mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-09-29 19:24:29 +03:00
Handles better the memory utilization
- Added reference counts to Rule and AuditLog; - Some memory leaks were removed, including GeoLookup; - Deal better with parser errors; - Overriding the AutlogLogWritter destructor.
This commit is contained in:
Felipe Zimmerle
@@ -72,6 +72,7 @@ int main(int argc, char *argv[]) {
|
||||
int i = 0;
|
||||
ModSecurity::ModSecurity *modsec;
|
||||
ModSecurity::Rules *rules;
|
||||
ModSecurity::ModSecurityIntervention it;
|
||||
|
||||
modsec = new ModSecurity::ModSecurity();
|
||||
modsec->setConnectorInformation("ModSecurity-benchmark v0.0.1-alpha" \
|
||||
@@ -86,12 +87,12 @@ int main(int argc, char *argv[]) {
|
||||
Assay *modsecAssay = new Assay(modsec, rules);
|
||||
modsecAssay->processConnection(ip, 12345, "127.0.0.1", 80);
|
||||
|
||||
if (modsecAssay->intervention()) {
|
||||
if (modsecAssay->intervention(&it)) {
|
||||
std::cout << "There is an intervention" << std::endl;
|
||||
continue;
|
||||
}
|
||||
modsecAssay->processURI(request_uri, "GET", "1.1");
|
||||
if (modsecAssay->intervention()) {
|
||||
if (modsecAssay->intervention(&it)) {
|
||||
std::cout << "There is an intervention" << std::endl;
|
||||
continue;
|
||||
}
|
||||
@@ -122,7 +123,7 @@ int main(int argc, char *argv[]) {
|
||||
"no-cache");
|
||||
modsecAssay->processRequestHeaders();
|
||||
|
||||
if (modsecAssay->intervention()) {
|
||||
if (modsecAssay->intervention(&it)) {
|
||||
std::cout << "There is an intervention" << std::endl;
|
||||
continue;
|
||||
}
|
||||
@@ -130,7 +131,7 @@ int main(int argc, char *argv[]) {
|
||||
|
||||
modsecAssay->processRequestBody();
|
||||
|
||||
if (modsecAssay->intervention()) {
|
||||
if (modsecAssay->intervention(&it)) {
|
||||
std::cout << "There is an intervention" << std::endl;
|
||||
continue;
|
||||
}
|
||||
@@ -144,7 +145,7 @@ int main(int argc, char *argv[]) {
|
||||
|
||||
modsecAssay->processResponseHeaders();
|
||||
|
||||
if (modsecAssay->intervention()) {
|
||||
if (modsecAssay->intervention(&it)) {
|
||||
std::cout << "There is an intervention" << std::endl;
|
||||
continue;
|
||||
}
|
||||
@@ -154,7 +155,7 @@ int main(int argc, char *argv[]) {
|
||||
strlen((const char*)response_body));
|
||||
modsecAssay->processResponseBody();
|
||||
|
||||
if (modsecAssay->intervention()) {
|
||||
if (modsecAssay->intervention(&it)) {
|
||||
std::cout << "There is an intervention" << std::endl;
|
||||
continue;
|
||||
}
|
||||
|
||||
@@ -85,11 +85,13 @@ bool ModSecurityTest<T>::load_test_json(std::string file) {
|
||||
vec->push_back(u);
|
||||
}
|
||||
}
|
||||
|
||||
yajl_tree_free(node);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
|
||||
template <class T>
|
||||
std::pair<std::string, std::vector<T *>>* ModSecurityTest<T>::load_tests() {
|
||||
DIR *dir;
|
||||
|
||||
@@ -44,16 +44,19 @@ void print_help() {
|
||||
|
||||
|
||||
void actions(ModSecurityTestResults<RegressionTest> *r,
|
||||
ModSecurity::ModSecurityIntervention *it) {
|
||||
if (it != NULL) {
|
||||
if (it->pause != 0) {
|
||||
ModSecurity::Assay *a) {
|
||||
ModSecurity::ModSecurityIntervention it;
|
||||
memset(&it, '\0', sizeof(ModSecurity::ModSecurityIntervention));
|
||||
it.status = 200;
|
||||
if (a->intervention(&it) == true) {
|
||||
if (it.pause != 0) {
|
||||
// FIXME:
|
||||
}
|
