Makes RuleWithActions const in run time operations

owasp-modsecurity · Jan 6, 2020 · b27e19f · b27e19f
1 parent 79432b3
commit b27e19f
Show file tree

Hide file tree

Showing 91 changed files with 192 additions and 185 deletions.
diff --git a/headers/modsecurity/actions/action.h b/headers/modsecurity/actions/action.h
@@ -87,7 +87,7 @@ class Action {
     }
 
     virtual bool execute(Transaction *transaction) noexcept { return true; };
-    inline virtual bool executeAsDefaulAction(Transaction *transaction, RuleWithActions *r) noexcept {
+    inline virtual bool executeAsDefaulAction(Transaction *transaction, const RuleWithActions *r) noexcept {
         return execute(transaction);
     };
 

diff --git a/headers/modsecurity/rule.h b/headers/modsecurity/rule.h
@@ -61,29 +61,29 @@ class Rule {
         m_phase(r.m_phase)
     { };
 
-    virtual bool evaluate(Transaction *transaction) = 0;
+    virtual bool evaluate(Transaction *transaction) const = 0;
 
-    std::shared_ptr<std::string> getFileName() {
+    std::shared_ptr<std::string> getFileName() const {
         return m_fileName;
     }
 
-    int getLineNumber() {
+    int getLineNumber() const {
         return m_lineNumber;
     }
 
-    int getPhase() { return m_phase; }
+    int getPhase() const { return m_phase; }
     void setPhase(int phase) { m_phase = phase; }
 
-    virtual std::string getReference() {
+    virtual std::string getReference() const {
         return *m_fileName + ":" + std::to_string(m_lineNumber);
     }
 
-    virtual void dump(std::stringstream &out) {
+    virtual void dump(std::stringstream &out) const {
         out << getOriginInTextFormat() << std::endl;
     }
 
  protected:
-    std::string getOriginInTextFormat() {
+    std::string getOriginInTextFormat() const {
         std::stringstream ss;
         ss << "# File name: " << *getFileName() << std::endl;
         ss << "# Line number: " << getLineNumber();

diff --git a/headers/modsecurity/rule_message.h b/headers/modsecurity/rule_message.h
@@ -101,10 +101,10 @@ class RuleMessage {
     static std::string _details(RuleMessage *rm);
     static std::string _errorLogTail(RuleMessage *rm);
 
-    RuleWithActions *getRule() {
+    const RuleWithActions *getRule() {
         return m_rule;
     }
-    void setRule(RuleWithActions *rule) {
+    void setRule(const RuleWithActions *rule) {
         m_rule = rule;
     }
 
@@ -159,7 +159,7 @@ class RuleMessage {
     bool m_saveMessage:1;
     bool m_isSettle:1;
     Transaction *m_transaction;
-    RuleWithActions *m_rule;
+    const RuleWithActions *m_rule;
 };
 
 

diff --git a/headers/modsecurity/transaction.h b/headers/modsecurity/transaction.h
@@ -328,7 +328,7 @@ class TransactionRuleMessageManagement {
 
     RuleMessage *messageGetLast();
     void messageNew();
-    void messageLog(RuleWithActions *rule);
+    void messageLog(const RuleWithActions *rule);
 
     void messageSetNoAuditLog(bool a) {
         m_noAuditLog = a;

diff --git a/src/engine/lua.cc b/src/engine/lua.cc
@@ -122,8 +122,9 @@ const char *Lua::blob_reader(lua_State *L, void *ud, size_t *size) {
 #endif
 
 
-int Lua::run(Transaction *t, const std::string &str) {
+int Lua::run(Transaction *t, const std::string &str) const {
 #ifdef WITH_LUA
+    LuaScriptBlob blob = m_blob;
     std::string luaRet;
     const char *a = NULL;
     int ret = true;
@@ -140,9 +141,9 @@ int Lua::run(Transaction *t, const std::string &str) {
     lua_setglobal(L, "m");
 
 #ifdef WITH_LUA_5_1
-    int rc = lua_load(L, Lua::blob_reader, &m_blob, m_scriptName.c_str());
+    int rc = lua_load(L, Lua::blob_reader, &blob, m_scriptName.c_str());
 #else
-    int rc = lua_load(L, Lua::blob_reader, &m_blob, m_scriptName.c_str(),
+    int rc = lua_load(L, Lua::blob_reader, &blob, m_scriptName.c_str(),
         NULL);
 #endif
     if (rc != LUA_OK) {

diff --git a/src/engine/lua.h b/src/engine/lua.h
@@ -34,15 +34,21 @@ class LuaScriptBlob {
  public:
     LuaScriptBlob() :
         m_data(NULL),
-        m_len(0) { }
+        m_len(0)
+    { };
 
     ~LuaScriptBlob() {
         if (m_data) {
             free(m_data);
             m_data = NULL;
         }
-    }
+    };
 
