github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-15 09:02:15 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,055 Commits 55 Branches 109 Tags
v3/dev/issue_340
Commit Graph

3055 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
b8478b11bb Adds support to setvar string manipulation 
As discussed on #340
 2020-12-02 12:11:43 -03:00
Felipe Zimmerle
587cbf3915 Having the QA on GitHub workflow 2020-11-30 12:48:38 -03:00
Felipe Zimmerle
7ebb81b037 Using a custom VariableMatch* implementation 
Delay the variable name resolution till last minute.

Fix one of the issues raised in #2376
 2020-11-30 12:48:37 -03:00
Felipe Zimmerle
ec7d2db400 Avoids to cleanup GeoIp on ModSecurity destructor 
GeoIp is already being cleaned elsewhere.

Fix #2041
 2020-11-30 12:48:37 -03:00
martinhsv
d242f0cd54 Fix memory leak of RuleMessages objects 2020-11-30 12:48:37 -03:00
martinhsv
9d398d8144 Produce not-supported error for ctl:forceRequestBodyVariable, ctl:auditEngine 2020-11-30 12:48:37 -03:00
martinhsv
0396e89619 Implement id ranges for ctl:ruleRemoveTargetById 2020-11-30 12:48:37 -03:00
Felipe Zimmerle
bb7bd975bf Refactoring on Action - having RuleWithAction and RuleWithActionsProperties 2020-11-30 12:48:35 -03:00
Felipe Zimmerle
1efd5e460d Constify Transaction on variable resolution 2020-11-27 23:25:08 -03:00
Felipe Zimmerle
b2256e4442 Uses unique_ptr on REMOTE_USER 2020-11-27 23:25:08 -03:00
Felipe Zimmerle
cc699bc794 Reduce the workload on VariableValue 
Last compute at the last minute, if needed.
 2020-11-27 23:25:08 -03:00
Felipe Zimmerle
856a84106a Adds support for string_view in Variable 2020-11-27 23:25:08 -03:00
Felipe Zimmerle
7f1633c1c2 Removes copy form VariableValue 
On `Use std::shared_ptr for variable resolution` @WGH changes
VariableValue to be a shared_ptr. As shared pointer, the copy
on AnchoredVariable is no longer necessary. The copy was removed
along with the copy constructor.
 2020-11-27 23:25:08 -03:00
Felipe Zimmerle
71d9b9e70f Replaces getKeyWithCollection with getName on VariableValue 2020-11-27 23:25:08 -03:00
Felipe Zimmerle
de4f6d6474 Removes unecessary ptr copy form VariableValue 2020-11-27 23:25:07 -03:00
Felipe Zimmerle
943da64fe7 Delays variable name resolution to whenever it is necessary 2020-11-27 23:25:07 -03:00
Felipe Zimmerle
a73e08f9ba Cosmetics: Using VariableValues instead of std::vector<...> 
Making the code more readable.
 2020-11-27 23:25:07 -03:00
Felipe Zimmerle
3a8daaf791 Refactoring on variables::Variable 
Using the references on key and collection as shared pointers
 2020-11-27 23:20:14 -03:00
WGH
3a72237d25 Use std::shared_ptr for variable resolution 
AnchoredSetVariable::resolve is called for every rule
(see RuleWithOperator::evaluate). The previous implementation allocated
a new copy of every variable, which quickly added up. In my tests,
AnchoredSetVariable::resolve function consumed 7.8% of run time.

AnchoredSetVariable (which is a multimap) values are never changed,
only added. This means it's safe to store them in std::shared_ptr,
and make resolve return shared_ptr pointing to the same object.

Other resolve implementation could also use this optimization by not
allocating new objects, however, they are not hot spots, so this
optimization was not implemented there.

In my benchmark, this raises performance from 117 requests per second to
131 RPS, and overhead is lowered from 7.8% to 2.4%.

As a bonus, replacing plain pointer with smart pointers make code
cleaner, since using smart pointers makes manual deletes no longer necessary.

Additionally, VariableOrigin is now stored in plain std::vector,
since it's wasteful to store structure containing just two integer
values using std::list<std::unique_ptr<T>>.
 2020-11-27 23:20:04 -03:00
Felipe Zimmerle
26632466ab Having RunTimeString in a better shape 
This is an effort towards better understanding the issues
reported on #2376
 2020-11-26 11:22:34 -03:00
Felipe Zimmerle
8d2f05c48d Removes init from SetVar 2020-11-26 11:22:34 -03:00
Felipe Zimmerle
1bbbd92df8 Use 'equal_range' instead of full scan for rule exceptions 
The original author was @WGH-, this change was proposed at #2370
 2020-11-26 11:22:34 -03:00
WGH
ed6092ec32 Remove unnecessary copying in transformations 
In C++11, string data is always null-terminated[1], and can be
freely modified[2].

