Support to JSON stuff on serial logging

2025-08-16 07:56:12 +03:00 · 2017-10-03 20:50:02 +00:00 · 2017-10-03 20:50:02 +00:00 · 63bef3d142
commit 63bef3d142
parent 2988c5bb07
16 changed files with 7388 additions and 7223 deletions
--- a/headers/modsecurity/audit_log.h
+++ b/headers/modsecurity/audit_log.h
@ -53,6 +53,12 @@ class AuditLog {
     RelevantOnlyAuditLogStatus
    };
    enum AuditLogFormat {
     NotSetAuditLogFormat,
     JSONAuditLogFormat,
     NativeAuditLogFormat
    };
    enum AuditLogParts {
     /**
      * Audit log header (mandatory).
@ -150,6 +156,7 @@ class AuditLog {
    bool setFilePath1(const std::basic_string<char>& path);
    bool setFilePath2(const std::basic_string<char>& path);
    bool setStorageDir(const std::basic_string<char>& path);
    bool setFormat(AuditLogFormat format);
    int getDirectoryPermission();
    int getFilePermission();
@ -186,6 +193,7 @@ class AuditLog {
        }
        return false;
    }
    AuditLogFormat m_format;
 protected:
    int m_parts;
--- a/headers/modsecurity/transaction.h
+++ b/headers/modsecurity/transaction.h
@ -319,7 +319,8 @@ class Transaction : public TransactionAnchoredVariables {
        size_t offset);
    const char *getResponseBody();
-    int getResponseBodyLength();
+    size_t getResponseBodyLength();
    size_t getRequestBodyLength();
 #ifndef NO_LOGS
    void debug(int, std::string);
@ -612,7 +613,10 @@ int msc_process_uri(Transaction *transaction, const char *uri,
 const char *msc_get_response_body(Transaction *transaction);
 /** @ingroup ModSecurity_C_API */
-int msc_get_response_body_length(Transaction *transaction);
+size_t msc_get_response_body_length(Transaction *transaction);
 /** @ingroup ModSecurity_C_API */
 size_t msc_get_request_body_length(Transaction *transaction);
 /** @ingroup ModSecurity_C_API */
 void msc_transaction_cleanup(Transaction *transaction);
--- a/src/audit_log/audit_log.cc
+++ b/src/audit_log/audit_log.cc
@ -129,6 +129,10 @@ bool AuditLog::setFilePath2(const std::basic_string<char>& path) {
    return true;
 }
 bool AuditLog::setFormat(AuditLogFormat fmt) {
    this->m_format = fmt;
    return true;
 }
 int AuditLog::addParts(int parts, const std::string& new_parts) {
    PARTS_CONSTAINS('A', AAuditLogPart)
@ -349,6 +353,10 @@ bool AuditLog::merge(AuditLog *from, std::string *error) {
        m_parts = from->m_parts;
    }
    if (from->m_format != NotSetAuditLogFormat) {
        m_format = from->m_format;
    }
    return init(error);
 }
--- a/src/audit_log/writer/parallel.cc
+++ b/src/audit_log/writer/parallel.cc
@ -103,12 +103,21 @@ bool Parallel::init(std::string *error) {
 bool Parallel::write(Transaction *transaction, int parts, std::string *error) {
    int fd;
-    std::string log = transaction->toJSON(parts);
+    std::string log;
    std::string fileName = logFilePath(&transaction->m_timeStamp,
        YearMonthDayDirectory | YearMonthDayAndTimeDirectory
        | YearMonthDayAndTimeFileName);
    bool ret;
    if (transaction->m_rules->m_auditLog->m_format ==
            audit_log::AuditLog::JSONAuditLogFormat) {
        log = transaction->toJSON(parts);
    } else {
        std::string boundary;
        generateBoundary(&boundary);
        log = transaction->toOldAuditLogFormat(parts, "-" + boundary + "--");
    }
    std::string logPath = m_audit->m_storage_dir;
    fileName = logPath + fileName + "-" + transaction->m_id;
