Yet another refactoring in Rule

Author: zimmerle

headers/modsecurity/rule.h

@@ -56,11 +56,19 @@ using TransformationResult = std::pair<std::shared_ptr<std::string>,
     std::shared_ptr<std::string>>;
 using TransformationResults = std::list<TransformationResult>;
 
+using Transformation = actions::transformations::Transformation;
+using Transformations = std::vector<Transformation *>;
+
+using Tags = std::vector<actions::Tag *>;
+using SetVars = std::vector<actions::SetVar *>;
+using MatchActions = std::vector<actions::Action *>;
+
 class Rule {
  public:
-    Rule(operators::Operator *_op,
-            variables::Variables *_variables,
-            std::vector<actions::Action *> *_actions,
+    Rule(operators::Operator *op,
+            variables::Variables *variables,
+            std::vector<actions::Action *> *actions,
+            Transformations *transformations,
             std::unique_ptr<std::string> fileName,
             int lineNumber);
     explicit Rule(const std::string &marker);
@@ -108,37 +116,67 @@ class Rule {
         int *nth) const;
 
 
-    actions::Action *m_theDisruptiveAction;
-    actions::LogData *m_logData;
-    actions::Msg *m_msg;
-    actions::Severity *m_severity;
-    bool m_chained;
-    bool m_containsCaptureAction;
-    bool m_containsMultiMatchAction;
-    bool m_containsStaticBlockAction;
-    bool m_secMarker;
+
+    inline bool isUnconditional() const { return m_operator == NULL; }
+
+    virtual bool isMarker() { return m_isSecMarker; }
+
+    inline bool isChained() const { return m_isChained == true; }
+    inline bool hasCaptureAction() const { return m_containsCaptureAction == true; }
+    inline void setChained(bool b) { m_isChained = b; }
+    inline bool hasDisruptiveAction() const { return m_disruptiveAction != NULL; }
+
+
+    inline bool hasLogData() const { return m_logData != NULL; }
+    std::string logData(Transaction *t);
+    inline bool hasMsg() const { return m_msg != NULL; }
+    std::string msg(Transaction *t);
+    inline bool hasSeverity() const { return m_severity != NULL; }
+    int severity() const;
+    int getPhase() const { return m_phase; }
+    void setPhase(int phase) { m_phase = phase; }
+
+    std::string getOperatorName() const;
+
     int64_t m_ruleId;
-    int m_accuracy;
-    int m_lineNumber;
-    int m_maturity;
-    int m_phase;
-    modsecurity::variables::Variables *m_variables;
-    operators::Operator *m_op;
     std::unique_ptr<Rule> m_chainedRuleChild;
     Rule *m_chainedRuleParent;
+
     std::shared_ptr<std::string> m_fileName;
+
     std::string m_marker;
     std::string m_rev;
     std::string m_ver;
-    std::vector<actions::Action *> m_actionsRuntimePos;
-    std::vector<actions::Action *> m_actionsRuntimePre;
-    std::vector<actions::SetVar *> m_actionsSetVar;
-    std::vector<actions::Tag *> m_actionsTag;
+    int m_accuracy;
+    int m_maturity;
+    int m_lineNumber;
 
  private:
-    bool m_unconditional;
-};
+    modsecurity::variables::Variables *m_variables;
+    operators::Operator *m_operator;
+
+    /* actions */
+    actions::Action *m_disruptiveAction;
+    actions::LogData *m_logData;
+    actions::Msg *m_msg;
+    actions::Severity *m_severity;
+    MatchActions m_actionsRuntimePos;
+    SetVars m_actionsSetVar;
+    Tags m_actionsTag;
+
+    /* actions > transformations */
+    Transformations m_transformations;
 
+    bool m_containsCaptureAction:1;
+    bool m_containsMultiMatchAction:1;
+    bool m_containsStaticBlockAction:1;
+    bool m_isChained:1;
+    bool m_isSecMarker:1;
+    bool m_unconditional:1;
+
+    int m_phase;
+
+};
 
 }  // namespace modsecurity
 #endif

headers/modsecurity/rule_message.h

@@ -51,7 +51,7 @@ class RuleMessage {
         m_maturity(rule->m_maturity),
         m_message(""),
         m_noAuditLog(false),
-        m_phase(rule->m_phase - 1),
+        m_phase(rule->getPhase() - 1),
         m_reference(""),
         m_rev(rule->m_rev),
         m_rule(rule),

headers/modsecurity/rules_set_phases.h

@@ -39,17 +39,18 @@ class Rule;
 /** @ingroup ModSecurity_CPP_API */
 class RulesSetPhases {
  public:
-    ~RulesSetPhases();
 
     bool insert(std::shared_ptr<Rule> rule);
 
     int append(RulesSetPhases *from, std::ostringstream *err);
     void dump() const;
 
