mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-13 13:26:01 +03:00
47be22e62a
AnchoredSetVariable::resolve is called for every rule (see RuleWithOperator::evaluate). The previous implementation allocated a new copy of every variable, which quickly added up. In my tests, AnchoredSetVariable::resolve function consumed 7.8% of run time. AnchoredSetVariable (which is a multimap) values are never changed, only added. This means it's safe to store them in std::shared_ptr, and make resolve return shared_ptr pointing to the same object. Other resolve implementation could also use this optimization by not allocating new objects, however, they are not hot spots, so this optimization was not implemented there. In my benchmark, this raises performance from 117 requests per second to 131 RPS, and overhead is lowered from 7.8% to 2.4%. As a bonus, replacing plain pointer with smart pointers make code cleaner, since using smart pointers makes manual deletes no longer necessary. Additionally, VariableOrigin is now stored in plain std::vector, since it's wasteful to store structure containing just two integer values using std::list<std::unique_ptr<T>>.
206 lines
6.3 KiB
C++
206 lines
6.3 KiB
C++
/*
|
|
* ModSecurity, http://www.modsecurity.org/
|
|
* Copyright (c) 2015 - 2020 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
|
*
|
|
* You may not use this file except in compliance with
|
|
* the License. You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* If any of the files related to licensing are missing or if you have any
|
|
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
|
* directly using the email address security@modsecurity.org.
|
|
*
|
|
*/
|
|
|
|
|
|
#ifdef __cplusplus
|
|
#include <string>
|
|
#include <iostream>
|
|
#include <unordered_map>
|
|
#include <list>
|
|
#include <vector>
|
|
#include <algorithm>
|
|
#include <memory>
|
|
#endif
|
|
|
|
|
|
#include "modsecurity/variable_value.h"
|
|
|
|
|
|
#ifndef HEADERS_MODSECURITY_COLLECTION_COLLECTION_H_
|
|
#define HEADERS_MODSECURITY_COLLECTION_COLLECTION_H_
|
|
|
|
#ifndef __cplusplus
|
|
typedef struct Variable_t Variables;
|
|
#endif
|
|
|
|
#ifdef __cplusplus
|
|
namespace modsecurity {
|
|
namespace variables {
|
|
class KeyExclusions;
|
|
}
|
|
namespace collection {
|
|
|
|
class Collection {
|
|
public:
|
|
explicit Collection(const std::string &a) : m_name(a) { }
|
|
virtual ~Collection() { }
|
|
virtual void store(std::string key, std::string value) = 0;
|
|
|
|
virtual bool storeOrUpdateFirst(const std::string &key,
|
|
const std::string &value) = 0;
|
|
|
|
virtual bool updateFirst(const std::string &key,
|
|
const std::string &value) = 0;
|
|
|
|
virtual void del(const std::string& key) = 0;
|
|
|
|
virtual std::unique_ptr<std::string> resolveFirst(
|
|
const std::string& var) = 0;
|
|
|
|
virtual void resolveSingleMatch(const std::string& var,
|
|
std::vector<std::shared_ptr<const VariableValue>> *l) = 0;
|
|
virtual void resolveMultiMatches(const std::string& var,
|
|
std::vector<std::shared_ptr<const VariableValue>> *l,
|
|
variables::KeyExclusions &ke) = 0;
|
|
virtual void resolveRegularExpression(const std::string& var,
|
|
std::vector<std::shared_ptr<const VariableValue>> *l,
|
|
variables::KeyExclusions &ke) = 0;
|
|
|
|
|
|
/* store */
|
|
virtual void store(std::string key, std::string compartment,
|
|
std::string value) {
|
|
std::string nkey = compartment + "::" + key;
|
|
store(nkey, value);
|
|
}
|
|
|
|
|
|
virtual void store(std::string key, std::string compartment,
|
|
std::string compartment2, std::string value) {
|
|
std::string nkey = compartment + "::" + compartment2 + "::" + key;
|
|
store(nkey, value);
|
|
}
|
|
|
|
|
|
/* storeOrUpdateFirst */
|
|
virtual bool storeOrUpdateFirst(const std::string &key,
|
|
