mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-15 23:55:03 +03:00
Merge pull request #3207 from gberkes/v3/remove_this_throw_call_transaction_h_mk2
V3/remove this throw call transaction h mk2
This commit is contained in:
Ervin Hegedus
GitHub
commit
f04dcc0262
6
.github/workflows/ci.yml
vendored
6
.github/workflows/ci.yml
vendored
@ -12,8 +12,8 @@ jobs:
|
|||||||
matrix:
|
matrix:
|
||||||
os: [ubuntu-22.04]
|
os: [ubuntu-22.04]
|
||||||
platform:
|
platform:
|
||||||
- {label: "x64", arch: "amd64", configure: ""}
|
- {label: "x64", arch: "amd64", configure: "--enable-assertions=yes"}
|
||||||
- {label: "x32", arch: "i386", configure: "PKG_CONFIG_PATH=/usr/lib/i386-linux-gnu/pkgconfig CFLAGS=-m32 CXXFLAGS=-m32 LDFLAGS=-m32"}
|
- {label: "x32", arch: "i386", configure: "PKG_CONFIG_PATH=/usr/lib/i386-linux-gnu/pkgconfig CFLAGS=-m32 CXXFLAGS=-m32 LDFLAGS=-m32 --enable-assertions=yes"}
|
||||||
compiler:
|
compiler:
|
||||||
- {label: "gcc", cc: "gcc", cxx: "g++"}
|
- {label: "gcc", cc: "gcc", cxx: "g++"}
|
||||||
- {label: "clang", cc: "clang", cxx: "clang++"}
|
- {label: "clang", cc: "clang", cxx: "clang++"}
|
||||||
@ -112,7 +112,7 @@ jobs:
|
|||||||
- name: build.sh
|
- name: build.sh
|
||||||
run: ./build.sh
|
run: ./build.sh
|
||||||
- name: configure
|
- name: configure
|
||||||
run: ./configure ${{ matrix.configure.opt }}
|
run: ./configure ${{ matrix.configure.opt }} --enable-assertions=yes
|
||||||
- uses: ammaraskar/gcc-problem-matcher@master
|
- uses: ammaraskar/gcc-problem-matcher@master
|
||||||
- name: make
|
- name: make
|
||||||
run: make -j `sysctl -n hw.logicalcpu`
|
run: make -j `sysctl -n hw.logicalcpu`
|
||||||
|
|||||||
@ -236,10 +236,16 @@ CFLAGS to disable the compilation optimization parameters:
|
|||||||
```shell
|
```shell
|
||||||
$ export CFLAGS="-g -O0"
|
$ export CFLAGS="-g -O0"
|
||||||
$ ./build.sh
|
$ ./build.sh
|
||||||
$ ./configure
|
$ ./configure --enable-assertions=yes
|
||||||
$ make
|
$ make
|
||||||
$ sudo make install
|
$ sudo make install
|
||||||
```
|
```
|
||||||
|
"Assertions allow us to document assumptions and to spot violations early in the
|
||||||
|
development process. What is more, assertions allow us to spot violations with a
|
||||||
|
minimum of effort." https://dl.acm.org/doi/pdf/10.1145/240964.240969
|
||||||
|
|
||||||
|
It is recommended to use assertions where applicable, and to enable them with
|
||||||
|
'--enable-assertions=yes' during the testing and debugging workflow.
