Skip to content

Commit 554251b

Browse files
author
Felipe Zimmerle
committed
Refactoring on the Rule class
1 parent 7484177 commit 554251b

17 files changed

+444
-600
lines changed

headers/modsecurity/rule.h

Lines changed: 56 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,12 @@ class Variables;
3838
}
3939
namespace actions {
4040
class Action;
41+
class Severity;
42+
class LogData;
43+
class Msg;
44+
class Rev;
45+
class SetVar;
46+
class Tag;
4147
}
4248
namespace operators {
4349
class Operator;
@@ -55,15 +61,31 @@ class Rule {
5561

5662
virtual bool evaluate(Transaction *transaction,
5763
std::shared_ptr<RuleMessage> rm);
58-
bool evaluateActions(Transaction *transaction);
59-
std::vector<std::unique_ptr<VariableValue>>
60-
getFinalVars(Transaction *trasn);
64+
65+
void organizeActions(std::vector<actions::Action *> *actions);
66+
void cleanUpActions();
67+
void executeAction(Transaction *trans,
68+
bool containsBlock, std::shared_ptr<RuleMessage> ruleMessage,
69+
actions::Action *a, bool context);
70+
71+
inline void executeTransformation(actions::Action *a,
72+
std::shared_ptr<std::string> *value,
73+
Transaction *trans,
74+
std::list<std::pair<std::shared_ptr<std::string>,
75+
std::shared_ptr<std::string>>> *ret,
76+
std::string *path,
77+
int *nth);
78+
79+
void getVariablesExceptions(Transaction *t,
80+
Variables::Variables *exclusion, Variables::Variables *addition);
81+
inline void getFinalVars(Variables::Variables *vars,
82+
Variables::Variables *eclusion, Transaction *trans);
6183
void executeActionsAfterFullMatch(Transaction *trasn,
6284
bool containsDisruptive, std::shared_ptr<RuleMessage> ruleMessage);
6385

6486
std::list<std::pair<std::shared_ptr<std::string>,
6587
std::shared_ptr<std::string>>> executeDefaultTransformations(
66-
Transaction *trasn, const std::string &value, bool multiMatch);
88+
Transaction *trasn, const std::string &value);
6789

6890
bool executeOperatorAt(Transaction *trasn, std::string key,
6991
std::string value, std::shared_ptr<RuleMessage> rm);
@@ -72,14 +94,12 @@ class Rule {
7294
void updateMatchedVars(Transaction *trasn, std::string key,
7395
std::string value);
7496
void cleanMatchedVars(Transaction *trasn);
75-
void updateRulesVariable(Transaction *trasn);
97+
void updateRulesVariable(Transaction *trasn, std::shared_ptr<RuleMessage> rm);
7698

77-
//std::vector<std::string> getActionNames();
7899
std::vector<actions::Action *> getActionsByName(const std::string& name,
79100
Transaction *t);
80101
bool containsTag(const std::string& name, Transaction *t);
81102
bool containsMsg(const std::string& name, Transaction *t);
82-
bool containsStaticDisruptiveAction();
83103

84104
int refCountDecreaseAndCheck() {
85105
m_referenceCount--;
@@ -95,26 +115,48 @@ class Rule {
95115
m_referenceCount++;
96116
}
97117

118+
void executeTransformations(
119+
actions::Action *a,
120+
std::shared_ptr<std::string> newValue,
121+
std::shared_ptr<std::string> value,
122+
Transaction *trans,
123+
std::list<std::pair<std::shared_ptr<std::string>,
124+
std::shared_ptr<std::string>>> *ret,
125+
std::shared_ptr<std::string> transStr,
126+
int nth);
98127

99-
int m_accuracy;
100-
std::vector<actions::Action *> m_actionsConf;
101128
std::vector<actions::Action *> m_actionsRuntimePos;
102129
std::vector<actions::Action *> m_actionsRuntimePre;
103130
bool m_chained;
104131
Rule *m_chainedRule;
105132
std::string m_fileName;
106133
int m_lineNumber;
107-
std::string m_logData;
108134
std::string m_marker;
109-
int m_maturity;
110135
operators::Operator *m_op;
111-
int m_phase;
112-
std::string m_rev;
113-
int64_t m_ruleId;
114136
bool m_secMarker;
115137
modsecurity::Variables::Variables *m_variables;
138+
139+
140+
int64_t m_ruleId;
141+
std::string m_rev;
142+
// msg ?
116143
std::string m_ver;
144+
//std::string m_logData;
145+
146+
//if (child->severity != NOT_SET) merged->severity = child->severity;
147+
int m_accuracy;
148+
int m_maturity;
149+
int m_phase;
117150

151+
bool m_containsStaticDisruptiveAction;
152+
bool m_containsCaptureAction;
153+
bool m_containsMultiMatchAction;
154+
bool m_containsStaticBlockAction;
155+
actions::Severity *m_severity;
156+
actions::LogData *m_logData;
157+
actions::Msg *m_msg;
158+
std::vector<actions::SetVar *> m_actionsSetVar;
159+
std::vector<actions::Tag *> m_actionsTag;
118160
private:
119161
bool m_unconditional;
120162
int m_referenceCount;

src/operators/detect_sqli.cc

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -40,8 +40,7 @@ bool DetectSQLi::evaluate(Transaction *t, Rule *rule,
4040
"fingerprint '" + std::string(fingerprint) + "' at: '" +
4141
input + "'");
4242
#endif
43-
if (rule && t
44-
&& rule->getActionsByName("capture", t).size() > 0) {
43+
if (rule && t && rule->m_containsCaptureAction) {
4544
t->m_collections.m_tx_collection->storeOrUpdateFirst(
4645
"0", std::string(fingerprint));
4746
#ifndef NO_LOGS

