction->m_requestBodyProcessor = Transaction::JSONRequestBody; transaction->m_variableReqbodyProcessor.set("JSON", transaction->m_variableOffset); diff --git a/src/actions/ctl/request_body_processor_json.h b/src/actions/ctl/request_body_processor_json.h index 846eb89b..0cec2a8c 100644 --- a/src/actions/ctl/request_body_processor_json.h +++ b/src/actions/ctl/request_body_processor_json.h @@ -13,14 +13,17 @@ * */ + #include #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" + #ifndef SRC_ACTIONS_CTL_REQUEST_BODY_PROCESSOR_JSON_H_ #define SRC_ACTIONS_CTL_REQUEST_BODY_PROCESSOR_JSON_H_ + namespace modsecurity { namespace actions { namespace ctl { @@ -28,10 +31,11 @@ namespace ctl { class RequestBodyProcessorJSON : public Action { public: - explicit RequestBodyProcessorJSON(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + explicit RequestBodyProcessorJSON(const std::string &action) + : Action(action) + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; }; diff --git a/src/actions/ctl/request_body_processor_urlencoded.cc b/src/actions/ctl/request_body_processor_urlencoded.cc index 433a9530..12c0f7e9 100644 --- a/src/actions/ctl/request_body_processor_urlencoded.cc +++ b/src/actions/ctl/request_body_processor_urlencoded.cc @@ -13,20 +13,21 @@ * */ + #include "src/actions/ctl/request_body_processor_urlencoded.h" -#include #include #include "modsecurity/transaction.h" + namespace modsecurity { namespace actions { namespace ctl { -bool RequestBodyProcessorURLENCODED::execute(RuleWithActions *rule, - Transaction *transaction) { +bool RequestBodyProcessorURLENCODED::execute( + Transaction *transaction) noexcept { transaction->m_requestBodyType = Transaction::WWWFormUrlEncoded; transaction->m_variableReqbodyProcessor.set("URLENCODED", transaction->m_variableOffset); diff --git a/src/actions/ctl/request_body_processor_urlencoded.h b/src/actions/ctl/request_body_processor_urlencoded.h index e437961e..a4c94e97 100644 --- a/src/actions/ctl/request_body_processor_urlencoded.h +++ b/src/actions/ctl/request_body_processor_urlencoded.h @@ -13,14 +13,17 @@ * */ + #include #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" + #ifndef SRC_ACTIONS_CTL_REQUEST_BODY_PROCESSOR_URLENCODED_H_ #define SRC_ACTIONS_CTL_REQUEST_BODY_PROCESSOR_URLENCODED_H_ + namespace modsecurity { namespace actions { namespace ctl { @@ -28,10 +31,11 @@ namespace ctl { class RequestBodyProcessorURLENCODED : public Action { public: - explicit RequestBodyProcessorURLENCODED(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + explicit RequestBodyProcessorURLENCODED(const std::string &action) + : Action(action) + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; }; diff --git a/src/actions/ctl/request_body_processor_xml.cc b/src/actions/ctl/request_body_processor_xml.cc index d2a32d38..5331dc55 100644 --- a/src/actions/ctl/request_body_processor_xml.cc +++ b/src/actions/ctl/request_body_processor_xml.cc @@ -13,20 +13,20 @@ * */ + #include "src/actions/ctl/request_body_processor_xml.h" -#include #include #include "modsecurity/transaction.h" + namespace modsecurity { namespace actions { namespace ctl { -bool RequestBodyProcessorXML::execute(RuleWithActions *rule, - Transaction *transaction) { +bool RequestBodyProcessorXML::execute(Transaction *transaction) noexcept { transaction->m_requestBodyProcessor = Transaction::XMLRequestBody; transaction->m_variableReqbodyProcessor.set("XML", transaction->m_variableOffset); diff --git a/src/actions/ctl/request_body_processor_xml.h b/src/actions/ctl/request_body_processor_xml.h index 0d1b678c..fab8d358 100644 --- a/src/actions/ctl/request_body_processor_xml.h +++ b/src/actions/ctl/request_body_processor_xml.h @@ -13,14 +13,17 @@ * */ + #include #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" + #ifndef SRC_ACTIONS_CTL_REQUEST_BODY_PROCESSOR_XML_H_ #define SRC_ACTIONS_CTL_REQUEST_BODY_PROCESSOR_XML_H_ + namespace modsecurity { namespace actions { namespace ctl { @@ -28,10 +31,11 @@ namespace ctl { class RequestBodyProcessorXML : public Action { public: - explicit RequestBodyProcessorXML(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + explicit RequestBodyProcessorXML(const std::string &action) + : Action(action) + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; }; diff --git a/src/actions/ctl/rule_engine.cc b/src/actions/ctl/rule_engine.cc index 54e58159..cbd4d073 100644 --- a/src/actions/ctl/rule_engine.cc +++ b/src/actions/ctl/rule_engine.cc @@ -13,22 +13,23 @@ * */ + #include "src/actions/ctl/rule_engine.h" -#include #include #include "modsecurity/rules_set_properties.h" #include "modsecurity/rules_set.h" #include "modsecurity/transaction.h" + namespace modsecurity { namespace actions { namespace ctl { bool RuleEngine::init(std::string *error) { - std::string what(m_parser_payload, 11, m_parser_payload.size() - 11); + std::string what(m_parserPayload, 11, m_parserPayload.size() - 11); if (what == "on") { m_ruleEngine = RulesSetProperties::EnabledRuleEngine; @@ -38,14 +39,15 @@ bool RuleEngine::init(std::string *error) { m_ruleEngine = RulesSetProperties::DetectionOnlyRuleEngine; } else { error->assign("Internal error. Expected: On, Off or DetectionOnly; " \ - "got: " + m_parser_payload); + "got: " + m_parserPayload); return false; } return true; } -bool RuleEngine::execute(RuleWithActions *rule, Transaction *transaction) { + +bool RuleEngine::execute(Transaction *transaction) noexcept { std::stringstream a; a << "Setting SecRuleEngine to "; a << modsecurity::RulesSetProperties::ruleEngineStateString(m_ruleEngine); diff --git a/src/actions/ctl/rule_engine.h b/src/actions/ctl/rule_engine.h index a95be7eb..ee66d55b 100644 --- a/src/actions/ctl/rule_engine.h +++ b/src/actions/ctl/rule_engine.h @@ -13,16 +13,17 @@ * */ + #include #include "modsecurity/rules_set_properties.h" #include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" #ifndef SRC_ACTIONS_CTL_RULE_ENGINE_H_ #define SRC_ACTIONS_CTL_RULE_ENGINE_H_ + namespace modsecurity { namespace actions { namespace ctl { @@ -30,13 +31,16 @@ namespace ctl { class RuleEngine : public Action { public: - explicit RuleEngine(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), - m_ruleEngine(RulesSetProperties::PropertyNotSetRuleEngine) { } + explicit RuleEngine(const std::string &action) + : Action(action), + m_ruleEngine(RulesSetProperties::PropertyNotSetRuleEngine) + { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; + + private: RulesSetProperties::RuleEngine m_ruleEngine; }; diff --git a/src/actions/ctl/rule_remove_by_id.cc b/src/actions/ctl/rule_remove_by_id.cc index 43382733..846fee82 100644 --- a/src/actions/ctl/rule_remove_by_id.cc +++ b/src/actions/ctl/rule_remove_by_id.cc @@ -13,21 +13,25 @@ * */ + #include "src/actions/ctl/rule_remove_by_id.h" -#include #include +#include +#include #include "modsecurity/transaction.h" + #include "src/utils/string.h" + namespace modsecurity { namespace actions { namespace ctl { bool RuleRemoveById::init(std::string *error) { - std::string what(m_parser_payload, 15, m_parser_payload.size() - 15); + std::string what(m_parserPayload, 15, m_parserPayload.size() - 15); bool added = false; std::vector toRemove = utils::string::ssplit(what, ' '); for (std::string &a : toRemove) { @@ -83,7 +87,8 @@ bool RuleRemoveById::init(std::string *error) { return false; } -bool RuleRemoveById::execute(RuleWithActions *rule, Transaction *transaction) { + +bool RuleRemoveById::execute(Transaction *transaction) noexcept { for (auto &i : m_ids) { transaction->m_ruleRemoveById.push_back(i); } diff --git a/src/actions/ctl/rule_remove_by_id.h b/src/actions/ctl/rule_remove_by_id.h index 56ef7f41..debd6a66 100644 --- a/src/actions/ctl/rule_remove_by_id.h +++ b/src/actions/ctl/rule_remove_by_id.h @@ -13,7 +13,10 @@ * */ + #include +#include +#include #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" @@ -22,6 +25,7 @@ #ifndef SRC_ACTIONS_CTL_RULE_REMOVE_BY_ID_H_ #define SRC_ACTIONS_CTL_RULE_REMOVE_BY_ID_H_ + namespace modsecurity { namespace actions { namespace ctl { @@ -29,12 +33,15 @@ namespace ctl { class RuleRemoveById : public Action { public: - explicit RuleRemoveById(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + explicit RuleRemoveById(const std::string &action) + : Action(action) + { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; + + private: std::list > m_ranges; std::list m_ids; }; diff --git a/src/actions/ctl/rule_remove_by_tag.cc b/src/actions/ctl/rule_remove_by_tag.cc index 44ea217a..6ebdc31c 100644 --- a/src/actions/ctl/rule_remove_by_tag.cc +++ b/src/actions/ctl/rule_remove_by_tag.cc @@ -13,26 +13,28 @@ * */ + #include "src/actions/ctl/rule_remove_by_tag.h" -#include #include #include "modsecurity/transaction.h" + namespace modsecurity { namespace actions { namespace ctl { bool RuleRemoveByTag::init(std::string *error) { - std::string what(m_parser_payload, 16, m_parser_payload.size() - 16); + std::string what(m_parserPayload, 16, m_parserPayload.size() - 16); m_tag = what; return true; } -bool RuleRemoveByTag::execute(RuleWithActions *rule, Transaction *transaction) { + +bool RuleRemoveByTag::execute(Transaction *transaction) noexcept { transaction->m_ruleRemoveByTag.push_back(m_tag); return true; } diff --git a/src/actions/ctl/rule_remove_by_tag.h b/src/actions/ctl/rule_remove_by_tag.h index 4d072bc6..fa5fd53c 100644 --- a/src/actions/ctl/rule_remove_by_tag.h +++ b/src/actions/ctl/rule_remove_by_tag.h @@ -13,6 +13,7 @@ * */ + #include #include "modsecurity/actions/action.h" @@ -22,6 +23,7 @@ #ifndef SRC_ACTIONS_CTL_RULE_REMOVE_BY_TAG_H_ #define SRC_ACTIONS_CTL_RULE_REMOVE_BY_TAG_H_ + namespace modsecurity { namespace actions { namespace ctl { @@ -29,13 +31,16 @@ namespace ctl { class RuleRemoveByTag : public Action { public: - explicit RuleRemoveByTag(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), - m_tag("") { } + explicit RuleRemoveByTag(const std::string &action) + : Action(action), + m_tag("") + { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; + + private: std::string m_tag; }; diff --git a/src/actions/ctl/rule_remove_target_by_id.cc b/src/actions/ctl/rule_remove_target_by_id.cc index e82257f2..236dfa64 100644 --- a/src/actions/ctl/rule_remove_target_by_id.cc +++ b/src/actions/ctl/rule_remove_target_by_id.cc @@ -13,14 +13,15 @@ * */ + #include "src/actions/ctl/rule_remove_target_by_id.h" -#include #include #include #include #include "modsecurity/transaction.h" + #include "src/utils/string.h" @@ -30,7 +31,7 @@ namespace ctl { bool RuleRemoveTargetById::init(std::string *error) { - std::string what(m_parser_payload, 21, m_parser_payload.size() - 21); + std::string what(m_parserPayload, 21, m_parserPayload.size() - 21); std::vector param = utils::string::split(what, ';'); if (param.size() < 2) { @@ -51,7 +52,8 @@ bool RuleRemoveTargetById::init(std::string *error) { return true; } -bool RuleRemoveTargetById::execute(RuleWithActions *rule, Transaction *transaction) { + +bool RuleRemoveTargetById::execute(Transaction *transaction) noexcept { transaction->m_ruleRemoveTargetById.push_back( std::make_pair(m_id, m_target)); return true; diff --git a/src/actions/ctl/rule_remove_target_by_id.h b/src/actions/ctl/rule_remove_target_by_id.h index 6e8b927c..62ac870e 100644 --- a/src/actions/ctl/rule_remove_target_by_id.h +++ b/src/actions/ctl/rule_remove_target_by_id.h @@ -13,6 +13,7 @@ * */ + #include #include "modsecurity/actions/action.h" @@ -22,6 +23,7 @@ #ifndef SRC_ACTIONS_CTL_RULE_REMOVE_TARGET_BY_ID_H_ #define SRC_ACTIONS_CTL_RULE_REMOVE_TARGET_BY_ID_H_ + namespace modsecurity { namespace actions { namespace ctl { @@ -29,14 +31,17 @@ namespace ctl { class RuleRemoveTargetById : public Action { public: - explicit RuleRemoveTargetById(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), + explicit RuleRemoveTargetById(const std::string &action) + : Action(action), m_id(0), - m_target("") { } + m_target("") + { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; + + private: int m_id; std::string m_target; }; diff --git a/src/actions/ctl/rule_remove_target_by_tag.cc b/src/actions/ctl/rule_remove_target_by_tag.cc index 57ebd4bc..8d676a14 100644 --- a/src/actions/ctl/rule_remove_target_by_tag.cc +++ b/src/actions/ctl/rule_remove_target_by_tag.cc @@ -13,14 +13,15 @@ * */ + #include "src/actions/ctl/rule_remove_target_by_tag.h" -#include #include #include #include #include "modsecurity/transaction.h" + #include "src/utils/string.h" @@ -30,7 +31,7 @@ namespace ctl { bool RuleRemoveTargetByTag::init(std::string *error) { - std::string what(m_parser_payload, 22, m_parser_payload.size() - 22); + std::string what(m_parserPayload, 22, m_parserPayload.size() - 22); std::vector param = utils::string::split(what, ';'); if (param.size() < 2) { @@ -44,7 +45,8 @@ bool RuleRemoveTargetByTag::init(std::string *error) { return true; } -bool RuleRemoveTargetByTag::execute(RuleWithActions *rule, Transaction *transaction) { + +bool RuleRemoveTargetByTag::execute(Transaction *transaction) noexcept { transaction->m_ruleRemoveTargetByTag.push_back( std::make_pair(m_tag, m_target)); return true; diff --git a/src/actions/ctl/rule_remove_target_by_tag.h b/src/actions/ctl/rule_remove_target_by_tag.h index 0d8a7aa4..90ab530d 100644 --- a/src/actions/ctl/rule_remove_target_by_tag.h +++ b/src/actions/ctl/rule_remove_target_by_tag.h @@ -13,6 +13,7 @@ * */ + #include #include "modsecurity/actions/action.h" @@ -22,6 +23,7 @@ #ifndef SRC_ACTIONS_CTL_RULE_REMOVE_TARGET_BY_TAG_H_ #define SRC_ACTIONS_CTL_RULE_REMOVE_TARGET_BY_TAG_H_ + namespace modsecurity { namespace actions { namespace ctl { @@ -29,12 +31,15 @@ namespace ctl { class RuleRemoveTargetByTag : public Action { public: - explicit RuleRemoveTargetByTag(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + explicit RuleRemoveTargetByTag(const std::string &action) + : Action(action) + { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; + + private: std::string m_tag; std::string m_target; }; @@ -44,4 +49,5 @@ class RuleRemoveTargetByTag : public Action { } // namespace actions } // namespace modsecurity + #endif // SRC_ACTIONS_CTL_RULE_REMOVE_TARGET_BY_TAG_H_ diff --git a/src/actions/data/status.cc b/src/actions/data/status.cc index a31e5ffe..a6702e89 100644 --- a/src/actions/data/status.cc +++ b/src/actions/data/status.cc @@ -13,11 +13,10 @@ * */ + #include "src/actions/data/status.h" -#include #include -#include #include "modsecurity/transaction.h" @@ -26,11 +25,12 @@ namespace modsecurity { namespace actions { namespace data { + bool Status::init(std::string *error) { try { - m_status = std::stoi(m_parser_payload); + m_status = std::stoi(m_parserPayload); } catch (...) { - error->assign("Not a valid number: " + m_parser_payload); + error->assign("Not a valid number: " + m_parserPayload); return false; } @@ -38,7 +38,7 @@ bool Status::init(std::string *error) { } -bool Status::execute(RuleWithActions *rule, Transaction *transaction) { +bool Status::execute(Transaction *transaction) noexcept { transaction->m_it.status = m_status; return true; } diff --git a/src/actions/data/status.h b/src/actions/data/status.h index 87a30059..b96a3d4a 100644 --- a/src/actions/data/status.h +++ b/src/actions/data/status.h @@ -13,32 +13,36 @@ * */ + #include -#include #include "modsecurity/actions/action.h" -#include "modsecurity/rule_message.h" +#include "modsecurity/transaction.h" + +#include "src/actions/action_allowed_in_sec_default_action.h" + #ifndef SRC_ACTIONS_DATA_STATUS_H_ #define SRC_ACTIONS_DATA_STATUS_H_ -#ifdef __cplusplus -class Transaction; namespace modsecurity { -class Transaction; namespace actions { namespace data { -class Status : public Action { +class Status : public ActionAllowedAsSecDefaultAction { public: - explicit Status(const std::string &action) : Action(action, 2), - m_status(0) { } + explicit Status(const std::string &action) + : Action(action), + m_status(0) + { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; + + private: int m_status; }; @@ -46,6 +50,6 @@ class Status : public Action { } // namespace data } // namespace actions } // namespace modsecurity -#endif + #endif // SRC_ACTIONS_DATA_STATUS_H_ diff --git a/src/actions/disruptive/allow.cc b/src/actions/disruptive/allow.cc index ae22ddbf..9d1b0575 100644 --- a/src/actions/disruptive/allow.cc +++ b/src/actions/disruptive/allow.cc @@ -13,16 +13,19 @@ * */ + #include "src/actions/disruptive/allow.h" -#include #include -#include "modsecurity/rules_set.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" + #include "src/utils/string.h" -#include "modsecurity/modsecurity.h" namespace modsecurity { @@ -31,7 +34,7 @@ namespace disruptive { bool Allow::init(std::string *error) { - std::string a = utils::string::tolower(m_parser_payload); + std::string a = utils::string::tolower(m_parserPayload); if (a == "phase") { m_allowType = PhaseAllowType; @@ -49,7 +52,7 @@ bool Allow::init(std::string *error) { } -bool Allow::execute(RuleWithActions *rule, Transaction *transaction) { +bool Allow::execute(Transaction *transaction) noexcept { ms_dbg_a(transaction, 4, "Dropping the evaluation of upcoming rules " \ "in favor of an `allow' action of type: " \ + allowTypeToName(m_allowType)); diff --git a/src/actions/disruptive/allow.h b/src/actions/disruptive/allow.h index 49776066..2f94f961 100644 --- a/src/actions/disruptive/allow.h +++ b/src/actions/disruptive/allow.h @@ -13,20 +13,20 @@ * */ + #include #include "modsecurity/actions/action.h" +#include "modsecurity/transaction.h" + +#include "src/actions/disruptive/disruptive_action.h" + #ifndef SRC_ACTIONS_DISRUPTIVE_ALLOW_H_ #define SRC_ACTIONS_DISRUPTIVE_ALLOW_H_ -#ifdef __cplusplus -class Transaction; namespace modsecurity { -class Transaction; -class RuleWithOperator; - namespace actions { namespace disruptive { @@ -51,17 +51,18 @@ enum AllowType : int { }; -class Allow : public Action { +class Allow : public ActionDisruptive { public: - explicit Allow(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), - m_allowType(NoneAllowType) { } - + explicit Allow(const std::string &action) + : Action(action), + m_allowType(NoneAllowType) + { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; - bool isDisruptive() override { return true; } + bool execute(Transaction *transaction) noexcept override; + + private: AllowType m_allowType; static std::string allowTypeToName(AllowType a) { @@ -83,6 +84,6 @@ class Allow : public Action { } // namespace disruptive } // namespace actions } // namespace modsecurity -#endif + #endif // SRC_ACTIONS_DISRUPTIVE_ALLOW_H_ diff --git a/src/actions/disruptive/deny.cc b/src/actions/disruptive/deny.cc index 907e8874..89d2b871 100644 --- a/src/actions/disruptive/deny.cc +++ b/src/actions/disruptive/deny.cc @@ -13,22 +13,26 @@ * */ + #include "src/actions/disruptive/deny.h" -#include -#include #include -#include -#include #include "modsecurity/transaction.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" +#include "modsecurity/rule_message.h" + namespace modsecurity { namespace actions { namespace disruptive { -bool Deny::execute(RuleWithActions *rule, Transaction *transaction) { +bool Deny::execute(Transaction *transaction) noexcept { ms_dbg_a(transaction, 8, "Running action deny"); if (transaction->m_it.status == 200) { @@ -37,9 +41,10 @@ bool Deny::execute(RuleWithActions *rule, Transaction *transaction) { transaction->m_it.disruptive = true; intervention::freeLog(&transaction->m_it); - transaction->messageGetLast()->setRule(rule); transaction->m_it.log = strdup( - transaction->messageGetLast()->log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str()); + transaction->messageGetLast()->log( + RuleMessage::LogMessageInfo::ClientLogMessageInfo) + .c_str()); return true; } diff --git a/src/actions/disruptive/deny.h b/src/actions/disruptive/deny.h index 182b2162..703f3742 100644 --- a/src/actions/disruptive/deny.h +++ b/src/actions/disruptive/deny.h @@ -13,28 +13,31 @@ * */ -#include -#include -#include "modsecurity/rules_set.h" +#include + #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule_message.h" + +#include "src/actions/disruptive/disruptive_action.h" + #ifndef SRC_ACTIONS_DISRUPTIVE_DENY_H_ #define SRC_ACTIONS_DISRUPTIVE_DENY_H_ + namespace modsecurity { namespace actions { namespace disruptive { -class Deny : public Action { +class Deny : public ActionDisruptive { public: - explicit Deny(const std::string &action) : Action(action) { } + Deny() + : Action("deny") + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; - bool isDisruptive() override { return true; } + bool execute(Transaction *transaction) noexcept override; }; @@ -42,4 +45,5 @@ class Deny : public Action { } // namespace actions } // namespace modsecurity + #endif // SRC_ACTIONS_DISRUPTIVE_DENY_H_ diff --git a/src/actions/disruptive/disruptive_action.h b/src/actions/disruptive/disruptive_action.h new file mode 100644 index 00000000..5e139d5b --- /dev/null +++ b/src/actions/disruptive/disruptive_action.h @@ -0,0 +1,45 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 - 2020 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + + +#include + +#include "modsecurity/actions/action.h" +#include "src/actions/action_allowed_in_sec_default_action.h" + + +#ifndef SRC_ACTIONS_DISRUPTIVE_DISRUPTIVE_ACTION_H_ +#define SRC_ACTIONS_DISRUPTIVE_DISRUPTIVE_ACTION_H_ + + +namespace modsecurity { +namespace actions { +namespace disruptive { + + +class ActionDisruptive : public ActionAllowedAsSecDefaultAction { + public: + bool isDisruptive() override { + return true; + } +}; + + +} // namespace disruptive +} // namespace actions +} // namespace modsecurity + + +#endif // SRC_ACTIONS_DISRUPTIVE_DISRUPTIVE_ACTION_H_ diff --git a/src/actions/disruptive/drop.cc b/src/actions/disruptive/drop.cc index 848c05f9..3243e471 100644 --- a/src/actions/disruptive/drop.cc +++ b/src/actions/disruptive/drop.cc @@ -13,26 +13,26 @@ * */ + #include "src/actions/disruptive/drop.h" -#include -#include #include -#include -#include -#include "modsecurity/rules_set.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "src/utils/string.h" -#include "modsecurity/modsecurity.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" +#include "modsecurity/rule_message.h" + namespace modsecurity { namespace actions { namespace disruptive { -bool Drop::execute(RuleWithActions *rule, Transaction *transaction) { +bool Drop::execute(Transaction *transaction) noexcept { ms_dbg_a(transaction, 8, "Running action drop " \ "[executing deny instead of drop.]"); @@ -42,9 +42,11 @@ bool Drop::execute(RuleWithActions *rule, Transaction *transaction) { transaction->m_it.disruptive = true; intervention::freeLog(&transaction->m_it); - transaction->messageGetLast()->setRule(rule); + transaction->m_it.log = strdup( - transaction->messageGetLast()->log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str()); + transaction->messageGetLast()->log( + RuleMessage::LogMessageInfo::ClientLogMessageInfo) + .c_str()); return true; } diff --git a/src/actions/disruptive/drop.h b/src/actions/disruptive/drop.h index 2ff7d1f1..d9ac8be4 100644 --- a/src/actions/disruptive/drop.h +++ b/src/actions/disruptive/drop.h @@ -13,27 +13,31 @@ * */ + #include -#include #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule_message.h" + +#include "src/actions/disruptive/disruptive_action.h" + #ifndef SRC_ACTIONS_DISRUPTIVE_DROP_H_ #define SRC_ACTIONS_DISRUPTIVE_DROP_H_ + namespace modsecurity { namespace actions { namespace disruptive { -class Drop : public Action { +class Drop : public ActionDisruptive { public: - explicit Drop(const std::string &action) : Action(action) { } + Drop() + : Action("drop") + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; - bool isDisruptive() override { return true; } + bool execute(Transaction *transaction) noexcept override; }; diff --git a/src/actions/disruptive/pass.cc b/src/actions/disruptive/pass.cc index 232d3087..ee20ed14 100644 --- a/src/actions/disruptive/pass.cc +++ b/src/actions/disruptive/pass.cc @@ -13,23 +13,25 @@ * */ + #include "src/actions/disruptive/pass.h" -#include #include -#include -#include "modsecurity/rules_set.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "modsecurity/rule_message.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" + namespace modsecurity { namespace actions { namespace disruptive { -bool Pass::execute(RuleWithActions *rule, Transaction *transaction) { +bool Pass::execute(Transaction *transaction) noexcept { intervention::free(&transaction->m_it); intervention::reset(&transaction->m_it); diff --git a/src/actions/disruptive/pass.h b/src/actions/disruptive/pass.h index b729ee21..a09e3fa5 100644 --- a/src/actions/disruptive/pass.h +++ b/src/actions/disruptive/pass.h @@ -13,26 +13,31 @@ * */ + #include -#include #include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" +#include "src/actions/disruptive/disruptive_action.h" + + #ifndef SRC_ACTIONS_DISRUPTIVE_PASS_H_ #define SRC_ACTIONS_DISRUPTIVE_PASS_H_ + namespace modsecurity { namespace actions { namespace disruptive { -class Pass : public Action { +class Pass : public ActionDisruptive { public: - explicit Pass(const std::string &action) : Action(action) { } + Pass() + : Action("pass") + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; - bool isDisruptive() override { return true; } + bool execute(Transaction *transaction) noexcept override; }; diff --git a/src/actions/disruptive/redirect.cc b/src/actions/disruptive/redirect.cc index 92436938..13a64643 100644 --- a/src/actions/disruptive/redirect.cc +++ b/src/actions/disruptive/redirect.cc @@ -13,32 +13,31 @@ * */ + #include "src/actions/disruptive/redirect.h" -#include -#include #include -#include #include "modsecurity/transaction.h" -#include "src/utils/string.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" +#include "modsecurity/rule_message.h" + namespace modsecurity { namespace actions { namespace disruptive { -bool Redirect::init(std::string *error) { - m_status = 302; - return true; -} - - -bool Redirect::execute(RuleWithActions *rule, Transaction *transaction) { +bool Redirect::execute(Transaction *transaction) noexcept { std::string m_urlExpanded(getEvaluatedRunTimeString(transaction)); /* if it was changed before, lets keep it. */ if (transaction->m_it.status == 200 - || (!(transaction->m_it.status <= 307 && transaction->m_it.status >= 301))) { + || (!(transaction->m_it.status <= 307 + && transaction->m_it.status >= 301))) { transaction->m_it.status = m_status; } @@ -46,9 +45,11 @@ bool Redirect::execute(RuleWithActions *rule, Transaction *transaction) { transaction->m_it.url = strdup(m_urlExpanded.c_str()); transaction->m_it.disruptive = true; intervention::freeLog(&transaction->m_it); - transaction->messageGetLast()->setRule(rule); + transaction->m_it.log = strdup( - transaction->messageGetLast()->log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str()); + transaction->messageGetLast()->log( + RuleMessage::LogMessageInfo::ClientLogMessageInfo) + .c_str()); return true; } diff --git a/src/actions/disruptive/redirect.h b/src/actions/disruptive/redirect.h index e0cceda8..6f00af7f 100644 --- a/src/actions/disruptive/redirect.h +++ b/src/actions/disruptive/redirect.h @@ -13,49 +13,49 @@ * */ + #include #include #include #include "modsecurity/actions/action.h" -#include "modsecurity/rule_message.h" +#include "modsecurity/transaction.h" + #include "src/actions/action_with_run_time_string.h" +#include "src/actions/disruptive/disruptive_action.h" +#include "src/run_time_string.h" + #ifndef SRC_ACTIONS_DISRUPTIVE_REDIRECT_H_ #define SRC_ACTIONS_DISRUPTIVE_REDIRECT_H_ -#ifdef __cplusplus -class Transaction; namespace modsecurity { -class Transaction; - namespace actions { namespace disruptive { -class Redirect : public ActionWithRunTimeString { +class Redirect : public ActionWithRunTimeString, public ActionDisruptive { public: explicit Redirect(std::unique_ptr runTimeString) - : ActionWithRunTimeString( - "redirert", - RunTimeOnlyIfMatchKind, - std::move(runTimeString)), - m_status(0) - { }; + : ActionWithRunTimeString(std::move(runTimeString)), + Action("redirect"), + m_status(302) + { } + explicit Redirect(const Redirect &action) : ActionWithRunTimeString(action), + ActionDisruptive(action), + Action(action), m_status(action.m_status) - { }; + { } - bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; - bool isDisruptive() override { return true; } - virtual ActionWithRunTimeString *clone() override { + ActionWithRunTimeString *clone() override { return new Redirect(*this); } @@ -67,6 +67,6 @@ class Redirect : public ActionWithRunTimeString { } // namespace disruptive } // namespace actions } // namespace modsecurity -#endif + #endif // SRC_ACTIONS_DISRUPTIVE_REDIRECT_H_ diff --git a/src/actions/exec.cc b/src/actions/exec.cc index 24b7f63d..3d8b6601 100644 --- a/src/actions/exec.cc +++ b/src/actions/exec.cc @@ -13,15 +13,18 @@ * */ + #include "src/actions/exec.h" -#include #include -#include "modsecurity/rules_set.h" -#include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" + #include "src/utils/system.h" #include "src/engine/lua.h" @@ -33,7 +36,7 @@ namespace actions { bool Exec::init(std::string *error) { std::string err; - m_script = utils::find_resource(m_parser_payload, "", &err); + m_script = utils::find_resource(m_parserPayload, "", &err); if (m_script.size() == 0) { error->assign("exec: Script not found: " + err); @@ -49,7 +52,7 @@ bool Exec::init(std::string *error) { } -bool Exec::execute(RuleWithActions *rule, Transaction *t) { +bool Exec::execute(Transaction *t) noexcept { ms_dbg_a(t, 8, "Running script... " + m_script); m_lua.run(t); return true; diff --git a/src/actions/exec.h b/src/actions/exec.h index cbe3f7b3..7fca049f 100644 --- a/src/actions/exec.h +++ b/src/actions/exec.h @@ -13,6 +13,7 @@ * */ + #include #include "modsecurity/actions/action.h" @@ -21,22 +22,21 @@ #ifndef SRC_ACTIONS_EXEC_H_ #define SRC_ACTIONS_EXEC_H_ -class Transaction; namespace modsecurity { -class Transaction; namespace actions { class Exec : public Action { public: - explicit Exec(const std::string &action) + explicit Exec(const std::string &action) : Action(action), - m_script("") { } + m_script("") + { } ~Exec() { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; bool init(std::string *error) override; private: diff --git a/src/actions/init_col.cc b/src/actions/init_col.cc index f3d6e536..2de14054 100644 --- a/src/actions/init_col.cc +++ b/src/actions/init_col.cc @@ -13,14 +13,17 @@ * */ + #include "src/actions/init_col.h" -#include #include -#include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" namespace modsecurity { @@ -28,9 +31,9 @@ namespace actions { bool InitCol::init(std::string *error) { - int posEquals = m_parser_payload.find("="); + int posEquals = m_parserPayload.find("="); - if (m_parser_payload.size() < 2) { + if (m_parserPayload.size() < 2) { error->assign("Something wrong with initcol format: too small"); return false; } @@ -40,7 +43,7 @@ bool InitCol::init(std::string *error) { return false; } - m_collection_key = std::string(m_parser_payload, 0, posEquals); + m_collection_key = std::string(m_parserPayload, 0, posEquals); if (m_collection_key != "ip" && m_collection_key != "global" && @@ -54,7 +57,7 @@ bool InitCol::init(std::string *error) { } -bool InitCol::execute(RuleWithActions *rule, Transaction *t) { +bool InitCol::execute(Transaction *t) noexcept { std::string collectionName(getEvaluatedRunTimeString(t)); if (m_collection_key == "ip") { diff --git a/src/actions/init_col.h b/src/actions/init_col.h index dacdd3af..3554a17d 100644 --- a/src/actions/init_col.h +++ b/src/actions/init_col.h @@ -13,6 +13,7 @@ * */ + #include #include #include @@ -33,23 +34,22 @@ class InitCol : public ActionWithRunTimeString { public: InitCol( const std::string &action, - std::unique_ptr runTimeString - ) : ActionWithRunTimeString( - action, - std::move(runTimeString) - ) - { }; + std::unique_ptr runTimeString) + : ActionWithRunTimeString(std::move(runTimeString)), + Action(action) + { } InitCol(const InitCol &action) : ActionWithRunTimeString(action), + Action(action), m_collection_key(action.m_collection_key) - { }; + { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; - virtual ActionWithRunTimeString *clone() override { + ActionWithRunTimeString *clone() override { return new InitCol(*this); } diff --git a/src/actions/log.cc b/src/actions/log.cc index 8619a8e7..3d0b5ae7 100644 --- a/src/actions/log.cc +++ b/src/actions/log.cc @@ -13,25 +13,13 @@ * */ + #include "src/actions/log.h" -#include -#include -#include - -#include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" -#include "src/operators/operator.h" -#include "modsecurity/rule_message.h" namespace modsecurity { namespace actions { -bool Log::execute(RuleWithActions *rule, Transaction *transaction) { - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/log.h b/src/actions/log.h index 7c90e761..caa968da 100644 --- a/src/actions/log.h +++ b/src/actions/log.h @@ -13,29 +13,36 @@ * */ -#include -#include #include "modsecurity/actions/action.h" +#include "src/actions/action_allowed_in_sec_default_action.h" +#include "src/actions/action_type_rule_metadata.h" +#include "src/rule_with_actions.h" + + #ifndef SRC_ACTIONS_LOG_H_ #define SRC_ACTIONS_LOG_H_ -class Transaction; namespace modsecurity { -class Transaction; namespace actions { -class Log : public Action { +class Log : public ActionTypeRuleMetaData, + public ActionAllowedAsSecDefaultAction { public: - explicit Log(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + Log() + : Action("log") + { } + + void configure(RuleWithActions *rule) override { + rule->setHasLogAction(true); + } - bool execute(RuleWithActions *rule, Transaction *transaction) override; }; + } // namespace actions } // namespace modsecurity diff --git a/src/actions/log_data.cc b/src/actions/log_data.cc index 20ea7e32..f9a73b7d 100644 --- a/src/actions/log_data.cc +++ b/src/actions/log_data.cc @@ -13,25 +13,21 @@ * */ + #include "src/actions/log_data.h" -#include #include -#include -#include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" #include "modsecurity/rule_message.h" namespace modsecurity { namespace actions { - -bool LogData::execute(RuleWithActions *rule, Transaction *transaction) { - transaction->messageGetLast()->m_data = getEvaluatedRunTimeString(transaction); - +bool LogData::execute(Transaction *transaction) noexcept { + transaction->messageGetLast()->m_data = + getEvaluatedRunTimeString(transaction); return true; } diff --git a/src/actions/log_data.h b/src/actions/log_data.h index f55c4f82..a4f8fabf 100644 --- a/src/actions/log_data.h +++ b/src/actions/log_data.h @@ -13,42 +13,39 @@ * */ -#include -#include -#include #include "modsecurity/actions/action.h" + #include "src/actions/action_with_run_time_string.h" +#include "src/run_time_string.h" + #ifndef SRC_ACTIONS_LOG_DATA_H_ #define SRC_ACTIONS_LOG_DATA_H_ -class Transaction; namespace modsecurity { -class Transaction; namespace actions { class LogData : public ActionWithRunTimeString { public: explicit LogData(std::unique_ptr runTimeString) - : ActionWithRunTimeString( - "logdata", - RunTimeOnlyIfMatchKind, - std::move(runTimeString) - ) - { }; + : ActionWithRunTimeString(std::move(runTimeString)), + Action("logdata") + { } explicit LogData(const LogData &data) - : ActionWithRunTimeString(data) - { }; + : ActionWithRunTimeString(data), + Action(data) + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; - virtual ActionWithRunTimeString *clone() override { + ActionWithRunTimeString *clone() override { return new LogData(*this); } + }; diff --git a/src/actions/maturity.cc b/src/actions/maturity.cc index b419d385..ee12200f 100644 --- a/src/actions/maturity.cc +++ b/src/actions/maturity.cc @@ -13,16 +13,11 @@ * */ + #include "src/actions/maturity.h" -#include #include -#include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "src/rule_with_actions.h" - namespace modsecurity { namespace actions { @@ -30,9 +25,9 @@ namespace actions { bool Maturity::init(std::string *error) { try { - m_maturity = std::stoi(m_parser_payload); + m_maturity = std::stoi(m_parserPayload); } catch (...) { - error->assign("Maturity: The input \"" + m_parser_payload + "\" is " \ + error->assign("Maturity: The input \"" + m_parserPayload + "\" is " \ "not a number."); return false; } @@ -40,10 +35,5 @@ bool Maturity::init(std::string *error) { } -bool Maturity::execute(RuleWithActions *rule, Transaction *transaction) { - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/maturity.h b/src/actions/maturity.h index e66f14d5..729476eb 100644 --- a/src/actions/maturity.h +++ b/src/actions/maturity.h @@ -13,9 +13,11 @@ * */ + #include -#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" + #ifndef SRC_ACTIONS_MATURITY_H_ #define SRC_ACTIONS_MATURITY_H_ @@ -27,15 +29,17 @@ class Transaction; namespace actions { -class Maturity : public Action { +class Maturity : public ActionTypeRuleMetaData { public: - explicit Maturity(const std::string &action) - : Action(action, ConfigurationKind), + explicit Maturity(const std::string &action) + : Action(action), m_maturity(0) { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; - int getMaturity() const { return m_maturity; } + + void configure(RuleWithActions *rule) override { + rule->setMaturity(m_maturity); + } private: int m_maturity; diff --git a/src/actions/msg.cc b/src/actions/msg.cc index 34d832dc..e882fab3 100644 --- a/src/actions/msg.cc +++ b/src/actions/msg.cc @@ -13,16 +13,19 @@ * */ + #include "src/actions/msg.h" -#include #include -#include -#include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "modsecurity/rule_message.