||||
if (it->status != 0) {
|
||||
r->status = it->status;
|
||||
if (it.status != 0) {
|
||||
r->status = it.status;
|
||||
}
|
||||
if (it->url != NULL) {
|
||||
r->location = it->url;
|
||||
if (it.url != NULL) {
|
||||
r->location = it.url;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -61,13 +64,13 @@ void actions(ModSecurityTestResults<RegressionTest> *r,
|
||||
|
||||
void perform_unit_test(std::vector<RegressionTest *> *tests,
|
||||
ModSecurityTestResults<RegressionTest> *res, int *count) {
|
||||
ModSecurity::ModSecurity *modsec;
|
||||
ModSecurity::Rules *modsec_rules;
|
||||
ModSecurity::Assay *modsec_assay;
|
||||
|
||||
CustomDebugLog *debug_log = new CustomDebugLog();
|
||||
|
||||
for (RegressionTest *t : *tests) {
|
||||
ModSecurity::ModSecurity *modsec = NULL;
|
||||
ModSecurity::Rules *modsec_rules = NULL;
|
||||
ModSecurity::Assay *modsec_assay = NULL;
|
||||
ModSecurityTestResults<RegressionTest> r;
|
||||
r.status = 200;
|
||||
(*count)++;
|
||||
@@ -123,7 +126,7 @@ void perform_unit_test(std::vector<RegressionTest *> *tests,
|
||||
modsec_assay->processConnection(t->clientIp.c_str(),
|
||||
t->clientPort, t->serverIp.c_str(), t->serverPort);
|
||||
|
||||
actions(&r, modsec_assay->intervention());
|
||||
actions(&r, modsec_assay);
|
||||
if (r.status != 200) {
|
||||
goto end;
|
||||
}
|
||||
@@ -131,7 +134,7 @@ void perform_unit_test(std::vector<RegressionTest *> *tests,
|
||||
modsec_assay->processURI(t->uri.c_str(), t->protocol.c_str(),
|
||||
t->httpVersion.c_str());
|
||||
|
||||
actions(&r, modsec_assay->intervention());
|
||||
actions(&r, modsec_assay);
|
||||
if (r.status != 200) {
|
||||
goto end;
|
||||
}
|
||||
@@ -143,7 +146,7 @@ void perform_unit_test(std::vector<RegressionTest *> *tests,
|
||||
}
|
||||
|
||||
modsec_assay->processRequestHeaders();
|
||||
actions(&r, modsec_assay->intervention());
|
||||
actions(&r, modsec_assay);
|
||||
if (r.status != 200) {
|
||||
goto end;
|
||||
}
|
||||
@@ -152,7 +155,7 @@ void perform_unit_test(std::vector<RegressionTest *> *tests,
|
||||
(unsigned char *)t->request_body.c_str(),
|
||||
t->request_body.size());
|
||||
modsec_assay->processRequestBody();
|
||||
actions(&r, modsec_assay->intervention());
|
||||
actions(&r, modsec_assay);
|
||||
if (r.status != 200) {
|
||||
goto end;
|
||||
}
|
||||
@@ -164,7 +167,7 @@ void perform_unit_test(std::vector<RegressionTest *> *tests,
|
||||
}
|
||||
|
||||
modsec_assay->processResponseHeaders();
|
||||
actions(&r, modsec_assay->intervention());
|
||||
actions(&r, modsec_assay);
|
||||
if (r.status != 200) {
|
||||
goto end;
|
||||
}
|
||||
@@ -173,7 +176,7 @@ void perform_unit_test(std::vector<RegressionTest *> *tests,
|
||||
(unsigned char *)t->response_body.c_str(),
|
||||
t->response_body.size());
|
||||
modsec_assay->processResponseBody();
|
||||
actions(&r, modsec_assay->intervention());
|
||||
actions(&r, modsec_assay);
|
||||
if (r.status != 200) {
|
||||
goto end;
|
||||
}
|
||||
@@ -208,6 +211,8 @@ after_debug_log:
|
||||
|
||||
res->insert(res->end(), r.begin(), r.end());
|
||||
}
|
||||
|
||||
delete debug_log;
|
||||
}
|
||||
|
||||
|
||||
@@ -241,7 +246,7 @@ int main(int argc, char **argv) {
|
||||
}
|
||||
keyList.sort();
|
||||
|
||||
for (std::string a : keyList) {
|
||||
for (std::string &a : keyList) {
|
||||
std::vector<RegressionTest *> *tests = test[a];
