github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Uses pointer instead of std::string copies while applying transformations

Browse Source
This commit is contained in:
Felipe Zimmerle 2016-12-28 01:38:43 -03:00
parent 63f3f2fd8b
commit f62dc287c9
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
3 changed files with 43 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
headers/modsecurity/rule.h
View File

@ -55,7 +55,7 @@ class Rule {
std::vector<const collection::Variable *> getFinalVars(Transaction *trasn); std::vector<const collection::Variable *> getFinalVars(Transaction *trasn);
void executeActionsAfterFullMatch(Transaction *trasn, void executeActionsAfterFullMatch(Transaction *trasn,
bool containsDisruptive, RuleMessage *ruleMessage); bool containsDisruptive, RuleMessage *ruleMessage);
std::vector<std::string> executeSecDefaultActionTransofrmations( std::vector<std::string *> executeSecDefaultActionTransofrmations(
Transaction *trasn, const std::string &value, bool multiMatch); Transaction *trasn, const std::string &value, bool multiMatch);
bool executeOperatorAt(Transaction *trasn, std::string key, bool executeOperatorAt(Transaction *trasn, std::string key,
std::string value); std::string value);

64
src/rule.cc
View File

@ -284,12 +284,15 @@ bool Rule::executeOperatorAt(Transaction *trasn, std::string key,
// FIXME: this should be a list instead of a vector, keeping the but // FIXME: this should be a list instead of a vector, keeping the but
// of v2 alive. // of v2 alive.
std::vector<std::string> Rule::executeSecDefaultActionTransofrmations( std::vector<std::string *> Rule::executeSecDefaultActionTransofrmations(
Transaction *trasn, const std::string &value2, bool multiMatch) { Transaction *trasn, const std::string &in, bool multiMatch) {
int none = 0; int none = 0;
int transformations = 0; int transformations = 0;
std::vector<std::string> ret; std::vector<std::string *> ret;
std::string value = std::string(value2);
std::string *value = new std::string(in);
std::string *newValue = NULL;
if (multiMatch == true) { if (multiMatch == true) {
ret.push_back(value); ret.push_back(value);
@ -309,49 +312,51 @@ std::vector<std::string> Rule::executeSecDefaultActionTransofrmations(
for (Action *a : trasn->m_rules->defaultActions[this->phase]) { for (Action *a : trasn->m_rules->defaultActions[this->phase]) {
if (a->action_kind \ if (a->action_kind \
== actions::Action::RunTimeBeforeMatchAttemptKind) { == actions::Action::RunTimeBeforeMatchAttemptKind) {
std::string oldValue = std::string(value); newValue = new std::string(a->evaluate(*value, trasn));
if (multiMatch) {
oldValue = ret.back();
}
std::string newValue = a->evaluate(oldValue, trasn);
if (multiMatch == true) { if (multiMatch == true) {
if (newValue != oldValue) { if (*newValue != *value) {
ret.push_back(newValue); ret.push_back(newValue);
} else {
delete value;
} }
} else { } else {
value = newValue; delete value;
} }
value = newValue;
trasn->debug(9, "(SecDefaultAction) T (" + \ trasn->debug(9, "(SecDefaultAction) T (" + \
std::to_string(transformations) + ") " + \ std::to_string(transformations) + ") " + \
a->m_name + ": \"" + \ a->m_name + ": \"" + \
utils::string::limitTo(80, newValue) +"\""); utils::string::limitTo(80, *value) +"\"");
transformations++; transformations++;
} }
} }
} }
for (Action *a : this->m_actionsRuntimePre) { for (Action *a : this->m_actionsRuntimePre) {
if (none == 0) { if (none == 0) {
std::string oldValue = std::string(value); newValue = new std::string(a->evaluate(*value, trasn));
if (multiMatch) {
oldValue = ret.back();
}
