313 Commits

Author SHA1 Message Date
Felipe Zimmerle
9f47f1473c
Removes memory leaks on the parse
- Parser location is now a custom class. It holds a shared pointer
  with the file name; If the parser fails, the resource is deleted.

 - To follow the parser change, the Rule class now holds the file
  name in a shared pointer instead of a unique pointer. As a shared
  pointer we avoid duplication of the file name in memory, plus,
  it frees itself when not in use anymore.

 - Operator init also accepting the filename as a shared pointer.

 - Driver is treating m_location was privative. Now it holds a
  std::list<std::shared_ptr<yy::seclang_parser::location_type>>
  instead of: std::list<yy::seclang_parser::location_type *>.

 - Fix: addSecRule on Driver() was changed from RuleWithAction to
  RuleWithOperator.

 - Minor changes on the regression and rules-check utility to force
  deletion of resources even when they fail.

 - Couple of virtual destructors were placed to force the shared
  pointer decrementing on shared variables.

 - Deleted constructors for copy were placed for the sake of
  readability.
2021-01-12 13:01:26 -03:00
Felipe Zimmerle
8ea7aec0fd
Using a custom VariableMatch* implementation
Delay the variable name resolution till last minute.

Fix one of the issues raised in #2376
2021-01-12 13:01:25 -03:00
martinhsv
f8740e1144
Fix memory leak of RuleMessages objects 2021-01-12 13:01:24 -03:00
martinhsv
01e45e8774
Implement id ranges for ctl:ruleRemoveTargetById 2021-01-12 13:01:24 -03:00
Felipe Zimmerle
bd59555206
Constify Transaction on variable resolution 2021-01-12 13:01:24 -03:00
Felipe Zimmerle
b9735f8bcd
Uses unique_ptr on REMOTE_USER 2021-01-12 13:01:23 -03:00
Felipe Zimmerle
7749d198e1
Reduce the workload on VariableValue
Last compute at the last minute, if needed.
2021-01-12 13:01:23 -03:00
Felipe Zimmerle
c7f3c9eef0
Removes copy form VariableValue
On `Use std::shared_ptr for variable resolution` @WGH changes
VariableValue to be a shared_ptr. As shared pointer, the copy
on AnchoredVariable is no longer necessary. The copy was removed
along with the copy constructor.
2021-01-12 13:01:23 -03:00
Felipe Zimmerle
60d89608be
Replaces getKeyWithCollection with getName on VariableValue 2021-01-12 13:01:23 -03:00
Felipe Zimmerle
c5beb0d15a
Removes unecessary ptr copy form VariableValue 2021-01-12 13:01:23 -03:00
Felipe Zimmerle
759fc1eabe
Cosmetics: Using VariableValues instead of std::vector<...>
Making the code more readable.
2021-01-12 13:01:22 -03:00
WGH
bac54787af
Use std::shared_ptr for variable resolution
AnchoredSetVariable::resolve is called for every rule
(see RuleWithOperator::evaluate). The previous implementation allocated
a new copy of every variable, which quickly added up. In my tests,
AnchoredSetVariable::resolve function consumed 7.8% of run time.

AnchoredSetVariable (which is a multimap) values are never changed,
only added. This means it's safe to store them in std::shared_ptr,
and make resolve return shared_ptr pointing to the same object.

Other resolve implementation could also use this optimization by not
allocating new objects, however, they are not hot spots, so this
optimization was not implemented there.

In my benchmark, this raises performance from 117 requests per second to
131 RPS, and overhead is lowered from 7.8% to 2.4%.

As a bonus, replacing plain pointer with smart pointers make code
cleaner, since using smart pointers makes manual deletes no longer necessary.

