/*

* ModSecurity for Apache 2.x, http://www.modsecurity.org/

* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)

*

* You may not use this file except in compliance with

* the License.  You may obtain a copy of the License at

*

*     http://www.apache.org/licenses/LICENSE-2.0

*

* If any of the files related to licensing are missing or if you have any

* other questions related to licensing please contact Trustwave Holdings, Inc.

* directly using the email address security@modsecurity.org.

*/

#include "re.h"

#include <ctype.h>

#include "apr_lib.h"

#include "apr_strmatch.h"

/**

 * Register action with the engine.

 */

static void msre_engine_action_register(msre_engine *engine, const char *name,

    unsigned int type, unsigned int argc_min, unsigned int argc_max,

    unsigned int allow_param_plusminus, unsigned int cardinality,

    unsigned int cardinality_group, fn_action_validate_t validate,

    fn_action_init_t init, fn_action_execute_t execute)

{

    msre_action_metadata *metadata = (msre_action_metadata *)apr_pcalloc(engine->mp,

        sizeof(msre_action_metadata));

    if (metadata == NULL) return;

    metadata->name = name;

    metadata->type = type;

    metadata->argc_min = argc_min;

    metadata->argc_max = argc_max;

    metadata->allow_param_plusminus = allow_param_plusminus;

    metadata->cardinality = cardinality;

    metadata->cardinality_group = cardinality_group;

    metadata->validate = validate;

    metadata->init = init;

    metadata->execute = execute;

    apr_table_setn(engine->actions, name, (void *)metadata);

}

/**

 * Generates a single variable (from the supplied metadata).

 */

msre_var *generate_single_var(modsec_rec *msr, msre_var *var, apr_array_header_t *tfn_arr,

    msre_rule *rule, apr_pool_t *mptmp)

{

    apr_table_t *vartab = NULL;

    const apr_table_entry_t *te = NULL;

    const apr_array_header_t *arr = NULL;

    msre_var *rvar = NULL;

    int i;

    /* Sanity check. */

    if ((var == NULL)||(var->metadata == NULL)||(var->metadata->generate == NULL)) return NULL;

    vartab = apr_table_make(mptmp, 16);

    var->metadata->generate(msr, var, rule, vartab, mptmp);

    arr = apr_table_elts(vartab);

    if (arr->nelts == 0) return NULL;

    te = (apr_table_entry_t *)arr->elts;

    rvar = (msre_var *)te[0].val;

    /* Return straight away if there were no

     * transformation functions supplied.

     */

    if ((tfn_arr == NULL)||(tfn_arr->nelts == 0)) {

        return rvar;

    }

    /* Copy the value so that we can transform it in place. */

    rvar->value = apr_pstrndup(mptmp, rvar->value, rvar->value_len);

    /* Transform rvar in a loop. */

    for (i = 0; i < tfn_arr->nelts; i++) {

        msre_tfn_metadata *tfn = ((msre_tfn_metadata **)tfn_arr->elts)[i];

        char *rval;

        int rc;

        long int rval_len;

        rc = tfn->execute(mptmp, (unsigned char *)rvar->value,

                    rvar->value_len, &rval, &rval_len);

        rvar->value = rval;

        rvar->value_len = rval_len;

        if (msr->txcfg->debuglog_level >= 9) {

            msr_log(msr, 9, "T (%d) %s: \"%s\"", rc, tfn->name,

                log_escape_nq_ex(mptmp, rvar->value, rvar->value_len));

        }

    }

    return rvar;

}

#if defined(WITH_LUA)

/**

 *

 */

apr_table_t *generate_multi_var(modsec_rec *msr, msre_var *var, apr_array_header_t *tfn_arr,

    msre_rule *rule, apr_pool_t *mptmp)

{

    const apr_array_header_t *tarr;

    const apr_table_entry_t *telts;

    apr_table_t *vartab = NULL, *tvartab = NULL;

    msre_var *rvar = NULL;

    int i, j;

    /* Sanity check. */

    if ((var == NULL)||(var->metadata == NULL)||(var->metadata->generate == NULL)) return NULL;

    /* Generate variables. */

    vartab = apr_table_make(mptmp, 16);

    var->metadata->generate(msr, var, rule, vartab, mptmp);

    /* Return straight away if there were no

     * transformation functions supplied.

