github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-15 17:12:14 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,044 Commits 55 Branches 109 Tags
v3/dev/pull_2430
Commit Graph

3044 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
martinhsv
1f350296ba Implement id ranges for ctl:ruleRemoveTargetById 2020-10-29 13:57:44 -03:00
Felipe Zimmerle
abf59f4b84 Refactoring on Action - having RuleWithAction and RuleWithActionsProperties 2020-10-29 13:44:13 -03:00
Felipe Zimmerle
3c25113a64 Constify Transaction on variable resolution 2020-10-29 13:44:12 -03:00
Felipe Zimmerle
646bdd37b4 Uses unique_ptr on REMOTE_USER 2020-10-29 13:44:11 -03:00
Felipe Zimmerle
6be58b1eba Reduce the workload on VariableValue 
Last compute at the last minute, if needed.
 2020-10-29 13:44:11 -03:00
Felipe Zimmerle
bf48533f81 Adds support for string_view in Variable 2020-10-29 13:44:11 -03:00
Felipe Zimmerle
cc5d3f5106 Removes copy form VariableValue 
On `Use std::shared_ptr for variable resolution` @WGH changes
VariableValue to be a shared_ptr. As shared pointer, the copy
on AnchoredVariable is no longer necessary. The copy was removed
along with the copy constructor.
 2020-10-29 13:44:10 -03:00
Felipe Zimmerle
5a0e71fdc0 Replaces getKeyWithCollection with getName on VariableValue 2020-10-29 13:44:10 -03:00
Felipe Zimmerle
00a3964324 Removes unecessary ptr copy form VariableValue 2020-10-29 13:44:10 -03:00
Felipe Zimmerle
aaffd314e5 Delays variable name resolution to whenever it is necessary 2020-10-29 13:44:09 -03:00
Felipe Zimmerle
de9b5b2f16 Cosmetics: Using VariableValues instead of std::vector<...> 
Making the code more readable.
 2020-10-29 13:44:09 -03:00
Felipe Zimmerle
d991461c43 Refactoring on variables::Variable 
Using the references on key and collection as shared pointers
 2020-10-29 13:44:09 -03:00
WGH
21a63b296a Use std::shared_ptr for variable resolution 
AnchoredSetVariable::resolve is called for every rule
(see RuleWithOperator::evaluate). The previous implementation allocated
a new copy of every variable, which quickly added up. In my tests,
AnchoredSetVariable::resolve function consumed 7.8% of run time.

AnchoredSetVariable (which is a multimap) values are never changed,
only added. This means it's safe to store them in std::shared_ptr,
and make resolve return shared_ptr pointing to the same object.

Other resolve implementation could also use this optimization by not
allocating new objects, however, they are not hot spots, so this
optimization was not implemented there.

In my benchmark, this raises performance from 117 requests per second to
131 RPS, and overhead is lowered from 7.8% to 2.4%.

As a bonus, replacing plain pointer with smart pointers make code
cleaner, since using smart pointers makes manual deletes no longer necessary.

Additionally, VariableOrigin is now stored in plain std::vector,
since it's wasteful to store structure containing just two integer
values using std::list<std::unique_ptr<T>>.
 2020-10-29 13:44:08 -03:00
Felipe Zimmerle
2cb7591eac Having RunTimeString in a better shape 
This is an effort towards better understanding the issues
reported on #2376
 2020-10-29 13:44:08 -03:00
Felipe Zimmerle
7fd4b8441f Removes init from SetVar 2020-10-29 13:44:08 -03:00
Felipe Zimmerle
71afd1a979 Use 'equal_range' instead of full scan for rule exceptions 
The original author was @WGH-, this change was proposed at #2370
 2020-10-29 13:44:08 -03:00
WGH
4e58492794 Remove unnecessary copying in transformations 
In C++11, string data is always null-terminated[1], and can be
freely modified[2].