|
||||||
|
|
||||||
### Benchmarking
|
### Benchmarking
|
||||||
|
|
||||||
|
|||||||
24
configure.ac
24
configure.ac
@ -248,6 +248,17 @@ AC_SUBST([MSC_VERSION])
|
|||||||
MSC_GIT_VERSION=msc_version_git
|
MSC_GIT_VERSION=msc_version_git
|
||||||
AC_SUBST([MSC_GIT_VERSION])
|
AC_SUBST([MSC_GIT_VERSION])
|
||||||
|
|
||||||
|
AC_ARG_ENABLE(assertions,
|
||||||
|
[AS_HELP_STRING([--enable-assertions],[Turn on assertions feature: undefine NDEBUG])],
|
||||||
|
|
||||||
|
[case "${enableval}" in
|
||||||
|
yes) assertions=true ;;
|
||||||
|
no) assertions=false ;;
|
||||||
|
*) AC_MSG_ERROR(bad value ${enableval} for --enable-assertions) ;;
|
||||||
|
esac],
|
||||||
|
|
||||||
|
[assertions=false]
|
||||||
|
)
|
||||||
|
|
||||||
AC_ARG_ENABLE(debug-logs,
|
AC_ARG_ENABLE(debug-logs,
|
||||||
[AS_HELP_STRING([--disable-debug-logs],[Turn off the SecDebugLog feature])],
|
[AS_HELP_STRING([--disable-debug-logs],[Turn off the SecDebugLog feature])],
|
||||||
@ -377,6 +388,14 @@ if test "$aflFuzzer" == "true"; then
|
|||||||
GLOBAL_CPPFLAGS="$GLOBAL_CPPFLAGS $FUZZ_CPPCFLAGS"
|
GLOBAL_CPPFLAGS="$GLOBAL_CPPFLAGS $FUZZ_CPPCFLAGS"
|
||||||
$buildExamples = false
|
$buildExamples = false
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
case $assertions in
|
||||||
|
false) ASSERTIONS_CPPCFLAGS="-DNDEBUG" ;;
|
||||||
|
true) ASSERTIONS_CPPCFLAGS="-UNDEBUG" ;;
|
||||||
|
*) AC_MSG_ERROR(bad value ${assertions} for assertions) ;;
|
||||||
|
esac
|
||||||
|
GLOBAL_CPPFLAGS="$GLOBAL_CPPFLAGS $ASSERTIONS_CPPCFLAGS"
|
||||||
|
|
||||||
AC_SUBST(GLOBAL_LDADD)
|
AC_SUBST(GLOBAL_LDADD)
|
||||||
AC_SUBST(GLOBAL_CPPFLAGS)
|
AC_SUBST(GLOBAL_CPPFLAGS)
|
||||||
|
|
||||||
@ -613,6 +632,11 @@ if test $buildTestUtilities = true; then
|
|||||||
else
|
else
|
||||||
echo " + Test Utilities ....disabled"
|
echo " + Test Utilities ....disabled"
|
||||||
fi
|
fi
|
||||||
|
if test $assertions = true; then
|
||||||
|
echo " + Assertions ....enabled"
|
||||||
|
else
|
||||||
|
echo " + Assertions ....disabled"
|
||||||
|
fi
|
||||||
if test $debugLogs = true; then
|
if test $debugLogs = true; then
|
||||||
echo " + SecDebugLog ....enabled"
|
echo " + SecDebugLog ....enabled"
|
||||||
else
|
else
|
||||||
|
|||||||
@ -14,6 +14,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
|
#include <cassert>
|
||||||
#include <ctime>
|
#include <ctime>
|
||||||
#include <fstream>
|
#include <fstream>
|
||||||
#include <iomanip>
|
#include <iomanip>
|
||||||
@ -307,11 +308,8 @@ class TransactionSecMarkerManagement {
|
|||||||
}
|
}
|
||||||
|
|
||||||
std::shared_ptr<std::string> getCurrentMarker() const {
|
std::shared_ptr<std::string> getCurrentMarker() const {
|
||||||
if (m_marker) {
|
assert((m_marker != nullptr) && "You might have forgotten to call and evaluate isInsideAMarker() before calling getCurrentMarker().");
|
||||||
return m_marker;
|
return m_marker;
|
||||||
} else {
|
|
||||||
throw; // cppcheck-suppress rethrowNoCurrentException
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void removeMarker() {
|
void removeMarker() {
|
||||||
|
|||||||
@ -17,6 +17,7 @@
|
|||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
|
||||||
|
#include <cassert>
|
||||||
#include <algorithm>
|
#include <algorithm>
|
||||||
#include <iostream>
|
#include <iostream>
|
||||||
#include <string>
|
#include <string>
|
||||||
@ -86,45 +87,51 @@ RuleWithActions::RuleWithActions(
|
|||||||
|
|
||||||
if (actions) {
|
if (actions) {
|
||||||
for (Action *a : *actions) {
|
for (Action *a : *actions) {
|
||||||
if (a->action_kind == Action::ConfigurationKind) {
|
switch (a->action_kind) {
|
||||||
a->evaluate(this, NULL);
|
case Action::ConfigurationKind:
|
||||||
delete a;
|
a->evaluate(this, NULL);
|
||||||
|
|
||||||
