Adds support for RunTimeString

Felipe Zimmerle · Felipe Zimmerle · commit 6fe8655ed9c6 · 2018-02-20T13:40:00.000-03:00
Using RunTimeStrings instead of runtime parser for
macro expansion.
diff --git a/src/Makefile.am b/src/Makefile.am
@@ -272,6 +272,7 @@ libmodsecurity_la_SOURCES = \
 	debug_log/debug_log.cc \
 	debug_log/debug_log_writer.cc \
 	macro_expansion.cc \
+	run_time_string.cc \
 	rule.cc \
 	rule_message.cc \
 	rule_script.cc \
diff --git a/src/actions/disruptive/redirect.cc b/src/actions/disruptive/redirect.cc
@@ -30,17 +30,14 @@ namespace disruptive {
 
 
 bool Redirect::init(std::string *error) {
-    m_url = m_parser_payload;
-    m_url = utils::string::parserSanitizer(m_url);
     m_status = 302;
     return true;
 }
 
 
 bool Redirect::evaluate(Rule *rule, Transaction *transaction,
-   std::shared_ptr<RuleMessage> rm) {
-    m_urlExpanded = MacroExpansion::expand(m_url, transaction);
-
+    std::shared_ptr<RuleMessage> rm) {
+    std::string m_urlExpanded(m_string->evaluate(transaction));
     /* if it was changed before, lets keep it. */
     if (transaction->m_it.status == 200) {
         transaction->m_it.status = m_status;
diff --git a/src/actions/disruptive/redirect.h b/src/actions/disruptive/redirect.h
@@ -18,6 +18,7 @@
 
 #include "modsecurity/actions/action.h"
 #include "modsecurity/rule_message.h"
+#include "src/run_time_string.h"
 
 #ifndef SRC_ACTIONS_DISRUPTIVE_REDIRECT_H_
 #define SRC_ACTIONS_DISRUPTIVE_REDIRECT_H_
@@ -36,9 +37,11 @@ class Redirect : public Action {
  public:
     explicit Redirect(const std::string &action)
         : Action(action, RunTimeOnlyIfMatchKind),
-        m_status(0),
-        m_urlExpanded(""),
-        m_url("") { }
+        m_status(0) { }
+
+    explicit Redirect(std::unique_ptr<RunTimeString> z)
+        : Action("redirert", RunTimeOnlyIfMatchKind),
+            m_string(std::move(z)) { }
 
     bool evaluate(Rule *rule, Transaction *transaction,
         std::shared_ptr<RuleMessage> rm) override;
@@ -47,8 +50,7 @@ class Redirect : public Action {
 
  private:
     int m_status;
-    std::string m_urlExpanded;
-    std::string m_url;
+    std::unique_ptr<RunTimeString> m_string;
 };
 
 
diff --git a/src/actions/init_col.cc b/src/actions/init_col.cc
@@ -31,7 +31,7 @@ namespace actions {
 bool InitCol::init(std::string *error) {
     int posEquals = m_parser_payload.find("=");
 
-    if (m_parser_payload.size() < 8) {
+    if (m_parser_payload.size() < 2) {
         error->assign("Something wrong with initcol format: too small");
         return false;
     }
@@ -42,7 +42,6 @@ bool InitCol::init(std::string *error) {
     }
 
     m_collection_key = std::string(m_parser_payload, 0,  posEquals);
-    m_collection_value = std::string(m_parser_payload, posEquals + 1);
 
     if (m_collection_key != "ip" &&
         m_collection_key != "global" &&
@@ -57,9 +56,7 @@ bool InitCol::init(std::string *error) {
 
 
 bool InitCol::evaluate(Rule *rule, Transaction *t) {
-    std::string collectionName;
-    collectionName = MacroExpansion::expand(m_collection_value, t);
-
+    std::string collectionName(m_string->evaluate(t));
 
     if (m_collection_key == "ip") {
         t->m_collections.m_ip_collection_key = collectionName;
diff --git a/src/actions/init_col.h b/src/actions/init_col.h
@@ -16,6 +16,7 @@
 #include <string>
 
