From f1e742c159b7bfd05a1319a9579a428c62364310 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Thu, 3 Nov 2016 09:42:21 -0300 Subject: [PATCH] Moves system related functions from `utils' to `utils/system' --- src/Makefile.am | 3 +- src/audit_log/writer/parallel.cc | 5 +- src/operators/pm_from_file.cc | 3 +- src/operators/validate_dtd.cc | 3 +- src/operators/validate_schema.cc | 4 +- src/parser/seclang-parser.yy | 4 +- src/parser/seclang-scanner.ll | 8 +- src/transaction.cc | 4 +- src/utils.cc | 81 ------------------- src/utils.h | 5 -- src/utils/msc_system.cc | 126 ++++++++++++++++++++++++++++++ src/utils/msc_system.h | 41 ++++++++++ src/variables/duration.cc | 4 +- test/optimization/optimization.cc | 4 +- 14 files changed, 193 insertions(+), 102 deletions(-) create mode 100644 src/utils/msc_system.cc create mode 100644 src/utils/msc_system.h diff --git a/src/Makefile.am b/src/Makefile.am index 79ae6655..cde9adae 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -220,7 +220,8 @@ UTILS = \ utils/msc_tree.cc \ utils/regex.cc \ utils/sha1.cc \ - utils/msc_string.cc + utils/msc_string.cc \ + utils/msc_system.cc COLLECTION = \ collection/collections.cc \ diff --git a/src/audit_log/writer/parallel.cc b/src/audit_log/writer/parallel.cc index 0ef3c2c7..6ed1410b 100644 --- a/src/audit_log/writer/parallel.cc +++ b/src/audit_log/writer/parallel.cc @@ -28,6 +28,7 @@ #include "audit_log/audit_log.h" #include "modsecurity/transaction.h" #include "src/utils.h" +#include "src/utils/msc_system.h" #include "utils/md5.h" namespace modsecurity { @@ -110,10 +111,10 @@ bool Parallel::write(Transaction *transaction, int parts) { return false; } - createDir((logPath + + utils::createDir((logPath + logFilePath(&transaction->m_timeStamp, YearMonthDayDirectory)).c_str(), m_audit->directoryPermission); - createDir((logPath + + utils::createDir((logPath + logFilePath(&transaction->m_timeStamp, YearMonthDayDirectory | YearMonthDayAndTimeDirectory)).c_str(), m_audit->directoryPermission); diff --git a/src/operators/pm_from_file.cc b/src/operators/pm_from_file.cc index cf9a69d4..e7c5b5e9 100644 --- a/src/operators/pm_from_file.cc +++ b/src/operators/pm_from_file.cc @@ -20,6 +20,7 @@ #include "operators/operator.h" #include "utils/https_client.h" #include "src/utils.h" +#include "src/utils/msc_system.h" namespace modsecurity { namespace operators { @@ -37,7 +38,7 @@ bool PmFromFile::init(const std::string &config, std::string *error) { } iss = new std::stringstream(client.content); } else { - std::string resource = find_resource(m_param, config); + std::string resource = utils::find_resource(m_param, config); iss = new std::ifstream(resource, std::ios::in); if (((std::ifstream *)iss)->is_open() == false) { diff --git a/src/operators/validate_dtd.cc b/src/operators/validate_dtd.cc index 35a070a9..52851d15 100644 --- a/src/operators/validate_dtd.cc +++ b/src/operators/validate_dtd.cc @@ -19,6 +19,7 @@ #include "request_body_processor/xml.h" #include "src/utils.h" +#include "src/utils/msc_system.h" #include "operators/operator.h" namespace modsecurity { @@ -26,7 +27,7 @@ namespace operators { bool ValidateDTD::init(const std::string &file, std::string *error) { - m_resource = find_resource(m_param, file); + m_resource = utils::find_resource(m_param, file); if (m_resource == "") { error->assign("XML: File not found: " + m_param + "."); return false; diff --git a/src/operators/validate_schema.cc b/src/operators/validate_schema.cc