Using a custom VariableMatch* implementation

Delay the variable name resolution till last minute.

Fix one of the issues raised in #2376

src/Makefile.am

@@ -35,8 +35,11 @@ MAINTAINERCLEANFILES = \
 
 
 pkginclude_HEADERS = \
-	../headers/modsecurity/anchored_set_variable.h \
-	../headers/modsecurity/anchored_variable.h \
+    ../headers/modsecurity/anchored_set_variable.h \
+    ../headers/modsecurity/anchored_set_variable_match_vars.h \
+    ../headers/modsecurity/anchored_set_variable_match_vars_names.h \
+    ../headers/modsecurity/anchored_variable.h \
+    ../headers/modsecurity/anchored_variable_match_var_name.h \
 	../headers/modsecurity/audit_log.h \
 	../headers/modsecurity/debug_log.h \
 	../headers/modsecurity/intervention.h \
@@ -272,6 +275,8 @@ libmodsecurity_la_SOURCES = \
 	parser/driver.cc \
 	transaction.cc \
 	anchored_set_variable.cc \
+	anchored_set_variable_match_vars.cc \
+	anchored_set_variable_match_vars_names.cc \
 	anchored_variable.cc \
 	audit_log/audit_log.cc \
 	audit_log/writer/writer.cc \

src/anchored_set_variable_match_vars.cc

@@ -0,0 +1,101 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 - 2020 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+#include <vector>
+
+#include "modsecurity/anchored_set_variable_match_vars.h"
+#include "modsecurity/modsecurity.h"
+#include "modsecurity/transaction.h"
+#include "src/utils/regex.h"
+#include "src/variables/variable.h"
+
+
+namespace modsecurity {
+
+
+void AnchoredVariableMatchVars::resolve(VariableValues *l,
+        const variables::KeyExclusions &ke) const noexcept
+{
+    for (const auto& x : m_vvs) {
+        if (ke.toOmit(x->getName())) {
+            ms_dbg_a(m_transaction, 7, "Excluding key: " + x->getName()
+                + " from target value.");
+            continue;
+        }
+        const VariableValue *var = new VariableValue(
+            &m_name,
+            std::unique_ptr<std::string>(new std::string(x->getName())),
+            std::unique_ptr<std::string>(new std::string(x->getValue()))
+        );
+        l->insert(l->begin(), std::unique_ptr<const VariableValue>(var));
+    }
+}
+
+
+void AnchoredVariableMatchVars::resolve(const std::string &key,
+        VariableValues *l) const noexcept
+{
+    for (const auto& x : m_vvs) {
+        if (key != x->getName()) {
+            continue;
+        }
+        const VariableValue *var = new VariableValue(
+            &m_name,
+            std::unique_ptr<std::string>(new std::string(x->getName())),
+            std::unique_ptr<std::string>(new std::string(x->getValue()))
+        );
+        l->insert(l->begin(), std::unique_ptr<const VariableValue>(var));
+    }
+}
+
+
+void AnchoredVariableMatchVars::resolveRegularExpression(const Utils::Regex *r,
+        VariableValues *l,
+        const variables::KeyExclusions &ke) const noexcept
+{
+    for (const auto& x : m_vvs) {
+        int ret = Utils::regex_search(x->getName(), *r);
+        if (ret <= 0) {
+            continue;
+        }
+        if (ke.toOmit(x->getName())) {
+            ms_dbg_a(m_transaction, 7, "Excluding key: " + x->getName()
+                + " from target value.");
+            continue;
+        }
+        const VariableValue *var = new VariableValue(
+            &m_name,
+            std::unique_ptr<std::string>(new std::string(x->getName())),
+            std::unique_ptr<std::string>(new std::string(x->getValue()))
+        );
+        l->insert(l->begin(), std::unique_ptr<const VariableValue>(var));
+    }
+}
+
+
+std::unique_ptr<std::string> AnchoredVariableMatchVars::resolveFirst(const std::string &key) const noexcept
+{
+    for (const auto& x : m_vvs) {
+        if (key != x->getName()) {
+            continue;
+        }
+        return std::unique_ptr<std::string>(new std::string(x->getValue()));
+    }
+    return std::unique_ptr<std::string>();
+}
+
+
+}  // namespace modsecurity

