github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 13:26:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge 6c6d94fc6673504a9c26765cb862400024917c4e into 0ac551b070b96877e4dd73e489a39603c1935513

Browse Source
This commit is contained in:
szedenik-adam 2025-08-11 08:30:12 +00:00 committed by GitHub
commit 10b6575014
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
12 changed files with 6162 additions and 6034 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
headers/modsecurity/audit_log.h
View File

@ -153,17 +153,18 @@ class AuditLog {
bool setStorageDirMode(int permission);
bool setFileMode(int permission);
bool setStatus(AuditLogStatus new_status);
bool setRelevantStatus(const std::basic_string<char>& new_relevant_status);
bool setFilePath1(const std::basic_string<char>& path);
bool setFilePath2(const std::basic_string<char>& path);
bool setStorageDir(const std::basic_string<char>& path);
bool setRelevantStatus(std::string_view new_relevant_status);
bool setFilePath1(std::string_view path);
bool setFilePath2(std::string_view path);
bool setStorageDir(std::string_view path);
bool setPrefix(std::string_view prefix);
bool setFormat(AuditLogFormat fmt);
int getDirectoryPermission() const;
int getFilePermission() const;
int getParts() const;
bool setParts(const std::basic_string<char>& new_parts);
bool setParts(std::string_view new_parts);
bool setType(AuditLogType audit_type);
bool init(std::string *error);
@ -173,8 +174,8 @@ class AuditLog {
bool saveIfRelevant(Transaction *transaction, int parts);
bool isRelevant(int status);
static int addParts(int parts, const std::string& new_parts);
static int removeParts(int parts, const std::string& new_parts);
static int addParts(int parts, std::string_view new_parts);
static int removeParts(int parts, std::string_view new_parts);
void setCtlAuditEngineActive() {
m_ctlAuditEngineActive = true;
@ -182,31 +183,32 @@ class AuditLog {
bool merge(AuditLog *from, std::string *error);
std::string m_path1;
std::string m_path2;
std::string m_storage_dir;
std::string m_path1 = std::string("");
std::string m_path2 = std::string("");
std::string m_storage_dir = std::string("");
std::string m_prefix = std::string("");
AuditLogFormat m_format;
AuditLogFormat m_format = NotSetAuditLogFormat;
protected:
int m_parts;
int m_parts = -1;
int m_defaultParts = AAuditLogPart | BAuditLogPart | CAuditLogPart
| FAuditLogPart | HAuditLogPart | ZAuditLogPart;
int m_filePermission;
int m_filePermission = -1;
int m_defaultFilePermission = 0640;
int m_directoryPermission;
int m_directoryPermission = -1;
int m_defaultDirectoryPermission = 0750;
private:
AuditLogStatus m_status;
AuditLogStatus m_status = NotSetLogStatus;
AuditLogType m_type;
std::string m_relevant;
AuditLogType m_type = NotSetAuditLogType;
std::string m_relevant = std::string("");
audit_log::writer::Writer *m_writer;
bool m_ctlAuditEngineActive; // rules have at least one action On or RelevantOnly
audit_log::writer::Writer *m_writer = nullptr;
bool m_ctlAuditEngineActive = false; // rules have at least one action On or RelevantOnly
};

2
headers/modsecurity/transaction.h
View File

@ -411,7 +411,7 @@ class Transaction : public TransactionAnchoredVariables, public TransactionSecMa
int getRuleEngineState() const;
std::string toJSON(int parts);
std::string toOldAuditLogFormat(int parts, const std::string &trailer);
std::string toOldAuditLogFormat(int parts, const std::string &trailer, const std::string &header);
std::string toOldAuditLogFormatIndex(const std::string &filename,
double size, const std::string &md5);

45
src/audit_log/audit_log.cc
View File

@ -51,25 +51,13 @@ namespace modsecurity {
namespace audit_log {
AuditLog::AuditLog()
: m_path1(""),
m_path2(""),
m_storage_dir(""),
m_format(NotSetAuditLogFormat),
m_parts(-1),
m_filePermission(-1),
m_directoryPermission(-1),
m_status(NotSetLogStatus),
m_type(NotSetAuditLogType),
m_relevant(""),
m_writer(NULL),
m_ctlAuditEngineActive(false) { }
AuditLog::AuditLog() = default;
AuditLog::~AuditLog() {
if (m_writer) {
delete m_writer;
m_writer = NULL;
m_writer = nullptr;
}
}
@ -108,35 +96,42 @@ bool AuditLog::setStatus(AuditLogStatus status) {
}
bool AuditLog::setRelevantStatus(const std::basic_string<char>& status) {
bool AuditLog::setRelevantStatus(std::string_view status) {
this->m_relevant = std::string(status);
return true;
}
bool AuditLog::setStorageDir(const std::basic_string<char>& path) {
bool AuditLog::setStorageDir(std::string_view path) {
this->m_storage_dir = path;
return true;
}
bool AuditLog::setFilePath1(const std::basic_string<char>& path) {
bool AuditLog::setFilePath1(std::string_view path) {
this->m_path1 = path;
return true;
}
bool AuditLog::setFilePath2(const std::basic_string<char>& path) {
bool AuditLog::setFilePath2(std::string_view path) {
this->m_path2 = path;
return true;
}
bool AuditLog::setPrefix(std::string_view prefix) {
this->m_prefix = prefix;
return true;
}
bool AuditLog::setFormat(AuditLogFormat fmt) {
this->m_format = fmt;
return true;
}
int AuditLog::addParts(int parts, const std::string& new_parts) {
int AuditLog::addParts(int parts, std::string_view new_parts) {
PARTS_CONSTAINS('A', AAuditLogPart)
PARTS_CONSTAINS('B', BAuditLogPart)
PARTS_CONSTAINS('C', CAuditLogPart)
@ -154,7 +149,7 @@ int AuditLog::addParts(int parts, const std::string& new_parts) {
}
int AuditLog::removeParts(int parts, const std::string& new_parts) {
int AuditLog::removeParts(int parts, std::string_view new_parts) {
PARTS_CONSTAINS_REM('A', AAuditLogPart)
PARTS_CONSTAINS_REM('B', BAuditLogPart)
PARTS_CONSTAINS_REM('C', CAuditLogPart)
@ -172,7 +167,7 @@ int AuditLog::removeParts(int parts, const std::string& new_parts) {
}
bool AuditLog::setParts(const std::basic_string<char>& new_parts) {
bool AuditLog::setParts(std::string_view new_parts) {
int parts = 0;
PARTS_CONSTAINS('A', AAuditLogPart)
@ -208,7 +203,6 @@ bool AuditLog::setType(AuditLogType audit_type) {
}
bool AuditLog::init(std::string *error) {
audit_log::writer::Writer *tmp_writer;
@ -216,7 +210,7 @@ bool AuditLog::init(std::string *error) {
&& !m_ctlAuditEngineActive) {
if (m_writer) {
delete m_writer;
m_writer = NULL;
m_writer = nullptr;
}
return true;
}
@ -234,7 +228,7 @@ bool AuditLog::init(std::string *error) {
tmp_writer = new audit_log::writer::Serial(this);
}
if (tmp_writer == NULL) {
if (tmp_writer == nullptr) {
error->assign("Writer memory alloc failed!");
return false;
}
@ -312,7 +306,7 @@ bool AuditLog::saveIfRelevant(Transaction *transaction, int parts) {
}
ms_dbg_a(transaction, 5, "Saving this request as part " \
"of the audit logs.");
if (m_writer == NULL) {
if (m_writer == nullptr) {
ms_dbg_a(transaction, 1, "Internal error, audit log writer is null");
} else {
std::string error;
@ -337,6 +331,7 @@ bool AuditLog::merge(AuditLog *from, std::string *error) {
AL_MERGE_STRING_CONF(from->m_path2, m_path2);
AL_MERGE_STRING_CONF(from->m_storage_dir, m_storage_dir);
AL_MERGE_STRING_CONF(from->m_relevant, m_relevant);
AL_MERGE_STRING_CONF(from->m_prefix, m_prefix);
if (from->m_filePermission != -1) {
m_filePermission = from->m_filePermission;

2
src/audit_log/writer/parallel.cc
View File

@ -119,7 +119,7 @@ bool Parallel::write(Transaction *transaction, int parts, std::string *error) {
} else {
std::string boundary;
generateBoundary(&boundary);
log = transaction->toOldAuditLogFormat(parts, "-" + boundary + "--");
log = transaction->toOldAuditLogFormat(parts, "-" + boundary + "--", m_audit->m_prefix);
}
const auto &logPath = m_audit->m_storage_dir;

2
src/audit_log/writer/serial.cc
View File

@ -42,7 +42,7 @@ bool Serial::write(Transaction *transaction, int parts, std::string *error) {
} else {
std::string boundary;
generateBoundary(&boundary);
msg = transaction->toOldAuditLogFormat(parts, "-" + boundary + "--");
msg = transaction->toOldAuditLogFormat(parts, "-" + boundary + "--", m_audit->m_prefix);
}
return utils::SharedFiles::getInstance().write(m_audit->m_path1, msg,