index 30258590..d15da3b8 100644 --- a/src/operators/validate_schema.cc +++ b/src/operators/validate_schema.cc @@ -19,14 +19,14 @@ #include "operators/operator.h" #include "request_body_processor/xml.h" -#include "src/utils.h" +#include "src/utils/msc_system.h" namespace modsecurity { namespace operators { bool ValidateSchema::init(const std::string &file, std::string *error) { - m_resource = find_resource(m_param, file); + m_resource = utils::find_resource(m_param, file); if (m_resource == "") { error->assign("XML: File not found: " + m_param + "."); return false; diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy index 3d1a3ef3..4d156928 100644 --- a/src/parser/seclang-parser.yy +++ b/src/parser/seclang-parser.yy @@ -57,6 +57,7 @@ class Driver; #include "utils.h" #include "utils/geo_lookup.h" #include "utils/msc_string.h" +#include "utils/msc_system.h" #include "variables/xml.h" #include "variables/duration.h" #include "variables/env.h" @@ -661,7 +662,8 @@ expression: | CONFIG_DIR_GEO_DB { #ifdef WITH_GEOIP - std::string file = modsecurity::find_resource($1, driver.ref.back()); + std::string file = modsecurity::utils::find_resource($1, + driver.ref.back()); if (GeoLookup::getInstance().setDataBase(file) == false) { std::stringstream ss; ss << "Failed to load the GeoDB from: "; diff --git a/src/parser/seclang-scanner.ll b/src/parser/seclang-scanner.ll index e16c74bc..1b51dfaa 100755 --- a/src/parser/seclang-scanner.ll +++ b/src/parser/seclang-scanner.ll @@ -398,8 +398,8 @@ VAR_FREE_TEXT_SPACE_COMMA [^, \t\"]+ {CONFIG_INCLUDE}[ ]{CONFIG_VALUE_PATH} { const char *file = strchr(yytext, ' ') + 1; - for (auto& s: modsecurity::expandEnv(file, 0)) { - std::string f = modsecurity::find_resource(s, driver.ref.back()); + for (auto& s: modsecurity::utils::expandEnv(file, 0)) { + std::string f = modsecurity::utils::find_resource(s, driver.ref.back()); yyin = fopen(f.c_str(), "r" ); if (!yyin) { BEGIN(INITIAL); @@ -416,8 +416,8 @@ VAR_FREE_TEXT_SPACE_COMMA [^, \t\"]+ const char *file = strchr(yytext, ' ') + 1; char *f = strdup(file + 1); f[strlen(f)-1] = '\0'; - for (auto& s: modsecurity::expandEnv(f, 0)) { - std::string f = modsecurity::find_resource(s, driver.ref.back()); + for (auto& s: modsecurity::utils::expandEnv(f, 0)) { + std::string f = modsecurity::utils::find_resource(s, driver.ref.back()); yyin = fopen(f.c_str(), "r" ); if (!yyin) { BEGIN(INITIAL); diff --git a/src/transaction.cc b/src/transaction.cc index 8b17b072..f4af2965 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -43,11 +43,13 @@ #include "src/unique_id.h" #include "src/utils.h" #include "utils/msc_string.h" +#include "utils/msc_system.h" #include "modsecurity/rule.h" #include "modsecurity/rules_properties.h" #include "src/actions/allow.h" + using modsecurity::actions::Action; using modsecurity::RequestBodyProcessor::Multipart; using modsecurity::RequestBodyProcessor::XML; @@ -121,7 +123,7 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData) m_marker(""), m_allowType(modsecurity::actions::NoneAllowType), m_skip_next(0), - m_creationTimeStamp(cpu_seconds()), + m_creationTimeStamp(utils::cpu_seconds()), m_logCbData(logCbData), m_ms(ms), m_collections(ms->m_global_collection, ms->m_ip_collection, diff --git a/src/utils.cc b/src/utils.cc index 01b947e5..7905717b 100644 --- a/src/utils.cc +++ b/src/utils.cc @@ -235,31 +235,6 @@ std::string uri_decode(const std::string & sSrc) { } -void createDir(std::string dir, int mode) { -#if