github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge 2.5.x changes into trunk.

Browse Source
This commit is contained in:
b1v1r 2009-06-15 21:14:30 +00:00
parent e5becf8407
commit 05bd243347
8 changed files with 67 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@ -1,6 +1,9 @@
31 May 2009 - trunk
15 Jun 2009 - trunk
-------------------
* Fixed mlogc issue seen on big endian machines where content type
could be listed as zero.
* Removed extra newline from audit log message line when logging XML errors.
This was causing problems parsing audit logs.

9
apache2/Makefile.in
View File

@ -73,12 +73,13 @@ clean-extras:
@rm -rf ../tools/mlogc ../tools/mlogc-batch-load.pl
clean: clean-extras
@rm -rf *.la *.lo *.o *.slo .libs msc_test msc-test-debug.log
@rm -rf *.la *.lo *.loT *.o *.slo .libs msc_test msc-test-debug.log
maintainer-clean: clean
@rm -rf Makefile mlogc-src/Makefile t/run-unit-tests.pl t/run-regression-tests.pl t/gen_rx-pm.pl t/csv_rx-pm.pl t/run-tests.pl t/regression/server_root/conf/httpd.conf t/regression/server_root/conf/config_*.t_*.conf config config.log config.status configure mod_security2_config.h ../tools/*.pl autoscan.log configure.scan build/libtool.m4 build/config.guess build/config.sub build/ltmain.sh build/apxs-wrapper
distclean: clean
@rm -rf Makefile mlogc-src/Makefile mlogc-src/mlogc-batch-load.pl ../tools/*.pl t/run-unit-tests.pl t/run-regression-tests.pl t/gen_rx-pm.pl t/csv_rx-pm.pl t/run-tests.pl t/regression/server_root/conf/httpd.conf t/regression/server_root/conf/*.t_*.conf t/regression/server_root/tmp/* t/regression/server_root/logs/*.log t/regression/server_root/logs/audit/* t/regression/server_root/upload/* t/regression/server_root/data/* config config.log config.status build/apxs-wrapper
distclean: maintainer-clean
maintainer-clean: distclean
@rm -rf config config.log config.status configure mod_security2_config.h autoscan.log configure.scan build/libtool.m4 build/config.guess build/config.sub build/ltmain.sh
install-mods: mod_security2.la
$(INSTALL_MOD_SHARED) mod_security2.la

3
apache2/apache2.h
View File

@ -87,6 +87,9 @@ char DSOLOCAL *get_apr_error(apr_pool_t *p, apr_status_t rc);
char DSOLOCAL *get_env_var(request_rec *r, char *name);
void DSOLOCAL internal_log_ex(request_rec *r, directory_config *dcfg, modsec_rec *msr,
int level, int fixup, const char *text, va_list ap);
void DSOLOCAL internal_log(request_rec *r, directory_config *dcfg, modsec_rec *msr,
int level, const char *text, va_list ap);

