Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New operator verifySVNR that finds Austrian social security numbers #2063

Closed
wants to merge 10 commits into from
Closed

New operator verifySVNR that finds Austrian social security numbers #2063

wants to merge 10 commits into from

Conversation

Rufus125
Copy link
Contributor

@Rufus125 Rufus125 commented Apr 6, 2019
edited
Loading

Relates to #2062
I also created some tests and a PR, therefore the travis build will fail: owasp-modsecurity/secrules-language-tests#5

@Rufus125 Rufus125 mentioned this pull request Apr 6, 2019
Merged
@zimmerle zimmerle self-requested a review April 6, 2019 16:52
@victorhora victorhora added 3.x Related to ModSecurity version 3.x new feature This is a new feature pr available labels Apr 9, 2019
@victorhora victorhora added this to the v3.0.4 milestone Apr 9, 2019
@zimmerle
Copy link
Contributor

Hi @Rufus125,

Thank you for your contribution. Instead of merging the requested branch, I am picking commit by commit in order to keep our tree as clean as possible.

For instance, I've just merged bb56288 into the tree, not actually related to the pull request, yet a valid contribution.

zimmerle
zimmerle suggested changes May 29, 2019
View reviewed changes
src/operators/verify_svnr.h
~VerifySVNR() {
delete m_re;
}
bool evaluate(Transaction *transaction, Rule *rule,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You do not need to specify those here. VerifySVNR inherit from Operator which already contains code to do exactly the same -

https://github.com/SpiderLabs/ModSecurity/blob/6d266fae8549ac425ded31692f6d7766ca0bdc72/src/operators/operator.h#L121

It is safe to remove this evaluate declaration. It is better to remove, so we will have a cleaner code in case of a refactoring or major change.

src/operators/verify_svnr.h
const std::string &input) override {
return evaluate(transaction, NULL, input, NULL);
}
bool evaluate(Transaction *transaction,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same for the evaluate above. No need to co-exist here.

src/operators/verify_svnr.h
const std::string& input,
std::shared_ptr<RuleMessage> ruleMessage) override;

int convert_to_int(const char c);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Those could be private. Their usage is restricted to the very own class.

test/test-cases/regression/operator-verifysvnr.json Outdated
@@ -0,0 +1,46 @@
[
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thumbs up for the test case :) that really speed up my review. Thank you.

src/operators/verify_svnr.cc Outdated
}

for (i = 0; i < input.size() - 1; i++) {
printf ("Decimal i: %d\n", i);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Although that is a very useful debug information, it may not a good idea for production I would consider removing it.

src/operators/verify_svnr.cc
namespace modsecurity {
namespace operators {

int VerifySVNR::convert_to_int(const char c)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see that this function is also used in verify cpf. It seems to me that in a further step, we can move it to utils and make both to share the same base code.

Not need to be done now, that could be an optimization.

test/test-cases/regression/operator-verifysvnr.json Outdated
{
"enabled":1,
"version_min":300000,
"title":"Testing Operator :: @verifysvnr (1/2)",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would be 1 of 1.

zimmerle added a commit that referenced this pull request May 30, 2019
@zimmerle
CHANGES: Adds info about #2063
7e8782d
@zimmerle
Copy link
Contributor

Hi @Rufus125,

I've made all the changes that I have suggested on the review and merged the patch. Do you mind to double check to see if I am not missing something?

Thank you!

@zimmerle zimmerle closed this May 30, 2019
vladbukin pushed a commit to vladbukin/ModSecurity that referenced this pull request Apr 12, 2022
@zimmerle @vladbukin
CHANGES: Adds info about owasp-modsecurity#2063
c604833
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zimmerle zimmerle zimmerle requested changes

Assignees

@zimmerle zimmerle

@victorhora victorhora

Labels
3.x Related to ModSecurity version 3.x new feature This is a new feature pr available
Projects
None yet
Milestone
v3.1.0
Development

Successfully merging this pull request may close these issues.
3 participants
@Rufus125 @zimmerle @victorhora