4176
src/parser/seclang-parser.cc
View File

File diff suppressed because it is too large Load Diff

454
src/parser/seclang-parser.hh
View File

@ -820,6 +820,7 @@ namespace yy {
// "CONFIG_DIR_AUDIT_LOG2"
// "CONFIG_DIR_AUDIT_LOG_P"
// "CONFIG_DIR_AUDIT_STS"
// "CONFIG_DIR_AUDIT_PREFIX"
// "CONFIG_DIR_AUDIT_TPE"
// "CONFIG_DIR_DEBUG_LOG"
// "CONFIG_DIR_DEBUG_LVL"
@ -1244,103 +1245,104 @@ namespace yy {
TOK_CONFIG_DIR_AUDIT_LOG2 = 506, // "CONFIG_DIR_AUDIT_LOG2"
TOK_CONFIG_DIR_AUDIT_LOG_P = 507, // "CONFIG_DIR_AUDIT_LOG_P"
TOK_CONFIG_DIR_AUDIT_STS = 508, // "CONFIG_DIR_AUDIT_STS"
TOK_CONFIG_DIR_AUDIT_TPE = 509, // "CONFIG_DIR_AUDIT_TPE"
TOK_CONFIG_DIR_DEBUG_LOG = 510, // "CONFIG_DIR_DEBUG_LOG"
TOK_CONFIG_DIR_DEBUG_LVL = 511, // "CONFIG_DIR_DEBUG_LVL"
TOK_CONFIG_SEC_CACHE_TRANSFORMATIONS = 512, // "CONFIG_SEC_CACHE_TRANSFORMATIONS"
TOK_CONFIG_SEC_DISABLE_BACKEND_COMPRESS = 513, // "CONFIG_SEC_DISABLE_BACKEND_COMPRESS"
TOK_CONFIG_SEC_HASH_ENGINE = 514, // "CONFIG_SEC_HASH_ENGINE"
TOK_CONFIG_SEC_HASH_KEY = 515, // "CONFIG_SEC_HASH_KEY"
TOK_CONFIG_SEC_HASH_PARAM = 516, // "CONFIG_SEC_HASH_PARAM"
TOK_CONFIG_SEC_HASH_METHOD_RX = 517, // "CONFIG_SEC_HASH_METHOD_RX"
TOK_CONFIG_SEC_HASH_METHOD_PM = 518, // "CONFIG_SEC_HASH_METHOD_PM"
TOK_CONFIG_SEC_CHROOT_DIR = 519, // "CONFIG_SEC_CHROOT_DIR"
TOK_CONFIG_DIR_GEO_DB = 520, // "CONFIG_DIR_GEO_DB"
TOK_CONFIG_DIR_GSB_DB = 521, // "CONFIG_DIR_GSB_DB"
TOK_CONFIG_SEC_GUARDIAN_LOG = 522, // "CONFIG_SEC_GUARDIAN_LOG"
TOK_CONFIG_DIR_PCRE_MATCH_LIMIT = 523, // "CONFIG_DIR_PCRE_MATCH_LIMIT"
TOK_CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION = 524, // "CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION"
TOK_CONFIG_SEC_CONN_R_STATE_LIMIT = 525, // "CONFIG_SEC_CONN_R_STATE_LIMIT"
TOK_CONFIG_SEC_CONN_W_STATE_LIMIT = 526, // "CONFIG_SEC_CONN_W_STATE_LIMIT"
TOK_CONFIG_SEC_SENSOR_ID = 527, // "CONFIG_SEC_SENSOR_ID"
TOK_CONFIG_DIR_ARGS_LIMIT = 528, // "CONFIG_DIR_ARGS_LIMIT"
TOK_CONFIG_DIR_REQ_BODY_JSON_DEPTH_LIMIT = 529, // "CONFIG_DIR_REQ_BODY_JSON_DEPTH_LIMIT"
TOK_CONFIG_DIR_REQ_BODY = 530, // "CONFIG_DIR_REQ_BODY"
TOK_CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT = 531, // "CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT"
TOK_CONFIG_DIR_REQ_BODY_LIMIT = 532, // "CONFIG_DIR_REQ_BODY_LIMIT"
TOK_CONFIG_DIR_REQ_BODY_LIMIT_ACTION = 533, // "CONFIG_DIR_REQ_BODY_LIMIT_ACTION"
TOK_CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT = 534, // "CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT"
TOK_CONFIG_DIR_RES_BODY = 535, // "CONFIG_DIR_RES_BODY"
TOK_CONFIG_DIR_RES_BODY_LIMIT = 536, // "CONFIG_DIR_RES_BODY_LIMIT"
TOK_CONFIG_DIR_RES_BODY_LIMIT_ACTION = 537, // "CONFIG_DIR_RES_BODY_LIMIT_ACTION"
TOK_CONFIG_SEC_RULE_INHERITANCE = 538, // "CONFIG_SEC_RULE_INHERITANCE"
TOK_CONFIG_SEC_RULE_PERF_TIME = 539, // "CONFIG_SEC_RULE_PERF_TIME"
TOK_CONFIG_DIR_RULE_ENG = 540, // "CONFIG_DIR_RULE_ENG"
TOK_CONFIG_DIR_SEC_ACTION = 541, // "CONFIG_DIR_SEC_ACTION"
TOK_CONFIG_DIR_SEC_DEFAULT_ACTION = 542, // "CONFIG_DIR_SEC_DEFAULT_ACTION"
TOK_CONFIG_DIR_SEC_MARKER = 543, // "CONFIG_DIR_SEC_MARKER"
TOK_CONFIG_DIR_UNICODE_MAP_FILE = 544, // "CONFIG_DIR_UNICODE_MAP_FILE"
TOK_CONFIG_DIR_UNICODE_CODE_PAGE = 545, // "CONFIG_DIR_UNICODE_CODE_PAGE"
TOK_CONFIG_SEC_COLLECTION_TIMEOUT = 546, // "CONFIG_SEC_COLLECTION_TIMEOUT"
TOK_CONFIG_SEC_HTTP_BLKEY = 547, // "CONFIG_SEC_HTTP_BLKEY"
TOK_CONFIG_SEC_INTERCEPT_ON_ERROR = 548, // "CONFIG_SEC_INTERCEPT_ON_ERROR"
TOK_CONFIG_SEC_REMOTE_RULES_FAIL_ACTION = 549, // "CONFIG_SEC_REMOTE_RULES_FAIL_ACTION"
TOK_CONFIG_SEC_RULE_REMOVE_BY_ID = 550, // "CONFIG_SEC_RULE_REMOVE_BY_ID"
TOK_CONFIG_SEC_RULE_REMOVE_BY_MSG = 551, // "CONFIG_SEC_RULE_REMOVE_BY_MSG"
TOK_CONFIG_SEC_RULE_REMOVE_BY_TAG = 552, // "CONFIG_SEC_RULE_REMOVE_BY_TAG"
TOK_CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG = 553, // "CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG"
TOK_CONFIG_SEC_RULE_UPDATE_TARGET_BY_MSG = 554, // "CONFIG_SEC_RULE_UPDATE_TARGET_BY_MSG"
TOK_CONFIG_SEC_RULE_UPDATE_TARGET_BY_ID = 555, // "CONFIG_SEC_RULE_UPDATE_TARGET_BY_ID"
TOK_CONFIG_SEC_RULE_UPDATE_ACTION_BY_ID = 556, // "CONFIG_SEC_RULE_UPDATE_ACTION_BY_ID"
TOK_CONFIG_UPDLOAD_KEEP_FILES = 557, // "CONFIG_UPDLOAD_KEEP_FILES"
TOK_CONFIG_UPDLOAD_SAVE_TMP_FILES = 558, // "CONFIG_UPDLOAD_SAVE_TMP_FILES"
TOK_CONFIG_UPLOAD_DIR = 559, // "CONFIG_UPLOAD_DIR"
TOK_CONFIG_UPLOAD_FILE_LIMIT = 560, // "CONFIG_UPLOAD_FILE_LIMIT"
TOK_CONFIG_UPLOAD_FILE_MODE = 561, // "CONFIG_UPLOAD_FILE_MODE"
TOK_CONFIG_VALUE_ABORT = 562, // "CONFIG_VALUE_ABORT"
TOK_CONFIG_VALUE_DETC = 563, // "CONFIG_VALUE_DETC"
TOK_CONFIG_VALUE_HTTPS = 564, // "CONFIG_VALUE_HTTPS"
TOK_CONFIG_VALUE_ONLYARGS = 565, // "CONFIG_VALUE_ONLYARGS"
TOK_CONFIG_VALUE_OFF = 566, // "CONFIG_VALUE_OFF"
TOK_CONFIG_VALUE_ON = 567, // "CONFIG_VALUE_ON"
TOK_CONFIG_VALUE_PARALLEL = 568, // "CONFIG_VALUE_PARALLEL"
TOK_CONFIG_VALUE_PROCESS_PARTIAL = 569, // "CONFIG_VALUE_PROCESS_PARTIAL"
TOK_CONFIG_VALUE_REJECT = 570, // "CONFIG_VALUE_REJECT"
TOK_CONFIG_VALUE_RELEVANT_ONLY = 571, // "CONFIG_VALUE_RELEVANT_ONLY"
TOK_CONFIG_VALUE_SERIAL = 572, // "CONFIG_VALUE_SERIAL"
TOK_CONFIG_VALUE_WARN = 573, // "CONFIG_VALUE_WARN"
TOK_CONFIG_XML_EXTERNAL_ENTITY = 574, // "CONFIG_XML_EXTERNAL_ENTITY"
TOK_CONFIG_XML_PARSE_XML_INTO_ARGS = 575, // "CONFIG_XML_PARSE_XML_INTO_ARGS"
TOK_CONGIG_DIR_RESPONSE_BODY_MP = 576, // "CONGIG_DIR_RESPONSE_BODY_MP"
TOK_CONGIG_DIR_SEC_ARG_SEP = 577, // "CONGIG_DIR_SEC_ARG_SEP"
TOK_CONGIG_DIR_SEC_COOKIE_FORMAT = 578, // "CONGIG_DIR_SEC_COOKIE_FORMAT"
TOK_CONFIG_SEC_COOKIEV0_SEPARATOR = 579, // "CONFIG_SEC_COOKIEV0_SEPARATOR"
TOK_CONGIG_DIR_SEC_DATA_DIR = 580, // "CONGIG_DIR_SEC_DATA_DIR"
TOK_CONGIG_DIR_SEC_STATUS_ENGINE = 581, // "CONGIG_DIR_SEC_STATUS_ENGINE"
TOK_CONFIG_SEC_STREAM_IN_BODY_INSPECTION = 582, // "CONFIG_SEC_STREAM_IN_BODY_INSPECTION"
TOK_CONFIG_SEC_STREAM_OUT_BODY_INSPECTION = 583, // "CONFIG_SEC_STREAM_OUT_BODY_INSPECTION"
TOK_CONGIG_DIR_SEC_TMP_DIR = 584, // "CONGIG_DIR_SEC_TMP_DIR"
TOK_DIRECTIVE = 585, // "DIRECTIVE"
TOK_DIRECTIVE_SECRULESCRIPT = 586, // "DIRECTIVE_SECRULESCRIPT"
TOK_FREE_TEXT_QUOTE_MACRO_EXPANSION = 587, // "FREE_TEXT_QUOTE_MACRO_EXPANSION"
TOK_QUOTATION_MARK = 588, // "QUOTATION_MARK"
TOK_RUN_TIME_VAR_BLD = 589, // "RUN_TIME_VAR_BLD"
TOK_RUN_TIME_VAR_DUR = 590, // "RUN_TIME_VAR_DUR"
TOK_RUN_TIME_VAR_HSV = 591, // "RUN_TIME_VAR_HSV"
