Merge pull request #2680 from SpiderLabs/v3/dev/issue_2606_a

Add ctl:auditengine action support
2025-09-30 03:34:29 +03:00 · 2022-01-26 15:53:53 -05:00
parent cc83a1baca 2d51efae49
commit 2cde1933a7
15 changed files with 4968 additions and 4759 deletions
--- a/test/cppcheck_suppressions.txt
+++ b/test/cppcheck_suppressions.txt
@@ -35,8 +35,8 @@ invalidScanfArgType_int:src/rules_set_properties.cc:102
 unmatchedSuppression:src/utils/geo_lookup.cc:82
 useInitializationList:src/utils/shared_files.h:87
 unmatchedSuppression:src/utils/msc_tree.cc
-functionStatic:headers/modsecurity/transaction.h:407
-duplicateBranch:src/audit_log/audit_log.cc:223
+functionStatic:headers/modsecurity/transaction.h:408
+duplicateBranch:src/audit_log/audit_log.cc:226
 unreadVariable:src/request_body_processor/multipart.cc:435
 stlcstrParam:src/audit_log/writer/parallel.cc:145
 functionStatic:src/engine/lua.h:70
@@ -54,7 +54,7 @@ duplicateBranch:src/request_body_processor/multipart.cc:93
 danglingTempReference:src/modsecurity.cc:206
 knownConditionTrueFalse:src/operators/validate_url_encoding.cc:77
 knownConditionTrueFalse:src/operators/verify_svnr.cc:87
-rethrowNoCurrentException:headers/modsecurity/transaction.h:306
+rethrowNoCurrentException:headers/modsecurity/transaction.h:307
 rethrowNoCurrentException:src/rule_with_actions.cc:123

 noExplicitConstructor:seclang-parser.hh
--- a/test/test-cases/regression/action-ctl_audit_engine.json
+++ b/test/test-cases/regression/action-ctl_audit_engine.json
@@ -0,0 +1,51 @@
+[
+  {
+    "enabled": 1,
+    "version_min": 300000,
+    "version_max": 0,
+    "title": "auditengine : Config=Off, ctl:auditEngine=on",
+    "client": {
+      "ip": "200.249.12.31",
+      "port": 2313
+    },
+    "server": {
+      "ip": "200.249.12.31",
+      "port": 80
+    },
+    "request": {
+      "headers": {
+        "Host": "www.modsecurity.org",
+        "User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
+        "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
+        "Accept-Language": "en-us,en;q=0.5",
+        "Accept-Encoding": "gzip,deflate",
+        "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
+        "Keep-Alive": "300",
+        "Connection": "keep-alive",
+        "Pragma": "no-cache",
+        "Cache-Control": "no-cache"
+      },
+      "uri": "\/test.pl?parm1=test1&parm2=test2",
+      "method": "GET",
+      "http_version": 1.1,
+      "body": ""
+    },
+    "expected": {
+      "audit_log": "--A--",
+      "error_log": "",
+      "http_code": 200
+    },
+    "rules": [
+      "SecRuleEngine On",
+      "SecDefaultAction \"phase:2,nolog,pass\"",
+      "SecAuditEngine Off",
+      "SecAuditLogParts ABCFHZ",
+      "SecAuditLog /tmp/modsec_test_ctl_auditengine_auditlog_1.log",
+      "SecAuditLogDirMode 0766",
+      "SecAuditLogFileMode 0666",
+      "SecAuditLogType Serial",
+      "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"",
+      "SecRule ARGS \"@contains test2\" \"id:1701,phase:2,pass,nolog,ctl:auditEngine=on\""
+    ]
+  }
+]