owasp-modsecurity · airween · Aug 28, 2024 · May 14, 2024 · Aug 19, 2024 · Aug 19, 2024
diff --git a/headers/modsecurity/actions/action.h b/headers/modsecurity/actions/action.h
@@ -13,41 +13,66 @@
  *
  */
 
-#ifdef __cplusplus
-
-#include <string>
-#include <iostream>
-#include <memory>
-
-#endif
-
-#include "modsecurity/intervention.h"
-#include "modsecurity/rule.h"
-#include "modsecurity/rule_with_actions.h"
-
 #ifndef HEADERS_MODSECURITY_ACTIONS_ACTION_H_
 #define HEADERS_MODSECURITY_ACTIONS_ACTION_H_
 
 #ifdef __cplusplus
 
+#include <string>
+#include <memory>
+
 namespace modsecurity {
 class Transaction;
 class RuleWithOperator;
+class RuleWithActions;
+class RuleMessage;
 
 namespace actions {
 
 
 class Action {
  public:
+    /**
+     *
+     * Define the action kind regarding to the execution time.
+     * 
+     * 
+     */
+    enum class Kind {
+    /**
+     *
+     * Action that are executed while loading the configuration. For instance
+     * the rule ID or the rule phase.
+     *
+     */
+     ConfigurationKind,
+    /**
+     *
+     * Those are actions that demands to be executed before call the operator.
+     * For instance the tranformations.
+     *
+     *
+     */
+     RunTimeBeforeMatchAttemptKind,
+    /**
+     *
+     * Actions that are executed after the execution of the operator, only if
+     * the operator returned Match (or True). For instance the disruptive
+     * actions.
+     *
+     */
+     RunTimeOnlyIfMatchKind,
+    };
+
     explicit Action(const std::string& _action)
         : m_isNone(false),
         temporaryAction(false),
-        action_kind(2),
+        action_kind(Kind::RunTimeOnlyIfMatchKind),
         m_name(nullptr),
         m_parser_payload("") {
             set_name_and_payload(_action);
         }
-    explicit Action(const std::string& _action, int kind)
+    explicit Action(const std::string& _action, Kind kind)
         : m_isNone(false),
         temporaryAction(false),
         action_kind(kind),
@@ -74,8 +99,6 @@ class Action {
 
     virtual ~Action() { }
 
-    virtual std::string evaluate(const std::string &exp,
-        Transaction *transaction);
     virtual bool evaluate(RuleWithActions *rule, Transaction *transaction);
     virtual bool evaluate(RuleWithActions *rule, Transaction *transaction,
         std::shared_ptr<RuleMessage> ruleMessage) {
@@ -87,9 +110,9 @@ class Action {
 
     void set_name_and_payload(const std::string& data) {
         size_t pos = data.find(":");
-        std::string t = "t:";
+        const char t[] = "t:";
 
-        if (data.compare(0, t.length(), t) == 0) {
+        if (data.compare(0, std::size(t) - 1, t) == 0) {
             pos = data.find(":", 2);
         }
 
@@ -109,41 +132,9 @@ class Action {
 
     bool m_isNone;
     bool temporaryAction;
-    int action_kind;
+    Kind action_kind;
     std::shared_ptr<std::string> m_name;
     std::string m_parser_payload;
-
-    /**
-     *
-     * Define the action kind regarding to the execution time.
-     * 
-     * 
-     */
-    enum Kind {
-    /**
-     *
-     * Action that are executed while loading the configuration. For instance
-     * the rule ID or the rule phase.
-     *
-     */
-     ConfigurationKind,
-    /**
-     *
-     * Those are actions that demands to be executed before call the operator.
-     * For instance the tranformations.
-     *
-     *
-     */
-     RunTimeBeforeMatchAttemptKind,
-    /**
-     *
-     * Actions that are executed after the execution of the operator, only if
-     * the operator returned Match (or True). For instance the disruptive
-     * actions.
-     *
-     */
-     RunTimeOnlyIfMatchKind,
-    };
  };
 
 

diff --git a/headers/modsecurity/rule.h b/headers/modsecurity/rule.h
@@ -52,7 +52,7 @@ namespace operators {
 class Operator;
 }
 