Additionally, VariableOrigin is now stored in plain std::vector,
since it's wasteful to store structure containing just two integer
values using std::list<std::unique_ptr<T>>.
2021-01-12 13:01:22 -03:00
WGH
592c8f0b19
Make all "rule id" variables of type RuleId
Previously, ModSecurity inconsistently used RuleId, int and double for
rule id variables in different places.
2021-01-12 13:01:21 -03:00
Felipe Zimmerle
bf98e3424f
Makes RuleWithActions const in run time operations 2021-01-12 13:01:21 -03:00
Felipe Zimmerle
6a5ff56c8e
Introduces ActionWithExecution 2021-01-12 13:01:21 -03:00
Felipe Zimmerle
4c1ca56259
Removes method isDisruptive from Action class 2021-01-12 13:01:21 -03:00
Felipe Zimmerle
a79bfa5c28
Action: make sure that null constructor is not used 2021-01-12 13:01:20 -03:00
Felipe Zimmerle
c7813a1973
Computes auditlog during rules load time 2021-01-12 13:01:20 -03:00
Felipe Zimmerle
d6e8352873
actions: Removes Rule parameter from runtime execute
Generals organization on the Action class
2021-01-12 13:01:20 -03:00
Felipe Zimmerle
1b705aeb54
actions: Compute the rule association during rules load 2021-01-12 13:01:20 -03:00
Felipe Zimmerle
1d33015934
Makes operator to use string_view 2021-01-12 13:01:19 -03:00
Felipe Zimmerle
9699ec7f44
Improves rules dump for better testing 2021-01-12 13:01:19 -03:00
Felipe Zimmerle
62d894f98e
Better error handling when loading configurations 2021-01-12 13:01:19 -03:00
Felipe Zimmerle
7d03e3505a
Cosmetics: Defining a type for RuleId 2021-01-12 13:01:19 -03:00
Felipe Zimmerle
1071fadfd7
Moves rule* headers to src/ 2021-01-12 13:01:19 -03:00
Felipe Zimmerle
8191b7efc8
Cleanup on Action class 2021-01-12 13:01:19 -03:00
Felipe Zimmerle
73dfd3aa5f
Removes RuleMessage from action execute signature 2021-01-12 13:01:18 -03:00
Felipe Zimmerle
7640f7b40b
Refactoring: Makes transformations to work with new execute signature 2021-01-12 13:01:18 -03:00
Felipe Zimmerle
08e63662e8
Cosmetics: fix some cppcheck complains 2021-01-12 13:01:18 -03:00
Felipe Zimmerle
affdc49a9e
Refactoring: rename evaluate to execute on actions 2021-01-12 13:01:18 -03:00
Felipe Zimmerle
47ec32fba8
Refactoring in the Rule class to make it more elegant 2021-01-12 13:01:18 -03:00
Felipe Zimmerle
ff79de3237
Rule: isMarker is no longer necessary 2021-01-12 13:01:17 -03:00
Felipe Zimmerle
be4d242a75
Adds new method for rule merge
IMPORTANT: SecDefaultAction specified on a child configuration will
overwrite the ones specified on the parent; Previously it was
concatenating.
2021-01-12 13:01:17 -03:00
Felipe Zimmerle
7d1c37a42b
Moves default actions to be part of the rules 2021-01-12 13:01:17 -03:00
martinhsv
d72be1c470
Fix: Only delete Multipart tmp files after rules have run 2020-11-04 13:50:07 -03:00
Felipe Zimmerle
7e0bc26917
Using performLogging function 2020-03-31 15:20:15 -03:00
Felipe Zimmerle
7a48245aed
Creates RuleUnconditional
Makes RuleScript child of RuleWithActions instead of Operator
2020-03-31 14:44:19 -03:00
Felipe Zimmerle
f63bd1a45d
Moves Rule[WithActions|WithOperator] to their own files 2020-03-31 13:33:38 -03:00
Felipe Zimmerle
8274be066a
Refactoring: Having RuleMarker in a separated file 2020-03-31 12:45:46 -03:00
Felipe Zimmerle
bdedfd2463
Refactoring: Renames RuleBase to Rule 2020-03-31 12:26:13 -03:00
Felipe Zimmerle
59d4268882
Refactoring: renames Rule to RuleWithOperator 2020-03-31 10:00:08 -03:00
Felipe Zimmerle
8eb7b8fe6c
Refactoring: Splits Rule into Rule and RuleWithActions 2020-03-30 20:22:37 -03:00
Felipe Zimmerle
43f8aee6b6
Splits Rule class into: Rule, RuleBase, RuleMarker 2020-03-30 20:21:36 -03:00
Felipe Zimmerle
fda03c0016
Yet another refactoring in Rule 2020-03-30 15:38:51 -03:00
Felipe Zimmerle
b66224853b
Refactoring in Rule: Meaningful structures name 2020-03-27 17:43:43 -03:00
Felipe Zimmerle
96849c07de
Makes action name a shared pointer 2020-03-27 16:13:15 -03:00
Felipe Zimmerle
9c526b3647
Avoids copy on the transformation operation 2020-03-27 16:12:55 -03:00
Felipe Zimmerle
8cfb289cea
Lets reserve some memory for rule message 2020-03-27 15:49:02 -03:00
Felipe Zimmerle
a609249d64
Makes m_id a shared pointer 2020-03-27 15:48:11 -03:00
Felipe Zimmerle
343b86c2a7
Makes m_fileName a shared pointer 2020-03-27 15:00:22 -03:00