73
apache2/apache2_util.c
View File

@ -226,12 +226,12 @@ char *get_env_var(request_rec *r, char *name) {
}
/**
* Internal log helper function. Use msr_log instead. This function will
* correctly handle both the messages that have a newline at the end, and
* those that don't.
* Extended internal log helper function. Use msr_log instead. If fixup is
* true, the message will be stripped of any trailing newline and any
* required bytes will be escaped.
*/
void internal_log(request_rec *r, directory_config *dcfg, modsec_rec *msr,
int level, const char *text, va_list ap)
void internal_log_ex(request_rec *r, directory_config *dcfg, modsec_rec *msr,
int level, int fixup, const char *text, va_list ap)
{
apr_size_t nbytes, nbytes_written;
apr_file_t *debuglog_fd = NULL;
@ -258,13 +258,24 @@ void internal_log(request_rec *r, directory_config *dcfg, modsec_rec *msr,
/* Construct the message. */
apr_vsnprintf(str1, sizeof(str1), text, ap);
if (fixup) {
int len = strlen(str1);
/* Strip line ending. */
if (len && str1[len - 1] == '\n') {
str1[len - 1] = '\0';
}
if (len > 1 && str1[len - 2] == '\r') {
str1[len - 2] = '\0';
}
}
/* Construct the log entry. */
apr_snprintf(str2, sizeof(str2),
"[%s] [%s/sid#%pp][rid#%pp][%s][%d] %s\n",
current_logtime(msr->mp), ap_get_server_name(r), (r->server),
r, ((r->uri == NULL) ? "" : log_escape_nq(msr->mp, r->uri)),
level, str1);
level, (fixup ? log_escape_nq(msr->mp, str1) : str1));
/* Write to the debug log. */
if ((debuglog_fd != NULL)&&(level <= filter_debug_level)) {
@ -272,7 +283,8 @@ void internal_log(request_rec *r, directory_config *dcfg, modsec_rec *msr,
apr_file_write_full(debuglog_fd, str2, nbytes, &nbytes_written);
}
/* Send message levels 1-3 to the Apache error log too. */
/* Send message levels 1-3 to the Apache error log and
* add it to the message list in the audit log. */
if (level <= 3) {
char *unique_id = (char *)get_env_var(r, "UNIQUE_ID");
char *hostname = (char *)msr->hostname;
@ -305,6 +317,15 @@ void internal_log(request_rec *r, directory_config *dcfg, modsec_rec *msr,
return;
}
/**
* Internal log helper function. Use msr_log instead.
*/
void internal_log(request_rec *r, directory_config *dcfg, modsec_rec *msr,
int level, const char *text, va_list ap)
{
internal_log_ex(r, dcfg, msr, level, 0, text, ap);
}
/**
* Logs one message at the given level to the debug log (and to the
* Apache error log if the message is important enough.
@ -313,7 +334,7 @@ void msr_log(modsec_rec *msr, int level, const char *text, ...) {
va_list ap;
va_start(ap, text);
internal_log(msr->r, msr->txcfg, msr, level, text, ap);
internal_log_ex(msr->r, msr->txcfg, msr, level, 0, text, ap);
va_end(ap);
}
@ -321,30 +342,13 @@ void msr_log(modsec_rec *msr, int level, const char *text, ...) {
/**
* Logs one message at level 3 to the debug log and to the
* Apache error log. This is intended for error callbacks.
*
* The 'text' will first be escaped.
*/
void msr_log_error(modsec_rec *msr, const char *text, ...) {
va_list ap;
int len;
char *str;
/* Generate the string. */
va_start(ap, text);
str = apr_pvsprintf(msr->mp, text, ap);
internal_log_ex(msr->r, msr->txcfg, msr, 3, 1, text, ap);
va_end(ap);
/* Strip line ending. */
len = strlen(str);
if (len && str[len - 1] == '\n') {
str[len - 1] = '\0';
}
if (len > 1 && str[len - 2] == '\r') {
str[len - 1] = '\0';
}
/* Log the escaped string. */
internal_log(msr->r, msr->txcfg, msr, 3, log_escape_nq(msr->mp,str), NULL);
}
/**
@ -355,25 +359,10 @@ void msr_log_error(modsec_rec *msr, const char *text, ...) {
*/
void msr_log_warn(modsec_rec *msr, const char *text, ...) {
va_list ap;
int len;
char *str;
/* Generate the string. */
va_start(ap, text);
str = apr_pvsprintf(msr->mp, text, ap);
internal_log_ex(msr->r, msr->txcfg, msr, 4, 1, text, ap);
va_end(ap);
/* Strip line ending. */
len = strlen(str);
if (len && str[len - 1] == '\n') {
str[len - 1] = '\0';
}
if (len > 1 && str[len - 2] == '\r') {
str[len - 1] = '\0';
}
/* Log the escaped string. */
internal_log(msr->r, msr->txcfg, msr, 4, log_escape_nq(msr->mp,str), NULL);
}

3
apache2/build/apxs-wrapper.in
View File

@ -5,6 +5,9 @@ for opt in "$@"; do
case "$opt" in
# Fix for -R not working w/apxs
-R*) WRAPPED_OPTS="$WRAPPED_OPTS -Wl,$opt" ;;
# OSF1 compiler option
-pthread) WRAPPED_OPTS="$WRAPPED_OPTS -Wc,$opt" ;;
# Unwrapped
*) WRAPPED_OPTS="$WRAPPED_OPTS $opt" ;;
esac
done

6
apache2/mlogc-src/mlogc.c
View File

@ -1086,7 +1086,6 @@ static void logc_init(void)
/* Pre-configure the handle. */
curl_easy_setopt(curl, CURLOPT_UPLOAD, TRUE);
curl_easy_setopt(curl, CURLOPT_PUT, TRUE);
curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, (char *)NULL);
curl_easy_setopt(curl, CURLOPT_URL, console_uri);
curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
@ -1156,6 +1155,8 @@ static void keep_entries_hack(apr_pool_t *mp, apr_thread_t *thread, const char *
return;
}
error_log(LOG_DEBUG, thread, "STAT \"%s\" {uid=%d; gid=%d; size=%" APR_OFF_T_FMT "; csize=%" APR_OFF_T_FMT "; atime=%" APR_TIME_T_FMT "; ctime=%" APR_TIME_T_FMT "; mtime=%" APR_TIME_T_FMT "}", fn, finfo.user, finfo.group, finfo.size, finfo.csize, finfo.atime, finfo.ctime, finfo.mtime);
if (finfo.mtime != KEEP_ENTRIES_REMOVE_TIME) {
error_log(LOG_DEBUG2, thread, "Set mtime: %s", fn);
if ((rc = apr_file_mtime_set(fn, (apr_time_t)KEEP_ENTRIES_REMOVE_TIME, mp)) != APR_SUCCESS) {
@ -1320,6 +1321,8 @@ static void * APR_THREAD_FUNC thread_worker(apr_thread_t *thread, void *data)
char response_buf[STATUSBUF_SIZE];
CURLcode res;
error_log(LOG_DEBUG, thread, "STAT \"%s\" {uid=%d; gid=%d; size=%" APR_OFF_T_FMT "; csize=%" APR_OFF_T_FMT "; atime=%" APR_TIME_T_FMT "; ctime=%" APR_TIME_T_FMT "; mtime=%" APR_TIME_T_FMT "}", auditlogentry, finfo.user, finfo.group, finfo.size, finfo.csize, finfo.atime, finfo.ctime, finfo.mtime);
/* Initialize the respone buffer with a hidden value */
response_buf[0] = 0;
response_buf[1] = 1;
@ -1357,7 +1360,6 @@ static void * APR_THREAD_FUNC thread_worker(apr_thread_t *thread, void *data)
curl_easy_setopt(curl, CURLOPT_READDATA, hd_src);
curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, finfo.size);
curl_easy_setopt(curl, CURLOPT_INFILESIZE, finfo.size);
#if 0
mandatory on win32?
curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback);