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" + +#include "src/run_time_string.h" /* * Description: Assigns a custom message to the rule or chain in which it @@ -46,7 +49,7 @@ namespace modsecurity { namespace actions { -bool Msg::execute(RuleWithActions *rule, Transaction *transaction) { +bool Msg::execute(Transaction *transaction) noexcept { std::string msg = getEvaluatedRunTimeString(transaction); transaction->messageGetLast()->m_message = msg; ms_dbg_a(transaction, 9, "Saving msg: " + msg); diff --git a/src/actions/msg.h b/src/actions/msg.h index c9b6b12b..eea2ce67 100644 --- a/src/actions/msg.h +++ b/src/actions/msg.h @@ -13,6 +13,7 @@ * */ + #include #include #include @@ -34,20 +35,18 @@ namespace actions { class Msg : public ActionWithRunTimeString { public: explicit Msg(std::unique_ptr runTimeString) - : ActionWithRunTimeString( - "msg", - RunTimeOnlyIfMatchKind, - std::move(runTimeString) - ) + : ActionWithRunTimeString(std::move(runTimeString)), + Action("msg") { }; explicit Msg(const Msg &action) - : ActionWithRunTimeString(action) + : ActionWithRunTimeString(action), + Action(action) { }; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; - virtual ActionWithRunTimeString *clone() override { + ActionWithRunTimeString *clone() override { return new Msg(*this); } }; diff --git a/src/actions/multi_match.cc b/src/actions/multi_match.cc index 0956b7dc..cf39e150 100644 --- a/src/actions/multi_match.cc +++ b/src/actions/multi_match.cc @@ -13,22 +13,13 @@ * */ + #include "src/actions/multi_match.h" -#include -#include - -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" namespace modsecurity { namespace actions { -bool MultiMatch::execute(RuleWithActions *rule, Transaction *transaction) { - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/multi_match.h b/src/actions/multi_match.h index 1c62523a..f8a72694 100644 --- a/src/actions/multi_match.h +++ b/src/actions/multi_match.h @@ -13,33 +13,34 @@ * */ + #include -#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" + #ifndef SRC_ACTIONS_MULTI_MATCH_H_ #define SRC_ACTIONS_MULTI_MATCH_H_ -#ifdef __cplusplus -class Transaction; - namespace modsecurity { -class Transaction; -class RuleWithOperator; - namespace actions { -class MultiMatch : public Action { +class MultiMatch : public ActionTypeRuleMetaData { public: - explicit MultiMatch(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + MultiMatch() + : Action("multiMatch") + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + + void configure(RuleWithActions *rule) override { + rule->setHasMultimatchAction(true); + } }; + } // namespace actions } // namespace modsecurity -#endif + #endif // SRC_ACTIONS_MULTI_MATCH_H_ diff --git a/src/actions/no_audit_log.cc b/src/actions/no_audit_log.cc index fd857177..71a1d244 100644 --- a/src/actions/no_audit_log.cc +++ b/src/actions/no_audit_log.cc @@ -13,20 +13,17 @@ * */ + #include "src/actions/no_audit_log.h" -#include -#include - #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "modsecurity/rule_message.h" + namespace modsecurity { namespace actions { -bool NoAuditLog::execute(RuleWithActions *rule, Transaction *transaction) { +bool NoAuditLog::execute(Transaction *transaction) noexcept { transaction->messageSetNoAuditLog(true); return true; } diff --git a/src/actions/no_audit_log.h b/src/actions/no_audit_log.h index 1adcdd1b..cd1818d4 100644 --- a/src/actions/no_audit_log.h +++ b/src/actions/no_audit_log.h @@ -13,33 +13,32 @@ * */ -#include -#include #include "modsecurity/actions/action.h" +#include "modsecurity/transaction.h" +#include "src/actions/action_allowed_in_sec_default_action.h" + #ifndef SRC_ACTIONS_NO_AUDIT_LOG_H_ #define SRC_ACTIONS_NO_AUDIT_LOG_H_ -#ifdef __cplusplus -class Transaction; namespace modsecurity { -class Transaction; - namespace actions { -class NoAuditLog : public Action { +class NoAuditLog : public ActionAllowedAsSecDefaultAction { public: - explicit NoAuditLog(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + NoAuditLog() + : Action("noAuditLog") + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; }; + } // namespace actions } // namespace modsecurity -#endif + #endif // SRC_ACTIONS_NO_AUDIT_LOG_H_ diff --git a/src/actions/no_log.cc b/src/actions/no_log.cc index 910ac761..5375201e 100644 --- a/src/actions/no_log.cc +++ b/src/actions/no_log.cc @@ -13,26 +13,13 @@ * */ + #include "src/actions/no_log.h" -#include -#include -#include - -#include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" -#include "src/operators/operator.h" -#include "modsecurity/rule_message.h" - namespace modsecurity { namespace actions { -bool NoLog::execute(RuleWithActions *rule, Transaction *transaction) { - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/no_log.h b/src/actions/no_log.h index df07060b..126458d9 100644 --- a/src/actions/no_log.h +++ b/src/actions/no_log.h @@ -13,29 +13,34 @@ * */ -#include -#include #include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" +#include "src/actions/action_allowed_in_sec_default_action.h" + + #ifndef SRC_ACTIONS_NO_LOG_H_ #define SRC_ACTIONS_NO_LOG_H_ -class Transaction; namespace modsecurity { -class Transaction; namespace actions { -class NoLog : public Action { +class NoLog : public ActionTypeRuleMetaData, + public ActionAllowedAsSecDefaultAction { public: - explicit NoLog(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + NoLog() + : Action("noLog") + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + void configure(RuleWithActions *rule) override { + rule->setHasNoLogAction(true); + } }; + } // namespace actions } // namespace modsecurity diff --git a/src/actions/phase.cc b/src/actions/phase.cc index b6382a43..fe772bf3 100644 --- a/src/actions/phase.cc +++ b/src/actions/phase.cc @@ -15,25 +15,22 @@ #include "src/actions/phase.h" -#include #include #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "modsecurity/modsecurity.h" + #include "src/utils/string.h" -#include "src/rule_with_actions.h" namespace modsecurity { namespace actions { bool Phase::init(std::string *error) { - std::string a = utils::string::tolower(m_parser_payload); + std::string a = utils::string::tolower(m_parserPayload); m_phase = -1; try { - m_phase = std::stoi(m_parser_payload); + m_phase = std::stoi(m_parserPayload); if (m_phase == 0) { m_phase = modsecurity::Phases::ConnectionPhase; m_secRulesPhase = 0; @@ -53,7 +50,7 @@ bool Phase::init(std::string *error) { m_phase = modsecurity::Phases::LoggingPhase; m_secRulesPhase = 5; } else { - error->assign("Unknown phase: " + m_parser_payload); + error->assign("Unknown phase: " + m_parserPayload); return false; } } catch (...) { @@ -73,10 +70,5 @@ bool Phase::init(std::string *error) { } -bool Phase::execute(RuleWithActions *rule, Transaction *transaction) { - rule->setPhase(m_phase); - return true; -} - } // namespace actions } // namespace modsecurity diff --git a/src/actions/phase.h b/src/actions/phase.h index 82942b76..be1f0079 100644 --- a/src/actions/phase.h +++ b/src/actions/phase.h @@ -13,38 +13,48 @@ * */ + #include -#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" + #ifndef SRC_ACTIONS_PHASE_H_ #define SRC_ACTIONS_PHASE_H_ -#ifdef __cplusplus -class Transaction; namespace modsecurity { -class Transaction; -class RuleWithOperator; - namespace actions { -class Phase : public Action { +class Phase : public ActionTypeRuleMetaData { public: - explicit Phase(const std::string &action) : Action(action, ConfigurationKind), + explicit Phase(const std::string &action) + : Action(action), m_phase(0), m_secRulesPhase(0) { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + void configure(RuleWithActions *rule) override { + rule->setPhase(m_phase); + } + + int getSecRulePhase() const { + return m_secRulesPhase; + } + + int getPhase() const { + return m_phase; + } + + private: int m_phase; int m_secRulesPhase; }; + } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_PHASE_H_ diff --git a/src/actions/rev.cc b/src/actions/rev.cc index 4e2d94e0..49e1c1b5 100644 --- a/src/actions/rev.cc +++ b/src/actions/rev.cc @@ -13,28 +13,18 @@ * */ + #include "src/actions/rev.h" -#include #include -#include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "src/rule_with_actions.h" - namespace modsecurity { namespace actions { bool Rev::init(std::string *error) { - m_rev = m_parser_payload; - return true; -} - - -bool Rev::execute(RuleWithActions *rule, Transaction *transaction) { + m_revision = m_parserPayload; return true; } diff --git a/src/actions/rev.h b/src/actions/rev.h index ed8dbfdf..b577bd21 100644 --- a/src/actions/rev.h +++ b/src/actions/rev.h @@ -13,30 +13,35 @@ * */ + #include -#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" + #ifndef SRC_ACTIONS_REV_H_ #define SRC_ACTIONS_REV_H_ -class Transaction; namespace modsecurity { -class Transaction; namespace actions { -class Rev : public Action { +class Rev : public ActionTypeRuleMetaData { public: - explicit Rev(const std::string &action) : Action(action, ConfigurationKind) { } + explicit Rev(const std::string &action) + : Action(action), + m_revision("") + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; - std::string getRevision() const { return m_rev; } + + void configure(RuleWithActions *rule) override { + rule->setRevision(m_revision); + } private: - std::string m_rev; + std::string m_revision; }; diff --git a/src/actions/rule_id.cc b/src/actions/rule_id.cc index 7457e091..7cce70e4 100644 --- a/src/actions/rule_id.cc +++ b/src/actions/rule_id.cc @@ -13,22 +13,18 @@ * */ + #include "src/actions/rule_id.h" -#include #include -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "src/rule_with_actions.h" - namespace modsecurity { namespace actions { bool RuleId::init(std::string *error) { - std::string a = m_parser_payload; + std::string a = m_parserPayload; try { m_ruleId = std::stod(a); @@ -50,11 +46,5 @@ bool RuleId::init(std::string *error) { } -bool RuleId::execute(RuleWithActions *rule, Transaction *transaction) { - rule->setId(m_ruleId); - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/rule_id.h b/src/actions/rule_id.h index 74846f2d..8813c7c5 100644 --- a/src/actions/rule_id.h +++ b/src/actions/rule_id.h @@ -13,38 +13,40 @@ * */ + #include -#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" + #ifndef SRC_ACTIONS_RULE_ID_H_ #define SRC_ACTIONS_RULE_ID_H_ -#ifdef __cplusplus -class Transaction; namespace modsecurity { -class Transaction; -class RuleWithOperator; - namespace actions { -class RuleId : public Action { +class RuleId : public ActionTypeRuleMetaData { public: - explicit RuleId(const std::string &action) - : Action(action, ConfigurationKind), - m_ruleId(0) { } + explicit RuleId(const std::string &action) + : Action(action), + m_ruleId(0) + { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + + void configure(RuleWithActions *rule) override { + rule->setId(m_ruleId); + } private: double m_ruleId; }; + } // namespace actions } // namespace modsecurity -#endif + #endif // SRC_ACTIONS_RULE_ID_H_ diff --git a/src/actions/set_env.cc b/src/actions/set_env.cc index a96b6ec7..38131973 100644 --- a/src/actions/set_env.cc +++ b/src/actions/set_env.cc @@ -13,22 +13,26 @@ * */ + #include "src/actions/set_env.h" -#include #include #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "src/utils/string.h" -#include "src/rule_with_actions.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" + +#include "src/run_time_string.h" namespace modsecurity { namespace actions { -bool SetENV::execute(RuleWithActions *rule, Transaction *t) { +bool SetENV::execute(Transaction *t) noexcept { std::string colNameExpanded(getEvaluatedRunTimeString(t)); ms_dbg_a(t, 8, "Setting envoriment variable: " diff --git a/src/actions/set_env.h b/src/actions/set_env.h index 0fa1399e..d150b6aa 100644 --- a/src/actions/set_env.h +++ b/src/actions/set_env.h @@ -13,6 +13,7 @@ * */ + #include #include #include @@ -33,20 +34,18 @@ namespace actions { class SetENV : public ActionWithRunTimeString { public: explicit SetENV(std::unique_ptr runTimeString) - : ActionWithRunTimeString( - "setenv", - RunTimeOnlyIfMatchKind, - std::move(runTimeString) - ) + : ActionWithRunTimeString(std::move(runTimeString)), + Action("setenv") { }; explicit SetENV(const SetENV &action) - : ActionWithRunTimeString(action) + : ActionWithRunTimeString(action), + Action(action) { }; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; - virtual ActionWithRunTimeString *clone() override { + ActionWithRunTimeString *clone() override { return new SetENV(*this); } }; diff --git a/src/actions/set_rsc.cc b/src/actions/set_rsc.cc index e34e2c72..dc3ddbea 100644 --- a/src/actions/set_rsc.cc +++ b/src/actions/set_rsc.cc @@ -13,20 +13,24 @@ * */ + #include "src/actions/set_rsc.h" -#include #include #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" namespace modsecurity { namespace actions { -bool SetRSC::execute(RuleWithActions *rule, Transaction *t) { +bool SetRSC::execute(Transaction *t) noexcept { std::string colNameExpanded(getEvaluatedRunTimeString(t)); ms_dbg_a(t, 8, "RESOURCE initiated with value: \'" + colNameExpanded + "\'."); diff --git a/src/actions/set_rsc.h b/src/actions/set_rsc.h index 66a5f535..f83bd479 100644 --- a/src/actions/set_rsc.h +++ b/src/actions/set_rsc.h @@ -13,6 +13,7 @@ * */ + #include #include #include @@ -33,20 +34,18 @@ namespace actions { class SetRSC : public ActionWithRunTimeString { public: explicit SetRSC(std::unique_ptr runTimeString) - : ActionWithRunTimeString( - "setsrc", - RunTimeOnlyIfMatchKind, - std::move(runTimeString) - ) + : ActionWithRunTimeString(std::move(runTimeString)), + Action("setsrc") { }; explicit SetRSC(const SetRSC &action) - : ActionWithRunTimeString(action) + : ActionWithRunTimeString(action), + Action(action) { }; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; - virtual ActionWithRunTimeString *clone() override { + ActionWithRunTimeString *clone() override { return new SetRSC(*this); } }; diff --git a/src/actions/set_sid.cc b/src/actions/set_sid.cc index 9359ebcd..5983745e 100644 --- a/src/actions/set_sid.cc +++ b/src/actions/set_sid.cc @@ -13,20 +13,24 @@ * */ + #include "src/actions/set_sid.h" -#include #include #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" namespace modsecurity { namespace actions { -bool SetSID::execute(RuleWithActions *rule, Transaction *t) { +bool SetSID::execute(Transaction *t) noexcept { std::string colNameExpanded(getEvaluatedRunTimeString(t)); ms_dbg_a(t, 8, "Session ID initiated with value: \'" + colNameExpanded + "\'."); diff --git a/src/actions/set_sid.h b/src/actions/set_sid.h index 71305e90..d7b8c1a4 100644 --- a/src/actions/set_sid.h +++ b/src/actions/set_sid.h @@ -13,6 +13,7 @@ * */ + #include #include #include @@ -33,20 +34,18 @@ namespace actions { class SetSID : public ActionWithRunTimeString { public: explicit SetSID(std::unique_ptr runTimeString) - : ActionWithRunTimeString( - "setsid", - RunTimeOnlyIfMatchKind, - std::move(runTimeString) - ) + : ActionWithRunTimeString(std::move(runTimeString)), + Action("setsid") { }; SetSID(const SetSID &action) - : ActionWithRunTimeString(action) + : ActionWithRunTimeString(action), + Action(action) { }; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; - virtual ActionWithRunTimeString *clone() override { + ActionWithRunTimeString *clone() override { return new SetSID(*this); } }; diff --git a/src/actions/set_uid.cc b/src/actions/set_uid.cc index 1c60ab49..958d634b 100644 --- a/src/actions/set_uid.cc +++ b/src/actions/set_uid.cc @@ -13,20 +13,24 @@ * */ + #include "src/actions/set_uid.h" -#include #include #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" namespace modsecurity { namespace actions { -bool SetUID::execute(RuleWithActions *rule, Transaction *t) { +bool SetUID::execute(Transaction *t) noexcept { std::string colNameExpanded(getEvaluatedRunTimeString(t)); ms_dbg_a(t, 8, "User collection initiated with value: \'" + colNameExpanded + "\'."); diff --git a/src/actions/set_uid.h b/src/actions/set_uid.h index 0191e5ff..5eaa2a0c 100644 --- a/src/actions/set_uid.h +++ b/src/actions/set_uid.h @@ -13,6 +13,7 @@ * */ + #include #include #include @@ -33,23 +34,20 @@ namespace actions { class SetUID : public ActionWithRunTimeString { public: explicit SetUID(std::unique_ptr runTimeString) - : ActionWithRunTimeString( - "setuid", - RunTimeOnlyIfMatchKind, - std::move(runTimeString) - ) + : ActionWithRunTimeString(std::move(runTimeString)), + Action("setuid") { }; explicit SetUID(const SetUID &action) - : ActionWithRunTimeString(action) + : ActionWithRunTimeString(action), + Action(action) { }; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; - virtual ActionWithRunTimeString *clone() override { + ActionWithRunTimeString *clone() override { return new SetUID(*this); } - }; diff --git a/src/actions/set_var.cc b/src/actions/set_var.cc index 1fc6c084..2b07940c 100644 --- a/src/actions/set_var.cc +++ b/src/actions/set_var.cc @@ -13,24 +13,24 @@ * */ + #include "src/actions/set_var.h" -#include #include -#include -#include "modsecurity/rules_set.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "src/utils/string.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" + #include "src/variables/global.h" #include "src/variables/ip.h" #include "src/variables/resource.h" #include "src/variables/session.h" #include "src/variables/tx.h" #include "src/variables/user.h" -#include "src/variables/variable.h" -#include "src/rule_with_operator.h" namespace modsecurity { @@ -42,7 +42,7 @@ bool SetVar::init(std::string *error) { } -bool SetVar::execute(RuleWithActions *rule, Transaction *t) { +bool SetVar::execute(Transaction *t) noexcept { std::string targetValue; std::string resolvedPre; diff --git a/src/actions/set_var.h b/src/actions/set_var.h index 40f2b2b6..e200447c 100644 --- a/src/actions/set_var.h +++ b/src/actions/set_var.h @@ -13,23 +13,26 @@ * */ + #include #include #include #include "modsecurity/actions/action.h" +#include "modsecurity/transaction.h" #include "src/actions/action_with_run_time_string.h" #include "src/variables/variable_with_runtime_string.h" +#include "src/rule_with_operator.h" + #ifndef SRC_ACTIONS_SET_VAR_H_ #define SRC_ACTIONS_SET_VAR_H_ -namespace modsecurity { -class Transaction; -class RuleWithOperator; +namespace modsecurity { namespace actions { + enum SetVarOperation { /* Set variable to something */ setOperation, @@ -43,57 +46,66 @@ enum SetVarOperation { unsetOperation, }; + class SetVar : public ActionWithRunTimeString { public: SetVar(SetVarOperation operation, std::unique_ptr variable, std::unique_ptr predicate) - : ActionWithRunTimeString("setvar", std::move(predicate)), + : ActionWithRunTimeString(std::move(predicate)), m_operation(operation), - m_variable(std::move(variable)) - { }; + m_variable(std::move(variable)), + Action("setvar") + { } SetVar(SetVarOperation operation, std::unique_ptr variable) - : ActionWithRunTimeString("setvar"), + : ActionWithRunTimeString(), + Action("setvar"), m_operation(operation), m_variable(std::move(variable)) - { }; + { } SetVar(const SetVar &var) : ActionWithRunTimeString(var), + Action(var), m_operation(var.m_operation), - m_variable(var.m_variable) - { - variables::RuleVariable *rv = dynamic_cast(m_variable.get()); + m_variable(var.m_variable) { + variables::RuleVariable *rv = dynamic_cast( + m_variable.get()); if (rv != nullptr) { auto nrv = rv->clone(); rv = dynamic_cast(nrv); rv->populate(nullptr); m_variable = std::unique_ptr(nrv); } - }; + } - - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; bool init(std::string *error) override; void populate(RuleWithActions *rule) override { ActionWithRunTimeString::populate(rule); - variables::RuleVariable *rulev = dynamic_cast(m_variable.get()); + variables::RuleVariable *rulev = + dynamic_cast( + m_variable.get()); + if (rulev != nullptr) { rulev->populate(rule); } - variables::VariableWithRunTimeString *rulev2 = dynamic_cast(m_variable.get()); + variables::VariableWithRunTimeString *rulev2 = + dynamic_cast( + m_variable.get()); + if (rulev2 != nullptr) { rulev2->populate(rule); } } - virtual ActionWithRunTimeString *clone() override { + ActionWithRunTimeString *clone() override { return new SetVar(*this); } @@ -102,6 +114,7 @@ class SetVar : public ActionWithRunTimeString { std::shared_ptr m_variable; }; + } // namespace actions } // namespace modsecurity diff --git a/src/actions/severity.cc b/src/actions/severity.cc index cc0cd809..99f574be 100644 --- a/src/actions/severity.cc +++ b/src/actions/severity.cc @@ -13,18 +13,18 @@ * */ + #include "src/actions/severity.h" -#include #include -#include +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ #include "modsecurity/rules_set.h" -#include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" + #include "src/utils/string.h" -#include "modsecurity/rule_message.h" namespace modsecurity { @@ -32,7 +32,7 @@ namespace actions { bool Severity::init(std::string *error) { - std::string a = utils::string::tolower(m_parser_payload); + std::string a = utils::string::tolower(m_parserPayload); if (a == "emergency") { m_severity = 0; return true; @@ -71,10 +71,5 @@ bool Severity::init(std::string *error) { } -bool Severity::execute(RuleWithActions *rule, Transaction *transaction) { - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/severity.h b/src/actions/severity.h index ed373859..d40d102f 100644 --- a/src/actions/severity.h +++ b/src/actions/severity.h @@ -13,37 +13,41 @@ * */ + #include #include -#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" + #ifndef SRC_ACTIONS_SEVERITY_H_ #define SRC_ACTIONS_SEVERITY_H_ -#ifdef __cplusplus namespace modsecurity { -class Transaction; - namespace actions { -class Severity : public Action { +class Severity : public ActionTypeRuleMetaData { public: - explicit Severity(const std::string &action) + explicit Severity(const std::string &action) : Action(action), - m_severity(0) { } + m_severity(0) + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; bool init(std::string *error) override; + void configure(RuleWithActions *rule) override { + rule->setSeverity(m_severity); + } + + private: int m_severity; }; } // namespace actions } // namespace modsecurity -#endif + #endif // SRC_ACTIONS_SEVERITY_H_ diff --git a/src/actions/skip.cc b/src/actions/skip.cc index 8611dee3..07e69693 100644 --- a/src/actions/skip.cc +++ b/src/actions/skip.cc @@ -13,14 +13,18 @@ * */ + #include "src/actions/skip.h" -#include #include -#include "modsecurity/rules_set.h" -#include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" + namespace modsecurity { namespace actions { @@ -28,9 +32,9 @@ namespace actions { bool Skip::init(std::string *error) { try { - m_skip_next = std::stoi(m_parser_payload); + m_skip_next = std::stoi(m_parserPayload); } catch (...) { - error->assign("Skip: The input \"" + m_parser_payload + "\" is " \ + error->assign("Skip: The input \"" + m_parserPayload + "\" is " \ "not a number."); return false; } @@ -38,7 +42,7 @@ bool Skip::init(std::string *error) { } -bool Skip::execute(RuleWithActions *rule, Transaction *transaction) { +bool Skip::execute(Transaction *transaction) noexcept { ms_dbg_a(transaction, 5, "Skipping the next " + \ std::to_string(m_skip_next) + " rules."); diff --git a/src/actions/skip.h b/src/actions/skip.h index 78bff450..35898e2b 100644 --- a/src/actions/skip.h +++ b/src/actions/skip.h @@ -13,10 +13,12 @@ * */ + #include #include "modsecurity/actions/action.h" + #ifndef SRC_ACTIONS_SKIP_H_ #define SRC_ACTIONS_SKIP_H_ @@ -29,13 +31,14 @@ namespace actions { class Skip : public Action { public: - explicit Skip(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), + explicit Skip(const std::string &action) + : Action(action), m_skip_next(0) { } bool init(std::string *error) override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; + private: int m_skip_next; }; diff --git a/src/actions/skip_after.cc b/src/actions/skip_after.cc index 9e1bae39..5033df95 100644 --- a/src/actions/skip_after.cc +++ b/src/actions/skip_after.cc @@ -13,21 +13,24 @@ * */ + #include "src/actions/skip_after.h" -#include #include -#include "modsecurity/rules_set.h" -#include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" namespace modsecurity { namespace actions { -bool SkipAfter::execute(RuleWithActions *rule, Transaction *transaction) { +bool SkipAfter::execute(Transaction *transaction) noexcept { ms_dbg_a(transaction, 5, "Setting skipAfter for: " + *m_skipName); transaction->addMarker(m_skipName); return true; diff --git a/src/actions/skip_after.h b/src/actions/skip_after.h index c90c188b..6c812b89 100644 --- a/src/actions/skip_after.h +++ b/src/actions/skip_after.h @@ -13,34 +13,38 @@ * */ + #include #include #include "modsecurity/actions/action.h" + #ifndef SRC_ACTIONS_SKIP_AFTER_H_ #define SRC_ACTIONS_SKIP_AFTER_H_ -class Transaction; namespace modsecurity { -class Transaction; namespace actions { class SkipAfter : public Action { public: - explicit SkipAfter(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind), - m_skipName(std::make_shared(m_parser_payload)) { } + explicit SkipAfter(const std::string &action) + : Action(action), + m_skipName(std::make_shared(m_parserPayload)) + { } + + bool execute(Transaction *transaction) noexcept override; - bool execute(RuleWithActions *rule, Transaction *transaction) override; private: - std::shared_ptr m_skipName; + // FIXME: This should be a regular pointer instead of a shared pointer. + std::shared_ptr m_skipName; }; } // namespace actions } // namespace modsecurity + #endif // SRC_ACTIONS_SKIP_AFTER_H_ diff --git a/src/actions/tag.cc b/src/actions/tag.cc index 4ae4a6ed..0ec22abb 100644 --- a/src/actions/tag.cc +++ b/src/actions/tag.cc @@ -13,16 +13,18 @@ * */ + #include "src/actions/tag.h" -#include #include -#include -#include "modsecurity/actions/action.h" #include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "modsecurity/rule_message.h" +/** + * FIXME: rules_set.h inclusion is here due to ms_dbg_a. + * It should be removed. + */ +#include "modsecurity/rules_set.h" + /** * Description: Assigns a tag (category) to a rule or a chain. @@ -50,11 +52,8 @@ namespace modsecurity { namespace actions { -bool Tag::execute(RuleWithActions *rule, Transaction *transaction) { - std::string tag = getTagName(transaction); - ms_dbg_a(transaction, 9, "Rule tag: " + tag); - - transaction->messageGetLast()->m_tags.push_back(tag); +bool Tag::execute(Transaction *transaction) noexcept { + ms_dbg_a(transaction, 9, "Rule tag: " + getTagName(transaction)); return true; } diff --git a/src/actions/tag.h b/src/actions/tag.h index d41857c3..8ff9ebbc 100644 --- a/src/actions/tag.h +++ b/src/actions/tag.h @@ -13,44 +13,44 @@ * */ + #include #include #include #include "modsecurity/actions/action.h" #include "src/actions/action_with_run_time_string.h" +#include "src/actions/action_allowed_in_sec_default_action.h" #ifndef SRC_ACTIONS_TAG_H_ #define SRC_ACTIONS_TAG_H_ -class Transaction; namespace modsecurity { -class Transaction; namespace actions { -class Tag : public ActionWithRunTimeString { +class Tag : public ActionWithRunTimeString, + public ActionAllowedAsSecDefaultAction { public: explicit Tag(std::unique_ptr runTimeString) - : ActionWithRunTimeString( - "tag", - RunTimeOnlyIfMatchKind, - std::move(runTimeString) - ) - { }; + : ActionWithRunTimeString(std::move(runTimeString)), + Action("tag") + { } explicit Tag(const Tag &action) - : ActionWithRunTimeString(action) - { }; + : ActionWithRunTimeString(action), + Action(action) + { } - bool execute(RuleWithActions *rule, Transaction *transaction) override; + bool execute(Transaction *transaction) noexcept override; inline std::string getTagName(Transaction *transaction) const { return getEvaluatedRunTimeString(transaction); } - virtual ActionWithRunTimeString *clone() override { + + ActionWithRunTimeString *clone() override { return new Tag(*this); } }; diff --git a/src/actions/transformations/base64_decode.cc b/src/actions/transformations/base64_decode.cc index 40a7a442..eda000c1 100644 --- a/src/actions/transformations/base64_decode.cc +++ b/src/actions/transformations/base64_decode.cc @@ -13,17 +13,13 @@ * */ + #include "src/actions/transformations/base64_decode.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" #include "src/utils/base64.h" @@ -32,9 +28,9 @@ namespace actions { namespace transformations { -void Base64Decode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void Base64Decode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { std::string value(in.c_str(), in.size()); std::string ret = Utils::Base64::decode(value); out.assign(ret.c_str(), ret.size()); diff --git a/src/actions/transformations/base64_decode.h b/src/actions/transformations/base64_decode.h index e96c1e15..bfaa5275 100644 --- a/src/actions/transformations/base64_decode.h +++ b/src/actions/transformations/base64_decode.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_BASE64_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_BASE64_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class Base64Decode : public Transformation { public: - explicit Base64Decode(const std::string &action) - : Transformation(action) { } + Base64Decode() + : Action("t:base64Decode") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_BASE64_DECODE_H_ diff --git a/src/actions/transformations/base64_decode_ext.cc b/src/actions/transformations/base64_decode_ext.cc index f582d7e4..a267ccac 100644 --- a/src/actions/transformations/base64_decode_ext.cc +++ b/src/actions/transformations/base64_decode_ext.cc @@ -13,17 +13,13 @@ * */ + #include "src/actions/transformations/base64_decode_ext.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" #include "src/utils/base64.h" @@ -32,9 +28,9 @@ namespace actions { namespace transformations { -void Base64DecodeExt::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void Base64DecodeExt::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { std::string ret = Utils::Base64::decode_forgiven(in.c_str()); out.assign(ret.c_str(), ret.size()); } diff --git a/src/actions/transformations/base64_decode_ext.h b/src/actions/transformations/base64_decode_ext.h index 3f36fc9f..c08c2c7f 100644 --- a/src/actions/transformations/base64_decode_ext.h +++ b/src/actions/transformations/base64_decode_ext.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_BASE64_DECODE_EXT_H_ #define SRC_ACTIONS_TRANSFORMATIONS_BASE64_DECODE_EXT_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class Base64DecodeExt : public Transformation { public: - explicit Base64DecodeExt(const std::string &action) - : Transformation(action) { } + Base64DecodeExt() + : Action("t:base64DecodeExt") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_BASE64_DECODE_EXT_H_ diff --git a/src/actions/transformations/base64_encode.cc b/src/actions/transformations/base64_encode.cc index 3560d6eb..6a3d740a 100644 --- a/src/actions/transformations/base64_encode.cc +++ b/src/actions/transformations/base64_encode.cc @@ -13,17 +13,13 @@ * */ + #include "src/actions/transformations/base64_encode.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" #include "src/utils/base64.h" @@ -32,9 +28,9 @@ namespace actions { namespace transformations { -void Base64Encode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void Base64Encode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { std::string ret = Utils::Base64::encode( std::string(in.c_str(), in.size())); out.assign(ret.c_str(), ret.size()); diff --git a/src/actions/transformations/base64_encode.h b/src/actions/transformations/base64_encode.h index 1158a5c5..c9531878 100644 --- a/src/actions/transformations/base64_encode.h +++ b/src/actions/transformations/base64_encode.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_BASE64_ENCODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_BASE64_ENCODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class Base64Encode : public Transformation { public: - explicit Base64Encode(const std::string &action) - : Transformation(action) { } + Base64Encode() + : Action("t:base64Encode") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_BASE64_ENCODE_H_ diff --git a/src/actions/transformations/cmd_line.cc b/src/actions/transformations/cmd_line.cc index 4082bed6..edf0befc 100644 --- a/src/actions/transformations/cmd_line.cc +++ b/src/actions/transformations/cmd_line.cc @@ -15,15 +15,10 @@ #include "src/actions/transformations/cmd_line.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -31,9 +26,9 @@ namespace actions { namespace transformations { -void CmdLine::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void CmdLine::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { int space = 0; for (auto& a : in) { diff --git a/src/actions/transformations/cmd_line.h b/src/actions/transformations/cmd_line.h index 3724b515..0c92edd0 100644 --- a/src/actions/transformations/cmd_line.h +++ b/src/actions/transformations/cmd_line.h @@ -13,36 +13,40 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_CMD_LINE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_CMD_LINE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class CmdLine : public Transformation { public: - explicit CmdLine(const std::string &action) - : Transformation(action) { } + CmdLine() + : Action("t:cmdLine") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_CMD_LINE_H_ diff --git a/src/actions/transformations/compress_whitespace.cc b/src/actions/transformations/compress_whitespace.cc index 7d1af976..319367bf 100644 --- a/src/actions/transformations/compress_whitespace.cc +++ b/src/actions/transformations/compress_whitespace.cc @@ -13,17 +13,13 @@ * */ + #include "src/actions/transformations/compress_whitespace.