     */

    if ((tfn_arr == NULL)||(tfn_arr->nelts == 0)) {

        return vartab;

    }

    tvartab = apr_table_make(mptmp, 16);

    tarr = apr_table_elts(vartab);

    telts = (const apr_table_entry_t*)tarr->elts;

    for (j = 0; j < tarr->nelts; j++) {

        rvar = (msre_var *)telts[j].val;

        /* Copy the value so that we can transform it in place. */

        rvar->value = apr_pstrndup(mptmp, rvar->value, rvar->value_len);

        /* Transform rvar in a loop. */

        for (i = 0; i < tfn_arr->nelts; i++) {

            msre_tfn_metadata *tfn = ((msre_tfn_metadata **)tfn_arr->elts)[i];

            char *rval;

            int rc;

            long int rval_len;

            rc = tfn->execute(mptmp, (unsigned char *)rvar->value,

                rvar->value_len, &rval, &rval_len);

            rvar->value = rval;

            rvar->value_len = rval_len;

            if (msr->txcfg->debuglog_level >= 9) {

                msr_log(msr, 9, "T (%d) %s: \"%s\"", rc, tfn->name,

                    log_escape_nq_ex(mptmp, rvar->value, rvar->value_len));

            }

        }

        apr_table_addn(tvartab, rvar->name, (void *)rvar);

    }

    return tvartab;

}

#endif

/**

 * Expands macros ("%{NAME}" entities) if present

 * in the given variable.

 */

int expand_macros(modsec_rec *msr, msc_string *var, msre_rule *rule, apr_pool_t *mptmp) {

    char *data = NULL;

    apr_array_header_t *arr = NULL;

    char *p = NULL, *q = NULL, *t = NULL;

    char *text_start = NULL, *next_text_start = NULL;

    msc_string *part = NULL;

    int i, offset = 0;

    if (var->value == NULL) return 0;

    /* IMP1 Duplicate the string and create the array on

     *      demand, thus not having to do it if there are

     *      no macros in the input data.

     */

    data = apr_pstrdup(mptmp, var->value); /* IMP1 Are we modifying data anywhere? */

    arr = apr_array_make(mptmp, 16, sizeof(msc_string *));

    if ((data == NULL)||(arr == NULL)) return -1;

    text_start = next_text_start = data;

    do {

        text_start = next_text_start;

        p = strstr(text_start, "%");

        if (p != NULL) {

            char *var_name = NULL;

            char *var_value = NULL;

            if ((*(p + 1) == '{')&&(*(p + 2) != '\0')) {

                char *var_start = p + 2;

                t = var_start;

                while((*t != '\0')&&(*t != '}')) t++;

                if (*t == '}') {

                    /* Named variable. */

                    var_name = apr_pstrmemdup(mptmp, var_start, t - var_start);

                    q = strstr(var_name, ".");

                    if (q != NULL) {

                        var_value = q + 1;

                        *q = '\0';

                    }

                    next_text_start = t + 1; /* *t was '}' */

                } else {

                    /* Warn about a possiblly forgotten '}' */

                    if (msr->txcfg->debuglog_level >= 9) {

                        msr_log(msr, 9, "Warning: Possibly unterminated macro: \"%s\"",

                            log_escape_ex(mptmp, var_start - 2, t - var_start + 2));

                    }

                    next_text_start = t; /* *t was '\0' */

                }

            }

            if (var_name != NULL) {

                char *my_error_msg = NULL;

                msre_var *var_generated = NULL;

                msre_var *var_resolved = NULL;