} else if (a->action_kind == Action::RunTimeOnlyIfMatchKind) {
|
|
||||||
if (dynamic_cast<actions::Capture *>(a)) {
|
|
||||||
m_containsCaptureAction = true;
|
|
||||||
delete a;
|
delete a;
|
||||||
} else if (dynamic_cast<actions::MultiMatch *>(a)) {
|
break;
|
||||||
m_containsMultiMatchAction = true;
|
case Action::RunTimeOnlyIfMatchKind:
|
||||||
delete a;
|
if (dynamic_cast<actions::Capture *>(a)) {
|
||||||
} else if (dynamic_cast<actions::Severity *>(a)) {
|
m_containsCaptureAction = true;
|
||||||
m_severity = dynamic_cast<actions::Severity *>(a);
|
delete a;
|
||||||
} else if (dynamic_cast<actions::LogData *>(a)) {
|
} else if (dynamic_cast<actions::MultiMatch *>(a)) {
|
||||||
m_logData = dynamic_cast<actions::LogData*>(a);
|
m_containsMultiMatchAction = true;
|
||||||
} else if (dynamic_cast<actions::Msg *>(a)) {
|
delete a;
|
||||||
m_msg = dynamic_cast<actions::Msg*>(a);
|
} else if (dynamic_cast<actions::Severity *>(a)) {
|
||||||
} else if (dynamic_cast<actions::SetVar *>(a)) {
|
m_severity = dynamic_cast<actions::Severity *>(a);
|
||||||
m_actionsSetVar.push_back(
|
} else if (dynamic_cast<actions::LogData *>(a)) {
|
||||||
dynamic_cast<actions::SetVar *>(a));
|
m_logData = dynamic_cast<actions::LogData*>(a);
|
||||||
} else if (dynamic_cast<actions::Tag *>(a)) {
|
} else if (dynamic_cast<actions::Msg *>(a)) {
|
||||||
m_actionsTag.push_back(dynamic_cast<actions::Tag *>(a));
|
m_msg = dynamic_cast<actions::Msg*>(a);
|
||||||
} else if (dynamic_cast<actions::Block *>(a)) {
|
} else if (dynamic_cast<actions::SetVar *>(a)) {
|
||||||
m_actionsRuntimePos.push_back(a);
|
m_actionsSetVar.push_back(
|
||||||
m_containsStaticBlockAction = true;
|
dynamic_cast<actions::SetVar *>(a));
|
||||||
} else if (a->isDisruptive() == true) {
|
} else if (dynamic_cast<actions::Tag *>(a)) {
|
||||||
if (m_disruptiveAction != nullptr) {
|
m_actionsTag.push_back(dynamic_cast<actions::Tag *>(a));
|
||||||
delete m_disruptiveAction;
|
} else if (dynamic_cast<actions::Block *>(a)) {
|
||||||
m_disruptiveAction = nullptr;
|
m_actionsRuntimePos.push_back(a);
|
||||||
|
m_containsStaticBlockAction = true;
|
||||||
|
} else if (a->isDisruptive() == true) {
|
||||||
|
if (m_disruptiveAction != nullptr) {
|
||||||
|
delete m_disruptiveAction;
|
||||||
|
m_disruptiveAction = nullptr;
|
||||||
|
}
|
||||||
|
m_disruptiveAction = a;
|
||||||
|
} else {
|
||||||
|
m_actionsRuntimePos.push_back(a);
|
||||||
}
|
}
|
||||||
m_disruptiveAction = a;
|
break;
|
||||||
} else {
|
default:
|
||||||
m_actionsRuntimePos.push_back(a);
|
std::cout << "General failure, action: " << a->m_name;
|
||||||
}
|
std::cout << " has an unknown type." << std::endl;
|
||||||
} else {
|
delete a;
|
||||||
delete a;
|
#ifdef NDEBUG
|
||||||
std::cout << "General failure, action: " << a->m_name;
|
break;
|
||||||
std::cout << " has an unknown type." << std::endl;
|
#else
|
||||||
throw; // cppcheck-suppress rethrowNoCurrentException
|
assert(false);
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
delete actions;
|
delete actions;
|
||||||
@ -239,7 +246,7 @@ void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans,
|
|||||||
bool containsBlock, std::shared_ptr<RuleMessage> ruleMessage) {
|
bool containsBlock, std::shared_ptr<RuleMessage> ruleMessage) {
|
||||||
bool disruptiveAlreadyExecuted = false;
|
bool disruptiveAlreadyExecuted = false;
|
||||||
|
|
||||||
for (auto &a : trans->m_rules->m_defaultActions[getPhase()]) { // cppcheck-suppress ctunullpointer
|
for (const auto &a : trans->m_rules->m_defaultActions[getPhase()]) { // cppcheck-suppress ctunullpointer
|
||||||
if (a.get()->action_kind != actions::Action::RunTimeOnlyIfMatchKind) {
|
if (a.get()->action_kind != actions::Action::RunTimeOnlyIfMatchKind) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user