+    LuaScriptBlob(const LuaScriptBlob &lua) {
+        m_data = reinterpret_cast<unsigned char *>(std::malloc(lua.m_len));
+        std::memcpy(m_data, lua.m_data, lua.m_len);
+        m_len = lua.m_len;
+    };
 
     void write(const void *data, size_t len) {
         unsigned char *d = NULL;
@@ -69,7 +75,8 @@ class Lua {
     Lua() { }
 
     bool load(std::string script, std::string *err);
-    int run(Transaction *t, const std::string &str_param = "");
+
+    int run(Transaction *t, const std::string &str_param = "") const;
     static bool isCompatible(std::string script, Lua *l, std::string *error);
 
 #ifdef WITH_LUA

diff --git a/src/operators/begins_with.cc b/src/operators/begins_with.cc
@@ -25,7 +25,7 @@ namespace operators {
 
 
 bool BeginsWith::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
     const bpstd::string_view &str,
     RuleMessage *ruleMessage) {
     std::string p(m_string->evaluate(transaction));

diff --git a/src/operators/begins_with.h b/src/operators/begins_with.h
@@ -33,7 +33,7 @@ class BeginsWith : public Operator {
         : Operator("BeginsWith", std::move(param)) { }
 
     bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
         const bpstd::string_view &input,
         RuleMessage *ruleMessage) override;
 };

diff --git a/src/operators/contains.cc b/src/operators/contains.cc
@@ -22,7 +22,7 @@ namespace modsecurity {
 namespace operators {
 
 bool Contains::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
     const bpstd::string_view &input,
     RuleMessage *ruleMessage) {
     std::string p(m_string->evaluate(transaction));

diff --git a/src/operators/contains.h b/src/operators/contains.h
@@ -36,7 +36,7 @@ class Contains : public Operator {
         : Operator("Contains", std::move(param)) { };
 
     bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
         const bpstd::string_view &input,
         RuleMessage *ruleMessage) override;
 };

diff --git a/src/operators/contains_word.cc b/src/operators/contains_word.cc
@@ -37,7 +37,7 @@ bool ContainsWord::acceptableChar(const bpstd::string_view &a, size_t pos) {
 }
 
 bool ContainsWord::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
     const bpstd::string_view &inputView,
     RuleMessage *ruleMessage) {
     std::string paramTarget(m_string->evaluate(transaction));

diff --git a/src/operators/contains_word.h b/src/operators/contains_word.h
@@ -33,7 +33,7 @@ class ContainsWord : public Operator {
         : Operator("ContainsWord", std::move(param)) { }
 
     bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
         const bpstd::string_view &input,
         RuleMessage *ruleMessage) override;
 

diff --git a/src/operators/detect_sqli.cc b/src/operators/detect_sqli.cc
@@ -28,7 +28,7 @@ namespace operators {
 
 
 bool DetectSQLi::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
     const bpstd::string_view &input,
     RuleMessage *ruleMessage) {
     char fingerprint[8];

diff --git a/src/operators/detect_sqli.h b/src/operators/detect_sqli.h
@@ -33,7 +33,7 @@ class DetectSQLi : public Operator {
         }
 
     bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
         const bpstd::string_view &input,
         RuleMessage *ruleMessage) override;
 };

diff --git a/src/operators/detect_xss.cc b/src/operators/detect_xss.cc
@@ -27,7 +27,7 @@ namespace operators {
 
 
 bool DetectXSS::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
     const bpstd::string_view &input,
     RuleMessage *ruleMessage) {
     int is_xss;

diff --git a/src/operators/detect_xss.h b/src/operators/detect_xss.h
@@ -32,7 +32,7 @@ class DetectXSS : public Operator {
         }
 
     bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
         const bpstd::string_view &input,
         RuleMessage *ruleMessage) override;
 };

diff --git a/src/operators/ends_with.cc b/src/operators/ends_with.cc
@@ -24,7 +24,7 @@ namespace operators {
 
 
 bool EndsWith::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
     const bpstd::string_view &input,
     RuleMessage *ruleMessage) {
     bool ret = false;

diff --git a/src/operators/ends_with.h b/src/operators/ends_with.h
@@ -35,7 +35,7 @@ class EndsWith : public Operator {
         }
 
     bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
         const bpstd::string_view &input,
         RuleMessage *ruleMessage) override;
 };

diff --git a/src/operators/eq.cc b/src/operators/eq.cc
@@ -25,7 +25,7 @@ namespace operators {
 
 
 bool Eq::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
     const bpstd::string_view &input,
     RuleMessage *ruleMessage) {
     int p = 0;

diff --git a/src/operators/eq.h b/src/operators/eq.h
@@ -33,7 +33,7 @@ class Eq : public Operator {
         : Operator("Eq", std::move(param)) { }
 
     bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
         const bpstd::string_view &input,
         RuleMessage *ruleMessage) override;
 };

