Fix rules `messages' on the auditlog

2025-09-29 19:24:29 +03:00 · 2016-02-10 12:03:52 -03:00
parent 9474373264
commit 77900ed4e2
12 changed files with 43 additions and 33 deletions
--- a/src/actions/action.h
+++ b/src/actions/action.h
@@ -17,6 +17,7 @@
 #include <iostream>

 #include "modsecurity/intervention.h"
+#include "modsecurity/rule.h"

 #ifndef SRC_ACTIONS_ACTION_H_
 #define SRC_ACTIONS_ACTION_H_
@@ -89,6 +90,10 @@ class Action {
    virtual std::string evaluate(std::string exp,
        Transaction *transaction);
    virtual bool evaluate(Rule *rule, Transaction *transaction);
+    virtual bool evaluate(Rule *rule, Transaction *transaction,
+        RuleMessage *ruleMessage) {
+        return evaluate(rule, transaction);
+    }
    virtual bool init(std::string *error) { return true; }
    virtual bool isDisruptive() { return false; }

--- a/src/actions/log_data.cc
+++ b/src/actions/log_data.cc
@@ -35,10 +35,12 @@ LogData::LogData(std::string action)
 }


-bool LogData::evaluate(Rule *rule, Transaction *transaction) {
+bool LogData::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
    std::string data = MacroExpansion::expand(m_data, transaction);

-    rule->m_log_data = data;
+    rm->m_data = data;
+
+    return true;
 }


--- a/src/actions/log_data.h
+++ b/src/actions/log_data.h
@@ -31,7 +31,7 @@ class LogData : public Action {
 public:
    explicit LogData(std::string action);

-    bool evaluate(Rule *rule, Transaction *transaction) override;
+    bool evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) override;

 private:
    std::string m_data;
--- a/src/actions/rev.cc
+++ b/src/actions/rev.cc
@@ -38,7 +38,7 @@ Rev::Rev(std::string action)


 bool Rev::evaluate(Rule *rule, Transaction *transaction) {
-    rule->rev = m_rev;
+    rule->m_rev = m_rev;
    return true;
 }

--- a/src/actions/severity.cc
+++ b/src/actions/severity.cc
@@ -20,6 +20,7 @@

 #include "actions/action.h"
 #include "modsecurity/transaction.h"
+#include "modsecurity/rule.h"
 #include "src/utils.h"

 namespace modsecurity {
@@ -50,13 +51,16 @@ Severity::Severity(std::string action)
 }


-bool Severity::evaluate(Rule *rule, Transaction *transaction) {
+bool Severity::evaluate(Rule *rule, Transaction *transaction,
+    RuleMessage *rm) {
 #ifndef NO_LOGS
    transaction->debug(9, "This rule severity is: " + \
        std::to_string(this->m_severity) + " current transaction is: " + \
        std::to_string(transaction->m_highestSeverityAction));
 #endif

+    rm->m_severity = m_severity;
+
    if (transaction->m_highestSeverityAction > this->m_severity) {
        transaction->m_highestSeverityAction = this->m_severity;
    }
--- a/src/actions/severity.h
+++ b/src/actions/severity.h
@@ -33,7 +33,8 @@ class Severity : public Action {
 public:
    explicit Severity(std::string action);

-    bool evaluate(Rule *rule, Transaction *transaction) override;
+    bool evaluate(Rule *rule, Transaction *transaction,
+        RuleMessage *rm) override;

 private:
    int m_severity;
--- a/src/actions/tag.cc
+++ b/src/actions/tag.cc
@@ -57,12 +57,15 @@ Tag::Tag(std::string action)
 }


-bool Tag::evaluate(Rule *rule, Transaction *transaction) {
+bool Tag::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
    std::string tag = MacroExpansion::expand(m_tag, transaction);
+
 #ifndef NO_LOGS
    transaction->debug(9, "Rule tag: " + tag);
 #endif
-    rule->m_tags.push_back(tag);
+
+    rm->m_tags.push_back(tag);
+
    return true;
 }

--- a/src/actions/tag.h
+++ b/src/actions/tag.h
@@ -31,7 +31,7 @@ class Tag : public Action {
 public:
    explicit Tag(std::string action);

-    bool evaluate(Rule *rule, Transaction *transaction) override;
+    bool evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) override;

 private:
    std::string m_tag;
--- a/src/rule.cc
+++ b/src/rule.cc
@@ -267,6 +267,8 @@ bool Rule::evaluateActions(Transaction *trasn) {
 bool Rule::evaluate(Transaction *trasn) {
    bool ret = false;
    std::vector<Variable *> *variables = this->variables;
+    RuleMessage *ruleMessage = new modsecurity::RuleMessage(this, m_log_message);
+

    if (m_secmarker == true) {
        return true;
@@ -398,7 +400,7 @@ bool Rule::evaluate(Transaction *trasn) {
                        trasn->debug(4, "Running (_non_ disruptive) " \
                            "action: " + a->action);
 #endif
-                        a->evaluate(this, trasn);
+                        a->evaluate(this, trasn, ruleMessage);
                    } else {
                        containsDisruptive = true;
                    }
@@ -510,7 +512,6 @@ bool Rule::evaluate(Transaction *trasn) {
    }

    if (!m_log_message.empty() || !m_log_data.empty()) {
-        RuleMessage *ruleMessage = new modsecurity::RuleMessage(this, m_log_message);
        ruleMessage->m_data = m_log_data;
        trasn->m_rulesMessages.push_back(ruleMessage);
    }
--- a/src/transaction.cc
+++ b/src/transaction.cc
@@ -1545,14 +1545,15 @@ std::string Transaction::toJSON(int parts) {
            LOGFY_ADD("file", a->m_ruleFile.c_str());
            LOGFY_ADD("lineNumber", std::to_string(a->m_ruleLine).c_str());
            LOGFY_ADD("data", a->m_data.c_str());
-            LOGFY_ADD("serverity", a->m_severity.c_str());
+            LOGFY_ADD("serverity", std::to_string(a->m_severity).c_str());
            LOGFY_ADD("ver", a->m_ver.c_str());
+            LOGFY_ADD("rev", a->m_rev.c_str());

            yajl_gen_string(g,
                reinterpret_cast<const unsigned char*>("tags"),
                strlen("tags"));
            yajl_gen_array_open(g);
-            for (auto b : a->m_rule->m_tags) {
+            for (auto b : a->m_tags) {
                yajl_gen_string(g,
                    reinterpret_cast<const unsigned char*>(b.c_str()),
                    strlen(b.c_str()));