mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-15 23:55:03 +03:00
dc0a06fc70
- The previous approach would create a std::unique_ptr and store it in
a std::list in VariableValue (Origins)
- The new approach now stores Origins in a std::vector and constructs
VariableOrigin elements in-place on insertion.
- Instead of having two heap-allocations for every added VariableOrigin
instance, this performs only one.
- If multiple origins are added, std::vector's growth strategy may even
prevent a heap-allocation. There's a cost on growing the size of the
vector, because a copy of current elements will be necessary.
- Introduced reserveOrigin method to notify that multiple insertions
will be made, so that we can use std::vector's reserve and do a
single allocation (and copy of previous elements), and then just
initialize the new elements in-place.
82 lines
2.0 KiB
C++
82 lines
2.0 KiB
C++
/*
|
|
* ModSecurity, http://www.modsecurity.org/
|
|
* Copyright (c) 2015 - 2023 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
|
*
|
|
* You may not use this file except in compliance with
|
|
* the License. You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* If any of the files related to licensing are missing or if you have any
|
|
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
|
* directly using the email address security@modsecurity.org.
|
|
*
|
|
*/
|
|
|
|
#include "src/variables/remote_user.h"
|
|
|
|
#include <time.h>
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <sys/types.h>
|
|
#include <sys/stat.h>
|
|
#include <fcntl.h>
|
|
|
|
#include <iostream>
|
|
#include <string>
|
|
#include <vector>
|
|
#include <list>
|
|
#include <utility>
|
|
#include <memory>
|
|
|
|
#include "modsecurity/transaction.h"
|
|
#include "src/utils/base64.h"
|
|
|
|
namespace modsecurity {
|
|
namespace variables {
|
|
|
|
|
|
void RemoteUser::evaluate(Transaction *transaction,
|
|
RuleWithActions *rule,
|
|
std::vector<const VariableValue *> *l) {
|
|
std::vector<const VariableValue *> l2;
|
|
|
|
transaction->m_variableRequestHeaders.resolve("authorization", &l2);
|
|
|
|
if (!l2.empty()) {
|
|
const auto *v = l2[0];
|
|
|
|
const auto &header = v->getValue();
|
|
|
|
std::string base64;
|
|
|
|
if (header.compare(0, 6, "Basic ") == 0) {
|
|
base64 = std::string(header, 6, header.length());
|
|
}
|
|
|
|
base64 = Utils::Base64::decode(base64);
|
|
|
|
const auto pos = base64.find(":");
|
|
if (pos != std::string::npos) {
|
|
transaction->m_variableRemoteUser.assign(std::string(base64, 0, pos));
|
|
|
|
auto var = std::make_unique<VariableValue>(&v->getKeyWithCollection(),
|
|
&transaction->m_variableRemoteUser);
|
|
|
|
var->reserveOrigin(v->getOrigin().size());
|
|
for (const auto &i : v->getOrigin()) {
|
|
var->addOrigin(i);
|
|
}
|
|
l->push_back(var.release());
|
|
}
|
|
|
|
for (auto &a : l2) {
|
|
delete a;
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
} // namespace variables
|
|
} // namespace modsecurity
|