Skip to content

re-integrated remove redundant actions #3518

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
JonathanBerrew wants to merge 1 commit into
base: v2/master
Choose a base branch
from
+40 −3
Open

re-integrated remove redundant actions #3518

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 40 additions & 3 deletions apache2/re.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -986,12 +986,47 @@
return action;
}

// Return 1 if "name=value" is present in table (for supplied action)
static int apr_table_action_exists(apr_pool_t* p, const apr_table_t* vartable, const char* action, const char* name, const char* value) {
if (strcmp(name, action) != 0) return 0;

const char* vars = apr_table_getm(p, vartable, name);
if (!vars) return 0;

char pattern[200];
sprintf(pattern, "(?:^|,)%.185s(?:,|$)", value);

const char* errptr = NULL;
int erroffset;
const pcre* regex = pcre_compile(pattern, 0, &errptr, &erroffset, NULL);

Check failure on line 1001 in apache2/re.c

View workflow job for this annotation

GitHub Actions / build (x86, Release) 

you cannot dereference an operand of type 'int' [D:\a\ModSecurity\ModSecurity\iis\build\modsecurityiis.vcxproj]

Check failure on line 1001 in apache2/re.c

View workflow job for this annotation

GitHub Actions / build (x86, Release) 

'regex': undeclared identifier [D:\a\ModSecurity\ModSecurity\iis\build\modsecurityiis.vcxproj]

Check failure on line 1001 in apache2/re.c

View workflow job for this annotation

GitHub Actions / build (x86, Release) 

syntax error: missing ';' before '*' [D:\a\ModSecurity\ModSecurity\iis\build\modsecurityiis.vcxproj]

Check failure on line 1001 in apache2/re.c

View workflow job for this annotation

GitHub Actions / build (x64, Release) 

you cannot dereference an operand of type 'int' [D:\a\ModSecurity\ModSecurity\iis\build\modsecurityiis.vcxproj]

Check failure on line 1001 in apache2/re.c

View workflow job for this annotation

GitHub Actions / build (x64, Release) 

'regex': undeclared identifier [D:\a\ModSecurity\ModSecurity\iis\build\modsecurityiis.vcxproj]

Check failure on line 1001 in apache2/re.c

View workflow job for this annotation

GitHub Actions / build (x64, Release) 

syntax error: missing ';' before '*' [D:\a\ModSecurity\ModSecurity\iis\build\modsecurityiis.vcxproj]
return !pcre_exec(regex, NULL, vars, strlen(vars), 0, 0, 0, 0);

Check failure on line 1002 in apache2/re.c

View workflow job for this annotation

GitHub Actions / build (x86, Release) 

'regex': undeclared identifier [D:\a\ModSecurity\ModSecurity\iis\build\modsecurityiis.vcxproj]

Check failure on line 1002 in apache2/re.c

View workflow job for this annotation

GitHub Actions / build (x64, Release) 

'regex': undeclared identifier [D:\a\ModSecurity\ModSecurity\iis\build\modsecurityiis.vcxproj]
}

// Return 1 if "name=value" is present in table for tags, logdata (and others)
static int action_exists(apr_pool_t* p, const apr_table_t* vartable, const char* name, const char* value) {
if (apr_table_action_exists(p, vartable, "capture", name, value)) return 1;
if (apr_table_action_exists(p, vartable, "chain", name, value)) return 1;
if (apr_table_action_exists(p, vartable, "initcol", name, value)) return 1;
if (apr_table_action_exists(p, vartable, "logdata", name, value)) return 1;
if (apr_table_action_exists(p, vartable, "multiMatch", name, value)) return 1;
if (apr_table_action_exists(p, vartable, "sanitiseArg", name, value)) return 1;
if (apr_table_action_exists(p, vartable, "sanitiseMatched", name, value)) return 1;
if (apr_table_action_exists(p, vartable, "sanitiseMatchedBytes", name, value)) return 1;
if (apr_table_action_exists(p, vartable, "sanitiseRequestHeader", name, value)) return 1;
if (apr_table_action_exists(p, vartable, "sanitiseResponseHeader", name, value)) return 1;
if (apr_table_action_exists(p, vartable, "setrsc", name, value)) return 1;
if (apr_table_action_exists(p, vartable, "setsid", name, value)) return 1;
if (apr_table_action_exists(p, vartable, "setuid", name, value)) return 1;
if (apr_table_action_exists(p, vartable, "tag", name, value)) return 1;
return 0;
}

/**
* Generic parser that is used as basis for target and action parsing.
* It breaks up the input string into name-parameter pairs and places
* them into the given table.
*/
int msre_parse_generic(apr_pool_t *mp, const char *text, apr_table_t *vartable,

Check failure on line 1029 in apache2/re.c

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Refactor this function to reduce its Cognitive Complexity from 58 to the 25 allowed. 


See more on https://sonarcloud.io/project/issues?id=owasp-modsecurity_ModSecurity&issues=AZ0Bnmhv7o15W-M7xHZi&open=AZ0Bnmhv7o15W-M7xHZi&pullRequest=3518
char **error_msg)
{
char *p = (char *)text;
Expand Down Expand Up @@ -1103,9 +1138,11 @@
value = apr_pstrmemdup(mp, value, p - value);
}

/* add to table */
apr_table_addn(vartable, name, value);
count++;
/* add to table (only if not already present) */
if (!action_exists(mp, vartable, name, value)) {
apr_table_addn(vartable, name, value);
count++;
}

/* move to the first character of the next name-value pair */
while(isspace(*p)||(*p == ',')||(*p == '|')) p++;
Expand Down
Loading