                /* Add the text part before the macro to the array. */

                part = (msc_string *)apr_pcalloc(mptmp, sizeof(msc_string));

                if (part == NULL) return -1;

                part->value_len = p - text_start;

                part->value = apr_pstrmemdup(mptmp, text_start, part->value_len);

                *(msc_string **)apr_array_push(arr) = part;

                /* Resolve the macro and add that to the array. */

                var_resolved = msre_create_var_ex(mptmp, msr->modsecurity->msre, var_name, var_value,

                    msr, &my_error_msg);

                if (var_resolved != NULL) {

                    var_generated = generate_single_var(msr, var_resolved, NULL, rule, mptmp);

                    if (var_generated != NULL) {

                        part = (msc_string *)apr_pcalloc(mptmp, sizeof(msc_string));

                        if (part == NULL) return -1;

                        part->value_len = var_generated->value_len;

                        part->value = (char *)var_generated->value;

                        *(msc_string **)apr_array_push(arr) = part;

                        if (msr->txcfg->debuglog_level >= 9) {

                            msr_log(msr, 9, "Resolved macro %%{%s%s%s} to: %s",

                                var_name,

                                (var_value ? "." : ""),

                                (var_value ? var_value : ""),

                                log_escape_nq_ex(mptmp, part->value, part->value_len));

                        }

                    }

                } else {

                    if (msr->txcfg->debuglog_level >= 4) {

                        msr_log(msr, 4, "Failed to resolve macro %%{%s%s%s}: %s",

                            var_name,

                            (var_value ? "." : ""),

                            (var_value ? var_value : ""),

                            my_error_msg);

                    }

                }

            } else {

                /* We could not identify a valid macro so add it as text. */

                part = (msc_string *)apr_pcalloc(mptmp, sizeof(msc_string));

                if (part == NULL) return -1;

                part->value_len = p - text_start + 1; /* len(text)+len("%") */

                part->value = apr_pstrmemdup(mptmp, text_start, part->value_len);

                *(msc_string **)apr_array_push(arr) = part;

                next_text_start = p + 1;

            }

        } else {

            /* Text part. */

            part = (msc_string *)apr_pcalloc(mptmp, sizeof(msc_string));

            part->value = apr_pstrdup(mptmp, text_start);

            part->value_len = strlen(part->value);

            *(msc_string **)apr_array_push(arr) = part;

        }

    } while (p != NULL);

    /* If there's more than one member of the array that

     * means there was at least one macro present. Combine

     * text parts into a single string now.

     */

    if (arr->nelts > 1) {

        /* Figure out the required size for the string. */

        var->value_len = 0;

        for(i = 0; i < arr->nelts; i++) {

            part = ((msc_string **)arr->elts)[i];

            var->value_len += part->value_len;

        }

        /* Allocate the string. */

        var->value = apr_palloc(msr->mp, var->value_len + 1);

        if (var->value == NULL) return -1;

        /* Combine the parts. */

        offset = 0;

        for(i = 0; i < arr->nelts; i++) {

            part = ((msc_string **)arr->elts)[i];

            memcpy((char *)(var->value + offset), part->value, part->value_len);

            offset += part->value_len;

        }

        var->value[offset] = '\0';

    }

    return 1;

}

/**

 * Record the original collection values to use to calculate deltas.

 * This can be called multiple times and will not overwrite the first

 * value that is set.

 */

apr_status_t collection_original_setvar(modsec_rec *msr, const char *col_name, const msc_string *orig_var) {

    apr_table_t *table = NULL;

    msc_string *var = NULL;

    const char *var_name = NULL;

    if (orig_var == NULL) {

        msr_log(msr, 1, "Internal Error: Attempt to record NULL original variable.");

        return -1;

    }

    var_name = orig_var->name;

    table = (apr_table_t *)apr_table_get(msr->collections_original, col_name);

    /* Does the collection exist already? */

    if (table == NULL) {

        table = apr_table_make(msr->mp, 24);

        if (table == NULL) {

            msr_log(msr, 1, "Failed to allocate space for original collection.");

            return -1;