 #include "modsecurity/actions/action.h"
+#include "src/run_time_string.h"
 
 #ifndef SRC_ACTIONS_INIT_COL_H_
 #define SRC_ACTIONS_INIT_COL_H_
@@ -31,11 +32,15 @@ class InitCol : public Action {
  public:
     explicit InitCol(std::string action) : Action(action) { }
 
+    InitCol(std::string action, std::unique_ptr<RunTimeString> z)
+        : Action(action, RunTimeOnlyIfMatchKind),
+            m_string(std::move(z)) { }
+
     bool evaluate(Rule *rule, Transaction *transaction) override;
     bool init(std::string *error) override;
  private:
     std::string m_collection_key;
-    std::string m_collection_value;
+    std::unique_ptr<RunTimeString> m_string;
 };
 
 
diff --git a/src/actions/log_data.cc b/src/actions/log_data.cc
@@ -39,7 +39,8 @@ bool LogData::evaluate(Rule *rule, Transaction *transaction,
 }
 
 std::string LogData::data(Transaction *transaction) {
-    return MacroExpansion::expand(m_parser_payload, transaction);
+    std::string a(m_string->evaluate(transaction));
+    return a;
 }
 
 
diff --git a/src/actions/log_data.h b/src/actions/log_data.h
@@ -17,6 +17,7 @@
 #include <memory>
 
 #include "modsecurity/actions/action.h"
+#include "src/run_time_string.h"
 
 #ifndef SRC_ACTIONS_LOG_DATA_H_
 #define SRC_ACTIONS_LOG_DATA_H_
@@ -33,10 +34,16 @@ class LogData : public Action {
     explicit LogData(std::string action)
         : Action(action, RunTimeOnlyIfMatchKind) { }
 
+    explicit LogData(std::unique_ptr<RunTimeString> z)
+        : Action("logdata", RunTimeOnlyIfMatchKind),
+            m_string(std::move(z)) { }
+
     bool evaluate(Rule *rule, Transaction *transaction,
        std::shared_ptr<RuleMessage> rm) override;
 
     std::string data(Transaction *Transaction);
+
+    std::unique_ptr<RunTimeString> m_string;
 };
 
 
diff --git a/src/actions/msg.cc b/src/actions/msg.cc
@@ -61,8 +61,9 @@ bool Msg::evaluate(Rule *rule, Transaction *transaction,
 }
 
 
-std::string Msg::data(Transaction *transaction) {
-    return MacroExpansion::expand(m_parser_payload, transaction);
+std::string Msg::data(Transaction *t) {
+    std::string a(m_string->evaluate(t));
+    return a;
 }
 
 
diff --git a/src/actions/msg.h b/src/actions/msg.h
@@ -18,6 +18,7 @@
 
 #include "modsecurity/actions/action.h"
 #include "modsecurity/rule_message.h"
+#include "src/run_time_string.h"
 
 #ifndef SRC_ACTIONS_MSG_H_
 #define SRC_ACTIONS_MSG_H_
@@ -34,10 +35,15 @@ class Msg : public Action {
     explicit Msg(std::string action)
         : Action(action, RunTimeOnlyIfMatchKind) { }
 
+    explicit Msg(std::unique_ptr<RunTimeString> z)
+        : Action("msg", RunTimeOnlyIfMatchKind),
+            m_string(std::move(z)) { }
+
     bool evaluate(Rule *rule, Transaction *transaction,
         std::shared_ptr<RuleMessage> rm) override;
 
     std::string data(Transaction *Transaction);
+    std::unique_ptr<RunTimeString> m_string;
 };
 
 
diff --git a/src/actions/set_rsc.cc b/src/actions/set_rsc.cc
@@ -28,20 +28,12 @@ namespace actions {
 
 
 bool SetRSC::init(std::string *error) {
-    m_collection_key = std::string(m_parser_payload, 0,
-        m_parser_payload.length());
-
-    if (m_collection_key.empty()) {
-        error->assign("Missing collection key");
-        return false;
-    }
-
     return true;
 }
 
 
 bool SetRSC::evaluate(Rule *rule, Transaction *t) {
-    std::string colNameExpanded = MacroExpansion::expand(m_collection_key, t);
+    std::string colNameExpanded(m_string->evaluate(t));
 