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -31,9 +27,9 @@ namespace actions { namespace transformations { -void CompressWhitespace::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void CompressWhitespace::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { int inWhiteSpace = 0; size_t i = 0; out.reserve(in.size()); diff --git a/src/actions/transformations/compress_whitespace.h b/src/actions/transformations/compress_whitespace.h index de14f33a..ba4c56f2 100644 --- a/src/actions/transformations/compress_whitespace.h +++ b/src/actions/transformations/compress_whitespace.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_COMPRESS_WHITESPACE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_COMPRESS_WHITESPACE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class CompressWhitespace : public Transformation { public: - explicit CompressWhitespace(const std::string &action) - : Transformation(action) { } + CompressWhitespace() + : Action("t:compressWhitespace") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_COMPRESS_WHITESPACE_H_ diff --git a/src/actions/transformations/css_decode.cc b/src/actions/transformations/css_decode.cc index 1ca7a824..afaaa2d0 100644 --- a/src/actions/transformations/css_decode.cc +++ b/src/actions/transformations/css_decode.cc @@ -13,19 +13,14 @@ * */ + #include "src/actions/transformations/css_decode.h" -#include - -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/utils/string.h" @@ -34,9 +29,9 @@ namespace actions { namespace transformations { -void CssDecode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void CssDecode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { size_t s = in.size(); char *tmp = reinterpret_cast( @@ -44,7 +39,8 @@ void CssDecode::execute(Transaction *t, memcpy(tmp, in.c_str(), s + 1); tmp[s] = '\0'; - size_t r = CssDecode::css_decode_inplace(reinterpret_cast(tmp), + size_t r = CssDecode::css_decode_inplace( + reinterpret_cast(tmp), s); out.assign(tmp, r); diff --git a/src/actions/transformations/css_decode.h b/src/actions/transformations/css_decode.h index 1be00f48..c584ee5b 100644 --- a/src/actions/transformations/css_decode.h +++ b/src/actions/transformations/css_decode.h @@ -13,32 +13,37 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_CSS_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_CSS_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { class CssDecode : public Transformation { public: - explicit CssDecode(const std::string &action) - : Transformation(action) { } + CssDecode() + : Action("t:cssDecode") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; - static int css_decode_inplace(unsigned char *input, int64_t input_len); + private: + static int css_decode_inplace(unsigned char *input, + int64_t input_len); }; @@ -46,6 +51,5 @@ class CssDecode : public Transformation { } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_CSS_DECODE_H_ diff --git a/src/actions/transformations/escape_seq_decode.cc b/src/actions/transformations/escape_seq_decode.cc index 073d314f..3bbcf9d2 100644 --- a/src/actions/transformations/escape_seq_decode.cc +++ b/src/actions/transformations/escape_seq_decode.cc @@ -13,20 +13,17 @@ * */ + #include "src/actions/transformations/escape_seq_decode.h" -#include #include -#include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/utils/string.h" + namespace modsecurity { namespace actions { namespace transformations { @@ -135,9 +132,9 @@ int EscapeSeqDecode::ansi_c_sequences_decode_inplace(unsigned char *input, } -void EscapeSeqDecode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void EscapeSeqDecode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *tmp = (unsigned char *) malloc(sizeof(char) * in.size() + 1); memcpy(tmp, in.c_str(), in.size() + 1); diff --git a/src/actions/transformations/escape_seq_decode.h b/src/actions/transformations/escape_seq_decode.h index 7b690687..9dd4f296 100644 --- a/src/actions/transformations/escape_seq_decode.h +++ b/src/actions/transformations/escape_seq_decode.h @@ -13,37 +13,43 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_ESCAPE_SEQ_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_ESCAPE_SEQ_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class EscapeSeqDecode : public Transformation { public: - explicit EscapeSeqDecode(const std::string &action) - : Transformation(action) { } + EscapeSeqDecode() + : Action("t:escapeSeqDecode") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; - static int ansi_c_sequences_decode_inplace(unsigned char *input, int input_len); + private: + static int ansi_c_sequences_decode_inplace(unsigned char *input, + int input_len); }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_ESCAPE_SEQ_DECODE_H_ diff --git a/src/actions/transformations/hex_decode.cc b/src/actions/transformations/hex_decode.cc index 212bcbee..b90bf1a0 100644 --- a/src/actions/transformations/hex_decode.cc +++ b/src/actions/transformations/hex_decode.cc @@ -13,28 +13,27 @@ * */ + #include "src/actions/transformations/hex_decode.h" -#include #include -#include -#include -#include -#include -#include #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + +#include "modsecurity/modsecurity.h" +#include "modsecurity/transaction.h" + #include "src/utils/string.h" + namespace modsecurity { namespace actions { namespace transformations { -void HexDecode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void HexDecode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *input; int size = 0; diff --git a/src/actions/transformations/hex_decode.h b/src/actions/transformations/hex_decode.h index 58645cea..4af8bfc9 100644 --- a/src/actions/transformations/hex_decode.h +++ b/src/actions/transformations/hex_decode.h @@ -13,37 +13,42 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_HEX_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_HEX_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class HexDecode : public Transformation { public: - explicit HexDecode(const std::string &action) - : Transformation(action) { } + HexDecode() + : Action("t:hexDecode") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; + private: static int inplace(unsigned char *data, int len); }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_HEX_DECODE_H_ diff --git a/src/actions/transformations/hex_encode.cc b/src/actions/transformations/hex_encode.cc index 4a70e896..b1676f22 100644 --- a/src/actions/transformations/hex_encode.cc +++ b/src/actions/transformations/hex_encode.cc @@ -13,18 +13,13 @@ * */ + #include "src/actions/transformations/hex_encode.h" -#include #include -#include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -32,9 +27,9 @@ namespace actions { namespace transformations { -void HexEncode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void HexEncode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { std::stringstream result; for (std::size_t i=0; i < in.length(); i++) { int ii = reinterpret_cast(in[i]); diff --git a/src/actions/transformations/hex_encode.h b/src/actions/transformations/hex_encode.h index 1e6ae842..545bf046 100644 --- a/src/actions/transformations/hex_encode.h +++ b/src/actions/transformations/hex_encode.h @@ -13,36 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_HEX_ENCODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_HEX_ENCODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class HexEncode : public Transformation { public: - explicit HexEncode(const std::string &action) - : Transformation(action) { } - - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + HexEncode() + : Action("t:hexEncode") + { } + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_HEX_ENCODE_H_ diff --git a/src/actions/transformations/html_entity_decode.cc b/src/actions/transformations/html_entity_decode.cc index c2909e09..6e922ff0 100644 --- a/src/actions/transformations/html_entity_decode.cc +++ b/src/actions/transformations/html_entity_decode.cc @@ -13,19 +13,15 @@ * */ + #include "src/actions/transformations/html_entity_decode.h" -#include - -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + +#include "src/utils/string.h" namespace modsecurity { @@ -33,9 +29,9 @@ namespace actions { namespace transformations { -void HtmlEntityDecode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void HtmlEntityDecode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *input; input = reinterpret_cast diff --git a/src/actions/transformations/html_entity_decode.h b/src/actions/transformations/html_entity_decode.h index f315fb91..5413dd07 100644 --- a/src/actions/transformations/html_entity_decode.h +++ b/src/actions/transformations/html_entity_decode.h @@ -13,33 +13,35 @@ * */ -#include -#include +#include + +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" -#include "src/utils/string.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_HTML_ENTITY_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_HTML_ENTITY_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { class HtmlEntityDecode : public Transformation { public: - explicit HtmlEntityDecode(const std::string &action) - : Transformation(action) { } + HtmlEntityDecode() + : Action("t:htmlEntityDecode") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; + private: static int inplace(unsigned char *input, uint64_t input_len); }; @@ -48,6 +50,5 @@ class HtmlEntityDecode : public Transformation { } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_HTML_ENTITY_DECODE_H_ diff --git a/src/actions/transformations/js_decode.cc b/src/actions/transformations/js_decode.cc index 32640cad..e659457c 100644 --- a/src/actions/transformations/js_decode.cc +++ b/src/actions/transformations/js_decode.cc @@ -13,19 +13,14 @@ * */ + #include "src/actions/transformations/js_decode.h" -#include - -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/utils/string.h" @@ -34,9 +29,9 @@ namespace actions { namespace transformations { -void JsDecode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void JsDecode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *input; input = reinterpret_cast diff --git a/src/actions/transformations/js_decode.h b/src/actions/transformations/js_decode.h index c029e611..b0c15cda 100644 --- a/src/actions/transformations/js_decode.h +++ b/src/actions/transformations/js_decode.h @@ -13,37 +13,42 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_JS_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_JS_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class JsDecode : public Transformation { public: - explicit JsDecode(const std::string &action) - : Transformation(action) { } + JsDecode() + : Action("t:jsDecode") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; + private: static int inplace(unsigned char *input, uint64_t input_len); }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_JS_DECODE_H_ diff --git a/src/actions/transformations/length.cc b/src/actions/transformations/length.cc index 57f6ae2f..7aaeadcf 100644 --- a/src/actions/transformations/length.cc +++ b/src/actions/transformations/length.cc @@ -13,17 +13,13 @@ * */ + #include "src/actions/transformations/length.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -31,9 +27,9 @@ namespace actions { namespace transformations { -void Length::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void Length::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { out.assign(std::to_string(in.size()).c_str()); } diff --git a/src/actions/transformations/length.h b/src/actions/transformations/length.h index 39828159..38227be7 100644 --- a/src/actions/transformations/length.h +++ b/src/actions/transformations/length.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_LENGTH_H_ #define SRC_ACTIONS_TRANSFORMATIONS_LENGTH_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class Length : public Transformation { public: - explicit Length(const std::string &action) - : Transformation(action) { }; + Length() + : Action("t:length") + { }; - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_LENGTH_H_ diff --git a/src/actions/transformations/lower_case.cc b/src/actions/transformations/lower_case.cc index 60d3df98..1fb39c29 100644 --- a/src/actions/transformations/lower_case.cc +++ b/src/actions/transformations/lower_case.cc @@ -13,23 +13,24 @@ * */ + #include "src/actions/transformations/lower_case.h" #include #include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" -#include "modsecurity/actions/action.h" + namespace modsecurity { namespace actions { namespace transformations { -void LowerCase::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void LowerCase::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { out.resize(in.size()); std::transform(in.begin(), in.end(), out.begin(), ::tolower); } diff --git a/src/actions/transformations/lower_case.h b/src/actions/transformations/lower_case.h index 79852094..b072a037 100644 --- a/src/actions/transformations/lower_case.h +++ b/src/actions/transformations/lower_case.h @@ -13,37 +13,39 @@ * */ -#include -#include +#include + +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_LOWER_CASE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_LOWER_CASE_H_ -#ifdef __cplusplus namespace modsecurity { -class Transaction; namespace actions { namespace transformations { class LowerCase : public Transformation { public: - explicit LowerCase(const std::string &action) - : Transformation(action) { }; + LowerCase() + : Action("t:lowerCase") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_LOWER_CASE_H_ diff --git a/src/actions/transformations/md5.cc b/src/actions/transformations/md5.cc index a179e174..4e833fa5 100644 --- a/src/actions/transformations/md5.cc +++ b/src/actions/transformations/md5.cc @@ -13,17 +13,14 @@ * */ + #include "src/actions/transformations/md5.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/utils/md5.h" namespace modsecurity { @@ -31,9 +28,9 @@ namespace actions { namespace transformations { -void Md5::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void Md5::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { std::string ret = Utils::Md5::digest(std::string(in.c_str(), in.size())); out.assign(ret.c_str(), ret.size()); diff --git a/src/actions/transformations/md5.h b/src/actions/transformations/md5.h index 5b86b0ca..7cae8fe1 100644 --- a/src/actions/transformations/md5.h +++ b/src/actions/transformations/md5.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_MD5_H_ #define SRC_ACTIONS_TRANSFORMATIONS_MD5_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class Md5 : public Transformation { public: - explicit Md5(const std::string &action) - : Transformation(action) { } + Md5() + : Action("t:md5") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_MD5_H_ diff --git a/src/actions/transformations/none.cc b/src/actions/transformations/none.cc index 00b5aadc..425c371d 100644 --- a/src/actions/transformations/none.cc +++ b/src/actions/transformations/none.cc @@ -13,17 +13,13 @@ * */ + #include "src/actions/transformations/none.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -31,9 +27,9 @@ namespace actions { namespace transformations { -void None::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { } +void None::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { } } // namespace transformations diff --git a/src/actions/transformations/none.h b/src/actions/transformations/none.h index 130cbb74..30a22d90 100644 --- a/src/actions/transformations/none.h +++ b/src/actions/transformations/none.h @@ -13,40 +13,40 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_NONE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_NONE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class None : public Transformation { public: - explicit None(const std::string &action) - : Transformation(action) - { } + None() + : + Action("t:none") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; - - bool isNone() override { - return true; - } + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_NONE_H_ diff --git a/src/actions/transformations/normalise_path.cc b/src/actions/transformations/normalise_path.cc index c7ff95a9..fee87f3b 100644 --- a/src/actions/transformations/normalise_path.cc +++ b/src/actions/transformations/normalise_path.cc @@ -13,19 +13,13 @@ * */ + #include "src/actions/transformations/normalise_path.h" -#include - -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -33,9 +27,9 @@ namespace actions { namespace transformations { -void NormalisePath::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void NormalisePath::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { int changed = 0; char *tmp = reinterpret_cast( diff --git a/src/actions/transformations/normalise_path.h b/src/actions/transformations/normalise_path.h index 7fd91fc1..3015637e 100644 --- a/src/actions/transformations/normalise_path.h +++ b/src/actions/transformations/normalise_path.h @@ -13,38 +13,42 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_NORMALISE_PATH_H_ #define SRC_ACTIONS_TRANSFORMATIONS_NORMALISE_PATH_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class NormalisePath : public Transformation { public: - explicit NormalisePath(const std::string &action) - : Transformation(action) { }; + NormalisePath() + : Action("t:normalisePath") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; static int normalize_path_inplace(unsigned char *input, int input_len, int win, int *changed); }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_NORMALISE_PATH_H_ diff --git a/src/actions/transformations/normalise_path_win.cc b/src/actions/transformations/normalise_path_win.cc index a3746618..5f8b0c76 100644 --- a/src/actions/transformations/normalise_path_win.cc +++ b/src/actions/transformations/normalise_path_win.cc @@ -13,19 +13,16 @@ * */ + #include "src/actions/transformations/normalise_path_win.h" #include - -#include #include -#include -#include -#include -#include + +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/actions/transformations/normalise_path.h" @@ -34,9 +31,9 @@ namespace actions { namespace transformations { -void NormalisePathWin::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void NormalisePathWin::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { int changed; char *tmp = reinterpret_cast( diff --git a/src/actions/transformations/normalise_path_win.h b/src/actions/transformations/normalise_path_win.h index 3d7c8d75..e919a87e 100644 --- a/src/actions/transformations/normalise_path_win.h +++ b/src/actions/transformations/normalise_path_win.h @@ -13,31 +13,36 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_NORMALISE_PATH_WIN_H_ #define SRC_ACTIONS_TRANSFORMATIONS_NORMALISE_PATH_WIN_H_ namespace modsecurity { -class Transaction; - namespace actions { namespace transformations { + class NormalisePathWin : public Transformation { public: - explicit NormalisePathWin(const std::string &action) - : Transformation(action) { } + NormalisePathWin() + : Action("t:normalisePathWin") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity diff --git a/src/actions/transformations/parity_even_7bit.cc b/src/actions/transformations/parity_even_7bit.cc index 29d547da..ce7a313c 100644 --- a/src/actions/transformations/parity_even_7bit.cc +++ b/src/actions/transformations/parity_even_7bit.cc @@ -13,18 +13,13 @@ * */ + #include "src/actions/transformations/parity_even_7bit.h" -#include #include -#include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -32,9 +27,9 @@ namespace actions { namespace transformations { -void ParityEven7bit::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void ParityEven7bit::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *input; input = reinterpret_cast diff --git a/src/actions/transformations/parity_even_7bit.h b/src/actions/transformations/parity_even_7bit.h index de250260..d73b6d7a 100644 --- a/src/actions/transformations/parity_even_7bit.h +++ b/src/actions/transformations/parity_even_7bit.h @@ -13,37 +13,42 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_PARITY_EVEN_7BIT_H_ #define SRC_ACTIONS_TRANSFORMATIONS_PARITY_EVEN_7BIT_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class ParityEven7bit : public Transformation { public: - explicit ParityEven7bit(const std::string &action) - : Transformation(action) { } + ParityEven7bit() + : Action("t:parityEven7bit") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; + private: static bool inplace(unsigned char *input, uint64_t input_len); }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_PARITY_EVEN_7BIT_H_ diff --git a/src/actions/transformations/parity_odd_7bit.cc b/src/actions/transformations/parity_odd_7bit.cc index d2695826..735f3e93 100644 --- a/src/actions/transformations/parity_odd_7bit.cc +++ b/src/actions/transformations/parity_odd_7bit.cc @@ -13,18 +13,13 @@ * */ + #include "src/actions/transformations/parity_odd_7bit.h" -#include #include -#include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -32,9 +27,9 @@ namespace actions { namespace transformations { -void ParityOdd7bit::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void ParityOdd7bit::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *input; input = reinterpret_cast diff --git a/src/actions/transformations/parity_odd_7bit.h b/src/actions/transformations/parity_odd_7bit.h index 823b7fc7..3442e1ad 100644 --- a/src/actions/transformations/parity_odd_7bit.h +++ b/src/actions/transformations/parity_odd_7bit.h @@ -13,37 +13,43 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_PARITY_ODD_7BIT_H_ #define SRC_ACTIONS_TRANSFORMATIONS_PARITY_ODD_7BIT_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class ParityOdd7bit : public Transformation { public: - explicit ParityOdd7bit(const std::string &action) - : Transformation(action) { } + ParityOdd7bit() + : Action("t:parityOdd7bit") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; + private: static bool inplace(unsigned char *input, uint64_t input_len); }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif + #endif // SRC_ACTIONS_TRANSFORMATIONS_PARITY_ODD_7BIT_H_ diff --git a/src/actions/transformations/parity_zero_7bit.cc b/src/actions/transformations/parity_zero_7bit.cc index 25e24f42..6ddd8ef3 100644 --- a/src/actions/transformations/parity_zero_7bit.cc +++ b/src/actions/transformations/parity_zero_7bit.cc @@ -13,18 +13,13 @@ * */ + #include "src/actions/transformations/parity_zero_7bit.h" -#include #include -#include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -32,9 +27,9 @@ namespace actions { namespace transformations { -void ParityZero7bit::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void ParityZero7bit::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *input; input = reinterpret_cast diff --git a/src/actions/transformations/parity_zero_7bit.h b/src/actions/transformations/parity_zero_7bit.h index 3dff4d33..e0bd4b76 100644 --- a/src/actions/transformations/parity_zero_7bit.h +++ b/src/actions/transformations/parity_zero_7bit.h @@ -13,37 +13,42 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_PARITY_ZERO_7BIT_H_ #define SRC_ACTIONS_TRANSFORMATIONS_PARITY_ZERO_7BIT_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class ParityZero7bit : public Transformation { public: - explicit ParityZero7bit(const std::string &action) - : Transformation(action) { } + ParityZero7bit() + : Action("t:parityZero7bit") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; + private: static bool inplace(unsigned char *input, uint64_t input_len); }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_PARITY_ZERO_7BIT_H_ diff --git a/src/actions/transformations/php_args_names.cc b/src/actions/transformations/php_args_names.cc index 6f9cdf3c..13ad027e 100644 --- a/src/actions/transformations/php_args_names.cc +++ b/src/actions/transformations/php_args_names.cc @@ -28,18 +28,13 @@ namespace actions { namespace transformations { -PhpArgsNames::PhpArgsNames(const std::string &a) - : Transformation(a) { -} - - -void PhpArgsNames::execute(Transaction *t, - ModSecString &val, - ModSecString &out) { +void PhpArgsNames::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { //Took the logic from php src code: //https://github.com/php/php-src/blob/master/main/php_variables.c //Function call PHPAPI void php_register_variable_ex(const char *var_name, zval *val, zval *track_vars_array) - std::string value(val); + std::string value(in); std::string ret = ""; if(value[0] == '[' || value[0] == '=') { out.assign(ret); @@ -66,7 +61,7 @@ void PhpArgsNames::execute(Transaction *t, ret += '_'; } else { - ret += value[i]; + ret += value[i]; } } @@ -95,7 +90,6 @@ void PhpArgsNames::execute(Transaction *t, } out.assign(ret); return; - } } // namespace transformations diff --git a/src/actions/transformations/php_args_names.h b/src/actions/transformations/php_args_names.h index a9694a32..7e81ce0b 100644 --- a/src/actions/transformations/php_args_names.h +++ b/src/actions/transformations/php_args_names.h @@ -32,11 +32,13 @@ namespace transformations { class PhpArgsNames : public Transformation { public: - explicit PhpArgsNames(const std::string &action); + PhpArgsNames() + : Action("t:phpArgsNames") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; } // namespace transformations diff --git a/src/actions/transformations/remove_comments.cc b/src/actions/transformations/remove_comments.cc index 86b29320..4fcdcac5 100644 --- a/src/actions/transformations/remove_comments.cc +++ b/src/actions/transformations/remove_comments.cc @@ -13,18 +13,13 @@ * */ + #include "src/actions/transformations/remove_comments.h" -#include #include -#include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -32,9 +27,9 @@ namespace actions { namespace transformations { -void RemoveComments::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void RemoveComments::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *input; input = reinterpret_cast diff --git a/src/actions/transformations/remove_comments.h b/src/actions/transformations/remove_comments.h index 804a468f..fca978e4 100644 --- a/src/actions/transformations/remove_comments.h +++ b/src/actions/transformations/remove_comments.h @@ -13,30 +13,32 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_REMOVE_COMMENTS_H_ #define SRC_ACTIONS_TRANSFORMATIONS_REMOVE_COMMENTS_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { class RemoveComments : public Transformation { public: - explicit RemoveComments(const std::string &action) - : Transformation(action) { } + RemoveComments() + : Action("t:removeComments") { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override;; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override;; }; @@ -44,6 +46,5 @@ class RemoveComments : public Transformation { } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_REMOVE_COMMENTS_H_ diff --git a/src/actions/transformations/remove_comments_char.cc b/src/actions/transformations/remove_comments_char.cc index db9c50b2..132a2f17 100644 --- a/src/actions/transformations/remove_comments_char.cc +++ b/src/actions/transformations/remove_comments_char.cc @@ -13,17 +13,13 @@ * */ + #include "src/actions/transformations/remove_comments_char.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -31,9 +27,9 @@ namespace actions { namespace transformations { -void RemoveCommentsChar::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void RemoveCommentsChar::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { int64_t i; out = in; diff --git a/src/actions/transformations/remove_comments_char.h b/src/actions/transformations/remove_comments_char.h index 53ac44ac..97d1099c 100644 --- a/src/actions/transformations/remove_comments_char.h +++ b/src/actions/transformations/remove_comments_char.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_REMOVE_COMMENTS_CHAR_H_ #define SRC_ACTIONS_TRANSFORMATIONS_REMOVE_COMMENTS_CHAR_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class RemoveCommentsChar : public Transformation { public: - explicit RemoveCommentsChar(const std::string &action) - : Transformation(action) { }; + RemoveCommentsChar() + : Action("t:removeCommentsChar") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_REMOVE_COMMENTS_CHAR_H_ diff --git a/src/actions/transformations/remove_nulls.cc b/src/actions/transformations/remove_nulls.cc index 5ee5fdf4..1f6c4f73 100644 --- a/src/actions/transformations/remove_nulls.cc +++ b/src/actions/transformations/remove_nulls.cc @@ -13,19 +13,13 @@ * */ + #include "src/actions/transformations/remove_nulls.h" -#include - -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -33,9 +27,9 @@ namespace actions { namespace transformations { -void RemoveNulls::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void RemoveNulls::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { int64_t i; out = in; diff --git a/src/actions/transformations/remove_nulls.h b/src/actions/transformations/remove_nulls.h index 00adf316..664fdb14 100644 --- a/src/actions/transformations/remove_nulls.h +++ b/src/actions/transformations/remove_nulls.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_REMOVE_NULLS_H_ #define SRC_ACTIONS_TRANSFORMATIONS_REMOVE_NULLS_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class RemoveNulls : public Transformation { public: - explicit RemoveNulls(const std::string &action) - : Transformation(action) { } + RemoveNulls() + : Action("t:removeNulls") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_REMOVE_NULLS_H_ diff --git a/src/actions/transformations/remove_whitespace.cc b/src/actions/transformations/remove_whitespace.cc index 7d758fad..3e665057 100644 --- a/src/actions/transformations/remove_whitespace.cc +++ b/src/actions/transformations/remove_whitespace.cc @@ -13,28 +13,25 @@ * */ + #include "src/actions/transformations/remove_whitespace.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" -#define NBSP 160 // non breaking space char +#include "src/utils/string.h" + namespace modsecurity { namespace actions { namespace transformations { -void RemoveWhitespace::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void RemoveWhitespace::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { out = in; int64_t i = 0; diff --git a/src/actions/transformations/remove_whitespace.h b/src/actions/transformations/remove_whitespace.h index 71119be1..e4a388f6 100644 --- a/src/actions/transformations/remove_whitespace.h +++ b/src/actions/transformations/remove_whitespace.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_REMOVE_WHITESPACE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_REMOVE_WHITESPACE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class RemoveWhitespace : public Transformation { public: - explicit RemoveWhitespace(const std::string &action) - : Transformation(action) { }; + RemoveWhitespace() + : Action("t:removeWhitespace") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_REMOVE_WHITESPACE_H_ diff --git a/src/actions/transformations/replace_comments.cc b/src/actions/transformations/replace_comments.cc index 25fdac9f..220a551f 100644 --- a/src/actions/transformations/replace_comments.cc +++ b/src/actions/transformations/replace_comments.cc @@ -13,18 +13,13 @@ * */ + #include "src/actions/transformations/replace_comments.h" -#include #include -#include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -32,9 +27,9 @@ namespace actions { namespace transformations { -void ReplaceComments::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void ReplaceComments::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { uint64_t i, j, incomment; char *input = reinterpret_cast( diff --git a/src/actions/transformations/replace_comments.h b/src/actions/transformations/replace_comments.h index c09c65a4..024f6a20 100644 --- a/src/actions/transformations/replace_comments.h +++ b/src/actions/transformations/replace_comments.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_REPLACE_COMMENTS_H_ #define SRC_ACTIONS_TRANSFORMATIONS_REPLACE_COMMENTS_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class ReplaceComments : public Transformation { public: - explicit ReplaceComments(const std::string &action) - : Transformation(action) { }; + ReplaceComments() + : Action("t:removeComments") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_REPLACE_COMMENTS_H_ diff --git a/src/actions/transformations/replace_nulls.cc b/src/actions/transformations/replace_nulls.cc index bcd28497..97b0ae24 100644 --- a/src/actions/transformations/replace_nulls.cc +++ b/src/actions/transformations/replace_nulls.cc @@ -13,17 +13,13 @@ * */ + #include "src/actions/transformations/replace_nulls.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -31,9 +27,9 @@ namespace actions { namespace transformations { -void ReplaceNulls::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void ReplaceNulls::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { int64_t i; out = in; diff --git a/src/actions/transformations/replace_nulls.h b/src/actions/transformations/replace_nulls.h index 544f256d..d1625004 100644 --- a/src/actions/transformations/replace_nulls.h +++ b/src/actions/transformations/replace_nulls.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_REPLACE_NULLS_H_ #define SRC_ACTIONS_TRANSFORMATIONS_REPLACE_NULLS_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class ReplaceNulls : public Transformation { public: - explicit ReplaceNulls(const std::string &action) - : Transformation(action) { }; + ReplaceNulls() + : Action("t:replaceNulls") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_REPLACE_NULLS_H_ diff --git a/src/actions/transformations/sha1.cc b/src/actions/transformations/sha1.cc index 995922b9..24601032 100644 --- a/src/actions/transformations/sha1.cc +++ b/src/actions/transformations/sha1.cc @@ -13,17 +13,14 @@ * */ + #include "src/actions/transformations/sha1.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/utils/sha1.h" @@ -32,13 +29,11 @@ namespace actions { namespace transformations { -void Sha1::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { - +void Sha1::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { auto a = Utils::Sha1::digest( - std::string(in.c_str(), in.size()) - ); + std::string(in.c_str(), in.size())); out.assign(a.c_str(), a.size()); } diff --git a/src/actions/transformations/sha1.h b/src/actions/transformations/sha1.h index fce9aa75..1437e6c9 100644 --- a/src/actions/transformations/sha1.h +++ b/src/actions/transformations/sha1.h @@ -13,35 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_SHA1_H_ #define SRC_ACTIONS_TRANSFORMATIONS_SHA1_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class Sha1 : public Transformation { public: - explicit Sha1(const std::string &action) - : Transformation(action) { }; + Sha1() + : Action("t:sha1") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_SHA1_H_ diff --git a/src/actions/transformations/sql_hex_decode.cc b/src/actions/transformations/sql_hex_decode.cc index da7fc301..20676c34 100644 --- a/src/actions/transformations/sql_hex_decode.cc +++ b/src/actions/transformations/sql_hex_decode.cc @@ -13,18 +13,14 @@ * */ + #include "src/actions/transformations/sql_hex_decode.h" -#include #include -#include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/utils/string.h" @@ -32,18 +28,10 @@ namespace modsecurity { namespace actions { namespace transformations { -#ifndef VALID_HEX -#define VALID_HEX(X) (((X >= '0') && (X <= '9')) \ - || ((X >= 'a') && (X <= 'f')) \ - || ((X >= 'A') && (X <= 'F'))) -#endif -#ifndef ISODIGIT -#define ISODIGIT(X) ((X >= '0') && (X <= '7')) -#endif -void SqlHexDecode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void SqlHexDecode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *input; int size = 0; diff --git a/src/actions/transformations/sql_hex_decode.h b/src/actions/transformations/sql_hex_decode.h index 7e0d4dd4..fc6e979a 100644 --- a/src/actions/transformations/sql_hex_decode.h +++ b/src/actions/transformations/sql_hex_decode.h @@ -13,30 +13,34 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_SQL_HEX_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_SQL_HEX_DECODE_H_ -#ifdef __cplusplus namespace modsecurity { -class Transaction; - namespace actions { namespace transformations { + class SqlHexDecode : public Transformation { public: - explicit SqlHexDecode(const std::string &action) - : Transformation(action) { } + SqlHexDecode() + : Action("t:sqlHexDecode") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; + private: static int inplace(unsigned char *data, int len); static int mytolower(int ch) { @@ -47,10 +51,10 @@ class SqlHexDecode : public Transformation { } }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_SQL_HEX_DECODE_H_ diff --git a/src/actions/transformations/transformation.cc b/src/actions/transformations/transformation.cc index 115e998d..c275b1b9 100644 --- a/src/actions/transformations/transformation.cc +++ b/src/actions/transformations/transformation.cc @@ -13,15 +13,14 @@ * */ + #include "src/actions/transformations/transformation.h" -#include - -#include #include #include "modsecurity/transaction.