--- a/src/audit_log/writer/parallel.h
+++ b/src/audit_log/writer/parallel.h
@ -22,6 +22,7 @@
 #include "modsecurity/transaction.h"
 #include "modsecurity/audit_log.h"
 #include "src/utils/shared_files.h"
 #include "modsecurity/rules.h"
 #ifdef __cplusplus
--- a/src/audit_log/writer/serial.cc
+++ b/src/audit_log/writer/serial.cc
@ -28,29 +28,22 @@ Serial::~Serial() {
 }
 void Serial::generateBoundary(std::string *boundary) {
    static const char alphanum[] =
        "0123456789"
        "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
        "abcdefghijklmnopqrstuvwxyz";
    for (int i = 0; i < SERIAL_AUDIT_LOG_BOUNDARY_LENGTH; ++i) {
        boundary->append(1, alphanum[rand() % (sizeof(alphanum) - 1)]);
    }
 }
 bool Serial::init(std::string *error) {
    return utils::SharedFiles::getInstance().open(m_audit->m_path1, error);
 }
 bool Serial::write(Transaction *transaction, int parts, std::string *error) {
    std::string boundary;
    std::string msg;
    if (transaction->m_rules->m_auditLog->m_format ==
            audit_log::AuditLog::JSONAuditLogFormat) {
        msg = transaction->toJSON(parts);
    } else {
        std::string boundary;
        generateBoundary(&boundary);
        msg = transaction->toOldAuditLogFormat(parts, "-" + boundary + "--");
    }
    return utils::SharedFiles::getInstance().write(m_audit->m_path1, msg,
        error);
--- a/src/audit_log/writer/serial.h
+++ b/src/audit_log/writer/serial.h
@ -26,6 +26,7 @@
 #include "src/utils/shared_files.h"
 #include "modsecurity/transaction.h"
 #include "modsecurity/audit_log.h"
 #include "modsecurity/rules.h"
 #ifdef __cplusplus
@ -33,8 +34,6 @@ namespace modsecurity {
 namespace audit_log {
 namespace writer {
 #define SERIAL_AUDIT_LOG_BOUNDARY_LENGTH 8
 /** @ingroup ModSecurity_CPP_API */
 class Serial : public Writer {
@ -49,7 +48,6 @@ class Serial : public Writer {
    bool write(Transaction *transaction, int parts,
        std::string *error) override;
    void generateBoundary(std::string *boundary);
 };
 }  // namespace writer
--- a/src/audit_log/writer/writer.cc
+++ b/src/audit_log/writer/writer.cc
@ -23,7 +23,16 @@ namespace modsecurity {
 namespace audit_log {
 namespace writer {
 void Writer::generateBoundary(std::string *boundary) {
    static const char alphanum[] =
        "0123456789"
        "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
        "abcdefghijklmnopqrstuvwxyz";
    for (int i = 0; i < SERIAL_AUDIT_LOG_BOUNDARY_LENGTH; ++i) {
        boundary->append(1, alphanum[rand() % (sizeof(alphanum) - 1)]);
    }
 }
 }  // namespace writer
 }  // namespace audit_log
--- a/src/audit_log/writer/writer.h
+++ b/src/audit_log/writer/writer.h
@ -31,13 +31,13 @@
 #include "modsecurity/transaction.h"
 #include "modsecurity/audit_log.h"
 #define SERIAL_AUDIT_LOG_BOUNDARY_LENGTH 8
 namespace modsecurity {
 namespace audit_log {
 namespace writer {
 /** @ingroup ModSecurity_CPP_API */
 class Writer {
 public:
@ -51,6 +51,7 @@ class Writer {
    virtual bool write(Transaction *transaction, int parts,
        std::string *error) = 0;
    void generateBoundary(std::string *boundary);
    void refCountIncrease() {
        m_refereceCount++;
--- a/src/parser/seclang-parser.cc
+++ b/src/parser/seclang-parser.cc
--- a/src/parser/seclang-parser.hh
+++ b/src/parser/seclang-parser.hh