 #ifndef NO_LOGS
     t->debug(8, "RESOURCE initiated with value: \'"
diff --git a/src/actions/set_rsc.h b/src/actions/set_rsc.h
@@ -16,6 +16,7 @@
 #include <string>
 
 #include "modsecurity/actions/action.h"
+#include "src/run_time_string.h"
 
 #ifndef SRC_ACTIONS_SET_RSC_H_
 #define SRC_ACTIONS_SET_RSC_H_
@@ -32,11 +33,15 @@ class SetRSC : public Action {
     explicit SetRSC(std::string _action)
         : Action(_action) { }
 
+    explicit SetRSC(std::unique_ptr<RunTimeString> z)
+        : Action("setsrc", RunTimeOnlyIfMatchKind),
+            m_string(std::move(z)) { }
+
     bool evaluate(Rule *rule, Transaction *transaction) override;
     bool init(std::string *error) override;
 
  private:
-    std::string m_collection_key;
+    std::unique_ptr<RunTimeString> m_string;
 };
 
 
diff --git a/src/actions/set_sid.cc b/src/actions/set_sid.cc
@@ -28,20 +28,12 @@ namespace actions {
 
 
 bool SetSID::init(std::string *error) {
-    m_collection_key = std::string(m_parser_payload, 0,
-        m_parser_payload.length());
-
-    if (m_collection_key.empty()) {
-        error->assign("Missing collection key");
-        return false;
-    }
-
     return true;
 }
 
 
 bool SetSID::evaluate(Rule *rule, Transaction *t) {
-    std::string colNameExpanded = MacroExpansion::expand(m_collection_key, t);
+    std::string colNameExpanded(m_string->evaluate(t));
 
 #ifndef NO_LOGS
     t->debug(8, "Session ID initiated with value: \'"
diff --git a/src/actions/set_sid.h b/src/actions/set_sid.h
@@ -16,6 +16,7 @@
 #include <string>
 
 #include "modsecurity/actions/action.h"
+#include "src/run_time_string.h"
 
 #ifndef SRC_ACTIONS_SET_SID_H_
 #define SRC_ACTIONS_SET_SID_H_
@@ -32,11 +33,15 @@ class SetSID : public Action {
     explicit SetSID(std::string _action)
         : Action(_action) { }
 
+    explicit SetSID(std::unique_ptr<RunTimeString> z)
+        : Action("setsid", RunTimeOnlyIfMatchKind),
+            m_string(std::move(z)) { }
+
     bool evaluate(Rule *rule, Transaction *transaction) override;
     bool init(std::string *error) override;
 
  private:
-    std::string m_collection_key;
+    std::unique_ptr<RunTimeString> m_string;
 };
 
 
diff --git a/src/actions/set_uid.cc b/src/actions/set_uid.cc
@@ -28,20 +28,12 @@ namespace actions {
 
 
 bool SetUID::init(std::string *error) {
-    m_collection_key = std::string(m_parser_payload, 0,
-        m_parser_payload.length());
-
-    if (m_collection_key.empty()) {
-        error->assign("Missing collection key");
-        return false;
-    }
-
     return true;
 }
 
 
 bool SetUID::evaluate(Rule *rule, Transaction *t) {
-    std::string colNameExpanded = MacroExpansion::expand(m_collection_key, t);
+    std::string colNameExpanded(m_string->evaluate(t));
 