4
apache2/msc_release.h
View File

@ -22,8 +22,8 @@
#include <stdlib.h>
#include <string.h>
/* ENH: Clean this mess up */
#if !(defined(_AIX) || defined(WIN32) || defined(CYGWIN) || defined(NETWARE) || defined(SOLARIS2) || defined(__osf1__))
/* ENH: Clean this mess up by detecting this is possible */
#if !(defined(_AIX) || defined(WIN32) || defined(CYGWIN) || defined(NETWARE) || defined(SOLARIS2) || defined(OSF1))
#define DSOLOCAL __attribute__((visibility("hidden")))
#else
#define DSOLOCAL

24
doc/modsecurity2-apache-reference.xml
View File

@ -6,7 +6,7 @@
Manual</title>
<articleinfo>
<releaseinfo>Version 2.6.0-trunk (May 29, 2009)</releaseinfo>
<releaseinfo>Version 2.6.0-trunk (June 2, 2009)</releaseinfo>
<copyright>
<year>2004-2009</year>
@ -2836,11 +2836,12 @@ SecRule <emphasis>ENV:tag</emphasis> "suspicious"</programlisting>
<section>
<title><literal moreinfo="none">GEO</literal></title>
<para><literal>GEO</literal> is a collection populated by the <literal
moreinfo="none">@geoLookup</literal> operator. It can be used to match
geographical fields looked up by an IP address or hostname.</para>
<para><literal>GEO</literal> is a collection populated by the results of
the last <literal moreinfo="none">@geoLookup</literal> operator. The
collection can be used to match geographical fields looked from an IP
address or hostname.</para>
<para>Available since 2.2.0.</para>
<para>Available since ModSecurity 2.5.0.</para>
<para>Fields:</para>
@ -2903,7 +2904,9 @@ SecRule <emphasis>ENV:tag</emphasis> "suspicious"</programlisting>
<para>Example:</para>
<programlisting format="linespecific">SecRule REMOTE_ADDR "<emphasis>@geoLookup</emphasis>" "chain,drop,msg:'Non-GB IP address'"
<programlisting format="linespecific">SecGeoLookupDb /usr/local/geo/data/GeoLiteCity.dat
...
SecRule REMOTE_ADDR "<emphasis>@geoLookup</emphasis>" "chain,drop,msg:'Non-GB IP address'"
SecRule GEO:COUNTRY_CODE "!@streq GB"</programlisting>
</section>
@ -5455,8 +5458,9 @@ SecRule ARGS:route "!<emphasis>@endsWith %{REQUEST_ADDR}</emphasis>" t:none,deny
<title><literal>geoLookup</literal></title>
<para><emphasis>Description:</emphasis> This operator looks up various
data fields from an IP address or hostname. The results will be captured
in the <literal moreinfo="none">GEO</literal> collection.</para>
data fields from an IP address or hostname in the target data. The
results will be captured in the <literal moreinfo="none">GEO</literal>
collection.</para>
<para>You must provide a database via <literal
moreinfo="none">SecGeoLookupDb</literal> before this operator can be
@ -5471,7 +5475,9 @@ SecRule ARGS:route "!<emphasis>@endsWith %{REQUEST_ADDR}</emphasis>" t:none,deny
lookup, then do something like this (look for an empty GEO
collection):</para>
<programlisting format="linespecific">SecRule REMOTE_ADDR "@geoLookup" "pass,nolog"
<programlisting format="linespecific">SecGeoLookupDb /usr/local/geo/data/GeoLiteCity.dat
...
SecRule REMOTE_ADDR "@geoLookup" "pass,nolog"
SecRule &amp;GEO "@eq 0" "deny,status:403,msg:'Failed to lookup IP'"</programlisting>
</note>