Add ctl:auditengine action support

2025-09-30 11:44:32 +03:00 · 2022-01-19 14:06:01 -08:00
parent cb80837e6a
commit 2d51efae49
15 changed files with 4968 additions and 4759 deletions
--- a/src/actions/ctl/audit_engine.cc
+++ b/src/actions/ctl/audit_engine.cc
@@ -0,0 +1,63 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2022 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "src/actions/ctl/audit_engine.h"
+
+#include <string>
+
+#include "modsecurity/rules_set_properties.h"
+#include "modsecurity/rules_set.h"
+#include "modsecurity/transaction.h"
+
+namespace modsecurity {
+namespace actions {
+namespace ctl {
+
+
+bool AuditEngine::init(std::string *error) {
+
+    std::string what(m_parser_payload, 12, m_parser_payload.size() - 12);
+
+    if (what == "on") {
+        m_auditEngine = audit_log::AuditLog::AuditLogStatus::OnAuditLogStatus;
+    } else if (what == "off") {
+        m_auditEngine = audit_log::AuditLog::AuditLogStatus::OffAuditLogStatus;
+    } else if (what == "relevantonly") {
+        m_auditEngine = audit_log::AuditLog::AuditLogStatus::RelevantOnlyAuditLogStatus;
+    } else {
+        error->assign("Internal error. Expected: On, Off or RelevantOnly; " \
+            "got: " + m_parser_payload);
+        return false;
+    }
+
+    return true;
+}
+
+bool AuditEngine::evaluate(RuleWithActions *rule, Transaction *transaction) {
+    std::stringstream a;
+    a << "Setting SecAuditEngine to ";
+    a << std::to_string(m_auditEngine);
+    a << " as requested by a ctl:auditEngine action";
+
+    ms_dbg_a(transaction, 8, a.str());
+
+    transaction->m_ctlAuditEngine = m_auditEngine;
+    return true;
+}
+
+
+}  // namespace ctl
+}  // namespace actions
+}  // namespace modsecurity
--- a/src/actions/ctl/audit_engine.h
+++ b/src/actions/ctl/audit_engine.h
@@ -0,0 +1,51 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2022 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include <string>
+
+#include "modsecurity/rules_set_properties.h"
+#include "modsecurity/actions/action.h"
+
+#include "modsecurity/audit_log.h"
+
+
+#ifndef SRC_ACTIONS_CTL_AUDIT_ENGINE_H_
+#define SRC_ACTIONS_CTL_AUDIT_ENGINE_H_
+
+namespace modsecurity {
+class Transaction;
+
+namespace actions {
+namespace ctl {
+
+
+class AuditEngine : public Action {
+ public:
+    explicit AuditEngine(const std::string &action)
+        : Action(action, RunTimeOnlyIfMatchKind),
+        m_auditEngine(audit_log::AuditLog::AuditLogStatus::NotSetLogStatus) { }
+
+    bool init(std::string *error) override;
+    bool evaluate(RuleWithActions *rule, Transaction *transaction) override;
+
+    audit_log::AuditLog::AuditLogStatus m_auditEngine;
+};
+
+
+}  // namespace ctl
+}  // namespace actions
+}  // namespace modsecurity
+
+#endif  // SRC_ACTIONS_CTL_AUDIT_ENGINE_H_