        }

        apr_table_setn(msr->collections_original, apr_pstrdup(msr->mp, col_name), (void *)table);

    }

    else {

        /* Does the variable exist already? */

        var = (msc_string *)apr_table_get(table, var_name);

        if (var != NULL) {

            if (msr->txcfg->debuglog_level >= 9) {

                msr_log(msr, 9, "Original collection variable: %s.%s = \"%s\"", col_name, var_name,

                    log_escape_ex(msr->mp, orig_var->value, orig_var->value_len));

            }

            return 1;

        }

    }

    var = (msc_string *)apr_palloc(msr->mp, sizeof(msc_string));

    if (var == NULL) {

        msr_log(msr, 1, "Failed to allocate space for original collection variable.");

        return -1;

    }

    /* Copy the original var and add to collection. */

    var->name = orig_var->name ? apr_pstrmemdup(msr->mp, orig_var->name, orig_var->name_len) : NULL;

    var->name_len = orig_var->name_len;

    var->value = orig_var->value ? apr_pstrmemdup(msr->mp, orig_var->value, orig_var->value_len) : NULL;

    var->value_len = orig_var->value_len;

    apr_table_setn(table, apr_pstrmemdup(msr->mp, var->name, var->name_len), (void *)var);

    if (msr->txcfg->debuglog_level >= 9) {

        msr_log(msr, 9, "Recorded original collection variable: %s.%s = \"%s\"", col_name, var_name,

            log_escape_ex(msr->mp, var->value, var->value_len));

    }

    return 0;

}

/* marker */

static apr_status_t msre_action_marker_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

    msre_action *action)

{

    actionset->id = action->param;

    return 1;

}

/* id */

static apr_status_t msre_action_id_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

    msre_action *action)

{

    actionset->id = action->param;

    return 1;

}

static char *msre_action_id_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {

    int id;

    if(action != NULL && action->param != NULL) {

        for(id=0;id<strlen(action->param);id++) {

            if(!apr_isdigit(action->param[id]))

                return apr_psprintf(mp, "ModSecurity: Invalid value for action ID: %s", action->param);

        }

        id = atoi(action->param);

        if ((id == LONG_MAX)||(id == LONG_MIN)||(id <= 0)) {

            return apr_psprintf(mp, "ModSecurity: Invalid value for action ID: %s", action->param);

        }

    }

    return NULL;

}

/* rev */

static apr_status_t msre_action_rev_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

        msre_action *action)

{

    actionset->rev = action->param;

    return 1;

}

/* msg */

static apr_status_t msre_action_msg_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

    msre_action *action)

{

    actionset->msg = action->param;

    return 1;

}

/* logdata */

static apr_status_t msre_action_logdata_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

    msre_action *action)

{

    actionset->logdata = action->param;

    return 1;

}

/* SanitizeMatchedBytes init */

static apr_status_t msre_action_sanitizeMatchedBytes_init(msre_engine *engine, apr_pool_t *mp,

        msre_actionset *actionset, msre_action *action)

{

    char *parse_parm = NULL;

    char *ac_param = NULL;

    char *savedptr = NULL;

    int arg_min = 0;

    int arg_max = 0;

    if (action->param != NULL && strlen(action->param) == 3)   {

        ac_param = apr_pstrdup(mp, action->param);

        parse_parm = apr_strtok(ac_param,"/",&savedptr);

        if(apr_isdigit(*parse_parm) && apr_isdigit(*savedptr))    {

            arg_max = atoi(parse_parm);

            arg_min = atoi(savedptr);

        }

    }

    actionset->arg_min = arg_min;

    actionset->arg_max = arg_max;

    return 1;

}

/* accuracy */

static apr_status_t msre_action_accuracy_init(msre_engine *engine, apr_pool_t *mp,

    msre_actionset *actionset, msre_action *action)

{

    actionset->accuracy = atoi(action->param);

    return 1;

