Support to JSON stuff on serial logging

2025-08-13 21:36:00 +03:00 · 2017-10-03 20:50:02 +00:00 · 2017-10-03 20:50:02 +00:00 · 63bef3d142
commit 63bef3d142
parent 2988c5bb07
16 changed files with 7388 additions and 7223 deletions
--- a/headers/modsecurity/audit_log.h
+++ b/headers/modsecurity/audit_log.h
@ -53,6 +53,12 @@ class AuditLog {
     RelevantOnlyAuditLogStatus
    };

+    enum AuditLogFormat {
+     NotSetAuditLogFormat,
+     JSONAuditLogFormat,
+     NativeAuditLogFormat
+    };
+
    enum AuditLogParts {
     /**
      * Audit log header (mandatory).
@ -150,6 +156,7 @@ class AuditLog {
    bool setFilePath1(const std::basic_string<char>& path);
    bool setFilePath2(const std::basic_string<char>& path);
    bool setStorageDir(const std::basic_string<char>& path);
+    bool setFormat(AuditLogFormat format);

    int getDirectoryPermission();
    int getFilePermission();
@ -186,6 +193,7 @@ class AuditLog {
        }
        return false;
    }
+    AuditLogFormat m_format;

 protected:
    int m_parts;
@ -198,7 +206,7 @@ class AuditLog {
    int m_directoryPermission;
    int m_defaultDirectoryPermission = 0750;

- private:
+private:
    AuditLogStatus m_status;

    AuditLogType m_type;
--- a/headers/modsecurity/transaction.h
+++ b/headers/modsecurity/transaction.h
@ -319,7 +319,8 @@ class Transaction : public TransactionAnchoredVariables {
        size_t offset);

    const char *getResponseBody();
-    int getResponseBodyLength();
+    size_t getResponseBodyLength();
+    size_t getRequestBodyLength();

 #ifndef NO_LOGS
    void debug(int, std::string);
@ -612,7 +613,10 @@ int msc_process_uri(Transaction *transaction, const char *uri,
 const char *msc_get_response_body(Transaction *transaction);

 /** @ingroup ModSecurity_C_API */
-int msc_get_response_body_length(Transaction *transaction);
+size_t msc_get_response_body_length(Transaction *transaction);
+
+/** @ingroup ModSecurity_C_API */
+size_t msc_get_request_body_length(Transaction *transaction);

 /** @ingroup ModSecurity_C_API */
 void msc_transaction_cleanup(Transaction *transaction);
--- a/src/audit_log/audit_log.cc
+++ b/src/audit_log/audit_log.cc
@ -129,6 +129,10 @@ bool AuditLog::setFilePath2(const std::basic_string<char>& path) {
    return true;
 }

+bool AuditLog::setFormat(AuditLogFormat fmt) {
+    this->m_format = fmt;
+    return true;
+}

 int AuditLog::addParts(int parts, const std::string& new_parts) {
    PARTS_CONSTAINS('A', AAuditLogPart)
@ -349,6 +353,10 @@ bool AuditLog::merge(AuditLog *from, std::string *error) {
        m_parts = from->m_parts;
    }

+    if (from->m_format != NotSetAuditLogFormat) {
+        m_format = from->m_format;
+    }
+
    return init(error);
 }

--- a/src/audit_log/writer/parallel.cc
+++ b/src/audit_log/writer/parallel.cc
@ -103,12 +103,21 @@ bool Parallel::init(std::string *error) {

 bool Parallel::write(Transaction *transaction, int parts, std::string *error) {
    int fd;
-    std::string log = transaction->toJSON(parts);
+    std::string log;
    std::string fileName = logFilePath(&transaction->m_timeStamp,
        YearMonthDayDirectory | YearMonthDayAndTimeDirectory
        | YearMonthDayAndTimeFileName);
    bool ret;

+    if (transaction->m_rules->m_auditLog->m_format ==
+            audit_log::AuditLog::JSONAuditLogFormat) {
+        log = transaction->toJSON(parts);
+    } else {
+        std::string boundary;
+        generateBoundary(&boundary);
+        log = transaction->toOldAuditLogFormat(parts, "-" + boundary + "--");
+    }
+
    std::string logPath = m_audit->m_storage_dir;
    fileName = logPath + fileName + "-" + transaction->m_id;

