mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-14 13:56:01 +03:00
6528c95765
AnchoredSetVariable::resolve is called for every rule (see RuleWithOperator::evaluate). The previous implementation allocated a new copy of every variable, which quickly added up. In my tests, AnchoredSetVariable::resolve function consumed 7.8% of run time. AnchoredSetVariable (which is a multimap) values are never changed, only added. This means it's safe to store them in std::shared_ptr, and make resolve return shared_ptr pointing to the same object. Other resolve implementation could also use this optimization by not allocating new objects, however, they are not hot spots, so this optimization was not implemented there. In my benchmark, this raises performance from 117 requests per second to 131 RPS, and overhead is lowered from 7.8% to 2.4%. As a bonus, replacing plain pointer with smart pointers make code cleaner, since using smart pointers makes manual deletes no longer necessary. Additionally, VariableOrigin is now stored in plain std::vector, since it's wasteful to store structure containing just two integer values using std::list<std::unique_ptr<T>>.
109 lines
3.1 KiB
C++
109 lines
3.1 KiB
C++
/*
|
|
* ModSecurity, http://www.modsecurity.org/
|
|
* Copyright (c) 2015 - 2020 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
|
*
|
|
* You may not use this file except in compliance with
|
|
* the License. You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* If any of the files related to licensing are missing or if you have any
|
|
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
|
* directly using the email address security@modsecurity.org.
|
|
*
|
|
*/
|
|
|
|
|
|
#ifdef __cplusplus
|
|
#include <string>
|
|
#include <iostream>
|
|
#include <unordered_map>
|
|
#include <list>
|
|
#include <vector>
|
|
#include <algorithm>
|
|
#include <memory>
|
|
#endif
|
|
|
|
|
|
#include "modsecurity/variable_value.h"
|
|
#include "modsecurity/collection/collection.h"
|
|
#include "src/variables/variable.h"
|
|
|
|
#ifndef SRC_COLLECTION_BACKEND_IN_MEMORY_PER_PROCESS_H_
|
|
#define SRC_COLLECTION_BACKEND_IN_MEMORY_PER_PROCESS_H_
|
|
|
|
#ifdef __cplusplus
|
|
namespace modsecurity {
|
|
namespace collection {
|
|
namespace backend {
|
|
|
|
/*
|
|
* FIXME:
|
|
*
|
|
* This was an example grabbed from:
|
|
* http://stackoverflow.com/questions/8627698/case-insensitive-stl-containers-e-g-stdunordered-set
|
|
*
|
|
* We have to have a better hash function, maybe based on the std::hash.
|
|
*
|
|
*/
|
|
struct MyEqual {
|
|
bool operator()(const std::string& Left, const std::string& Right) const {
|
|
return Left.size() == Right.size()
|
|
&& std::equal(Left.begin(), Left.end(), Right.begin(),
|
|
[](char a, char b) {
|
|
return tolower(a) == tolower(b);
|
|
});
|
|
}
|
|
};
|
|
|
|
struct MyHash{
|
|
size_t operator()(const std::string& Keyval) const {
|
|
// You might need a better hash function than this
|
|
size_t h = 0;
|
|
std::for_each(Keyval.begin(), Keyval.end(), [&](char c) {
|
|
h += tolower(c);
|
|
});
|
|
return h;
|
|
}
|
|
};
|
|
|
|
class InMemoryPerProcess :
|
|
public std::unordered_multimap<std::string, std::string,
|
|
/*std::hash<std::string>*/MyHash, MyEqual>,
|
|
public Collection {
|
|
public:
|
|
explicit InMemoryPerProcess(const std::string &name);
|
|
~InMemoryPerProcess();
|
|
void store(std::string key, std::string value) override;
|
|
|
|
bool storeOrUpdateFirst(const std::string &key,
|
|
const std::string &value) override;
|
|
|
|
bool updateFirst(const std::string &key,
|
|
const std::string &value) override;
|
|
|
|
void del(const std::string& key) override;
|
|
|
|
std::unique_ptr<std::string> resolveFirst(const std::string& var) override;
|
|
|
|
void resolveSingleMatch(const std::string& var,
|
|
std::vector<std::shared_ptr<const VariableValue>> *l) override;
|
|
void resolveMultiMatches(const std::string& var,
|
|
std::vector<std::shared_ptr<const VariableValue>> *l,
|
|
variables::KeyExclusions &ke) override;
|
|
void resolveRegularExpression(const std::string& var,
|
|
std::vector<std::shared_ptr<const VariableValue>> *l,
|
|
variables::KeyExclusions &ke) override;
|
|
|
|
private:
|
|
pthread_mutex_t m_lock;
|
|
};
|
|
|
|
} // namespace backend
|
|
} // namespace collection
|
|
} // namespace modsecurity
|
|
#endif
|
|
|
|
|
|
#endif // SRC_COLLECTION_BACKEND_IN_MEMORY_PER_PROCESS_H_
|