TOK_RUN_TIME_VAR_REMOTE_USER = 592, // "RUN_TIME_VAR_REMOTE_USER"
TOK_RUN_TIME_VAR_TIME = 593, // "RUN_TIME_VAR_TIME"
TOK_RUN_TIME_VAR_TIME_DAY = 594, // "RUN_TIME_VAR_TIME_DAY"
TOK_RUN_TIME_VAR_TIME_EPOCH = 595, // "RUN_TIME_VAR_TIME_EPOCH"
TOK_RUN_TIME_VAR_TIME_HOUR = 596, // "RUN_TIME_VAR_TIME_HOUR"
TOK_RUN_TIME_VAR_TIME_MIN = 597, // "RUN_TIME_VAR_TIME_MIN"
TOK_RUN_TIME_VAR_TIME_MON = 598, // "RUN_TIME_VAR_TIME_MON"
TOK_RUN_TIME_VAR_TIME_SEC = 599, // "RUN_TIME_VAR_TIME_SEC"
TOK_RUN_TIME_VAR_TIME_WDAY = 600, // "RUN_TIME_VAR_TIME_WDAY"
TOK_RUN_TIME_VAR_TIME_YEAR = 601, // "RUN_TIME_VAR_TIME_YEAR"
TOK_VARIABLE = 602, // "VARIABLE"
TOK_DICT_ELEMENT = 603, // "Dictionary element"
TOK_DICT_ELEMENT_WITH_EQUALS = 604, // "Dictionary element, with equals"
TOK_DICT_ELEMENT_REGEXP = 605 // "Dictionary element, selected by regexp"
TOK_CONFIG_DIR_AUDIT_PREFIX = 509, // "CONFIG_DIR_AUDIT_PREFIX"
TOK_CONFIG_DIR_AUDIT_TPE = 510, // "CONFIG_DIR_AUDIT_TPE"
TOK_CONFIG_DIR_DEBUG_LOG = 511, // "CONFIG_DIR_DEBUG_LOG"
TOK_CONFIG_DIR_DEBUG_LVL = 512, // "CONFIG_DIR_DEBUG_LVL"
TOK_CONFIG_SEC_CACHE_TRANSFORMATIONS = 513, // "CONFIG_SEC_CACHE_TRANSFORMATIONS"
TOK_CONFIG_SEC_DISABLE_BACKEND_COMPRESS = 514, // "CONFIG_SEC_DISABLE_BACKEND_COMPRESS"
TOK_CONFIG_SEC_HASH_ENGINE = 515, // "CONFIG_SEC_HASH_ENGINE"
TOK_CONFIG_SEC_HASH_KEY = 516, // "CONFIG_SEC_HASH_KEY"
TOK_CONFIG_SEC_HASH_PARAM = 517, // "CONFIG_SEC_HASH_PARAM"
TOK_CONFIG_SEC_HASH_METHOD_RX = 518, // "CONFIG_SEC_HASH_METHOD_RX"
TOK_CONFIG_SEC_HASH_METHOD_PM = 519, // "CONFIG_SEC_HASH_METHOD_PM"
TOK_CONFIG_SEC_CHROOT_DIR = 520, // "CONFIG_SEC_CHROOT_DIR"
TOK_CONFIG_DIR_GEO_DB = 521, // "CONFIG_DIR_GEO_DB"
TOK_CONFIG_DIR_GSB_DB = 522, // "CONFIG_DIR_GSB_DB"
TOK_CONFIG_SEC_GUARDIAN_LOG = 523, // "CONFIG_SEC_GUARDIAN_LOG"
TOK_CONFIG_DIR_PCRE_MATCH_LIMIT = 524, // "CONFIG_DIR_PCRE_MATCH_LIMIT"
TOK_CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION = 525, // "CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION"
TOK_CONFIG_SEC_CONN_R_STATE_LIMIT = 526, // "CONFIG_SEC_CONN_R_STATE_LIMIT"
TOK_CONFIG_SEC_CONN_W_STATE_LIMIT = 527, // "CONFIG_SEC_CONN_W_STATE_LIMIT"
TOK_CONFIG_SEC_SENSOR_ID = 528, // "CONFIG_SEC_SENSOR_ID"
TOK_CONFIG_DIR_ARGS_LIMIT = 529, // "CONFIG_DIR_ARGS_LIMIT"
TOK_CONFIG_DIR_REQ_BODY_JSON_DEPTH_LIMIT = 530, // "CONFIG_DIR_REQ_BODY_JSON_DEPTH_LIMIT"
TOK_CONFIG_DIR_REQ_BODY = 531, // "CONFIG_DIR_REQ_BODY"
TOK_CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT = 532, // "CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT"
TOK_CONFIG_DIR_REQ_BODY_LIMIT = 533, // "CONFIG_DIR_REQ_BODY_LIMIT"
TOK_CONFIG_DIR_REQ_BODY_LIMIT_ACTION = 534, // "CONFIG_DIR_REQ_BODY_LIMIT_ACTION"
TOK_CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT = 535, // "CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT"
TOK_CONFIG_DIR_RES_BODY = 536, // "CONFIG_DIR_RES_BODY"
TOK_CONFIG_DIR_RES_BODY_LIMIT = 537, // "CONFIG_DIR_RES_BODY_LIMIT"
TOK_CONFIG_DIR_RES_BODY_LIMIT_ACTION = 538, // "CONFIG_DIR_RES_BODY_LIMIT_ACTION"
TOK_CONFIG_SEC_RULE_INHERITANCE = 539, // "CONFIG_SEC_RULE_INHERITANCE"
TOK_CONFIG_SEC_RULE_PERF_TIME = 540, // "CONFIG_SEC_RULE_PERF_TIME"
TOK_CONFIG_DIR_RULE_ENG = 541, // "CONFIG_DIR_RULE_ENG"
TOK_CONFIG_DIR_SEC_ACTION = 542, // "CONFIG_DIR_SEC_ACTION"
TOK_CONFIG_DIR_SEC_DEFAULT_ACTION = 543, // "CONFIG_DIR_SEC_DEFAULT_ACTION"
TOK_CONFIG_DIR_SEC_MARKER = 544, // "CONFIG_DIR_SEC_MARKER"
TOK_CONFIG_DIR_UNICODE_MAP_FILE = 545, // "CONFIG_DIR_UNICODE_MAP_FILE"
TOK_CONFIG_DIR_UNICODE_CODE_PAGE = 546, // "CONFIG_DIR_UNICODE_CODE_PAGE"
TOK_CONFIG_SEC_COLLECTION_TIMEOUT = 547, // "CONFIG_SEC_COLLECTION_TIMEOUT"
TOK_CONFIG_SEC_HTTP_BLKEY = 548, // "CONFIG_SEC_HTTP_BLKEY"
TOK_CONFIG_SEC_INTERCEPT_ON_ERROR = 549, // "CONFIG_SEC_INTERCEPT_ON_ERROR"
TOK_CONFIG_SEC_REMOTE_RULES_FAIL_ACTION = 550, // "CONFIG_SEC_REMOTE_RULES_FAIL_ACTION"
TOK_CONFIG_SEC_RULE_REMOVE_BY_ID = 551, // "CONFIG_SEC_RULE_REMOVE_BY_ID"
TOK_CONFIG_SEC_RULE_REMOVE_BY_MSG = 552, // "CONFIG_SEC_RULE_REMOVE_BY_MSG"
TOK_CONFIG_SEC_RULE_REMOVE_BY_TAG = 553, // "CONFIG_SEC_RULE_REMOVE_BY_TAG"
TOK_CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG = 554, // "CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG"
TOK_CONFIG_SEC_RULE_UPDATE_TARGET_BY_MSG = 555, // "CONFIG_SEC_RULE_UPDATE_TARGET_BY_MSG"
TOK_CONFIG_SEC_RULE_UPDATE_TARGET_BY_ID = 556, // "CONFIG_SEC_RULE_UPDATE_TARGET_BY_ID"
TOK_CONFIG_SEC_RULE_UPDATE_ACTION_BY_ID = 557, // "CONFIG_SEC_RULE_UPDATE_ACTION_BY_ID"
TOK_CONFIG_UPDLOAD_KEEP_FILES = 558, // "CONFIG_UPDLOAD_KEEP_FILES"
TOK_CONFIG_UPDLOAD_SAVE_TMP_FILES = 559, // "CONFIG_UPDLOAD_SAVE_TMP_FILES"
TOK_CONFIG_UPLOAD_DIR = 560, // "CONFIG_UPLOAD_DIR"
TOK_CONFIG_UPLOAD_FILE_LIMIT = 561, // "CONFIG_UPLOAD_FILE_LIMIT"
TOK_CONFIG_UPLOAD_FILE_MODE = 562, // "CONFIG_UPLOAD_FILE_MODE"
TOK_CONFIG_VALUE_ABORT = 563, // "CONFIG_VALUE_ABORT"
TOK_CONFIG_VALUE_DETC = 564, // "CONFIG_VALUE_DETC"
TOK_CONFIG_VALUE_HTTPS = 565, // "CONFIG_VALUE_HTTPS"
TOK_CONFIG_VALUE_ONLYARGS = 566, // "CONFIG_VALUE_ONLYARGS"
TOK_CONFIG_VALUE_OFF = 567, // "CONFIG_VALUE_OFF"
TOK_CONFIG_VALUE_ON = 568, // "CONFIG_VALUE_ON"
TOK_CONFIG_VALUE_PARALLEL = 569, // "CONFIG_VALUE_PARALLEL"
TOK_CONFIG_VALUE_PROCESS_PARTIAL = 570, // "CONFIG_VALUE_PROCESS_PARTIAL"
TOK_CONFIG_VALUE_REJECT = 571, // "CONFIG_VALUE_REJECT"
TOK_CONFIG_VALUE_RELEVANT_ONLY = 572, // "CONFIG_VALUE_RELEVANT_ONLY"
TOK_CONFIG_VALUE_SERIAL = 573, // "CONFIG_VALUE_SERIAL"
TOK_CONFIG_VALUE_WARN = 574, // "CONFIG_VALUE_WARN"
TOK_CONFIG_XML_EXTERNAL_ENTITY = 575, // "CONFIG_XML_EXTERNAL_ENTITY"
TOK_CONFIG_XML_PARSE_XML_INTO_ARGS = 576, // "CONFIG_XML_PARSE_XML_INTO_ARGS"
TOK_CONGIG_DIR_RESPONSE_BODY_MP = 577, // "CONGIG_DIR_RESPONSE_BODY_MP"
TOK_CONGIG_DIR_SEC_ARG_SEP = 578, // "CONGIG_DIR_SEC_ARG_SEP"
TOK_CONGIG_DIR_SEC_COOKIE_FORMAT = 579, // "CONGIG_DIR_SEC_COOKIE_FORMAT"
TOK_CONFIG_SEC_COOKIEV0_SEPARATOR = 580, // "CONFIG_SEC_COOKIEV0_SEPARATOR"
TOK_CONGIG_DIR_SEC_DATA_DIR = 581, // "CONGIG_DIR_SEC_DATA_DIR"
TOK_CONGIG_DIR_SEC_STATUS_ENGINE = 582, // "CONGIG_DIR_SEC_STATUS_ENGINE"
TOK_CONFIG_SEC_STREAM_IN_BODY_INSPECTION = 583, // "CONFIG_SEC_STREAM_IN_BODY_INSPECTION"
TOK_CONFIG_SEC_STREAM_OUT_BODY_INSPECTION = 584, // "CONFIG_SEC_STREAM_OUT_BODY_INSPECTION"
TOK_CONGIG_DIR_SEC_TMP_DIR = 585, // "CONGIG_DIR_SEC_TMP_DIR"
TOK_DIRECTIVE = 586, // "DIRECTIVE"