src/operators/detect_xss.cc

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,8 +36,7 @@ bool DetectXSS::evaluate(Transaction *t, Rule *rule,
3636
#ifndef NO_LOGS
3737
t->debug(5, "detected XSS using libinjection.");
3838
#endif
39-
if (rule && t
40-
&& rule->getActionsByName("capture", t).size() > 0) {
39+
if (rule && t && rule->m_containsCaptureAction) {
4140
t->m_collections.m_tx_collection->storeOrUpdateFirst(
4241
"0", std::string(input));
4342
#ifndef NO_LOGS

src/operators/pm.cc

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -96,16 +96,14 @@ bool Pm::evaluate(Transaction *transaction, Rule *rule,
9696
#ifdef MODSEC_MUTEX_ON_PM
9797
pthread_mutex_unlock(&m_lock);
9898
#endif
99-
bool capture = rule && rule->getActionsByName("capture",
100-
transaction).size() > 0;
10199

102100
if (rc > 0 && transaction) {
103101
std::string match_(match);
104102
logOffset(ruleMessage, rc - match_.size() + 1, match_.size());
105103
transaction->m_matched.push_back(match_);
106104
}
107105

108-
if (capture && transaction && rc) {
106+
if (rule && rule->m_containsCaptureAction && transaction && rc) {
109107
transaction->m_collections.m_tx_collection->storeOrUpdateFirst("0",
110108
std::string(match));
111109
#ifndef NO_LOGS

src/operators/rbl.cc

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -222,8 +222,7 @@ bool Rbl::evaluate(Transaction *t, Rule *rule,
222222
furtherInfo(sin, ipStr, t);
223223

224224
freeaddrinfo(info);
225-
if (rule && t
226-
&& rule->getActionsByName("capture", t).size() > 0) {
225+
if (rule && t && rule->m_containsCaptureAction) {
227226
t->m_collections.m_tx_collection->storeOrUpdateFirst(
228227
"0", std::string(ipStr));
229228
#ifndef NO_LOGS

src/operators/rx.cc

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -54,8 +54,7 @@ bool Rx::evaluate(Transaction *transaction, Rule *rule,
5454
}
5555

5656
matches = re->searchAll(input);
57-
if (rule && rule->getActionsByName("capture",
58-
transaction).size() > 0 && transaction) {
57+
if (rule && rule->m_containsCaptureAction && transaction) {
5958
int i = 0;
6059
matches.reverse();
6160
for (const SMatch& a : matches) {

src/operators/verify_cc.cc

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -142,8 +142,7 @@ bool VerifyCC::evaluate(Transaction *t, Rule *rule,
142142
is_cc = luhnVerify(match.c_str(), match.size());
143143
if (is_cc) {
144144
if (t) {
145-
if (rule && t
146-
&& rule->getActionsByName("capture", t).size() > 0) {
145+
if (rule && t && rule->m_containsCaptureAction) {
147146
t->m_collections.m_tx_collection->storeOrUpdateFirst(
148147
"0", std::string(match));
149148
#ifndef NO_LOGS

src/operators/verify_cpf.cc

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -133,8 +133,7 @@ bool VerifyCPF::evaluate(Transaction *t, Rule *rule,
133133
is_cpf = verify(i.match.c_str(), i.match.size());
134134
if (is_cpf) {
135135
logOffset(ruleMessage, i.m_offset, i.m_length);
136-
if (rule && t
137-
&& rule->getActionsByName("capture", t).size() > 0) {
136+
if (rule && t && rule->m_containsCaptureAction) {
138137
t->m_collections.m_tx_collection->storeOrUpdateFirst(
139138
"0", std::string(i.match));
140139
#ifndef NO_LOGS

src/operators/verify_ssn.cc

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -124,8 +124,7 @@ bool VerifySSN::evaluate(Transaction *t, Rule *rule,
124124
is_ssn = verify(i.match.c_str(), i.match.size());
125125
if (is_ssn) {
126126
logOffset(ruleMessage, i.m_offset, i.m_length);
127-
if (rule && t
128-
&& rule->getActionsByName("capture", t).size() > 0) {
127+
if (rule && t && rule->m_containsCaptureAction) {
129128
t->m_collections.m_tx_collection->storeOrUpdateFirst(
130129
"0", std::string(i.match));
131130
#ifndef NO_LOGS

src/parser/driver.cc

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,7 @@ int Driver::addSecRule(Rule *rule) {
8181
if (lastRule->m_chainedRule == NULL) {
8282
rule->m_phase = lastRule->m_phase;
8383
lastRule->m_chainedRule = rule;
84-
if (rule->containsStaticDisruptiveAction()) {
84+
if (rule->m_containsStaticDisruptiveAction) {
8585
m_parserError << "Disruptive actions can only be specified by";
8686
m_parserError << " chain starter rules.";
8787
return false;
@@ -94,7 +94,7 @@ int Driver::addSecRule(Rule *rule) {
9494
}
9595
if (a->m_chained && a->m_chainedRule == NULL) {
9696
a->m_chainedRule = rule;
97-
if (a->containsStaticDisruptiveAction()) {
97+
if (a->m_containsStaticDisruptiveAction) {
9898
m_parserError << "Disruptive actions can only be ";
9999
m_parserError << "specified by chain starter rules.";
100100
return false;

0 commit comments

Comments
 (0)