From 77900ed4e27f24fcc1fd341a5fabc04e30d16368 Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <fcosta@trustwave.com>
Date: Wed, 10 Feb 2016 12:03:52 -0300
Subject: [PATCH] Fix rules `messages' on the auditlog

---
 headers/modsecurity/rule.h        | 27 +++++++++++++--------------
 headers/modsecurity/transaction.h |  6 ------
 src/actions/action.h              |  5 +++++
 src/actions/log_data.cc           |  6 ++++--
 src/actions/log_data.h            |  2 +-
 src/actions/rev.cc                |  2 +-
 src/actions/severity.cc           |  6 +++++-
 src/actions/severity.h            |  3 ++-
 src/actions/tag.cc                |  7 +++++--
 src/actions/tag.h                 |  2 +-
 src/rule.cc                       |  5 +++--
 src/transaction.cc                |  5 +++--
 12 files changed, 43 insertions(+), 33 deletions(-)

diff --git a/headers/modsecurity/rule.h b/headers/modsecurity/rule.h
index f736e827..a4289064 100644
--- a/headers/modsecurity/rule.h
+++ b/headers/modsecurity/rule.h
@@ -70,16 +70,16 @@ class Rule {
         this->m_referenceCount++;
     }
 
-    std::string rev;
+    std::string m_rev;
+    std::string m_ver;
 
     std::string m_marker;
     bool m_secmarker;
     std::string m_fileName;
     int m_lineNumber;
-    std::list<std::string> m_tags;
 
-    std::string m_log_data;
     std::string m_log_message;
+    std::string m_log_data;
 
  private:
     bool m_unconditional;
@@ -92,28 +92,26 @@ class RuleMessage {
         m_ruleFile = rule->m_fileName;
         m_ruleLine = rule->m_lineNumber;
         m_ruleId = rule->rule_id;
-        m_ruleRev = 0;
+        m_rev = rule->m_rev;
         m_message = std::string("");
         m_data = std::string("");
-        m_severity = std::string("");
-        m_ver = std::string("");
+        m_severity = 0;
+        m_ver = rule->m_ver;
         m_maturity = 0;
         m_accuracy = 0;
-        m_tags = std::string("");
         m_rule = rule;
     };
     RuleMessage(Rule *rule, std::string message) {
         m_ruleFile = rule->m_fileName;
         m_ruleLine = rule->m_lineNumber;
         m_ruleId = rule->rule_id;
-        m_ruleRev = 0;
+        m_rev = rule->m_rev;
         m_message = message;
         m_data = std::string("");
-        m_severity = std::string("");
-        m_ver = std::string("");
+        m_severity = 0;
+        m_ver = rule->m_ver;
         m_maturity = 0;
         m_accuracy = 0;
-        m_tags = std::string("");
         m_rule = rule;
     };
 
@@ -121,14 +119,15 @@ class RuleMessage {
     std::string m_ruleFile;
     int m_ruleLine;
     int m_ruleId;
-    int m_ruleRev;
     std::string m_message;
     std::string m_data;
-    std::string m_severity;
+    int m_severity;
     std::string m_ver;
+    std::string m_rev;
     int m_maturity;
     int m_accuracy;
-    std::string m_tags;
+
+    std::list<std::string> m_tags;
 
     Rule *m_rule;
 };
diff --git a/headers/modsecurity/transaction.h b/headers/modsecurity/transaction.h
index 0c751abe..39d8ec36 100644
--- a/headers/modsecurity/transaction.h
+++ b/headers/modsecurity/transaction.h
@@ -270,12 +270,6 @@ class Transaction {
      */
     std::list<modsecurity::RuleMessage *> m_rulesMessages;
 
-    /**
-     * The list m_ruleTags contains all tags that were specified by the
-     * action `tag'.
-     */
-    std::list<std::string> m_ruleTags;
-
     /**
      * Holds the request body, in case of any.
      */
diff --git a/src/actions/action.h b/src/actions/action.h
index bb024775..5703a0bf 100644
--- a/src/actions/action.h
+++ b/src/actions/action.h
@@ -17,6 +17,7 @@
 #include <iostream>
 
 #include "modsecurity/intervention.h"
+#include "modsecurity/rule.h"
 
 #ifndef SRC_ACTIONS_ACTION_H_
 #define SRC_ACTIONS_ACTION_H_
@@ -89,6 +90,10 @@ class Action {
     virtual std::string evaluate(std::string exp,
         Transaction *transaction);
     virtual bool evaluate(Rule *rule, Transaction *transaction);
+    virtual bool evaluate(Rule *rule, Transaction *transaction,
+        RuleMessage *ruleMessage) {
+        return evaluate(rule, transaction);
+    }
     virtual bool init(std::string *error) { return true; }
     virtual bool isDisruptive() { return false; }
 
diff --git a/src/actions/log_data.cc b/src/actions/log_data.cc
index a1281b23..6fb12276 100644
--- a/src/actions/log_data.cc
+++ b/src/actions/log_data.cc
@@ -35,10 +35,12 @@ LogData::LogData(std::string action)
 }
 
 
-bool LogData::evaluate(Rule *rule, Transaction *transaction) {
+bool LogData::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
     std::string data = MacroExpansion::expand(m_data, transaction);
 
-    rule->m_log_data = data;
+    rm->m_data = data;
+
+    return true;
 }
 
 
diff --git a/src/actions/log_data.h b/src/actions/log_data.h
index 1ba07fb6..d92790e3 100644
--- a/src/actions/log_data.h
+++ b/src/actions/log_data.h
@@ -31,7 +31,7 @@ class LogData : public Action {
  public:
     explicit LogData(std::string action);
 
