First version of the inline highlight calculation

2025-11-16 17:41:52 +03:00 · 2017-02-26 23:32:48 -03:00
parent 53485c7f74
commit 0ae459593e
12 changed files with 252 additions and 53 deletions
--- a/examples/reading_logs_via_rule_message/blocked_request.conf
+++ b/examples/reading_logs_via_rule_message/blocked_request.conf
@@ -1,3 +1,3 @@
-SecRule ARGS:param1 "test" "id:1,deny,phase:2,chain,msg:'test'"
+SecRule ARGS:param1 "test" "id:1,deny,phase:2,t:lowercase,chain,msg:'test'"
 SecRule ARGS:param1 "test" "log"

--- a/examples/reading_logs_via_rule_message/blocked_request_engine_on.conf
+++ b/examples/reading_logs_via_rule_message/blocked_request_engine_on.conf
@@ -1,2 +1,2 @@
 SecRuleEngine On
-SecRule ARGS:param1 "test" "id:1,deny"
+SecRule ARGS:param1 "test" "id:1,deny,t:lowercase"
--- a/examples/reading_logs_via_rule_message/match.conf
+++ b/examples/reading_logs_via_rule_message/match.conf
@@ -1 +1 @@
-SecRule ARGS:param1 "test" "id:1,deny,msg:'this',msg:'is',msg:'a',msg:'test'"
+SecRule ARGS:param1 "test" "id:1,deny,msg:'this',t:replaceNulls,msg:'is',msg:'a',msg:'test',t:lowercase,t:trim"
--- a/examples/reading_logs_via_rule_message/no_match.conf
+++ b/examples/reading_logs_via_rule_message/no_match.conf
@@ -1 +1 @@
-SecRule ARGS:param1 "WHEEE" "id:1,phase:2,deny,msg:'this',msg:'is',msg:'a',msg:'test'"
+SecRule ARGS:param1 "WHEEE" "id:1,phase:2,deny,msg:'this',msg:'is',msg:'a',msg:'test',t:lower"
--- a/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h
+++ b/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h
@@ -67,8 +67,9 @@ class ReadingLogsViaRuleMessage {
            "net.tutsplus.com");
        modsecTransaction->processRequestHeaders();
        modsecTransaction->processRequestBody();
-        modsecTransaction->addResponseHeader("HTTP/1.1",
-            "200 OK");
+
+        modsecTransaction->addResponseHeader("Content-Type", "text/xml; charset=utf-8");
+        modsecTransaction->addResponseHeader("Content-Length", "123");
        modsecTransaction->processResponseHeaders(200, "HTTP 1.2");
        modsecTransaction->appendResponseBody(
            (const unsigned char*)m_response_body,
@@ -84,6 +85,38 @@ end:
        return -1;
    }

+
+    static std::string highlightToText(
+        const modsecurity::RuleMessageHighlight &h) {
+        std::cout << " * ModSecurity variable to be highlighted" << std::endl;
+
+        for (const auto &i : h.m_variable) {
+            std::cout << "  - From: " << std::to_string(i.m_startingAt);
+            std::cout << " to: " << std::to_string(i.m_startingAt + i.m_size);
+            std::cout << std::endl;
+        }
+        std::cout << std::endl;
+
+        std::cout << " * Variable's values ";
+        std::cout << "(may include transformations)" << std::endl;
+        for (const auto &i : h.m_value) {
+            std::cout << "  - " << i.first << ": " << i.second << std::endl;
+        }
+        std::cout << std::endl;
+
+        std::cout << " * Operators match to be highlight inside ";
+        std::cout << "the variables (after transformations)" << std::endl;
+
+        for (const auto &i : h.m_op) {
+            std::cout << "  - From: " << i.m_area.m_startingAt;
+            std::cout << " to: " << std::to_string(i.m_area.m_startingAt \
+                + i.m_area.m_size);
+            std::cout << " [Value: " << i.m_value << "]" << std::endl;
+        }
+        std::cout << std::endl;
+        return "";
+    }
+
    static void logCb(void *data, const void *ruleMessagev) {
        if (ruleMessagev == NULL) {
            std::cout << "I've got a call but the message was null ;(";
@@ -108,6 +141,17 @@ end:
            std::cout << modsecurity::RuleMessage::log(ruleMessage);
            std::cout << std::endl;
        }
+        std::cout << std::endl;
+        std::cout << "Verbose details on the match highlight" << std::endl;
+        std::cout << "  Highlight reference string: ";
+        std::cout << ruleMessage->m_reference << std::endl;
+        std::cout << std::endl;
+        std::cout << "Details:" << std::endl;
+        modsecurity::RuleMessageHighlight h =
+            modsecurity::RuleMessage::computeHighlight(ruleMessage,
+                ruleMessage->m_buf);
+        highlightToText(h);
+        std::cout << std::endl;
    }

 protected:
--- a/examples/reading_logs_via_rule_message/simple_request.cc
+++ b/examples/reading_logs_via_rule_message/simple_request.cc
@@ -37,14 +37,10 @@ char request_header[] =  "" \
    "Pragma: no-cache\n\r" \
    "Cache-Control: no-cache\n\r";

-char request_uri[] = "/test.pl?param1=test&para2=test2";
+char request_uri[] = "/TeSt.Pl?param1=TEsT&para2=TEST2";

 char request_body[] = "";

-char response_headers[] = "" \
-    "HTTP/1.1 200 OK\n\r" \
-    "Content-Type: text/xml; charset=utf-8\n\r" \
-    "Content-Length: length\n\r";

 char response_body[] = "" \
    "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n\r" \
@@ -62,16 +58,16 @@ char ip[] = "200.249.12.31";


 int main(int argc, char **argv) {
-    (*argv)++;
+    (*argv++);
    if (*argv == NULL) {
-        (*argv)--;
+        (*argv--);
        std::cout << "Use " << *argv << " test-case-file.conf";
        std::cout << std::endl << std::endl;
        return -1;
    }
    std::string rules(*argv);
    ReadingLogsViaRuleMessage rlvrm(request_header, request_uri, request_body,
-        response_headers, response_body, ip, rules);
+        "", response_body, ip, rules);
    rlvrm.process();
    return 0;
 }