TOK_DIRECTIVE_SECRULESCRIPT = 587, // "DIRECTIVE_SECRULESCRIPT"
TOK_FREE_TEXT_QUOTE_MACRO_EXPANSION = 588, // "FREE_TEXT_QUOTE_MACRO_EXPANSION"
TOK_QUOTATION_MARK = 589, // "QUOTATION_MARK"
TOK_RUN_TIME_VAR_BLD = 590, // "RUN_TIME_VAR_BLD"
TOK_RUN_TIME_VAR_DUR = 591, // "RUN_TIME_VAR_DUR"
TOK_RUN_TIME_VAR_HSV = 592, // "RUN_TIME_VAR_HSV"
TOK_RUN_TIME_VAR_REMOTE_USER = 593, // "RUN_TIME_VAR_REMOTE_USER"
TOK_RUN_TIME_VAR_TIME = 594, // "RUN_TIME_VAR_TIME"
TOK_RUN_TIME_VAR_TIME_DAY = 595, // "RUN_TIME_VAR_TIME_DAY"
TOK_RUN_TIME_VAR_TIME_EPOCH = 596, // "RUN_TIME_VAR_TIME_EPOCH"
TOK_RUN_TIME_VAR_TIME_HOUR = 597, // "RUN_TIME_VAR_TIME_HOUR"
TOK_RUN_TIME_VAR_TIME_MIN = 598, // "RUN_TIME_VAR_TIME_MIN"
TOK_RUN_TIME_VAR_TIME_MON = 599, // "RUN_TIME_VAR_TIME_MON"
TOK_RUN_TIME_VAR_TIME_SEC = 600, // "RUN_TIME_VAR_TIME_SEC"
TOK_RUN_TIME_VAR_TIME_WDAY = 601, // "RUN_TIME_VAR_TIME_WDAY"
TOK_RUN_TIME_VAR_TIME_YEAR = 602, // "RUN_TIME_VAR_TIME_YEAR"
TOK_VARIABLE = 603, // "VARIABLE"
TOK_DICT_ELEMENT = 604, // "Dictionary element"
TOK_DICT_ELEMENT_WITH_EQUALS = 605, // "Dictionary element, with equals"
TOK_DICT_ELEMENT_REGEXP = 606 // "Dictionary element, selected by regexp"
};
/// Backward compatibility alias (Bison 3.6).
typedef token_kind_type yytokentype;
@ -1357,7 +1359,7 @@ namespace yy {
{
enum symbol_kind_type
{
YYNTOKENS = 351, ///< Number of tokens.
YYNTOKENS = 352, ///< Number of tokens.
S_YYEMPTY = -2,
S_YYEOF = 0, // "end of file"
S_YYerror = 1, // error
@ -1613,119 +1615,120 @@ namespace yy {
S_CONFIG_DIR_AUDIT_LOG2 = 251, // "CONFIG_DIR_AUDIT_LOG2"
S_CONFIG_DIR_AUDIT_LOG_P = 252, // "CONFIG_DIR_AUDIT_LOG_P"
S_CONFIG_DIR_AUDIT_STS = 253, // "CONFIG_DIR_AUDIT_STS"
S_CONFIG_DIR_AUDIT_TPE = 254, // "CONFIG_DIR_AUDIT_TPE"
S_CONFIG_DIR_DEBUG_LOG = 255, // "CONFIG_DIR_DEBUG_LOG"
S_CONFIG_DIR_DEBUG_LVL = 256, // "CONFIG_DIR_DEBUG_LVL"
S_CONFIG_SEC_CACHE_TRANSFORMATIONS = 257, // "CONFIG_SEC_CACHE_TRANSFORMATIONS"
S_CONFIG_SEC_DISABLE_BACKEND_COMPRESS = 258, // "CONFIG_SEC_DISABLE_BACKEND_COMPRESS"
S_CONFIG_SEC_HASH_ENGINE = 259, // "CONFIG_SEC_HASH_ENGINE"
S_CONFIG_SEC_HASH_KEY = 260, // "CONFIG_SEC_HASH_KEY"
S_CONFIG_SEC_HASH_PARAM = 261, // "CONFIG_SEC_HASH_PARAM"
S_CONFIG_SEC_HASH_METHOD_RX = 262, // "CONFIG_SEC_HASH_METHOD_RX"
S_CONFIG_SEC_HASH_METHOD_PM = 263, // "CONFIG_SEC_HASH_METHOD_PM"
S_CONFIG_SEC_CHROOT_DIR = 264, // "CONFIG_SEC_CHROOT_DIR"
S_CONFIG_DIR_GEO_DB = 265, // "CONFIG_DIR_GEO_DB"
S_CONFIG_DIR_GSB_DB = 266, // "CONFIG_DIR_GSB_DB"
S_CONFIG_SEC_GUARDIAN_LOG = 267, // "CONFIG_SEC_GUARDIAN_LOG"
S_CONFIG_DIR_PCRE_MATCH_LIMIT = 268, // "CONFIG_DIR_PCRE_MATCH_LIMIT"
S_CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION = 269, // "CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION"
S_CONFIG_SEC_CONN_R_STATE_LIMIT = 270, // "CONFIG_SEC_CONN_R_STATE_LIMIT"
S_CONFIG_SEC_CONN_W_STATE_LIMIT = 271, // "CONFIG_SEC_CONN_W_STATE_LIMIT"
S_CONFIG_SEC_SENSOR_ID = 272, // "CONFIG_SEC_SENSOR_ID"
S_CONFIG_DIR_ARGS_LIMIT = 273, // "CONFIG_DIR_ARGS_LIMIT"
S_CONFIG_DIR_REQ_BODY_JSON_DEPTH_LIMIT = 274, // "CONFIG_DIR_REQ_BODY_JSON_DEPTH_LIMIT"
S_CONFIG_DIR_REQ_BODY = 275, // "CONFIG_DIR_REQ_BODY"
S_CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT = 276, // "CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT"
S_CONFIG_DIR_REQ_BODY_LIMIT = 277, // "CONFIG_DIR_REQ_BODY_LIMIT"
S_CONFIG_DIR_REQ_BODY_LIMIT_ACTION = 278, // "CONFIG_DIR_REQ_BODY_LIMIT_ACTION"
S_CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT = 279, // "CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT"
S_CONFIG_DIR_RES_BODY = 280, // "CONFIG_DIR_RES_BODY"
S_CONFIG_DIR_RES_BODY_LIMIT = 281, // "CONFIG_DIR_RES_BODY_LIMIT"
S_CONFIG_DIR_RES_BODY_LIMIT_ACTION = 282, // "CONFIG_DIR_RES_BODY_LIMIT_ACTION"
S_CONFIG_SEC_RULE_INHERITANCE = 283, // "CONFIG_SEC_RULE_INHERITANCE"
S_CONFIG_SEC_RULE_PERF_TIME = 284, // "CONFIG_SEC_RULE_PERF_TIME"
S_CONFIG_DIR_RULE_ENG = 285, // "CONFIG_DIR_RULE_ENG"
S_CONFIG_DIR_SEC_ACTION = 286, // "CONFIG_DIR_SEC_ACTION"
S_CONFIG_DIR_SEC_DEFAULT_ACTION = 287, // "CONFIG_DIR_SEC_DEFAULT_ACTION"
S_CONFIG_DIR_SEC_MARKER = 288, // "CONFIG_DIR_SEC_MARKER"
S_CONFIG_DIR_UNICODE_MAP_FILE = 289, // "CONFIG_DIR_UNICODE_MAP_FILE"
S_CONFIG_DIR_UNICODE_CODE_PAGE = 290, // "CONFIG_DIR_UNICODE_CODE_PAGE"
S_CONFIG_SEC_COLLECTION_TIMEOUT = 291, // "CONFIG_SEC_COLLECTION_TIMEOUT"
S_CONFIG_SEC_HTTP_BLKEY = 292, // "CONFIG_SEC_HTTP_BLKEY"
S_CONFIG_SEC_INTERCEPT_ON_ERROR = 293, // "CONFIG_SEC_INTERCEPT_ON_ERROR"
S_CONFIG_SEC_REMOTE_RULES_FAIL_ACTION = 294, // "CONFIG_SEC_REMOTE_RULES_FAIL_ACTION"
S_CONFIG_SEC_RULE_REMOVE_BY_ID = 295, // "CONFIG_SEC_RULE_REMOVE_BY_ID"
S_CONFIG_SEC_RULE_REMOVE_BY_MSG = 296, // "CONFIG_SEC_RULE_REMOVE_BY_MSG"
S_CONFIG_SEC_RULE_REMOVE_BY_TAG = 297, // "CONFIG_SEC_RULE_REMOVE_BY_TAG"
S_CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG = 298, // "CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG"
S_CONFIG_SEC_RULE_UPDATE_TARGET_BY_MSG = 299, // "CONFIG_SEC_RULE_UPDATE_TARGET_BY_MSG"
S_CONFIG_SEC_RULE_UPDATE_TARGET_BY_ID = 300, // "CONFIG_SEC_RULE_UPDATE_TARGET_BY_ID"
S_CONFIG_SEC_RULE_UPDATE_ACTION_BY_ID = 301, // "CONFIG_SEC_RULE_UPDATE_ACTION_BY_ID"
S_CONFIG_UPDLOAD_KEEP_FILES = 302, // "CONFIG_UPDLOAD_KEEP_FILES"
S_CONFIG_UPDLOAD_SAVE_TMP_FILES = 303, // "CONFIG_UPDLOAD_SAVE_TMP_FILES"
S_CONFIG_UPLOAD_DIR = 304, // "CONFIG_UPLOAD_DIR"
S_CONFIG_UPLOAD_FILE_LIMIT = 305, // "CONFIG_UPLOAD_FILE_LIMIT"
S_CONFIG_UPLOAD_FILE_MODE = 306, // "CONFIG_UPLOAD_FILE_MODE"
S_CONFIG_VALUE_ABORT = 307, // "CONFIG_VALUE_ABORT"
S_CONFIG_VALUE_DETC = 308, // "CONFIG_VALUE_DETC"
S_CONFIG_VALUE_HTTPS = 309, // "CONFIG_VALUE_HTTPS"
S_CONFIG_VALUE_ONLYARGS = 310, // "CONFIG_VALUE_ONLYARGS"
S_CONFIG_VALUE_OFF = 311, // "CONFIG_VALUE_OFF"
S_CONFIG_VALUE_ON = 312, // "CONFIG_VALUE_ON"
S_CONFIG_VALUE_PARALLEL = 313, // "CONFIG_VALUE_PARALLEL"
S_CONFIG_VALUE_PROCESS_PARTIAL = 314, // "CONFIG_VALUE_PROCESS_PARTIAL"
S_CONFIG_VALUE_REJECT = 315, // "CONFIG_VALUE_REJECT"
S_CONFIG_VALUE_RELEVANT_ONLY = 316, // "CONFIG_VALUE_RELEVANT_ONLY"
S_CONFIG_VALUE_SERIAL = 317, // "CONFIG_VALUE_SERIAL"
S_CONFIG_VALUE_WARN = 318, // "CONFIG_VALUE_WARN"
S_CONFIG_XML_EXTERNAL_ENTITY = 319, // "CONFIG_XML_EXTERNAL_ENTITY"
S_CONFIG_XML_PARSE_XML_INTO_ARGS = 320, // "CONFIG_XML_PARSE_XML_INTO_ARGS"
S_CONGIG_DIR_RESPONSE_BODY_MP = 321, // "CONGIG_DIR_RESPONSE_BODY_MP"
