owasp-modsecurity
diff --git a/‎headers/modsecurity/rule.h
Lines changed: 2 additions & 0 deletions b/‎headers/modsecurity/rule.h
Lines changed: 2 additions & 0 deletions
diff --git a/‎headers/modsecurity/rule_marker.h
Lines changed: 3 additions & 0 deletions b/‎headers/modsecurity/rule_marker.h
Lines changed: 3 additions & 0 deletions
diff --git a/‎headers/modsecurity/rule_message.h
Lines changed: 40 additions & 2 deletions b/‎headers/modsecurity/rule_message.h
Lines changed: 40 additions & 2 deletions
diff --git a/‎headers/modsecurity/rule_unconditional.h
Lines changed: 59 additions & 0 deletions b/‎headers/modsecurity/rule_unconditional.h
Lines changed: 59 additions & 0 deletions
diff --git a/‎headers/modsecurity/rule_with_actions.h
Lines changed: 19 additions & 5 deletions b/‎headers/modsecurity/rule_with_actions.h
Lines changed: 19 additions & 5 deletions
diff --git a/‎headers/modsecurity/rule_with_operator.h
Lines changed: 0 additions & 7 deletions b/‎headers/modsecurity/rule_with_operator.h
Lines changed: 0 additions & 7 deletions
diff --git a/‎src/Makefile.am
Lines changed: 2 additions & 0 deletions b/‎src/Makefile.am
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/operators/begins_with.cc
Lines changed: 1 addition & 1 deletion b/‎src/operators/begins_with.cc
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/operators/begins_with.h
Lines changed: 1 addition & 1 deletion b/‎src/operators/begins_with.h
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/operators/contains.cc
Lines changed: 1 addition & 1 deletion b/‎src/operators/contains.cc
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/operators/contains.h
Lines changed: 1 addition & 1 deletion b/‎src/operators/contains.h
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/operators/contains_word.cc
Lines changed: 1 addition & 1 deletion b/‎src/operators/contains_word.cc
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/operators/contains_word.h
Lines changed: 1 addition & 1 deletion b/‎src/operators/contains_word.h
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/operators/detect_sqli.cc
Lines changed: 1 addition & 1 deletion b/‎src/operators/detect_sqli.cc
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/operators/detect_sqli.h
Lines changed: 1 addition & 1 deletion b/‎src/operators/detect_sqli.h
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/operators/detect_xss.cc
Lines changed: 1 addition & 1 deletion b/‎src/operators/detect_xss.cc
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/operators/detect_xss.h
Lines changed: 1 addition & 1 deletion b/‎src/operators/detect_xss.h
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/operators/ends_with.cc
Lines changed: 1 addition & 1 deletion b/‎src/operators/ends_with.cc
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/operators/ends_with.h
Lines changed: 1 addition & 1 deletion b/‎src/operators/ends_with.h
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/operators/operator.cc
Lines changed: 2 additions & 2 deletions b/‎src/operators/operator.cc
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/operators/operator.h
Lines changed: 5 additions & 6 deletions b/‎src/operators/operator.h
Lines changed: 5 additions & 6 deletions
diff --git a/‎src/operators/pm.cc
Lines changed: 1 addition & 1 deletion b/‎src/operators/pm.cc
Lines changed: 1 addition & 1 deletion
@@ -73,6 +73,8 @@ class Rule {
         m_phase(modsecurity::Phases::RequestHeadersPhase) {
         }
 
+    virtual bool evaluate(Transaction *transaction) = 0;
+
     virtual bool evaluate(Transaction *transaction,
         std::shared_ptr<RuleMessage> rm) = 0;
 
 
@@ -47,7 +47,10 @@ class RuleMarker : public Rule {
 
     virtual bool evaluate(Transaction *transaction,
         std::shared_ptr<RuleMessage> rm) override {
+        return evaluate(transaction);
+    }
 
+    virtual bool evaluate(Transaction *transaction) override {
         if (transaction->isInsideAMarker()) {
             if (*transaction->getCurrentMarker() == *m_name) {
                 transaction->removeMarker();
 
@@ -42,7 +42,13 @@ class RuleMessage {
         ClientLogMessageInfo = 4
     };
 
