Moves default actions to be part of the rules

zimmerle · zimmerle · commit 6c874721cf43 · 2021-07-19T15:01:01.000-03:00
diff --git a/CHANGES b/CHANGES
@@ -1,6 +1,16 @@
 v3.x.y - YYYY-MMM-DD (to be released)
 -------------------------------------
 
+  - Using std::shared_ptr instead of generates its own references counters
+    for Rules and related.
+    [@zimmerle]
+  - Better handle shared_pointers on messages aiming for better performance.
+    [@zimmerle]
+  - Better handle memory usage on transformations aiming for better
+    performance.
+    [@zimmerle]
+  - Coding refactoring on the Rule class. The Rule class is now refactored
+    into RuleWithOperator, RuleWithActions, and RuleUnconditional.
   - EXPERIMENTAL: Add new transformation call phpArgsNames
     [Issue #2387 - @marshal09]
 
diff --git a/headers/modsecurity/rules.h b/headers/modsecurity/rules.h
@@ -84,6 +84,8 @@ class Rules {
     std::shared_ptr<Rule> operator[](int index) const { return m_rules[index]; }
     std::shared_ptr<Rule> at(int index) const { return m_rules[index]; }
 
+    std::vector<std::shared_ptr<actions::Action> > m_defaultActions;
+
     std::vector<std::shared_ptr<Rule> > m_rules;
 };
 
diff --git a/headers/modsecurity/rules_set_properties.h b/headers/modsecurity/rules_set_properties.h
@@ -201,16 +201,6 @@ class RulesSetProperties {
     RulesSetProperties &operator =(const RulesSetProperties &r) = delete;
 
     ~RulesSetProperties() {
-        int i = 0;
-
-        for (i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
-            std::vector<std::shared_ptr<actions::Action> > *tmp = \
-                &m_defaultActions[i];
-            while (tmp->empty() == false) {
-                tmp->pop_back();
-            }
-        }
-
         delete m_debugLog;
         delete m_auditLog;
     }
@@ -410,16 +400,6 @@ class RulesSetProperties {
             to->m_responseBodyTypeToBeInspected.m_set = true;
         }
 
-        for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
-            std::vector<std::shared_ptr<actions::Action> > *actions_from = \
-                &from->m_defaultActions[i];
-            std::vector<std::shared_ptr<actions::Action> > *actions_to = \
-                &to->m_defaultActions[i];
-            for (size_t j = 0; j < actions_from->size(); j++) {
-                actions_to->push_back(actions_from->at(j));
-            }
-        }
-
         if (to->m_auditLog) {
             std::string error;
             to->m_auditLog->merge(from->m_auditLog, &error);
@@ -481,8 +461,6 @@ class RulesSetProperties {
     ConfigString m_uploadTmpDirectory;
     ConfigString m_secArgumentSeparator;
     ConfigString m_secWebAppId;
-    std::vector<std::shared_ptr<actions::Action> > \
-        m_defaultActions[modsecurity::Phases::NUMBER_OF_PHASES];
     ConfigUnicodeMap m_unicodeMapTable;
 };
 
diff --git a/src/actions/block.cc b/src/actions/block.cc
@@ -33,7 +33,7 @@ bool Block::evaluate(RuleWithActions *rule, Transaction *transaction,
     std::shared_ptr<RuleMessage> rm) {
     ms_dbg_a(transaction, 8, "Marking request as disruptive.");
 
-    for (auto &a : transaction->m_rules->m_defaultActions[rule->getPhase()]) {
+    for (auto &a : transaction->m_rules->m_rulesSetPhases[rule->getPhase()]->m_defaultActions) {
         if (a->isDisruptive() == false) {
             continue;
         }
diff --git a/src/parser/seclang-parser.cc b/src/parser/seclang-parser.cc
@@ -2437,7 +2437,7 @@ namespace yy {
             YYERROR;
         }
 
-        if (!driver.m_defaultActions[definedPhase].empty()) {
+        if (!driver.m_rulesSetPhases[definedPhase]->m_defaultActions.empty()) {
             std::stringstream ss;
             ss << "SecDefaultActions can only be placed once per phase and configuration context. Phase ";
             ss << secRuleDefinedPhase;
@@ -2447,7 +2447,7 @@ namespace yy {
         }
 
         for (actions::Action *a : checkedActions) {
-            driver.m_defaultActions[definedPhase].push_back(
+            driver.m_rulesSetPhases[definedPhase]->m_defaultActions.push_back(
                 std::unique_ptr<actions::Action>(a));
         }
 
diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy
@@ -1209,7 +1209,7 @@ expression:
             YYERROR;
         }
 
-        if (!driver.m_defaultActions[definedPhase].empty()) {
+        if (!driver.m_rulesSetPhases[definedPhase]->m_defaultActions.empty()) {
             std::stringstream ss;
             ss << "SecDefaultActions can only be placed once per phase and configuration context. Phase ";
             ss << secRuleDefinedPhase;
@@ -1219,7 +1219,7 @@ expression:
         }
 
         for (actions::Action *a : checkedActions) {
-            driver.m_defaultActions[definedPhase].push_back(
+            driver.m_rulesSetPhases[definedPhase]->m_defaultActions.push_back(
                 std::unique_ptr<actions::Action>(a));
         }
 
diff --git a/src/rule_with_actions.cc b/src/rule_with_actions.cc
@@ -222,7 +222,7 @@ void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans,
     bool containsBlock, std::shared_ptr<RuleMessage> ruleMessage) {
     bool disruptiveAlreadyExecuted = false;
 
