diff --git a/CHANGES b/CHANGES index 546aa0ad..61b28a3a 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,8 @@ v3.0.????? - ? --------------------------- + - Having disruptive msgs as disruptive [instead of warnings] on audit log + [Issue #1592 - @zimmerle, @nobodysz] - Parser: Pipes are no longer welcomed inside regex dict element selection. [Issue #1591 - @zimmerle, @slabber] - Avoids unicode initialization on every rules object diff --git a/headers/modsecurity/rule_message.h b/headers/modsecurity/rule_message.h index 1c9968a0..9d145a19 100644 --- a/headers/modsecurity/rule_message.h +++ b/headers/modsecurity/rule_message.h @@ -68,6 +68,9 @@ class RuleMessage { std::string noClientErrorLog() { return RuleMessage::noClientErrorLog(this); } + std::string noClientErrorLog(bool disrupt) { + return RuleMessage::noClientErrorLog(this, disrupt); + } std::string errorLogTail() { return RuleMessage::errorLogTail(this); } @@ -76,6 +79,7 @@ class RuleMessage { } static std::string disruptiveErrorLog(const RuleMessage *rm); static std::string noClientErrorLog(const RuleMessage *rm); + static std::string noClientErrorLog(const RuleMessage *rm, bool disrupt); static std::string errorLogTail(const RuleMessage *rm); static std::string errorLog(const RuleMessage *rm); static std::string log(const RuleMessage *rm); diff --git a/src/rule_message.cc b/src/rule_message.cc index 952c0ff4..f863ae90 100644 --- a/src/rule_message.cc +++ b/src/rule_message.cc @@ -53,6 +53,33 @@ std::string RuleMessage::disruptiveErrorLog(const RuleMessage *rm) { return modsecurity::utils::string::toHexIfNeeded(msg); } +std::string RuleMessage::noClientErrorLog(const RuleMessage *rm, bool disruptive) { + std::string msg; + if (disruptive == false) { + return RuleMessage::noClientErrorLog(rm); + } + + msg.append("Message: "); + msg.append(rm->m_disruptiveMessage); + msg.append(rm->m_match); + msg.append(" [file \"" + std::string(rm->m_ruleFile) + "\"]"); + msg.append(" [line \"" + std::to_string(rm->m_ruleLine) + "\"]"); + msg.append(" [id \"" + std::to_string(rm->m_ruleId) + "\"]"); + msg.append(" [rev \"" + rm->m_rev + "\"]"); + msg.append(" [msg \"" + rm->m_message + "\"]"); + msg.append(" [data \"" + rm->m_data + "\"]"); + msg.append(" [severity \"" + + std::to_string(rm->m_severity) + "\"]"); + msg.append(" [ver \"" + rm->m_ver + "\"]"); + msg.append(" [maturity \"" + std::to_string(rm->m_maturity) + "\"]"); + msg.append(" [accuracy \"" + std::to_string(rm->m_accuracy) + "\"]"); + for (auto &a : rm->m_tags) { + msg.append(" [tag \"" + a + "\"]"); + } + msg.append(" [ref \"" + rm->m_reference + "\"]"); + + return modsecurity::utils::string::toHexIfNeeded(msg); +} std::string RuleMessage::noClientErrorLog(const RuleMessage *rm) { std::string msg; diff --git a/src/transaction.cc b/src/transaction.cc index 487033e6..647ad824 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -1485,7 +1485,11 @@ std::string Transaction::toOldAuditLogFormat(int parts, if (parts & audit_log::AuditLog::HAuditLogPart) { audit_log << "--" << trailer << "-" << "H--" << std::endl; for (auto a : m_rulesMessages) { - audit_log << a.noClientErrorLog() << std::endl; + if (a.m_isDisruptive == true) { + audit_log << a.noClientErrorLog(true) << std::endl; + } else { + audit_log << a.noClientErrorLog() << std::endl; + } } audit_log << std::endl; /** TODO: write audit_log H part. */