github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 13:26:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,065 Commits 55 Branches 109 Tags
Commit Graph

3065 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
ae128ad94d
Having the Sec[Request|Response]BodyAccess deprecated 2020-12-23 19:32:32 -03:00
Felipe Zimmerle
62d35fbf97
Adds support to config warnings 2020-12-23 19:27:54 -03:00
Felipe Zimmerle
bf87f11036
Cosmetics: Refactoring on regression utility 2020-12-23 15:11:56 -03:00
martinhsv
aa018d4eb8 Fix memory leaks in ValidateSchema 2020-12-22 23:15:20 -03:00
Felipe Zimmerle
571a59bad8 Moves fixDefaultActions to Rules 2020-12-22 23:15:20 -03:00
Felipe Zimmerle
fa877bd5fc Avoid warnings while generating the parser 2020-12-22 23:15:17 -03:00
martinhsv
bedc9a1eb0 Fix memory leak of ValidateDTD's dtd object 2020-12-22 22:14:46 -03:00
Felipe Zimmerle
e0f39b3211 cosmetics: Fix compilation warnings to please QA 2020-12-22 22:14:46 -03:00
Felipe Zimmerle
7f31746ca2 Testing gcc-problem-matcher on ci/workflow 2020-12-22 22:14:46 -03:00
Felipe Zimmerle
3a55909eae Using setenv instead of putenv on SetEnv action 2020-12-22 22:14:46 -03:00
Felipe Zimmerle
ba0007a474 Having the QA on GitHub workflow 2020-12-22 22:14:46 -03:00
Felipe Zimmerle
eec1f00bea Using a custom VariableMatch* implementation 
Delay the variable name resolution till last minute.

Fix one of the issues raised in #2376
 2020-12-22 22:14:46 -03:00
Felipe Zimmerle
97762dc1bc Avoids to cleanup GeoIp on ModSecurity destructor 
GeoIp is already being cleaned elsewhere.

Fix #2041
 2020-12-22 22:14:46 -03:00
martinhsv
ab6754712c Fix memory leak of RuleMessages objects 2020-12-22 22:14:46 -03:00
martinhsv
29364052cd Produce not-supported error for ctl:forceRequestBodyVariable, ctl:auditEngine 2020-12-22 22:14:45 -03:00
martinhsv
c258cff815 Implement id ranges for ctl:ruleRemoveTargetById 2020-12-22 22:14:45 -03:00
Felipe Zimmerle
5b204642ab Refactoring on Action - having RuleWithAction and RuleWithActionsProperties 2020-12-22 22:14:45 -03:00
Felipe Zimmerle
1f80055f63 Constify Transaction on variable resolution 2020-12-22 22:14:45 -03:00
Felipe Zimmerle
7afcd3046d Uses unique_ptr on REMOTE_USER 2020-12-22 22:14:44 -03:00
Felipe Zimmerle
820396f784 Reduce the workload on VariableValue 
Last compute at the last minute, if needed.
 2020-12-22 22:14:44 -03:00
Felipe Zimmerle
8fa4fc67af Adds support for string_view in Variable 2020-12-22 22:14:44 -03:00
Felipe Zimmerle
155bb1a51f Removes copy form VariableValue 
On `Use std::shared_ptr for variable resolution` @WGH changes
VariableValue to be a shared_ptr. As shared pointer, the copy
on AnchoredVariable is no longer necessary. The copy was removed
along with the copy constructor.
 2020-12-22 22:14:44 -03:00
Felipe Zimmerle
1eedf3e898 Replaces getKeyWithCollection with getName on VariableValue 2020-12-22 22:14:44 -03:00
Felipe Zimmerle
ae74d37f96 Removes unecessary ptr copy form VariableValue 2020-12-22 22:14:44 -03:00
Felipe Zimmerle
9f0e345f43 Delays variable name resolution to whenever it is necessary 2020-12-22 22:14:44 -03:00
Felipe Zimmerle
64bffdebc4 Cosmetics: Using VariableValues instead of std::vector<...> 
Making the code more readable.
 2020-12-22 22:14:44 -03:00
Felipe Zimmerle
d5cae10d3a Refactoring on variables::Variable 
Using the references on key and collection as shared pointers
 2020-12-22 22:14:43 -03:00
WGH
6528c95765 Use std::shared_ptr for variable resolution 
AnchoredSetVariable::resolve is called for every rule
(see RuleWithOperator::evaluate). The previous implementation allocated
a new copy of every variable, which quickly added up. In my tests,
AnchoredSetVariable::resolve function consumed 7.8% of run time.