-    for (auto &a : trans->m_rules->m_defaultActions[getPhase()]) {
+    for (auto &a : trans->m_rules->m_rulesSetPhases[getPhase()]->m_defaultActions) {
         if (a.get()->action_kind != actions::Action::RunTimeOnlyIfMatchKind) {
             continue;
         }
@@ -356,7 +356,7 @@ void RuleWithActions::executeTransformations(
     // Notice that first we make sure that won't be a t:none
     // on the target rule.
     if (none == 0) {
-        for (auto &a : trans->m_rules->m_defaultActions[getPhase()]) {
+        for (auto &a : trans->m_rules->m_rulesSetPhases[getPhase()]->m_defaultActions) {
             if (a->action_kind \
                 != actions::Action::RunTimeBeforeMatchAttemptKind) {
                 continue;
diff --git a/src/rules_set_phases.cc b/src/rules_set_phases.cc
@@ -61,6 +61,13 @@ int RulesSetPhases::append(RulesSetPhases *from, std::ostringstream *err) {
             return res;
         }
         amount_of_rules = amount_of_rules + res;
+
+        std::vector<std::shared_ptr<actions::Action> > *actions_from = &from->at(phase)->m_defaultActions;
+        std::vector<std::shared_ptr<actions::Action> > *actions_to = &at(phase)->m_defaultActions;
+
+        for (size_t j = 0; j < actions_from->size(); j++) {
+            actions_to->push_back(actions_from->at(j));
+        }
     }
 
     return amount_of_rules;

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ bool Block::evaluate(RuleWithActions rule, Transaction transaction,`
`33`	`33`	`std::shared_ptr<RuleMessage> rm) {`
`34`	`34`	`ms_dbg_a(transaction, 8, "Marking request as disruptive.");`
`35`	`35`
`36`		`- for (auto &a : transaction->m_rules->m_defaultActions[rule->getPhase()]) {`
	`36`	`+ for (auto &a : transaction->m_rules->m_rulesSetPhases[rule->getPhase()]->m_defaultActions) {`
`37`	`37`	`if (a->isDisruptive() == false) {`
`38`	`38`	`continue;`
`39`	`39`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2437,7 +2437,7 @@ namespace yy {`
`2437`	`2437`	`YYERROR;`
`2438`	`2438`	`}`
`2439`	`2439`
`2440`		`- if (!driver.m_defaultActions[definedPhase].empty()) {`
	`2440`	`+ if (!driver.m_rulesSetPhases[definedPhase]->m_defaultActions.empty()) {`
`2441`	`2441`	`std::stringstream ss;`
`2442`	`2442`	`ss << "SecDefaultActions can only be placed once per phase and configuration context. Phase ";`
`2443`	`2443`	`ss << secRuleDefinedPhase;`
`@@ -2447,7 +2447,7 @@ namespace yy {`
`2447`	`2447`	`}`
`2448`	`2448`
`2449`	`2449`	`for (actions::Action *a : checkedActions) {`
`2450`		`- driver.m_defaultActions[definedPhase].push_back(`
	`2450`	`+ driver.m_rulesSetPhases[definedPhase]->m_defaultActions.push_back(`
`2451`	`2451`	`std::unique_ptr<actions::Action>(a));`
`2452`	`2452`	`}`
`2453`	`2453`
Original file line number	Diff line number	Diff line change
`@@ -1209,7 +1209,7 @@ expression:`
`1209`	`1209`	`YYERROR;`
`1210`	`1210`	`}`
`1211`	`1211`
`1212`		`- if (!driver.m_defaultActions[definedPhase].empty()) {`
	`1212`	`+ if (!driver.m_rulesSetPhases[definedPhase]->m_defaultActions.empty()) {`
`1213`	`1213`	`std::stringstream ss;`
`1214`	`1214`	`ss << "SecDefaultActions can only be placed once per phase and configuration context. Phase ";`
`1215`	`1215`	`ss << secRuleDefinedPhase;`
`@@ -1219,7 +1219,7 @@ expression:`
`1219`	`1219`	`}`
`1220`	`1220`
`1221`	`1221`	`for (actions::Action *a : checkedActions) {`
`1222`		`- driver.m_defaultActions[definedPhase].push_back(`
	`1222`	`+ driver.m_rulesSetPhases[definedPhase]->m_defaultActions.push_back(`
`1223`	`1223`	`std::unique_ptr<actions::Action>(a));`
`1224`	`1224`	`}`
`1225`	`1225`
Original file line number	Diff line number	Diff line change
`@@ -61,6 +61,13 @@ int RulesSetPhases::append(RulesSetPhases from, std::ostringstream err) {`
`61`	`61`	`return res;`
`62`	`62`	`}`
`63`	`63`	`amount_of_rules = amount_of_rules + res;`
	`64`	`+`
	`65`	`+ std::vector<std::shared_ptr<actions::Action> > *actions_from = &from->at(phase)->m_defaultActions;`
	`66`	`+ std::vector<std::shared_ptr<actions::Action> > *actions_to = &at(phase)->m_defaultActions;`
	`67`	`+`
	`68`	`+ for (size_t j = 0; j < actions_from->size(); j++) {`
	`69`	`+ actions_to->push_back(actions_from->at(j));`
	`70`	`+ }`
`64`	`71`	`}`
`65`	`72`
`66`	`73`	`return amount_of_rules;`