--- a/src/audit_log/writer/parallel.h
+++ b/src/audit_log/writer/parallel.h
@ -22,6 +22,7 @@
 #include "modsecurity/transaction.h"
 #include "modsecurity/audit_log.h"
 #include "src/utils/shared_files.h"
+#include "modsecurity/rules.h"

 #ifdef __cplusplus

--- a/src/audit_log/writer/serial.cc
+++ b/src/audit_log/writer/serial.cc
@ -28,29 +28,22 @@ Serial::~Serial() {
 }


-void Serial::generateBoundary(std::string *boundary) {
-    static const char alphanum[] =
-        "0123456789"
-        "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-        "abcdefghijklmnopqrstuvwxyz";
-
-    for (int i = 0; i < SERIAL_AUDIT_LOG_BOUNDARY_LENGTH; ++i) {
-        boundary->append(1, alphanum[rand() % (sizeof(alphanum) - 1)]);
-    }
-}
-
-
 bool Serial::init(std::string *error) {
    return utils::SharedFiles::getInstance().open(m_audit->m_path1, error);
 }


 bool Serial::write(Transaction *transaction, int parts, std::string *error) {
-    std::string boundary;
    std::string msg;

-    generateBoundary(&boundary);
-    msg = transaction->toOldAuditLogFormat(parts, "-" + boundary + "--");
+    if (transaction->m_rules->m_auditLog->m_format ==
+            audit_log::AuditLog::JSONAuditLogFormat) {
+        msg = transaction->toJSON(parts);
+    } else {
+        std::string boundary;
+        generateBoundary(&boundary);
+        msg = transaction->toOldAuditLogFormat(parts, "-" + boundary + "--");
+    }

    return utils::SharedFiles::getInstance().write(m_audit->m_path1, msg,
        error);
--- a/src/audit_log/writer/serial.h
+++ b/src/audit_log/writer/serial.h
@ -26,6 +26,7 @@
 #include "src/utils/shared_files.h"
 #include "modsecurity/transaction.h"
 #include "modsecurity/audit_log.h"
+#include "modsecurity/rules.h"

 #ifdef __cplusplus

@ -33,8 +34,6 @@ namespace modsecurity {
 namespace audit_log {
 namespace writer {

-#define SERIAL_AUDIT_LOG_BOUNDARY_LENGTH 8
-

 /** @ingroup ModSecurity_CPP_API */
 class Serial : public Writer {
@ -49,7 +48,6 @@ class Serial : public Writer {
    bool write(Transaction *transaction, int parts,
        std::string *error) override;

-    void generateBoundary(std::string *boundary);
 };

 }  // namespace writer
--- a/src/audit_log/writer/writer.cc
+++ b/src/audit_log/writer/writer.cc
@ -23,7 +23,16 @@ namespace modsecurity {
 namespace audit_log {
 namespace writer {

+void Writer::generateBoundary(std::string *boundary) {
+    static const char alphanum[] =
+        "0123456789"
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+        "abcdefghijklmnopqrstuvwxyz";

+    for (int i = 0; i < SERIAL_AUDIT_LOG_BOUNDARY_LENGTH; ++i) {
+        boundary->append(1, alphanum[rand() % (sizeof(alphanum) - 1)]);
+    }
+}

 }  // namespace writer
 }  // namespace audit_log
--- a/src/audit_log/writer/writer.h
+++ b/src/audit_log/writer/writer.h
@ -31,13 +31,13 @@
 #include "modsecurity/transaction.h"
 #include "modsecurity/audit_log.h"

+#define SERIAL_AUDIT_LOG_BOUNDARY_LENGTH 8

 namespace modsecurity {
 namespace audit_log {
 namespace writer {


-
 /** @ingroup ModSecurity_CPP_API */
 class Writer {
 public:
@ -51,6 +51,7 @@ class Writer {
    virtual bool write(Transaction *transaction, int parts,
        std::string *error) = 0;