-using TransformationResult = std::pair<std::shared_ptr<std::string>,
+using TransformationResult = std::pair<std::string,
     std::shared_ptr<std::string>>;
 using TransformationResults = std::list<TransformationResult>;
 

diff --git a/headers/modsecurity/rule_with_actions.h b/headers/modsecurity/rule_with_actions.h
@@ -119,16 +119,7 @@ class RuleWithActions : public Rule {
 
 
     void executeTransformations(
-        Transaction *trasn, const std::string &value, TransformationResults &ret);
-
-    inline void executeTransformation(
-        actions::transformations::Transformation *a,
-        std::shared_ptr<std::string> *value,
-        Transaction *trans,
-        TransformationResults *ret,
-        std::string *path,
-        int *nth) const;
-
+        const Transaction *trasn, const std::string &value, TransformationResults &ret);
 
     void performLogging(Transaction *trans,
         std::shared_ptr<RuleMessage> ruleMessage,
@@ -166,6 +157,14 @@ class RuleWithActions : public Rule {
     RuleWithActions *m_chainedRuleParent;
 
  private:
+    inline void executeTransformation(
+        const actions::transformations::Transformation &a,
+        std::string &value,
+        const Transaction *trans,
+        TransformationResults &ret,
+        std::string &path,
+        int &nth) const;
+
     /* actions */
     actions::Action *m_disruptiveAction;
     actions::LogData *m_logData;

diff --git a/src/Makefile.am b/src/Makefile.am
@@ -248,11 +248,9 @@ UTILS = \
 	utils/geo_lookup.cc \
 	utils/https_client.cc \
 	utils/ip_tree.cc \
-	utils/md5.cc \
 	utils/msc_tree.cc \
 	utils/random.cc \
 	utils/regex.cc \
-	utils/sha1.cc \
 	utils/system.cc \
 	utils/shared_files.cc
 

diff --git a/src/actions/accuracy.cc b/src/actions/accuracy.cc
@@ -15,16 +15,10 @@
 
 #include "src/actions/accuracy.h"
 
-#include <iostream>
-#include <string>
+#include "modsecurity/rule_with_actions.h"
 
-#include "modsecurity/actions/action.h"
-#include "modsecurity/transaction.h"
-#include "modsecurity/rule.h"
 
-
-namespace modsecurity {
-namespace actions {
+namespace modsecurity::actions {
 
 
 bool Accuracy::init(std::string *error) {
@@ -45,5 +39,4 @@ bool Accuracy::evaluate(RuleWithActions *rule, Transaction *transaction) {
 }
 
 
-}  // namespace actions
-}  // namespace modsecurity
+}  // namespace modsecurity::actions
diff --git a/src/actions/accuracy.h b/src/actions/accuracy.h
@@ -30,7 +30,7 @@ namespace actions {
 class Accuracy : public Action {
  public:
     explicit Accuracy(const std::string &action) 
-        : Action(action, ConfigurationKind),
+        : Action(action, Kind::ConfigurationKind),
         m_accuracy(0) { }
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction) override;

diff --git a/src/actions/action.cc b/src/actions/action.cc
@@ -45,12 +45,6 @@ namespace modsecurity {
 namespace actions {
 
 
-std::string Action::evaluate(const std::string &value,
-    Transaction *transaction) {
-    return value;
-}
-
-
 bool Action::evaluate(RuleWithActions *rule, Transaction *transaction) {
     return true;
 }

diff --git a/src/actions/audit_log.h b/src/actions/audit_log.h
@@ -33,7 +33,7 @@ namespace actions {
 class AuditLog : public Action {
  public:
     explicit AuditLog(const std::string &action) 
-        : Action(action, RunTimeOnlyIfMatchKind) { }
+        : Action(action) { }
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction,
         std::shared_ptr<RuleMessage> rm) override;

diff --git a/src/actions/capture.h b/src/actions/capture.h
@@ -29,7 +29,7 @@ namespace actions {
 class Capture : public Action {
  public:
     explicit Capture(const std::string &action) 
-        : Action(action, RunTimeOnlyIfMatchKind) { }
+        : Action(action) { }
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
 };

diff --git a/src/actions/chain.cc b/src/actions/chain.cc
@@ -15,14 +15,9 @@
 
 #include "src/actions/chain.h"
 
-#include <iostream>
-#include <string>
+#include "modsecurity/rule_with_actions.h"
 
-#include "modsecurity/transaction.h"
-#include "modsecurity/rule.h"
-
-namespace modsecurity {
-namespace actions {
+namespace modsecurity::actions {
 
 
 bool Chain::evaluate(RuleWithActions *rule, Transaction *transaction) {
@@ -31,5 +26,4 @@ bool Chain::evaluate(RuleWithActions *rule, Transaction *transaction) {
 }
 