defined _MSC_VER - _mkdir(dir.data()); -#elif defined __GNUC__ - mkdir(dir.data(), mode); -#endif -} - - -double cpu_seconds(void) { - /* - * FIXME: Temporary hack to fix build on MacOS X. Very issuficient way, but - * works. Worth reimplementing using mach_absolute_time(). - */ -#ifndef MACOSX - struct timespec t; - if (!clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &t)) - return static_cast(t.tv_sec) - + static_cast(t.tv_nsec / 1000000000.0); - else - return static_cast(clock()) / - static_cast(CLOCKS_PER_SEC); -#endif - return 0; -} /** @@ -602,61 +577,5 @@ unsigned char *c2x(unsigned what, unsigned char *where) { } - - -std::vector expandEnv(const std::string& var, int flags) { - std::vector vars; - - wordexp_t p; - if (wordexp(var.c_str(), &p, flags) == false) { - if (p.we_wordc) { - for (char** exp = p.we_wordv; *exp; ++exp) { - vars.push_back(exp[0]); - } - } - wordfree(&p); - } - return vars; -} - - -std::string get_path(const std::string& file) { - size_t found; - - found = file.find_last_of("/\\"); - if (found > 0) { - return file.substr(0, found); - } - - return std::string(""); -} - - -std::string find_resource(const std::string& resource, - const std::string& config) { - std::ifstream *iss = NULL; - - // Trying absolute or relative to the current dir. - iss = new std::ifstream(resource, std::ios::in); - if (iss->is_open()) { - iss->close(); - delete iss; - return resource; - } - delete iss; - - // Trying the same path of the configuration file. - std::string f = get_path(config) + "/" + resource; - iss = new std::ifstream(f, std::ios::in); - if (iss->is_open()) { - iss->close(); - delete iss; - return f; - } - delete iss; - - return std::string(""); -} - } // namespace modsecurity diff --git a/src/utils.h b/src/utils.h index 1ad29273..163d4469 100644 --- a/src/utils.h +++ b/src/utils.h @@ -34,9 +34,7 @@ namespace modsecurity { uint64_t input_len, int *invalid_count, int *changed); double random_number(const double from, const double to); double generate_transaction_unique_id(); - void createDir(std::string dir, int mode); std::string uri_decode(const std::string & sSrc); - double cpu_seconds(void); int js_decode_nonstrict_inplace(unsigned char *input, int64_t input_len); unsigned char x2c(unsigned char *what); unsigned char *c2x(unsigned what, unsigned char *where); @@ -48,9 +46,6 @@ namespace modsecurity { int urldecode_uni_nonstrict_inplace_ex(Transaction *transaction, unsigned char *input, int64_t input_len, int *changed); std::string phase_name(int x); - std::vector expandEnv(const std::string& var, int flags); - std::string find_resource(const std::string& file, - const std::string& param); } // namespace modsecurity diff --git a/src/utils/msc_system.cc b/src/utils/msc_system.cc new file mode 100644 index 00000000..b6d0c935 --- /dev/null +++ b/src/utils/msc_system.cc @@ -0,0 +1,126 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#if defined _MSC_VER +#include +#elif defined __GNUC__ +#include +#include +#endif + +#include "utils.h" +#include "utils/msc_system.h" + +namespace modsecurity { +namespace utils { + + +double cpu_seconds(void) { + /* + * FIXME: Temporary hack to fix build on MacOS X. Very issuficient way, but + * works. Worth reimplementing using mach_absolute_time(). + */ +#ifndef MACOSX + struct timespec t; + if (!clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &t)) + return static_cast(t.tv_sec) + + static_cast(t.tv_nsec / 1000000000.0); + else + return static_cast(clock()) / + static_cast(CLOCKS_PER_SEC); +#endif + return 0; +} + + +std::string find_resource(const std::string& resource, + const std::string& config) { + std::ifstream *iss = NULL; + + // Trying absolute or relative to the current dir. + iss = new std::ifstream(resource, std::ios::in); + if (iss->is_open()) { + iss->close(); + delete iss; + return resource; + } + delete iss; + + // Trying the same path of the configuration file. + std::string f = get_path(config) + "/" + resource; + iss = new std::ifstream(f, std::ios::in); + if (iss->is_open()) { + iss->close(); + delete iss; + return f; + } + delete iss; + + return std::string(""); +} + + +std::string get_path(const std::string& file) { + size_t found; + + found = file.find_last_of("/\\"); + if (found > 0) { + return file.substr(0, found); + } + + return std::string(""); +} + + +std::vector expandEnv(const std::string& var, int flags) { + std::vector vars; + + wordexp_t p; + if (wordexp(var.c_str(), &p, flags) == false) { + if (p.we_wordc) { + for (char** exp = p.we_wordv; *exp; ++exp) { + vars.push_back(exp[0]); + } + } + wordfree(&p); + } + return vars; +} + + +void createDir(std::string dir, int mode) { +#if defined _MSC_VER + _mkdir(dir.data()); +#elif defined __GNUC__ + mkdir(dir.data(), mode); +#endif +} + + +} // namespace utils +} // namespace modsecurity diff --git a/src/utils/msc_system.h b/src/utils/msc_system.h new file mode 100644 index 00000000..42e075a6 --- /dev/null +++ b/src/utils/msc_system.h @@ -0,0 +1,41 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include +#include +#include +#include + +#include "modsecurity/modsecurity.h" + +#ifndef SRC_UTILS_SYSTEM_H_ +#define SRC_UTILS_SYSTEM_H_ + + +namespace modsecurity { +namespace utils { + + +double cpu_seconds(void); +std::string find_resource(const std::string& file, const std::string& param); +std::string get_path(const std::string& file); +std::vector expandEnv(const std::string& var, int flags); +void createDir(std::string dir, int mode); + + +} // namespace utils +} // namespace modsecurity + +#endif // SRC_UTILS_SYSTEM_H_ \ No newline at end of file diff --git a/src/variables/duration.cc b/src/variables/duration.cc index d533f43f..c87fbeae 100644 --- a/src/variables/duration.cc +++ b/src/variables/duration.cc @@ -22,7 +22,7 @@ #include #include "modsecurity/transaction.h" -#include "src/utils.h" +#include "src/utils/msc_system.h" namespace modsecurity { namespace Variables { @@ -31,7 +31,7 @@ void Duration::evaluateInternal(Transaction *transaction, std::vector *l) { std::string res; - double e = cpu_seconds() - transaction->m_creationTimeStamp; + double e = utils::cpu_seconds() - transaction->m_creationTimeStamp; res = std::to_string(e); diff --git a/test/optimization/optimization.cc b/test/optimization/optimization.cc index 10b6b4f3..fca14a6e 100644 --- a/test/optimization/optimization.cc +++ b/test/optimization/optimization.cc @@ -23,6 +23,7 @@ #include "modsecurity/modsecurity.h" #include "modsecurity/rules.h" #include "src/utils.h" +#include "src/utils/msc_system.h" #include "parser/driver.h" #include "utils/https_client.h" #include "modsecurity/rules_properties.h" @@ -42,7 +43,8 @@ int main(int argc, char **argv) { int i = 1; while (i < argc) { - std::vector tfiles = modsecurity::expandEnv(argv[i] , 0); + std::vector tfiles = modsecurity::utils::expandEnv( + argv[i], 0); for (const auto &file : tfiles) { files.insert(files.begin(), file); }