github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Having disruptive msgs as disruptive [instead of warnings] on audit log

Browse Source 
Issue #1592
This commit is contained in:
Felipe Zimmerle 2017-10-17 14:56:18 -03:00
parent 30797a458b
commit 39fb75c34d
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
4 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -2,6 +2,8 @@
v3.0.????? - ?
---------------------------
- Having disruptive msgs as disruptive [instead of warnings] on audit log
[Issue #1592 - @zimmerle, @nobodysz]
- Parser: Pipes are no longer welcomed inside regex dict element selection.
[Issue #1591 - @zimmerle, @slabber]
- Avoids unicode initialization on every rules object

4
headers/modsecurity/rule_message.h
View File

@ -68,6 +68,9 @@ class RuleMessage {
std::string noClientErrorLog() {
return RuleMessage::noClientErrorLog(this);
}
std::string noClientErrorLog(bool disrupt) {
return RuleMessage::noClientErrorLog(this, disrupt);
}
std::string errorLogTail() {
return RuleMessage::errorLogTail(this);
}
@ -76,6 +79,7 @@ class RuleMessage {
}
static std::string disruptiveErrorLog(const RuleMessage *rm);
static std::string noClientErrorLog(const RuleMessage *rm);
static std::string noClientErrorLog(const RuleMessage *rm, bool disrupt);
static std::string errorLogTail(const RuleMessage *rm);
static std::string errorLog(const RuleMessage *rm);
static std::string log(const RuleMessage *rm);

27
src/rule_message.cc
View File

@ -53,6 +53,33 @@ std::string RuleMessage::disruptiveErrorLog(const RuleMessage *rm) {
return modsecurity::utils::string::toHexIfNeeded(msg);
}
std::string RuleMessage::noClientErrorLog(const RuleMessage *rm, bool disruptive) {
std::string msg;
if (disruptive == false) {
return RuleMessage::noClientErrorLog(rm);
}
msg.append("Message: ");
msg.append(rm->m_disruptiveMessage);
msg.append(rm->m_match);
msg.append(" [file \"" + std::string(rm->m_ruleFile) + "\"]");
msg.append(" [line \"" + std::to_string(rm->m_ruleLine) + "\"]");
msg.append(" [id \"" + std::to_string(rm->m_ruleId) + "\"]");
msg.append(" [rev \"" + rm->m_rev + "\"]");
msg.append(" [msg \"" + rm->m_message + "\"]");
msg.append(" [data \"" + rm->m_data + "\"]");
msg.append(" [severity \"" +
std::to_string(rm->m_severity) + "\"]");
msg.append(" [ver \"" + rm->m_ver + "\"]");
msg.append(" [maturity \"" + std::to_string(rm->m_maturity) + "\"]");
msg.append(" [accuracy \"" + std::to_string(rm->m_accuracy) + "\"]");
for (auto &a : rm->m_tags) {
msg.append(" [tag \"" + a + "\"]");
}
msg.append(" [ref \"" + rm->m_reference + "\"]");
return modsecurity::utils::string::toHexIfNeeded(msg);
}
std::string RuleMessage::noClientErrorLog(const RuleMessage *rm) {
std::string msg;

6
src/transaction.cc
View File

@ -1485,7 +1485,11 @@ std::string Transaction::toOldAuditLogFormat(int parts,
if (parts & audit_log::AuditLog::HAuditLogPart) {
audit_log << "--" << trailer << "-" << "H--" << std::endl;
for (auto a : m_rulesMessages) {
audit_log << a.noClientErrorLog() << std::endl;
if (a.m_isDisruptive == true) {
audit_log << a.noClientErrorLog(true) << std::endl;
} else {
audit_log << a.noClientErrorLog() << std::endl;
}
}
audit_log << std::endl;
/** TODO: write audit_log H part. */