-    explicit RuleMessage(RuleWithOperator *rule, Transaction *trans) :
+    /**
+     *
+     * FIXME: RuleMessage is currently too big, doing a lot of
+     * unnecessary data duplication. Needs to be shrink down.
+     *
+     */
+    RuleMessage(RuleWithActions *rule, Transaction *trans) :
         m_accuracy(rule->m_accuracy),
         m_clientIpAddress(trans->m_clientIpAddress),
         m_data(""),
@@ -66,6 +72,38 @@ class RuleMessage {
         m_ver(rule->m_ver)
     { }
 
+    explicit RuleMessage(RuleMessage *rule) :
+        m_accuracy(rule->m_accuracy),
+        m_clientIpAddress(rule->m_clientIpAddress),
+        m_data(rule->m_data),
+        m_id(rule->m_id),
+        m_isDisruptive(rule->m_isDisruptive),
+        m_match(rule->m_match),
+        m_maturity(rule->m_maturity),
+        m_message(rule->m_message),
+        m_noAuditLog(rule->m_noAuditLog),
+        m_phase(rule->m_phase),
+        m_reference(rule->m_reference),
+        m_rev(rule->m_rev),
+        m_rule(rule->m_rule),
+        m_ruleFile(rule->m_ruleFile),
+        m_ruleId(rule->m_ruleId),
+        m_ruleLine(rule->m_ruleLine),
+        m_saveMessage(rule->m_saveMessage),
+        m_serverIpAddress(rule->m_serverIpAddress),
+        m_severity(rule->m_severity),
+        m_uriNoQueryStringDecoded(rule->m_uriNoQueryStringDecoded),
+        m_ver(rule->m_ver)
+    { }
+
+    void clean() {
+        m_data = "";
+        m_match = "";
+        m_isDisruptive = false;
+        m_reference = "";
+        m_severity = 0;
+        m_ver = "";
+    }
 
     std::string log() {
         return log(this, 0);
@@ -104,7 +142,7 @@ class RuleMessage {
     int m_phase;
     std::string m_reference;
     std::string m_rev;
-    RuleWithOperator *m_rule;
+    RuleWithActions *m_rule;
     std::shared_ptr<std::string> m_ruleFile;
     int m_ruleId;
     int m_ruleLine;
 
@@ -0,0 +1,59 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address [email protected].
+ *
+ */
+
+#ifdef __cplusplus
+#include <stack>
+#include <vector>
+#include <string>
+#include <list>
+#include <memory>
+#include <utility>
+#endif
+
+#ifndef HEADERS_MODSECURITY_RULE_UNCONDITIONAL_H_
+#define HEADERS_MODSECURITY_RULE_UNCONDITIONAL_H_
+
+#include "modsecurity/modsecurity.h"
+#include "modsecurity/variable_value.h"
+#include "modsecurity/rule.h"
+#include "modsecurity/rules_set.h"
+#include "modsecurity/rule_with_actions.h"
+#include "modsecurity/actions/action.h"
+
+#ifdef __cplusplus
+
+namespace modsecurity {
+
+
+class RuleUnconditional : public RuleWithActions {
+ public:
+    RuleUnconditional(
+        std::vector<actions::Action *> *actions,
+        Transformations *transformations,
+        std::unique_ptr<std::string> fileName,
+        int lineNumber)
+        : RuleWithActions(actions, transformations, std::move(fileName), lineNumber) { }
+
+    virtual bool evaluate(Transaction *transaction, std::shared_ptr<RuleMessage> ruleMessage) override;
+
+ private:
+};
+
+
+}  // namespace modsecurity
+
+#endif
+
+#endif  // HEADERS_MODSECURITY_RULE_UNCONDITIONAL_H_
@@ -45,6 +45,21 @@ class RuleWithActions : public Rule {
 
     ~RuleWithActions();
 
+    virtual bool evaluate(Transaction *transaction, std::shared_ptr<RuleMessage> ruleMessage) override;
+
+    virtual bool evaluate(Transaction *transaction) override;
+
+
+    void executeActionsIndependentOfChainedRuleResult(
+        Transaction *trasn,
+        bool *containsDisruptive,
+        std::shared_ptr<RuleMessage> ruleMessage);
+
+    void executeActionsAfterFullMatch(
+        Transaction *trasn,
+        bool containsDisruptive,
+        std::shared_ptr<RuleMessage> ruleMessage);
+
     void executeAction(Transaction *trans,
         bool containsBlock,
         std::shared_ptr<RuleMessage> ruleMessage,
@@ -63,10 +78,6 @@ class RuleWithActions : public Rule {
         std::string *path,
         int *nth) const;
 