AnchoredSetVariable (which is a multimap) values are never changed,
only added. This means it's safe to store them in std::shared_ptr,
and make resolve return shared_ptr pointing to the same object.

Other resolve implementation could also use this optimization by not
allocating new objects, however, they are not hot spots, so this
optimization was not implemented there.

In my benchmark, this raises performance from 117 requests per second to
131 RPS, and overhead is lowered from 7.8% to 2.4%.

As a bonus, replacing plain pointer with smart pointers make code
cleaner, since using smart pointers makes manual deletes no longer necessary.

Additionally, VariableOrigin is now stored in plain std::vector,
since it's wasteful to store structure containing just two integer
values using std::list<std::unique_ptr<T>>.
 2020-12-22 22:14:43 -03:00
Felipe Zimmerle
bff82cd80d Having RunTimeString in a better shape 
This is an effort towards better understanding the issues
reported on #2376
 2020-12-22 22:14:43 -03:00
Felipe Zimmerle
d3ba2318d6 Removes init from SetVar 2020-12-22 22:14:43 -03:00
Felipe Zimmerle
0f1d3bfc3e Use 'equal_range' instead of full scan for rule exceptions 
The original author was @WGH-, this change was proposed at #2370
 2020-12-22 22:14:42 -03:00
WGH
904fd030f9 Remove unnecessary copying in transformations 
In C++11, string data is always null-terminated[1], and can be
freely modified[2].

[1] https://stackoverflow.com/questions/6077189/will-stdstring-always-be-null-terminated-in-c11
[2] https://stackoverflow.com/questions/38875623/is-it-permitted-to-modify-the-internal-stdstring-buffer-returned-by-operator
 2020-12-22 22:14:42 -03:00
WGH
d7e9e0aa5b Make all "rule id" variables of type RuleId 
Previously, ModSecurity inconsistently used RuleId, int and double for
rule id variables in different places.
 2020-12-22 22:14:42 -03:00
Felipe Zimmerle
28c3cb3176 Makes RuleWithActions const in run time operations 2020-12-22 22:14:42 -03:00
Felipe Zimmerle
0a3b658969 Introduces ActionWithExecution 2020-12-22 22:14:41 -03:00
Felipe Zimmerle
7693bd33b9 Makes Lua::run const 2020-12-22 22:14:41 -03:00
Felipe Zimmerle
11111b5826 Removes method isDisruptive from Action class 2020-12-22 22:14:41 -03:00
Felipe Zimmerle
1522e7cd0a Action: make sure that null constructor is not used 2020-12-22 22:14:41 -03:00
Felipe Zimmerle
c38051324d Computes auditlog during rules load time 2020-12-22 22:14:41 -03:00
Felipe Zimmerle
bf3a1d84ff actions: Removes Rule parameter from runtime execute 
Generals organization on the Action class
 2020-12-22 22:14:38 -03:00
Felipe Zimmerle
eb3e05646d
actions: Compute the rule association during rules load 2020-12-10 10:10:49 -03:00
Felipe Zimmerle
374203b000
tests: Romoves unused header from a test case 2020-12-10 10:10:48 -03:00
Felipe Zimmerle
c44b5f95b1
tests: Prints test number on segfault 2020-12-10 10:10:48 -03:00
Felipe Zimmerle
e5846e3fd3
Replaces lower case implementation 2020-12-10 10:10:48 -03:00
Felipe Zimmerle
fc24f34843
Makes operator to use string_view 2020-12-10 10:10:48 -03:00
Felipe Zimmerle
96efe83174
Improves rules dump for better testing 2020-12-10 10:10:48 -03:00
Felipe Zimmerle
78d9575dd2
Better error handling when loading configurations 2020-12-10 10:10:48 -03:00
Felipe Zimmerle
942de22069
Adds method getVariableNames to variables 2020-12-10 10:10:48 -03:00
Felipe Zimmerle
5bd6c58385
Cosmetics: Defining a type for RuleId 2020-12-10 10:10:48 -03:00
Felipe Zimmerle
999af35e22
Moves rule* headers to src/ 2020-12-10 10:10:47 -03:00