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@ -445,6 +445,10 @@ using modsecurity::operators::Operator;
  SETVAR_OPERATION_EQUALS_MINUS
  NOT                                          "NOT"
  CONFIG_DIR_AUDIT_LOG_FMT
  JSON
  NATIVE
  ACTION_CTL_RULE_ENGINE                       "ACTION_CTL_RULE_ENGINE"
 ;
@ -746,6 +750,16 @@ audit_log:
        driver.m_auditLog->setFilePath1($1);
      }
    | CONFIG_DIR_AUDIT_LOG_FMT JSON
      {
        driver.m_auditLog->setFormat(modsecurity::audit_log::AuditLog::JSONAuditLogFormat);
      }
    | CONFIG_DIR_AUDIT_LOG_FMT NATIVE
      {
        driver.m_auditLog->setFormat(modsecurity::audit_log::AuditLog::NativeAuditLogFormat);
      }
    /* SecAuditLogRelevantStatus */
    | CONFIG_DIR_AUDIT_STS
      {
--- a/src/parser/seclang-scanner.cc
+++ b/src/parser/seclang-scanner.cc
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@ -267,6 +267,7 @@ CONFIG_DIR_AUDIT_ENG                    (?i:SecAuditEngine)
 CONFIG_DIR_AUDIT_FLE_MOD                (?i:SecAuditLogFileMode)
 CONFIG_DIR_AUDIT_LOG2                   (?i:SecAuditLog2)
 CONFIG_DIR_AUDIT_LOG                    (?i:SecAuditLog)
 CONFIG_DIR_AUDIT_LOG_FMT                (?i:SecAuditLogFormat)
 CONFIG_DIR_AUDIT_LOG_P                  (?i:SecAuditLogParts)
 CONFIG_DIR_AUDIT_STS                    (?i:SecAuditLogRelevantStatus)
 CONFIG_DIR_AUDIT_TPE                    (?i:SecAuditLogType)
@ -350,6 +351,9 @@ VAR_FREE_TEXT_QUOTE                     ([^\']|([^\\]\\\'))+
 VAR_FREE_TEXT_SPACE                     [^ \t\"]+
 VAR_FREE_TEXT_SPACE_COMMA               [^, \t\"]+
 JSON                                    (?i:JSON)
 NATIVE                                  (?i:NATIVE)
 NEW_LINE                                [\n\r]+
 EQUALS                                  (?i:=)
@ -597,6 +601,9 @@ EQUALS_MINUS                            (?i:=\-)
 {CONFIG_DIR_AUDIT_LOG_P}[ \t]+{AUDIT_PARTS}                             { return p::make_CONFIG_DIR_AUDIT_LOG_P(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
 {CONFIG_DIR_AUDIT_LOG_P}[ \t]+["]{AUDIT_PARTS}["]                       { return p::make_CONFIG_DIR_AUDIT_LOG_P(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
 {CONFIG_DIR_AUDIT_LOG}[ ]{CONFIG_VALUE_PATH}                            { return p::make_CONFIG_DIR_AUDIT_LOG(strchr(yytext, ' ') + 1, *driver.loc.back()); }
 {CONFIG_DIR_AUDIT_LOG_FMT}                                              { return p::make_CONFIG_DIR_AUDIT_LOG_FMT(*driver.loc.back()); }
 {JSON}                                                                  { return p::make_JSON(*driver.loc.back()); }
 {NATIVE}                                                                { return p::make_NATIVE(*driver.loc.back()); }
 {CONFIG_DIR_AUDIT_LOG}[ ]["]{CONFIG_VALUE_PATH}["]                      { return p::make_CONFIG_DIR_AUDIT_LOG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
 {CONFIG_DIR_AUDIT_STS}[ ]{FREE_TEXT_NEW_LINE}                           { return p::make_CONFIG_DIR_AUDIT_STS(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
 {CONFIG_DIR_AUDIT_STS}[ \t]+["]{NEW_LINE_FREE_TEXT}["]                  { return p::make_CONFIG_DIR_AUDIT_STS(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
--- a/src/transaction.cc
+++ b/src/transaction.cc
@ -1205,28 +1205,39 @@ const char *Transaction::getResponseBody() {
 /**
 * @name    getResponseBodyLength
- * @brief   Retrieve the length of the updated response body.