}

/* maturity */

static apr_status_t msre_action_maturity_init(msre_engine *engine, apr_pool_t *mp,

    msre_actionset *actionset, msre_action *action)

{

    actionset->maturity = atoi(action->param);

    return 1;

}

/* ver */

static apr_status_t msre_action_ver_init(msre_engine *engine, apr_pool_t *mp,

    msre_actionset *actionset, msre_action *action)

{

    actionset->version = action->param;

    return 1;

}

/* severity */

static apr_status_t msre_action_severity_init(msre_engine *engine, apr_pool_t *mp,

        msre_actionset *actionset, msre_action *action)

{

    if (strcasecmp(action->param, "emergency") == 0)    {

        actionset->severity = 0;

    } else if (strcasecmp(action->param, "alert") == 0) {

        actionset->severity = 1;

    } else if (strcasecmp(action->param, "critical") == 0) {

        actionset->severity = 2;

    } else if (strcasecmp(action->param, "error") == 0) {

        actionset->severity = 3;

    } else if (strcasecmp(action->param, "warning") == 0) {

        actionset->severity = 4;

    } else if (strcasecmp(action->param, "notice") == 0) {

        actionset->severity = 5;

    } else if (strcasecmp(action->param, "info") == 0) {

        actionset->severity = 6;

    } else if (strcasecmp(action->param, "debug") == 0) {

        actionset->severity = 7;

    } else  {

        actionset->severity = atoi(action->param);

    }

    return 1;

}

/* chain */

static apr_status_t msre_action_chain_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

    msre_action *action)

{

    actionset->is_chained = 1;

    return 1;

}

/* log */

static apr_status_t msre_action_log_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

    msre_action *action)

{

    actionset->log = 1;

    return 1;

}

/* nolog */

static apr_status_t msre_action_nolog_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

    msre_action *action)

{

    actionset->log = 0;

    actionset->auditlog = 0;

    return 1;

}

/* auditlog */

static apr_status_t msre_action_auditlog_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

    msre_action *action)

{

    actionset->auditlog = 1;

    return 1;

}

/* noauditlog */

static apr_status_t msre_action_noauditlog_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

    msre_action *action)

{

    actionset->auditlog = 0;

    return 1;

}

/* block */

static apr_status_t msre_action_block_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

    msre_action *action)

{

    /* Right now we just set a flag and inherit the real disruptive action */

    actionset->block = 1;

    return 1;

}

/* deny */

static apr_status_t msre_action_deny_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

    msre_action *action)

{

    actionset->intercept_action = ACTION_DENY;

    actionset->intercept_action_rec = action;

    return 1;

}

/* status */

static char *msre_action_status_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {

    /* ENH action->param must be a valid HTTP status code. */

    return NULL;

}

static apr_status_t msre_action_status_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

    msre_action *action)

{

    actionset->intercept_status = atoi(action->param);

    return 1;

}

/* drop */

static apr_status_t msre_action_drop_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

    msre_action *action)

{

    actionset->intercept_action = ACTION_DROP;

    actionset->intercept_action_rec = action;

    return 1;

}

/* pause */

static char *msre_action_pause_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {

    /* ENH Validate a positive number. */

    return NULL;

}

static apr_status_t msre_action_pause_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

    msre_action *action)

{

    actionset->intercept_action = ACTION_PAUSE;

    actionset->intercept_pause = action->param;

    return 1;

}

/* redirect */

static char *msre_action_redirect_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {

    /* ENH Add validation. */

    return NULL;

}

static apr_status_t msre_action_redirect_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

    msre_action *action)

{

    actionset->intercept_action = ACTION_REDIRECT;

    actionset->intercept_uri = action->param;

    actionset->intercept_action_rec = action;

    return 1;

}

static apr_status_t msre_action_redirect_execute(modsec_rec *msr, apr_pool_t *mptmp,

    msre_rule *rule, msre_action *action)

