Adds AuditLog class

The properties related to the Audit Log were saved into the classes
Rules and Dirver, now all those properties will be saved into the
AuditLog class.

headers/modsecurity/rules.h

@@ -39,6 +39,7 @@ class Driver;
 
 namespace ModSecurity {
 class Rule;
+class AuditLog;
 
 /** @ingroup ModSecurity_CPP_API */
 class Rules {
@@ -85,6 +86,8 @@ class Rules {
     DebugLog *debug_log;
     void debug(int level, std::string message);
 
+    AuditLog *audit_log;
+
  private:
     int m_referenceCount;
     DebugLog *m_custom_debug_log;

src/Makefile.am

@@ -78,6 +78,7 @@ libmodsecurity_la_SOURCES = \
 	parser/seclang-scanner.ll \
 	parser/driver.cc \
 	assay.cc \
+	audit_log.cc \
 	modsecurity.cc \
 	rules.cc \
 	utils.cc \

src/assay.cc

@@ -28,6 +28,7 @@
 #include "modsecurity/intervention.h"
 #include "actions/action.h"
 #include "src/utils.h"
+#include "src/audit_log.h"
 
 using ModSecurity::actions::Action;
 

src/audit_log.cc

@@ -0,0 +1,130 @@
+/**
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "src/audit_log.h"
+
+#include <yajl/yajl_tree.h>
+#include <yajl/yajl_gen.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <ctype.h>
+
+#include <fstream>
+#include <regex>
+
+
+#define PARTS_CONSTAINS(a, c) \
+    if (new_parts.find(toupper(a)) != std::string::npos \
+        || new_parts.find(tolower(a)) != std::string::npos) { \
+          this->m_parts = this->m_parts | c; \
+    }
+
+namespace ModSecurity {
+
+
+bool AuditLog::setStorageDirMode(int permission) {
+    this->m_storage_permission = permission;
+    return true;
+}
+
+
+bool AuditLog::setFileMode(int permission) {
+    this->m_file_permissions = permission;
+    return true;
+}
+
+
+bool AuditLog::setStatus(AuditLogStatus new_status) {
+    this->m_status = new_status;
+    return true;
+}
+
+
+bool AuditLog::setRelevantStatus(const std::basic_string<char>& status) {
+    this->m_relevant = status;
+    return true;
+}
+
+
+bool AuditLog::setStorageDir(const std::basic_string<char>& path) {
+    this->m_storage_dir = path;
+    return true;
+}
+
+
+bool AuditLog::setFilePath1(const std::basic_string<char>& path) {
+    this->m_path1 = path;
+    return true;
+}
+
+
+bool AuditLog::setFilePath2(const std::basic_string<char>& path) {
+    this->m_path2 = path;
+    return true;
+}
+
+
+bool AuditLog::setParts(const std::basic_string<char>& new_parts) {
+    PARTS_CONSTAINS('A', AAuditLogPart)
+    PARTS_CONSTAINS('B', BAuditLogPart)
+    PARTS_CONSTAINS('C', CAuditLogPart)
+    PARTS_CONSTAINS('D', DAuditLogPart)
+    PARTS_CONSTAINS('E', EAuditLogPart)
+    PARTS_CONSTAINS('F', FAuditLogPart)
+    PARTS_CONSTAINS('G', GAuditLogPart)
+    PARTS_CONSTAINS('H', HAuditLogPart)
+    PARTS_CONSTAINS('I', IAuditLogPart)
+    PARTS_CONSTAINS('J', JAuditLogPart)
+    PARTS_CONSTAINS('K', KAuditLogPart)
+    PARTS_CONSTAINS('Z', ZAuditLogPart)
+
+    return true;
+}
+
+
+bool AuditLog::setType(AuditLogType audit_type) {
+    this->m_type = audit_type;
+    return true;
+}
+
+
+bool AuditLog::init() {
+     return true;
+}
+
+
+bool AuditLog::isRelevant(int status) {
+    std::string sstatus = std::to_string(status);
+    return std::regex_search(sstatus, std::regex(this->m_relevant)) != 0;
+}
+
+
+bool AuditLog::saveIfRelevant(Assay *assay) {
+    return true;
+}
+
+
+std::string AuditLog::logfy(Assay *assay) {
+    std::string log("ops");
+    return log;
+}
+
+
+bool AuditLog::close() {
+    return true;
+}
+
+
+}  // namespace ModSecurity

