Refactoring on the Rule class

Author: Felipe Zimmerle

headers/modsecurity/rule.h

@@ -38,6 +38,12 @@ class Variables;
 }
 namespace actions {
 class Action;
+class Severity;
+class LogData;
+class Msg;
+class Rev;
+class SetVar;
+class Tag;
 }
 namespace operators {
 class Operator;
@@ -55,15 +61,31 @@ class Rule {
 
     virtual bool evaluate(Transaction *transaction,
         std::shared_ptr<RuleMessage> rm);
-    bool evaluateActions(Transaction *transaction);
-    std::vector<std::unique_ptr<VariableValue>>
-	getFinalVars(Transaction *trasn);
+
+    void organizeActions(std::vector<actions::Action *> *actions);
+    void cleanUpActions();
+    void executeAction(Transaction *trans,
+    bool containsBlock, std::shared_ptr<RuleMessage> ruleMessage,
+        actions::Action *a, bool context);
+
+    inline void executeTransformation(actions::Action *a,
+        std::shared_ptr<std::string> *value,
+        Transaction *trans,
+        std::list<std::pair<std::shared_ptr<std::string>,
+        std::shared_ptr<std::string>>> *ret,
+        std::string *path,
+        int *nth);
+
+    void getVariablesExceptions(Transaction *t,
+        Variables::Variables *exclusion, Variables::Variables *addition);
+    inline void getFinalVars(Variables::Variables *vars,
+        Variables::Variables *eclusion, Transaction *trans);
     void executeActionsAfterFullMatch(Transaction *trasn,
         bool containsDisruptive, std::shared_ptr<RuleMessage> ruleMessage);
 
     std::list<std::pair<std::shared_ptr<std::string>,
         std::shared_ptr<std::string>>> executeDefaultTransformations(
-        Transaction *trasn, const std::string &value, bool multiMatch);
+        Transaction *trasn, const std::string &value);
 
     bool executeOperatorAt(Transaction *trasn, std::string key,
         std::string value, std::shared_ptr<RuleMessage> rm);
@@ -72,14 +94,12 @@ class Rule {
     void updateMatchedVars(Transaction *trasn, std::string key,
         std::string value);
     void cleanMatchedVars(Transaction *trasn);
-    void updateRulesVariable(Transaction *trasn);
+    void updateRulesVariable(Transaction *trasn, std::shared_ptr<RuleMessage> rm);
 
-    //std::vector<std::string> getActionNames();
     std::vector<actions::Action *> getActionsByName(const std::string& name,
         Transaction *t);
     bool containsTag(const std::string& name, Transaction *t);
     bool containsMsg(const std::string& name, Transaction *t);
-    bool containsStaticDisruptiveAction();
 
     int refCountDecreaseAndCheck() {
         m_referenceCount--;
@@ -95,26 +115,48 @@ class Rule {
         m_referenceCount++;
     }
 
+    void executeTransformations(
+        actions::Action *a,
+        std::shared_ptr<std::string> newValue,
+        std::shared_ptr<std::string> value,
+        Transaction *trans,
+        std::list<std::pair<std::shared_ptr<std::string>,
+        std::shared_ptr<std::string>>> *ret,
+        std::shared_ptr<std::string> transStr,
+        int nth);
 
-    int m_accuracy;
-    std::vector<actions::Action *> m_actionsConf;
     std::vector<actions::Action *> m_actionsRuntimePos;
     std::vector<actions::Action *> m_actionsRuntimePre;
     bool m_chained;
     Rule *m_chainedRule;
     std::string m_fileName;
     int m_lineNumber;
-    std::string m_logData;
     std::string m_marker;
-    int m_maturity;
     operators::Operator *m_op;
-    int m_phase;
-    std::string m_rev;
-    int64_t m_ruleId;
     bool m_secMarker;
     modsecurity::Variables::Variables *m_variables;
+
+
+    int64_t m_ruleId;
+    std::string m_rev;
+    // msg ?
     std::string m_ver;
+    //std::string m_logData;
+
+    //if (child->severity != NOT_SET) merged->severity = child->severity;
+    int m_accuracy;
+    int m_maturity;
+    int m_phase;
 
+    bool m_containsStaticDisruptiveAction;
+    bool m_containsCaptureAction;
+    bool m_containsMultiMatchAction;
+    bool m_containsStaticBlockAction;
+    actions::Severity *m_severity;
+    actions::LogData *m_logData;
+    actions::Msg *m_msg;
+    std::vector<actions::SetVar *> m_actionsSetVar;
+    std::vector<actions::Tag *> m_actionsTag;
  private:
     bool m_unconditional;
     int m_referenceCount;

src/operators/detect_sqli.cc

@@ -40,8 +40,7 @@ bool DetectSQLi::evaluate(Transaction *t, Rule *rule,
                 "fingerprint '" + std::string(fingerprint) + "' at: '" +
                 input + "'");
 #endif
-            if (rule && t
-                && rule->getActionsByName("capture", t).size() > 0) {
+            if (rule && t && rule->m_containsCaptureAction) {
                 t->m_collections.m_tx_collection->storeOrUpdateFirst(
                     "0", std::string(fingerprint));
 #ifndef NO_LOGS