|
||||
ModSecurityTestResults<RegressionTest> res;
|
||||
|
||||
@@ -251,8 +256,13 @@ int main(int argc, char **argv) {
|
||||
}
|
||||
test_log.close();
|
||||
|
||||
for (std::pair<std::string, std::vector<RegressionTest *> *> a : test) {
|
||||
std::vector<RegressionTest *> *vec = a.second;
|
||||
for (int i = 0; i < vec->size(); i++) {
|
||||
delete vec->at(i);
|
||||
}
|
||||
delete vec;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
76
test/valgrind_suppressions.txt
Normal file
76
test/valgrind_suppressions.txt
Normal file
@@ -0,0 +1,76 @@
|
||||
{
|
||||
<insert_a_suppression_name_here>
|
||||
Memcheck:Leak
|
||||
match-leak-kinds: definite
|
||||
fun:_Znwm
|
||||
fun:_ZN2yy14seclang_parser5parseEv
|
||||
fun:_ZN11ModSecurity6Parser6Driver5parseERKSsS3_
|
||||
fun:_ZN11ModSecurity5Rules4loadEPKcRKSs
|
||||
fun:_Z17perform_unit_testPSt6vectorIPN16modsecurity_test14RegressionTestESaIS2_EEPNS0_22ModSecurityTestResultsIS1_EEPi
|
||||
fun:main
|
||||
}
|
||||
{
|
||||
<insert_a_suppression_name_here>
|
||||
Memcheck:Leak
|
||||
match-leak-kinds: definite
|
||||
fun:malloc
|
||||
fun:yyalloc
|
||||
fun:_Z14yy_scan_bufferPcm
|
||||
fun:_Z13yy_scan_bytesPKcm
|
||||
fun:_ZN11ModSecurity6Parser6Driver10scan_beginEv
|
||||
fun:_ZN11ModSecurity6Parser6Driver5parseERKSsS3_
|
||||
fun:_ZN11ModSecurity5Rules4loadEPKcRKSs
|
||||
fun:_Z17perform_unit_testPSt6vectorIPN16modsecurity_test14RegressionTestESaIS2_EEPNS0_22ModSecurityTestResultsIS1_EEPi
|
||||
fun:main
|
||||
}
|
||||
{
|
||||
<insert_a_suppression_name_here>
|
||||
Memcheck:Leak
|
||||
match-leak-kinds: definite
|
||||
fun:_Znwm
|
||||
fun:_Z17perform_unit_testPSt6vectorIPN16modsecurity_test14RegressionTestESaIS2_EEPNS0_22ModSecurityTestResultsIS1_EEPi
|
||||
fun:main
|
||||
}
|
||||
{
|
||||
<insert_a_suppression_name_here>
|
||||
Memcheck:Leak
|
||||
match-leak-kinds: definite
|
||||
fun:_Znwm
|
||||
fun:_Z17perform_unit_testPSt6vectorIPN16modsecurity_test14RegressionTestESaIS2_EEPNS0_22ModSecurityTestResultsIS1_EEPi
|
||||
fun:main
|
||||
}
|
||||
{
|
||||
<insert_a_suppression_name_here>
|
||||
Memcheck:Leak
|
||||
match-leak-kinds: definite
|
||||
fun:_Znwm
|
||||
fun:_ZN11ModSecurity5Rules4loadEPKcRKSs
|
||||
fun:_Z17perform_unit_testPSt6vectorIPN16modsecurity_test14RegressionTestESaIS2_EEPNS0_22ModSecurityTestResultsIS1_EEPi
|
||||
fun:main
|
||||
}
|
||||
{
|
||||
<insert_a_suppression_name_here>
|
||||
Memcheck:Leak
|
||||
match-leak-kinds: definite
|
||||
fun:malloc
|
||||
fun:yyalloc
|
||||
fun:_Z16yy_create_bufferP8_IO_FILEi
|
||||
fun:_Z5yylexRN11ModSecurity6Parser6DriverE
|
||||
fun:_ZN2yy14seclang_parser5parseEv
|
||||
fun:_ZN11ModSecurity6Parser6Driver5parseERKSsS3_
|
||||
fun:_ZN11ModSecurity5Rules4loadEPKcRKSs
|
||||
fun:_Z17perform_unit_testPSt6vectorIPN16modsecurity_test14RegressionTestESaIS2_EEPNS0_22ModSecurityTestResultsIS1_EEPi
|
||||
fun:main
|
||||
}
|
||||
{
|
||||
<insert_a_suppression_name_here>
|
||||
Memcheck:Leak
|
||||
match-leak-kinds: definite
|
||||
fun:_Znwm
|
||||
fun:_ZN11ModSecurity8AuditLog4initEv
|
||||
fun:_ZN11ModSecurity6Parser6Driver5parseERKSsS3_
|
||||
fun:_ZN11ModSecurity5Rules4loadEPKcRKSs
|
||||
fun:_Z17perform_unit_testPSt6vectorIPN16modsecurity_test14RegressionTestESaIS2_EEPNS0_22ModSecurityTestResultsIS1_EEPi
|
||||
fun:main
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user