Add ctl:auditengine action support

2025-09-29 11:16:33 +03:00 · 2022-01-19 14:06:01 -08:00
parent cb80837e6a
commit 2d51efae49
15 changed files with 4968 additions and 4759 deletions
--- a/headers/modsecurity/audit_log.h
+++ b/headers/modsecurity/audit_log.h
@@ -22,12 +22,11 @@
 #ifndef HEADERS_MODSECURITY_AUDIT_LOG_H_
 #define HEADERS_MODSECURITY_AUDIT_LOG_H_

-#include "modsecurity/transaction.h"
-

 #ifdef __cplusplus

 namespace modsecurity {
+class Transaction;
 namespace audit_log {
 namespace writer {
 class Writer;
@@ -177,6 +176,10 @@ class AuditLog {
    static int addParts(int parts, const std::string& new_parts);
    static int removeParts(int parts, const std::string& new_parts);

+    void setCtlAuditEngineActive() {
+        m_ctlAuditEngineActive = true;
+    }
+
    bool merge(AuditLog *from, std::string *error);

    std::string m_path1;
@@ -203,6 +206,7 @@ class AuditLog {
    std::string m_relevant;

    audit_log::writer::Writer *m_writer;
+    bool m_ctlAuditEngineActive; // rules have at least one action On or RelevantOnly
 };


--- a/headers/modsecurity/transaction.h
+++ b/headers/modsecurity/transaction.h
@@ -49,6 +49,7 @@ typedef struct Rules_t RulesSet;
 #include "modsecurity/collection/collection.h"
 #include "modsecurity/variable_origin.h"
 #include "modsecurity/anchored_set_variable_translation_proxy.h"
+#include "modsecurity/audit_log.h"


 #ifndef NO_LOGS
@@ -529,6 +530,12 @@ class Transaction : public TransactionAnchoredVariables, public TransactionSecMa
     */
    std::list< std::pair<int, std::string> > m_auditLogModifier;

+    /**
+     * This transaction's most recent action ctl:auditEngine
+     *
+     */
+    audit_log::AuditLog::AuditLogStatus m_ctlAuditEngine;
+
    /**
     * This variable holds all the messages asked to be save by the utilization
     * of the actions: `log_data' and `msg'. These should be included on the