github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix rules `messages' on the auditlog

Browse Source
This commit is contained in:
Felipe Zimmerle 2016-02-10 12:03:52 -03:00
parent 9474373264
commit 77900ed4e2
12 changed files with 43 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
headers/modsecurity/rule.h
View File

@ -70,16 +70,16 @@ class Rule {
this->m_referenceCount++;
}
std::string rev;
std::string m_rev;
std::string m_ver;
std::string m_marker;
bool m_secmarker;
std::string m_fileName;
int m_lineNumber;
std::list<std::string> m_tags;
std::string m_log_data;
std::string m_log_message;
std::string m_log_data;
private:
bool m_unconditional;
@ -92,28 +92,26 @@ class RuleMessage {
m_ruleFile = rule->m_fileName;
m_ruleLine = rule->m_lineNumber;
m_ruleId = rule->rule_id;
m_ruleRev = 0;
m_rev = rule->m_rev;
m_message = std::string("");
m_data = std::string("");
m_severity = std::string("");
m_ver = std::string("");
m_severity = 0;
m_ver = rule->m_ver;
m_maturity = 0;
m_accuracy = 0;
m_tags = std::string("");
m_rule = rule;
};
RuleMessage(Rule *rule, std::string message) {
m_ruleFile = rule->m_fileName;
m_ruleLine = rule->m_lineNumber;
m_ruleId = rule->rule_id;
m_ruleRev = 0;
m_rev = rule->m_rev;
m_message = message;
m_data = std::string("");
m_severity = std::string("");
m_ver = std::string("");
m_severity = 0;
m_ver = rule->m_ver;
m_maturity = 0;
m_accuracy = 0;
m_tags = std::string("");
m_rule = rule;
};
@ -121,14 +119,15 @@ class RuleMessage {
std::string m_ruleFile;
int m_ruleLine;
int m_ruleId;
int m_ruleRev;
std::string m_message;
std::string m_data;
std::string m_severity;
int m_severity;
std::string m_ver;
std::string m_rev;
int m_maturity;
int m_accuracy;
std::string m_tags;
std::list<std::string> m_tags;
Rule *m_rule;
};

6
headers/modsecurity/transaction.h
View File

@ -270,12 +270,6 @@ class Transaction {
*/
std::list<modsecurity::RuleMessage *> m_rulesMessages;
/**
* The list m_ruleTags contains all tags that were specified by the
* action `tag'.
*/
std::list<std::string> m_ruleTags;
/**
* Holds the request body, in case of any.
*/

5
src/actions/action.h
View File

@ -17,6 +17,7 @@
#include <iostream>
#include "modsecurity/intervention.h"
#include "modsecurity/rule.h"
#ifndef SRC_ACTIONS_ACTION_H_
#define SRC_ACTIONS_ACTION_H_
@ -89,6 +90,10 @@ class Action {
virtual std::string evaluate(std::string exp,
Transaction *transaction);
virtual bool evaluate(Rule *rule, Transaction *transaction);
virtual bool evaluate(Rule *rule, Transaction *transaction,
RuleMessage *ruleMessage) {
return evaluate(rule, transaction);
}
virtual bool init(std::string *error) { return true; }
virtual bool isDisruptive() { return false; }

6
src/actions/log_data.cc
View File

@ -35,10 +35,12 @@ LogData::LogData(std::string action)
}
bool LogData::evaluate(Rule *rule, Transaction *transaction) {
bool LogData::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
std::string data = MacroExpansion::expand(m_data, transaction);
rule->m_log_data = data;
rm->m_data = data;
return true;
}

2
src/actions/log_data.h
View File

@ -31,7 +31,7 @@ class LogData : public Action {
public:
explicit LogData(std::string action);
bool evaluate(Rule *rule, Transaction *transaction) override;
bool evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) override;
private:
std::string m_data;

2
src/actions/rev.cc
View File

@ -38,7 +38,7 @@ Rev::Rev(std::string action)
bool Rev::evaluate(Rule *rule, Transaction *transaction) {
rule->rev = m_rev;
rule->m_rev = m_rev;
return true;
}

