github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,053 Commits 55 Branches 109 Tags
Commit Graph

3053 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
17e3ec7787
Testing github workflow 2020-11-23 12:53:02 -03:00
Felipe Zimmerle
0096b17787
Using a custom VariableMatch* implementation 
Delay the variable name resolution till last minute.

Fix one of the issues raised in #2376
 2020-11-22 11:07:19 -03:00
Felipe Zimmerle
cf4f1b776b
Avoids to cleanup GeoIp on ModSecurity destructor 
GeoIp is already being cleaned elsewhere.

Fix #2041
 2020-11-17 22:53:23 -03:00
martinhsv
a6fe74d1af
Fix memory leak of RuleMessages objects 2020-11-16 10:01:43 -03:00
martinhsv
65ced72918
Produce not-supported error for ctl:forceRequestBodyVariable, ctl:auditEngine 2020-11-16 10:01:43 -03:00
martinhsv
b83d1f1d06
Implement id ranges for ctl:ruleRemoveTargetById 2020-11-16 10:01:43 -03:00
Felipe Zimmerle
39ac4760ea
Refactoring on Action - having RuleWithAction and RuleWithActionsProperties 2020-11-16 10:01:43 -03:00
Felipe Zimmerle
730328897d
Constify Transaction on variable resolution 2020-11-16 10:01:43 -03:00
Felipe Zimmerle
3317f498f6
Uses unique_ptr on REMOTE_USER 2020-11-16 10:01:43 -03:00
Felipe Zimmerle
09ec92e66a
Reduce the workload on VariableValue 
Last compute at the last minute, if needed.
 2020-11-16 10:01:42 -03:00
Felipe Zimmerle
44791be5e0
Adds support for string_view in Variable 2020-11-16 10:01:42 -03:00
Felipe Zimmerle
68c3aa97a6
Removes copy form VariableValue 
On `Use std::shared_ptr for variable resolution` @WGH changes
VariableValue to be a shared_ptr. As shared pointer, the copy
on AnchoredVariable is no longer necessary. The copy was removed
along with the copy constructor.
 2020-11-16 10:01:42 -03:00
Felipe Zimmerle
952473368a
Replaces getKeyWithCollection with getName on VariableValue 2020-11-16 10:01:42 -03:00
Felipe Zimmerle
c24cdf6313
Removes unecessary ptr copy form VariableValue 2020-11-16 10:01:42 -03:00
Felipe Zimmerle
045e66d624
Delays variable name resolution to whenever it is necessary 2020-11-16 10:01:42 -03:00
Felipe Zimmerle
a8ba54e1ab
Cosmetics: Using VariableValues instead of std::vector<...> 
Making the code more readable.
 2020-11-16 10:01:42 -03:00
Felipe Zimmerle
f917d07950
Refactoring on variables::Variable 
Using the references on key and collection as shared pointers
 2020-11-16 10:01:42 -03:00
WGH
1b13e041ce
Use std::shared_ptr for variable resolution 
AnchoredSetVariable::resolve is called for every rule
(see RuleWithOperator::evaluate). The previous implementation allocated
a new copy of every variable, which quickly added up. In my tests,
AnchoredSetVariable::resolve function consumed 7.8% of run time.

AnchoredSetVariable (which is a multimap) values are never changed,
only added. This means it's safe to store them in std::shared_ptr,
and make resolve return shared_ptr pointing to the same object.

Other resolve implementation could also use this optimization by not
allocating new objects, however, they are not hot spots, so this
optimization was not implemented there.

In my benchmark, this raises performance from 117 requests per second to
131 RPS, and overhead is lowered from 7.8% to 2.4%.

As a bonus, replacing plain pointer with smart pointers make code
cleaner, since using smart pointers makes manual deletes no longer necessary.

Additionally, VariableOrigin is now stored in plain std::vector,
since it's wasteful to store structure containing just two integer
values using std::list<std::unique_ptr<T>>.
 2020-11-16 10:01:42 -03:00
Felipe Zimmerle
7d4cb31b72
Having RunTimeString in a better shape 
This is an effort towards better understanding the issues
reported on #2376
 2020-11-16 10:01:41 -03:00
Felipe Zimmerle
5f853f1511
Removes init from SetVar 2020-11-16 10:01:41 -03:00
Felipe Zimmerle
281a4caabb
Use 'equal_range' instead of full scan for rule exceptions 
The original author was @WGH-, this change was proposed at #2370
 2020-11-16 10:01:41 -03:00
WGH
85b9e36d0b
Remove unnecessary copying in transformations 
In C++11, string data is always null-terminated[1], and can be
freely modified[2].