+    void generateBoundary(std::string *boundary);

    void refCountIncrease() {
        m_refereceCount++;
--- a/src/parser/seclang-parser.cc
+++ b/src/parser/seclang-parser.cc
--- a/src/parser/seclang-parser.hh
+++ b/src/parser/seclang-parser.hh
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@ -445,6 +445,10 @@ using modsecurity::operators::Operator;
  SETVAR_OPERATION_EQUALS_MINUS
  NOT                                          "NOT"

+  CONFIG_DIR_AUDIT_LOG_FMT
+  JSON
+  NATIVE
+
  ACTION_CTL_RULE_ENGINE                       "ACTION_CTL_RULE_ENGINE"
 ;

@ -746,6 +750,16 @@ audit_log:
        driver.m_auditLog->setFilePath1($1);
      }

+    | CONFIG_DIR_AUDIT_LOG_FMT JSON
+      {
+        driver.m_auditLog->setFormat(modsecurity::audit_log::AuditLog::JSONAuditLogFormat);
+      }
+
+    | CONFIG_DIR_AUDIT_LOG_FMT NATIVE
+      {
+        driver.m_auditLog->setFormat(modsecurity::audit_log::AuditLog::NativeAuditLogFormat);
+      }
+
    /* SecAuditLogRelevantStatus */
    | CONFIG_DIR_AUDIT_STS
      {
--- a/src/parser/seclang-scanner.cc
+++ b/src/parser/seclang-scanner.cc
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@ -267,6 +267,7 @@ CONFIG_DIR_AUDIT_ENG                    (?i:SecAuditEngine)
 CONFIG_DIR_AUDIT_FLE_MOD                (?i:SecAuditLogFileMode)
 CONFIG_DIR_AUDIT_LOG2                   (?i:SecAuditLog2)
 CONFIG_DIR_AUDIT_LOG                    (?i:SecAuditLog)
+CONFIG_DIR_AUDIT_LOG_FMT                (?i:SecAuditLogFormat)
 CONFIG_DIR_AUDIT_LOG_P                  (?i:SecAuditLogParts)
 CONFIG_DIR_AUDIT_STS                    (?i:SecAuditLogRelevantStatus)
 CONFIG_DIR_AUDIT_TPE                    (?i:SecAuditLogType)
@ -350,6 +351,9 @@ VAR_FREE_TEXT_QUOTE                     ([^\']|([^\\]\\\'))+
 VAR_FREE_TEXT_SPACE                     [^ \t\"]+
 VAR_FREE_TEXT_SPACE_COMMA               [^, \t\"]+

+JSON                                    (?i:JSON)
+NATIVE                                  (?i:NATIVE)
+
 NEW_LINE                                [\n\r]+

 EQUALS                                  (?i:=)
@ -597,6 +601,9 @@ EQUALS_MINUS                            (?i:=\-)
 {CONFIG_DIR_AUDIT_LOG_P}[ \t]+{AUDIT_PARTS}                             { return p::make_CONFIG_DIR_AUDIT_LOG_P(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
 {CONFIG_DIR_AUDIT_LOG_P}[ \t]+["]{AUDIT_PARTS}["]                       { return p::make_CONFIG_DIR_AUDIT_LOG_P(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
 {CONFIG_DIR_AUDIT_LOG}[ ]{CONFIG_VALUE_PATH}                            { return p::make_CONFIG_DIR_AUDIT_LOG(strchr(yytext, ' ') + 1, *driver.loc.back()); }
+{CONFIG_DIR_AUDIT_LOG_FMT}                                              { return p::make_CONFIG_DIR_AUDIT_LOG_FMT(*driver.loc.back()); }
+{JSON}                                                                  { return p::make_JSON(*driver.loc.back()); }
+{NATIVE}                                                                { return p::make_NATIVE(*driver.loc.back()); }
 {CONFIG_DIR_AUDIT_LOG}[ ]["]{CONFIG_VALUE_PATH}["]                      { return p::make_CONFIG_DIR_AUDIT_LOG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
 {CONFIG_DIR_AUDIT_STS}[ ]{FREE_TEXT_NEW_LINE}                           { return p::make_CONFIG_DIR_AUDIT_STS(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
 {CONFIG_DIR_AUDIT_STS}[ \t]+["]{NEW_LINE_FREE_TEXT}["]                  { return p::make_CONFIG_DIR_AUDIT_STS(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
--- a/src/transaction.cc
+++ b/src/transaction.cc
@ -1205,28 +1205,39 @@ const char *Transaction::getResponseBody() {