-    bool evaluate(Rule *rule, Transaction *transaction) override;
+    bool evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) override;
 
  private:
     std::string m_data;
diff --git a/src/actions/rev.cc b/src/actions/rev.cc
index ebe32afe..aff6e314 100644
--- a/src/actions/rev.cc
+++ b/src/actions/rev.cc
@@ -38,7 +38,7 @@ Rev::Rev(std::string action)
 
 
 bool Rev::evaluate(Rule *rule, Transaction *transaction) {
-    rule->rev = m_rev;
+    rule->m_rev = m_rev;
     return true;
 }
 
diff --git a/src/actions/severity.cc b/src/actions/severity.cc
index 34c19001..600d27b4 100644
--- a/src/actions/severity.cc
+++ b/src/actions/severity.cc
@@ -20,6 +20,7 @@
 
 #include "actions/action.h"
 #include "modsecurity/transaction.h"
+#include "modsecurity/rule.h"
 #include "src/utils.h"
 
 namespace modsecurity {
@@ -50,13 +51,16 @@ Severity::Severity(std::string action)
 }
 
 
-bool Severity::evaluate(Rule *rule, Transaction *transaction) {
+bool Severity::evaluate(Rule *rule, Transaction *transaction,
+    RuleMessage *rm) {
 #ifndef NO_LOGS
     transaction->debug(9, "This rule severity is: " + \
         std::to_string(this->m_severity) + " current transaction is: " + \
         std::to_string(transaction->m_highestSeverityAction));
 #endif
 
+    rm->m_severity = m_severity;
+
     if (transaction->m_highestSeverityAction > this->m_severity) {
         transaction->m_highestSeverityAction = this->m_severity;
     }
diff --git a/src/actions/severity.h b/src/actions/severity.h
index 27a8915f..9943eb1b 100644
--- a/src/actions/severity.h
+++ b/src/actions/severity.h
@@ -33,7 +33,8 @@ class Severity : public Action {
  public:
     explicit Severity(std::string action);
 
-    bool evaluate(Rule *rule, Transaction *transaction) override;
+    bool evaluate(Rule *rule, Transaction *transaction,
+        RuleMessage *rm) override;
 
  private:
     int m_severity;
diff --git a/src/actions/tag.cc b/src/actions/tag.cc
index 45cb59b4..0cb9e819 100644
--- a/src/actions/tag.cc
+++ b/src/actions/tag.cc
@@ -57,12 +57,15 @@ Tag::Tag(std::string action)
 }
 
 
-bool Tag::evaluate(Rule *rule, Transaction *transaction) {
+bool Tag::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
     std::string tag = MacroExpansion::expand(m_tag, transaction);
+
 #ifndef NO_LOGS
     transaction->debug(9, "Rule tag: " + tag);
 #endif
-    rule->m_tags.push_back(tag);
+
+    rm->m_tags.push_back(tag);
+
     return true;
 }
 
diff --git a/src/actions/tag.h b/src/actions/tag.h
index e44d7db7..e4da0d62 100644
--- a/src/actions/tag.h
+++ b/src/actions/tag.h
@@ -31,7 +31,7 @@ class Tag : public Action {
  public:
     explicit Tag(std::string action);
 
-    bool evaluate(Rule *rule, Transaction *transaction) override;
+    bool evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) override;
 
  private:
     std::string m_tag;
diff --git a/src/rule.cc b/src/rule.cc
index 0a1a577d..0183c7bf 100644
--- a/src/rule.cc
+++ b/src/rule.cc
@@ -267,6 +267,8 @@ bool Rule::evaluateActions(Transaction *trasn) {
 bool Rule::evaluate(Transaction *trasn) {
     bool ret = false;
     std::vector<Variable *> *variables = this->variables;
+    RuleMessage *ruleMessage = new modsecurity::RuleMessage(this, m_log_message);
+
 
     if (m_secmarker == true) {
         return true;
@@ -398,7 +400,7 @@ bool Rule::evaluate(Transaction *trasn) {
                         trasn->debug(4, "Running (_non_ disruptive) " \
                             "action: " + a->action);
 #endif
-                        a->evaluate(this, trasn);
+                        a->evaluate(this, trasn, ruleMessage);
                     } else {
                         containsDisruptive = true;
                     }
@@ -510,7 +512,6 @@ bool Rule::evaluate(Transaction *trasn) {
     }
 
     if (!m_log_message.empty() || !m_log_data.empty()) {
-        RuleMessage *ruleMessage = new modsecurity::RuleMessage(this, m_log_message);
         ruleMessage->m_data = m_log_data;
         trasn->m_rulesMessages.push_back(ruleMessage);
     }
diff --git a/src/transaction.cc b/src/transaction.cc
index 9f327b32..6ccaeab4 100644
--- a/src/transaction.cc
+++ b/src/transaction.cc
@@ -1545,14 +1545,15 @@ std::string Transaction::toJSON(int parts) {
             LOGFY_ADD("file", a->m_ruleFile.c_str());
             LOGFY_ADD("lineNumber", std::to_string(a->m_ruleLine).c_str());
             LOGFY_ADD("data", a->m_data.c_str());
-            LOGFY_ADD("serverity", a->m_severity.c_str());
+            LOGFY_ADD("serverity", std::to_string(a->m_severity).c_str());
             LOGFY_ADD("ver", a->m_ver.c_str());
+            LOGFY_ADD("rev", a->m_rev.c_str());
 
             yajl_gen_string(g,
                 reinterpret_cast<const unsigned char*>("tags"),
                 strlen("tags"));
             yajl_gen_array_open(g);
-            for (auto b : a->m_rule->m_tags) {
+            for (auto b : a->m_tags) {
                 yajl_gen_string(g,
                     reinterpret_cast<const unsigned char*>(b.c_str()),
                     strlen(b.c_str()));