std::string newValue = a->evaluate(oldValue, trasn);
if (multiMatch == true) { if (multiMatch == true) {
if (newValue != oldValue) { if (*value != *newValue) {
ret.push_back(newValue); ret.push_back(newValue);
value = newValue;
} else {
delete value;
} }
} else { } else {
value = newValue; delete value;
} }
value = newValue;
trasn->debug(9, " T (" + \ trasn->debug(9, " T (" + \
std::to_string(transformations) + ") " + \ std::to_string(transformations) + ") " + \
a->m_name + ": \"" + \ a->m_name + ": \"" + \
utils::string::limitTo(80, newValue) + "\""); utils::string::limitTo(80, *value) + "\"");
transformations++; transformations++;
} }
if (a->m_isNone) { if (a->m_isNone) {
@ -364,8 +369,8 @@ std::vector<std::string> Rule::executeSecDefaultActionTransofrmations(
trasn->debug(9, "multiMatch is enabled. " \ trasn->debug(9, "multiMatch is enabled. " \
+ std::to_string(ret.size()) + \ + std::to_string(ret.size()) + \
" values to be tested."); " values to be tested.");
for (const std::string &a : ret) { for (const std::string *a : ret) {
trasn->debug(9, " - " + a); trasn->debug(9, " - " + *a);
} }
} else { } else {
ret.push_back(value); ret.push_back(value);
@ -414,6 +419,8 @@ std::vector<const collection::Variable *> Rule::getFinalVars(
trasn->debug(9, "Variable: " + *key + trasn->debug(9, "Variable: " + *key +
" is part of the exclusion list, skipping..."); " is part of the exclusion list, skipping...");
#endif #endif
delete v;
v = NULL;
continue; continue;
} }
@ -431,6 +438,8 @@ std::vector<const collection::Variable *> Rule::getFinalVars(
} }
} }
if (ignoreVariable) { if (ignoreVariable) {
delete v;
v = NULL;
continue; continue;
} }
@ -448,6 +457,8 @@ std::vector<const collection::Variable *> Rule::getFinalVars(
} }
} }
if (ignoreVariable) { if (ignoreVariable) {
delete v;
v = NULL;
continue; continue;
} }
@ -574,16 +585,16 @@ bool Rule::evaluate(Transaction *trasn) {
const std::string value = *(v->m_value); const std::string value = *(v->m_value);
const std::string key = *(v->m_key); const std::string key = *(v->m_key);
std::vector<std::string> values; std::vector<std::string *> values;
bool multiMatch = getActionsByName("multimatch").size() > 0; bool multiMatch = getActionsByName("multimatch").size() > 0;
values = executeSecDefaultActionTransofrmations(trasn, value, values = executeSecDefaultActionTransofrmations(trasn, value,
multiMatch); multiMatch);
for (const std::string &valueTemp : values) { for (const std::string *valueTemp : values) {
bool ret; bool ret;
ret = executeOperatorAt(trasn, key, valueTemp); ret = executeOperatorAt(trasn, key, *valueTemp);
if (ret == true) { if (ret == true) {
ruleMessage.m_match = resolveMatchMessage(key, value); ruleMessage.m_match = resolveMatchMessage(key, value);
updateMatchedVars(trasn, key, value); updateMatchedVars(trasn, key, value);
@ -591,6 +602,7 @@ bool Rule::evaluate(Transaction *trasn) {
&containsDisruptive, &ruleMessage); &containsDisruptive, &ruleMessage);
globalRet = true; globalRet = true;
} }
delete valueTemp;
} }
} }

7
src/variables/xml.cc
View File

@ -123,9 +123,10 @@ void XML::evaluateInternal(Transaction *t,
content = reinterpret_cast<char *>( content = reinterpret_cast<char *>(
xmlNodeGetContent(nodes->nodeTab[i])); xmlNodeGetContent(nodes->nodeTab[i]));
if (content != NULL) { if (content != NULL) {
// FIXME: Memory leak collection::Variable *var = new collection::Variable(&m_name,
l->push_back(new collection::Variable(&m_name, new std::string(content));
new std::string(content))); var->m_dynamic_value = true;
l->push_back(var);
xmlFree(content); xmlFree(content);
} }
} }