src/anchored_set_variable_match_vars_names.cc

@@ -0,0 +1,100 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 - 2020 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+
+#include "modsecurity/anchored_set_variable_match_vars_names.h"
+#include "modsecurity/modsecurity.h"
+#include "modsecurity/transaction.h"
+#include "src/utils/regex.h"
+#include "src/variables/variable.h"
+
+
+namespace modsecurity {
+
+
+void AnchoredVariableMatchVarsNames::resolve(VariableValues *l,
+        const variables::KeyExclusions &ke) const noexcept
+{
+    for (const auto& x : m_vvs) {
+        if (ke.toOmit(x->getName())) {
+            ms_dbg_a(m_transaction, 7, "Excluding key: " + x->getName()
+                + " from target value.");
+            continue;
+        }
+        const VariableValue *var = new VariableValue(
+            &m_name,
+            std::unique_ptr<std::string>(new std::string(x->getName())),
+            std::unique_ptr<std::string>(new std::string(x->getName()))
+        );
+        l->insert(l->begin(), std::unique_ptr<const VariableValue>(var));
+    }
+}
+
+
+void AnchoredVariableMatchVarsNames::resolve(const std::string &key,
+        VariableValues *l) const noexcept
+{
+    for (const auto& x : m_vvs) {
+        if (key != x->getName()) {
+            continue;
+        }
+        const VariableValue *var = new VariableValue(
+            &m_name,
+            std::unique_ptr<std::string>(new std::string(x->getName())),
+            std::unique_ptr<std::string>(new std::string(x->getName()))
+        );
+        l->insert(l->begin(), std::unique_ptr<const VariableValue>(var));
+    }
+}
+
+
+void AnchoredVariableMatchVarsNames::resolveRegularExpression(const Utils::Regex *r,
+        VariableValues *l,
+        const variables::KeyExclusions &ke) const noexcept
+{
+    for (const auto& x : m_vvs) {
+        int ret = Utils::regex_search(x->getName(), *r);
+        if (ret <= 0) {
+            continue;
+        }
+        if (ke.toOmit(x->getName())) {
+            ms_dbg_a(m_transaction, 7, "Excluding key: " + x->getName()
+                + " from target value.");
+            continue;
+        }
+        const VariableValue *var = new VariableValue(
+            &m_name,
+            std::unique_ptr<std::string>(new std::string(x->getName())),
+            std::unique_ptr<std::string>(new std::string(x->getName()))
+        );
+        l->insert(l->begin(), std::unique_ptr<const VariableValue>(var));
+    }
+}
+
+
+std::unique_ptr<std::string> AnchoredVariableMatchVarsNames::resolveFirst(const std::string &key) const noexcept
+{
+    for (const auto& x : m_vvs) {
+        if (key != x->getName()) {
+            continue;
+        }
+        return std::unique_ptr<std::string>(new std::string(x->getName()));
+    }
+    return std::unique_ptr<std::string>();
+}
+
+
+}  // namespace modsecurity

src/anchored_variable.cc

@@ -19,7 +19,7 @@
 #include <string>
 #include <vector>
 
-#include "../headers/modsecurity/anchored_variable.h"
+#include "modsecurity/anchored_variable.h"
 #include "modsecurity/modsecurity.h"
 #include "modsecurity/transaction.h"
 #include "src/utils/regex.h"

src/rule_with_operator.cc

@@ -79,17 +79,14 @@ RuleWithOperator::~RuleWithOperator() {
 
 
 void RuleWithOperator::updateMatchedVars(Transaction *trans,
-    const VariableValue *v,
+    std::shared_ptr<const VariableValue> v,
     const bpstd::string_view &value) {
-    // FIXME: Memory leak.
-    const std::string *key = new std::string(v->getName());
-
     ms_dbg_a(trans, 9, "Matched vars updated.");
     trans->m_variableMatchedVar.set(value, trans->m_variableOffset);
-    trans->m_variableMatchedVarName.set(*key, trans->m_variableOffset);
+    trans->m_variableMatchedVarName.set(v);
 
-    trans->m_variableMatchedVars.set(*key, value, trans->m_variableOffset);
-    trans->m_variableMatchedVarsNames.set(*key, *key, trans->m_variableOffset);
+    trans->m_variableMatchedVars.set(v);
+    trans->m_variableMatchedVarsNames.set(v);
 }
 
 
@@ -354,7 +351,7 @@ bool RuleWithOperator::evaluate(Transaction *trans) const {
                         iter2++;
                     }
 
-                    updateMatchedVars(trans, v, view);
+                    updateMatchedVars(trans, vv, view);
                     executeActionsIndependentOfChainedRuleResult(trans);
 
                     globalRet = true;

src/rule_with_operator.h

@@ -82,7 +82,7 @@ class RuleWithOperator : public RuleWithActions {
         const bpstd::string_view &value) const;
 
     static void updateMatchedVars(Transaction *transaction,
-        const VariableValue *v,
+        std::shared_ptr<const VariableValue> v,
         const bpstd::string_view &value);
 
     static void cleanMatchedVars(Transaction *trasn);