-    void executeActionsIndependentOfChainedRuleResult(Transaction *trasn,
-        bool *b, std::shared_ptr<RuleMessage> ruleMessage);
-    void executeActionsAfterFullMatch(Transaction *trasn,
-        bool containsDisruptive, std::shared_ptr<RuleMessage> ruleMessage);
 
     std::vector<actions::Action *> getActionsByName(const std::string& name,
         Transaction *t);
@@ -95,6 +106,9 @@ class RuleWithActions : public Rule {
 
     int64_t m_ruleId;
 
+    std::unique_ptr<RuleWithActions> m_chainedRuleChild;
+    RuleWithActions *m_chainedRuleParent;
+
  private:
     /* actions */
     actions::Action *m_disruptiveAction;
@@ -118,4 +132,4 @@ class RuleWithActions : public Rule {
 #endif
 
 
-#endif  // HEADERS_MODSECURITY_RULE_WITH_ACTIONS_H_
+#endif  // HEADERS_MODSECURITY_RULE_WITH_ACTIONS_H_
@@ -62,23 +62,16 @@ class RuleWithOperator : public RuleWithActions {
         const std::string &value);
     static void cleanMatchedVars(Transaction *trasn);
 
-    inline bool isUnconditional() const { return m_operator == NULL; }
 
     std::string getOperatorName() const;
 
     virtual std::string getReference() override {
         return std::to_string(m_ruleId);
     }
 
-    std::unique_ptr<RuleWithOperator> m_chainedRuleChild;
-    RuleWithOperator *m_chainedRuleParent;
-
  private:
     modsecurity::variables::Variables *m_variables;
     operators::Operator *m_operator;
-
-
-    bool m_unconditional:1;
 };
 
 
 
@@ -43,6 +43,7 @@ pkginclude_HEADERS = \
 	../headers/modsecurity/modsecurity.h \
 	../headers/modsecurity/rule.h \
 	../headers/modsecurity/rule_marker.h \
+	../headers/modsecurity/rule_unconditional.h \
 	../headers/modsecurity/rule_with_actions.h \
 	../headers/modsecurity/rule_with_operator.h \
 	../headers/modsecurity/rules.h \
@@ -285,6 +286,7 @@ libmodsecurity_la_SOURCES = \
 	debug_log/debug_log_writer.cc \
 	run_time_string.cc \
 	rule.cc \
+	rule_unconditional.cc \
 	rule_with_actions.cc \
 	rule_with_operator.cc \
 	rule_message.cc \
 
@@ -24,7 +24,7 @@ namespace modsecurity {
 namespace operators {
 
 
-bool BeginsWith::evaluate(Transaction *transaction, RuleWithOperator *rule,
+bool BeginsWith::evaluate(Transaction *transaction, RuleWithActions *rule,
     const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
     std::string p(m_string->evaluate(transaction));
 
 
@@ -32,7 +32,7 @@ class BeginsWith : public Operator {
     explicit BeginsWith(std::unique_ptr<RunTimeString> param)
         : Operator("BeginsWith", std::move(param)) { }
 
-    bool evaluate(Transaction *transaction, RuleWithOperator *rule, const std::string &str,
+    bool evaluate(Transaction *transaction, RuleWithActions *rule, const std::string &str,
         std::shared_ptr<RuleMessage> ruleMessage) override;
 };
 
 
@@ -21,7 +21,7 @@
 namespace modsecurity {
 namespace operators {
 
-bool Contains::evaluate(Transaction *transaction, RuleWithOperator *rule,
+bool Contains::evaluate(Transaction *transaction, RuleWithActions *rule,
         const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
     std::string p(m_string->evaluate(transaction));
     size_t offset = input.find(p);
 
@@ -34,7 +34,7 @@ class Contains : public Operator {
     /** @ingroup ModSecurity_Operator */
     explicit Contains(std::unique_ptr<RunTimeString> param)
         : Operator("Contains", std::move(param)) { }
-    bool evaluate(Transaction *transaction, RuleWithOperator *rule,
+    bool evaluate(Transaction *transaction, RuleWithActions *rule,
         const std::string &str,
         std::shared_ptr<RuleMessage> ruleMessage) override;
 };
 
