github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,044 Commits 55 Branches 109 Tags
Commit Graph

3044 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
martinhsv
1f350296ba
Implement id ranges for ctl:ruleRemoveTargetById 2020-10-29 13:57:44 -03:00
Felipe Zimmerle
abf59f4b84
Refactoring on Action - having RuleWithAction and RuleWithActionsProperties 2020-10-29 13:44:13 -03:00
Felipe Zimmerle
3c25113a64
Constify Transaction on variable resolution 2020-10-29 13:44:12 -03:00
Felipe Zimmerle
646bdd37b4
Uses unique_ptr on REMOTE_USER 2020-10-29 13:44:11 -03:00
Felipe Zimmerle
6be58b1eba
Reduce the workload on VariableValue 
Last compute at the last minute, if needed.
 2020-10-29 13:44:11 -03:00
Felipe Zimmerle
bf48533f81
Adds support for string_view in Variable 2020-10-29 13:44:11 -03:00
Felipe Zimmerle
cc5d3f5106
Removes copy form VariableValue 
On `Use std::shared_ptr for variable resolution` @WGH changes
VariableValue to be a shared_ptr. As shared pointer, the copy
on AnchoredVariable is no longer necessary. The copy was removed
along with the copy constructor.
 2020-10-29 13:44:10 -03:00
Felipe Zimmerle
5a0e71fdc0
Replaces getKeyWithCollection with getName on VariableValue 2020-10-29 13:44:10 -03:00
Felipe Zimmerle
00a3964324
Removes unecessary ptr copy form VariableValue 2020-10-29 13:44:10 -03:00
Felipe Zimmerle
aaffd314e5
Delays variable name resolution to whenever it is necessary 2020-10-29 13:44:09 -03:00
Felipe Zimmerle
de9b5b2f16
Cosmetics: Using VariableValues instead of std::vector<...> 
Making the code more readable.
 2020-10-29 13:44:09 -03:00
Felipe Zimmerle
d991461c43
Refactoring on variables::Variable 
Using the references on key and collection as shared pointers
 2020-10-29 13:44:09 -03:00
WGH
21a63b296a
Use std::shared_ptr for variable resolution 
AnchoredSetVariable::resolve is called for every rule
(see RuleWithOperator::evaluate). The previous implementation allocated
a new copy of every variable, which quickly added up. In my tests,
AnchoredSetVariable::resolve function consumed 7.8% of run time.

AnchoredSetVariable (which is a multimap) values are never changed,
only added. This means it's safe to store them in std::shared_ptr,
and make resolve return shared_ptr pointing to the same object.

Other resolve implementation could also use this optimization by not
allocating new objects, however, they are not hot spots, so this
optimization was not implemented there.

In my benchmark, this raises performance from 117 requests per second to
131 RPS, and overhead is lowered from 7.8% to 2.4%.

As a bonus, replacing plain pointer with smart pointers make code
cleaner, since using smart pointers makes manual deletes no longer necessary.

Additionally, VariableOrigin is now stored in plain std::vector,
since it's wasteful to store structure containing just two integer
values using std::list<std::unique_ptr<T>>.
 2020-10-29 13:44:08 -03:00
Felipe Zimmerle
2cb7591eac
Having RunTimeString in a better shape 
This is an effort towards better understanding the issues
reported on #2376
 2020-10-29 13:44:08 -03:00
Felipe Zimmerle
7fd4b8441f
Removes init from SetVar 2020-10-29 13:44:08 -03:00
Felipe Zimmerle
71afd1a979
Use 'equal_range' instead of full scan for rule exceptions 
The original author was @WGH-, this change was proposed at #2370
 2020-10-29 13:44:08 -03:00
WGH
4e58492794
Remove unnecessary copying in transformations 
In C++11, string data is always null-terminated[1], and can be
freely modified[2].