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/base64_decode_ext.h" #include "src/actions/transformations/base64_decode.h" #include "src/actions/transformations/base64_encode.h" @@ -61,62 +60,97 @@ #include "src/actions/transformations/utf8_to_unicode.h" -#define IF_MATCH(b) \ - if (a.compare(2, std::strlen(#b), #b) == 0) - - namespace modsecurity { namespace actions { namespace transformations { -Transformation* Transformation::instantiate(std::string a) { - IF_MATCH(base64DecodeExt) { return new Base64DecodeExt(a); } - IF_MATCH(base64Decode) { return new Base64Decode(a); } - IF_MATCH(base64Encode) { return new Base64Encode(a); } - IF_MATCH(cmd_line) { return new CmdLine(a); } - IF_MATCH(compress_whitespace) { return new CompressWhitespace(a); } - IF_MATCH(cssDecode) { return new CssDecode(a); } - IF_MATCH(escapeSeqDecode) { return new EscapeSeqDecode(a); } - IF_MATCH(hexDecode) { return new HexDecode(a); } - IF_MATCH(hexEncode) { return new HexEncode(a); } - IF_MATCH(htmlEntityDecode) { return new HtmlEntityDecode(a); } - IF_MATCH(jsDecode) { return new JsDecode(a); } - IF_MATCH(length) { return new Length(a); } - IF_MATCH(lowercase) { return new LowerCase(a); } - IF_MATCH(phpArgsNames) { return new PhpArgsNames(a); } - IF_MATCH(md5) { return new Md5(a); } - IF_MATCH(none) { return new None(a); } - IF_MATCH(normalizePathWin) { return new NormalisePathWin(a); } - IF_MATCH(normalisePathWin) { return new NormalisePathWin(a); } - IF_MATCH(normalizePath) { return new NormalisePath(a); } - IF_MATCH(normalisePath) { return new NormalisePath(a); } - IF_MATCH(parityEven7bit) { return new ParityEven7bit(a); } - IF_MATCH(parityOdd7bit) { return new ParityOdd7bit(a); } - IF_MATCH(parityZero7bit) { return new ParityZero7bit(a); } - IF_MATCH(removeCommentsChar) { return new RemoveCommentsChar(a); } - IF_MATCH(removeComments) { return new RemoveComments(a); } - IF_MATCH(removeNulls) { return new RemoveNulls(a); } - IF_MATCH(removeWhitespace) { return new RemoveWhitespace(a); } - IF_MATCH(compressWhitespace) { return new CompressWhitespace(a); } - IF_MATCH(replaceComments) { return new ReplaceComments(a); } - IF_MATCH(replaceNulls) { return new ReplaceNulls(a); } - IF_MATCH(sha1) { return new Sha1(a); } - IF_MATCH(sqlHexDecode) { return new SqlHexDecode(a); } - IF_MATCH(transformation) { return new Transformation(a); } - IF_MATCH(trimLeft) { return new TrimLeft(a); } - IF_MATCH(trimRight) { return new TrimRight(a); } - IF_MATCH(trim) { return new Trim(a); } - IF_MATCH(uppercase) { return new UpperCase(a); } - IF_MATCH(urlDecodeUni) { return new UrlDecodeUni(a); } - IF_MATCH(urlDecode) { return new UrlDecode(a); } - IF_MATCH(urlEncode) { return new UrlEncode(a); } - IF_MATCH(utf8toUnicode) { return new Utf8ToUnicode(a); } +class TransformationDoesNotExist: public std::exception { + public: + explicit TransformationDoesNotExist(const std::string& name) + : m_transformation(name) + { } - return new Transformation(a); + virtual const char* what() const throw() { + return std::string("Transformation not found: " + m_transformation + \ + ". Make sure that the new transformation is registered at: " + \ + "transformation.cc").c_str(); + } + + private: + std::string m_transformation; +}; + + +Transformation* Transformation::instantiate( + const std::string &transformationName) { + /** + * + * FIXME: Once part of ModSecurity, the transformation needs to register + * here. That is necessary to load transformations from external + * resources such as Python and Lua, not to mention the + * unit/regression framework. + * + * Today this registration is manual; as seen below, the idea is to + * have those automatically generated. To avoid transformations not + * to be listed. + */ + + std::string name(transformationName); + name.erase(std::remove(name.begin(), name.end(), '_'), name.end()); + + if (match(name, "t:base64DecodeExt")) { return new Base64DecodeExt(); } + if (match(name, "t:base64Decode")) { return new Base64Decode(); } + if (match(name, "t:base64Encode")) { return new Base64Encode(); } + if (match(name, "t:cmdLine")) { return new CmdLine(); } + if (match(name, "t:compressWhitespace")) { + return new CompressWhitespace(); + } + if (match(name, "t:cssDecode")) { return new CssDecode(); } + if (match(name, "t:escapeSeqDecode")) { return new EscapeSeqDecode(); } + if (match(name, "t:hexDecode")) { return new HexDecode(); } + if (match(name, "t:hexEncode")) { return new HexEncode(); } + if (match(name, "t:htmlEntityDecode")) { return new HtmlEntityDecode(); } + if (match(name, "t:jsDecode")) { return new JsDecode(); } + if (match(name, "t:length")) { return new Length(); } + if (match(name, "t:lowercase")) { return new LowerCase(); } + if (match(name, "t:phpArgsNames")) { return new PhpArgsNames(); } + if (match(name, "t:md5")) { return new Md5(); } + if (match(name, "t:none")) { return new None(); } + if (match(name, "t:normalizePathWin")) { return new NormalisePathWin(); } + if (match(name, "t:normalisePathWin")) { return new NormalisePathWin(); } + if (match(name, "t:normalizePath")) { return new NormalisePath(); } + if (match(name, "t:normalisePath")) { return new NormalisePath(); } + if (match(name, "t:parityEven7bit")) { return new ParityEven7bit(); } + if (match(name, "t:parityOdd7bit")) { return new ParityOdd7bit(); } + if (match(name, "t:parityZero7bit")) { return new ParityZero7bit(); } + if (match(name, "t:removeCommentsChar")) { + return new RemoveCommentsChar(); + } + if (match(name, "t:removeComments")) { return new RemoveComments(); } + if (match(name, "t:removeNulls")) { return new RemoveNulls(); } + if (match(name, "t:removeWhitespace")) { return new RemoveWhitespace(); } + if (match(name, "t:compressWhitespace")) { + return new CompressWhitespace(); + } + if (match(name, "t:replaceComments")) { return new ReplaceComments(); } + if (match(name, "t:replaceNulls")) { return new ReplaceNulls(); } + if (match(name, "t:sha1")) { return new Sha1(); } + if (match(name, "t:sqlHexDecode")) { return new SqlHexDecode(); } + if (match(name, "t:trimLeft")) { return new TrimLeft(); } + if (match(name, "t:trimRight")) { return new TrimRight(); } + if (match(name, "t:trim")) { return new Trim(); } + if (match(name, "t:uppercase")) { return new UpperCase(); } + if (match(name, "t:urlDecodeUni")) { return new UrlDecodeUni(); } + if (match(name, "t:urlDecode")) { return new UrlDecode(); } + if (match(name, "t:urlEncode")) { return new UrlEncode(); } + if (match(name, "t:utf8toUnicode")) { return new Utf8ToUnicode(); } + + throw TransformationDoesNotExist(name); + + return nullptr; } - } // namespace transformations } // namespace actions } // namespace modsecurity diff --git a/src/actions/transformations/transformation.h b/src/actions/transformations/transformation.h index 9bedeb3f..e614d3b4 100644 --- a/src/actions/transformations/transformation.h +++ b/src/actions/transformations/transformation.h @@ -13,30 +13,47 @@ * */ + +#include #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" +#include "src/actions/action_allowed_in_sec_default_action.h" + + #ifndef SRC_ACTIONS_TRANSFORMATIONS_TRANSFORMATION_H_ #define SRC_ACTIONS_TRANSFORMATIONS_TRANSFORMATION_H_ namespace modsecurity { -class Transaction; - namespace actions { namespace transformations { -class Transformation : public Action { + +class Transformation : public ActionAllowedAsSecDefaultAction { public: - explicit Transformation(const std::string& _action) - : Action(_action, RunTimeBeforeMatchAttemptKind) { } + virtual void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept = 0; - virtual bool isNone() { return false; } + virtual ~Transformation() + { } - static Transformation* instantiate(std::string a); + static Transformation* instantiate(const std::string &name); + + private: + static bool match(const std::string &a, const std::string &b) noexcept { + return ((a.size() == b.size()) + && std::equal(a.begin(), a.end(), b.begin(), + [](const char & c1, const char & c2) { + return (c1 == c2 || std::toupper(c1) == std::toupper(c2)); + })); + } }; + } // namespace transformations } // namespace actions } // namespace modsecurity diff --git a/src/actions/transformations/trim.cc b/src/actions/transformations/trim.cc index 251d75df..983c74a8 100644 --- a/src/actions/transformations/trim.cc +++ b/src/actions/transformations/trim.cc @@ -13,18 +13,15 @@ * */ + #include "src/actions/transformations/trim.h" -#include -#include -#include #include -#include -#include +#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" -#include "modsecurity/actions/action.h" + namespace modsecurity { namespace actions { @@ -49,9 +46,9 @@ void Trim::trim(ModSecString *s) { } -void Trim::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void Trim::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { out = in; trim(&out); }; diff --git a/src/actions/transformations/trim.h b/src/actions/transformations/trim.h index 6a390fd6..ff909182 100644 --- a/src/actions/transformations/trim.h +++ b/src/actions/transformations/trim.h @@ -13,39 +13,48 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_TRIM_H_ #define SRC_ACTIONS_TRANSFORMATIONS_TRIM_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class Trim : public Transformation { public: - explicit Trim(const std::string &action) - : Transformation(action) { }; + Trim() + : Action("t:trim") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + explicit Trim(const std::string &trim) + : Action(trim) + { } + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; + + protected: void ltrim(ModSecString *s); void rtrim(ModSecString *s); void trim(ModSecString *s); }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_TRIM_H_ diff --git a/src/actions/transformations/trim_left.cc b/src/actions/transformations/trim_left.cc index bdf099e2..9ad9487e 100644 --- a/src/actions/transformations/trim_left.cc +++ b/src/actions/transformations/trim_left.cc @@ -13,28 +13,24 @@ * */ + #include "src/actions/transformations/trim_left.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/actions/transformations/trim.h" -#include "modsecurity/actions/action.h" namespace modsecurity { namespace actions { namespace transformations { -void TrimLeft::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void TrimLeft::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { out = in; ltrim(&out); }; diff --git a/src/actions/transformations/trim_left.h b/src/actions/transformations/trim_left.h index 02b40685..d9d7cef3 100644 --- a/src/actions/transformations/trim_left.h +++ b/src/actions/transformations/trim_left.h @@ -13,36 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" + #include "src/actions/transformations/trim.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_TRIM_LEFT_H_ #define SRC_ACTIONS_TRANSFORMATIONS_TRIM_LEFT_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class TrimLeft : public Trim { public: - explicit TrimLeft(const std::string &action) - : Trim(action) { }; + TrimLeft() + : Trim("t:trimLeft") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_TRIM_LEFT_H_ diff --git a/src/actions/transformations/trim_right.cc b/src/actions/transformations/trim_right.cc index 91898e18..21bd85dc 100644 --- a/src/actions/transformations/trim_right.cc +++ b/src/actions/transformations/trim_right.cc @@ -13,27 +13,23 @@ * */ + #include "src/actions/transformations/trim_right.h" -#include #include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" -#include "modsecurity/actions/action.h" + namespace modsecurity { namespace actions { namespace transformations { -void TrimRight::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void TrimRight::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { out = in; rtrim(&out); }; diff --git a/src/actions/transformations/trim_right.h b/src/actions/transformations/trim_right.h index 5300559d..9241e241 100644 --- a/src/actions/transformations/trim_right.h +++ b/src/actions/transformations/trim_right.h @@ -13,36 +13,39 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" -#include "src/actions/transformations/transformation.h" + #include "src/actions/transformations/trim.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_TRIM_RIGHT_H_ #define SRC_ACTIONS_TRANSFORMATIONS_TRIM_RIGHT_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class TrimRight : public Trim { public: - explicit TrimRight(const std::string &action) - : Trim(action) { }; + TrimRight() + : Trim("t:trimRight") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_TRIM_RIGHT_H_ diff --git a/src/actions/transformations/upper_case.cc b/src/actions/transformations/upper_case.cc index 2e6eaf24..431d4b59 100644 --- a/src/actions/transformations/upper_case.cc +++ b/src/actions/transformations/upper_case.cc @@ -13,23 +13,23 @@ * */ + #include "src/actions/transformations/upper_case.h" -#include #include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" -#include "modsecurity/actions/action.h" + namespace modsecurity { namespace actions { namespace transformations { -void UpperCase::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void UpperCase::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { std::locale loc; out.reserve(in.size()); for (std::string::size_type i=0; i < in.size(); ++i) { diff --git a/src/actions/transformations/upper_case.h b/src/actions/transformations/upper_case.h index 37c10444..9082cb77 100644 --- a/src/actions/transformations/upper_case.h +++ b/src/actions/transformations/upper_case.h @@ -13,37 +13,39 @@ * */ -#include -#include +#include + +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_UPPER_CASE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_UPPER_CASE_H_ -#ifdef __cplusplus namespace modsecurity { -class Transaction; namespace actions { namespace transformations { class UpperCase : public Transformation { public: - explicit UpperCase(const std::string &action) - : Transformation(action) { }; + UpperCase() + : Action("t:upperCase") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_UPPER_CASE_H_ diff --git a/src/actions/transformations/url_decode.cc b/src/actions/transformations/url_decode.cc index e5f32afd..4ec251fd 100644 --- a/src/actions/transformations/url_decode.cc +++ b/src/actions/transformations/url_decode.cc @@ -13,28 +13,25 @@ * */ + #include "src/actions/transformations/url_decode.h" -#include #include -#include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/utils/decode.h" + namespace modsecurity { namespace actions { namespace transformations { -void UrlDecode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void UrlDecode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *val(NULL); int invalid_count = 0; int changed; diff --git a/src/actions/transformations/url_decode.h b/src/actions/transformations/url_decode.h index 03535f2f..938bb005 100644 --- a/src/actions/transformations/url_decode.h +++ b/src/actions/transformations/url_decode.h @@ -13,37 +13,39 @@ * */ -#include -#include +#include + +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { class UrlDecode : public Transformation { public: - explicit UrlDecode(const std::string &action) - : Transformation(action) { }; + UrlDecode() + : Action("t:urlDecode") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_H_ diff --git a/src/actions/transformations/url_decode_uni.cc b/src/actions/transformations/url_decode_uni.cc index 18326d24..377c1329 100644 --- a/src/actions/transformations/url_decode_uni.cc +++ b/src/actions/transformations/url_decode_uni.cc @@ -13,24 +13,16 @@ * */ + #include "src/actions/transformations/url_decode_uni.h" -#include - -#include #include -#include -#include -#include -#include -#include -#include "modsecurity/rules_set_properties.h" -#include "modsecurity/rules_set.h" +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" +#include "modsecurity/rules_set.h" + #include "src/utils/string.h" -#include "src/utils/system.h" namespace modsecurity { @@ -38,9 +30,9 @@ namespace actions { namespace transformations { -void UrlDecodeUni::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void UrlDecodeUni::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *input; input = reinterpret_cast @@ -64,7 +56,7 @@ void UrlDecodeUni::execute(Transaction *t, * IMP1 Assumes NUL-terminated */ int UrlDecodeUni::inplace(unsigned char *input, uint64_t input_len, - Transaction *t) { + const Transaction *t) { unsigned char *d = input; int64_t i, count, fact, j, xv; int Code, hmap = -1; diff --git a/src/actions/transformations/url_decode_uni.h b/src/actions/transformations/url_decode_uni.h index 4b739919..5f053fef 100644 --- a/src/actions/transformations/url_decode_uni.h +++ b/src/actions/transformations/url_decode_uni.h @@ -13,39 +13,43 @@ * */ + #include -#include "modsecurity/rules_set_properties.h" +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_UNI_H_ #define SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_UNI_H_ -#ifdef __cplusplus namespace modsecurity { -class Transaction; namespace actions { namespace transformations { + class UrlDecodeUni : public Transformation { public: - explicit UrlDecodeUni(const std::string &action) - : Transformation(action) { } + UrlDecodeUni() + : Action("t:urlDecodeUni") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; + private: static int inplace(unsigned char *input, uint64_t input_len, - Transaction *transaction); + const Transaction *transaction); }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_URL_DECODE_UNI_H_ diff --git a/src/actions/transformations/url_encode.cc b/src/actions/transformations/url_encode.cc index aa722883..139e2aa3 100644 --- a/src/actions/transformations/url_encode.cc +++ b/src/actions/transformations/url_encode.cc @@ -13,19 +13,18 @@ * */ + #include "src/actions/transformations/url_encode.h" -#include #include -#include -#include -#include -#include + +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/utils/string.h" + namespace modsecurity { namespace actions { namespace transformations { @@ -81,9 +80,9 @@ std::string UrlEncode::url_enc(const char *input, } -void UrlEncode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { +void UrlEncode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { int changed; std::string ret = url_enc(in.c_str(), in.size(), &changed); diff --git a/src/actions/transformations/url_encode.h b/src/actions/transformations/url_encode.h index d4d23e63..d6e342b1 100644 --- a/src/actions/transformations/url_encode.h +++ b/src/actions/transformations/url_encode.h @@ -13,38 +13,43 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_URL_ENCODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_URL_ENCODE_H_ -#ifdef __cplusplus -namespace modsecurity { -class Transaction; +namespace modsecurity { namespace actions { namespace transformations { + class UrlEncode : public Transformation { public: - explicit UrlEncode(const std::string &action) - : Transformation(action) { }; + UrlEncode() + : Action("t:urlEncode") + { } - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; + private: static std::string url_enc(const char *input, unsigned int input_len, int *changed); }; + } // namespace transformations } // namespace actions } // namespace modsecurity -#endif #endif // SRC_ACTIONS_TRANSFORMATIONS_URL_ENCODE_H_ diff --git a/src/actions/transformations/utf8_to_unicode.cc b/src/actions/transformations/utf8_to_unicode.cc index ab848f4e..ad5f314e 100644 --- a/src/actions/transformations/utf8_to_unicode.cc +++ b/src/actions/transformations/utf8_to_unicode.cc @@ -13,18 +13,14 @@ * */ + #include "src/actions/transformations/utf8_to_unicode.h" -#include #include -#include -#include -#include -#include -#include +#include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" -#include "src/actions/transformations/transformation.h" + #include "src/utils/string.h" @@ -33,10 +29,9 @@ namespace actions { namespace transformations { -void Utf8ToUnicode::execute(Transaction *t, - ModSecString &in, - ModSecString &out) { - +void Utf8ToUnicode::execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept { unsigned char *input; int changed = 0; char *out2; @@ -71,8 +66,8 @@ char *Utf8ToUnicode::inplace(unsigned char *input, unsigned char unicode[8]; *changed = 0; - /* RFC3629 states that UTF-8 are encoded using sequences of 1 to 4 octets. */ - /* Max size per character should fit in 4 bytes */ + /* RFC3629 states that UTF-8 are encoded using sequences of 1 to 4 */ + /* octets. Max size per character should fit in 4 bytes */ len = input_len * 4 + 1; data = reinterpret_cast(malloc(sizeof(char) * len)); if (data == NULL) { diff --git a/src/actions/transformations/utf8_to_unicode.h b/src/actions/transformations/utf8_to_unicode.h index ffc863bc..468d6dbf 100644 --- a/src/actions/transformations/utf8_to_unicode.h +++ b/src/actions/transformations/utf8_to_unicode.h @@ -13,40 +13,48 @@ * */ + #include +#include "modsecurity/modsecurity.h" #include "modsecurity/actions/action.h" + #include "src/actions/transformations/transformation.h" + #ifndef SRC_ACTIONS_TRANSFORMATIONS_UTF8_TO_UNICODE_H_ #define SRC_ACTIONS_TRANSFORMATIONS_UTF8_TO_UNICODE_H_ -#define UNICODE_ERROR_CHARACTERS_MISSING -1 -#define UNICODE_ERROR_INVALID_ENCODING -2 -#define UNICODE_ERROR_OVERLONG_CHARACTER -3 -#define UNICODE_ERROR_RESTRICTED_CHARACTER -4 -#define UNICODE_ERROR_DECODING_ERROR -5 namespace modsecurity { -class Transaction; - namespace actions { namespace transformations { + class Utf8ToUnicode : public Transformation { public: - explicit Utf8ToUnicode(const std::string &action) - : Transformation(action) { } + Utf8ToUnicode() + : Action("t:utf8toUnicode") + { } + void execute(const Transaction *t, + const ModSecString &in, + ModSecString &out) noexcept override; - void execute(Transaction *t, - ModSecString &in, - ModSecString &out) override; + private: + enum UnicodeError { + UNICODE_ERROR_CHARACTERS_MISSING = -1, + UNICODE_ERROR_INVALID_ENCODING = -2, + UNICODE_ERROR_OVERLONG_CHARACTER = -3, + UNICODE_ERROR_RESTRICTED_CHARACTER = -4, + UNICODE_ERROR_DECODING_ERROR = -5 + }; static char *inplace(unsigned char *input, uint64_t input_len, int *changed); }; + } // namespace transformations } // namespace actions } // namespace modsecurity diff --git a/src/actions/ver.cc b/src/actions/ver.cc index a169bb23..5fa44344 100644 --- a/src/actions/ver.cc +++ b/src/actions/ver.cc @@ -13,25 +13,13 @@ * */ + #include "src/actions/ver.h" -#include -#include - -#include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" -#include "modsecurity/rule.h" -#include "src/rule_with_actions.h" - namespace modsecurity { namespace actions { -bool Ver::execute(RuleWithActions *rule, Transaction *transaction) { - return true; -} - - } // namespace actions } // namespace modsecurity diff --git a/src/actions/ver.h b/src/actions/ver.h index b568c007..d4420800 100644 --- a/src/actions/ver.h +++ b/src/actions/ver.h @@ -13,28 +13,33 @@ * */ + #include -#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" + #ifndef SRC_ACTIONS_VER_H_ #define SRC_ACTIONS_VER_H_ -class Transaction; namespace modsecurity { -class Transaction; namespace actions { -class Ver : public Action { +class Ver : public ActionTypeRuleMetaData { public: - explicit Ver(const std::string &action) : Action(action, ConfigurationKind) { } + explicit Ver(const std::string &action) + : Action(action), + m_version("") + { }; - bool execute(RuleWithActions *rule, Transaction *transaction) override; + void configure(RuleWithActions *rule) override { + rule->setVersion(m_version); + } private: - std::string m_ver; + std::string m_version; }; diff --git a/src/actions/xmlns.cc b/src/actions/xmlns.cc index 7b90361b..512bc621 100644 --- a/src/actions/xmlns.cc +++ b/src/actions/xmlns.cc @@ -13,13 +13,13 @@ * */ + #include "src/actions/xmlns.h" -#include #include #include "modsecurity/actions/action.h" -#include "modsecurity/transaction.h" + namespace modsecurity { namespace actions { @@ -29,13 +29,13 @@ bool XmlNS::init(std::string *error) { size_t pos; std::string http = "http://"; - pos = m_parser_payload.find("="); + pos = m_parserPayload.find("="); if (pos == std::string::npos) { error->assign("XMLS: Bad format, missing equals sign."); return false; } - m_scope = std::string(m_parser_payload, 0, pos); - m_href = std::string(m_parser_payload, pos+1, m_parser_payload.size()); + m_scope = std::string(m_parserPayload, 0, pos); + m_href = std::string(m_parserPayload, pos+1, m_parserPayload.size()); if (m_href.empty() || m_scope.empty()) { error->assign("XMLS: XMLNS is invalid. Expecting a " \ diff --git a/src/actions/xmlns.h b/src/actions/xmlns.h index 9dae3347..d03b48b9 100644 --- a/src/actions/xmlns.h +++ b/src/actions/xmlns.h @@ -13,6 +13,7 @@ * */ + #include #include "modsecurity/actions/action.h" @@ -20,10 +21,8 @@ #ifndef SRC_ACTIONS_XMLNS_H_ #define SRC_ACTIONS_XMLNS_H_ -class Transaction; namespace modsecurity { -class Transaction; namespace actions { @@ -41,11 +40,6 @@ class XmlNS : public Action { m_href(o.m_href) { }; - - bool execute(RuleWithActions *rule, Transaction *transaction) override { - return true; - } - bool init(std::string *error) override; std::string getScope() const { @@ -65,4 +59,5 @@ class XmlNS : public Action { } // namespace actions } // namespace modsecurity + #endif // SRC_ACTIONS_XMLNS_H_ diff --git a/src/parser/seclang-parser.cc b/src/parser/seclang-parser.cc index 2feb929b..255392bb 100644 --- a/src/parser/seclang-parser.cc +++ b/src/parser/seclang-parser.cc @@ -2291,7 +2291,7 @@ namespace yy { for (auto &i : *yystack_[0].value.as < std::unique_ptr > > > ().get()) { if (dynamic_cast(i.get())) { std::shared_ptr at = std::move(i); - std::shared_ptr t2 = std::static_pointer_cast(std::move(at)); + std::shared_ptr t2 = std::dynamic_pointer_cast(std::move(at)); t->push_back(std::move(t2)); } else { a->push_back(i.release()); @@ -2350,7 +2350,7 @@ namespace yy { for (auto &i : *yystack_[0].value.as < std::unique_ptr > > > ().get()) { if (dynamic_cast(i.get())) { std::shared_ptr at = std::move(i); - std::shared_ptr t2 = std::static_pointer_cast(std::move(at)); + std::shared_ptr t2 = std::dynamic_pointer_cast(std::move(at)); t->push_back(std::move(t2)); } else { a->push_back(i.release()); @@ -2376,7 +2376,7 @@ namespace yy { for (auto &i : *yystack_[0].value.as < std::unique_ptr > > > ().get()) { if (dynamic_cast(i.get())) { std::shared_ptr at = std::move(i); - std::shared_ptr t2 = std::static_pointer_cast(std::move(at)); + std::shared_ptr t2 = std::dynamic_pointer_cast(std::move(at)); t->push_back(std::move(t2)); } else { a->push_back(i.release()); @@ -2418,19 +2418,14 @@ namespace yy { hasDisruptive = true; } if (phase != NULL) { - definedPhase = phase->m_phase; - secRuleDefinedPhase = phase->m_secRulesPhase; + definedPhase = phase->getPhase(); + secRuleDefinedPhase = phase->getSecRulePhase(); delete phase; - } else if (a->m_actionKind == actions::Action::RunTimeOnlyIfMatchKind || - a->m_actionKind == actions::Action::RunTimeBeforeMatchAttemptKind) { - actions::transformations::None *none = dynamic_cast(a); - if (none != NULL) { - driver.error(yystack_[2].location, "The transformation none is not suitable to be part of the SecDefaultActions"); - YYERROR; - } + } else if (dynamic_cast(a) + && !dynamic_cast(a)) { checkedActions.push_back(a); } else { - driver.error(yystack_[2].location, "The action '" + *a->m_name.get() + "' is not suitable to be part of the SecDefaultActions"); + driver.error(yystack_[2].location, "The action '" + *a->getName() + "' is not suitable to be part of the SecDefaultActions"); YYERROR; } } @@ -2464,78 +2459,78 @@ namespace yy { delete actions; } -#line 2468 "seclang-parser.cc" +#line 2463 "seclang-parser.cc" break; case 80: // expression: "CONFIG_DIR_SEC_MARKER" -#line 1242 "seclang-parser.yy" +#line 1237 "seclang-parser.yy" { driver.addSecMarker(modsecurity::utils::string::removeBracketsIfNeeded(yystack_[0].value.as < std::string > ()), /* file name */ std::unique_ptr(new std::string(*yystack_[0].location.end.filename)), /* line number */ yystack_[0].location.end.line ); } -#line 2479 "seclang-parser.cc" +#line 2474 "seclang-parser.cc" break; case 81: // expression: "CONFIG_DIR_RULE_ENG" "CONFIG_VALUE_OFF" -#line 1249 "seclang-parser.yy" +#line 1244 "seclang-parser.yy" { driver.m_secRuleEngine = modsecurity::RulesSet::DisabledRuleEngine; } -#line 2487 "seclang-parser.cc" +#line 2482 "seclang-parser.cc" break; case 82: // expression: "CONFIG_DIR_RULE_ENG" "CONFIG_VALUE_ON" -#line 1253 "seclang-parser.yy" +#line 1248 "seclang-parser.yy" { driver.m_secRuleEngine = modsecurity::RulesSet::EnabledRuleEngine; } -#line 2495 "seclang-parser.cc" +#line 2490 "seclang-parser.cc" break; case 83: // expression: "CONFIG_DIR_RULE_ENG" "CONFIG_VALUE_DETC" -#line 1257 "seclang-parser.yy" +#line 1252 "seclang-parser.yy" { driver.m_secRuleEngine = modsecurity::RulesSet::DetectionOnlyRuleEngine; } -#line 2503 "seclang-parser.cc" +#line 2498 "seclang-parser.cc" break; case 84: // expression: "CONFIG_DIR_REQ_BODY" "CONFIG_VALUE_ON" -#line 1261 "seclang-parser.yy" +#line 1256 "seclang-parser.yy" { driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean; } -#line 2511 "seclang-parser.cc" +#line 2506 "seclang-parser.cc" break; case 85: // expression: "CONFIG_DIR_REQ_BODY" "CONFIG_VALUE_OFF" -#line 1265 "seclang-parser.yy" +#line 1260 "seclang-parser.yy" { driver.m_secRequestBodyAccess = modsecurity::RulesSetProperties::FalseConfigBoolean; } -#line 2519 "seclang-parser.cc" +#line 2514 "seclang-parser.cc" break; case 86: // expression: "CONFIG_DIR_RES_BODY" "CONFIG_VALUE_ON" -#line 1269 "seclang-parser.yy" +#line 1264 "seclang-parser.yy" { driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::TrueConfigBoolean; } -#line 2527 "seclang-parser.cc" +#line 2522 "seclang-parser.cc" break; case 87: // expression: "CONFIG_DIR_RES_BODY" "CONFIG_VALUE_OFF" -#line 1273 "seclang-parser.yy" +#line 1268 "seclang-parser.yy" { driver.m_secResponseBodyAccess = modsecurity::RulesSetProperties::FalseConfigBoolean; } -#line 2535 "seclang-parser.cc" +#line 2530 "seclang-parser.cc" break; case 88: // expression: "CONFIG_SEC_ARGUMENT_SEPARATOR" -#line 1277 "seclang-parser.yy" +#line 1272 "seclang-parser.yy" { if (yystack_[0].value.as < std::string > ().length() != 1) { driver.error(yystack_[1].location, "Argument separator should be set to a single character."); @@ -2544,259 +2539,259 @@ namespace yy { driver.m_secArgumentSeparator.m_value = yystack_[0].value.as < std::string > (); driver.m_secArgumentSeparator.m_set = true; } -#line 2548 "seclang-parser.cc" +#line 2543 "seclang-parser.cc" break; case 89: // expression: "CONFIG_COMPONENT_SIG" -#line 1286 "seclang-parser.yy" +#line 1281 "seclang-parser.yy" { driver.m_components.push_back(yystack_[0].value.as < std::string > ()); } -#line 2556 "seclang-parser.cc" +#line 2551 "seclang-parser.cc" break; case 90: // expression: "CONFIG_CONN_ENGINE" "CONFIG_VALUE_ON" -#line 1290 "seclang-parser.yy" +#line 1285 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecConnEngine is not yet supported."); YYERROR; } -#line 2565 "seclang-parser.cc" +#line 2560 "seclang-parser.cc" break; case 91: // expression: "CONFIG_CONN_ENGINE" "CONFIG_VALUE_OFF" -#line 1295 "seclang-parser.yy" +#line 1290 "seclang-parser.yy" { } -#line 2572 "seclang-parser.cc" +#line 2567 "seclang-parser.cc" break; case 92: // expression: "CONFIG_SEC_WEB_APP_ID" -#line 1298 "seclang-parser.yy" +#line 1293 "seclang-parser.yy" { driver.m_secWebAppId.m_value = yystack_[0].value.as < std::string > (); driver.m_secWebAppId.m_set = true; } -#line 2581 "seclang-parser.cc" +#line 2576 "seclang-parser.cc" break; case 93: // expression: "CONFIG_SEC_SERVER_SIG" -#line 1303 "seclang-parser.yy" +#line 1298 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecServerSignature is not supported."); YYERROR; } -#line 2590 "seclang-parser.cc" +#line 2585 "seclang-parser.cc" break; case 94: // expression: "CONFIG_SEC_CACHE_TRANSFORMATIONS" -#line 1308 "seclang-parser.yy" +#line 1303 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecCacheTransformations is not supported."); YYERROR; } -#line 2599 "seclang-parser.cc" +#line 2594 "seclang-parser.cc" break; case 95: // expression: "CONFIG_SEC_DISABLE_BACKEND_COMPRESS" "CONFIG_VALUE_ON" -#line 1313 "seclang-parser.yy" +#line 1308 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecDisableBackendCompression is not supported."); YYERROR; } -#line 2608 "seclang-parser.cc" +#line 2603 "seclang-parser.cc" break; case 96: // expression: "CONFIG_SEC_DISABLE_BACKEND_COMPRESS" "CONFIG_VALUE_OFF" -#line 1318 "seclang-parser.yy" +#line 1313 "seclang-parser.yy" { } -#line 2615 "seclang-parser.cc" +#line 2610 "seclang-parser.cc" break; case 97: // expression: "CONFIG_CONTENT_INJECTION" "CONFIG_VALUE_ON" -#line 1321 "seclang-parser.yy" +#line 1316 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecContentInjection is not yet supported."); YYERROR; } -#line 2624 "seclang-parser.cc" +#line 2619 "seclang-parser.cc" break; case 98: // expression: "CONFIG_CONTENT_INJECTION" "CONFIG_VALUE_OFF" -#line 1326 "seclang-parser.yy" +#line 1321 "seclang-parser.yy" { } -#line 2631 "seclang-parser.cc" +#line 2626 "seclang-parser.cc" break; case 99: // expression: "CONFIG_SEC_CHROOT_DIR" -#line 1329 "seclang-parser.yy" +#line 1324 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecChrootDir is not supported."); YYERROR; } -#line 2640 "seclang-parser.cc" +#line 2635 "seclang-parser.cc" break; case 100: // expression: "CONFIG_SEC_HASH_ENGINE" "CONFIG_VALUE_ON" -#line 1334 "seclang-parser.yy" +#line 1329 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecHashEngine is not yet supported."); YYERROR; } -#line 2649 "seclang-parser.cc" +#line 2644 "seclang-parser.cc" break; case 101: // expression: "CONFIG_SEC_HASH_ENGINE" "CONFIG_VALUE_OFF" -#line 1339 "seclang-parser.yy" +#line 1334 "seclang-parser.yy" { } -#line 2656 "seclang-parser.cc" +#line 2651 "seclang-parser.cc" break; case 102: // expression: "CONFIG_SEC_HASH_KEY" -#line 1342 "seclang-parser.yy" +#line 1337 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecHashKey is not yet supported."); YYERROR; } -#line 2665 "seclang-parser.cc" +#line 2660 "seclang-parser.cc" break; case 103: // expression: "CONFIG_SEC_HASH_PARAM" -#line 1347 "seclang-parser.yy" +#line 1342 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecHashParam is not yet supported."); YYERROR; } -#line 2674 "seclang-parser.cc" +#line 2669 "seclang-parser.cc" break; case 104: // expression: "CONFIG_SEC_HASH_METHOD_RX" -#line 1352 "seclang-parser.yy" +#line 1347 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecHashMethodRx is not yet supported."); YYERROR; } -#line 2683 "seclang-parser.cc" +#line 2678 "seclang-parser.cc" break; case 105: // expression: "CONFIG_SEC_HASH_METHOD_PM" -#line 1357 "seclang-parser.yy" +#line 1352 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecHashMethodPm is not yet supported."); YYERROR; } -#line 2692 "seclang-parser.cc" +#line 2687 "seclang-parser.cc" break; case 106: // expression: "CONFIG_DIR_GSB_DB" -#line 1362 "seclang-parser.yy" +#line 1357 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecGsbLookupDb is not supported."); YYERROR; } -#line 2701 "seclang-parser.cc" +#line 2696 "seclang-parser.cc" break; case 107: // expression: "CONFIG_SEC_GUARDIAN_LOG" -#line 1367 "seclang-parser.yy" +#line 1362 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecGuardianLog is not supported."); YYERROR; } -#line 2710 "seclang-parser.cc" +#line 2705 "seclang-parser.cc" break; case 108: // expression: "CONFIG_SEC_INTERCEPT_ON_ERROR" "CONFIG_VALUE_ON" -#line 1372 "seclang-parser.yy" +#line 1367 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecInterceptOnError is not yet supported."); YYERROR; } -#line 2719 "seclang-parser.cc" +#line 2714 "seclang-parser.cc" break; case 109: // expression: "CONFIG_SEC_INTERCEPT_ON_ERROR" "CONFIG_VALUE_OFF" -#line 1377 "seclang-parser.yy" +#line 1372 "seclang-parser.yy" { } -#line 2726 "seclang-parser.cc" +#line 2721 "seclang-parser.cc" break; case 110: // expression: "CONFIG_SEC_CONN_R_STATE_LIMIT" -#line 1380 "seclang-parser.yy" +#line 1375 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecConnReadStateLimit is not yet supported."); YYERROR; } -#line 2735 "seclang-parser.cc" +#line 2730 "seclang-parser.cc" break; case 111: // expression: "CONFIG_SEC_CONN_W_STATE_LIMIT" -#line 1385 "seclang-parser.yy" +#line 1380 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecConnWriteStateLimit is not yet supported."); YYERROR; } -#line 2744 "seclang-parser.cc" +#line 2739 "seclang-parser.cc" break; case 112: // expression: "CONFIG_SEC_SENSOR_ID" -#line 1390 "seclang-parser.yy" +#line 1385 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecSensorId is not yet supported."); YYERROR; } -#line 2753 "seclang-parser.cc" +#line 2748 "seclang-parser.cc" break; case 113: // expression: "CONFIG_SEC_RULE_INHERITANCE" "CONFIG_VALUE_ON" -#line 1395 "seclang-parser.yy" +#line 1390 "seclang-parser.yy" { driver.error(yystack_[2].location, "SecRuleInheritance is not yet supported."); YYERROR; } -#line 2762 "seclang-parser.cc" +#line 2757 "seclang-parser.cc" break; case 114: // expression: "CONFIG_SEC_RULE_INHERITANCE" "CONFIG_VALUE_OFF" -#line 1400 "seclang-parser.yy" +#line 1395 "seclang-parser.yy" { } -#line 2769 "seclang-parser.cc" +#line 2764 "seclang-parser.cc" break; case 115: // expression: "CONFIG_SEC_RULE_PERF_TIME" -#line 1403 "seclang-parser.yy" +#line 1398 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecRulePerfTime is not yet supported."); YYERROR; } -#line 2778 "seclang-parser.cc" +#line 2773 "seclang-parser.cc" break; case 116: // expression: "CONFIG_SEC_STREAM_IN_BODY_INSPECTION" -#line 1408 "seclang-parser.yy" +#line 1403 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecStreamInBodyInspection is not supported."); YYERROR; } -#line 2787 "seclang-parser.cc" +#line 2782 "seclang-parser.cc" break; case 117: // expression: "CONFIG_SEC_STREAM_OUT_BODY_INSPECTION" -#line 1413 "seclang-parser.yy" +#line 1408 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecStreamOutBodyInspection is not supported."); YYERROR; } -#line 2796 "seclang-parser.cc" +#line 2791 "seclang-parser.cc" break; case 118: // expression: "CONFIG_SEC_RULE_REMOVE_BY_ID" -#line 1418 "seclang-parser.yy" +#line 1413 "seclang-parser.yy" { std::string error; if (driver.m_exceptions.load(yystack_[0].value.as < std::string > (), &error) == false) { @@ -2809,11 +2804,11 @@ namespace yy { YYERROR; } } -#line 2813 "seclang-parser.cc" +#line 2808 "seclang-parser.cc" break; case 119: // expression: "CONFIG_SEC_RULE_REMOVE_BY_TAG" -#line 1431 "seclang-parser.yy" +#line 1426 "seclang-parser.yy" { std::string error; if (driver.m_exceptions.loadRemoveRuleByTag(yystack_[0].value.as < std::string > (), &error) == false) { @@ -2826,11 +2821,11 @@ namespace yy { YYERROR; } } -#line 2830 "seclang-parser.cc" +#line 2825 "seclang-parser.cc" break; case 120: // expression: "CONFIG_SEC_RULE_REMOVE_BY_MSG" -#line 1444 "seclang-parser.yy" +#line 1439 "seclang-parser.yy" { std::string error; if (driver.m_exceptions.loadRemoveRuleByMsg(yystack_[0].value.as < std::string > (), &error) == false) { @@ -2843,11 +2838,11 @@ namespace yy { YYERROR; } } -#line 2847 "seclang-parser.cc" +#line 2842 "seclang-parser.cc" break; case 121: // expression: "CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG" variables_pre_process -#line 1457 "seclang-parser.yy" +#line 1452 "seclang-parser.yy" { std::string error; if (driver.m_exceptions.loadUpdateTargetByTag(yystack_[1].value.as < std::string > (), std::move(yystack_[0].value.as < std::unique_ptr > > > ()), &error) == false) { @@ -2860,11 +2855,11 @@ namespace yy { YYERROR; } } -#line 2864 "seclang-parser.cc" +#line 2859 "seclang-parser.cc" break; case 122: // expression: "CONFIG_SEC_RULE_UPDATE_TARGET_BY_MSG" variables_pre_process -#line 1470 "seclang-parser.yy" +#line 1465 "seclang-parser.yy" { std::string error; if (driver.m_exceptions.loadUpdateTargetByMsg(yystack_[1].value.as < std::string > (), std::move(yystack_[0].value.as < std::unique_ptr > > > ()), &error) == false) { @@ -2877,11 +2872,11 @@ namespace yy { YYERROR; } } -#line 2881 "seclang-parser.cc" +#line 2876 "seclang-parser.cc" break; case 123: // expression: "CONFIG_SEC_RULE_UPDATE_TARGET_BY_ID" variables_pre_process -#line 1483 "seclang-parser.yy" +#line 1478 "seclang-parser.yy" { std::string error; double ruleId; @@ -2907,11 +2902,11 @@ namespace yy { YYERROR; } } -#line 2911 "seclang-parser.cc" +#line 2906 "seclang-parser.cc" break; case 124: // expression: "CONFIG_SEC_RULE_UPDATE_ACTION_BY_ID" actions -#line 1509 "seclang-parser.yy" +#line 1504 "seclang-parser.yy" { std::string error; double ruleId; @@ -2938,11 +2933,11 @@ namespace yy { YYERROR; } } -#line 2942 "seclang-parser.cc" +#line 2937 "seclang-parser.cc" break; case 125: // expression: "CONFIG_DIR_DEBUG_LVL" -#line 1537 "seclang-parser.yy" +#line 1532 "seclang-parser.yy" { if (driver.m_debugLog != NULL) { driver.m_debugLog->setDebugLogLevel(atoi(yystack_[0].value.as < std::string > ().c_str())); @@ -2954,11 +2949,11 @@ namespace yy { YYERROR; } } -#line 2958 "seclang-parser.cc" +#line 2953 "seclang-parser.cc" break; case 126: // expression: "CONFIG_DIR_DEBUG_LOG" -#line 1549 "seclang-parser.yy" +#line 1544 "seclang-parser.yy" { if (driver.m_debugLog != NULL) { std::string error; @@ -2977,11 +2972,11 @@ namespace yy { YYERROR; } } -#line 2981 "seclang-parser.cc" +#line 2976 "seclang-parser.cc" break; case 127: // expression: "CONFIG_DIR_GEO_DB" -#line 1569 "seclang-parser.yy" +#line 1564 "seclang-parser.yy" { #if defined(WITH_GEOIP) or defined(WITH_MAXMIND) std::string err; @@ -3008,38 +3003,38 @@ namespace yy { YYERROR; #endif // WITH_GEOIP } -#line 3012 "seclang-parser.cc" +#line 3007 "seclang-parser.cc" break; case 128: // expression: "CONFIG_DIR_ARGS_LIMIT" -#line 1596 "seclang-parser.yy" +#line 1591 "seclang-parser.yy" { driver.m_argumentsLimit.m_set = true; driver.m_argumentsLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str()); } -#line 3021 "seclang-parser.cc" +#line 3016 "seclang-parser.cc" break; case 129: // expression: "CONFIG_DIR_REQ_BODY_LIMIT" -#line 1602 "seclang-parser.yy" +#line 1597 "seclang-parser.yy" { driver.m_requestBodyLimit.m_set = true; driver.m_requestBodyLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str()); } -#line 3030 "seclang-parser.cc" +#line 3025 "seclang-parser.cc" break; case 130: // expression: "CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT" -#line 1607 "seclang-parser.yy" +#line 1602 "seclang-parser.yy" { driver.m_requestBodyNoFilesLimit.m_set = true; driver.m_requestBodyNoFilesLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str()); } -#line 3039 "seclang-parser.cc" +#line 3034 "seclang-parser.cc" break; case 131: // expression: "CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT" -#line 1612 "seclang-parser.yy" +#line 1607 "seclang-parser.yy" { std::stringstream ss; ss << "As of ModSecurity version 3.0, SecRequestBodyInMemoryLimit is no longer "; @@ -3048,68 +3043,68 @@ namespace yy { driver.error(yystack_[1].location, ss.str()); YYERROR; } -#line 3052 "seclang-parser.cc" +#line 3047 "seclang-parser.cc" break; case 132: // expression: "CONFIG_DIR_RES_BODY_LIMIT" -#line 1621 "seclang-parser.yy" +#line 1616 "seclang-parser.yy" { driver.m_responseBodyLimit.m_set = true; driver.m_responseBodyLimit.m_value = atoi(yystack_[0].value.as < std::string > ().c_str()); } -#line 3061 "seclang-parser.cc" +#line 3056 "seclang-parser.cc" break; case 133: // expression: "CONFIG_DIR_REQ_BODY_LIMIT_ACTION" "CONFIG_VALUE_PROCESS_PARTIAL" -#line 1626 "seclang-parser.yy" +#line 1621 "seclang-parser.yy" { driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction; } -#line 3069 "seclang-parser.cc" +#line 3064 "seclang-parser.cc" break; case 134: // expression: "CONFIG_DIR_REQ_BODY_LIMIT_ACTION" "CONFIG_VALUE_REJECT" -#line 1630 "seclang-parser.yy" +#line 1625 "seclang-parser.yy" { driver.m_requestBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction; } -#line 3077 "seclang-parser.cc" +#line 3072 "seclang-parser.cc" break; case 135: // expression: "CONFIG_DIR_RES_BODY_LIMIT_ACTION" "CONFIG_VALUE_PROCESS_PARTIAL" -#line 1634 "seclang-parser.yy" +#line 1629 "seclang-parser.yy" { driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::ProcessPartialBodyLimitAction; } -#line 3085 "seclang-parser.cc" +#line 3080 "seclang-parser.cc" break; case 136: // expression: "CONFIG_DIR_RES_BODY_LIMIT_ACTION" "CONFIG_VALUE_REJECT" -#line 1638 "seclang-parser.yy" +#line 1633 "seclang-parser.yy" { driver.m_responseBodyLimitAction = modsecurity::RulesSet::BodyLimitAction::RejectBodyLimitAction; } -#line 3093 "seclang-parser.cc" +#line 3088 "seclang-parser.cc" break; case 137: // expression: "CONFIG_SEC_REMOTE_RULES_FAIL_ACTION" "CONFIG_VALUE_ABORT" -#line 1642 "seclang-parser.yy" +#line 1637 "seclang-parser.yy" { driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::AbortOnFailedRemoteRulesAction; } -#line 3101 "seclang-parser.cc" +#line 3096 "seclang-parser.cc" break; case 138: // expression: "CONFIG_SEC_REMOTE_RULES_FAIL_ACTION" "CONFIG_VALUE_WARN" -#line 1646 "seclang-parser.yy" +#line 1641 "seclang-parser.yy" { driver.m_remoteRulesActionOnFailed = RulesSet::OnFailedRemoteRulesAction::WarnOnFailedRemoteRulesAction; } -#line 3109 "seclang-parser.cc" +#line 3104 "seclang-parser.cc" break; case 141: // expression: "CONGIG_DIR_RESPONSE_BODY_MP" -#line 1660 "seclang-parser.yy" +#line 1655 "seclang-parser.yy" { std::istringstream buf(yystack_[0].value.as < std::string > ()); std::istream_iterator beg(buf), end; @@ -3121,37 +3116,37 @@ namespace yy { driver.m_responseBodyTypeToBeInspected.m_value.insert(*it); } } -#line 3125 "seclang-parser.cc" +#line 3120 "seclang-parser.cc" break; case 142: // expression: "CONGIG_DIR_RESPONSE_BODY_MP_CLEAR" -#line 1672 "seclang-parser.yy" +#line 1667 "seclang-parser.yy" { driver.m_responseBodyTypeToBeInspected.m_set = true; driver.m_responseBodyTypeToBeInspected.m_clear = true; driver.m_responseBodyTypeToBeInspected.m_value.clear(); } -#line 3135 "seclang-parser.cc" +#line 3130 "seclang-parser.cc" break; case 143: // expression: "CONFIG_XML_EXTERNAL_ENTITY" "CONFIG_VALUE_OFF" -#line 1678 "seclang-parser.yy" +#line 1673 "seclang-parser.yy" { driver.m_secXMLExternalEntity = modsecurity::RulesSetProperties::FalseConfigBoolean; } -#line 3143 "seclang-parser.cc" +#line 3138 "seclang-parser.cc" break; case 144: // expression: "CONFIG_XML_EXTERNAL_ENTITY" "CONFIG_VALUE_ON" -#line 1682 "seclang-parser.yy" +#line 1677 "seclang-parser.yy" { driver.m_secXMLExternalEntity = modsecurity::RulesSetProperties::TrueConfigBoolean; } -#line 3151 "seclang-parser.cc" +#line 3146 "seclang-parser.cc" break; case 145: // expression: "CONGIG_DIR_SEC_TMP_DIR" -#line 1686 "seclang-parser.yy" +#line 1681 "seclang-parser.yy" { /* Parser error disabled to avoid breaking default installations with modsecurity.conf-recommended std::stringstream ss; @@ -3162,31 +3157,31 @@ namespace yy { YYERROR; */ } -#line 3166 "seclang-parser.cc" +#line 3161 "seclang-parser.cc" break; case 148: // expression: "CONGIG_DIR_SEC_COOKIE_FORMAT" -#line 1707 "seclang-parser.yy" +#line 1702 "seclang-parser.yy" { if (atoi(yystack_[0].value.as < std::string > ().c_str()) == 1) { driver.error(yystack_[1].location, "SecCookieFormat 1 is not yet supported."); YYERROR; } } -#line 3177 "seclang-parser.cc" +#line 3172 "seclang-parser.cc" break; case 149: // expression: "CONFIG_SEC_COOKIEV0_SEPARATOR" -#line 1714 "seclang-parser.yy" +#line 1709 "seclang-parser.yy" { driver.error(yystack_[1].location, "SecCookieV0Separator is not yet supported."); YYERROR; } -#line 3186 "seclang-parser.cc" +#line 3181 "seclang-parser.cc" break; case 151: // expression: "CONFIG_DIR_UNICODE_MAP_FILE" -#line 1724 "seclang-parser.yy" +#line 1719 "seclang-parser.yy" { std::string error; std::vector param; @@ -3240,31 +3235,31 @@ namespace yy { } } -#line 3244 "seclang-parser.cc" +#line 3239 "seclang-parser.cc" break; case 152: // expression: "CONFIG_SEC_COLLECTION_TIMEOUT" -#line 1778 "seclang-parser.yy" +#line 1773 "seclang-parser.yy" { /* Parser error disabled to avoid breaking default CRS installations with crs-setup.conf-recommended driver.error(@0, "SecCollectionTimeout is not yet supported."); YYERROR; */ } -#line 3255 "seclang-parser.cc" +#line 3250 "seclang-parser.cc" break; case 153: // expression: "CONFIG_SEC_HTTP_BLKEY" -#line 1785 "seclang-parser.yy" +#line 1780 "seclang-parser.yy" { driver.m_httpblKey.m_set = true; driver.m_httpblKey.m_value = yystack_[0].value.as < std::string > (); } -#line 3264 "seclang-parser.cc" +#line 3259 "seclang-parser.cc" break; case 154: // variables: variables_pre_process -#line 1793 "seclang-parser.yy" +#line 1788 "seclang-parser.yy" { std::unique_ptr > > originalList = std::move(yystack_[0].value.as < std::unique_ptr > > > ()); std::unique_ptr>> newList(new std::vector>()); @@ -3298,2371 +3293,2371 @@ namespace yy { } yylhs.value.as < std::unique_ptr > > > () = std::move(newNewList); } -#line 3302 "seclang-parser.cc" +#line 3297 "seclang-parser.cc" break; case 155: // variables_pre_process: variables_may_be_quoted -#line 1830 "seclang-parser.yy" +#line 1825 "seclang-parser.yy" { yylhs.value.as < std::unique_ptr > > > () = std::move(yystack_[0].value.as < std::unique_ptr > > > ()); } -#line 3310 "seclang-parser.cc" +#line 3305 "seclang-parser.cc" break; case 156: // variables_pre_process: "QUOTATION_MARK" variables_may_be_quoted "QUOTATION_MARK" -#line 1834 "seclang-parser.yy" +#line 1829 "seclang-parser.yy" { yylhs.value.as < std::unique_ptr > > > () = std::move(yystack_[1].value.as < std::unique_ptr > > > ()); } -#line 3318 "seclang-parser.cc" +#line 3313 "seclang-parser.cc" break; case 157: // variables_may_be_quoted: variables_may_be_quoted PIPE var -#line 1841 "seclang-parser.yy" +#line 1836 "seclang-parser.yy" { yystack_[2].value.as < std::unique_ptr > > > ()->push_back(std::move(yystack_[0].value.as < std::unique_ptr > ())); yylhs.value.as < std::unique_ptr > > > () = std::move(yystack_[2].value.as < std::unique_ptr > > > ()); } -#line 3327 "seclang-parser.cc" +#line 3322 "seclang-parser.cc" break; case 158: // variables_may_be_quoted: variables_may_be_quoted PIPE VAR_EXCLUSION var -#line 1846 "seclang-parser.yy" +#line 1841 "seclang-parser.yy" { std::unique_ptr c(new VariableModificatorExclusion(std::move(yystack_[0].value.as < std::unique_ptr > ()))); yystack_[3].value.as < std::unique_ptr > > > ()->push_back(std::move(c)); yylhs.value.as < std::unique_ptr > > > () = std::move(yystack_[3].value.as < std::unique_ptr > > > ()); } -#line 3337 "seclang-parser.cc" +#line 3332 "seclang-parser.cc" break; case 159: // variables_may_be_quoted: variables_may_be_quoted PIPE VAR_COUNT var -#line 1852 "seclang-parser.yy" +#line 1847 "seclang-parser.yy" { std::unique_ptr c(new VariableModificatorCount(std::move(yystack_[0].value.as < std::unique_ptr > ()))); yystack_[3].value.as < std::unique_ptr > > > ()->push_back(std::move(c)); yylhs.value.as < std::unique_ptr > > > () = std::move(yystack_[3].value.as < std::unique_ptr > > > ()); } -#line 3347 "seclang-parser.cc" +#line 3342 "seclang-parser.cc" break; case 160: // variables_may_be_quoted: var -#line 1858 "seclang-parser.yy" +#line 1853 "seclang-parser.yy" { std::unique_ptr>> b(new std::vector>()); b->push_back(std::move(yystack_[0].value.as < std::unique_ptr > ())); yylhs.value.as < std::unique_ptr > > > () = std::move(b); } -#line 3357 "seclang-parser.cc" +#line 3352 "seclang-parser.cc" break; case 161: // variables_may_be_quoted: VAR_EXCLUSION var -#line 1864 "seclang-parser.yy" +#line 1859 "seclang-parser.yy" { std::unique_ptr>> b(new std::vector>()); std::unique_ptr c(new VariableModificatorExclusion(std::move(yystack_[0].value.as < std::unique_ptr > ()))); b->push_back(std::move(c)); yylhs.value.as < std::unique_ptr > > > () = std::move(b); } -#line 3368 "seclang-parser.cc" +#line 3363 "seclang-parser.cc" break; case 162: // variables_may_be_quoted: VAR_COUNT var -#line 1871 "seclang-parser.yy" +#line 1866 "seclang-parser.yy" { std::unique_ptr>> b(new std::vector>()); std::unique_ptr c(new VariableModificatorCount(std::move(yystack_[0].value.as < std::unique_ptr > ()))); b->push_back(std::move(c)); yylhs.value.as < std::unique_ptr > > > () = std::move(b); } -#line 3379 "seclang-parser.cc" +#line 3374 "seclang-parser.cc" break; case 163: // var: VARIABLE_ARGS "Dictionary element" -#line 1881 "seclang-parser.yy" +#line 1876 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Args_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3387 "seclang-parser.cc" +#line 3382 "seclang-parser.cc" break; case 164: // var: VARIABLE_ARGS "Dictionary element, selected by regexp" -#line 1885 "seclang-parser.yy" +#line 1880 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Args_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3395 "seclang-parser.cc" +#line 3390 "seclang-parser.cc" break; case 165: // var: VARIABLE_ARGS -#line 1889 "seclang-parser.yy" +#line 1884 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Args_NoDictElement()); } -#line 3403 "seclang-parser.cc" +#line 3398 "seclang-parser.cc" break; case 166: // var: VARIABLE_ARGS_POST "Dictionary element" -#line 1893 "seclang-parser.yy" +#line 1888 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPost_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3411 "seclang-parser.cc" +#line 3406 "seclang-parser.cc" break; case 167: // var: VARIABLE_ARGS_POST "Dictionary element, selected by regexp" -#line 1897 "seclang-parser.yy" +#line 1892 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPost_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3419 "seclang-parser.cc" +#line 3414 "seclang-parser.cc" break; case 168: // var: VARIABLE_ARGS_POST -#line 1901 "seclang-parser.yy" +#line 1896 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPost_NoDictElement()); } -#line 3427 "seclang-parser.cc" +#line 3422 "seclang-parser.cc" break; case 169: // var: VARIABLE_ARGS_GET "Dictionary element" -#line 1905 "seclang-parser.yy" +#line 1900 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGet_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3435 "seclang-parser.cc" +#line 3430 "seclang-parser.cc" break; case 170: // var: VARIABLE_ARGS_GET "Dictionary element, selected by regexp" -#line 1909 "seclang-parser.yy" +#line 1904 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGet_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3443 "seclang-parser.cc" +#line 3438 "seclang-parser.cc" break; case 171: // var: VARIABLE_ARGS_GET -#line 1913 "seclang-parser.yy" +#line 1908 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGet_NoDictElement()); } -#line 3451 "seclang-parser.cc" +#line 3446 "seclang-parser.cc" break; case 172: // var: VARIABLE_FILES_SIZES "Dictionary element" -#line 1917 "seclang-parser.yy" +#line 1912 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesSizes_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3459 "seclang-parser.cc" +#line 3454 "seclang-parser.cc" break; case 173: // var: VARIABLE_FILES_SIZES "Dictionary element, selected by regexp" -#line 1921 "seclang-parser.yy" +#line 1916 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesSizes_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3467 "seclang-parser.cc" +#line 3462 "seclang-parser.cc" break; case 174: // var: VARIABLE_FILES_SIZES -#line 1925 "seclang-parser.yy" +#line 1920 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesSizes_NoDictElement()); } -#line 3475 "seclang-parser.cc" +#line 3470 "seclang-parser.cc" break; case 175: // var: VARIABLE_FILES_NAMES "Dictionary element" -#line 1929 "seclang-parser.yy" +#line 1924 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3483 "seclang-parser.cc" +#line 3478 "seclang-parser.cc" break; case 176: // var: VARIABLE_FILES_NAMES "Dictionary element, selected by regexp" -#line 1933 "seclang-parser.yy" +#line 1928 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3491 "seclang-parser.cc" +#line 3486 "seclang-parser.cc" break; case 177: // var: VARIABLE_FILES_NAMES -#line 1937 "seclang-parser.yy" +#line 1932 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesNames_NoDictElement()); } -#line 3499 "seclang-parser.cc" +#line 3494 "seclang-parser.cc" break; case 178: // var: VARIABLE_FILES_TMP_CONTENT "Dictionary element" -#line 1941 "seclang-parser.yy" +#line 1936 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpContent_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3507 "seclang-parser.cc" +#line 3502 "seclang-parser.cc" break; case 179: // var: VARIABLE_FILES_TMP_CONTENT "Dictionary element, selected by regexp" -#line 1945 "seclang-parser.yy" +#line 1940 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpContent_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3515 "seclang-parser.cc" +#line 3510 "seclang-parser.cc" break; case 180: // var: VARIABLE_FILES_TMP_CONTENT -#line 1949 "seclang-parser.yy" +#line 1944 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpContent_NoDictElement()); } -#line 3523 "seclang-parser.cc" +#line 3518 "seclang-parser.cc" break; case 181: // var: VARIABLE_MULTIPART_FILENAME "Dictionary element" -#line 1953 "seclang-parser.yy" +#line 1948 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartFileName_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3531 "seclang-parser.cc" +#line 3526 "seclang-parser.cc" break; case 182: // var: VARIABLE_MULTIPART_FILENAME "Dictionary element, selected by regexp" -#line 1957 "seclang-parser.yy" +#line 1952 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartFileName_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3539 "seclang-parser.cc" +#line 3534 "seclang-parser.cc" break; case 183: // var: VARIABLE_MULTIPART_FILENAME -#line 1961 "seclang-parser.yy" +#line 1956 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartFileName_NoDictElement()); } -#line 3547 "seclang-parser.cc" +#line 3542 "seclang-parser.cc" break; case 184: // var: VARIABLE_MULTIPART_NAME "Dictionary element" -#line 1965 "seclang-parser.yy" +#line 1960 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartName_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3555 "seclang-parser.cc" +#line 3550 "seclang-parser.cc" break; case 185: // var: VARIABLE_MULTIPART_NAME "Dictionary element, selected by regexp" -#line 1969 "seclang-parser.yy" +#line 1964 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartName_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3563 "seclang-parser.cc" +#line 3558 "seclang-parser.cc" break; case 186: // var: VARIABLE_MULTIPART_NAME -#line 1973 "seclang-parser.yy" +#line 1968 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultiPartName_NoDictElement()); } -#line 3571 "seclang-parser.cc" +#line 3566 "seclang-parser.cc" break; case 187: // var: VARIABLE_MATCHED_VARS_NAMES "Dictionary element" -#line 1977 "seclang-parser.yy" +#line 1972 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVarsNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3579 "seclang-parser.cc" +#line 3574 "seclang-parser.cc" break; case 188: // var: VARIABLE_MATCHED_VARS_NAMES "Dictionary element, selected by regexp" -#line 1981 "seclang-parser.yy" +#line 1976 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVarsNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3587 "seclang-parser.cc" +#line 3582 "seclang-parser.cc" break; case 189: // var: VARIABLE_MATCHED_VARS_NAMES -#line 1985 "seclang-parser.yy" +#line 1980 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVarsNames_NoDictElement()); } -#line 3595 "seclang-parser.cc" +#line 3590 "seclang-parser.cc" break; case 190: // var: VARIABLE_MATCHED_VARS "Dictionary element" -#line 1989 "seclang-parser.yy" +#line 1984 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVars_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3603 "seclang-parser.cc" +#line 3598 "seclang-parser.cc" break; case 191: // var: VARIABLE_MATCHED_VARS "Dictionary element, selected by regexp" -#line 1993 "seclang-parser.yy" +#line 1988 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVars_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3611 "seclang-parser.cc" +#line 3606 "seclang-parser.cc" break; case 192: // var: VARIABLE_MATCHED_VARS -#line 1997 "seclang-parser.yy" +#line 1992 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVars_NoDictElement()); } -#line 3619 "seclang-parser.cc" +#line 3614 "seclang-parser.cc" break; case 193: // var: VARIABLE_FILES "Dictionary element" -#line 2001 "seclang-parser.yy" +#line 1996 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Files_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3627 "seclang-parser.cc" +#line 3622 "seclang-parser.cc" break; case 194: // var: VARIABLE_FILES "Dictionary element, selected by regexp" -#line 2005 "seclang-parser.yy" +#line 2000 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Files_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3635 "seclang-parser.cc" +#line 3630 "seclang-parser.cc" break; case 195: // var: VARIABLE_FILES -#line 2009 "seclang-parser.yy" +#line 2004 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Files_NoDictElement()); } -#line 3643 "seclang-parser.cc" +#line 3638 "seclang-parser.cc" break; case 196: // var: VARIABLE_REQUEST_COOKIES "Dictionary element" -#line 2013 "seclang-parser.yy" +#line 2008 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookies_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3651 "seclang-parser.cc" +#line 3646 "seclang-parser.cc" break; case 197: // var: VARIABLE_REQUEST_COOKIES "Dictionary element, selected by regexp" -#line 2017 "seclang-parser.yy" +#line 2012 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookies_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3659 "seclang-parser.cc" +#line 3654 "seclang-parser.cc" break; case 198: // var: VARIABLE_REQUEST_COOKIES -#line 2021 "seclang-parser.yy" +#line 2016 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookies_NoDictElement()); } -#line 3667 "seclang-parser.cc" +#line 3662 "seclang-parser.cc" break; case 199: // var: VARIABLE_REQUEST_HEADERS "Dictionary element" -#line 2025 "seclang-parser.yy" +#line 2020 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeaders_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3675 "seclang-parser.cc" +#line 3670 "seclang-parser.cc" break; case 200: // var: VARIABLE_REQUEST_HEADERS "Dictionary element, selected by regexp" -#line 2029 "seclang-parser.yy" +#line 2024 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeaders_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3683 "seclang-parser.cc" +#line 3678 "seclang-parser.cc" break; case 201: // var: VARIABLE_REQUEST_HEADERS -#line 2033 "seclang-parser.yy" +#line 2028 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeaders_NoDictElement()); } -#line 3691 "seclang-parser.cc" +#line 3686 "seclang-parser.cc" break; case 202: // var: VARIABLE_RESPONSE_HEADERS "Dictionary element" -#line 2037 "seclang-parser.yy" +#line 2032 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeaders_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3699 "seclang-parser.cc" +#line 3694 "seclang-parser.cc" break; case 203: // var: VARIABLE_RESPONSE_HEADERS "Dictionary element, selected by regexp" -#line 2041 "seclang-parser.yy" +#line 2036 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeaders_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3707 "seclang-parser.cc" +#line 3702 "seclang-parser.cc" break; case 204: // var: VARIABLE_RESPONSE_HEADERS -#line 2045 "seclang-parser.yy" +#line 2040 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeaders_NoDictElement()); } -#line 3715 "seclang-parser.cc" +#line 3710 "seclang-parser.cc" break; case 205: // var: VARIABLE_GEO "Dictionary element" -#line 2049 "seclang-parser.yy" +#line 2044 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Geo_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3723 "seclang-parser.cc" +#line 3718 "seclang-parser.cc" break; case 206: // var: VARIABLE_GEO "Dictionary element, selected by regexp" -#line 2053 "seclang-parser.yy" +#line 2048 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Geo_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3731 "seclang-parser.cc" +#line 3726 "seclang-parser.cc" break; case 207: // var: VARIABLE_GEO -#line 2057 "seclang-parser.yy" +#line 2052 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Geo_NoDictElement()); } -#line 3739 "seclang-parser.cc" +#line 3734 "seclang-parser.cc" break; case 208: // var: VARIABLE_REQUEST_COOKIES_NAMES "Dictionary element" -#line 2061 "seclang-parser.yy" +#line 2056 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookiesNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3747 "seclang-parser.cc" +#line 3742 "seclang-parser.cc" break; case 209: // var: VARIABLE_REQUEST_COOKIES_NAMES "Dictionary element, selected by regexp" -#line 2065 "seclang-parser.yy" +#line 2060 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookiesNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3755 "seclang-parser.cc" +#line 3750 "seclang-parser.cc" break; case 210: // var: VARIABLE_REQUEST_COOKIES_NAMES -#line 2069 "seclang-parser.yy" +#line 2064 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestCookiesNames_NoDictElement()); } -#line 3763 "seclang-parser.cc" +#line 3758 "seclang-parser.cc" break; case 211: // var: VARIABLE_RULE "Dictionary element" -#line 2073 "seclang-parser.yy" +#line 2068 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Rule_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3771 "seclang-parser.cc" +#line 3766 "seclang-parser.cc" break; case 212: // var: VARIABLE_RULE "Dictionary element, selected by regexp" -#line 2077 "seclang-parser.yy" +#line 2072 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Rule_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3779 "seclang-parser.cc" +#line 3774 "seclang-parser.cc" break; case 213: // var: VARIABLE_RULE -#line 2081 "seclang-parser.yy" +#line 2076 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Rule_NoDictElement()); } -#line 3787 "seclang-parser.cc" +#line 3782 "seclang-parser.cc" break; case 214: // var: "RUN_TIME_VAR_ENV" "Dictionary element" -#line 2085 "seclang-parser.yy" +#line 2080 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Env("ENV:" + yystack_[0].value.as < std::string > ())); } -#line 3795 "seclang-parser.cc" +#line 3790 "seclang-parser.cc" break; case 215: // var: "RUN_TIME_VAR_ENV" "Dictionary element, selected by regexp" -#line 2089 "seclang-parser.yy" +#line 2084 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Env("ENV:" + yystack_[0].value.as < std::string > ())); } -#line 3803 "seclang-parser.cc" +#line 3798 "seclang-parser.cc" break; case 216: // var: "RUN_TIME_VAR_ENV" -#line 2093 "seclang-parser.yy" +#line 2088 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Env("ENV")); } -#line 3811 "seclang-parser.cc" +#line 3806 "seclang-parser.cc" break; case 217: // var: "RUN_TIME_VAR_XML" "Dictionary element" -#line 2097 "seclang-parser.yy" +#line 2092 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::XML_WithNSPath(yystack_[0].value.as < std::string > ())); } -#line 3819 "seclang-parser.cc" +#line 3814 "seclang-parser.cc" break; case 218: // var: "RUN_TIME_VAR_XML" "Dictionary element, selected by regexp" -#line 2101 "seclang-parser.yy" +#line 2096 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::XML_WithNSPath(yystack_[0].value.as < std::string > ())); } -#line 3827 "seclang-parser.cc" +#line 3822 "seclang-parser.cc" break; case 219: // var: "RUN_TIME_VAR_XML" -#line 2105 "seclang-parser.yy" +#line 2100 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::XML_WithoutNSPath()); } -#line 3835 "seclang-parser.cc" +#line 3830 "seclang-parser.cc" break; case 220: // var: "FILES_TMPNAMES" "Dictionary element" -#line 2109 "seclang-parser.yy" +#line 2104 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3843 "seclang-parser.cc" +#line 3838 "seclang-parser.cc" break; case 221: // var: "FILES_TMPNAMES" "Dictionary element, selected by regexp" -#line 2113 "seclang-parser.yy" +#line 2108 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3851 "seclang-parser.cc" +#line 3846 "seclang-parser.cc" break; case 222: // var: "FILES_TMPNAMES" -#line 2117 "seclang-parser.yy" +#line 2112 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesTmpNames_NoDictElement()); } -#line 3859 "seclang-parser.cc" +#line 3854 "seclang-parser.cc" break; case 223: // var: "RESOURCE" run_time_string -#line 2121 "seclang-parser.yy" +#line 2116 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Resource_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 3867 "seclang-parser.cc" +#line 3862 "seclang-parser.cc" break; case 224: // var: "RESOURCE" "Dictionary element" -#line 2125 "seclang-parser.yy" +#line 2120 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Resource_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3875 "seclang-parser.cc" +#line 3870 "seclang-parser.cc" break; case 225: // var: "RESOURCE" "Dictionary element, selected by regexp" -#line 2129 "seclang-parser.yy" +#line 2124 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Resource_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3883 "seclang-parser.cc" +#line 3878 "seclang-parser.cc" break; case 226: // var: "RESOURCE" -#line 2133 "seclang-parser.yy" +#line 2128 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Resource_NoDictElement()); } -#line 3891 "seclang-parser.cc" +#line 3886 "seclang-parser.cc" break; case 227: // var: "VARIABLE_IP" run_time_string -#line 2137 "seclang-parser.yy" +#line 2132 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Ip_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 3899 "seclang-parser.cc" +#line 3894 "seclang-parser.cc" break; case 228: // var: "VARIABLE_IP" "Dictionary element" -#line 2141 "seclang-parser.yy" +#line 2136 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Ip_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3907 "seclang-parser.cc" +#line 3902 "seclang-parser.cc" break; case 229: // var: "VARIABLE_IP" "Dictionary element, selected by regexp" -#line 2145 "seclang-parser.yy" +#line 2140 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Ip_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3915 "seclang-parser.cc" +#line 3910 "seclang-parser.cc" break; case 230: // var: "VARIABLE_IP" -#line 2149 "seclang-parser.yy" +#line 2144 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Ip_NoDictElement()); } -#line 3923 "seclang-parser.cc" +#line 3918 "seclang-parser.cc" break; case 231: // var: "VARIABLE_GLOBAL" run_time_string -#line 2153 "seclang-parser.yy" +#line 2148 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Global_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 3931 "seclang-parser.cc" +#line 3926 "seclang-parser.cc" break; case 232: // var: "VARIABLE_GLOBAL" "Dictionary element" -#line 2157 "seclang-parser.yy" +#line 2152 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Global_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3939 "seclang-parser.cc" +#line 3934 "seclang-parser.cc" break; case 233: // var: "VARIABLE_GLOBAL" "Dictionary element, selected by regexp" -#line 2161 "seclang-parser.yy" +#line 2156 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Global_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3947 "seclang-parser.cc" +#line 3942 "seclang-parser.cc" break; case 234: // var: "VARIABLE_GLOBAL" -#line 2165 "seclang-parser.yy" +#line 2160 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Global_NoDictElement()); } -#line 3955 "seclang-parser.cc" +#line 3950 "seclang-parser.cc" break; case 235: // var: "VARIABLE_USER" run_time_string -#line 2169 "seclang-parser.yy" +#line 2164 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::User_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 3963 "seclang-parser.cc" +#line 3958 "seclang-parser.cc" break; case 236: // var: "VARIABLE_USER" "Dictionary element" -#line 2173 "seclang-parser.yy" +#line 2168 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::User_DictElement(yystack_[0].value.as < std::string > ())); } -#line 3971 "seclang-parser.cc" +#line 3966 "seclang-parser.cc" break; case 237: // var: "VARIABLE_USER" "Dictionary element, selected by regexp" -#line 2177 "seclang-parser.yy" +#line 2172 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::User_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 3979 "seclang-parser.cc" +#line 3974 "seclang-parser.cc" break; case 238: // var: "VARIABLE_USER" -#line 2181 "seclang-parser.yy" +#line 2176 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::User_NoDictElement()); } -#line 3987 "seclang-parser.cc" +#line 3982 "seclang-parser.cc" break; case 239: // var: "VARIABLE_TX" run_time_string -#line 2185 "seclang-parser.yy" +#line 2180 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Tx_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 3995 "seclang-parser.cc" +#line 3990 "seclang-parser.cc" break; case 240: // var: "VARIABLE_TX" "Dictionary element" -#line 2189 "seclang-parser.yy" +#line 2184 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Tx_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4003 "seclang-parser.cc" +#line 3998 "seclang-parser.cc" break; case 241: // var: "VARIABLE_TX" "Dictionary element, selected by regexp" -#line 2193 "seclang-parser.yy" +#line 2188 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Tx_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4011 "seclang-parser.cc" +#line 4006 "seclang-parser.cc" break; case 242: // var: "VARIABLE_TX" -#line 2197 "seclang-parser.yy" +#line 2192 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Tx_NoDictElement()); } -#line 4019 "seclang-parser.cc" +#line 4014 "seclang-parser.cc" break; case 243: // var: "VARIABLE_SESSION" run_time_string -#line 2201 "seclang-parser.yy" +#line 2196 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Session_DynamicElement(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 4027 "seclang-parser.cc" +#line 4022 "seclang-parser.cc" break; case 244: // var: "VARIABLE_SESSION" "Dictionary element" -#line 2205 "seclang-parser.yy" +#line 2200 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Session_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4035 "seclang-parser.cc" +#line 4030 "seclang-parser.cc" break; case 245: // var: "VARIABLE_SESSION" "Dictionary element, selected by regexp" -#line 2209 "seclang-parser.yy" +#line 2204 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Session_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4043 "seclang-parser.cc" +#line 4038 "seclang-parser.cc" break; case 246: // var: "VARIABLE_SESSION" -#line 2213 "seclang-parser.yy" +#line 2208 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Session_NoDictElement()); } -#line 4051 "seclang-parser.cc" +#line 4046 "seclang-parser.cc" break; case 247: // var: "Variable ARGS_NAMES" "Dictionary element" -#line 2217 "seclang-parser.yy" +#line 2212 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4059 "seclang-parser.cc" +#line 4054 "seclang-parser.cc" break; case 248: // var: "Variable ARGS_NAMES" "Dictionary element, selected by regexp" -#line 2221 "seclang-parser.yy" +#line 2216 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4067 "seclang-parser.cc" +#line 4062 "seclang-parser.cc" break; case 249: // var: "Variable ARGS_NAMES" -#line 2225 "seclang-parser.yy" +#line 2220 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsNames_NoDictElement()); } -#line 4075 "seclang-parser.cc" +#line 4070 "seclang-parser.cc" break; case 250: // var: VARIABLE_ARGS_GET_NAMES "Dictionary element" -#line 2229 "seclang-parser.yy" +#line 2224 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGetNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4083 "seclang-parser.cc" +#line 4078 "seclang-parser.cc" break; case 251: // var: VARIABLE_ARGS_GET_NAMES "Dictionary element, selected by regexp" -#line 2233 "seclang-parser.yy" +#line 2228 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGetNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4091 "seclang-parser.cc" +#line 4086 "seclang-parser.cc" break; case 252: // var: VARIABLE_ARGS_GET_NAMES -#line 2237 "seclang-parser.yy" +#line 2232 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsGetNames_NoDictElement()); } -#line 4099 "seclang-parser.cc" +#line 4094 "seclang-parser.cc" break; case 253: // var: VARIABLE_ARGS_POST_NAMES "Dictionary element" -#line 2242 "seclang-parser.yy" +#line 2237 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPostNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4107 "seclang-parser.cc" +#line 4102 "seclang-parser.cc" break; case 254: // var: VARIABLE_ARGS_POST_NAMES "Dictionary element, selected by regexp" -#line 2246 "seclang-parser.yy" +#line 2241 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPostNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4115 "seclang-parser.cc" +#line 4110 "seclang-parser.cc" break; case 255: // var: VARIABLE_ARGS_POST_NAMES -#line 2250 "seclang-parser.yy" +#line 2245 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsPostNames_NoDictElement()); } -#line 4123 "seclang-parser.cc" +#line 4118 "seclang-parser.cc" break; case 256: // var: VARIABLE_REQUEST_HEADERS_NAMES "Dictionary element" -#line 2255 "seclang-parser.yy" +#line 2250 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeadersNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4131 "seclang-parser.cc" +#line 4126 "seclang-parser.cc" break; case 257: // var: VARIABLE_REQUEST_HEADERS_NAMES "Dictionary element, selected by regexp" -#line 2259 "seclang-parser.yy" +#line 2254 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeadersNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4139 "seclang-parser.cc" +#line 4134 "seclang-parser.cc" break; case 258: // var: VARIABLE_REQUEST_HEADERS_NAMES -#line 2263 "seclang-parser.yy" +#line 2258 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestHeadersNames_NoDictElement()); } -#line 4147 "seclang-parser.cc" +#line 4142 "seclang-parser.cc" break; case 259: // var: VARIABLE_RESPONSE_CONTENT_TYPE -#line 2268 "seclang-parser.yy" +#line 2263 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseContentType()); } -#line 4155 "seclang-parser.cc" +#line 4150 "seclang-parser.cc" break; case 260: // var: VARIABLE_RESPONSE_HEADERS_NAMES "Dictionary element" -#line 2273 "seclang-parser.yy" +#line 2268 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeadersNames_DictElement(yystack_[0].value.as < std::string > ())); } -#line 4163 "seclang-parser.cc" +#line 4158 "seclang-parser.cc" break; case 261: // var: VARIABLE_RESPONSE_HEADERS_NAMES "Dictionary element, selected by regexp" -#line 2277 "seclang-parser.yy" +#line 2272 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeadersNames_DictElementRegexp(yystack_[0].value.as < std::string > ())); } -#line 4171 "seclang-parser.cc" +#line 4166 "seclang-parser.cc" break; case 262: // var: VARIABLE_RESPONSE_HEADERS_NAMES -#line 2281 "seclang-parser.yy" +#line 2276 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseHeadersNames_NoDictElement()); } -#line 4179 "seclang-parser.cc" +#line 4174 "seclang-parser.cc" break; case 263: // var: VARIABLE_ARGS_COMBINED_SIZE -#line 2285 "seclang-parser.yy" +#line 2280 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ArgsCombinedSize()); } -#line 4187 "seclang-parser.cc" +#line 4182 "seclang-parser.cc" break; case 264: // var: "AUTH_TYPE" -#line 2289 "seclang-parser.yy" +#line 2284 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::AuthType()); } -#line 4195 "seclang-parser.cc" +#line 4190 "seclang-parser.cc" break; case 265: // var: "FILES_COMBINED_SIZE" -#line 2293 "seclang-parser.yy" +#line 2288 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FilesCombinedSize()); } -#line 4203 "seclang-parser.cc" +#line 4198 "seclang-parser.cc" break; case 266: // var: "FULL_REQUEST" -#line 2297 "seclang-parser.yy" +#line 2292 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FullRequest()); } -#line 4211 "seclang-parser.cc" +#line 4206 "seclang-parser.cc" break; case 267: // var: "FULL_REQUEST_LENGTH" -#line 2301 "seclang-parser.yy" +#line 2296 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::FullRequestLength()); } -#line 4219 "seclang-parser.cc" +#line 4214 "seclang-parser.cc" break; case 268: // var: "INBOUND_DATA_ERROR" -#line 2305 "seclang-parser.yy" +#line 2300 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::InboundDataError()); } -#line 4227 "seclang-parser.cc" +#line 4222 "seclang-parser.cc" break; case 269: // var: "MATCHED_VAR" -#line 2309 "seclang-parser.yy" +#line 2304 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVar()); } -#line 4235 "seclang-parser.cc" +#line 4230 "seclang-parser.cc" break; case 270: // var: "MATCHED_VAR_NAME" -#line 2313 "seclang-parser.yy" +#line 2308 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MatchedVarName()); } -#line 4243 "seclang-parser.cc" +#line 4238 "seclang-parser.cc" break; case 271: // var: VARIABLE_MULTIPART_BOUNDARY_QUOTED -#line 2317 "seclang-parser.yy" +#line 2312 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartBoundaryQuoted()); } -#line 4251 "seclang-parser.cc" +#line 4246 "seclang-parser.cc" break; case 272: // var: VARIABLE_MULTIPART_BOUNDARY_WHITESPACE -#line 2321 "seclang-parser.yy" +#line 2316 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartBoundaryWhiteSpace()); } -#line 4259 "seclang-parser.cc" +#line 4254 "seclang-parser.cc" break; case 273: // var: "MULTIPART_CRLF_LF_LINES" -#line 2325 "seclang-parser.yy" +#line 2320 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartCrlfLFLines()); } -#line 4267 "seclang-parser.cc" +#line 4262 "seclang-parser.cc" break; case 274: // var: "MULTIPART_DATA_AFTER" -#line 2329 "seclang-parser.yy" +#line 2324 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartDateAfter()); } -#line 4275 "seclang-parser.cc" +#line 4270 "seclang-parser.cc" break; case 275: // var: VARIABLE_MULTIPART_DATA_BEFORE -#line 2333 "seclang-parser.yy" +#line 2328 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartDateBefore()); } -#line 4283 "seclang-parser.cc" +#line 4278 "seclang-parser.cc" break; case 276: // var: "MULTIPART_FILE_LIMIT_EXCEEDED" -#line 2337 "seclang-parser.yy" +#line 2332 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartFileLimitExceeded()); } -#line 4291 "seclang-parser.cc" +#line 4286 "seclang-parser.cc" break; case 277: // var: "MULTIPART_HEADER_FOLDING" -#line 2341 "seclang-parser.yy" +#line 2336 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartHeaderFolding()); } -#line 4299 "seclang-parser.cc" +#line 4294 "seclang-parser.cc" break; case 278: // var: "MULTIPART_INVALID_HEADER_FOLDING" -#line 2345 "seclang-parser.yy" +#line 2340 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartInvalidHeaderFolding()); } -#line 4307 "seclang-parser.cc" +#line 4302 "seclang-parser.cc" break; case 279: // var: VARIABLE_MULTIPART_INVALID_PART -#line 2349 "seclang-parser.yy" +#line 2344 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartInvalidPart()); } -#line 4315 "seclang-parser.cc" +#line 4310 "seclang-parser.cc" break; case 280: // var: "MULTIPART_INVALID_QUOTING" -#line 2353 "seclang-parser.yy" +#line 2348 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartInvalidQuoting()); } -#line 4323 "seclang-parser.cc" +#line 4318 "seclang-parser.cc" break; case 281: // var: VARIABLE_MULTIPART_LF_LINE -#line 2357 "seclang-parser.yy" +#line 2352 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartLFLine()); } -#line 4331 "seclang-parser.cc" +#line 4326 "seclang-parser.cc" break; case 282: // var: VARIABLE_MULTIPART_MISSING_SEMICOLON -#line 2361 "seclang-parser.yy" +#line 2356 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartMissingSemicolon()); } -#line 4339 "seclang-parser.cc" +#line 4334 "seclang-parser.cc" break; case 283: // var: VARIABLE_MULTIPART_SEMICOLON_MISSING -#line 2365 "seclang-parser.yy" +#line 2360 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartMissingSemicolon()); } -#line 4347 "seclang-parser.cc" +#line 4342 "seclang-parser.cc" break; case 284: // var: "MULTIPART_STRICT_ERROR" -#line 2369 "seclang-parser.yy" +#line 2364 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartStrictError()); } -#line 4355 "seclang-parser.cc" +#line 4350 "seclang-parser.cc" break; case 285: // var: "MULTIPART_UNMATCHED_BOUNDARY" -#line 2373 "seclang-parser.yy" +#line 2368 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::MultipartUnmatchedBoundary()); } -#line 4363 "seclang-parser.cc" +#line 4358 "seclang-parser.cc" break; case 286: // var: "OUTBOUND_DATA_ERROR" -#line 2377 "seclang-parser.yy" +#line 2372 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::OutboundDataError()); } -#line 4371 "seclang-parser.cc" +#line 4366 "seclang-parser.cc" break; case 287: // var: "PATH_INFO" -#line 2381 "seclang-parser.yy" +#line 2376 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::PathInfo()); } -#line 4379 "seclang-parser.cc" +#line 4374 "seclang-parser.cc" break; case 288: // var: "QUERY_STRING" -#line 2385 "seclang-parser.yy" +#line 2380 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::QueryString()); } -#line 4387 "seclang-parser.cc" +#line 4382 "seclang-parser.cc" break; case 289: // var: "REMOTE_ADDR" -#line 2389 "seclang-parser.yy" +#line 2384 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RemoteAddr()); } -#line 4395 "seclang-parser.cc" +#line 4390 "seclang-parser.cc" break; case 290: // var: "REMOTE_HOST" -#line 2393 "seclang-parser.yy" +#line 2388 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RemoteHost()); } -#line 4403 "seclang-parser.cc" +#line 4398 "seclang-parser.cc" break; case 291: // var: "REMOTE_PORT" -#line 2397 "seclang-parser.yy" +#line 2392 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RemotePort()); } -#line 4411 "seclang-parser.cc" +#line 4406 "seclang-parser.cc" break; case 292: // var: "REQBODY_ERROR" -#line 2401 "seclang-parser.yy" +#line 2396 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ReqbodyError()); } -#line 4419 "seclang-parser.cc" +#line 4414 "seclang-parser.cc" break; case 293: // var: "REQBODY_ERROR_MSG" -#line 2405 "seclang-parser.yy" +#line 2400 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ReqbodyErrorMsg()); } -#line 4427 "seclang-parser.cc" +#line 4422 "seclang-parser.cc" break; case 294: // var: "REQBODY_PROCESSOR" -#line 2409 "seclang-parser.yy" +#line 2404 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ReqbodyProcessor()); } -#line 4435 "seclang-parser.cc" +#line 4430 "seclang-parser.cc" break; case 295: // var: "REQBODY_PROCESSOR_ERROR" -#line 2413 "seclang-parser.yy" +#line 2408 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ReqbodyProcessorError()); } -#line 4443 "seclang-parser.cc" +#line 4438 "seclang-parser.cc" break; case 296: // var: "REQBODY_PROCESSOR_ERROR_MSG" -#line 2417 "seclang-parser.yy" +#line 2412 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ReqbodyProcessorErrorMsg()); } -#line 4451 "seclang-parser.cc" +#line 4446 "seclang-parser.cc" break; case 297: // var: "REQUEST_BASENAME" -#line 2421 "seclang-parser.yy" +#line 2416 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestBasename()); } -#line 4459 "seclang-parser.cc" +#line 4454 "seclang-parser.cc" break; case 298: // var: "REQUEST_BODY" -#line 2425 "seclang-parser.yy" +#line 2420 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestBody()); } -#line 4467 "seclang-parser.cc" +#line 4462 "seclang-parser.cc" break; case 299: // var: "REQUEST_BODY_LENGTH" -#line 2429 "seclang-parser.yy" +#line 2424 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestBodyLength()); } -#line 4475 "seclang-parser.cc" +#line 4470 "seclang-parser.cc" break; case 300: // var: "REQUEST_FILENAME" -#line 2433 "seclang-parser.yy" +#line 2428 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestFilename()); } -#line 4483 "seclang-parser.cc" +#line 4478 "seclang-parser.cc" break; case 301: // var: "REQUEST_LINE" -#line 2437 "seclang-parser.yy" +#line 2432 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestLine()); } -#line 4491 "seclang-parser.cc" +#line 4486 "seclang-parser.cc" break; case 302: // var: "REQUEST_METHOD" -#line 2441 "seclang-parser.yy" +#line 2436 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestMethod()); } -#line 4499 "seclang-parser.cc" +#line 4494 "seclang-parser.cc" break; case 303: // var: "REQUEST_PROTOCOL" -#line 2445 "seclang-parser.yy" +#line 2440 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestProtocol()); } -#line 4507 "seclang-parser.cc" +#line 4502 "seclang-parser.cc" break; case 304: // var: "REQUEST_URI" -#line 2449 "seclang-parser.yy" +#line 2444 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestURI()); } -#line 4515 "seclang-parser.cc" +#line 4510 "seclang-parser.cc" break; case 305: // var: "REQUEST_URI_RAW" -#line 2453 "seclang-parser.yy" +#line 2448 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::RequestURIRaw()); } -#line 4523 "seclang-parser.cc" +#line 4518 "seclang-parser.cc" break; case 306: // var: "RESPONSE_BODY" -#line 2457 "seclang-parser.yy" +#line 2452 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseBody()); } -#line 4531 "seclang-parser.cc" +#line 4526 "seclang-parser.cc" break; case 307: // var: "RESPONSE_CONTENT_LENGTH" -#line 2461 "seclang-parser.yy" +#line 2456 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseContentLength()); } -#line 4539 "seclang-parser.cc" +#line 4534 "seclang-parser.cc" break; case 308: // var: "RESPONSE_PROTOCOL" -#line 2465 "seclang-parser.yy" +#line 2460 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseProtocol()); } -#line 4547 "seclang-parser.cc" +#line 4542 "seclang-parser.cc" break; case 309: // var: "RESPONSE_STATUS" -#line 2469 "seclang-parser.yy" +#line 2464 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ResponseStatus()); } -#line 4555 "seclang-parser.cc" +#line 4550 "seclang-parser.cc" break; case 310: // var: "SERVER_ADDR" -#line 2473 "seclang-parser.yy" +#line 2468 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ServerAddr()); } -#line 4563 "seclang-parser.cc" +#line 4558 "seclang-parser.cc" break; case 311: // var: "SERVER_NAME" -#line 2477 "seclang-parser.yy" +#line 2472 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ServerName()); } -#line 4571 "seclang-parser.cc" +#line 4566 "seclang-parser.cc" break; case 312: // var: "SERVER_PORT" -#line 2481 "seclang-parser.yy" +#line 2476 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::ServerPort()); } -#line 4579 "seclang-parser.cc" +#line 4574 "seclang-parser.cc" break; case 313: // var: "SESSIONID" -#line 2485 "seclang-parser.yy" +#line 2480 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::SessionID()); } -#line 4587 "seclang-parser.cc" +#line 4582 "seclang-parser.cc" break; case 314: // var: "UNIQUE_ID" -#line 2489 "seclang-parser.yy" +#line 2484 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::UniqueID()); } -#line 4595 "seclang-parser.cc" +#line 4590 "seclang-parser.cc" break; case 315: // var: "URLENCODED_ERROR" -#line 2493 "seclang-parser.yy" +#line 2488 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::UrlEncodedError()); } -#line 4603 "seclang-parser.cc" +#line 4598 "seclang-parser.cc" break; case 316: // var: "USERID" -#line 2497 "seclang-parser.yy" +#line 2492 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::UserID()); } -#line 4611 "seclang-parser.cc" +#line 4606 "seclang-parser.cc" break; case 317: // var: "VARIABLE_STATUS" -#line 2501 "seclang-parser.yy" +#line 2496 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Status()); } -#line 4619 "seclang-parser.cc" +#line 4614 "seclang-parser.cc" break; case 318: // var: "VARIABLE_STATUS_LINE" -#line 2505 "seclang-parser.yy" +#line 2500 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::Status()); } -#line 4627 "seclang-parser.cc" +#line 4622 "seclang-parser.cc" break; case 319: // var: "WEBAPPID" -#line 2509 "seclang-parser.yy" +#line 2504 "seclang-parser.yy" { VARIABLE_CONTAINER(yylhs.value.as < std::unique_ptr > (), new variables::WebAppId()); } -#line 4635 "seclang-parser.cc" +#line 4630 "seclang-parser.cc" break; case 320: // var: "RUN_TIME_VAR_DUR" -#line 2513 "seclang-parser.yy" +#line 2508 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new Duration(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4646 "seclang-parser.cc" +#line 4641 "seclang-parser.cc" break; case 321: // var: "RUN_TIME_VAR_BLD" -#line 2521 "seclang-parser.yy" +#line 2516 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new ModsecBuild(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4657 "seclang-parser.cc" +#line 4652 "seclang-parser.cc" break; case 322: // var: "RUN_TIME_VAR_HSV" -#line 2528 "seclang-parser.yy" +#line 2523 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new HighestSeverity(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4668 "seclang-parser.cc" +#line 4663 "seclang-parser.cc" break; case 323: // var: "RUN_TIME_VAR_REMOTE_USER" -#line 2535 "seclang-parser.yy" +#line 2530 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new RemoteUser(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4679 "seclang-parser.cc" +#line 4674 "seclang-parser.cc" break; case 324: // var: "RUN_TIME_VAR_TIME" -#line 2542 "seclang-parser.yy" +#line 2537 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new Time(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4690 "seclang-parser.cc" +#line 4685 "seclang-parser.cc" break; case 325: // var: "RUN_TIME_VAR_TIME_DAY" -#line 2549 "seclang-parser.yy" +#line 2544 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeDay(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4701 "seclang-parser.cc" +#line 4696 "seclang-parser.cc" break; case 326: // var: "RUN_TIME_VAR_TIME_EPOCH" -#line 2556 "seclang-parser.yy" +#line 2551 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeEpoch(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4712 "seclang-parser.cc" +#line 4707 "seclang-parser.cc" break; case 327: // var: "RUN_TIME_VAR_TIME_HOUR" -#line 2563 "seclang-parser.yy" +#line 2558 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeHour(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4723 "seclang-parser.cc" +#line 4718 "seclang-parser.cc" break; case 328: // var: "RUN_TIME_VAR_TIME_MIN" -#line 2570 "seclang-parser.yy" +#line 2565 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeMin(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4734 "seclang-parser.cc" +#line 4729 "seclang-parser.cc" break; case 329: // var: "RUN_TIME_VAR_TIME_MON" -#line 2577 "seclang-parser.yy" +#line 2572 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeMon(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4745 "seclang-parser.cc" +#line 4740 "seclang-parser.cc" break; case 330: // var: "RUN_TIME_VAR_TIME_SEC" -#line 2584 "seclang-parser.yy" +#line 2579 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeSec(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4756 "seclang-parser.cc" +#line 4751 "seclang-parser.cc" break; case 331: // var: "RUN_TIME_VAR_TIME_WDAY" -#line 2591 "seclang-parser.yy" +#line 2586 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeWDay(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4767 "seclang-parser.cc" +#line 4762 "seclang-parser.cc" break; case 332: // var: "RUN_TIME_VAR_TIME_YEAR" -#line 2598 "seclang-parser.yy" +#line 2593 "seclang-parser.yy" { std::string name(yystack_[0].value.as < std::string > ()); char z = name.at(0); std::unique_ptr c(new TimeYear(name)); yylhs.value.as < std::unique_ptr > () = std::move(c); } -#line 4778 "seclang-parser.cc" +#line 4773 "seclang-parser.cc" break; case 333: // act: "Accuracy" -#line 2608 "seclang-parser.yy" +#line 2603 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Accuracy(yystack_[0].value.as < std::string > ())); } -#line 4786 "seclang-parser.cc" +#line 4781 "seclang-parser.cc" break; case 334: // act: "Allow" -#line 2612 "seclang-parser.yy" +#line 2607 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Allow(yystack_[0].value.as < std::string > ())); } -#line 4794 "seclang-parser.cc" +#line 4789 "seclang-parser.cc" break; case 335: // act: "Append" -#line 2616 "seclang-parser.yy" +#line 2611 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("Append", yystack_[1].location); } -#line 4802 "seclang-parser.cc" +#line 4797 "seclang-parser.cc" break; case 336: // act: "AuditLog" -#line 2620 "seclang-parser.yy" +#line 2615 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::AuditLog(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::AuditLog()); } -#line 4810 "seclang-parser.cc" +#line 4805 "seclang-parser.cc" break; case 337: // act: "Block" -#line 2624 "seclang-parser.yy" +#line 2619 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Block(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Block()); } -#line 4818 "seclang-parser.cc" +#line 4813 "seclang-parser.cc" break; case 338: // act: "Capture" -#line 2628 "seclang-parser.yy" +#line 2623 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Capture(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Capture()); } -#line 4826 "seclang-parser.cc" +#line 4821 "seclang-parser.cc" break; case 339: // act: "Chain" -#line 2632 "seclang-parser.yy" +#line 2627 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Chain(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Chain()); } -#line 4834 "seclang-parser.cc" +#line 4829 "seclang-parser.cc" break; case 340: // act: "ACTION_CTL_AUDIT_ENGINE" "CONFIG_VALUE_ON" +#line 2631 "seclang-parser.yy" + { + //ACTION_NOT_SUPPORTED("CtlAuditEngine", @0); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); + } +#line 4838 "seclang-parser.cc" + break; + + case 341: // act: "ACTION_CTL_AUDIT_ENGINE" "CONFIG_VALUE_OFF" #line 2636 "seclang-parser.yy" { //ACTION_NOT_SUPPORTED("CtlAuditEngine", @0); ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); } -#line 4843 "seclang-parser.cc" +#line 4847 "seclang-parser.cc" break; - case 341: // act: "ACTION_CTL_AUDIT_ENGINE" "CONFIG_VALUE_OFF" + case 342: // act: "ACTION_CTL_AUDIT_ENGINE" "CONFIG_VALUE_RELEVANT_ONLY" #line 2641 "seclang-parser.yy" { //ACTION_NOT_SUPPORTED("CtlAuditEngine", @0); ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); } -#line 4852 "seclang-parser.cc" - break; - - case 342: // act: "ACTION_CTL_AUDIT_ENGINE" "CONFIG_VALUE_RELEVANT_ONLY" -#line 2646 "seclang-parser.yy" - { - //ACTION_NOT_SUPPORTED("CtlAuditEngine", @0); - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); - } -#line 4861 "seclang-parser.cc" +#line 4856 "seclang-parser.cc" break; case 343: // act: "ACTION_CTL_AUDIT_LOG_PARTS" -#line 2651 "seclang-parser.yy" +#line 2646 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::AuditLogParts(yystack_[0].value.as < std::string > ())); } -#line 4869 "seclang-parser.cc" +#line 4864 "seclang-parser.cc" break; case 344: // act: "ACTION_CTL_BDY_JSON" -#line 2655 "seclang-parser.yy" +#line 2650 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RequestBodyProcessorJSON(yystack_[0].value.as < std::string > ())); } -#line 4877 "seclang-parser.cc" +#line 4872 "seclang-parser.cc" break; case 345: // act: "ACTION_CTL_BDY_XML" -#line 2659 "seclang-parser.yy" +#line 2654 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RequestBodyProcessorXML(yystack_[0].value.as < std::string > ())); } -#line 4885 "seclang-parser.cc" +#line 4880 "seclang-parser.cc" break; case 346: // act: "ACTION_CTL_BDY_URLENCODED" -#line 2663 "seclang-parser.yy" +#line 2658 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RequestBodyProcessorURLENCODED(yystack_[0].value.as < std::string > ())); } -#line 4893 "seclang-parser.cc" +#line 4888 "seclang-parser.cc" break; case 347: // act: "ACTION_CTL_FORCE_REQ_BODY_VAR" "CONFIG_VALUE_ON" +#line 2662 "seclang-parser.yy" + { + //ACTION_NOT_SUPPORTED("CtlForceReequestBody", @0); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); + } +#line 4897 "seclang-parser.cc" + break; + + case 348: // act: "ACTION_CTL_FORCE_REQ_BODY_VAR" "CONFIG_VALUE_OFF" #line 2667 "seclang-parser.yy" { //ACTION_NOT_SUPPORTED("CtlForceReequestBody", @0); ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); } -#line 4902 "seclang-parser.cc" - break; - - case 348: // act: "ACTION_CTL_FORCE_REQ_BODY_VAR" "CONFIG_VALUE_OFF" -#line 2672 "seclang-parser.yy" - { - //ACTION_NOT_SUPPORTED("CtlForceReequestBody", @0); - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[1].value.as < std::string > ())); - } -#line 4911 "seclang-parser.cc" +#line 4906 "seclang-parser.cc" break; case 349: // act: "ACTION_CTL_REQUEST_BODY_ACCESS" "CONFIG_VALUE_ON" -#line 2677 "seclang-parser.yy" +#line 2672 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RequestBodyAccess(yystack_[1].value.as < std::string > () + "true")); } -#line 4919 "seclang-parser.cc" +#line 4914 "seclang-parser.cc" break; case 350: // act: "ACTION_CTL_REQUEST_BODY_ACCESS" "CONFIG_VALUE_OFF" -#line 2681 "seclang-parser.yy" +#line 2676 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RequestBodyAccess(yystack_[1].value.as < std::string > () + "false")); } -#line 4927 "seclang-parser.cc" +#line 4922 "seclang-parser.cc" break; case 351: // act: "ACTION_CTL_RULE_ENGINE" "CONFIG_VALUE_ON" -#line 2685 "seclang-parser.yy" +#line 2680 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleEngine("ctl:RuleEngine=on")); } -#line 4935 "seclang-parser.cc" +#line 4930 "seclang-parser.cc" break; case 352: // act: "ACTION_CTL_RULE_ENGINE" "CONFIG_VALUE_OFF" -#line 2689 "seclang-parser.yy" +#line 2684 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleEngine("ctl:RuleEngine=off")); } -#line 4943 "seclang-parser.cc" +#line 4938 "seclang-parser.cc" break; case 353: // act: "ACTION_CTL_RULE_ENGINE" "CONFIG_VALUE_DETC" -#line 2693 "seclang-parser.yy" +#line 2688 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleEngine("ctl:RuleEngine=detectiononly")); } -#line 4951 "seclang-parser.cc" +#line 4946 "seclang-parser.cc" break; case 354: // act: "ACTION_CTL_RULE_REMOVE_BY_ID" -#line 2697 "seclang-parser.yy" +#line 2692 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleRemoveById(yystack_[0].value.as < std::string > ())); } -#line 4959 "seclang-parser.cc" +#line 4954 "seclang-parser.cc" break; case 355: // act: "ACTION_CTL_RULE_REMOVE_BY_TAG" -#line 2701 "seclang-parser.yy" +#line 2696 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleRemoveByTag(yystack_[0].value.as < std::string > ())); } -#line 4967 "seclang-parser.cc" +#line 4962 "seclang-parser.cc" break; case 356: // act: "ACTION_CTL_RULE_REMOVE_TARGET_BY_ID" -#line 2705 "seclang-parser.yy" +#line 2700 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleRemoveTargetById(yystack_[0].value.as < std::string > ())); } -#line 4975 "seclang-parser.cc" +#line 4970 "seclang-parser.cc" break; case 357: // act: "ACTION_CTL_RULE_REMOVE_TARGET_BY_TAG" -#line 2709 "seclang-parser.yy" +#line 2704 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::ctl::RuleRemoveTargetByTag(yystack_[0].value.as < std::string > ())); } -#line 4983 "seclang-parser.cc" +#line 4978 "seclang-parser.cc" break; case 358: // act: "Deny" -#line 2713 "seclang-parser.yy" +#line 2708 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Deny(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Deny()); } -#line 4991 "seclang-parser.cc" +#line 4986 "seclang-parser.cc" break; case 359: // act: "DeprecateVar" -#line 2717 "seclang-parser.yy" +#line 2712 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("DeprecateVar", yystack_[1].location); } -#line 4999 "seclang-parser.cc" +#line 4994 "seclang-parser.cc" break; case 360: // act: "Drop" -#line 2721 "seclang-parser.yy" +#line 2716 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Drop(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Drop()); } -#line 5007 "seclang-parser.cc" +#line 5002 "seclang-parser.cc" break; case 361: // act: "Exec" -#line 2725 "seclang-parser.yy" +#line 2720 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Exec(yystack_[0].value.as < std::string > ())); } -#line 5015 "seclang-parser.cc" +#line 5010 "seclang-parser.cc" break; case 362: // act: "ExpireVar" -#line 2729 "seclang-parser.yy" +#line 2724 "seclang-parser.yy" { //ACTION_NOT_SUPPORTED("ExpireVar", @0); ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Action(yystack_[0].value.as < std::string > ())); } -#line 5024 "seclang-parser.cc" +#line 5019 "seclang-parser.cc" break; case 363: // act: "Id" -#line 2734 "seclang-parser.yy" +#line 2729 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::RuleId(yystack_[0].value.as < std::string > ())); } -#line 5032 "seclang-parser.cc" +#line 5027 "seclang-parser.cc" break; case 364: // act: "InitCol" run_time_string -#line 2738 "seclang-parser.yy" +#line 2733 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::InitCol(yystack_[1].value.as < std::string > (), std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5040 "seclang-parser.cc" +#line 5035 "seclang-parser.cc" break; case 365: // act: "LogData" run_time_string -#line 2742 "seclang-parser.yy" +#line 2737 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::LogData(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5048 "seclang-parser.cc" +#line 5043 "seclang-parser.cc" break; case 366: // act: "Log" -#line 2746 "seclang-parser.yy" +#line 2741 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Log(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Log()); } -#line 5056 "seclang-parser.cc" +#line 5051 "seclang-parser.cc" break; case 367: // act: "Maturity" -#line 2750 "seclang-parser.yy" +#line 2745 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Maturity(yystack_[0].value.as < std::string > ())); } -#line 5064 "seclang-parser.cc" +#line 5059 "seclang-parser.cc" break; case 368: // act: "Msg" run_time_string -#line 2754 "seclang-parser.yy" +#line 2749 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Msg(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5072 "seclang-parser.cc" +#line 5067 "seclang-parser.cc" break; case 369: // act: "MultiMatch" -#line 2758 "seclang-parser.yy" +#line 2753 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::MultiMatch(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::MultiMatch()); } -#line 5080 "seclang-parser.cc" +#line 5075 "seclang-parser.cc" break; case 370: // act: "NoAuditLog" -#line 2762 "seclang-parser.yy" +#line 2757 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::NoAuditLog(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::NoAuditLog()); } -#line 5088 "seclang-parser.cc" +#line 5083 "seclang-parser.cc" break; case 371: // act: "NoLog" -#line 2766 "seclang-parser.yy" +#line 2761 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::NoLog(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::NoLog()); } -#line 5096 "seclang-parser.cc" +#line 5091 "seclang-parser.cc" break; case 372: // act: "Pass" -#line 2770 "seclang-parser.yy" +#line 2765 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Pass(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Pass()); } -#line 5104 "seclang-parser.cc" +#line 5099 "seclang-parser.cc" break; case 373: // act: "Pause" -#line 2774 "seclang-parser.yy" +#line 2769 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("Pause", yystack_[1].location); } -#line 5112 "seclang-parser.cc" +#line 5107 "seclang-parser.cc" break; case 374: // act: "Phase" -#line 2778 "seclang-parser.yy" +#line 2773 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Phase(yystack_[0].value.as < std::string > ())); } -#line 5120 "seclang-parser.cc" +#line 5115 "seclang-parser.cc" break; case 375: // act: "Prepend" -#line 2782 "seclang-parser.yy" +#line 2777 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("Prepend", yystack_[1].location); } -#line 5128 "seclang-parser.cc" +#line 5123 "seclang-parser.cc" break; case 376: // act: "Proxy" -#line 2786 "seclang-parser.yy" +#line 2781 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("Proxy", yystack_[1].location); } -#line 5136 "seclang-parser.cc" +#line 5131 "seclang-parser.cc" break; case 377: // act: "Redirect" run_time_string -#line 2790 "seclang-parser.yy" +#line 2785 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::disruptive::Redirect(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5144 "seclang-parser.cc" +#line 5139 "seclang-parser.cc" break; case 378: // act: "Rev" -#line 2794 "seclang-parser.yy" +#line 2789 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Rev(yystack_[0].value.as < std::string > ())); } -#line 5152 "seclang-parser.cc" +#line 5147 "seclang-parser.cc" break; case 379: // act: "SanitiseArg" -#line 2798 "seclang-parser.yy" +#line 2793 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("SanitiseArg", yystack_[1].location); } -#line 5160 "seclang-parser.cc" +#line 5155 "seclang-parser.cc" break; case 380: // act: "SanitiseMatched" -#line 2802 "seclang-parser.yy" +#line 2797 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("SanitiseMatched", yystack_[1].location); } -#line 5168 "seclang-parser.cc" +#line 5163 "seclang-parser.cc" break; case 381: // act: "SanitiseMatchedBytes" -#line 2806 "seclang-parser.yy" +#line 2801 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("SanitiseMatchedBytes", yystack_[1].location); } -#line 5176 "seclang-parser.cc" +#line 5171 "seclang-parser.cc" break; case 382: // act: "SanitiseRequestHeader" -#line 2810 "seclang-parser.yy" +#line 2805 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("SanitiseRequestHeader", yystack_[1].location); } -#line 5184 "seclang-parser.cc" +#line 5179 "seclang-parser.cc" break; case 383: // act: "SanitiseResponseHeader" -#line 2814 "seclang-parser.yy" +#line 2809 "seclang-parser.yy" { ACTION_NOT_SUPPORTED("SanitiseResponseHeader", yystack_[1].location); } -#line 5192 "seclang-parser.cc" +#line 5187 "seclang-parser.cc" break; case 384: // act: "SetEnv" run_time_string -#line 2818 "seclang-parser.yy" +#line 2813 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetENV(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5200 "seclang-parser.cc" +#line 5195 "seclang-parser.cc" break; case 385: // act: "SetRsc" run_time_string -#line 2822 "seclang-parser.yy" +#line 2817 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetRSC(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5208 "seclang-parser.cc" +#line 5203 "seclang-parser.cc" break; case 386: // act: "SetSid" run_time_string -#line 2826 "seclang-parser.yy" +#line 2821 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetSID(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5216 "seclang-parser.cc" +#line 5211 "seclang-parser.cc" break; case 387: // act: "SetUID" run_time_string -#line 2830 "seclang-parser.yy" +#line 2825 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetUID(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5224 "seclang-parser.cc" +#line 5219 "seclang-parser.cc" break; case 388: // act: "SetVar" setvar_action -#line 2834 "seclang-parser.yy" +#line 2829 "seclang-parser.yy" { yylhs.value.as < std::unique_ptr > () = std::move(yystack_[0].value.as < std::unique_ptr > ()); } -#line 5232 "seclang-parser.cc" +#line 5227 "seclang-parser.cc" break; case 389: // act: "Severity" -#line 2838 "seclang-parser.yy" +#line 2833 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Severity(yystack_[0].value.as < std::string > ())); } -#line 5240 "seclang-parser.cc" +#line 5235 "seclang-parser.cc" break; case 390: // act: "Skip" -#line 2842 "seclang-parser.yy" +#line 2837 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Skip(yystack_[0].value.as < std::string > ())); } -#line 5248 "seclang-parser.cc" +#line 5243 "seclang-parser.cc" break; case 391: // act: "SkipAfter" -#line 2846 "seclang-parser.yy" +#line 2841 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SkipAfter(yystack_[0].value.as < std::string > ())); } -#line 5256 "seclang-parser.cc" +#line 5251 "seclang-parser.cc" break; case 392: // act: "Status" -#line 2850 "seclang-parser.yy" +#line 2845 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::data::Status(yystack_[0].value.as < std::string > ())); } -#line 5264 "seclang-parser.cc" +#line 5259 "seclang-parser.cc" break; case 393: // act: "Tag" run_time_string -#line 2854 "seclang-parser.yy" +#line 2849 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Tag(std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5272 "seclang-parser.cc" +#line 5267 "seclang-parser.cc" break; case 394: // act: "Ver" -#line 2858 "seclang-parser.yy" +#line 2853 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::Ver(yystack_[0].value.as < std::string > ())); } -#line 5280 "seclang-parser.cc" +#line 5275 "seclang-parser.cc" break; case 395: // act: "xmlns" -#line 2862 "seclang-parser.yy" +#line 2857 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::XmlNS(yystack_[0].value.as < std::string > ())); } -#line 5288 "seclang-parser.cc" +#line 5283 "seclang-parser.cc" break; case 396: // act: "ACTION_TRANSFORMATION_PARITY_ZERO_7_BIT" -#line 2866 "seclang-parser.yy" +#line 2861 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ParityZero7bit(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ParityZero7bit()); } -#line 5296 "seclang-parser.cc" +#line 5291 "seclang-parser.cc" break; case 397: // act: "ACTION_TRANSFORMATION_PARITY_ODD_7_BIT" -#line 2870 "seclang-parser.yy" +#line 2865 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ParityOdd7bit(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ParityOdd7bit()); } -#line 5304 "seclang-parser.cc" +#line 5299 "seclang-parser.cc" break; case 398: // act: "ACTION_TRANSFORMATION_PARITY_EVEN_7_BIT" -#line 2874 "seclang-parser.yy" +#line 2869 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ParityEven7bit(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ParityEven7bit()); } -#line 5312 "seclang-parser.cc" +#line 5307 "seclang-parser.cc" break; case 399: // act: "ACTION_TRANSFORMATION_SQL_HEX_DECODE" -#line 2878 "seclang-parser.yy" +#line 2873 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::SqlHexDecode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::SqlHexDecode()); } -#line 5320 "seclang-parser.cc" +#line 5315 "seclang-parser.cc" break; case 400: // act: "ACTION_TRANSFORMATION_BASE_64_ENCODE" -#line 2882 "seclang-parser.yy" +#line 2877 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Base64Encode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Base64Encode()); } -#line 5328 "seclang-parser.cc" +#line 5323 "seclang-parser.cc" break; case 401: // act: "ACTION_TRANSFORMATION_BASE_64_DECODE" -#line 2886 "seclang-parser.yy" +#line 2881 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Base64Decode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Base64Decode()); } -#line 5336 "seclang-parser.cc" +#line 5331 "seclang-parser.cc" break; case 402: // act: "ACTION_TRANSFORMATION_BASE_64_DECODE_EXT" -#line 2890 "seclang-parser.yy" +#line 2885 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Base64DecodeExt(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Base64DecodeExt()); } -#line 5344 "seclang-parser.cc" +#line 5339 "seclang-parser.cc" break; case 403: // act: "ACTION_TRANSFORMATION_CMD_LINE" -#line 2894 "seclang-parser.yy" +#line 2889 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::CmdLine(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::CmdLine()); } -#line 5352 "seclang-parser.cc" +#line 5347 "seclang-parser.cc" break; case 404: // act: "ACTION_TRANSFORMATION_SHA1" -#line 2898 "seclang-parser.yy" +#line 2893 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Sha1(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Sha1()); } -#line 5360 "seclang-parser.cc" +#line 5355 "seclang-parser.cc" break; case 405: // act: "ACTION_TRANSFORMATION_MD5" -#line 2902 "seclang-parser.yy" +#line 2897 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Md5(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Md5()); } -#line 5368 "seclang-parser.cc" +#line 5363 "seclang-parser.cc" break; case 406: // act: "ACTION_TRANSFORMATION_ESCAPE_SEQ_DECODE" -#line 2906 "seclang-parser.yy" +#line 2901 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::EscapeSeqDecode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::EscapeSeqDecode()); } -#line 5376 "seclang-parser.cc" +#line 5371 "seclang-parser.cc" break; case 407: // act: "ACTION_TRANSFORMATION_HEX_ENCODE" -#line 2910 "seclang-parser.yy" +#line 2905 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::HexEncode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::HexEncode()); } -#line 5384 "seclang-parser.cc" +#line 5379 "seclang-parser.cc" break; case 408: // act: "ACTION_TRANSFORMATION_HEX_DECODE" -#line 2914 "seclang-parser.yy" +#line 2909 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::HexDecode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::HexDecode()); } -#line 5392 "seclang-parser.cc" +#line 5387 "seclang-parser.cc" break; case 409: // act: "ACTION_TRANSFORMATION_LOWERCASE" -#line 2918 "seclang-parser.yy" +#line 2913 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::LowerCase(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::LowerCase()); } -#line 5400 "seclang-parser.cc" +#line 5395 "seclang-parser.cc" break; case 410: // act: "ACTION_TRANSFORMATION_PHP_ARGS_NAMES" -#line 2922 "seclang-parser.yy" +#line 2917 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::PhpArgsNames(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::PhpArgsNames()); } -#line 5408 "seclang-parser.cc" +#line 5403 "seclang-parser.cc" break; case 411: // act: "ACTION_TRANSFORMATION_UPPERCASE" -#line 2926 "seclang-parser.yy" +#line 2921 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UpperCase(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UpperCase()); } -#line 5416 "seclang-parser.cc" +#line 5411 "seclang-parser.cc" break; case 412: // act: "ACTION_TRANSFORMATION_URL_DECODE_UNI" -#line 2930 "seclang-parser.yy" +#line 2925 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UrlDecodeUni(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UrlDecodeUni()); } -#line 5424 "seclang-parser.cc" +#line 5419 "seclang-parser.cc" break; case 413: // act: "ACTION_TRANSFORMATION_URL_DECODE" -#line 2934 "seclang-parser.yy" +#line 2929 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UrlDecode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UrlDecode()); } -#line 5432 "seclang-parser.cc" +#line 5427 "seclang-parser.cc" break; case 414: // act: "ACTION_TRANSFORMATION_URL_ENCODE" -#line 2938 "seclang-parser.yy" +#line 2933 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UrlEncode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::UrlEncode()); } -#line 5440 "seclang-parser.cc" +#line 5435 "seclang-parser.cc" break; case 415: // act: "ACTION_TRANSFORMATION_NONE" -#line 2942 "seclang-parser.yy" +#line 2937 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::None(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::None()); } -#line 5448 "seclang-parser.cc" +#line 5443 "seclang-parser.cc" break; case 416: // act: "ACTION_TRANSFORMATION_COMPRESS_WHITESPACE" -#line 2946 "seclang-parser.yy" +#line 2941 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::CompressWhitespace(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::CompressWhitespace()); } -#line 5456 "seclang-parser.cc" +#line 5451 "seclang-parser.cc" break; case 417: // act: "ACTION_TRANSFORMATION_REMOVE_WHITESPACE" -#line 2950 "seclang-parser.yy" +#line 2945 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveWhitespace(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveWhitespace()); } -#line 5464 "seclang-parser.cc" +#line 5459 "seclang-parser.cc" break; case 418: // act: "ACTION_TRANSFORMATION_REPLACE_NULLS" -#line 2954 "seclang-parser.yy" +#line 2949 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ReplaceNulls(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ReplaceNulls()); } -#line 5472 "seclang-parser.cc" +#line 5467 "seclang-parser.cc" break; case 419: // act: "ACTION_TRANSFORMATION_REMOVE_NULLS" -#line 2958 "seclang-parser.yy" +#line 2953 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveNulls(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveNulls()); } -#line 5480 "seclang-parser.cc" +#line 5475 "seclang-parser.cc" break; case 420: // act: "ACTION_TRANSFORMATION_HTML_ENTITY_DECODE" -#line 2962 "seclang-parser.yy" +#line 2957 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::HtmlEntityDecode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::HtmlEntityDecode()); } -#line 5488 "seclang-parser.cc" +#line 5483 "seclang-parser.cc" break; case 421: // act: "ACTION_TRANSFORMATION_JS_DECODE" -#line 2966 "seclang-parser.yy" +#line 2961 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::JsDecode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::JsDecode()); } -#line 5496 "seclang-parser.cc" +#line 5491 "seclang-parser.cc" break; case 422: // act: "ACTION_TRANSFORMATION_CSS_DECODE" -#line 2970 "seclang-parser.yy" +#line 2965 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::CssDecode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::CssDecode()); } -#line 5504 "seclang-parser.cc" +#line 5499 "seclang-parser.cc" break; case 423: // act: "ACTION_TRANSFORMATION_TRIM" -#line 2974 "seclang-parser.yy" +#line 2969 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Trim(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Trim()); } -#line 5512 "seclang-parser.cc" +#line 5507 "seclang-parser.cc" break; case 424: // act: "ACTION_TRANSFORMATION_TRIM_LEFT" -#line 2978 "seclang-parser.yy" +#line 2973 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::TrimLeft(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::TrimLeft()); } -#line 5520 "seclang-parser.cc" +#line 5515 "seclang-parser.cc" break; case 425: // act: "ACTION_TRANSFORMATION_TRIM_RIGHT" -#line 2982 "seclang-parser.yy" +#line 2977 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::TrimRight(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::TrimRight()); } -#line 5528 "seclang-parser.cc" +#line 5523 "seclang-parser.cc" break; case 426: // act: "ACTION_TRANSFORMATION_NORMALISE_PATH_WIN" -#line 2986 "seclang-parser.yy" +#line 2981 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::NormalisePathWin(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::NormalisePathWin()); } -#line 5536 "seclang-parser.cc" +#line 5531 "seclang-parser.cc" break; case 427: // act: "ACTION_TRANSFORMATION_NORMALISE_PATH" -#line 2990 "seclang-parser.yy" +#line 2985 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::NormalisePath(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::NormalisePath()); } -#line 5544 "seclang-parser.cc" +#line 5539 "seclang-parser.cc" break; case 428: // act: "ACTION_TRANSFORMATION_LENGTH" -#line 2994 "seclang-parser.yy" +#line 2989 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Length(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Length()); } -#line 5552 "seclang-parser.cc" +#line 5547 "seclang-parser.cc" break; case 429: // act: "ACTION_TRANSFORMATION_UTF8_TO_UNICODE" -#line 2998 "seclang-parser.yy" +#line 2993 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Utf8ToUnicode(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::Utf8ToUnicode()); } -#line 5560 "seclang-parser.cc" +#line 5555 "seclang-parser.cc" break; case 430: // act: "ACTION_TRANSFORMATION_REMOVE_COMMENTS_CHAR" -#line 3002 "seclang-parser.yy" +#line 2997 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveCommentsChar(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveCommentsChar()); } -#line 5568 "seclang-parser.cc" +#line 5563 "seclang-parser.cc" break; case 431: // act: "ACTION_TRANSFORMATION_REMOVE_COMMENTS" -#line 3006 "seclang-parser.yy" +#line 3001 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveComments(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::RemoveComments()); } -#line 5576 "seclang-parser.cc" +#line 5571 "seclang-parser.cc" break; case 432: // act: "ACTION_TRANSFORMATION_REPLACE_COMMENTS" -#line 3010 "seclang-parser.yy" +#line 3005 "seclang-parser.yy" { - ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ReplaceComments(yystack_[0].value.as < std::string > ())); + ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::transformations::ReplaceComments()); } -#line 5584 "seclang-parser.cc" +#line 5579 "seclang-parser.cc" break; case 433: // setvar_action: "NOT" var -#line 3017 "seclang-parser.yy" +#line 3012 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetVar(actions::SetVarOperation::unsetOperation, std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5592 "seclang-parser.cc" +#line 5587 "seclang-parser.cc" break; case 434: // setvar_action: var -#line 3021 "seclang-parser.yy" +#line 3016 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetVar(actions::SetVarOperation::setToOneOperation, std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5600 "seclang-parser.cc" +#line 5595 "seclang-parser.cc" break; case 435: // setvar_action: var SETVAR_OPERATION_EQUALS run_time_string -#line 3025 "seclang-parser.yy" +#line 3020 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetVar(actions::SetVarOperation::setOperation, std::move(yystack_[2].value.as < std::unique_ptr > ()), std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5608 "seclang-parser.cc" +#line 5603 "seclang-parser.cc" break; case 436: // setvar_action: var SETVAR_OPERATION_EQUALS_PLUS run_time_string -#line 3029 "seclang-parser.yy" +#line 3024 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetVar(actions::SetVarOperation::sumAndSetOperation, std::move(yystack_[2].value.as < std::unique_ptr > ()), std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5616 "seclang-parser.cc" +#line 5611 "seclang-parser.cc" break; case 437: // setvar_action: var SETVAR_OPERATION_EQUALS_MINUS run_time_string -#line 3033 "seclang-parser.yy" +#line 3028 "seclang-parser.yy" { ACTION_CONTAINER(yylhs.value.as < std::unique_ptr > (), new actions::SetVar(actions::SetVarOperation::substractAndSetOperation, std::move(yystack_[2].value.as < std::unique_ptr > ()), std::move(yystack_[0].value.as < std::unique_ptr > ()))); } -#line 5624 "seclang-parser.cc" +#line 5619 "seclang-parser.cc" break; case 438: // run_time_string: run_time_string "FREE_TEXT_QUOTE_MACRO_EXPANSION" -#line 3040 "seclang-parser.yy" +#line 3035 "seclang-parser.yy" { yystack_[1].value.as < std::unique_ptr > ()->appendText(yystack_[0].value.as < std::string > ()); yylhs.value.as < std::unique_ptr > () = std::move(yystack_[1].value.as < std::unique_ptr > ()); } -#line 5633 "seclang-parser.cc" +#line 5628 "seclang-parser.cc" break; case 439: // run_time_string: run_time_string var -#line 3045 "seclang-parser.yy" +#line 3040 "seclang-parser.yy" { yystack_[1].value.as < std::unique_ptr > ()->appendVar(std::move(yystack_[0].value.as < std::unique_ptr > ())); yylhs.value.as < std::unique_ptr > () = std::move(yystack_[1].value.as < std::unique_ptr > ()); } -#line 5642 "seclang-parser.cc" +#line 5637 "seclang-parser.cc" break; case 440: // run_time_string: "FREE_TEXT_QUOTE_MACRO_EXPANSION" -#line 3050 "seclang-parser.yy" +#line 3045 "seclang-parser.yy" { std::unique_ptr r(new RunTimeString()); r->appendText(yystack_[0].value.as < std::string > ()); yylhs.value.as < std::unique_ptr > () = std::move(r); } -#line 5652 "seclang-parser.cc" +#line 5647 "seclang-parser.cc" break; case 441: // run_time_string: var -#line 3056 "seclang-parser.yy" +#line 3051 "seclang-parser.yy" { std::unique_ptr r(new RunTimeString()); r->appendVar(std::move(yystack_[0].value.as < std::unique_ptr > ())); yylhs.value.as < std::unique_ptr > () = std::move(r); } -#line 5662 "seclang-parser.cc" +#line 5657 "seclang-parser.cc" break; -#line 5666 "seclang-parser.cc" +#line 5661 "seclang-parser.cc" default: break; @@ -7166,43 +7161,43 @@ namespace yy { 968, 972, 976, 981, 986, 990, 994, 998, 1002, 1006, 1010, 1014, 1018, 1022, 1026, 1030, 1034, 1038, 1042, 1046, 1050, 1054, 1058, 1062, 1076, 1077, 1109, 1128, 1149, 1179, - 1241, 1248, 1252, 1256, 1260, 1264, 1268, 1272, 1276, 1285, - 1289, 1294, 1297, 1302, 1307, 1312, 1317, 1320, 1325, 1328, - 1333, 1338, 1341, 1346, 1351, 1356, 1361, 1366, 1371, 1376, - 1379, 1384, 1389, 1394, 1399, 1402, 1407, 1412, 1417, 1430, - 1443, 1456, 1469, 1482, 1508, 1536, 1548, 1568, 1595, 1601, - 1606, 1611, 1620, 1625, 1629, 1633, 1637, 1641, 1645, 1649, - 1654, 1659, 1671, 1677, 1681, 1685, 1696, 1705, 1706, 1713, - 1718, 1723, 1777, 1784, 1792, 1829, 1833, 1840, 1845, 1851, - 1857, 1863, 1870, 1880, 1884, 1888, 1892, 1896, 1900, 1904, - 1908, 1912, 1916, 1920, 1924, 1928, 1932, 1936, 1940, 1944, - 1948, 1952, 1956, 1960, 1964, 1968, 1972, 1976, 1980, 1984, - 1988, 1992, 1996, 2000, 2004, 2008, 2012, 2016, 2020, 2024, - 2028, 2032, 2036, 2040, 2044, 2048, 2052, 2056, 2060, 2064, - 2068, 2072, 2076, 2080, 2084, 2088, 2092, 2096, 2100, 2104, - 2108, 2112, 2116, 2120, 2124, 2128, 2132, 2136, 2140, 2144, - 2148, 2152, 2156, 2160, 2164, 2168, 2172, 2176, 2180, 2184, - 2188, 2192, 2196, 2200, 2204, 2208, 2212, 2216, 2220, 2224, - 2228, 2232, 2236, 2241, 2245, 2249, 2254, 2258, 2262, 2267, - 2272, 2276, 2280, 2284, 2288, 2292, 2296, 2300, 2304, 2308, - 2312, 2316, 2320, 2324, 2328, 2332, 2336, 2340, 2344, 2348, - 2352, 2356, 2360, 2364, 2368, 2372, 2376, 2380, 2384, 2388, - 2392, 2396, 2400, 2404, 2408, 2412, 2416, 2420, 2424, 2428, - 2432, 2436, 2440, 2444, 2448, 2452, 2456, 2460, 2464, 2468, - 2472, 2476, 2480, 2484, 2488, 2492, 2496, 2500, 2504, 2508, - 2512, 2520, 2527, 2534, 2541, 2548, 2555, 2562, 2569, 2576, - 2583, 2590, 2597, 2607, 2611, 2615, 2619, 2623, 2627, 2631, - 2635, 2640, 2645, 2650, 2654, 2658, 2662, 2666, 2671, 2676, - 2680, 2684, 2688, 2692, 2696, 2700, 2704, 2708, 2712, 2716, - 2720, 2724, 2728, 2733, 2737, 2741, 2745, 2749, 2753, 2757, - 2761, 2765, 2769, 2773, 2777, 2781, 2785, 2789, 2793, 2797, - 2801, 2805, 2809, 2813, 2817, 2821, 2825, 2829, 2833, 2837, - 2841, 2845, 2849, 2853, 2857, 2861, 2865, 2869, 2873, 2877, - 2881, 2885, 2889, 2893, 2897, 2901, 2905, 2909, 2913, 2917, - 2921, 2925, 2929, 2933, 2937, 2941, 2945, 2949, 2953, 2957, - 2961, 2965, 2969, 2973, 2977, 2981, 2985, 2989, 2993, 2997, - 3001, 3005, 3009, 3016, 3020, 3024, 3028, 3032, 3039, 3044, - 3049, 3055 + 1236, 1243, 1247, 1251, 1255, 1259, 1263, 1267, 1271, 1280, + 1284, 1289, 1292, 1297, 1302, 1307, 1312, 1315, 1320, 1323, + 1328, 1333, 1336, 1341, 1346, 1351, 1356, 1361, 1366, 1371, + 1374, 1379, 1384, 1389, 1394, 1397, 1402, 1407, 1412, 1425, + 1438, 1451, 1464, 1477, 1503, 1531, 1543, 1563, 1590, 1596, + 1601, 1606, 1615, 1620, 1624, 1628, 1632, 1636, 1640, 1644, + 1649, 1654, 1666, 1672, 1676, 1680, 1691, 1700, 1701, 1708, + 1713, 1718, 1772, 1779, 1787, 1824, 1828, 1835, 1840, 1846, + 1852, 1858, 1865, 1875, 1879, 1883, 1887, 1891, 1895, 1899, + 1903, 1907, 1911, 1915, 1919, 1923, 1927, 1931, 1935, 1939, + 1943, 1947, 1951, 1955, 1959, 1963, 1967, 1971, 1975, 1979, + 1983, 1987, 1991, 1995, 1999, 2003, 2007, 2011, 2015, 2019, + 2023, 2027, 2031, 2035, 2039, 2043, 2047, 2051, 2055, 2059, + 2063, 2067, 2071, 2075, 2079, 2083, 2087, 2091, 2095, 2099, + 2103, 2107, 2111, 2115, 2119, 2123, 2127, 2131, 2135, 2139, + 2143, 2147, 2151, 2155, 2159, 2163, 2167, 2171, 2175, 2179, + 2183, 2187, 2191, 2195, 2199, 2203, 2207, 2211, 2215, 2219, + 2223, 2227, 2231, 2236, 2240, 2244, 2249, 2253, 2257, 2262, + 2267, 2271, 2275, 2279, 2283, 2287, 2291, 2295, 2299, 2303, + 2307, 2311, 2315, 2319, 2323, 2327, 2331, 2335, 2339, 2343, + 2347, 2351, 2355, 2359, 2363, 2367, 2371, 2375, 2379, 2383, + 2387, 2391, 2395, 2399, 2403, 2407, 2411, 2415, 2419, 2423, + 2427, 2431, 2435, 2439, 2443, 2447, 2451, 2455, 2459, 2463, + 2467, 2471, 2475, 2479, 2483, 2487, 2491, 2495, 2499, 2503, + 2507, 2515, 2522, 2529, 2536, 2543, 2550, 2557, 2564, 2571, + 2578, 2585, 2592, 2602, 2606, 2610, 2614, 2618, 2622, 2626, + 2630, 2635, 2640, 2645, 2649, 2653, 2657, 2661, 2666, 2671, + 2675, 2679, 2683, 2687, 2691, 2695, 2699, 2703, 2707, 2711, + 2715, 2719, 2723, 2728, 2732, 2736, 2740, 2744, 2748, 2752, + 2756, 2760, 2764, 2768, 2772, 2776, 2780, 2784, 2788, 2792, + 2796, 2800, 2804, 2808, 2812, 2816, 2820, 2824, 2828, 2832, + 2836, 2840, 2844, 2848, 2852, 2856, 2860, 2864, 2868, 2872, + 2876, 2880, 2884, 2888, 2892, 2896, 2900, 2904, 2908, 2912, + 2916, 2920, 2924, 2928, 2932, 2936, 2940, 2944, 2948, 2952, + 2956, 2960, 2964, 2968, 2972, 2976, 2980, 2984, 2988, 2992, + 2996, 3000, 3004, 3011, 3015, 3019, 3023, 3027, 3034, 3039, + 3044, 3050 }; void @@ -7234,9 +7229,9 @@ namespace yy { } // yy -#line 7238 "seclang-parser.cc" +#line 7233 "seclang-parser.cc" -#line 3062 "seclang-parser.yy" +#line 3057 "seclang-parser.yy" void yy::seclang_parser::error (const location_type& l, const std::string& m) { diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy index 588a78b7..8f2f4376 100644 --- a/src/parser/seclang-parser.yy +++ b/src/parser/seclang-parser.yy @@ -1081,7 +1081,7 @@ expression: for (auto &i : *$4.get()) { if (dynamic_cast(i.get())) { std::shared_ptr at = std::move(i); - std::shared_ptr t2 = std::static_pointer_cast(std::move(at)); + std::shared_ptr t2 = std::dynamic_pointer_cast(std::move(at)); t->push_back(std::move(t2)); } else { a->push_back(i.release()); @@ -1132,7 +1132,7 @@ expression: for (auto &i : *$2.get()) { if (dynamic_cast(i.get())) { std::shared_ptr at = std::move(i); - std::shared_ptr t2 = std::static_pointer_cast(std::move(at)); + std::shared_ptr t2 = std::dynamic_pointer_cast(std::move(at)); t->push_back(std::move(t2)); } else { a->push_back(i.release()); @@ -1154,7 +1154,7 @@ expression: for (auto &i : *$2.get()) { if (dynamic_cast(i.get())) { std::shared_ptr at = std::move(i); - std::shared_ptr t2 = std::static_pointer_cast(std::move(at)); + std::shared_ptr t2 = std::dynamic_pointer_cast(std::move(at)); t->push_back(std::move(t2)); } else { a->push_back(i.release()); @@ -1192,19 +1192,14 @@ expression: hasDisruptive = true; } if (phase != NULL) { - definedPhase = phase->m_phase; - secRuleDefinedPhase = phase->m_secRulesPhase; + definedPhase = phase->getPhase(); + secRuleDefinedPhase = phase->getSecRulePhase(); delete phase; - } else if (a->m_actionKind == actions::Action::RunTimeOnlyIfMatchKind || - a->m_actionKind == actions::Action::RunTimeBeforeMatchAttemptKind) { - actions::transformations::None *none = dynamic_cast(a); - if (none != NULL) { - driver.error(@0, "The transformation none is not suitable to be part of the SecDefaultActions"); - YYERROR; - } + } else if (dynamic_cast(a) + && !dynamic_cast(a)) { checkedActions.push_back(a); } else { - driver.error(@0, "The action '" + *a->m_name.get() + "' is not suitable to be part of the SecDefaultActions"); + driver.error(@0, "The action '" + *a->getName() + "' is not suitable to be part of the SecDefaultActions"); YYERROR; } } @@ -2618,19 +2613,19 @@ act: } | ACTION_AUDIT_LOG { - ACTION_CONTAINER($$, new actions::AuditLog($1)); + ACTION_CONTAINER($$, new actions::AuditLog()); } | ACTION_BLOCK { - ACTION_CONTAINER($$, new actions::Block($1)); + ACTION_CONTAINER($$, new actions::Block()); } | ACTION_CAPTURE { - ACTION_CONTAINER($$, new actions::Capture($1)); + ACTION_CONTAINER($$, new actions::Capture()); } | ACTION_CHAIN { - ACTION_CONTAINER($$, new actions::Chain($1)); + ACTION_CONTAINER($$, new actions::Chain()); } | ACTION_CTL_AUDIT_ENGINE CONFIG_VALUE_ON { @@ -2711,7 +2706,7 @@ act: } | ACTION_DENY { - ACTION_CONTAINER($$, new actions::disruptive::Deny($1)); + ACTION_CONTAINER($$, new actions::disruptive::Deny()); } | ACTION_DEPRECATE_VAR { @@ -2719,7 +2714,7 @@ act: } | ACTION_DROP { - ACTION_CONTAINER($$, new actions::disruptive::Drop($1)); + ACTION_CONTAINER($$, new actions::disruptive::Drop()); } | ACTION_EXEC { @@ -2744,7 +2739,7 @@ act: } | ACTION_LOG { - ACTION_CONTAINER($$, new actions::Log($1)); + ACTION_CONTAINER($$, new actions::Log()); } | ACTION_MATURITY { @@ -2756,19 +2751,19 @@ act: } | ACTION_MULTI_MATCH { - ACTION_CONTAINER($$, new actions::MultiMatch($1)); + ACTION_CONTAINER($$, new actions::MultiMatch()); } | ACTION_NO_AUDIT_LOG { - ACTION_CONTAINER($$, new actions::NoAuditLog($1)); + ACTION_CONTAINER($$, new actions::NoAuditLog()); } | ACTION_NO_LOG { - ACTION_CONTAINER($$, new actions::NoLog($1)); + ACTION_CONTAINER($$, new actions::NoLog()); } | ACTION_PASS { - ACTION_CONTAINER($$, new actions::disruptive::Pass($1)); + ACTION_CONTAINER($$, new actions::disruptive::Pass()); } | ACTION_PAUSE { @@ -2864,151 +2859,151 @@ act: } | ACTION_TRANSFORMATION_PARITY_ZERO_7_BIT { - ACTION_CONTAINER($$, new actions::transformations::ParityZero7bit($1)); + ACTION_CONTAINER($$, new actions::transformations::ParityZero7bit()); } | ACTION_TRANSFORMATION_PARITY_ODD_7_BIT { - ACTION_CONTAINER($$, new actions::transformations::ParityOdd7bit($1)); + ACTION_CONTAINER($$, new actions::transformations::ParityOdd7bit()); } | ACTION_TRANSFORMATION_PARITY_EVEN_7_BIT { - ACTION_CONTAINER($$, new actions::transformations::ParityEven7bit($1)); + ACTION_CONTAINER($$, new actions::transformations::ParityEven7bit()); } | ACTION_TRANSFORMATION_SQL_HEX_DECODE { - ACTION_CONTAINER($$, new actions::transformations::SqlHexDecode($1)); + ACTION_CONTAINER($$, new actions::transformations::SqlHexDecode()); } | ACTION_TRANSFORMATION_BASE_64_ENCODE { - ACTION_CONTAINER($$, new actions::transformations::Base64Encode($1)); + ACTION_CONTAINER($$, new actions::transformations::Base64Encode()); } | ACTION_TRANSFORMATION_BASE_64_DECODE { - ACTION_CONTAINER($$, new actions::transformations::Base64Decode($1)); + ACTION_CONTAINER($$, new actions::transformations::Base64Decode()); } | ACTION_TRANSFORMATION_BASE_64_DECODE_EXT { - ACTION_CONTAINER($$, new actions::transformations::Base64DecodeExt($1)); + ACTION_CONTAINER($$, new actions::transformations::Base64DecodeExt()); } | ACTION_TRANSFORMATION_CMD_LINE { - ACTION_CONTAINER($$, new actions::transformations::CmdLine($1)); + ACTION_CONTAINER($$, new actions::transformations::CmdLine()); } | ACTION_TRANSFORMATION_SHA1 { - ACTION_CONTAINER($$, new actions::transformations::Sha1($1)); + ACTION_CONTAINER($$, new actions::transformations::Sha1()); } | ACTION_TRANSFORMATION_MD5 { - ACTION_CONTAINER($$, new actions::transformations::Md5($1)); + ACTION_CONTAINER($$, new actions::transformations::Md5()); } | ACTION_TRANSFORMATION_ESCAPE_SEQ_DECODE { - ACTION_CONTAINER($$, new actions::transformations::EscapeSeqDecode($1)); + ACTION_CONTAINER($$, new actions::transformations::EscapeSeqDecode()); } | ACTION_TRANSFORMATION_HEX_ENCODE { - ACTION_CONTAINER($$, new actions::transformations::HexEncode($1)); + ACTION_CONTAINER($$, new actions::transformations::HexEncode()); } | ACTION_TRANSFORMATION_HEX_DECODE { - ACTION_CONTAINER($$, new actions::transformations::HexDecode($1)); + ACTION_CONTAINER($$, new actions::transformations::HexDecode()); } | ACTION_TRANSFORMATION_LOWERCASE { - ACTION_CONTAINER($$, new actions::transformations::LowerCase($1)); + ACTION_CONTAINER($$, new actions::transformations::LowerCase()); } | ACTION_TRANSFORMATION_PHP_ARGS_NAMES { - ACTION_CONTAINER($$, new actions::transformations::PhpArgsNames($1)); + ACTION_CONTAINER($$, new actions::transformations::PhpArgsNames()); } | ACTION_TRANSFORMATION_UPPERCASE { - ACTION_CONTAINER($$, new actions::transformations::UpperCase($1)); + ACTION_CONTAINER($$, new actions::transformations::UpperCase()); } | ACTION_TRANSFORMATION_URL_DECODE_UNI { - ACTION_CONTAINER($$, new actions::transformations::UrlDecodeUni($1)); + ACTION_CONTAINER($$, new actions::transformations::UrlDecodeUni()); } | ACTION_TRANSFORMATION_URL_DECODE { - ACTION_CONTAINER($$, new actions::transformations::UrlDecode($1)); + ACTION_CONTAINER($$, new actions::transformations::UrlDecode()); } | ACTION_TRANSFORMATION_URL_ENCODE { - ACTION_CONTAINER($$, new actions::transformations::UrlEncode($1)); + ACTION_CONTAINER($$, new actions::transformations::UrlEncode()); } | ACTION_TRANSFORMATION_NONE { - ACTION_CONTAINER($$, new actions::transformations::None($1)); + ACTION_CONTAINER($$, new actions::transformations::None()); } | ACTION_TRANSFORMATION_COMPRESS_WHITESPACE { - ACTION_CONTAINER($$, new actions::transformations::CompressWhitespace($1)); + ACTION_CONTAINER($$, new actions::transformations::CompressWhitespace()); } | ACTION_TRANSFORMATION_REMOVE_WHITESPACE { - ACTION_CONTAINER($$, new actions::transformations::RemoveWhitespace($1)); + ACTION_CONTAINER($$, new actions::transformations::RemoveWhitespace()); } | ACTION_TRANSFORMATION_REPLACE_NULLS { - ACTION_CONTAINER($$, new actions::transformations::ReplaceNulls($1)); + ACTION_CONTAINER($$, new actions::transformations::ReplaceNulls()); } | ACTION_TRANSFORMATION_REMOVE_NULLS { - ACTION_CONTAINER($$, new actions::transformations::RemoveNulls($1)); + ACTION_CONTAINER($$, new actions::transformations::RemoveNulls()); } | ACTION_TRANSFORMATION_HTML_ENTITY_DECODE { - ACTION_CONTAINER($$, new actions::transformations::HtmlEntityDecode($1)); + ACTION_CONTAINER($$, new actions::transformations::HtmlEntityDecode()); } | ACTION_TRANSFORMATION_JS_DECODE { - ACTION_CONTAINER($$, new actions::transformations::JsDecode($1)); + ACTION_CONTAINER($$, new actions::transformations::JsDecode()); } | ACTION_TRANSFORMATION_CSS_DECODE { - ACTION_CONTAINER($$, new actions::transformations::CssDecode($1)); + ACTION_CONTAINER($$, new actions::transformations::CssDecode()); } | ACTION_TRANSFORMATION_TRIM { - ACTION_CONTAINER($$, new actions::transformations::Trim($1)); + ACTION_CONTAINER($$, new actions::transformations::Trim()); } | ACTION_TRANSFORMATION_TRIM_LEFT { - ACTION_CONTAINER($$, new actions::transformations::TrimLeft($1)); + ACTION_CONTAINER($$, new actions::transformations::TrimLeft()); } | ACTION_TRANSFORMATION_TRIM_RIGHT { - ACTION_CONTAINER($$, new actions::transformations::TrimRight($1)); + ACTION_CONTAINER($$, new actions::transformations::TrimRight()); } | ACTION_TRANSFORMATION_NORMALISE_PATH_WIN { - ACTION_CONTAINER($$, new actions::transformations::NormalisePathWin($1)); + ACTION_CONTAINER($$, new actions::transformations::NormalisePathWin()); } | ACTION_TRANSFORMATION_NORMALISE_PATH { - ACTION_CONTAINER($$, new actions::transformations::NormalisePath($1)); + ACTION_CONTAINER($$, new actions::transformations::NormalisePath()); } | ACTION_TRANSFORMATION_LENGTH { - ACTION_CONTAINER($$, new actions::transformations::Length($1)); + ACTION_CONTAINER($$, new actions::transformations::Length()); } | ACTION_TRANSFORMATION_UTF8_TO_UNICODE { - ACTION_CONTAINER($$, new actions::transformations::Utf8ToUnicode($1)); + ACTION_CONTAINER($$, new actions::transformations::Utf8ToUnicode()); } | ACTION_TRANSFORMATION_REMOVE_COMMENTS_CHAR { - ACTION_CONTAINER($$, new actions::transformations::RemoveCommentsChar($1)); + ACTION_CONTAINER($$, new actions::transformations::RemoveCommentsChar()); } | ACTION_TRANSFORMATION_REMOVE_COMMENTS { - ACTION_CONTAINER($$, new actions::transformations::RemoveComments($1)); + ACTION_CONTAINER($$, new actions::transformations::RemoveComments()); } | ACTION_TRANSFORMATION_REPLACE_COMMENTS { - ACTION_CONTAINER($$, new actions::transformations::ReplaceComments($1)); + ACTION_CONTAINER($$, new actions::transformations::ReplaceComments()); } ; diff --git a/src/rule_message.cc b/src/rule_message.cc index 31bf1903..3c29789c 100644 --- a/src/rule_message.cc +++ b/src/rule_message.cc @@ -41,7 +41,7 @@ std::string RuleMessage::_details(const RuleMessage *rm) { msg.append(" [ver \"" + rm->getVer() + "\"]"); msg.append(" [maturity \"" + std::to_string(rm->getMaturity()) + "\"]"); msg.append(" [accuracy \"" + std::to_string(rm->getAccuracy()) + "\"]"); - for (auto &a : rm->m_tags) { + for (auto a : rm->m_tags) { msg.append(" [tag \"" + a + "\"]"); } msg.append(" [hostname \"" + rm->getServerIpAddress() + "\"]"); diff --git a/src/rule_with_actions.cc b/src/rule_with_actions.cc index 5ab4d86b..46f7cf54 100644 --- a/src/rule_with_actions.cc +++ b/src/rule_with_actions.cc @@ -44,9 +44,16 @@ #include "src/actions/severity.h" #include "src/actions/tag.h" #include "src/actions/transformations/transformation.h" +#include "src/actions/transformations/none.h" #include "src/actions/xmlns.h" #include "src/utils/string.h" #include "src/actions/action_with_run_time_string.h" +#include "src/actions/phase.h" +#include "src/actions/chain.h" +#include "src/actions/rule_id.h" +#include "src/actions/ver.h" +#include "src/actions/action_type_rule_metadata.h" + namespace modsecurity { @@ -113,58 +120,29 @@ void RuleWithActions::addDefaultAction(std::shared_ptr a) { arts->populate(this); } - if (a->m_actionKind == Action::ConfigurationKind) { - if (dynamic_cast(a.get())) { - actions::Accuracy *accuracy = dynamic_cast(a.get()); - m_defaultAccuracy = accuracy->getAccuracy(); - } else if (dynamic_cast(a.get())) { - actions::Rev *rev = dynamic_cast(a.get()); - m_defaultRevision = rev->getRevision(); - } else { - a->execute(this, NULL); - } + if (dynamic_cast(a.get())) { + ActionTypeRuleMetaData *conf = dynamic_cast(a.get()); + conf->configure(this); return; } - if (a->m_actionKind == Action::RunTimeOnlyIfMatchKind) { - if (dynamic_cast(a.get())) { - m_defaultContainsCaptureAction = true; - } else if (dynamic_cast(a.get())) { - m_defaultContainsMultiMatchAction = true; - } else if (dynamic_cast(a.get())) { - actions::Severity *severity = dynamic_cast(a.get()); - setDefaultActionSeverity(severity->m_severity); - } else if (dynamic_cast(a.get())) { - actions::Maturity *maturity = dynamic_cast(a.get()); - setDefaultActionMaturity(maturity->getMaturity()); - } else if (dynamic_cast(a.get())) { - m_defaultActionLogData = std::static_pointer_cast(a); - } else if (dynamic_cast(a.get())) { - m_defaultActionMsg = std::static_pointer_cast(a); - } else if (dynamic_cast(a.get())) { - actions::SetVar *var = dynamic_cast(a.get()); - m_actionsSetVar.push_back(std::unique_ptr(var)); - } else if (dynamic_cast(a.get())) { - m_defaultActionActionsTag.push_back(std::static_pointer_cast(a)); - } else if (dynamic_cast(a.get())) { - m_defaultContainsLogAction = true; - } else if (dynamic_cast(a.get())) { - m_defaultContainsNoLogAction = true; - } else if (dynamic_cast(a.get())) { - m_defaultActionActionsRuntimePos.push_back(a); - m_defaultContainsStaticBlockAction = true; - } else if (a->isDisruptive() == true) { - m_defaultActionDisruptiveAction = a; - } else { - m_defaultActionActionsRuntimePos.push_back(a); - } - return; + if (dynamic_cast(a.get())) { + m_defaultActionLogData.reset(dynamic_cast(a.get())); + } else if (dynamic_cast(a.get())) { + m_defaultActionMsg.reset(dynamic_cast(a.get())); + } else if (dynamic_cast(a.get())) { + actions::SetVar *var = dynamic_cast(a.get()); + m_actionsSetVar.push_back(std::unique_ptr(var)); + } else if (dynamic_cast(a.get())) { + m_defaultActionActionsTag.push_back(std::dynamic_pointer_cast(a)); + } else if (dynamic_cast(a.get())) { + m_defaultActionActionsRuntimePos.push_back(a); + m_defaultContainsStaticBlockAction = true; + } else if (a->isDisruptive() == true) { + m_defaultActionDisruptiveAction = a; + } else { + m_defaultActionActionsRuntimePos.push_back(a); } - - std::cout << "General failure, action: " << *a->m_name; - std::cout << " has an unknown type." << std::endl; - throw; - } void RuleWithActions::addAction(actions::Action *a) { @@ -175,68 +153,33 @@ void RuleWithActions::addAction(actions::Action *a) { arts->populate(this); } - if (a->m_actionKind == Action::ConfigurationKind) { - if (dynamic_cast(a)) { - actions::Accuracy *accuracy = dynamic_cast(a); - m_accuracy = accuracy->getAccuracy(); - } else if (dynamic_cast(a)) { - actions::Rev *rev = dynamic_cast(a); - m_revision = rev->getRevision(); - } else { - a->execute(this, NULL); - } + if (dynamic_cast(a)) { + ActionTypeRuleMetaData *conf = dynamic_cast(a); + conf->configure(this); delete a; return; } - if (a->m_actionKind == Action::RunTimeOnlyIfMatchKind) { - if (dynamic_cast(a)) { - m_containsCaptureAction = true; - delete a; - } else if (dynamic_cast(a)) { - m_containsMultiMatchAction = true; - delete a; - } else if (dynamic_cast(a)) { - actions::Severity *severity = dynamic_cast(a); - setSeverity(severity->m_severity); - delete a; - } else if (dynamic_cast(a)) { - m_logData = std::unique_ptr(dynamic_cast(a)); - } else if (dynamic_cast(a)) { - m_msg = std::unique_ptr(dynamic_cast(a)); - } else if (dynamic_cast(a)) { - actions::SetVar *var = dynamic_cast(a); - m_actionsSetVar.push_back(std::unique_ptr(var)); - } else if (dynamic_cast(a)) { - actions::Maturity *maturity = dynamic_cast(a); - m_maturity = maturity->getMaturity(); - delete a; - } else if (dynamic_cast(a)) { - m_containsLogAction = true; - delete a; - } else if (dynamic_cast(a)) { - m_containsNoLogAction = true; - delete a; - } else if (dynamic_cast(a)) { - m_actionsTag.push_back(std::unique_ptr(dynamic_cast(a))); - } else if (dynamic_cast(a)) { - m_actionsRuntimePos.push_back(std::unique_ptr(dynamic_cast(a))); - m_containsStaticBlockAction = true; - } else if (dynamic_cast(a)) { - m_XmlNSs.push_back(std::unique_ptr(dynamic_cast(a))); - } else if (a->isDisruptive() == true) { - m_disruptiveAction = std::unique_ptr(a); - } else { - m_actionsRuntimePos.push_back(std::unique_ptr(a)); - } - return; + + if (dynamic_cast(a)) { + m_logData = std::unique_ptr(dynamic_cast(a)); + } else if (dynamic_cast(a)) { + m_msg = std::unique_ptr(dynamic_cast(a)); + } else if (dynamic_cast(a)) { + actions::SetVar *var = dynamic_cast(a); + m_actionsSetVar.push_back(std::unique_ptr(var)); + } else if (dynamic_cast(a)) { + m_actionsTag.push_back(std::unique_ptr(dynamic_cast(a))); + } else if (dynamic_cast(a)) { + m_actionsRuntimePos.push_back(std::unique_ptr(dynamic_cast(a))); + m_containsStaticBlockAction = true; + } else if (dynamic_cast(a)) { + m_XmlNSs.push_back(std::unique_ptr(dynamic_cast(a))); + } else if (a->isDisruptive() == true) { + m_disruptiveAction = std::unique_ptr(a); + } else { + m_actionsRuntimePos.push_back(std::unique_ptr(a)); } - - std::cout << "General failure, action: " << *a->m_name; - std::cout << " has an unknown type." << std::endl; - delete a; - throw; - } @@ -255,24 +198,9 @@ void RuleWithActions::executeActionsIndependentOfChainedRuleResult(Transaction * for (actions::SetVar *a : getSetVarsActionsPtr()) { ms_dbg_a(trans, 4, "Running [independent] (non-disruptive) " \ - "action: " + *a->m_name.get()); + "action: " + *a->getName()); - a->execute(this, trans); - } - - for (auto &b : - trans->m_rules->m_exceptions.m_action_pre_update_target_by_id) { - if (m_ruleId != b.first) { - continue; - } - actions::Action *a = dynamic_cast(b.second.get()); - if (a->isDisruptive() == true && *a->m_name.get() == "block") { - ms_dbg_a(trans, 9, "Rule contains a `block' action"); - } else if (*a->m_name.get() == "setvar") { - ms_dbg_a(trans, 4, "Running [independent] (non-disruptive) " \ - "action: " + *a->m_name.get()); - a->execute(this, trans); - } + a->execute(trans); } } @@ -280,22 +208,10 @@ void RuleWithActions::executeActionsIndependentOfChainedRuleResult(Transaction * void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans) { bool disruptiveAlreadyExecuted = false; -#if 0 - for (auto &a : trans->m_rules->m_defaultActions[getPhase()]) { - if (a.get()->m_actionKind != actions::Action::RunTimeOnlyIfMatchKind) { - continue; - } - if (!a.get()->isDisruptive()) { - executeAction(trans, a.get(), true); - - } - } -#endif - for (actions::Tag *a : getTagsActionPtr()) { ms_dbg_a(trans, 4, "Running (non-disruptive) action: " \ - + *a->m_name.get()); - a->execute(this, trans); + + a->getTagName(trans)); + a->execute(trans); } /** @@ -309,20 +225,25 @@ void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans) { continue; } actions::Action *a = dynamic_cast(b.second.get()); + if (a->isDisruptive()) { + trans->messageGetLast()->setRule(this); + } executeAction(trans, a, false); - disruptiveAlreadyExecuted = true; + if (a->isDisruptive()) { + disruptiveAlreadyExecuted = true; + } } if (m_logData) { - m_logData->execute(this, trans); + m_logData->execute(trans); } else if (m_defaultActionLogData) { - m_defaultActionLogData->execute(this, trans); + m_defaultActionLogData->execute(trans); } if (m_msg) { - m_msg->execute(this, trans); + m_msg->execute(trans); } else if (m_defaultActionMsg) { - m_defaultActionMsg->execute(this, trans); + m_defaultActionMsg->execute(trans); } for (auto &a : getMatchActionsPtr()) { @@ -346,28 +267,27 @@ void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans) { void RuleWithActions::executeAction(Transaction *trans, Action *a, bool defaultContext) { - if (a->isDisruptive() == false && *a->m_name.get() != "block") { - ms_dbg_a(trans, 9, "Running " \ - "action: " + *a->m_name.get()); - a->execute(this, trans); + if (a->isDisruptive() == false) { + ms_dbg_a(trans, 9, "Running action: " + *a->getName()); + a->execute(trans); return; } if (defaultContext && !hasBlockAction()) { - ms_dbg_a(trans, 4, "Ignoring action: " + *a->m_name.get() + \ + ms_dbg_a(trans, 4, "Ignoring action: " + *a->getName() + \ " (rule does not cotains block)"); return; } if (trans->getRuleEngineState() == RulesSet::EnabledRuleEngine) { ms_dbg_a(trans, 4, "Running (disruptive) action: " + - *a->m_name.get() + "."); - a->execute(this, trans); + *a->getName() + "."); + a->execute(trans); return; } - ms_dbg_a(trans, 4, "Not running any disruptive action (or block): " \ - + *a->m_name.get() + ". SecRuleEngine is not On."); + ms_dbg_a(trans, 4, "Not running disruptive action: " \ + + *a->getName() + ". SecRuleEngine is not On."); } @@ -387,7 +307,7 @@ void RuleWithActions::executeTransformations( std::shared_ptr(new std::string(in)); for (Transformation *action : getTransformationPtr()) { - if (action->isNone()) { + if (dynamic_cast(action)) { none++; } } @@ -396,7 +316,7 @@ void RuleWithActions::executeTransformations( if (none == 0) { executeTransformation(trans, &results, t); } - if (t->isNone()) { + if (dynamic_cast(t)) { none--; } } @@ -404,40 +324,29 @@ void RuleWithActions::executeTransformations( // FIXME: It can't be something different from transformation. Sort this // on rules compile time. for (auto &b : - trans->m_rules->m_exceptions.m_action_pre_update_target_by_id) { + trans->m_rules->m_exceptions.m_action_transformation_update_target_by_id) { if (m_ruleId != b.first) { continue; } - Transformation *t = dynamic_cast(b.second.get()); - if (t->isNone()) { + Transformation *t = b.second.get(); + if (dynamic_cast(t)) { none++; } } for (auto &b : - trans->m_rules->m_exceptions.m_action_pre_update_target_by_id) { + trans->m_rules->m_exceptions.m_action_transformation_update_target_by_id) { if (m_ruleId != b.first) { continue; } - Transformation *t = dynamic_cast(b.second.get()); + Transformation *t = b.second.get(); if (none == 0) { executeTransformation(trans, &results, t); } - if (t->isNone()) { + if (dynamic_cast(t)) { none--; } } - -/* - if (hasMultimatchAction() == true) { - ms_dbg_a(trans, 9, "multiMatch is enabled. " \ - + std::to_string(results.size()) + \ - " values to be tested."); - } else { - //results.push_back(TransformationResult(nullptr, ssin)); - //results.pop_front(); - } -*/ } @@ -465,13 +374,13 @@ void RuleWithActions::executeTransformation( transformation->execute(transaction, in, out); ms_dbg_a(transaction, 9, " T (" + std::to_string(ret->size() - 1) + ") " + \ - *transformation->m_name.get() + ": \"" + \ + *transformation->getName() + ": \"" + \ utils::string::limitTo(80, out.c_str()) + "\""); ret->push_back( TransformationResult( - &out, - transformation->m_name.get() + out, + transformation->getName() ) ); } diff --git a/src/rule_with_actions.h b/src/rule_with_actions.h index a890d579..b81c2092 100644 --- a/src/rule_with_actions.h +++ b/src/rule_with_actions.h @@ -29,6 +29,8 @@ #include "modsecurity/modsecurity.h" #include "modsecurity/variable_value.h" #include "modsecurity/rule.h" +#include "modsecurity/actions/action.h" +#include "src/actions/action_type_rule_metadata.h" #ifdef __cplusplus @@ -53,6 +55,7 @@ using Transformation = actions::transformations::Transformation; using Transformations = std::vector >; using TransformationsPtr = std::vector; using Action = actions::Action; +using ActionTypeRuleMetaData = actions::ActionTypeRuleMetaData; using Actions = std::vector; using Tags = std::vector >; using TagsPtr = std::vector; @@ -67,10 +70,10 @@ using XmlNSsPtr = std::vector; class TransformationResult { public: - TransformationResult( - ModSecString *after, - std::string *transformation) - : m_after(*after), + explicit TransformationResult( + ModSecString &after, + const std::string *transformation = nullptr) + : m_after(after), m_transformation(transformation) { }; explicit TransformationResult( @@ -88,14 +91,14 @@ class TransformationResult { } - std::string *getTransformationName() { + const std::string *getTransformationName() const { return m_transformation; } private: ModSecString m_after; - std::string *m_transformation; + const std::string *m_transformation; }; using TransformationsResults = std::list; @@ -218,7 +221,6 @@ class RuleWithActions : public Rule { Action *a, bool context); - static void executeTransformation( Transaction *transaction, TransformationsResults *ret, @@ -343,6 +345,7 @@ class RuleWithActions : public Rule { inline bool hasChainedParent() const { return m_chainedRuleParent != nullptr; } inline bool hasChainedChild() const { return m_chainedRuleChild.get() != nullptr; } + inline void setHasCaptureAction(bool b) { m_containsCaptureAction = b; } inline bool hasCaptureAction() const { return m_containsCaptureAction || m_defaultContainsCaptureAction; } inline bool hasDisruptiveAction() const { return m_disruptiveAction != nullptr || m_defaultActionDisruptiveAction != nullptr; } @@ -352,6 +355,7 @@ class RuleWithActions : public Rule { inline bool hasBlockAction() const { return m_containsStaticBlockAction || m_defaultContainsStaticBlockAction; } inline void setHasBlockAction(bool b) { m_containsStaticBlockAction = b; } + inline void setHasMultimatchAction(bool b) { m_containsMultiMatchAction = b; } inline bool hasMultimatchAction() const { return m_containsMultiMatchAction || m_defaultContainsMultiMatchAction; } inline bool hasLogAction() const { return m_containsLogAction == true; } diff --git a/src/rules_exceptions.cc b/src/rules_exceptions.cc index 4259ac09..7167aa7f 100644 --- a/src/rules_exceptions.cc +++ b/src/rules_exceptions.cc @@ -19,6 +19,8 @@ #include "src/utils/string.h" #include "src/variables/variable.h" +#include "src/actions/action_type_rule_metadata.h" +#include "src/actions/transformations/transformation.h" namespace modsecurity { @@ -36,21 +38,26 @@ bool RulesExceptions::loadUpdateActionById(double id, std::string *error) { for (auto &a : *actions) { - if (a->m_actionKind == actions::Action::ConfigurationKind) { - std::cout << "General failure, action: " << a->m_name; + if (dynamic_cast(a.get())) { + std::cout << "General failure, action: " << *a->getName(); std::cout << " has not expected to be used with UpdateActionByID."; std::cout << std::endl; - } else if (a->m_actionKind - == actions::Action::RunTimeBeforeMatchAttemptKind) { - m_action_pre_update_target_by_id.emplace(std::pair>(id , std::move(a))); - } else if (a->m_actionKind == actions::Action::RunTimeOnlyIfMatchKind) { - m_action_pos_update_target_by_id.emplace(std::pair>(id , std::move(a))); - } else { - std::cout << "General failure, action: " << a->m_name; - std::cout << " has an unknown type." << std::endl; + continue; } + + if (dynamic_cast(a.get())) { + actions::transformations::Transformation *t = dynamic_cast(a.release()); + m_action_transformation_update_target_by_id.emplace( + std::pair>(id, std::shared_ptr(t)) + ); + continue; + } + + m_action_pos_update_target_by_id.emplace( + std::pair>(id , std::move(a)) + ); } return true; @@ -247,10 +254,10 @@ bool RulesExceptions::merge(RulesExceptions *from) { p.second)); } - for (auto &p : from->m_action_pre_update_target_by_id) { - m_action_pre_update_target_by_id.emplace( + for (auto &p : from->m_action_transformation_update_target_by_id) { + m_action_transformation_update_target_by_id.emplace( std::pair>(p.first, + std::shared_ptr>(p.first, p.second)); } diff --git a/src/transaction.cc b/src/transaction.cc index d768dc0c..be1b856e 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -53,7 +53,7 @@ #include "src/actions/disruptive/allow.h" #include "src/variables/remote_user.h" #include "src/rule_with_actions.h" - +#include "src/actions/ctl/audit_log_parts.h" using modsecurity::actions::Action; @@ -149,7 +149,7 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, void *logCbData) m_ruleRemoveTargetByTag(), m_ruleRemoveTargetById(), m_requestBodyAccess(RulesSet::PropertyNotSetConfigBoolean), - m_auditLogModifier(), + m_auditLogParts(0), m_requestBody(), m_responseBody(), /* m_id(), */ @@ -197,6 +197,10 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, void *logCbData) ms_dbg(4, "Initializing transaction"); + if (m_rules != NULL && m_rules->m_auditLog != NULL) { + m_auditLogParts = this->m_rules->m_auditLog->getParts(); + } + intervention::clean(&m_it); } @@ -222,7 +226,7 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, char *id, void *logCb m_ruleRemoveTargetByTag(), m_ruleRemoveTargetById(), m_requestBodyAccess(RulesSet::PropertyNotSetConfigBoolean), - m_auditLogModifier(), + m_auditLogParts(0), m_requestBody(), m_responseBody(), m_id(std::unique_ptr(new std::string(id))), @@ -267,6 +271,10 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, char *id, void *logCb ms_dbg(4, "Initializing transaction"); + if (m_rules != NULL && m_rules->m_auditLog != NULL) { + m_auditLogParts = this->m_rules->m_auditLog->getParts(); + } + intervention::clean(&m_it); } @@ -1406,35 +1414,15 @@ int Transaction::processLogging() { this->m_rules->evaluate(modsecurity::LoggingPhase, this); - /* If relevant, save this transaction information at the audit_logs */ - if (m_rules != NULL && m_rules->m_auditLog != NULL) { - int parts = this->m_rules->m_auditLog->getParts(); + if (m_auditLogParts != 0) { ms_dbg(8, "Checking if this request is suitable to be " \ "saved as an audit log."); - if (!this->m_auditLogModifier.empty()) { - ms_dbg(4, "There was an audit log modifier for this transaction."); - std::list>::iterator it; - ms_dbg(7, "AuditLog parts before modification(s): " + - std::to_string(parts) + "."); - for (it = m_auditLogModifier.begin(); - it != m_auditLogModifier.end(); ++it) { - std::pair p = *it; - if (p.first == 0) { // Add - parts = this->m_rules->m_auditLog->addParts(parts, - p.second); - } else { // Remove - parts = this->m_rules->m_auditLog->removeParts(parts, - p.second); - } - } - } - ms_dbg(8, "Checking if this request is relevant to be " \ - "part of the audit logs."); - bool saved = this->m_rules->m_auditLog->saveIfRelevant(this, parts); + // FIXME: m_auditLogParts can be accessed via Transaction. + bool saved = this->m_rules->m_auditLog->saveIfRelevant(this, m_auditLogParts); if (saved) { ms_dbg(8, "Request was relevant to be saved. Parts: " + - std::to_string(parts)); + std::to_string(m_auditLogParts)); } } @@ -1800,7 +1788,7 @@ std::string Transaction::toJSON(int parts) { reinterpret_cast("tags"), strlen("tags")); yajl_gen_array_open(g); - for (auto b : a->m_tags) { + for (auto &b : a->m_tags) { yajl_gen_string(g, reinterpret_cast(b.c_str()), strlen(b.c_str())); diff --git a/test/test-cases/regression/action-block.json b/test/test-cases/regression/action-block.json index 239df027..8bed1092 100644 --- a/test/test-cases/regression/action-block.json +++ b/test/test-cases/regression/action-block.json @@ -27,7 +27,7 @@ }, "rules":[ "SecRuleEngine On", - "SecDefaultAction \"phase:1,log,block,status:404\"", + "SecDefaultAction \"phase:1,log,status:404\"", "SecRule REQUEST_URI \"@contains path1\" \"phase:1,block,id:5\"" ] }, @@ -59,7 +59,7 @@ }, "rules":[ "SecRuleEngine On", - "SecDefaultAction \"phase:1,log,block,deny,status:400\"", + "SecDefaultAction \"phase:1,log,deny,status:400\"", "SecRule REQUEST_URI \"@contains path1\" \"phase:1,block,id:5\"" ] } diff --git a/test/test-cases/regression/action-tnf-base64.json b/test/test-cases/regression/action-tnf-base64.json index 7cb047ce..08875aaa 100644 --- a/test/test-cases/regression/action-tnf-base64.json +++ b/test/test-cases/regression/action-tnf-base64.json @@ -36,7 +36,7 @@ ] }, "expected":{ - "debug_log": "t:base64encode: \"dmFsdWUyCg==\"" + "debug_log": "t:base64Encode: \"dmFsdWUyCg==\"" }, "rules":[ "SecRuleEngine On", @@ -80,7 +80,7 @@ ] }, "expected":{ - "debug_log": "t:base64decode: \"value2\"" + "debug_log": "t:base64Decode: \"value2\"" }, "rules":[ "SecRuleEngine On", diff --git a/test/test-cases/regression/auditlog-ctl.json b/test/test-cases/regression/auditlog-ctl.json new file mode 100644 index 00000000..40a220b9 --- /dev/null +++ b/test/test-cases/regression/auditlog-ctl.json @@ -0,0 +1,240 @@ +[ + { + "enabled": 1, + "version_min": 300000, + "version_max": 0, + "title": "ctl:auditlogparts : +E", + "client": { + "ip": "200.249.12.31", + "port": 2313 + }, + "server": { + "ip": "200.249.12.31", + "port": 80 + }, + "request": { + "headers": { + "Host": "www.modsecurity.org", + "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", + "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", + "Accept-Language": "en-us,en;q=0.5", + "Accept-Encoding": "gzip,deflate", + "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", + "Keep-Alive": "300", + "Connection": "keep-alive", + "Pragma": "no-cache", + "Cache-Control": "no-cache" + }, + "uri": "\/test.pl?param1= test ¶m2=test2", + "method": "GET", + "http_version": 1.1, + "body": "" + }, + "response": { + "headers": { + "Content-Type": "plain\/text\n\r" + }, + "body": [ + "test" + ] + }, + "expected": { + "audit_log": "", + "debug_log": "Request was relevant to be saved. Parts: 34", + "error_log": "", + "http_code": 403 + }, + "rules": [ + "SecRuleEngine On", + "SecAuditEngine RelevantOnly", + "SecAuditLogParts A", + "SecAuditLogStorageDir /tmp/test", + "SecAuditLogDirMode 0766", + "SecAuditLogFileMode 0600", + "SecAuditLogType Parallel", + "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"", + "SecRule ARGS \"@contains test\" \"id:1,t:trim,ctl:auditlogparts=+E\"", + "SecRule ARGS \"@contains test\" \"id:2,t:trim,deny,auditlog\"" + ] + }, + { + "enabled": 1, + "version_min": 300000, + "version_max": 0, + "title": "ctl:auditlogparts : +E-E", + "client": { + "ip": "200.249.12.31", + "port": 2313 + }, + "server": { + "ip": "200.249.12.31", + "port": 80 + }, + "request": { + "headers": { + "Host": "www.modsecurity.org", + "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", + "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", + "Accept-Language": "en-us,en;q=0.5", + "Accept-Encoding": "gzip,deflate", + "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", + "Keep-Alive": "300", + "Connection": "keep-alive", + "Pragma": "no-cache", + "Cache-Control": "no-cache" + }, + "uri": "\/test.pl?param1= test ¶m2=test2", + "method": "GET", + "http_version": 1.1, + "body": "" + }, + "response": { + "headers": { + "Content-Type": "plain\/text\n\r" + }, + "body": [ + "test" + ] + }, + "expected": { + "audit_log": "", + "debug_log": "Request was relevant to be saved. Parts: 2", + "error_log": "", + "http_code": 403 + }, + "rules": [ + "SecRuleEngine On", + "SecAuditEngine RelevantOnly", + "SecAuditLogParts A", + "SecAuditLogStorageDir /tmp/test", + "SecAuditLogDirMode 0766", + "SecAuditLogFileMode 0600", + "SecAuditLogType Parallel", + "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"", + "SecRule ARGS \"@contains test\" \"id:1,t:trim,ctl:auditlogparts=+E\"", + "SecRule ARGS \"@contains test\" \"id:2,t:trim,ctl:auditlogparts=-E\"", + "SecRule ARGS \"@contains test\" \"id:3,t:trim,deny,auditlog\"" + ] + }, + { + "enabled": 1, + "version_min": 300000, + "version_max": 0, + "title": "ctl:auditlogparts : +E-E+E", + "client": { + "ip": "200.249.12.31", + "port": 2313 + }, + "server": { + "ip": "200.249.12.31", + "port": 80 + }, + "request": { + "headers": { + "Host": "www.modsecurity.org", + "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", + "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", + "Accept-Language": "en-us,en;q=0.5", + "Accept-Encoding": "gzip,deflate", + "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", + "Keep-Alive": "300", + "Connection": "keep-alive", + "Pragma": "no-cache", + "Cache-Control": "no-cache" + }, + "uri": "\/test.pl?param1= test ¶m2=test2", + "method": "GET", + "http_version": 1.1, + "body": "" + }, + "response": { + "headers": { + "Content-Type": "plain\/text\n\r" + }, + "body": [ + "test" + ] + }, + "expected": { + "audit_log": "", + "debug_log": "Request was relevant to be saved. Parts: 34", + "error_log": "", + "http_code": 403 + }, + "rules": [ + "SecRuleEngine On", + "SecAuditEngine RelevantOnly", + "SecAuditLogParts A", + "SecAuditLogStorageDir /tmp/test", + "SecAuditLogDirMode 0766", + "SecAuditLogFileMode 0600", + "SecAuditLogType Parallel", + "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"", + "SecRule ARGS \"@contains test\" \"id:1,t:trim,ctl:auditlogparts=+E\"", + "SecRule ARGS \"@contains test\" \"id:2,t:trim,ctl:auditlogparts=-E\"", + "SecRule ARGS \"@contains test\" \"id:3,t:trim,ctl:auditlogparts=+E\"", + "SecRule ARGS \"@contains test\" \"id:4,t:trim,deny,auditlog\"" + ] + }, + { + "enabled": 1, + "version_min": 300000, + "version_max": 0, + "title": "ctl:auditlogparts : +E-E+E+H", + "client": { + "ip": "200.249.12.31", + "port": 2313 + }, + "server": { + "ip": "200.249.12.31", + "port": 80 + }, + "request": { + "headers": { + "Host": "www.modsecurity.org", + "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)", + "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8", + "Accept-Language": "en-us,en;q=0.5", + "Accept-Encoding": "gzip,deflate", + "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", + "Keep-Alive": "300", + "Connection": "keep-alive", + "Pragma": "no-cache", + "Cache-Control": "no-cache" + }, + "uri": "\/test.pl?param1= test ¶m2=test2", + "method": "GET", + "http_version": 1.1, + "body": "" + }, + "response": { + "headers": { + "Content-Type": "plain\/text\n\r" + }, + "body": [ + "test" + ] + }, + "expected": { + "audit_log": "", + "debug_log": "Request was relevant to be saved. Parts: 290", + "error_log": "", + "http_code": 403 + }, + "rules": [ + "SecRuleEngine On", + "SecAuditEngine RelevantOnly", + "SecAuditLogParts A", + "SecAuditLogStorageDir /tmp/test", + "SecAuditLogDirMode 0766", + "SecAuditLogFileMode 0600", + "SecAuditLogType Parallel", + "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"", + "SecRule ARGS \"@contains test\" \"id:1,t:trim,ctl:auditlogparts=+E\"", + "SecRule ARGS \"@contains test\" \"id:2,t:trim,ctl:auditlogparts=-E\"", + "SecRule ARGS \"@contains test\" \"id:3,t:trim,ctl:auditlogparts=+E\"", + "SecRule ARGS \"@contains test\" \"id:4,t:trim,ctl:auditlogparts=+H\"", + "SecRule ARGS \"@contains test\" \"id:5,t:trim,deny,auditlog\"" + ] + } +] diff --git a/test/test-cases/regression/collection-regular_expression_selection.json b/test/test-cases/regression/collection-regular_expression_selection.json index cde06ac7..ec53d0c9 100644 --- a/test/test-cases/regression/collection-regular_expression_selection.json +++ b/test/test-cases/regression/collection-regular_expression_selection.json @@ -48,12 +48,12 @@ }, "expected":{ "audit_log":"", - "debug_log":"T \\(0\\) t:lowercase: \"test2\"", + "debug_log":"T \\(0\\) t:lowerCase: \"test2\"", "error_log":"" }, "rules":[ "SecRuleEngine On", - "SecRule ARGS:/^id_/ \"@contains nops\" \"id:1,t:lowercase,block,status:404\"" + "SecRule ARGS:/^id_/ \"@contains nops\" \"id:1,t:lowerCase,block,status:404\"" ] }, { diff --git a/test/test-cases/regression/config-secdefaultaction.json b/test/test-cases/regression/config-secdefaultaction.json index bb3d7d81..d4f71fed 100644 --- a/test/test-cases/regression/config-secdefaultaction.json +++ b/test/test-cases/regression/config-secdefaultaction.json @@ -48,14 +48,14 @@ }, "expected":{ "audit_log":"", - "debug_log":"lowercase: \"300\"", + "debug_log":"lowerCase: \"300\"", "error_log":"" }, "rules":[ "SecRuleEngine On", - "SecDefaultAction \"phase:2,t:lowercase,pass\"", + "SecDefaultAction \"phase:2,t:lowerCase,pass\"", "SecRule REQUEST_HEADERS \"@contains PHPSESSID\" \"phase:2,id:1,msg:'This is a test, %{REQUEST_HEADERS:Accept}%'\"", - "SecRule TX \"@contains to_test\" \"id:2,t:lowercase,t:none\"" + "SecRule TX \"@contains to_test\" \"id:2,t:lowerCase,t:none\"" ] }, { @@ -123,7 +123,7 @@ "version_max":0, "title":"Testing action :: SecDefaultAction: t:none", "expected":{ - "parser_error":"The transformation none is not suitable to be part of the SecDefaultActions" + "parser_error":"The action 't:none' is not suitable to be part of the SecDefaultActions" }, "rules":[ "SecRuleEngine On", diff --git a/test/test-cases/regression/config-update-action-by-id.json b/test/test-cases/regression/config-update-action-by-id.json index 6e343be5..f31d345e 100644 --- a/test/test-cases/regression/config-update-action-by-id.json +++ b/test/test-cases/regression/config-update-action-by-id.json @@ -267,6 +267,50 @@ "SecRuleUpdateActionById 200004 \"redirect:'https://%{request_headers.host}/'\"", "SecRule ARGS \"@contains value1\" \"phase:3,id:200004,block,deny\"" ] + }, + { + "enabled":1, + "version_min":300000, + "title":"SecRuleUpdateActionById (7/n)", + "issue":"2376", + "client":{ + "ip":"200.249.12.31", + "port":123 + }, + "server":{ + "ip":"200.249.12.31", + "port":80 + }, + "request":{ + "headers":{ + "Host":"localhost", + "User-Agent":"curl/7.38.0", + "Accept":"*/*", + "Content-Length":"330", + "Content-Type":"application/lhebs", + "Expect":"100-continue" + }, + "uri":"/a=urlencoded?param1=value1", + "method":"GET" + }, + "response":{ + "headers":{ + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", + "Content-Type":"text/html" + }, + "body":[ + "no need." + ] + }, + "expected":{ + "http_code": 403 + }, + "rules":[ + "SecRuleEngine On", + "SecRuleUpdateActionById 200004 \"t:none,t:lowercase\"", + "SecRule ARGS \"@contains value1\" \"phase:3,id:200004,deny,status:403\"" + ] } ] diff --git a/test/test-cases/regression/misc-variable-under-quotes.json b/test/test-cases/regression/misc-variable-under-quotes.json index 5310f61e..c82c96e1 100644 --- a/test/test-cases/regression/misc-variable-under-quotes.json +++ b/test/test-cases/regression/misc-variable-under-quotes.json @@ -31,10 +31,10 @@ ] }, "expected":{ - "debug_log":"t:lowercase:" + "debug_log":"t:lowerCase:" }, "rules":[ - "SecRule \"REQUEST_LINE\" \"@contains index.php/admin/cms/wysiwyg/directive/\" \"id:1,t:lowercase,ctl:auditLogParts=+E\"" + "SecRule \"REQUEST_LINE\" \"@contains index.php/admin/cms/wysiwyg/directive/\" \"id:1,t:lowerCase,ctl:auditLogParts=+E\"" ] }, { @@ -69,10 +69,10 @@ ] }, "expected":{ - "debug_log":"t:lowercase:" + "debug_log":"t:lowerCase:" }, "rules":[ - "SecRule \"REQUEST_LINE\" \"index.php/admin/cms/wysiwyg/directive/\" \"id:1,t:lowercase,ctl:auditLogParts=+E\"" + "SecRule \"REQUEST_LINE\" \"index.php/admin/cms/wysiwyg/directive/\" \"id:1,t:lowerCase,ctl:auditLogParts=+E\"" ] } ] diff --git a/test/test-cases/regression/offset-variable.json b/test/test-cases/regression/offset-variable.json index 6f6b1233..20d87aa2 100644 --- a/test/test-cases/regression/offset-variable.json +++ b/test/test-cases/regression/offset-variable.json @@ -831,13 +831,13 @@ ] }, "expected":{ - "error_log":"o0,4v64,13t:lowercase", + "error_log":"o0,4v64,13t:lowerCase", "http_code": 403 }, "rules":[ "SecRequestBodyAccess On", "SecRuleEngine On", - "SecRule REQUEST_HEADERS_NAMES \"auth\" \"id:1,phase:2,pass,t:lowercase,msg:'ops',deny\"" + "SecRule REQUEST_HEADERS_NAMES \"auth\" \"id:1,phase:2,pass,t:lowerCase,msg:'ops',deny\"" ] }, { @@ -865,13 +865,13 @@ ] }, "expected":{ - "error_log":"o1,2v216,3t:lowercase", + "error_log":"o1,2v216,3t:lowerCase", "http_code":403 }, "rules":[ "SecRequestBodyAccess On", "SecRuleEngine On", - "SecRule REQUEST_COOKIES \"es\" \"id:1,phase:2,pass,t:lowercase,msg:'ops',deny\"" + "SecRule REQUEST_COOKIES \"es\" \"id:1,phase:2,pass,t:lowerCase,msg:'ops',deny\"" ] }, { @@ -899,13 +899,13 @@ ] }, "expected":{ - "error_log":"o0,1v223,1t:lowercase", + "error_log":"o0,1v223,1t:lowerCase", "http_code":403 }, "rules":[ "SecRequestBodyAccess On", "SecRuleEngine On", - "SecRule REQUEST_COOKIES \"z\" \"id:1,phase:2,pass,t:lowercase,msg:'ops',deny\"" + "SecRule REQUEST_COOKIES \"z\" \"id:1,phase:2,pass,t:lowerCase,msg:'ops',deny\"" ] }, { @@ -933,13 +933,13 @@ ] }, "expected":{ - "error_log":"o0,1v228,1t:lowercase", + "error_log":"o0,1v228,1t:lowerCase", "http_code": 403 }, "rules":[ "SecRequestBodyAccess On", "SecRuleEngine On", - "SecRule REQUEST_COOKIES \"b\" \"id:1,phase:2,pass,t:lowercase,msg:'ops',deny\"" + "SecRule REQUEST_COOKIES \"b\" \"id:1,phase:2,pass,t:lowerCase,msg:'ops',deny\"" ] }, { diff --git a/test/test-cases/regression/transformations.json b/test/test-cases/regression/transformations.json index 049ee6b9..bb8a42bf 100644 --- a/test/test-cases/regression/transformations.json +++ b/test/test-cases/regression/transformations.json @@ -107,12 +107,12 @@ }, "expected": { "audit_log": "", - "debug_log": "lowercase: \"test", + "debug_log": "lowerCase: \"test", "error_log": "" }, "rules": [ "SecRuleEngine On", - "SecRule ARGS \"@contains test \" \"id:1,pass,t:trim,t:lowercase\"" + "SecRule ARGS \"@contains test \" \"id:1,pass,t:trim,t:lowerCase\"" ] }, {