[1] https://stackoverflow.com/questions/6077189/will-stdstring-always-be-null-terminated-in-c11
[2] https://stackoverflow.com/questions/38875623/is-it-permitted-to-modify-the-internal-stdstring-buffer-returned-by-operator
 2020-11-26 11:22:34 -03:00
WGH
b58cb9c2a8 Make all "rule id" variables of type RuleId 
Previously, ModSecurity inconsistently used RuleId, int and double for
rule id variables in different places.
 2020-11-26 11:22:34 -03:00
Felipe Zimmerle
f115018157 Makes RuleWithActions const in run time operations 2020-11-26 11:22:34 -03:00
Felipe Zimmerle
3c6356110b Introduces ActionWithExecution 2020-11-26 11:22:33 -03:00
Felipe Zimmerle
fc0fef3646 Makes Lua::run const 2020-11-26 11:22:33 -03:00
Felipe Zimmerle
3efc14bc08 Removes method isDisruptive from Action class 2020-11-26 11:22:33 -03:00
Felipe Zimmerle
9f264d6f54 Action: make sure that null constructor is not used 2020-11-26 11:18:25 -03:00
Felipe Zimmerle
e0cd76355f Computes auditlog during rules load time 2020-11-26 11:14:30 -03:00
Felipe Zimmerle
3832042531 actions: Removes Rule parameter from runtime execute 
Generals organization on the Action class
 2020-11-26 11:10:25 -03:00
Felipe Zimmerle
a8d34873c8 actions: Compute the rule association during rules load 2020-11-26 11:06:29 -03:00
Felipe Zimmerle
5e5180c93b tests: Romoves unused header from a test case 2020-11-26 11:02:05 -03:00
Felipe Zimmerle
bfaff92a51 tests: Prints test number on segfault 2020-11-26 11:01:26 -03:00
Felipe Zimmerle
1dc684a28b Replaces lower case implementation 2020-11-26 11:00:46 -03:00
Felipe Zimmerle
193c794fb7 Makes operator to use string_view 2020-11-26 10:57:02 -03:00
Felipe Zimmerle
5a736492b4 Improves rules dump for better testing 2020-11-26 10:53:22 -03:00
Felipe Zimmerle
43b1c4f459 Better error handling when loading configurations 2020-11-26 10:50:23 -03:00
Felipe Zimmerle
2bc522431f Adds method getVariableNames to variables 2020-11-26 10:47:07 -03:00
Felipe Zimmerle
7ac2fd5fb0 Cosmetics: Defining a type for RuleId 2020-11-26 10:44:37 -03:00
Felipe Zimmerle
f7307ef2a4 Moves rule* headers to src/ 2020-11-26 10:44:35 -03:00
Felipe Zimmerle
8d0017919f Cleanup on Action class 2020-11-26 10:41:17 -03:00
Felipe Zimmerle
df51dd06ef Removes RuleMessage from action execute signature 2020-11-25 10:47:19 -03:00
Felipe Zimmerle
5cb58b412c Refactoring: Makes transformations to work with new execute signature 2020-11-25 10:47:16 -03:00
nikolas
ef9a63e610 Move travis to use a new version of Ubuntu 2020-11-25 10:29:11 -03:00
Felipe Zimmerle
8bb1a90c4f Cosmetics: fix some cppcheck complains 2020-11-25 10:26:02 -03:00
Felipe Zimmerle
1f7d202985 Refactoring: rename evaluate to execute on actions 2020-11-25 10:26:00 -03:00
Felipe Zimmerle
6cdbad05ad Refactoring in the Rule class to make it more elegant 2020-11-25 10:15:04 -03:00
Felipe Zimmerle
5c40997028 Rule: isMarker is no longer necessary 2020-11-25 10:12:13 -03:00
Felipe Zimmerle
766b373c3b Adds new method for rule merge 
IMPORTANT: SecDefaultAction specified on a child configuration will
overwrite the ones specified on the parent; Previously it was
concatenating.
 2020-11-25 10:12:10 -03:00