[1] https://stackoverflow.com/questions/6077189/will-stdstring-always-be-null-terminated-in-c11
[2] https://stackoverflow.com/questions/38875623/is-it-permitted-to-modify-the-internal-stdstring-buffer-returned-by-operator
 2020-11-16 10:01:41 -03:00
WGH
bbaffc8f3d
Make all "rule id" variables of type RuleId 
Previously, ModSecurity inconsistently used RuleId, int and double for
rule id variables in different places.
 2020-11-16 10:01:41 -03:00
Felipe Zimmerle
d023ddffcd
Makes RuleWithActions const in run time operations 2020-11-16 10:01:41 -03:00
Felipe Zimmerle
a733313589
Introduces ActionWithExecution 2020-11-16 10:01:41 -03:00
Felipe Zimmerle
0a8c808f7a
Makes Lua::run const 2020-11-16 10:01:41 -03:00
Felipe Zimmerle
f703e5795f
Removes method isDisruptive from Action class 2020-11-16 10:01:40 -03:00
Felipe Zimmerle
61c4319b14
Action: make sure that null constructor is not used 2020-11-16 10:01:40 -03:00
Felipe Zimmerle
e9adb6c68f
Computes auditlog during rules load time 2020-11-16 10:01:40 -03:00
Felipe Zimmerle
c90325062b
actions: Removes Rule parameter from runtime execute 
Generals organization on the Action class
 2020-11-16 10:01:40 -03:00
Felipe Zimmerle
2ee9ccffa9
actions: Compute the rule association during rules load 2020-11-16 10:01:40 -03:00
Felipe Zimmerle
a4cd7a0091
tests: Romoves unused header from a test case 2020-11-16 10:01:40 -03:00
Felipe Zimmerle
7095b7db27
tests: Prints test number on segfault 2020-11-16 10:01:40 -03:00
Felipe Zimmerle
f945086ec4
Replaces lower case implementation 2020-11-16 10:01:40 -03:00
Felipe Zimmerle
301f724e9e
Makes operator to use string_view 2020-11-16 10:01:39 -03:00
Felipe Zimmerle
d5158f1afc
Improves rules dump for better testing 2020-11-16 10:01:39 -03:00
Felipe Zimmerle
46acbd81a0
Better error handling when loading configurations 2020-11-16 10:01:39 -03:00
Felipe Zimmerle
3fb4266ebf
Adds method getVariableNames to variables 2020-11-16 10:01:39 -03:00
Felipe Zimmerle
5504f63b21
Cosmetics: Defining a type for RuleId 2020-11-16 10:01:39 -03:00
Felipe Zimmerle
bab7d6ccdf
Moves rule* headers to src/ 2020-11-16 10:01:39 -03:00
Felipe Zimmerle
38a814411b
Cleanup on Action class 2020-11-16 10:01:39 -03:00
Felipe Zimmerle
10985f33b0
Removes RuleMessage from action execute signature 2020-11-16 10:01:39 -03:00
Felipe Zimmerle
12304ea36b
Refactoring: Makes transformations to work with new execute signature 2020-11-16 10:01:38 -03:00
nikolas
e3583f342a
Move travis to use a new version of Ubuntu 2020-11-16 10:01:38 -03:00
Felipe Zimmerle
01e2fe4f82
Cosmetics: fix some cppcheck complains 2020-11-16 10:01:38 -03:00
Felipe Zimmerle
14a60ef46c
Refactoring: rename evaluate to execute on actions 2020-11-16 10:01:38 -03:00
Felipe Zimmerle
a5a0f261e2
Refactoring in the Rule class to make it more elegant 2020-11-16 10:01:38 -03:00
Felipe Zimmerle
4c0fc7b6ff
Rule: isMarker is no longer necessary 2020-11-16 10:01:38 -03:00
Felipe Zimmerle
1518015687
Adds new method for rule merge 
IMPORTANT: SecDefaultAction specified on a child configuration will
overwrite the ones specified on the parent; Previously it was
concatenating.
 2020-11-16 10:01:38 -03:00
Felipe Zimmerle
73c3731c9d
Moves default actions to be part of the rules 2020-11-16 10:01:38 -03:00