S_CONGIG_DIR_SEC_ARG_SEP = 322, // "CONGIG_DIR_SEC_ARG_SEP"
S_CONGIG_DIR_SEC_COOKIE_FORMAT = 323, // "CONGIG_DIR_SEC_COOKIE_FORMAT"
S_CONFIG_SEC_COOKIEV0_SEPARATOR = 324, // "CONFIG_SEC_COOKIEV0_SEPARATOR"
S_CONGIG_DIR_SEC_DATA_DIR = 325, // "CONGIG_DIR_SEC_DATA_DIR"
S_CONGIG_DIR_SEC_STATUS_ENGINE = 326, // "CONGIG_DIR_SEC_STATUS_ENGINE"
S_CONFIG_SEC_STREAM_IN_BODY_INSPECTION = 327, // "CONFIG_SEC_STREAM_IN_BODY_INSPECTION"
S_CONFIG_SEC_STREAM_OUT_BODY_INSPECTION = 328, // "CONFIG_SEC_STREAM_OUT_BODY_INSPECTION"
S_CONGIG_DIR_SEC_TMP_DIR = 329, // "CONGIG_DIR_SEC_TMP_DIR"
S_DIRECTIVE = 330, // "DIRECTIVE"
S_DIRECTIVE_SECRULESCRIPT = 331, // "DIRECTIVE_SECRULESCRIPT"
S_FREE_TEXT_QUOTE_MACRO_EXPANSION = 332, // "FREE_TEXT_QUOTE_MACRO_EXPANSION"
S_QUOTATION_MARK = 333, // "QUOTATION_MARK"
S_RUN_TIME_VAR_BLD = 334, // "RUN_TIME_VAR_BLD"
S_RUN_TIME_VAR_DUR = 335, // "RUN_TIME_VAR_DUR"
S_RUN_TIME_VAR_HSV = 336, // "RUN_TIME_VAR_HSV"
S_RUN_TIME_VAR_REMOTE_USER = 337, // "RUN_TIME_VAR_REMOTE_USER"
S_RUN_TIME_VAR_TIME = 338, // "RUN_TIME_VAR_TIME"
S_RUN_TIME_VAR_TIME_DAY = 339, // "RUN_TIME_VAR_TIME_DAY"
S_RUN_TIME_VAR_TIME_EPOCH = 340, // "RUN_TIME_VAR_TIME_EPOCH"
S_RUN_TIME_VAR_TIME_HOUR = 341, // "RUN_TIME_VAR_TIME_HOUR"
S_RUN_TIME_VAR_TIME_MIN = 342, // "RUN_TIME_VAR_TIME_MIN"
S_RUN_TIME_VAR_TIME_MON = 343, // "RUN_TIME_VAR_TIME_MON"
S_RUN_TIME_VAR_TIME_SEC = 344, // "RUN_TIME_VAR_TIME_SEC"
S_RUN_TIME_VAR_TIME_WDAY = 345, // "RUN_TIME_VAR_TIME_WDAY"
S_RUN_TIME_VAR_TIME_YEAR = 346, // "RUN_TIME_VAR_TIME_YEAR"
S_VARIABLE = 347, // "VARIABLE"
S_DICT_ELEMENT = 348, // "Dictionary element"
S_DICT_ELEMENT_WITH_EQUALS = 349, // "Dictionary element, with equals"
S_DICT_ELEMENT_REGEXP = 350, // "Dictionary element, selected by regexp"
S_YYACCEPT = 351, // $accept
S_input = 352, // input
S_line = 353, // line
S_audit_log = 354, // audit_log
S_actions = 355, // actions
S_actions_may_quoted = 356, // actions_may_quoted
S_op = 357, // op
S_op_before_init = 358, // op_before_init
S_expression = 359, // expression
S_variables = 360, // variables
S_variables_pre_process = 361, // variables_pre_process
S_variables_may_be_quoted = 362, // variables_may_be_quoted
S_var = 363, // var
S_act = 364, // act
S_setvar_action = 365, // setvar_action
S_run_time_string = 366 // run_time_string
S_CONFIG_DIR_AUDIT_PREFIX = 254, // "CONFIG_DIR_AUDIT_PREFIX"
S_CONFIG_DIR_AUDIT_TPE = 255, // "CONFIG_DIR_AUDIT_TPE"
S_CONFIG_DIR_DEBUG_LOG = 256, // "CONFIG_DIR_DEBUG_LOG"
S_CONFIG_DIR_DEBUG_LVL = 257, // "CONFIG_DIR_DEBUG_LVL"
S_CONFIG_SEC_CACHE_TRANSFORMATIONS = 258, // "CONFIG_SEC_CACHE_TRANSFORMATIONS"
S_CONFIG_SEC_DISABLE_BACKEND_COMPRESS = 259, // "CONFIG_SEC_DISABLE_BACKEND_COMPRESS"
S_CONFIG_SEC_HASH_ENGINE = 260, // "CONFIG_SEC_HASH_ENGINE"
S_CONFIG_SEC_HASH_KEY = 261, // "CONFIG_SEC_HASH_KEY"
S_CONFIG_SEC_HASH_PARAM = 262, // "CONFIG_SEC_HASH_PARAM"
S_CONFIG_SEC_HASH_METHOD_RX = 263, // "CONFIG_SEC_HASH_METHOD_RX"
S_CONFIG_SEC_HASH_METHOD_PM = 264, // "CONFIG_SEC_HASH_METHOD_PM"
S_CONFIG_SEC_CHROOT_DIR = 265, // "CONFIG_SEC_CHROOT_DIR"
S_CONFIG_DIR_GEO_DB = 266, // "CONFIG_DIR_GEO_DB"
S_CONFIG_DIR_GSB_DB = 267, // "CONFIG_DIR_GSB_DB"
S_CONFIG_SEC_GUARDIAN_LOG = 268, // "CONFIG_SEC_GUARDIAN_LOG"
S_CONFIG_DIR_PCRE_MATCH_LIMIT = 269, // "CONFIG_DIR_PCRE_MATCH_LIMIT"
S_CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION = 270, // "CONFIG_DIR_PCRE_MATCH_LIMIT_RECURSION"
S_CONFIG_SEC_CONN_R_STATE_LIMIT = 271, // "CONFIG_SEC_CONN_R_STATE_LIMIT"
S_CONFIG_SEC_CONN_W_STATE_LIMIT = 272, // "CONFIG_SEC_CONN_W_STATE_LIMIT"
S_CONFIG_SEC_SENSOR_ID = 273, // "CONFIG_SEC_SENSOR_ID"
S_CONFIG_DIR_ARGS_LIMIT = 274, // "CONFIG_DIR_ARGS_LIMIT"
S_CONFIG_DIR_REQ_BODY_JSON_DEPTH_LIMIT = 275, // "CONFIG_DIR_REQ_BODY_JSON_DEPTH_LIMIT"
S_CONFIG_DIR_REQ_BODY = 276, // "CONFIG_DIR_REQ_BODY"
S_CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT = 277, // "CONFIG_DIR_REQ_BODY_IN_MEMORY_LIMIT"
S_CONFIG_DIR_REQ_BODY_LIMIT = 278, // "CONFIG_DIR_REQ_BODY_LIMIT"
S_CONFIG_DIR_REQ_BODY_LIMIT_ACTION = 279, // "CONFIG_DIR_REQ_BODY_LIMIT_ACTION"
S_CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT = 280, // "CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT"
S_CONFIG_DIR_RES_BODY = 281, // "CONFIG_DIR_RES_BODY"
S_CONFIG_DIR_RES_BODY_LIMIT = 282, // "CONFIG_DIR_RES_BODY_LIMIT"
S_CONFIG_DIR_RES_BODY_LIMIT_ACTION = 283, // "CONFIG_DIR_RES_BODY_LIMIT_ACTION"
S_CONFIG_SEC_RULE_INHERITANCE = 284, // "CONFIG_SEC_RULE_INHERITANCE"
S_CONFIG_SEC_RULE_PERF_TIME = 285, // "CONFIG_SEC_RULE_PERF_TIME"
S_CONFIG_DIR_RULE_ENG = 286, // "CONFIG_DIR_RULE_ENG"
S_CONFIG_DIR_SEC_ACTION = 287, // "CONFIG_DIR_SEC_ACTION"
S_CONFIG_DIR_SEC_DEFAULT_ACTION = 288, // "CONFIG_DIR_SEC_DEFAULT_ACTION"
S_CONFIG_DIR_SEC_MARKER = 289, // "CONFIG_DIR_SEC_MARKER"
S_CONFIG_DIR_UNICODE_MAP_FILE = 290, // "CONFIG_DIR_UNICODE_MAP_FILE"
S_CONFIG_DIR_UNICODE_CODE_PAGE = 291, // "CONFIG_DIR_UNICODE_CODE_PAGE"
S_CONFIG_SEC_COLLECTION_TIMEOUT = 292, // "CONFIG_SEC_COLLECTION_TIMEOUT"
S_CONFIG_SEC_HTTP_BLKEY = 293, // "CONFIG_SEC_HTTP_BLKEY"
S_CONFIG_SEC_INTERCEPT_ON_ERROR = 294, // "CONFIG_SEC_INTERCEPT_ON_ERROR"
S_CONFIG_SEC_REMOTE_RULES_FAIL_ACTION = 295, // "CONFIG_SEC_REMOTE_RULES_FAIL_ACTION"
S_CONFIG_SEC_RULE_REMOVE_BY_ID = 296, // "CONFIG_SEC_RULE_REMOVE_BY_ID"
S_CONFIG_SEC_RULE_REMOVE_BY_MSG = 297, // "CONFIG_SEC_RULE_REMOVE_BY_MSG"
S_CONFIG_SEC_RULE_REMOVE_BY_TAG = 298, // "CONFIG_SEC_RULE_REMOVE_BY_TAG"
S_CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG = 299, // "CONFIG_SEC_RULE_UPDATE_TARGET_BY_TAG"
S_CONFIG_SEC_RULE_UPDATE_TARGET_BY_MSG = 300, // "CONFIG_SEC_RULE_UPDATE_TARGET_BY_MSG"
S_CONFIG_SEC_RULE_UPDATE_TARGET_BY_ID = 301, // "CONFIG_SEC_RULE_UPDATE_TARGET_BY_ID"
S_CONFIG_SEC_RULE_UPDATE_ACTION_BY_ID = 302, // "CONFIG_SEC_RULE_UPDATE_ACTION_BY_ID"
S_CONFIG_UPDLOAD_KEEP_FILES = 303, // "CONFIG_UPDLOAD_KEEP_FILES"
S_CONFIG_UPDLOAD_SAVE_TMP_FILES = 304, // "CONFIG_UPDLOAD_SAVE_TMP_FILES"
S_CONFIG_UPLOAD_DIR = 305, // "CONFIG_UPLOAD_DIR"
S_CONFIG_UPLOAD_FILE_LIMIT = 306, // "CONFIG_UPLOAD_FILE_LIMIT"
S_CONFIG_UPLOAD_FILE_MODE = 307, // "CONFIG_UPLOAD_FILE_MODE"
S_CONFIG_VALUE_ABORT = 308, // "CONFIG_VALUE_ABORT"
S_CONFIG_VALUE_DETC = 309, // "CONFIG_VALUE_DETC"
S_CONFIG_VALUE_HTTPS = 310, // "CONFIG_VALUE_HTTPS"
S_CONFIG_VALUE_ONLYARGS = 311, // "CONFIG_VALUE_ONLYARGS"