6
src/actions/severity.cc
View File

@ -20,6 +20,7 @@
#include "actions/action.h"
#include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "src/utils.h"
namespace modsecurity {
@ -50,13 +51,16 @@ Severity::Severity(std::string action)
}
bool Severity::evaluate(Rule *rule, Transaction *transaction) {
bool Severity::evaluate(Rule *rule, Transaction *transaction,
RuleMessage *rm) {
#ifndef NO_LOGS
transaction->debug(9, "This rule severity is: " + \
std::to_string(this->m_severity) + " current transaction is: " + \
std::to_string(transaction->m_highestSeverityAction));
#endif
rm->m_severity = m_severity;
if (transaction->m_highestSeverityAction > this->m_severity) {
transaction->m_highestSeverityAction = this->m_severity;
}

3
src/actions/severity.h
View File

@ -33,7 +33,8 @@ class Severity : public Action {
public:
explicit Severity(std::string action);
bool evaluate(Rule *rule, Transaction *transaction) override;
bool evaluate(Rule *rule, Transaction *transaction,
RuleMessage *rm) override;
private:
int m_severity;

7
src/actions/tag.cc
View File

@ -57,12 +57,15 @@ Tag::Tag(std::string action)
}
bool Tag::evaluate(Rule *rule, Transaction *transaction) {
bool Tag::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
std::string tag = MacroExpansion::expand(m_tag, transaction);
#ifndef NO_LOGS
transaction->debug(9, "Rule tag: " + tag);
#endif
rule->m_tags.push_back(tag);
rm->m_tags.push_back(tag);
return true;
}

2
src/actions/tag.h
View File

@ -31,7 +31,7 @@ class Tag : public Action {
public:
explicit Tag(std::string action);
bool evaluate(Rule *rule, Transaction *transaction) override;
bool evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) override;
private:
std::string m_tag;

5
src/rule.cc
View File

@ -267,6 +267,8 @@ bool Rule::evaluateActions(Transaction *trasn) {
bool Rule::evaluate(Transaction *trasn) {
bool ret = false;
std::vector<Variable *> *variables = this->variables;
RuleMessage *ruleMessage = new modsecurity::RuleMessage(this, m_log_message);
if (m_secmarker == true) {
return true;
@ -398,7 +400,7 @@ bool Rule::evaluate(Transaction *trasn) {
trasn->debug(4, "Running (_non_ disruptive) " \
"action: " + a->action);
#endif
a->evaluate(this, trasn);
a->evaluate(this, trasn, ruleMessage);
} else {
containsDisruptive = true;
}
@ -510,7 +512,6 @@ bool Rule::evaluate(Transaction *trasn) {
}
if (!m_log_message.empty() || !m_log_data.empty()) {
RuleMessage *ruleMessage = new modsecurity::RuleMessage(this, m_log_message);
ruleMessage->m_data = m_log_data;
trasn->m_rulesMessages.push_back(ruleMessage);
}

5
src/transaction.cc
View File

@ -1545,14 +1545,15 @@ std::string Transaction::toJSON(int parts) {
LOGFY_ADD("file", a->m_ruleFile.c_str());
LOGFY_ADD("lineNumber", std::to_string(a->m_ruleLine).c_str());
LOGFY_ADD("data", a->m_data.c_str());
LOGFY_ADD("serverity", a->m_severity.c_str());
LOGFY_ADD("serverity", std::to_string(a->m_severity).c_str());
LOGFY_ADD("ver", a->m_ver.c_str());
LOGFY_ADD("rev", a->m_rev.c_str());
yajl_gen_string(g,
reinterpret_cast<const unsigned char*>("tags"),
strlen("tags"));
yajl_gen_array_open(g);
for (auto b : a->m_rule->m_tags) {
for (auto b : a->m_tags) {
yajl_gen_string(g,
reinterpret_cast<const unsigned char*>(b.c_str()),
strlen(b.c_str()));