 #ifndef NO_LOGS
     t->debug(8, "User collection initiated with value: \'"
diff --git a/src/actions/set_uid.h b/src/actions/set_uid.h
@@ -16,6 +16,7 @@
 #include <string>
 
 #include "modsecurity/actions/action.h"
+#include "src/run_time_string.h"
 
 #ifndef SRC_ACTIONS_SET_UID_H_
 #define SRC_ACTIONS_SET_UID_H_
@@ -32,11 +33,15 @@ class SetUID : public Action {
     explicit SetUID(std::string _action)
         : Action(_action) { }
 
+    explicit SetUID(std::unique_ptr<RunTimeString> z)
+        : Action("setuid", RunTimeOnlyIfMatchKind),
+            m_string(std::move(z)) { }
+
     bool evaluate(Rule *rule, Transaction *transaction) override;
     bool init(std::string *error) override;
 
  private:
-    std::string m_collection_key;
+    std::unique_ptr<RunTimeString> m_string;
 };
 
 
diff --git a/src/actions/tag.cc b/src/actions/tag.cc
@@ -52,7 +52,7 @@ namespace actions {
 
 
 std::string Tag::getName(Transaction *transaction) {
-    std::string tag = MacroExpansion::expand(m_parser_payload, transaction);
+    std::string tag(m_string->evaluate(transaction));
     return tag;
 }
 
diff --git a/src/actions/tag.h b/src/actions/tag.h
@@ -17,6 +17,7 @@
 #include <memory>
 
 #include "modsecurity/actions/action.h"
+#include "src/run_time_string.h"
 
 #ifndef SRC_ACTIONS_TAG_H_
 #define SRC_ACTIONS_TAG_H_
@@ -33,10 +34,16 @@ class Tag : public Action {
     explicit Tag(std::string action)
         : Action(action, RunTimeOnlyIfMatchKind) { }
 
+    explicit Tag(std::unique_ptr<RunTimeString> z)
+        : Action("tag", RunTimeOnlyIfMatchKind),
+        m_string(std::move(z)) { }
+
     std::string getName(Transaction *transaction);
 
     bool evaluate(Rule *rule, Transaction *transaction,
         std::shared_ptr<RuleMessage> rm) override;
+
+    std::unique_ptr<RunTimeString> m_string;
 };
 
 
diff --git a/src/parser/seclang-parser.cc b/src/parser/seclang-parser.cc
diff --git a/src/parser/seclang-parser.hh b/src/parser/seclang-parser.hh
diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy
diff --git a/src/parser/seclang-scanner.cc b/src/parser/seclang-scanner.cc
diff --git a/src/parser/seclang-scanner.ll b/src/parser/seclang-scanner.ll
diff --git a/src/run_time_string.cc b/src/run_time_string.cc
diff --git a/src/run_time_string.h b/src/run_time_string.h

Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,8 @@ bool LogData::evaluate(Rule rule, Transaction transaction,`
`39`	`39`	`}`
`40`	`40`
`41`	`41`	`std::string LogData::data(Transaction *transaction) {`
`42`		`- return MacroExpansion::expand(m_parser_payload, transaction);`
	`42`	`+ std::string a(m_string->evaluate(transaction));`
	`43`	`+ return a;`
`43`	`44`	`}`
`44`	`45`
`45`	`46`
Original file line number	Diff line number	Diff line change
`@@ -61,8 +61,9 @@ bool Msg::evaluate(Rule rule, Transaction transaction,`
`61`	`61`	`}`
`62`	`62`
`63`	`63`
`64`		`-std::string Msg::data(Transaction *transaction) {`
`65`		`- return MacroExpansion::expand(m_parser_payload, transaction);`
	`64`	`+std::string Msg::data(Transaction *t) {`
	`65`	`+ std::string a(m_string->evaluate(t));`
	`66`	`+ return a;`
`66`	`67`	`}`
`67`	`68`
`68`	`69`