[1] https://stackoverflow.com/questions/6077189/will-stdstring-always-be-null-terminated-in-c11
[2] https://stackoverflow.com/questions/38875623/is-it-permitted-to-modify-the-internal-stdstring-buffer-returned-by-operator
 2020-10-29 13:44:07 -03:00
WGH
b32a169d2a Make all "rule id" variables of type RuleId 
Previously, ModSecurity inconsistently used RuleId, int and double for
rule id variables in different places.
 2020-10-29 13:44:07 -03:00
Felipe Zimmerle
d393b4734b Makes RuleWithActions const in run time operations 2020-10-29 13:44:07 -03:00
Felipe Zimmerle
e4125318d9 Introduces ActionWithExecution 2020-10-29 13:44:06 -03:00
Felipe Zimmerle
542a5c451a Makes Lua::run const 2020-10-29 13:44:06 -03:00
Felipe Zimmerle
3bdd96c603 Removes method isDisruptive from Action class 2020-10-29 13:44:06 -03:00
Felipe Zimmerle
18681bb3d5 Action: make sure that null constructor is not used 2020-10-29 13:44:06 -03:00
Felipe Zimmerle
647717b926 Computes auditlog during rules load time 2020-10-29 13:44:05 -03:00
Felipe Zimmerle
8aa3e3439d actions: Removes Rule parameter from runtime execute 
Generals organization on the Action class
 2020-10-29 13:44:05 -03:00
Felipe Zimmerle
67b08dfe43 actions: Compute the rule association during rules load 2020-10-29 13:44:04 -03:00
Felipe Zimmerle
e345cf5ca3 tests: Romoves unused header from a test case 2020-10-29 13:44:04 -03:00
Felipe Zimmerle
7691cc2897 tests: Prints test number on segfault 2020-10-29 13:44:04 -03:00
Felipe Zimmerle
18f77db46b Replaces lower case implementation 2020-10-29 13:44:04 -03:00
Felipe Zimmerle
af23c720ae Makes operator to use string_view 2020-10-29 13:44:03 -03:00
Felipe Zimmerle
f5cdf03de1 Improves rules dump for better testing 2020-10-29 13:44:03 -03:00
Felipe Zimmerle
8890f9bbbc Better error handling when loading configurations 2020-10-29 13:44:03 -03:00
Felipe Zimmerle
94851216fa Adds method getVariableNames to variables 2020-10-29 13:44:03 -03:00
Felipe Zimmerle
fb35dd975c Cosmetics: Defining a type for RuleId 2020-10-29 13:44:02 -03:00
Felipe Zimmerle
c9204a1c1f Moves rule* headers to src/ 2020-10-29 13:44:02 -03:00
Felipe Zimmerle
7bbc5c3441 Cleanup on Action class 2020-10-29 13:44:02 -03:00
Felipe Zimmerle
7da4c9a007 Removes RuleMessage from action execute signature 2020-10-29 13:44:01 -03:00
Felipe Zimmerle
6547f3601f Refactoring: Makes transformations to work with new execute signature 2020-10-29 13:44:01 -03:00
nikolas
82980ab392 Move travis to use a new version of Ubuntu 2020-10-29 13:44:01 -03:00
Felipe Zimmerle
71de3b48f2 Cosmetics: fix some cppcheck complains 2020-10-29 13:44:00 -03:00
Felipe Zimmerle
2331976238 Refactoring: rename evaluate to execute on actions 2020-10-29 13:44:00 -03:00
Felipe Zimmerle
35a341e473 Refactoring in the Rule class to make it more elegant 2020-10-29 13:43:59 -03:00
Felipe Zimmerle
e0703a4774 Rule: isMarker is no longer necessary 2020-10-29 13:43:57 -03:00
Felipe Zimmerle
0daeb09b0a Adds new method for rule merge 
IMPORTANT: SecDefaultAction specified on a child configuration will
overwrite the ones specified on the parent; Previously it was
concatenating.
 2020-10-29 13:43:54 -03:00
Felipe Zimmerle
3a189a131f Moves default actions to be part of the rules 2020-10-29 10:34:45 -03:00
Michael Granzow
1b7aa42c77 Issue-2423: Meta-actions like 'msg' should be applied at end of chain 2020-10-29 10:33:02 -03:00
martinhsv
2672db103e Add support for new operator rxGlobal 2020-10-26 08:55:07 -03:00
Felipe Zimmerle
785958f9b5 Fix maxminddb link on FreeBSD 
Issue #2131
 2020-10-23 14:44:54 -03:00
Felipe Zimmerle
4b425850cf Cosmetics: fix cppcheck warnings 2020-10-23 08:29:07 -03:00
martinhsv
8da787a390 Merge pull request #2424 from martinhsv/v3/master 
Fix IP address logging in Section A
 2020-10-19 09:09:05 -04:00