S_CONFIG_VALUE_OFF = 312, // "CONFIG_VALUE_OFF"
S_CONFIG_VALUE_ON = 313, // "CONFIG_VALUE_ON"
S_CONFIG_VALUE_PARALLEL = 314, // "CONFIG_VALUE_PARALLEL"
S_CONFIG_VALUE_PROCESS_PARTIAL = 315, // "CONFIG_VALUE_PROCESS_PARTIAL"
S_CONFIG_VALUE_REJECT = 316, // "CONFIG_VALUE_REJECT"
S_CONFIG_VALUE_RELEVANT_ONLY = 317, // "CONFIG_VALUE_RELEVANT_ONLY"
S_CONFIG_VALUE_SERIAL = 318, // "CONFIG_VALUE_SERIAL"
S_CONFIG_VALUE_WARN = 319, // "CONFIG_VALUE_WARN"
S_CONFIG_XML_EXTERNAL_ENTITY = 320, // "CONFIG_XML_EXTERNAL_ENTITY"
S_CONFIG_XML_PARSE_XML_INTO_ARGS = 321, // "CONFIG_XML_PARSE_XML_INTO_ARGS"
S_CONGIG_DIR_RESPONSE_BODY_MP = 322, // "CONGIG_DIR_RESPONSE_BODY_MP"
S_CONGIG_DIR_SEC_ARG_SEP = 323, // "CONGIG_DIR_SEC_ARG_SEP"
S_CONGIG_DIR_SEC_COOKIE_FORMAT = 324, // "CONGIG_DIR_SEC_COOKIE_FORMAT"
S_CONFIG_SEC_COOKIEV0_SEPARATOR = 325, // "CONFIG_SEC_COOKIEV0_SEPARATOR"
S_CONGIG_DIR_SEC_DATA_DIR = 326, // "CONGIG_DIR_SEC_DATA_DIR"
S_CONGIG_DIR_SEC_STATUS_ENGINE = 327, // "CONGIG_DIR_SEC_STATUS_ENGINE"
S_CONFIG_SEC_STREAM_IN_BODY_INSPECTION = 328, // "CONFIG_SEC_STREAM_IN_BODY_INSPECTION"
S_CONFIG_SEC_STREAM_OUT_BODY_INSPECTION = 329, // "CONFIG_SEC_STREAM_OUT_BODY_INSPECTION"
S_CONGIG_DIR_SEC_TMP_DIR = 330, // "CONGIG_DIR_SEC_TMP_DIR"
S_DIRECTIVE = 331, // "DIRECTIVE"
S_DIRECTIVE_SECRULESCRIPT = 332, // "DIRECTIVE_SECRULESCRIPT"
S_FREE_TEXT_QUOTE_MACRO_EXPANSION = 333, // "FREE_TEXT_QUOTE_MACRO_EXPANSION"
S_QUOTATION_MARK = 334, // "QUOTATION_MARK"
S_RUN_TIME_VAR_BLD = 335, // "RUN_TIME_VAR_BLD"
S_RUN_TIME_VAR_DUR = 336, // "RUN_TIME_VAR_DUR"
S_RUN_TIME_VAR_HSV = 337, // "RUN_TIME_VAR_HSV"
S_RUN_TIME_VAR_REMOTE_USER = 338, // "RUN_TIME_VAR_REMOTE_USER"
S_RUN_TIME_VAR_TIME = 339, // "RUN_TIME_VAR_TIME"
S_RUN_TIME_VAR_TIME_DAY = 340, // "RUN_TIME_VAR_TIME_DAY"
S_RUN_TIME_VAR_TIME_EPOCH = 341, // "RUN_TIME_VAR_TIME_EPOCH"
S_RUN_TIME_VAR_TIME_HOUR = 342, // "RUN_TIME_VAR_TIME_HOUR"
S_RUN_TIME_VAR_TIME_MIN = 343, // "RUN_TIME_VAR_TIME_MIN"
S_RUN_TIME_VAR_TIME_MON = 344, // "RUN_TIME_VAR_TIME_MON"
S_RUN_TIME_VAR_TIME_SEC = 345, // "RUN_TIME_VAR_TIME_SEC"
S_RUN_TIME_VAR_TIME_WDAY = 346, // "RUN_TIME_VAR_TIME_WDAY"
S_RUN_TIME_VAR_TIME_YEAR = 347, // "RUN_TIME_VAR_TIME_YEAR"
S_VARIABLE = 348, // "VARIABLE"
S_DICT_ELEMENT = 349, // "Dictionary element"
S_DICT_ELEMENT_WITH_EQUALS = 350, // "Dictionary element, with equals"
S_DICT_ELEMENT_REGEXP = 351, // "Dictionary element, selected by regexp"
S_YYACCEPT = 352, // $accept
S_input = 353, // input
S_line = 354, // line
S_audit_log = 355, // audit_log
S_actions = 356, // actions
S_actions_may_quoted = 357, // actions_may_quoted
S_op = 358, // op
S_op_before_init = 359, // op_before_init
S_expression = 360, // expression
S_variables = 361, // variables
S_variables_pre_process = 362, // variables_pre_process
S_variables_may_be_quoted = 363, // variables_may_be_quoted
S_var = 364, // var
S_act = 365, // act
S_setvar_action = 366, // setvar_action
S_run_time_string = 367 // run_time_string
};
};
@ -1867,6 +1870,7 @@ namespace yy {
case symbol_kind::S_CONFIG_DIR_AUDIT_LOG2: // "CONFIG_DIR_AUDIT_LOG2"
case symbol_kind::S_CONFIG_DIR_AUDIT_LOG_P: // "CONFIG_DIR_AUDIT_LOG_P"
case symbol_kind::S_CONFIG_DIR_AUDIT_STS: // "CONFIG_DIR_AUDIT_STS"
case symbol_kind::S_CONFIG_DIR_AUDIT_PREFIX: // "CONFIG_DIR_AUDIT_PREFIX"
case symbol_kind::S_CONFIG_DIR_AUDIT_TPE: // "CONFIG_DIR_AUDIT_TPE"
case symbol_kind::S_CONFIG_DIR_DEBUG_LOG: // "CONFIG_DIR_DEBUG_LOG"
case symbol_kind::S_CONFIG_DIR_DEBUG_LVL: // "CONFIG_DIR_DEBUG_LVL"
@ -2246,6 +2250,7 @@ switch (yykind)
case symbol_kind::S_CONFIG_DIR_AUDIT_LOG2: // "CONFIG_DIR_AUDIT_LOG2"
case symbol_kind::S_CONFIG_DIR_AUDIT_LOG_P: // "CONFIG_DIR_AUDIT_LOG_P"
case symbol_kind::S_CONFIG_DIR_AUDIT_STS: // "CONFIG_DIR_AUDIT_STS"
case symbol_kind::S_CONFIG_DIR_AUDIT_PREFIX: // "CONFIG_DIR_AUDIT_PREFIX"
case symbol_kind::S_CONFIG_DIR_AUDIT_TPE: // "CONFIG_DIR_AUDIT_TPE"
case symbol_kind::S_CONFIG_DIR_DEBUG_LOG: // "CONFIG_DIR_DEBUG_LOG"
case symbol_kind::S_CONFIG_DIR_DEBUG_LVL: // "CONFIG_DIR_DEBUG_LVL"
@ -6346,6 +6351,21 @@ switch (yykind)
return symbol_type (token::TOK_CONFIG_DIR_AUDIT_STS, v, l);
}
#endif
#if 201103L <= YY_CPLUSPLUS
static
symbol_type
make_CONFIG_DIR_AUDIT_PREFIX (std::string v, location_type l)
{
return symbol_type (token::TOK_CONFIG_DIR_AUDIT_PREFIX, std::move (v), std::move (l));
}
#else
static
symbol_type
make_CONFIG_DIR_AUDIT_PREFIX (const std::string& v, const location_type& l)
{
return symbol_type (token::TOK_CONFIG_DIR_AUDIT_PREFIX, v, l);
}
#endif
#if 201103L <= YY_CPLUSPLUS
static
symbol_type
@ -8131,9 +8151,9 @@ switch (yykind)
/// Constants.
enum
{
yylast_ = 3418, ///< Last index in yytable_.
yylast_ = 3409, ///< Last index in yytable_.
yynnts_ = 16, ///< Number of nonterminal symbols.
yyfinal_ = 346 ///< Termination state number.
yyfinal_ = 347 ///< Termination state number.
};
@ -8212,10 +8232,10 @@ switch (yykind)
315, 316, 317, 318, 319, 320, 321, 322, 323, 324,
325, 326, 327, 328, 329, 330, 331, 332, 333, 334,
335, 336, 337, 338, 339, 340, 341, 342, 343, 344,
345, 346, 347, 348, 349, 350
345, 346, 347, 348, 349, 350, 351
};
// Last valid token kind.
const int code_max = 605;
const int code_max = 606;
if (t <= 0)
return symbol_kind::S_YYEOF;
@ -8339,6 +8359,7 @@ switch (yykind)
case symbol_kind::S_CONFIG_DIR_AUDIT_LOG2: // "CONFIG_DIR_AUDIT_LOG2"
case symbol_kind::S_CONFIG_DIR_AUDIT_LOG_P: // "CONFIG_DIR_AUDIT_LOG_P"
case symbol_kind::S_CONFIG_DIR_AUDIT_STS: // "CONFIG_DIR_AUDIT_STS"
case symbol_kind::S_CONFIG_DIR_AUDIT_PREFIX: // "CONFIG_DIR_AUDIT_PREFIX"
case symbol_kind::S_CONFIG_DIR_AUDIT_TPE: // "CONFIG_DIR_AUDIT_TPE"
case symbol_kind::S_CONFIG_DIR_DEBUG_LOG: // "CONFIG_DIR_DEBUG_LOG"
case symbol_kind::S_CONFIG_DIR_DEBUG_LVL: // "CONFIG_DIR_DEBUG_LVL"
@ -8604,6 +8625,7 @@ switch (yykind)
case symbol_kind::S_CONFIG_DIR_AUDIT_LOG2: // "CONFIG_DIR_AUDIT_LOG2"
case symbol_kind::S_CONFIG_DIR_AUDIT_LOG_P: // "CONFIG_DIR_AUDIT_LOG_P"
case symbol_kind::S_CONFIG_DIR_AUDIT_STS: // "CONFIG_DIR_AUDIT_STS"
case symbol_kind::S_CONFIG_DIR_AUDIT_PREFIX: // "CONFIG_DIR_AUDIT_PREFIX"
case symbol_kind::S_CONFIG_DIR_AUDIT_TPE: // "CONFIG_DIR_AUDIT_TPE"
case symbol_kind::S_CONFIG_DIR_DEBUG_LOG: // "CONFIG_DIR_DEBUG_LOG"
case symbol_kind::S_CONFIG_DIR_DEBUG_LVL: // "CONFIG_DIR_DEBUG_LVL"
@ -8799,7 +8821,7 @@ switch (yykind)
} // yy
#line 8803 "seclang-parser.hh"
#line 8825 "seclang-parser.hh"

