diff --git a/headers/modsecurity/assay.h b/headers/modsecurity/assay.h index 1a003f9f..bb23a155 100644 --- a/headers/modsecurity/assay.h +++ b/headers/modsecurity/assay.h @@ -173,7 +173,7 @@ class Assay { std::list rulesMessages; std::list ruleTags; - std::list> auditLogModifier; + std::list< std::pair > auditLogModifier; std::string m_marker; private: diff --git a/headers/modsecurity/modsecurity.h b/headers/modsecurity/modsecurity.h index c13fc65b..18612e52 100644 --- a/headers/modsecurity/modsecurity.h +++ b/headers/modsecurity/modsecurity.h @@ -140,7 +140,7 @@ class ModSecurity { ModSecurity(); ~ModSecurity(); - static std::string whoAmI(); + static const std::string whoAmI(); void setConnectorInformation(std::string connector); void setServerLogCb(LogCb cb); void serverLog(void *data, const std::string& msg); diff --git a/src/rule.h b/headers/modsecurity/rule.h similarity index 95% rename from src/rule.h rename to headers/modsecurity/rule.h index 840bc317..94646efb 100644 --- a/src/rule.h +++ b/headers/modsecurity/rule.h @@ -23,11 +23,14 @@ #define SRC_RULE_H_ #include "modsecurity/modsecurity.h" -#include "variables/variable.h" + #ifdef __cplusplus namespace modsecurity { +namespace Variables { + class Variable; +} class Rule { public: @@ -47,6 +50,8 @@ class Rule { std::vector actions_runtime_pre; std::vector actions_runtime_pos; + std::vector getActionNames(); + std::vector *variables; int phase; long rule_id; diff --git a/headers/modsecurity/rules_properties.h b/headers/modsecurity/rules_properties.h index 0d15851e..46b91b10 100644 --- a/headers/modsecurity/rules_properties.h +++ b/headers/modsecurity/rules_properties.h @@ -92,6 +92,14 @@ class RulesProperties { } std::vector rules[7]; + std::vector * getRulesForPhase(int phase) { + if (phase > 7) + { + return NULL; + } + return &rules[phase]; + }; + // ModSecurity::Phases::NUMBER_OF_PHASES std::vector defaultActions[7]; // ModSecurity::Phases::NUMBER_OF_PHASES diff --git a/headers/modsecurity/transaction/variables.h b/headers/modsecurity/transaction/variables.h index dda4acec..f6cb256d 100644 --- a/headers/modsecurity/transaction/variables.h +++ b/headers/modsecurity/transaction/variables.h @@ -51,9 +51,6 @@ class Variables : std::string* resolveFirst(const std::string& var); - std::string* resolveFirst(const std::string& collectionName, - const std::string& var); - void resolveSingleMatch(const std::string& var, std::vector *l); diff --git a/src/Makefile.am b/src/Makefile.am index ad9ada7a..f0f71c43 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -27,6 +27,7 @@ pkginclude_HEADERS = \ ../headers/modsecurity/debug_log.h \ ../headers/modsecurity/intervention.h \ ../headers/modsecurity/modsecurity.h \ + ../headers/modsecurity/rule.h \ ../headers/modsecurity/rules.h \ ../headers/modsecurity/rules_properties.h diff --git a/src/actions/action.cc b/src/actions/action.cc index 90261baf..b51ea4ea 100644 --- a/src/actions/action.cc +++ b/src/actions/action.cc @@ -19,7 +19,7 @@ #include #include "modsecurity/assay.h" -#include "src/rule.h" +#include "modsecurity/rule.h" #include "actions/block.h" #include "actions/chain.h" diff --git a/src/actions/block.cc b/src/actions/block.cc index 737ae331..996fffe6 100644 --- a/src/actions/block.cc +++ b/src/actions/block.cc @@ -19,7 +19,7 @@ #include #include "modsecurity/assay.h" -#include "src/rule.h" +#include "modsecurity/rule.h" #include "modsecurity/intervention.h" namespace modsecurity { diff --git a/src/actions/capture.cc b/src/actions/capture.cc index 41c3dc3a..2706210d 100644 --- a/src/actions/capture.cc +++ b/src/actions/capture.cc @@ -21,7 +21,7 @@ #include "modsecurity/assay.h" -#include "src/rule.h" +#include "modsecurity/rule.h" #include "operators/operator.h" #include "operators/pm.h" #include "operators/rx.h" diff --git a/src/actions/chain.cc b/src/actions/chain.cc index 2de457d6..714b4fea 100644 --- a/src/actions/chain.cc +++ b/src/actions/chain.cc @@ -19,7 +19,7 @@ #include #include "modsecurity/assay.h" -#include "src/rule.h" +#include "modsecurity/rule.h" namespace modsecurity { namespace actions { diff --git a/src/actions/pass.cc b/src/actions/pass.cc index fe901758..1a6e03c0 100644 --- a/src/actions/pass.cc +++ b/src/actions/pass.cc @@ -19,7 +19,7 @@ #include #include "modsecurity/assay.h" -#include "src/rule.h" +#include "modsecurity/rule.h" namespace modsecurity { namespace actions { diff --git a/src/actions/phase.cc b/src/actions/phase.cc index f0b2f17b..9e35c63f 100644 --- a/src/actions/phase.cc +++ b/src/actions/phase.cc @@ -19,7 +19,7 @@ #include #include "modsecurity/assay.h" -#include "src/rule.h" +#include "modsecurity/rule.h" #include "src/utils.h" #include "modsecurity/modsecurity.h" diff --git a/src/actions/rev.cc b/src/actions/rev.cc index 9fc3d54e..55c6aeef 100644 --- a/src/actions/rev.cc +++ b/src/actions/rev.cc @@ -21,7 +21,7 @@ #include "actions/action.h" #include "modsecurity/assay.h" #include "src/utils.h" -#include "src/rule.h" +#include "modsecurity/rule.h" #include "src/macro_expansion.h" namespace modsecurity { diff --git a/src/actions/rule_id.cc b/src/actions/rule_id.cc index 20c7e8fa..4c172837 100644 --- a/src/actions/rule_id.cc +++ b/src/actions/rule_id.cc @@ -19,7 +19,7 @@ #include #include "modsecurity/assay.h" -#include "src/rule.h" +#include "modsecurity/rule.h" namespace modsecurity { namespace actions { diff --git a/src/actions/set_var.cc b/src/actions/set_var.cc index 737412a5..2533bde5 100644 --- a/src/actions/set_var.cc +++ b/src/actions/set_var.cc @@ -19,7 +19,7 @@ #include #include "modsecurity/assay.h" -#include "src/rule.h" +#include "modsecurity/rule.h" #include "src/macro_expansion.h" #include "src/utils.h" diff --git a/src/modsecurity.cc b/src/modsecurity.cc index 223f50e0..0aeee50c 100644 --- a/src/modsecurity.cc +++ b/src/modsecurity.cc @@ -17,7 +17,7 @@ #include #include "modsecurity/modsecurity.h" -#include "src/rule.h" +#include "modsecurity/rule.h" #include "src/config.h" #include "src/unique_id.h" #ifdef MSC_WITH_CURL @@ -76,7 +76,7 @@ ModSecurity::~ModSecurity() { * update it, make it in a fashion that won't break the existent parsers. * (e.g. adding extra information _only_ to the end of the string) */ -std::string ModSecurity::whoAmI() { +const std::string ModSecurity::whoAmI() { std::string platform("Unknown platform"); #if AIX diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy index e436d2b8..55264c7c 100644 --- a/src/parser/seclang-parser.yy +++ b/src/parser/seclang-parser.yy @@ -33,7 +33,7 @@ class Driver; #include "actions/transformations/transformation.h" #include "actions/transformations/none.h" #include "operators/operator.h" -#include "src/rule.h" +#include "modsecurity/rule.h" #include "utils/geo_lookup.h" #include "audit_log.h" #include "utils.h" diff --git a/src/rule.cc b/src/rule.cc index 694e3eb4..0f22aa97 100644 --- a/src/rule.cc +++ b/src/rule.cc @@ -13,7 +13,7 @@ * */ -#include "src/rule.h" +#include "modsecurity/rule.h" #include @@ -135,6 +135,25 @@ Rule::Rule(Operator *_op, } +std::vector Rule::getActionNames() { + std::vector a; + for (auto &z : this->actions_runtime_pos) + { + a.push_back(z->action); + } + for (auto &z : this->actions_runtime_pre) + { + a.push_back(z->action); + } + for (auto &z : this->actions_conf) + { + a.push_back(z->action); + } + + return a; +} + + bool Rule::evaluateActions(Assay *assay) { int none = 0; bool containsDisruptive = false;