+ * @brief   Retrieve the length of the response body.
 *
- * This method returns the size of the update response body buffer, notice
+ * This method returns the size of the response body buffer.
 *
 *
 * @return Size of the update response body.
 *
 */
 size_t Transaction::getResponseBodyLength() {
    size_t size = 0;
    m_responseBody.seekp(0, std::ios::end);
    size = m_responseBody.tellp();
    return size;
 }
 /**
 * @name    getRequestBodyLength
 * @brief   Retrieve the length of the request body.
 *
 * This method returns the size of the request body buffer, notice
 * however, that most likely there isn't an update. Thus, this method will
 * return 0.
 *
 *
- * @return Size of the update response body.
+ * @return Size of the request body.
 * @retval ==0 there is no update.
 * @retval >0  the size of the updated buffer.
 *
 */
-int Transaction::getResponseBodyLength() {
+size_t Transaction::getRequestBodyLength() {
-    int size = 0;
+    size_t size = 0;
-#if 0
+
-    int there_is_update = this->rules->loadResponseBodyFromJS(this);
+    m_requestBody.seekp(0, std::ios::end);
-    if (there_is_update == -1) {
+    size = m_requestBody.tellp();
        return -1;
    }
 #endif
    this->m_responseBody.seekp(0, std::ios::end);
    size = this->m_responseBody.tellp();
    return size;
 }
@ -1444,7 +1455,7 @@ std::string Transaction::toOldAuditLogFormat(int parts,
    }
    if (parts & audit_log::AuditLog::EAuditLogPart
        && m_responseBody.tellp() > 0) {
-        std::string body = m_responseBody.str();
+        std::string body = utils::string::toHexIfNeeded(m_responseBody.str());
        audit_log << "--" << trailer << "-" << "E--" << std::endl;
        if (body.size() > 0) {
            audit_log << body << std::endl;
@ -2129,23 +2140,34 @@ extern "C" const char *msc_get_response_body(Transaction *transaction) {
 /**
 * @name    msc_get_response_body_length
- * @brief   Retrieve the length of the updated response body.
+ * @brief   Retrieve the length of the response body.
 *
- * This function returns the size of the update response body buffer, notice
+ * This function returns the size of the response body buffer.
 * however, that most likely there isn't an update. Thus, this function will
 * return 0.
 *
 * @param transaction ModSecurity transaction.
 *
- * @return Size of the update response body.
+ * @return Size of the response body.
 * @retval ==0 there is no update.
 * @retval >0  the size of the updated buffer.
 *
 */
-extern "C" int msc_get_response_body_length(Transaction *transaction) {
+extern "C" size_t msc_get_response_body_length(Transaction *transaction) {
    return transaction->getResponseBodyLength();
 }
 /**
 * @name    msc_get_request_body_length
 * @brief   Retrieve the length of the request body.
 *
 * This function returns the size of the request body buffer.
 *
 * @param transaction ModSecurity transaction.
 *
 * @return Size of the request body.
 *
 */
 extern "C" size_t msc_get_request_body_length(Transaction *transaction) {
    return transaction->getRequestBodyLength();
 }
 /**
 * @name    msc_process_logging
 * @brief   Logging all information relative to this transaction.
--- a/test/benchmark/basic_rules.conf
+++ b/test/benchmark/basic_rules.conf
@ -3,3 +3,5 @@ Include "../../modsecurity.conf-recommended"
 Include "owasp-v3/crs-setup.conf.example"
 Include "owasp-v3/rules/*.conf"
 Include "owasp-v3/crs-setup.conf.example"
 Include "owasp-v3/rules/*.conf"