-    Rules *operator[](int index) { return &m_rules[index]; }
-    Rules *at(int index) { return &m_rules[index]; }
+    Rules *operator[](int index) { return &m_rulesAtPhase[index]; }
+    Rules *at(int index) { return &m_rulesAtPhase[index]; }
+
+ private:
+    Rules m_rulesAtPhase[8];
 
-    Rules m_rules[8];
 };
 
 

src/actions/block.cc

@@ -33,7 +33,7 @@ bool Block::evaluate(Rule *rule, Transaction *transaction,
     std::shared_ptr<RuleMessage> rm) {
     ms_dbg_a(transaction, 8, "Marking request as disruptive.");
 
-    for (auto &a : transaction->m_rules->m_defaultActions[rule->m_phase]) {
+    for (auto &a : transaction->m_rules->m_defaultActions[rule->getPhase()]) {
         if (a->isDisruptive() == false) {
             continue;
         }

src/actions/chain.cc

@@ -26,7 +26,7 @@ namespace actions {
 
 
 bool Chain::evaluate(Rule *rule, Transaction *transaction) {
-    rule->m_chained = true;
+    rule->setChained(true);
     return true;
 }
 

src/actions/phase.cc

@@ -73,7 +73,7 @@ bool Phase::init(std::string *error) {
 
 
 bool Phase::evaluate(Rule *rule, Transaction *transaction) {
-    rule->m_phase = m_phase;
+    rule->setPhase(m_phase);
     return true;
 }
 

src/operators/detect_sqli.cc

@@ -38,7 +38,7 @@ bool DetectSQLi::evaluate(Transaction *t, Rule *rule,
             ms_dbg_a(t, 4, "detected SQLi using libinjection with " \
                 "fingerprint '" + std::string(fingerprint) + "' at: '" +
                 input + "'");
-            if (rule && t && rule->m_containsCaptureAction) {
+            if (rule && t && rule->hasCaptureAction()) {
                 t->m_collections.m_tx_collection->storeOrUpdateFirst(
                     "0", std::string(fingerprint));
                 ms_dbg_a(t, 7, "Added DetectSQLi match TX.0: " + \

src/operators/detect_xss.cc

@@ -34,7 +34,7 @@ bool DetectXSS::evaluate(Transaction *t, Rule *rule,
     if (t) {
         if (is_xss) {
             ms_dbg_a(t, 5, "detected XSS using libinjection.");
-            if (rule && t && rule->m_containsCaptureAction) {
+            if (rule && t && rule->hasCaptureAction()) {
                 t->m_collections.m_tx_collection->storeOrUpdateFirst(
                     "0", std::string(input));
                 ms_dbg_a(t, 7, "Added DetectXSS match TX.0: " + \

src/operators/pm.cc

@@ -97,16 +97,16 @@ bool Pm::evaluate(Transaction *transaction, Rule *rule,
 #endif
 
     if (rc >= 0 && transaction) {
-        std::string match_(match);
+        std::string match_(match?match:"");
         logOffset(ruleMessage, rc - match_.size() + 1, match_.size());
         transaction->m_matched.push_back(match_);
-    }
 
-    if (rule && rule->m_containsCaptureAction && transaction && rc >= 0) {
-        transaction->m_collections.m_tx_collection->storeOrUpdateFirst("0",
-            std::string(match));
-        ms_dbg_a(transaction, 7, "Added pm match TX.0: " + \
-            std::string(match));
+        if (rule && rule->hasCaptureAction()) {
+            transaction->m_collections.m_tx_collection->storeOrUpdateFirst("0",
+                match_);
+            ms_dbg_a(transaction, 7, "Added pm match TX.0: " + \
+                match_);
+        }
     }
 
     return rc >= 0;

src/operators/rbl.cc

@@ -226,7 +226,7 @@ bool Rbl::evaluate(Transaction *t, Rule *rule,
     furtherInfo(sin, ipStr, t, m_provider);
 
     freeaddrinfo(info);
-    if (rule && t && rule->m_containsCaptureAction) {
+    if (rule && t && rule->hasCaptureAction()) {
         t->m_collections.m_tx_collection->storeOrUpdateFirst(
         "0", std::string(ipStr));
         ms_dbg_a(t, 7, "Added RXL match TX.0: " + \