github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-19 02:40:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds new method for rule merge

Browse Source 
IMPORTANT: SecDefaultAction specified on a child configuration will
overwrite the ones specified on the parent; Previously it was
concatenating.
This commit is contained in:
Felipe Zimmerle
2020-04-14 11:33:17 -03:00
parent 73c3731c9d
commit 1518015687
114 changed files with 2130 additions and 1511 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
src/transaction.cc
View File

@@ -61,6 +61,33 @@ using modsecurity::RequestBodyProcessor::XML;
namespace modsecurity {
RuleMessage *TransactionRuleMessageManagement::messageGetLast() {
return m_rulesMessages.back();
}
void TransactionRuleMessageManagement::logMatchLastRuleOnTheChain(RuleWithActions *rule) {
RuleMessage *rm = m_rulesMessages.back();
rm->setRule(rule);
if (rule->hasDisruptiveAction() &&
(m_transaction->getRuleEngineState() == RulesSet::DetectionOnlyRuleEngine)) {
/* error */
// The error goes over the disruptive massage. We don't need it here.
//m_transaction->serverLog(rm);
} else if (rule->hasBlockAction() && (!rule->hasNoLogAction()) || rule->hasLogAction()) {
/* Log as warning. */
m_transaction->serverLog(rm);
messageNew();
}
}
void TransactionRuleMessageManagement::messageNew() {
m_rulesMessages.push_back(new RuleMessage(m_transaction));
}
/**
* @name Transaction
* @brief Represents the inspection on an entire request.
@@ -122,7 +149,6 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, void *logCbData)
m_ruleRemoveTargetById(),
m_requestBodyAccess(RulesSet::PropertyNotSetConfigBoolean),
m_auditLogModifier(),
m_rulesMessages(),
m_requestBody(),
m_responseBody(),
/* m_id(), */
@@ -160,7 +186,8 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, void *logCbData)
m_variableTimeWDay(""),
m_variableTimeYear(""),
m_logCbData(logCbData),
TransactionAnchoredVariables(this) {
TransactionAnchoredVariables(this),
TransactionRuleMessageManagement(this) {
m_id = std::unique_ptr<std::string>(
new std::string(
std::to_string(m_timeStamp)));
@@ -195,7 +222,6 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, char *id, void *logCb
m_ruleRemoveTargetById(),
m_requestBodyAccess(RulesSet::PropertyNotSetConfigBoolean),
m_auditLogModifier(),
m_rulesMessages(),
m_requestBody(),
m_responseBody(),
m_id(std::unique_ptr<std::string>(new std::string(id))),
@@ -233,7 +259,8 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, char *id, void *logCb
m_variableTimeWDay(""),
m_variableTimeYear(""),
m_logCbData(logCbData),
TransactionAnchoredVariables(this) {
TransactionAnchoredVariables(this),
TransactionRuleMessageManagement(this) {
m_variableUrlEncodedError.set("0", 0);
@@ -250,7 +277,7 @@ Transaction::~Transaction() {
m_requestBody.str(std::string());
m_requestBody.clear();
m_rulesMessages.clear();
messageClear();
intervention::free(&m_it);
intervention::clean(&m_it);
@@ -1590,8 +1617,8 @@ std::string Transaction::toOldAuditLogFormat(int parts,
}
if (parts & audit_log::AuditLog::HAuditLogPart) {
audit_log << "--" << trailer << "-" << "H--" << std::endl;
for (auto a : m_rulesMessages) {
audit_log << a.log(0, m_httpCodeReturned) << std::endl;
for (auto a : messageGetAll()) {
audit_log << a->log(0, m_httpCodeReturned) << std::endl;
}
audit_log << std::endl;
/** TODO: write audit_log H part. */
@@ -1753,36 +1780,36 @@ std::string Transaction::toJSON(int parts) {
reinterpret_cast<const unsigned char*>("messages"),
strlen("messages"));
yajl_gen_array_open(g);
for (auto a : m_rulesMessages) {
for (auto a : messageGetAll()) {
yajl_gen_map_open(g);
LOGFY_ADD("message", a.m_message.c_str());
LOGFY_ADD("message", a->m_message.c_str());
yajl_gen_string(g,
reinterpret_cast<const unsigned char*>("details"),
strlen("details"));
yajl_gen_map_open(g);
LOGFY_ADD("match", a.m_match.c_str());
LOGFY_ADD("reference", a.m_reference.c_str());
LOGFY_ADD("ruleId", std::to_string(a.m_ruleId).c_str());
LOGFY_ADD("file", a.m_ruleFile->c_str());
LOGFY_ADD("lineNumber", std::to_string(a.m_ruleLine).c_str());
LOGFY_ADD("data", a.m_data.c_str());
LOGFY_ADD("severity", std::to_string(a.m_severity).c_str());
LOGFY_ADD("ver", a.m_ver.c_str());
LOGFY_ADD("rev", a.m_rev.c_str());
LOGFY_ADD("match", a->m_match.c_str());
LOGFY_ADD("reference", a->m_reference.c_str());
LOGFY_ADD("ruleId", std::to_string(a->getRuleId()).c_str());
LOGFY_ADD("file", a->getFileName().c_str());
LOGFY_ADD("lineNumber", std::to_string(a->getLineNumber()).c_str());
LOGFY_ADD("data", a->m_data.c_str());
LOGFY_ADD("severity", std::to_string(a->m_severity).c_str());
LOGFY_ADD("ver", a->getVer().c_str());
LOGFY_ADD("rev", a->getRev().c_str());
yajl_gen_string(g,
reinterpret_cast<const unsigned char*>("tags"),
strlen("tags"));
yajl_gen_array_open(g);
for (auto b : a.m_tags) {
for (auto b : a->m_tags) {
yajl_gen_string(g,
reinterpret_cast<const unsigned char*>(b.c_str()),
strlen(b.c_str()));
}
yajl_gen_array_close(g);
LOGFY_ADD("maturity", std::to_string(a.m_maturity).c_str());
LOGFY_ADD("accuracy", std::to_string(a.m_accuracy).c_str());
LOGFY_ADD("maturity", std::to_string(a->getMaturity()).c_str());
LOGFY_ADD("accuracy", std::to_string(a->getAccuracy()).c_str());
yajl_gen_map_close(g);
yajl_gen_map_close(g);
}
@@ -1811,7 +1838,7 @@ std::string Transaction::toJSON(int parts) {
}
void Transaction::serverLog(std::shared_ptr<RuleMessage> rm) {
void Transaction::serverLog(RuleMessage *rm) {
m_ms->serverLog(m_logCbData, rm);
}