8
src/parser/seclang-parser.yy
View File

@ -595,6 +595,7 @@ using namespace modsecurity::operators;
CONFIG_DIR_AUDIT_LOG2 "CONFIG_DIR_AUDIT_LOG2"
CONFIG_DIR_AUDIT_LOG_P "CONFIG_DIR_AUDIT_LOG_P"
CONFIG_DIR_AUDIT_STS "CONFIG_DIR_AUDIT_STS"
CONFIG_DIR_AUDIT_PREFIX "CONFIG_DIR_AUDIT_PREFIX"
CONFIG_DIR_AUDIT_TPE "CONFIG_DIR_AUDIT_TPE"
CONFIG_DIR_DEBUG_LOG "CONFIG_DIR_DEBUG_LOG"
CONFIG_DIR_DEBUG_LVL "CONFIG_DIR_DEBUG_LVL"
@ -801,6 +802,13 @@ audit_log:
driver.m_auditLog->setRelevantStatus(relevant_status);
}
/* SecAuditLogPrefix */
| CONFIG_DIR_AUDIT_PREFIX
{
std::string prefix($1);
driver.m_auditLog->setPrefix(prefix);
}
/* SecAuditLogType */
| CONFIG_DIR_AUDIT_TPE CONFIG_VALUE_SERIAL
{