src/audit_log.h

@@ -0,0 +1,183 @@
+/**
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#ifdef __cplusplus
+#include <iostream>
+#include <fstream>
+#include <string>
+#endif
+
+#ifndef SRC_AUDIT_LOG_H_
+#define SRC_AUDIT_LOG_H_
+
+#include "modsecurity/assay.h"
+
+#ifdef __cplusplus
+
+namespace ModSecurity {
+
+/** @ingroup ModSecurity_CPP_API */
+class AuditLog {
+ public:
+    AuditLog()
+        : m_status(OffAuditLogStatus),
+        m_path1(""),
+        m_path2(""),
+        m_storage_dir(""),
+        m_parts(AAuditLogPart | BAuditLogPart | CAuditLogPart | FAuditLogPart
+            | HAuditLogPart | ZAuditLogPart),
+        m_type(ParallelAuditLogType),
+        m_relevant("")
+        { }
+
+    enum AuditLogType {
+     SerialAuditLogType,
+     ParallelAuditLogType,
+    };
+
+    enum AuditLogStatus {
+     OnAuditLogStatus,
+     OffAuditLogStatus,
+     RelevantOnlyAuditLogStatus
+    };
+
+    enum AuditLogParts {
+     /**
+      * Audit log header (mandatory).
+      * 
+      */
+     AAuditLogPart = 2,
+
+     /**
+      * Request headers.
+      * 
+      */
+     BAuditLogPart = 4,
+
+     /**
+      * Request body (present only if the request body exists and ModSecurity
+      * is configured to intercept it).
+      * 
+      */     
+     CAuditLogPart = 8,
+
+     /**
+      * Reserved for intermediary response headers; not implemented yet.
+      * 
+      */     
+     DAuditLogPart = 16,
+
+     /**
+      * Intermediary response body (present only if ModSecurity is configured
+      * to intercept response bodies, and if the audit log engine is
+      * configured to record it). Intermediary response body is the same as the
+      * actual response body unless ModSecurity intercepts the intermediary
+      * response body, in which case the actual response body will contain the
+      * error message (either the Apache default error message, or the
+      * ErrorDocument page).
+      *
+      */
+     EAuditLogPart = 32,
+
+     /**
+      * Final response headers (excluding the Date and Server headers, which
+      * are always added by Apache in the late stage of content delivery).
+      * 
+      */
+     FAuditLogPart = 64,
+
+     /**
+      * Reserved for the actual response body; not implemented yet.
+      * 
+      */
+     GAuditLogPart = 128,
+
+     /**
+      * Audit log trailer.
+      * 
+      */
+     HAuditLogPart = 256,
+
+     /**
+      * This part is a replacement for part C. It will log the same data as C
+      * in all cases except when multipart/form-data encoding in used. In this
+      * case, it will log a fake application/x-www-form-urlencoded body that
+      * contains the information about parameters but not about the files. This
+      * is handy if you don’t want to have (often large) files stored in your
+      * audit logs.
+      * 
+      */
+     IAuditLogPart = 512,
+
+     /**
+      * This part contains information about the files uploaded using
+      * multipart/form-data encoding.
+      */
+     JAuditLogPart = 1024,
+
+     /**
+      * This part contains a full list of every rule that matched (one per
+      * line) in the order they were matched. The rules are fully qualified and
+      * will thus show inherited actions and default operators. Supported as of
+      * v2.5.0.
+      * 
+      */
+     KAuditLogPart = 2048,
+
+     /**
+      * Final boundary, signifies the end of the entry (mandatory).
+      * 
+      */
+     ZAuditLogPart = 4096
+    };
+
+    bool setStorageDirMode(int permission);
+    bool setFileMode(int permission);
+    bool setStatus(AuditLogStatus new_status);
+    bool setRelevantStatus(const std::basic_string<char>& new_relevant_status);
+    bool setFilePath1(const std::basic_string<char>& path);
+    bool setFilePath2(const std::basic_string<char>& path);
+    bool setStorageDir(const std::basic_string<char>& path);
+
+    bool setParts(const std::basic_string<char>& new_parts);
+    bool setType(AuditLogType audit_type);
+
+    bool init();
+    bool close();
+
+    bool saveIfRelevant(Assay *assay);
+    std::string logfy(Assay *assay);
+    bool isRelevant(int status);
+
+ private:
+    AuditLogStatus m_status;
+    std::string m_path1;
+    std::string m_path2;
+    std::string m_storage_dir;
+
+    int m_file_permissions;
+    int m_storage_permission;
+
+    int m_parts;
+    AuditLogType m_type;
+    std::string m_relevant;
+
+//    AuditLogWriter *m_writer;
+};
+
+}  // namespace ModSecurity
+#endif
+
+#endif  // SRC_AUDIT_LOG_H_