diff --git a/src/operators/fuzzy_hash.cc b/src/operators/fuzzy_hash.cc
@@ -97,7 +97,7 @@ FuzzyHash::~FuzzyHash() {
 
 
 bool FuzzyHash::evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
         const bpstd::string_view &str,
         RuleMessage *ruleMessage) {
 #ifdef WITH_SSDEEP

diff --git a/src/operators/fuzzy_hash.h b/src/operators/fuzzy_hash.h
@@ -45,7 +45,7 @@ class FuzzyHash : public Operator {
     ~FuzzyHash();
 
     bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
         const bpstd::string_view &input,
         RuleMessage *ruleMessage) override;
 

diff --git a/src/operators/ge.cc b/src/operators/ge.cc
@@ -24,7 +24,7 @@ namespace modsecurity {
 namespace operators {
 
 bool Ge::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
     const bpstd::string_view &str,
     RuleMessage *ruleMessage) {
     std::string p(m_string->evaluate(transaction));

diff --git a/src/operators/ge.h b/src/operators/ge.h
@@ -34,7 +34,7 @@ class Ge : public Operator {
         }
 
     bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
         const bpstd::string_view &input,
         RuleMessage *ruleMessage) override;
 };

diff --git a/src/operators/geo_lookup.cc b/src/operators/geo_lookup.cc
@@ -40,7 +40,7 @@ bool GeoLookup::debug(Transaction *transaction, int x, const bpstd::string_view
 
 
 bool GeoLookup::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
     const bpstd::string_view &str,
     RuleMessage *ruleMessage) {
     using std::placeholders::_1;

diff --git a/src/operators/geo_lookup.h b/src/operators/geo_lookup.h
@@ -31,7 +31,7 @@ class GeoLookup : public Operator {
         : Operator("GeoLookup") { }
 
     bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
         const bpstd::string_view &input,
         RuleMessage *ruleMessage) override;
 

diff --git a/src/operators/gsblookup.cc b/src/operators/gsblookup.cc
@@ -24,7 +24,7 @@ namespace operators {
 
 
 bool GsbLookup::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
     const bpstd::string_view &str,
     RuleMessage *ruleMessage) {
     /**

diff --git a/src/operators/gsblookup.h b/src/operators/gsblookup.h
@@ -32,7 +32,7 @@ class GsbLookup : public Operator {
         : Operator("GsbLookup", std::move(param)) { }
 
     bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
         const bpstd::string_view &input,
         RuleMessage *ruleMessage) override;
 };

diff --git a/src/operators/gt.cc b/src/operators/gt.cc
@@ -24,7 +24,7 @@ namespace modsecurity {
 namespace operators {
 
 bool Gt::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
     const bpstd::string_view &str,
     RuleMessage *ruleMessage) {
     std::string p(m_string->evaluate(transaction));

diff --git a/src/operators/gt.h b/src/operators/gt.h
@@ -35,7 +35,7 @@ class Gt : public Operator {
         }
 
     bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
         const bpstd::string_view &input,
         RuleMessage *ruleMessage) override;
 };

diff --git a/src/operators/inspect_file.cc b/src/operators/inspect_file.cc
@@ -50,7 +50,7 @@ bool InspectFile::init(const std::string &param2, std::string *error) {
 
 
 bool InspectFile::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
     const bpstd::string_view &str,
     RuleMessage *ruleMessage) {
     if (m_isScript) {

diff --git a/src/operators/inspect_file.h b/src/operators/inspect_file.h
@@ -38,7 +38,7 @@ class InspectFile : public Operator {
     bool init(const std::string &file, std::string *error) override;
 
     bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
         const bpstd::string_view &input,
         RuleMessage *ruleMessage) override;
 

diff --git a/src/operators/ip_match.cc b/src/operators/ip_match.cc
@@ -38,7 +38,7 @@ bool IpMatch::init(const std::string &file, std::string *error) {
 
 
 bool IpMatch::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
     const bpstd::string_view &str,
     RuleMessage *ruleMessage) {
     return m_tree.contains(str.c_str());

diff --git a/src/operators/ip_match.h b/src/operators/ip_match.h
@@ -35,7 +35,7 @@ class IpMatch : public Operator {
         : Operator(n, std::move(param)) { }
 
     bool evaluate(Transaction *transaction,
-        RuleWithActions *rule,
+        const RuleWithActions *rule,
         const bpstd::string_view &input,
         RuleMessage *ruleMessage) override;
 

diff --git a/src/operators/le.cc b/src/operators/le.cc
@@ -24,7 +24,7 @@ namespace modsecurity {
 namespace operators {
 
 bool Le::evaluate(Transaction *transaction,
-    RuleWithActions *rule,
+    const RuleWithActions *rule,
     const bpstd::string_view &str,
     RuleMessage *ruleMessage) {
     std::string p(m_string->evaluate(transaction));