{

    msc_string *var = NULL;

    var = apr_pcalloc(mptmp, sizeof(msc_string));

    if (var == NULL) return -1;

    var->value = (char *)action->param;

    var->value_len = strlen(var->value);

    expand_macros(msr, var, rule, mptmp);

    rule->actionset->intercept_uri = apr_pstrmemdup(msr->mp, var->value, var->value_len);

    return 1;

}

/* proxy */

static char *msre_action_proxy_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {

    /* ENH Add validation. */

    return NULL;

}

static apr_status_t msre_action_proxy_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

        msre_action *action)

{

    actionset->intercept_action = ACTION_PROXY;

    actionset->intercept_uri = action->param;

    actionset->intercept_action_rec = action;

    return 1;

}

static apr_status_t msre_action_proxy_execute(modsec_rec *msr, apr_pool_t *mptmp,

        msre_rule *rule, msre_action *action)

{

    msc_string *var = NULL;

    var = apr_pcalloc(mptmp, sizeof(msc_string));

    if (var == NULL) return -1;

    if (!strncmp(action->param,"[nocanon]",9)) {

        apr_table_setn(msr->r->notes,"proxy-nocanon", "1");

        var->value = (char *)action->param+9;

    } else {

        var->value = (char *)action->param;

    }

    var->value_len = strlen(var->value);

    expand_macros(msr, var, rule, mptmp);

    rule->actionset->intercept_uri = apr_pstrmemdup(msr->mp, var->value, var->value_len);

    return 1;

}

/* pass */

static apr_status_t msre_action_pass_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

        msre_action *action)

{

    actionset->intercept_action = ACTION_NONE;

    actionset->intercept_action_rec = action;

    return 1;

}

/* skip */

static char *msre_action_skip_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {

    /* ENH Add validation. */

    return NULL;

}

static apr_status_t msre_action_skip_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

        msre_action *action)

{

    actionset->skip_count = atoi(action->param);

    if (actionset->skip_count <= 0) actionset->skip_count = 1;

    return 1;

}

/* skipAfter */

static char *msre_action_skipAfter_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {

    /* ENH Add validation. */

    return NULL;

}

static apr_status_t msre_action_skipAfter_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

        msre_action *action)

{

    actionset->skip_after = action->param;

    return 1;

}

/* allow */

static apr_status_t msre_action_allow_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

    msre_action *action)

{

    actionset->intercept_action = ACTION_ALLOW;

    actionset->intercept_action_rec = action;

    if (action->param != NULL) {

        if (strcasecmp(action->param, "phase") == 0) {

            actionset->intercept_action = ACTION_ALLOW_PHASE;

        } else

        if (strcasecmp(action->param, "request") == 0) {

            actionset->intercept_action = ACTION_ALLOW_REQUEST;

        }

    }

    return 1;

}

static char *msre_action_allow_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {

    if (action->param != NULL) {

        if (strcasecmp(action->param, "phase") == 0) {

            return NULL;

        } else

        if (strcasecmp(action->param, "request") == 0) {

            return NULL;

        } else {

            return apr_psprintf(mp, "Invalid parameter for allow: %s", action->param);

        }

    }

    return NULL;

}

/* phase */

static char *msre_action_phase_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {

    /* ENH Add validation. */

    return NULL;

}

static apr_status_t msre_action_phase_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

    msre_action *action)

{

    if(strcasecmp(action->param,"request") == 0)

        actionset->phase = 2;

    else if(strcasecmp(action->param,"response") == 0)

        actionset->phase = 4;

    else if(strcasecmp(action->param,"logging") == 0)

        actionset->phase = 5;

    else

        actionset->phase = atoi(action->param);

    return 1;

}

/* t */

static char *msre_action_t_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {

    msre_tfn_metadata *metadata = NULL;

    metadata = msre_engine_tfn_resolve(engine, action->param);

    if (metadata == NULL) return apr_psprintf(mp, "Invalid transformation function: %s",

        action->param);

    action->param_data = metadata;

    return NULL;

