github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
ModSecurity/src/operators/verify_cpf.h
eduar-hte 4df297b596 Avoid passing RuleMessage by std::shared_ptr and use a reference instead. 
- Avoids copying std::shared_ptr when lifetime of the RuleMessage
  is controlled by the caller.
  - The RuleMessage instance is created in RuleWithActions::evaluate and
    then used to call the overloaded version of this method that is
    specialized by subclasses.
  - Once the call to the overloaded method returns, the std::shared_ptr
    is destroyed as it's not stored by any of the callers, so it can
    be replaced with a stack variable and avoid paying the cost of
    copying the std::shared_ptr (and its control block that is
    guaranteed to be thread-safe and thus is not a straightforward
    pointer copy)
- Introduced RuleMessage::reset because this is required by
  RuleWithActions::performLogging when it's not the 'last log', the rule
  has multimatch and it's to be logged.
  - The current version is creating allocating another instance of
    RuleMessage on the heap to copy the Rule & Transaction related state
    while all the other members in the RuleMessage are set to their
    default values.
  - The new version leverages the existent, unused and incomplete
    function 'clean' (renamed as 'reset') to do this on the current
    instance.
    - Notice that the current code preserves the value of m_saveMessage,
      so 'reset' provides an argument for the caller to control whether
      this member should be reinitialized.
2024-10-07 11:45:00 -03:00

76 lines
1.8 KiB
C++
Raw Blame History

/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifndef SRC_OPERATORS_VERIFY_CPF_H_
#define SRC_OPERATORS_VERIFY_CPF_H_
#include <string>
#include <memory>
#include <utility>
#include "src/operators/operator.h"
#include "src/utils/regex.h"
namespace modsecurity {
using Utils::SMatch;
using Utils::regex_search;
using Utils::Regex;
namespace operators {
class VerifyCPF : public Operator {
public:
/** @ingroup ModSecurity_Operator */
explicit VerifyCPF(std::unique_ptr<RunTimeString> param)
: Operator("VerifyCPF", std::move(param)) {
m_re = new Regex(m_param);
}
~VerifyCPF() {
delete m_re;
}
bool operator=(const VerifyCPF &a) = delete;
VerifyCPF(const VerifyCPF &a) = delete;
bool evaluate(Transaction *transaction, RuleWithActions *rule,
const std::string& input,
RuleMessage &ruleMessage) override;
bool verify(const char *ssnumber, int len);
private:
static int convert_to_int(const char c);
Regex *m_re;
const char bad_cpf[12][12] = { "00000000000",
"01234567890",
"11111111111",
"22222222222",
"33333333333",
"44444444444",
"55555555555",
"66666666666",
"77777777777",
"88888888888",
"99999999999"};
};
} // namespace operators
} // namespace modsecurity
#endif // SRC_OPERATORS_VERIFY_CPF_H_
Reference in New Issue View Git Blame Copy Permalink