@@ -36,7 +36,7 @@ bool ContainsWord::acceptableChar(const std::string& a, size_t pos) {
     return true;
 }
 
-bool ContainsWord::evaluate(Transaction *transaction, RuleWithOperator *rule,
+bool ContainsWord::evaluate(Transaction *transaction, RuleWithActions *rule,
     const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
     std::string paramTarget(m_string->evaluate(transaction));
 
 
@@ -32,7 +32,7 @@ class ContainsWord : public Operator {
     explicit ContainsWord(std::unique_ptr<RunTimeString> param)
         : Operator("ContainsWord", std::move(param)) { }
 
-    bool evaluate(Transaction *transaction, RuleWithOperator *rule,
+    bool evaluate(Transaction *transaction, RuleWithActions *rule,
         const std::string &str,
         std::shared_ptr<RuleMessage> ruleMessage) override;
 
 
@@ -25,7 +25,7 @@ namespace modsecurity {
 namespace operators {
 
 
-bool DetectSQLi::evaluate(Transaction *t, RuleWithOperator *rule,
+bool DetectSQLi::evaluate(Transaction *t, RuleWithActions *rule,
     const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
     char fingerprint[8];
     int issqli;
 
@@ -32,7 +32,7 @@ class DetectSQLi : public Operator {
             m_match_message.assign("detected SQLi using libinjection.");
         }
 
-    bool evaluate(Transaction *t, RuleWithOperator *rule,
+    bool evaluate(Transaction *t, RuleWithActions *rule,
         const std::string& input,
         std::shared_ptr<RuleMessage> ruleMessage) override;
 };
 
@@ -25,7 +25,7 @@ namespace modsecurity {
 namespace operators {
 
 
-bool DetectXSS::evaluate(Transaction *t, RuleWithOperator *rule,
+bool DetectXSS::evaluate(Transaction *t, RuleWithActions *rule,
     const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
     int is_xss;
 
 
@@ -31,7 +31,7 @@ class DetectXSS : public Operator {
             m_match_message.assign("detected XSS using libinjection.");
         }
 
-    bool evaluate(Transaction *t, RuleWithOperator *rule,
+    bool evaluate(Transaction *t, RuleWithActions *rule,
         const std::string& input,
         std::shared_ptr<RuleMessage> ruleMessage) override;
 };
 
@@ -23,7 +23,7 @@ namespace modsecurity {
 namespace operators {
 
 
-bool EndsWith::evaluate(Transaction *transaction, RuleWithOperator *rule,
+bool EndsWith::evaluate(Transaction *transaction, RuleWithActions *rule,
     const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
     bool ret = false;
     std::string p(m_string->evaluate(transaction));
 
@@ -33,7 +33,7 @@ class EndsWith : public Operator {
         : Operator("EndsWith", std::move(param)) {
             m_couldContainsMacro = true;
         }
-    bool evaluate(Transaction *transaction, RuleWithOperator *rule,
+    bool evaluate(Transaction *transaction, RuleWithActions *rule,
         const std::string &str,
         std::shared_ptr<RuleMessage> ruleMessage) override;
 };
 
@@ -70,7 +70,7 @@ namespace operators {
 
 
 bool Operator::evaluateInternal(Transaction *transaction,
-    RuleWithOperator *rule, const std::string& a, std::shared_ptr<RuleMessage> rm) {
+    RuleWithActions *rule, const std::string& a, std::shared_ptr<RuleMessage> rm) {
     bool res = evaluate(transaction, rule, a, rm);
 
     if (m_negation) {
@@ -81,7 +81,7 @@ bool Operator::evaluateInternal(Transaction *transaction,
 }
 
 bool Operator::evaluateInternal(Transaction *transaction,
-    RuleWithOperator *rule, const std::string& a) {
+    RuleWithActions *rule, const std::string& a) {
     bool res = evaluate(transaction, rule, a);
 
     if (m_negation) {
 
@@ -111,24 +111,23 @@ class Operator {
         std::string key, std::string value);
 
     bool evaluateInternal(Transaction *t, const std::string& a);
-    bool evaluateInternal(Transaction *t, RuleWithOperator *rule,
+    bool evaluateInternal(Transaction *t, RuleWithActions *rule,
         const std::string& a);
-    bool evaluateInternal(Transaction *t, RuleWithOperator *rule,
+    bool evaluateInternal(Transaction *t, RuleWithActions *rule,
         const std::string& a, std::shared_ptr<RuleMessage> ruleMessage);
 
 
     virtual bool evaluate(Transaction *transaction, const std::string &str);
-    virtual bool evaluate(Transaction *transaction, RuleWithOperator *rule,
+    virtual bool evaluate(Transaction *transaction, RuleWithActions *rule,
         const std::string &str) {
         return evaluate(transaction, str);
     }
-    virtual bool evaluate(Transaction *transaction, RuleWithOperator *rule,
+    virtual bool evaluate(Transaction *transaction, RuleWithActions *rule,
         const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
         return evaluate(transaction, str);
     }
 
