First version of the inline highlight calculation

2025-11-17 01:51:52 +03:00 · 2017-02-26 23:32:48 -03:00
parent c1cd668acb
commit 5b447b075f
12 changed files with 207 additions and 13 deletions
--- a/src/rule.cc
+++ b/src/rule.cc
@@ -358,8 +358,7 @@ std::list<std::pair<std::shared_ptr<std::string>,
                if (multiMatch == true) {
                    if (*newValue != *value) {
                        ret.push_back(std::make_pair(
-                            newValue,
-                                          transStr));
+                            newValue, transStr));
                    }
                }
                value = std::shared_ptr<std::string>(newValue);
@@ -388,8 +387,7 @@ std::list<std::pair<std::shared_ptr<std::string>,
            if (multiMatch == true) {
                if (*value != *newValue) {
                    ret.push_back(std::make_pair(
-                        newValue,
-                                      transStr));
+                        newValue, transStr));
                    value = newValue;
                }
            }
--- a/src/rule_message.cc
+++ b/src/rule_message.cc
@@ -20,10 +20,12 @@
 #include "modsecurity/modsecurity.h"
 #include "modsecurity/transaction.h"
 #include "src/utils/string.h"
+#include "src/utils/regex.h"
+#include "modsecurity/actions/action.h"
+#include "src/actions/transformations/transformation.h"

 namespace modsecurity {

-
 std::string RuleMessage::_details(const RuleMessage *rm) {
    std::string msg;

@@ -61,7 +63,6 @@ std::string RuleMessage::_errorLogTail(const RuleMessage *rm) {
    return msg;
 }

-
 std::string RuleMessage::log(const RuleMessage *rm, int props, int code) {
    std::string msg("");

@@ -93,4 +94,80 @@ std::string RuleMessage::log(const RuleMessage *rm, int props, int code) {
 }


+RuleMessageHighlight RuleMessage::computeHighlight(const RuleMessage *rm,
+    const std::string buf) {
+    RuleMessageHighlight ret;
+    Utils::Regex variables("v([0-9]+),([0-9]+)");
+    Utils::Regex operators("o([0-9]+),([0-9]+)");
+    Utils::Regex transformations("t:(?:(?!t:).)+");
+
+    std::string ref(rm->m_reference);
+    std::list<Utils::SMatch> vars = variables.searchAll(ref);
+    std::list<Utils::SMatch> ops = operators.searchAll(ref);
+    std::list<Utils::SMatch> trans = transformations.searchAll(ref);
+
+    std::string varValue;
+
+    while (vars.size() > 0) {
+        std::string value;
+        RuleMessageHighlightArea a;
+        vars.pop_back();
+        std::string startingAt = vars.back().match;
+        vars.pop_back();
+        std::string size = vars.back().match;
+        vars.pop_back();
+        a.m_startingAt = std::stoi(startingAt);
+        a.m_size = std::stoi(size);
+        ret.m_variable.push_back(a);
+
+        if ((stoi(startingAt) + stoi(size)) > buf.size()) {
+            return ret;
+        }
+
+        value = std::string(buf, stoi(startingAt), stoi(size));
+        if (varValue.size() > 0) {
+            varValue.append(" " + value);
+        } else {
+            varValue.append(value);
+        }
+    }
+
+    ret.m_value.push_back(std::make_pair("original value", varValue));
+    while (trans.size() > 0) {
+        modsecurity::actions::transformations::Transformation *t;
+        std::string varValueRes;
+        std::string transformation = trans.back().match.c_str();
+        t = actions::transformations::Transformation::instantiate(
+            transformation);
+
+        varValueRes = t->evaluate(varValue, NULL);
+        varValue.assign(varValueRes);
+        ret.m_value.push_back(std::make_pair(transformation, varValue));
+        trans.pop_back();
+        delete t;
+    }
+
+    while (ops.size() > 0) {
+        RuleMessageHighlightOperator o;
+        ops.pop_back();
+        std::string startingAt = ops.back().match;
+        ops.pop_back();
+        std::string size = ops.back().match;
+        ops.pop_back();
+
+        if ((stoi(startingAt) + stoi(size)) > buf.size()) {
+            return ret;
+        }
+
+        o.m_area.m_startingAt = std::stoi(startingAt);
+        o.m_area.m_size = std::stoi(size);
+        o.m_value.assign(std::string(varValue, o.m_area.m_startingAt,
+            o.m_area.m_size));
+        ret.m_op.push_back(o);
+    }
+
+    return ret;
+}
+
+
 }  // namespace modsecurity
--- a/src/transaction.cc
+++ b/src/transaction.cc
@@ -1515,6 +1515,45 @@ std::string Transaction::toOldAuditLogFormat(int parts,
 }


+std::string Transaction::toBuf() {
+    std::string a;
+
+    a.append(*m_variableRequestMethod.evaluate());
+    a.append(" ");
+    a.append(m_uri);
+    a.append(" HTTP/");
+    a.append(m_httpVersion);
+    a.append("\n");
+    std::vector<const collection::Variable *> l;
+    m_variableRequestHeaders.resolve(&l);
+    for (auto h : l) {
+        size_t pos = strlen("REQUEST_HEADERS:");
+        a.append((h->m_key.c_str() + pos));
+        a.append(": ");
+        a.append((h->m_value.c_str()));
+    }
+
+    a.append("\n\n");
+    if (this->m_requestBody.str().length() > 0) {
+        a.append(this->m_requestBody.str().c_str());
+        a.append("\n\n");
+    }
+#if 0
+    l.clear();
+    m_variableResponseHeaders.resolve(&l);
+    for (auto h : l) {
+        size_t pos = strlen("RESPONSE_HEADERS:");
+        a.append((h->m_key->c_str() + pos));
+        a.append(": ");
+        a.append((h->m_value->c_str()));
+    }
+    a.append("\n\n");
+    a.append(this->m_responseBody.str().c_str());
+#endif
+    return a;
+}
+
+
 std::string Transaction::toJSON(int parts) {
 #ifdef WITH_YAJL
    const unsigned char *buf;