}

static apr_status_t msre_action_t_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,

    msre_action *action)

{

    msre_tfn_metadata *metadata = (msre_tfn_metadata *)action->param_data;

    action->param_data = metadata;

    return 1;

}

/* ctl */

static char *msre_action_ctl_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {

    char *name = NULL;

    char *value = NULL;

    /* Parse first. */

    if (parse_name_eq_value(mp, action->param, &name, &value) < 0) {

        return FATAL_ERROR;

    }

    if (value == NULL) {

        return apr_psprintf(mp, "Missing ctl value for name: %s", name);

    }

    /* Validate value. */

    if (strcasecmp(name, "ruleEngine") == 0) {

        if (strcasecmp(value, "on") == 0) return NULL;

        if (strcasecmp(value, "off") == 0) return NULL;

        if (strcasecmp(value, "detectiononly") == 0) return NULL;

        return apr_psprintf(mp, "Invalid setting for ctl name ruleEngine: %s", value);

    } else

    if (strcasecmp(name, "ruleRemoveById") == 0) {

        /* ENH nothing yet */

        return NULL;

    } else

    if (strcasecmp(name, "ruleRemoveByTag") == 0) {

        if (!msc_pregcomp(mp, value, 0, NULL, NULL))

           return apr_psprintf(mp, "ModSecurity: Invalid regular expression \"%s\"", value);

        return NULL;

    } else

    if (strcasecmp(name, "ruleRemoveByMsg") == 0) {

       if (!msc_pregcomp(mp, value, 0, NULL, NULL))

           return apr_psprintf(mp, "ModSecurity: Invalid regular expression \"%s\"", value);

        return NULL;

    } else

    if (strcasecmp(name, "requestBodyAccess") == 0) {

        if (parse_boolean(value) == -1) {

            return apr_psprintf(mp, "Invalid setting for ctl name "

                " requestBodyAccess: %s", value);

        }

        return NULL;

    } else

    if (strcasecmp(name, "requestBodyProcessor") == 0) {

        /* ENH We will accept anything for now but it'd be nice

         * to add a check here that the processor name is a valid one.

         */

        return NULL;

    } else

    if (strcasecmp(name, "forceRequestBodyVariable") == 0) {

        if (strcasecmp(value, "on") == 0) return NULL;

        if (strcasecmp(value, "off") == 0) return NULL;

        return apr_psprintf(mp, "Invalid setting for ctl name "

            " forceRequestBodyVariable: %s", value);

    } else

    if (strcasecmp(name, "responseBodyAccess") == 0) {

        if (parse_boolean(value) == -1) {

            return apr_psprintf(mp, "Invalid setting for ctl name "

                " responseBodyAccess: %s", value);

        }

        return NULL;

    } else

    if (strcasecmp(name, "auditEngine") == 0) {

        if (strcasecmp(value, "on") == 0) return NULL;

        if (strcasecmp(value, "off") == 0) return NULL;

        if (strcasecmp(value, "relevantonly") == 0) return NULL;

        return apr_psprintf(mp, "Invalid setting for ctl name "

            " auditEngine: %s", value);

    } else

    if (strcasecmp(name, "auditLogParts") == 0) {

        if ((value[0] == '+')||(value[0] == '-')) {

            if (is_valid_parts_specification(value + 1) != 1) {

            return apr_psprintf(mp, "Invalid setting for ctl name "

                "auditLogParts: %s", value);

            }

        }

        else

        if (is_valid_parts_specification(value) != 1) {

            return apr_psprintf(mp, "Invalid setting for ctl name "

                "auditLogParts: %s", value);

        }

        return NULL;

    } else

    if (strcasecmp(name, "debugLogLevel") == 0) {

        if ((atoi(value) >= 0)&&(atoi(value) <= 9)) return NULL;

        return apr_psprintf(mp, "Invalid setting for ctl name "

            "debugLogLevel: %s", value);