src/operators/detect_xss.cc

@@ -36,8 +36,7 @@ bool DetectXSS::evaluate(Transaction *t, Rule *rule,
 #ifndef NO_LOGS
             t->debug(5, "detected XSS using libinjection.");
 #endif
-            if (rule && t
-                && rule->getActionsByName("capture", t).size() > 0) {
+            if (rule && t && rule->m_containsCaptureAction) {
                 t->m_collections.m_tx_collection->storeOrUpdateFirst(
                     "0", std::string(input));
 #ifndef NO_LOGS

src/operators/pm.cc

@@ -96,16 +96,14 @@ bool Pm::evaluate(Transaction *transaction, Rule *rule,
 #ifdef MODSEC_MUTEX_ON_PM
     pthread_mutex_unlock(&m_lock);
 #endif
-    bool capture = rule && rule->getActionsByName("capture",
-        transaction).size() > 0;
 
     if (rc > 0 && transaction) {
         std::string match_(match);
         logOffset(ruleMessage, rc - match_.size() + 1, match_.size());
         transaction->m_matched.push_back(match_);
     }
 
-    if (capture && transaction && rc) {
+    if (rule && rule->m_containsCaptureAction && transaction && rc) {
         transaction->m_collections.m_tx_collection->storeOrUpdateFirst("0",
             std::string(match));
 #ifndef NO_LOGS

src/operators/rbl.cc

@@ -222,8 +222,7 @@ bool Rbl::evaluate(Transaction *t, Rule *rule,
     furtherInfo(sin, ipStr, t);
 
     freeaddrinfo(info);
-    if (rule && t
-        && rule->getActionsByName("capture", t).size() > 0) {
+    if (rule && t && rule->m_containsCaptureAction) {
         t->m_collections.m_tx_collection->storeOrUpdateFirst(
         "0", std::string(ipStr));
 #ifndef NO_LOGS

src/operators/rx.cc

@@ -54,8 +54,7 @@ bool Rx::evaluate(Transaction *transaction, Rule *rule,
     }
 
     matches = re->searchAll(input);
-    if (rule && rule->getActionsByName("capture",
-            transaction).size() > 0 && transaction) {
+    if (rule && rule->m_containsCaptureAction && transaction) {
         int i = 0;
         matches.reverse();
         for (const SMatch& a : matches) {

src/operators/verify_cc.cc

@@ -142,8 +142,7 @@ bool VerifyCC::evaluate(Transaction *t, Rule *rule,
             is_cc = luhnVerify(match.c_str(), match.size());
             if (is_cc) {
                 if (t) {
-                    if (rule && t
-                        && rule->getActionsByName("capture", t).size() > 0) {
+                    if (rule && t && rule->m_containsCaptureAction) {
                         t->m_collections.m_tx_collection->storeOrUpdateFirst(
                             "0", std::string(match));
 #ifndef NO_LOGS

src/operators/verify_cpf.cc

@@ -133,8 +133,7 @@ bool VerifyCPF::evaluate(Transaction *t, Rule *rule,
             is_cpf = verify(i.match.c_str(), i.match.size());
             if (is_cpf) {
                 logOffset(ruleMessage, i.m_offset, i.m_length);
-                if (rule && t
-                    && rule->getActionsByName("capture", t).size() > 0) {
+                if (rule && t && rule->m_containsCaptureAction) {
                     t->m_collections.m_tx_collection->storeOrUpdateFirst(
                         "0", std::string(i.match));
 #ifndef NO_LOGS

src/operators/verify_ssn.cc

@@ -124,8 +124,7 @@ bool VerifySSN::evaluate(Transaction *t, Rule *rule,
             is_ssn = verify(i.match.c_str(), i.match.size());
             if (is_ssn) {
                 logOffset(ruleMessage, i.m_offset, i.m_length);
-                if (rule && t
-                    && rule->getActionsByName("capture", t).size() > 0) {
+                if (rule && t && rule->m_containsCaptureAction) {
                     t->m_collections.m_tx_collection->storeOrUpdateFirst(
                         "0", std::string(i.match));
 #ifndef NO_LOGS

src/parser/driver.cc

@@ -81,7 +81,7 @@ int Driver::addSecRule(Rule *rule) {
         if (lastRule->m_chainedRule == NULL) {
             rule->m_phase = lastRule->m_phase;
             lastRule->m_chainedRule = rule;
-            if (rule->containsStaticDisruptiveAction()) {
+            if (rule->m_containsStaticDisruptiveAction) {
                 m_parserError << "Disruptive actions can only be specified by";
                 m_parserError << " chain starter rules.";
                 return false;
@@ -94,7 +94,7 @@ int Driver::addSecRule(Rule *rule) {
             }
             if (a->m_chained && a->m_chainedRule == NULL) {
                 a->m_chainedRule = rule;
-                if (a->containsStaticDisruptiveAction()) {
+                if (a->m_containsStaticDisruptiveAction) {
                     m_parserError << "Disruptive actions can only be ";
                     m_parserError << "specified by chain starter rules.";
                     return false;