 /**
 * @name    getResponseBodyLength
- * @brief   Retrieve the length of the updated response body.
+ * @brief   Retrieve the length of the response body.
 *
- * This method returns the size of the update response body buffer, notice
+ * This method returns the size of the response body buffer.
+ *
+ *
+ * @return Size of the update response body.
+ *
+ */
+size_t Transaction::getResponseBodyLength() {
+    size_t size = 0;
+    m_responseBody.seekp(0, std::ios::end);
+    size = m_responseBody.tellp();
+
+    return size;
+}
+
+/**
+ * @name    getRequestBodyLength
+ * @brief   Retrieve the length of the request body.
+ *
+ * This method returns the size of the request body buffer, notice
 * however, that most likely there isn't an update. Thus, this method will
 * return 0.
 *
 *
- * @return Size of the update response body.
- * @retval ==0 there is no update.
- * @retval >0  the size of the updated buffer.
+ * @return Size of the request body.
 *
 */
-int Transaction::getResponseBodyLength() {
-    int size = 0;
-#if 0
-    int there_is_update = this->rules->loadResponseBodyFromJS(this);
-    if (there_is_update == -1) {
-        return -1;
-    }
-#endif
-    this->m_responseBody.seekp(0, std::ios::end);
-    size = this->m_responseBody.tellp();
+size_t Transaction::getRequestBodyLength() {
+    size_t size = 0;
+
+    m_requestBody.seekp(0, std::ios::end);
+    size = m_requestBody.tellp();

    return size;
 }
@ -1444,7 +1455,7 @@ std::string Transaction::toOldAuditLogFormat(int parts,
    }
    if (parts & audit_log::AuditLog::EAuditLogPart
        && m_responseBody.tellp() > 0) {
-        std::string body = m_responseBody.str();
+        std::string body = utils::string::toHexIfNeeded(m_responseBody.str());
        audit_log << "--" << trailer << "-" << "E--" << std::endl;
        if (body.size() > 0) {
            audit_log << body << std::endl;
@ -2129,23 +2140,34 @@ extern "C" const char *msc_get_response_body(Transaction *transaction) {

 /**
 * @name    msc_get_response_body_length
- * @brief   Retrieve the length of the updated response body.
+ * @brief   Retrieve the length of the response body.
 *
- * This function returns the size of the update response body buffer, notice
- * however, that most likely there isn't an update. Thus, this function will
- * return 0.
+ * This function returns the size of the response body buffer.
 *
 * @param transaction ModSecurity transaction.
 *
- * @return Size of the update response body.
- * @retval ==0 there is no update.
- * @retval >0  the size of the updated buffer.
+ * @return Size of the response body.
 *
 */
-extern "C" int msc_get_response_body_length(Transaction *transaction) {
+extern "C" size_t msc_get_response_body_length(Transaction *transaction) {
    return transaction->getResponseBodyLength();
 }

+/**
+ * @name    msc_get_request_body_length
+ * @brief   Retrieve the length of the request body.
+ *
+ * This function returns the size of the request body buffer.
+ *
+ * @param transaction ModSecurity transaction.
+ *
+ * @return Size of the request body.
+ *
+ */
+extern "C" size_t msc_get_request_body_length(Transaction *transaction) {
+    return transaction->getRequestBodyLength();
+}
+
 /**
 * @name    msc_process_logging
 * @brief   Logging all information relative to this transaction.
--- a/test/benchmark/basic_rules.conf
+++ b/test/benchmark/basic_rules.conf
@ -3,3 +3,5 @@ Include "../../modsecurity.conf-recommended"

 Include "owasp-v3/crs-setup.conf.example"
 Include "owasp-v3/rules/*.conf"
+Include "owasp-v3/crs-setup.conf.example"
+Include "owasp-v3/rules/*.conf"