Adds initial support to drop action

Author: Felipe Zimmerle

CHANGES

@@ -1,6 +1,8 @@
 v3.0.4 - YYYY-MMM-DD (to be released)
 -------------------------------------
 
+ - Adds initially support to the drop action.
+   [@zimmerle]
  - Complete merging of particular rule properties
    [Issue #1978 - @defanator]
  - Replaces AC_CHECK_FILE with 'test -f'

src/Makefile.am

@@ -121,6 +121,7 @@ ACTIONS = \
 	actions/ctl/request_body_access.cc\
 	actions/disruptive/allow.cc \
 	actions/disruptive/deny.cc \
+	actions/disruptive/drop.cc \
 	actions/disruptive/redirect.cc \
 	actions/disruptive/pass.cc \
 	actions/exec.cc \

src/actions/disruptive/drop.cc

@@ -0,0 +1,52 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "src/actions/disruptive/drop.h"
+
+#include <string.h>
+#include <iostream>
+#include <string>
+#include <cstring>
+#include <memory>
+
+#include "modsecurity/transaction.h"
+
+namespace modsecurity {
+namespace actions {
+namespace disruptive {
+
+
+bool Drop::evaluate(Rule *rule, Transaction *transaction,
+    std::shared_ptr<RuleMessage> rm) {
+    ms_dbg_a(transaction, 8, "Running action drop " \
+        "[executing deny instead of drop.]");
+
+    if (transaction->m_it.status == 200) {
+        transaction->m_it.status = 403;
+    }
+
+    transaction->m_it.disruptive = true;
+    intervention::freeLog(&transaction->m_it);
+    rm->m_isDisruptive = true;
+    transaction->m_it.log = strdup(
+        rm->log(RuleMessage::LogMessageInfo::ClientLogMessageInfo).c_str());
+
+    return true;
+}
+
+
+}  // namespace disruptive
+}  // namespace actions
+}  // namespace modsecurity

src/parser/location.hh

@@ -1,4 +1,4 @@
-// A Bison parser, made by GNU Bison 3.1.
+// A Bison parser, made by GNU Bison 3.2.
 
 // Locations for Bison parsers in C++
 
@@ -38,11 +38,144 @@
 #ifndef YY_YY_LOCATION_HH_INCLUDED
 # define YY_YY_LOCATION_HH_INCLUDED
 
-# include "position.hh"
+# include <algorithm> // std::max
+# include <iostream>
+# include <string>
+
+# ifndef YY_NULLPTR
+#  if defined __cplusplus
+#   if 201103L <= __cplusplus
+#    define YY_NULLPTR nullptr
+#   else
+#    define YY_NULLPTR 0
+#   endif
+#  else
+#   define YY_NULLPTR ((void*)0)
+#  endif
+# endif
 
 
 namespace yy {
-#line 46 "location.hh" // location.cc:290
+#line 60 "location.hh" // location.cc:339
+  /// Abstract a position.
+  class position
+  {
+  public:
+    /// Construct a position.
+    explicit position (std::string* f = YY_NULLPTR,
+                       unsigned l = 1u,
+                       unsigned c = 1u)
+      : filename (f)
+      , line (l)
+      , column (c)
+    {}
+
+
+    /// Initialization.
+    void initialize (std::string* fn = YY_NULLPTR,
+                     unsigned l = 1u,
+                     unsigned c = 1u)
+    {
+      filename = fn;
+      line = l;
+      column = c;
+    }
+
+    /** \name Line and Column related manipulators
+     ** \{ */
+    /// (line related) Advance to the COUNT next lines.
+    void lines (int count = 1)
+    {
+      if (count)
+        {
+          column = 1u;
+          line = add_ (line, count, 1);
+        }
+    }
+
+    /// (column related) Advance to the COUNT next columns.
+    void columns (int count = 1)
+    {
+      column = add_ (column, count, 1);
+    }
+    /** \} */
+
+    /// File name to which this position refers.
+    std::string* filename;
+    /// Current line number.
+    unsigned line;
+    /// Current column number.
+    unsigned column;
+
+  private:
+    /// Compute max (min, lhs+rhs).
+    static unsigned add_ (unsigned lhs, int rhs, int min)
+    {
+      return static_cast<unsigned> (std::max (min,
+                                              static_cast<int> (lhs) + rhs));
+    }
+  };
+
+  /// Add \a width columns, in place.
+  inline position&
+  operator+= (position& res, int width)
+  {
+    res.columns (width);
+    return res;
+  }
+
+  /// Add \a width columns.
+  inline position
+  operator+ (position res, int width)
+  {
+    return res += width;
+  }
+
+  /// Subtract \a width columns, in place.
+  inline position&
+  operator-= (position& res, int width)
+  {
+    return res += -width;
+  }
+
+  /// Subtract \a width columns.
+  inline position
+  operator- (position res, int width)
+  {
+    return res -= width;
+  }
+
+  /// Compare two position objects.
+  inline bool
+  operator== (const position& pos1, const position& pos2)
+  {
+    return (pos1.line == pos2.line
+            && pos1.column == pos2.column
+            && (pos1.filename == pos2.filename
+                || (pos1.filename && pos2.filename
+                    && *pos1.filename == *pos2.filename)));
+  }
+
+  /// Compare two position objects.
+  inline bool
+  operator!= (const position& pos1, const position& pos2)
+  {
+    return !(pos1 == pos2);
+  }
+
+  /** \brief Intercept output stream redirection.
+   ** \param ostr the destination output stream
+   ** \param pos a reference to the position to redirect
+   */
+  template <typename YYChar>
+  std::basic_ostream<YYChar>&
+  operator<< (std::basic_ostream<YYChar>& ostr, const position& pos)
+  {
+    if (pos.filename)
+      ostr << *pos.filename << ':';
+    return ostr << pos.line << '.' << pos.column;
+  }
+
   /// Abstract a location.
   class location
   {
@@ -185,5 +318,5 @@ namespace yy {
 
 
 } // yy
-#line 189 "location.hh" // location.cc:290
+#line 322 "location.hh" // location.cc:339
 #endif // !YY_YY_LOCATION_HH_INCLUDED