7349
src/parser/seclang-scanner.cc
View File

File diff suppressed because it is too large Load Diff

3
src/parser/seclang-scanner.ll
View File

@ -346,6 +346,7 @@ CONFIG_DIR_AUDIT_FLE_MOD (?i:SecAuditLogFileMode)
CONFIG_DIR_AUDIT_LOG2 (?i:SecAuditLog2)
CONFIG_DIR_AUDIT_LOG (?i:SecAuditLog)
CONFIG_DIR_AUDIT_LOG_FMT (?i:SecAuditLogFormat)
CONFIG_DIR_AUDIT_PREFIX (?i:SecAuditLogPrefix)
CONFIG_DIR_AUDIT_LOG_P (?i:SecAuditLogParts)
CONFIG_DIR_AUDIT_STS (?i:SecAuditLogRelevantStatus)
CONFIG_DIR_AUDIT_TPE (?i:SecAuditLogType)
@ -764,6 +765,8 @@ EQUALS_MINUS (?i:=\-)
{CONFIG_DIR_AUDIT_LOG}[ \t]+["]{CONFIG_VALUE_PATH}["] { return p::make_CONFIG_DIR_AUDIT_LOG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_DIR_AUDIT_STS}[ \t]+{FREE_TEXT_NEW_LINE} { return p::make_CONFIG_DIR_AUDIT_STS(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_DIR_AUDIT_STS}[ \t]+["]{NEW_LINE_FREE_TEXT}["] { return p::make_CONFIG_DIR_AUDIT_STS(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_DIR_AUDIT_PREFIX}[ \t]+{FREE_TEXT_NEW_LINE} { return p::make_CONFIG_DIR_AUDIT_PREFIX(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_DIR_AUDIT_PREFIX}[ \t]+["]{FREE_TEXT_NEW_LINE}["] { return p::make_CONFIG_DIR_AUDIT_PREFIX(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
{CONFIG_DIR_AUDIT_TPE} { return p::make_CONFIG_DIR_AUDIT_TPE(yytext, *driver.loc.back()); }

56
src/transaction.cc
View File

@ -1452,7 +1452,7 @@ std::string Transaction::toOldAuditLogFormatIndex(const std::string &filename,
std::string Transaction::toOldAuditLogFormat(int parts,
const std::string &trailer) {
const std::string &trailer, const std::string &prefix) {
std::stringstream audit_log;
struct tm timeinfo;
@ -1461,7 +1461,8 @@ std::string Transaction::toOldAuditLogFormat(int parts,
char tstr[std::size("[dd/Mmm/yyyy:hh:mm:ss shhmm]")];
strftime(tstr, std::size(tstr), "[%d/%b/%Y:%H:%M:%S %z]", &timeinfo);
audit_log << "--" << trailer << "-" << "A--" << std::endl;
audit_log << prefix << "--" << trailer << "-" << "A--" << std::endl;
audit_log << prefix;
audit_log << tstr;
audit_log << " " << m_id;
audit_log << " " << this->m_clientIpAddress;
@ -1472,7 +1473,8 @@ std::string Transaction::toOldAuditLogFormat(int parts,
if (parts & audit_log::AuditLog::BAuditLogPart) {
std::vector<const VariableValue *> l;
audit_log << "--" << trailer << "-" << "B--" << std::endl;
audit_log << prefix << "--" << trailer << "-" << "B--" << std::endl;
audit_log << prefix;
audit_log << utils::string::dash_if_empty(
m_variableRequestMethod.evaluate());
audit_log << " " << this->m_uri.c_str() << " " << "HTTP/";
@ -1481,79 +1483,81 @@ std::string Transaction::toOldAuditLogFormat(int parts,
m_variableRequestHeaders.resolve(&l);
for (auto &h : l) {
size_t pos = strlen("REQUEST_HEADERS:");
audit_log << prefix;
audit_log << h->getKeyWithCollection().c_str() + pos << ": ";
audit_log << h->getValue().c_str() << std::endl;
delete h;
}
audit_log << std::endl;
audit_log << prefix << std::endl;
}
if (parts & audit_log::AuditLog::CAuditLogPart
&& m_requestBody.tellp() > 0) {
std::string body = m_requestBody.str();
audit_log << "--" << trailer << "-" << "C--" << std::endl;
audit_log << prefix << "--" << trailer << "-" << "C--" << std::endl;
if (body.size() > 0) {
audit_log << body << std::endl;
audit_log << prefix << body << std::endl;
}
audit_log << std::endl;
audit_log << prefix << std::endl;
}
if (parts & audit_log::AuditLog::DAuditLogPart) {
audit_log << "--" << trailer << "-" << "D--" << std::endl;
audit_log << std::endl;
audit_log << prefix << "--" << trailer << "-" << "D--" << std::endl;
audit_log << prefix << std::endl;
/** TODO: write audit_log D part. */
}
if (parts & audit_log::AuditLog::EAuditLogPart
&& m_responseBody.tellp() > 0) {
std::string body = utils::string::toHexIfNeeded(m_responseBody.str());
audit_log << "--" << trailer << "-" << "E--" << std::endl;
audit_log << prefix << "--" << trailer << "-" << "E--" << std::endl;
if (body.size() > 0) {
audit_log << body << std::endl;
audit_log << prefix << body << std::endl;
}
audit_log << std::endl;
audit_log << prefix << std::endl;
}
if (parts & audit_log::AuditLog::FAuditLogPart) {
std::vector<const VariableValue *> l;
audit_log << "--" << trailer << "-" << "F--" << std::endl;
audit_log << "HTTP/" << m_httpVersion.c_str() << " ";
audit_log << prefix << "--" << trailer << "-" << "F--" << std::endl;
audit_log << prefix << "HTTP/" << m_httpVersion.c_str() << " ";
audit_log << this->m_httpCodeReturned << std::endl;
m_variableResponseHeaders.resolve(&l);
for (auto &h : l) {
audit_log << prefix;
audit_log << h->getKey().c_str() << ": ";
audit_log << h->getValue().c_str() << std::endl;
delete h;
}
}
audit_log << std::endl;
audit_log << prefix << std::endl;
if (parts & audit_log::AuditLog::GAuditLogPart) {
audit_log << "--" << trailer << "-" << "G--" << std::endl;
audit_log << prefix << "--" << trailer << "-" << "G--" << std::endl;
audit_log << std::endl;
/** TODO: write audit_log G part. */
}
if (parts & audit_log::AuditLog::HAuditLogPart) {
audit_log << "--" << trailer << "-" << "H--" << std::endl;
audit_log << prefix << "--" << trailer << "-" << "H--" << std::endl;
for (const auto &a : m_rulesMessages) {
audit_log << a.log(0, m_httpCodeReturned) << std::endl;
audit_log << prefix << a.log(0, m_httpCodeReturned) << std::endl;
}
audit_log << std::endl;
audit_log << prefix << std::endl;
/** TODO: write audit_log H part. */
}
if (parts & audit_log::AuditLog::IAuditLogPart) {
audit_log << "--" << trailer << "-" << "I--" << std::endl;
audit_log << std::endl;
audit_log << prefix << "--" << trailer << "-" << "I--" << std::endl;
audit_log << prefix << std::endl;
/** TODO: write audit_log I part. */
}
if (parts & audit_log::AuditLog::JAuditLogPart) {
audit_log << "--" << trailer << "-" << "J--" << std::endl;
audit_log << std::endl;
audit_log << prefix << "--" << trailer << "-" << "J--" << std::endl;
audit_log << prefix << std::endl;
/** TODO: write audit_log J part. */
}
if (parts & audit_log::AuditLog::KAuditLogPart) {
audit_log << "--" << trailer << "-" << "K--" << std::endl;
audit_log << std::endl;
audit_log << prefix << "--" << trailer << "-" << "K--" << std::endl;
audit_log << prefix << std::endl;
/** TODO: write audit_log K part. */
}
audit_log << "--" << trailer << "-" << "Z--" << std::endl << std::endl;
audit_log << prefix << "--" << trailer << "-" << "Z--" << std::endl << std::endl;
return audit_log.str();
}

59
test/test-cases/regression/auditlog.json
View File

@ -477,5 +477,64 @@
"SecAuditLogType Serial",
"SecAuditLogRelevantStatus \"^(?:5|4(?!04))\""
]
},
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "auditlog : SecAuditLogPrefix",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "www.modsecurity.org",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
"uri": "\/test.pl?param1= test &param2=test2",
"method": "GET",
"http_version": 1.1,
"body": ""
},
"response": {
"headers": {
"Content-Type": "plain\/text\n\r"
},
"body": [
"test"
]
},
"expected": {
"audit_log": "\\[audit\\.log]:\\ ---.*\\[audit\\.log]:\\ Keep-Alive",
"debug_log": "",
"error_log": "",
"http_code": 403
},
"rules": [
"SecRuleEngine On",
"SecRule ARGS \"@contains test\" \"id:1,t:trim,deny,auditlog\"",
"SecAuditEngine RelevantOnly",
"SecAuditLogPrefix \"[audit.log]: \"",
"SecAuditLogParts ABCFHZ",
"SecAuditLogStorageDir /tmp/test",
"SecAuditLog /tmp/audit_test_prefix.log",
"SecAuditLogDirMode 0766",
"SecAuditLogFileMode 0600",
"SecAuditLogType Serial",
"SecAuditLogRelevantStatus \"^(?:5|4(?!04))\""
]
}
]