src/parser/driver.cc

@@ -18,7 +18,9 @@
 #include "parser/seclang-parser.hh"
 
 Driver::Driver()
-  : trace_scanning(false), trace_parsing(false) {
+  : trace_scanning(false),
+  trace_parsing(false),
+  audit_log(new ModSecurity::AuditLog()) {
 }
 
 
@@ -46,6 +48,11 @@ int Driver::parse(const std::string &f) {
 
     int res = parser.parse();
 
+    if (this->audit_log->init() == false)
+    {
+        return false;
+    }
+
     scan_end();
     return res;
 }

src/parser/driver.h

@@ -25,6 +25,7 @@
 
 #include "modsecurity/modsecurity.h"
 #include "src/rule.h"
+#include "src/audit_log.h"
 
 #include "parser/seclang-parser.hh"
 
@@ -85,9 +86,11 @@ class Driver {
     bool sec_audit_engine;
     bool sec_request_body_access;
     bool sec_response_body_access;
-    std::string audit_log_path;
-    std::string audit_log_parts;
+
     std::string debug_log_path;
+
+    ModSecurity::AuditLog *audit_log;
+
     int debug_level;
 };
 

src/parser/seclang-parser.yy

@@ -147,11 +147,11 @@ expression:
       }
     | CONFIG_DIR_AUDIT_LOG
       {
-        driver.audit_log_path = $1;
+        //driver.audit_log_path = $1;
       }
     | CONFIG_DIR_AUDIT_LOG_P
       {
-        driver.audit_log_parts = $1;
+        //driver.audit_log_parts = $1;
       }
     | CONFIG_DIR_DEBUG_LVL
       {

src/rules.cc

@@ -159,8 +159,6 @@ int Rules::merge(Driver *from) {
     this->sec_audit_engine = from->sec_audit_engine;
     this->sec_request_body_access = from->sec_request_body_access;
     this->sec_response_body_access = from->sec_response_body_access;
-    this->audit_log_path = from->audit_log_path;
-    this->audit_log_parts = from->audit_log_parts;
     this->debug_log_path = from->debug_log_path;
     this->debug_level = from->debug_level;
 
@@ -170,6 +168,8 @@ int Rules::merge(Driver *from) {
         this->debug_log = new DebugLog();
     }
 
+    this->audit_log = from->audit_log;
+
     this->debug_log->setDebugLevel(this->debug_level);
     this->debug_log->setOutputFile(this->debug_log_path);
 
@@ -194,8 +194,6 @@ int Rules::merge(Rules *from) {
     this->sec_audit_engine = from->sec_audit_engine;
     this->sec_request_body_access = from->sec_request_body_access;
     this->sec_response_body_access = from->sec_response_body_access;
-    this->audit_log_path = from->audit_log_path;
-    this->audit_log_parts = from->audit_log_parts;
 
     this->debug_log = from->debug_log;