 
-}  // namespace actions
-}  // namespace modsecurity
+}  // namespace modsecurity::actions
diff --git a/src/actions/chain.h b/src/actions/chain.h
@@ -33,7 +33,7 @@ namespace actions {
 class Chain : public Action {
  public:
     explicit Chain(const std::string &action) 
-        : Action(action, ConfigurationKind) { }
+        : Action(action, Kind::ConfigurationKind) { }
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
 };

diff --git a/src/actions/ctl/audit_engine.h b/src/actions/ctl/audit_engine.h
@@ -34,7 +34,7 @@ namespace ctl {
 class AuditEngine : public Action {
  public:
     explicit AuditEngine(const std::string &action)
-        : Action(action, RunTimeOnlyIfMatchKind),
+        : Action(action),
         m_auditEngine(audit_log::AuditLog::AuditLogStatus::NotSetLogStatus) { }
 
     bool init(std::string *error) override;

diff --git a/src/actions/ctl/audit_log_parts.h b/src/actions/ctl/audit_log_parts.h
@@ -29,7 +29,7 @@ namespace ctl {
 class AuditLogParts : public Action {
  public:
     explicit AuditLogParts(const std::string &action) 
-        : Action(action, RunTimeOnlyIfMatchKind),
+        : Action(action),
         mPartsAction(0),
         mParts("") { }
 

diff --git a/src/actions/ctl/request_body_access.h b/src/actions/ctl/request_body_access.h
@@ -30,7 +30,7 @@ namespace ctl {
 class RequestBodyAccess : public Action {
  public:
     explicit RequestBodyAccess(const std::string &action) 
-        : Action(action, RunTimeOnlyIfMatchKind),
+        : Action(action),
         m_request_body_access(false) { }
 
     bool init(std::string *error) override;

diff --git a/src/actions/ctl/request_body_processor_json.h b/src/actions/ctl/request_body_processor_json.h
@@ -29,7 +29,7 @@ namespace ctl {
 class RequestBodyProcessorJSON : public Action {
  public:
     explicit RequestBodyProcessorJSON(const std::string &action) 
-        : Action(action, RunTimeOnlyIfMatchKind) { }
+        : Action(action) { }
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
 };

diff --git a/src/actions/ctl/request_body_processor_urlencoded.h b/src/actions/ctl/request_body_processor_urlencoded.h
@@ -29,7 +29,7 @@ namespace ctl {
 class RequestBodyProcessorURLENCODED : public Action {
  public:
     explicit RequestBodyProcessorURLENCODED(const std::string &action) 
-        : Action(action, RunTimeOnlyIfMatchKind) { }
+        : Action(action) { }
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
 };

diff --git a/src/actions/ctl/request_body_processor_xml.h b/src/actions/ctl/request_body_processor_xml.h
@@ -29,7 +29,7 @@ namespace ctl {
 class RequestBodyProcessorXML : public Action {
  public:
     explicit RequestBodyProcessorXML(const std::string &action) 
-        : Action(action, RunTimeOnlyIfMatchKind) { }
+        : Action(action) { }
 
     bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
 };

diff --git a/src/actions/ctl/rule_engine.h b/src/actions/ctl/rule_engine.h
@@ -31,7 +31,7 @@ namespace ctl {
 class RuleEngine : public Action {
  public:
     explicit RuleEngine(const std::string &action) 
-        : Action(action, RunTimeOnlyIfMatchKind),
+        : Action(action),
         m_ruleEngine(RulesSetProperties::PropertyNotSetRuleEngine) { }
 
     bool init(std::string *error) override;

diff --git a/src/actions/ctl/rule_remove_by_id.h b/src/actions/ctl/rule_remove_by_id.h
@@ -30,7 +30,7 @@ namespace ctl {
 class RuleRemoveById : public Action {
  public:
     explicit RuleRemoveById(const std::string &action) 
-        : Action(action, RunTimeOnlyIfMatchKind) { }
+        : Action(action) { }
 
     bool init(std::string *error) override;
     bool evaluate(RuleWithActions *rule, Transaction *transaction) override;

diff --git a/src/actions/ctl/rule_remove_by_tag.h b/src/actions/ctl/rule_remove_by_tag.h
@@ -30,7 +30,7 @@ namespace ctl {
 class RuleRemoveByTag : public Action {
  public:
     explicit RuleRemoveByTag(const std::string &action) 
-        : Action(action, RunTimeOnlyIfMatchKind),
+        : Action(action),
         m_tag("") { }
 
     bool init(std::string *error) override;

diff --git a/src/actions/ctl/rule_remove_target_by_id.h b/src/actions/ctl/rule_remove_target_by_id.h
@@ -30,7 +30,7 @@ namespace ctl {
 class RuleRemoveTargetById : public Action {
  public:
     explicit RuleRemoveTargetById(const std::string &action) 
-        : Action(action, RunTimeOnlyIfMatchKind),
+        : Action(action),
         m_id(0),
         m_target("") { }
 

diff --git a/src/actions/ctl/rule_remove_target_by_tag.h b/src/actions/ctl/rule_remove_target_by_tag.h
@@ -30,7 +30,7 @@ namespace ctl {
 class RuleRemoveTargetByTag : public Action {
  public:
     explicit RuleRemoveTargetByTag(const std::string &action) 
-        : Action(action, RunTimeOnlyIfMatchKind) { }
+        : Action(action) { }
 
     bool init(std::string *error) override;
     bool evaluate(RuleWithActions *rule, Transaction *transaction) override;