-    static void logOffset(std::shared_ptr<RuleMessage> ruleMessage,
-        int offset, int len) {
+    static void logOffset(std::shared_ptr<RuleMessage> ruleMessage, int offset, int len) {
         if (ruleMessage) {
             ruleMessage->m_reference.append("o"
                 + std::to_string(offset) + ","
 
@@ -81,7 +81,7 @@ void Pm::postOrderTraversal(acmp_btree_node_t *node) {
 }
 
 
-bool Pm::evaluate(Transaction *transaction, RuleWithOperator *rule,
+bool Pm::evaluate(Transaction *transaction, RuleWithActions *rule,
     const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
     int rc;
     ACMPT pt;
Original file line number	Diff line number	Diff line change
`@@ -73,6 +73,8 @@ class Rule {`
`73`	`73`	`m_phase(modsecurity::Phases::RequestHeadersPhase) {`
`74`	`74`	`}`
`75`	`75`
	`76`	`+ virtual bool evaluate(Transaction *transaction) = 0;`
	`77`	`+`
`76`	`78`	`virtual bool evaluate(Transaction *transaction,`
`77`	`79`	`std::shared_ptr<RuleMessage> rm) = 0;`
`78`	`80`
Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ bool ContainsWord::acceptableChar(const std::string& a, size_t pos) {`
`36`	`36`	`return true;`
`37`	`37`	`}`
`38`	`38`
`39`		`-bool ContainsWord::evaluate(Transaction transaction, RuleWithOperator rule,`
	`39`	`+bool ContainsWord::evaluate(Transaction transaction, RuleWithActions rule,`
`40`	`40`	`const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {`
`41`	`41`	`std::string paramTarget(m_string->evaluate(transaction));`
`42`	`42`
Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ class DetectSQLi : public Operator {`
`32`	`32`	`m_match_message.assign("detected SQLi using libinjection.");`
`33`	`33`	`}`
`34`	`34`
`35`		`- bool evaluate(Transaction t, RuleWithOperator rule,`
	`35`	`+ bool evaluate(Transaction t, RuleWithActions rule,`
`36`	`36`	`const std::string& input,`
`37`	`37`	`std::shared_ptr<RuleMessage> ruleMessage) override;`
`38`	`38`	`};`
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ class DetectXSS : public Operator {`
`31`	`31`	`m_match_message.assign("detected XSS using libinjection.");`
`32`	`32`	`}`
`33`	`33`
`34`		`- bool evaluate(Transaction t, RuleWithOperator rule,`
	`34`	`+ bool evaluate(Transaction t, RuleWithActions rule,`
`35`	`35`	`const std::string& input,`
`36`	`36`	`std::shared_ptr<RuleMessage> ruleMessage) override;`
`37`	`37`	`};`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ class EndsWith : public Operator {`
`33`	`33`	`: Operator("EndsWith", std::move(param)) {`
`34`	`34`	`m_couldContainsMacro = true;`
`35`	`35`	`}`
`36`		`- bool evaluate(Transaction transaction, RuleWithOperator rule,`
	`36`	`+ bool evaluate(Transaction transaction, RuleWithActions rule,`
`37`	`37`	`const std::string &str,`
`38`	`38`	`std::shared_ptr<RuleMessage> ruleMessage) override;`
`39`	`39`	`};`
Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,7 @@ void Pm::postOrderTraversal(acmp_btree_node_t *node) {`
`81`	`81`	`}`
`82`	`82`
`83`	`83`
`84`		`-bool Pm::evaluate(Transaction transaction, RuleWithOperator rule,`
	`84`	`+bool Pm::evaluate(Transaction transaction, RuleWithActions rule,`
`85`	`85`	`const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {`
`86`	`86`	`int rc;`
`87`	`87`	`ACMPT pt;`