- Parser location is now a custom class. It holds a shared pointer
with the file name; If the parser fails, the resource is deleted.
- To follow the parser change, the Rule class now holds the file
name in a shared pointer instead of a unique pointer. As a shared
pointer we avoid duplication of the file name in memory, plus,
it frees itself when not in use anymore.
- Operator init also accepting the filename as a shared pointer.
- Driver is treating m_location was privative. Now it holds a
std::list<std::shared_ptr<yy::seclang_parser::location_type>>
instead of: std::list<yy::seclang_parser::location_type *>.
- Fix: addSecRule on Driver() was changed from RuleWithAction to
RuleWithOperator.
- Minor changes on the regression and rules-check utility to force
deletion of resources even when they fail.
- Couple of virtual destructors were placed to force the shared
pointer decrementing on shared variables.
- Deleted constructors for copy were placed for the sake of
readability.
When LMDB is enabled, ModSecurity stores its persistent variables in
"./modsec-shared-collections" file. Since this file wasn't cleared between
tests, tests behaved differently on "in-memory per-process" and LMDB backend.
This test never worked in LMDB configuration. It hasn't been discovered
until now because Travis CI didn't test LMDB configuration when test was
introduced.
This commit fixes quite a few odd things in regex code:
* Lack of encapsulation.
* Non-method functions for matching without retrieving all groups.
* Regex class being copyable without proper copy-constructor (potential UAF
and double free due to pointer members m_pc and m_pce).
* Redundant SMatch::m_length, which always equals to match.size() anyway.
* Weird SMatch::size_ member which is initialized only by one of the three matching
functions, and equals to the return value of that function anyways.
* Several places in code having std::string value instead of reference.
This commit adds support for skipping test cases that have enabled=0 in
their JSON body.
A separate counter is kept and reported in the final non-automake
output, detailing disabled as a separate field.
Ref: #1513
The JSON test case format has an "enabled" key that is not
currently being honored. This trivial patch adds support for skipping
test cases that has enabled set to 0.
That change was needed to move the variable attribution to earliest
as possible. We also have a new field for HTTP_PROTOCOL version used
on the response.
If a given resource is not available the test is skipped. Useful
to test operators that depends on 3rd party libraries that may
not be available, for instance: GeoIP.
- Added reference counts to Rule and AuditLog;
- Some memory leaks were removed, including GeoLookup;
- Deal better with parser errors;
- Overriding the AutlogLogWritter destructor.