std::string compartment, const std::string &value) {
|
|
std::string nkey = compartment + "::" + key;
|
|
return storeOrUpdateFirst(nkey, value);
|
|
}
|
|
|
|
|
|
virtual bool storeOrUpdateFirst(const std::string &key,
|
|
std::string compartment, std::string compartment2,
|
|
const std::string &value) {
|
|
std::string nkey = compartment + "::" + compartment2 + "::" + key;
|
|
return storeOrUpdateFirst(nkey, value);
|
|
}
|
|
|
|
|
|
/* updateFirst */
|
|
virtual bool updateFirst(const std::string &key, std::string compartment,
|
|
const std::string &value) {
|
|
std::string nkey = compartment + "::" + key;
|
|
return updateFirst(nkey, value);
|
|
}
|
|
|
|
|
|
virtual bool updateFirst(const std::string &key, std::string compartment,
|
|
std::string compartment2, const std::string &value) {
|
|
std::string nkey = compartment + "::" + compartment2 + "::" + key;
|
|
return updateFirst(nkey, value);
|
|
}
|
|
|
|
|
|
/* del */
|
|
virtual void del(const std::string& key, std::string compartment) {
|
|
std::string nkey = compartment + "::" + key;
|
|
del(nkey);
|
|
}
|
|
|
|
|
|
virtual void del(const std::string& key, std::string compartment,
|
|
std::string compartment2) {
|
|
std::string nkey = compartment + "::" + compartment2 + "::" + key;
|
|
del(nkey);
|
|
}
|
|
|
|
|
|
/* resolveFirst */
|
|
virtual std::unique_ptr<std::string> resolveFirst(const std::string& var,
|
|
std::string compartment) {
|
|
std::string nkey = compartment + "::" + var;
|
|
return resolveFirst(nkey);
|
|
}
|
|
|
|
|
|
virtual std::unique_ptr<std::string> resolveFirst(const std::string& var,
|
|
std::string compartment, std::string compartment2) {
|
|
std::string nkey = compartment + "::" + compartment2 + "::" + var;
|
|
return resolveFirst(nkey);
|
|
}
|
|
|
|
|
|
/* resolveSingleMatch */
|
|
virtual void resolveSingleMatch(const std::string& var,
|
|
std::string compartment, std::vector<std::shared_ptr<const VariableValue>> *l) {
|
|
std::string nkey = compartment + "::" + var;
|
|
resolveSingleMatch(nkey, l);
|
|
}
|
|
|
|
|
|
virtual void resolveSingleMatch(const std::string& var,
|
|
std::string compartment, std::string compartment2,
|
|
std::vector<std::shared_ptr<const VariableValue>> *l) {
|
|
std::string nkey = compartment + "::" + compartment2 + "::" + var;
|
|
resolveSingleMatch(nkey, l);
|
|
}
|
|
|
|
|
|
/* resolveMultiMatches */
|
|
virtual void resolveMultiMatches(const std::string& var,
|
|
std::string compartment, std::vector<std::shared_ptr<const VariableValue>> *l,
|
|
variables::KeyExclusions &ke) {
|
|
std::string nkey = compartment + "::" + var;
|
|
resolveMultiMatches(nkey, l, ke);
|
|
}
|
|
|
|
|
|
virtual void resolveMultiMatches(const std::string& var,
|
|
std::string compartment, std::string compartment2,
|
|
std::vector<std::shared_ptr<const VariableValue>> *l,
|
|
variables::KeyExclusions &ke) {
|
|
std::string nkey = compartment + "::" + compartment2 + "::" + var;
|
|
resolveMultiMatches(nkey, l, ke);
|
|
}
|
|
|
|
|
|
/* resolveRegularExpression */
|
|
virtual void resolveRegularExpression(const std::string& var,
|
|
std::string compartment, std::vector<std::shared_ptr<const VariableValue>> *l,
|
|
variables::KeyExclusions &ke) {
|
|
std::string nkey = compartment + "::" + var;
|
|
resolveRegularExpression(nkey, l, ke);
|
|
}
|
|
|
|
|
|
virtual void resolveRegularExpression(const std::string& var,
|
|
std::string compartment, std::string compartment2,
|
|
std::vector<std::shared_ptr<const VariableValue>> *l, variables::KeyExclusions &ke) {
|
|
std::string nkey = compartment + "::" + compartment2 + "::" + var;
|
|
resolveRegularExpression(nkey, l, ke);
|
|
}
|
|
|
|
std::string m_name;
|
|
};
|
|
|
|
} // namespace collection
|
|
} // namespace modsecurity
|
|
#endif
|
|
|
|
|
|
#endif // HEADERS_MODSECURITY_COLLECTION_COLLECTION_H_
|