[1] https://stackoverflow.com/questions/6077189/will-stdstring-always-be-null-terminated-in-c11
[2] https://stackoverflow.com/questions/38875623/is-it-permitted-to-modify-the-internal-stdstring-buffer-returned-by-operator
 2020-10-29 13:44:07 -03:00
WGH
b32a169d2a
Make all "rule id" variables of type RuleId 
Previously, ModSecurity inconsistently used RuleId, int and double for
rule id variables in different places.
 2020-10-29 13:44:07 -03:00
Felipe Zimmerle
d393b4734b
Makes RuleWithActions const in run time operations 2020-10-29 13:44:07 -03:00
Felipe Zimmerle
e4125318d9
Introduces ActionWithExecution 2020-10-29 13:44:06 -03:00
Felipe Zimmerle
542a5c451a
Makes Lua::run const 2020-10-29 13:44:06 -03:00
Felipe Zimmerle
3bdd96c603
Removes method isDisruptive from Action class 2020-10-29 13:44:06 -03:00
Felipe Zimmerle
18681bb3d5
Action: make sure that null constructor is not used 2020-10-29 13:44:06 -03:00
Felipe Zimmerle
647717b926
Computes auditlog during rules load time 2020-10-29 13:44:05 -03:00
Felipe Zimmerle
8aa3e3439d
actions: Removes Rule parameter from runtime execute 
Generals organization on the Action class
 2020-10-29 13:44:05 -03:00
Felipe Zimmerle
67b08dfe43
actions: Compute the rule association during rules load 2020-10-29 13:44:04 -03:00
Felipe Zimmerle
e345cf5ca3
tests: Romoves unused header from a test case 2020-10-29 13:44:04 -03:00
Felipe Zimmerle
7691cc2897
tests: Prints test number on segfault 2020-10-29 13:44:04 -03:00
Felipe Zimmerle
18f77db46b
Replaces lower case implementation 2020-10-29 13:44:04 -03:00
Felipe Zimmerle
af23c720ae
Makes operator to use string_view 2020-10-29 13:44:03 -03:00
Felipe Zimmerle
f5cdf03de1
Improves rules dump for better testing 2020-10-29 13:44:03 -03:00
Felipe Zimmerle
8890f9bbbc
Better error handling when loading configurations 2020-10-29 13:44:03 -03:00
Felipe Zimmerle
94851216fa
Adds method getVariableNames to variables 2020-10-29 13:44:03 -03:00
Felipe Zimmerle
fb35dd975c
Cosmetics: Defining a type for RuleId 2020-10-29 13:44:02 -03:00
Felipe Zimmerle
c9204a1c1f
Moves rule* headers to src/ 2020-10-29 13:44:02 -03:00
Felipe Zimmerle
7bbc5c3441
Cleanup on Action class 2020-10-29 13:44:02 -03:00
Felipe Zimmerle
7da4c9a007
Removes RuleMessage from action execute signature 2020-10-29 13:44:01 -03:00
Felipe Zimmerle
6547f3601f
Refactoring: Makes transformations to work with new execute signature 2020-10-29 13:44:01 -03:00
nikolas
82980ab392
Move travis to use a new version of Ubuntu 2020-10-29 13:44:01 -03:00
Felipe Zimmerle
71de3b48f2
Cosmetics: fix some cppcheck complains 2020-10-29 13:44:00 -03:00
Felipe Zimmerle
2331976238
Refactoring: rename evaluate to execute on actions 2020-10-29 13:44:00 -03:00
Felipe Zimmerle
35a341e473
Refactoring in the Rule class to make it more elegant 2020-10-29 13:43:59 -03:00
Felipe Zimmerle
e0703a4774
Rule: isMarker is no longer necessary 2020-10-29 13:43:57 -03:00
Felipe Zimmerle
0daeb09b0a
Adds new method for rule merge 
IMPORTANT: SecDefaultAction specified on a child configuration will
overwrite the ones specified on the parent; Previously it was
concatenating.
 2020-10-29 13:43:54 -03:00
Felipe Zimmerle
3a189a131f
Moves default actions to be part of the rules 2020-10-29 10:34:45 -03:00
Michael Granzow
1b7aa42c77
Issue-2423: Meta-actions like 'msg' should be applied at end of chain 2020-10-29 10:33:02 -03:00
martinhsv
2672db103e
Add support for new operator rxGlobal 2020-10-26 08:55:07 -03:00
Felipe Zimmerle
785958f9b5
Fix maxminddb link on FreeBSD 
Issue #2131
 2020-10-23 14:44:54 -03:00
Felipe Zimmerle
4b425850cf
Cosmetics: fix cppcheck warnings 2020-10-23 08:29:07 -03:00
martinhsv
8da787a390
Merge pull request #2424 from martinhsv/v3/master 
Fix IP address logging in Section A
 2020-10-19 09:09:05 -04:00