From 08f9a7fcb3d0ab34d214346c3f23d60c7e280454 Mon Sep 17 00:00:00 2001 From: Robert Paprocki Date: Mon, 9 Apr 2018 13:35:35 -0700 Subject: [PATCH 1/2] Optimize duplicate rule ID check Replace an exponential search function with a stl set search. --- headers/modsecurity/rules_properties.h | 27 ++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/headers/modsecurity/rules_properties.h b/headers/modsecurity/rules_properties.h index 5f095d8659..999be333b3 100644 --- a/headers/modsecurity/rules_properties.h +++ b/headers/modsecurity/rules_properties.h @@ -273,7 +273,7 @@ class RulesProperties { std::ostringstream *err) { int amount_of_rules = 0; - amount_of_rules = appendRules(from->m_rules, to->m_rules, err); + amount_of_rules = appendRules(from, to, err); if (amount_of_rules < 0) { return amount_of_rules; } @@ -426,20 +426,22 @@ class RulesProperties { static int appendRules( - std::vector *from, - std::vector *to, + RulesProperties *from, + RulesProperties *to, std::ostringstream *err) { + std::vector *from_rules = from->m_rules; + std::vector *to_rules = to->m_rules; int amount_of_rules = 0; for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) { - std::vector *rules_to = to+i; - std::vector *rules_from = from+i; + std::vector *rules_to = to_rules+i; + std::vector *rules_from = from_rules+i; for (size_t j = 0; j < rules_from->size(); j++) { Rule *rule = rules_from->at(j); - for (size_t z = 0; z < rules_to->size(); z++) { - Rule *rule_ckc = rules_to->at(z); - if (rule_ckc->m_ruleId == rule->m_ruleId && - rule_ckc->m_secMarker == false && - rule->m_secMarker == false) { + bool do_check = rule->m_secMarker == false; + + if (do_check) { + std::set::iterator it = to->m_ruleIds.find(rule->m_ruleId); + if (it != to->m_ruleIds.end()) { if (err != NULL) { *err << "Rule id: " \ << std::to_string(rule->m_ruleId) \ @@ -448,9 +450,13 @@ class RulesProperties { return -1; } } + amount_of_rules++; rules_to->push_back(rule); rule->refCountIncrease(); + + if (do_check) + to->m_ruleIds.insert(rule->m_ruleId); } } return amount_of_rules; @@ -492,6 +498,7 @@ class RulesProperties { ConfigString m_secWebAppId; std::vector m_defaultActions[8]; std::vector m_rules[8]; + std::set m_ruleIds; ConfigUnicodeMap m_unicodeMapTable; }; From 197eab2209a491ad03660484a68319592ba1b69e Mon Sep 17 00:00:00 2001 From: Robert Paprocki Date: Wed, 11 Apr 2018 15:18:05 -0700 Subject: [PATCH 2/2] Replace set with unordered set --- headers/modsecurity/rules_properties.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/headers/modsecurity/rules_properties.h b/headers/modsecurity/rules_properties.h index 999be333b3..5e13dc47cf 100644 --- a/headers/modsecurity/rules_properties.h +++ b/headers/modsecurity/rules_properties.h @@ -21,6 +21,7 @@ #include #include #include +#include #endif @@ -440,7 +441,9 @@ class RulesProperties { bool do_check = rule->m_secMarker == false; if (do_check) { - std::set::iterator it = to->m_ruleIds.find(rule->m_ruleId); + std::unordered_set::iterator it = + to->m_ruleIds.find(rule->m_ruleId); + if (it != to->m_ruleIds.end()) { if (err != NULL) { *err << "Rule id: " \ @@ -498,7 +501,7 @@ class RulesProperties { ConfigString m_secWebAppId; std::vector m_defaultActions[8]; std::vector m_rules[8]; - std::set m_ruleIds; + std::unordered_set m_ruleIds; ConfigUnicodeMap m_unicodeMapTable; };