github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix rules `messages' on the auditlog

Browse Source
This commit is contained in:
Felipe Zimmerle 2016-02-10 12:03:52 -03:00
parent 9474373264
commit 77900ed4e2
12 changed files with 43 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
headers/modsecurity/rule.h
View File

@ -70,16 +70,16 @@ class Rule {
this->m_referenceCount++; this->m_referenceCount++;
} }
std::string rev; std::string m_rev;
std::string m_ver;
std::string m_marker; std::string m_marker;
bool m_secmarker; bool m_secmarker;
std::string m_fileName; std::string m_fileName;
int m_lineNumber; int m_lineNumber;
std::list<std::string> m_tags;
std::string m_log_data;
std::string m_log_message; std::string m_log_message;
std::string m_log_data;
private: private:
bool m_unconditional; bool m_unconditional;
@ -92,28 +92,26 @@ class RuleMessage {
m_ruleFile = rule->m_fileName; m_ruleFile = rule->m_fileName;
m_ruleLine = rule->m_lineNumber; m_ruleLine = rule->m_lineNumber;
m_ruleId = rule->rule_id; m_ruleId = rule->rule_id;
m_ruleRev = 0; m_rev = rule->m_rev;
m_message = std::string(""); m_message = std::string("");
m_data = std::string(""); m_data = std::string("");
m_severity = std::string(""); m_severity = 0;
m_ver = std::string(""); m_ver = rule->m_ver;
m_maturity = 0; m_maturity = 0;
m_accuracy = 0; m_accuracy = 0;
m_tags = std::string("");
m_rule = rule; m_rule = rule;
}; };
RuleMessage(Rule *rule, std::string message) { RuleMessage(Rule *rule, std::string message) {
m_ruleFile = rule->m_fileName; m_ruleFile = rule->m_fileName;
m_ruleLine = rule->m_lineNumber; m_ruleLine = rule->m_lineNumber;
m_ruleId = rule->rule_id; m_ruleId = rule->rule_id;
m_ruleRev = 0; m_rev = rule->m_rev;
m_message = message; m_message = message;
m_data = std::string(""); m_data = std::string("");
m_severity = std::string(""); m_severity = 0;
m_ver = std::string(""); m_ver = rule->m_ver;
m_maturity = 0; m_maturity = 0;
m_accuracy = 0; m_accuracy = 0;
m_tags = std::string("");
m_rule = rule; m_rule = rule;
}; };
@ -121,14 +119,15 @@ class RuleMessage {
std::string m_ruleFile; std::string m_ruleFile;
int m_ruleLine; int m_ruleLine;
int m_ruleId; int m_ruleId;
int m_ruleRev;
std::string m_message; std::string m_message;
std::string m_data; std::string m_data;
std::string m_severity; int m_severity;
std::string m_ver; std::string m_ver;
std::string m_rev;
int m_maturity; int m_maturity;
int m_accuracy; int m_accuracy;
std::string m_tags;
std::list<std::string> m_tags;
Rule *m_rule; Rule *m_rule;
}; };

6
headers/modsecurity/transaction.h
View File

@ -270,12 +270,6 @@ class Transaction {
*/ */
std::list<modsecurity::RuleMessage *> m_rulesMessages; std::list<modsecurity::RuleMessage *> m_rulesMessages;
/**
* The list m_ruleTags contains all tags that were specified by the
* action `tag'.
*/
std::list<std::string> m_ruleTags;
/** /**
* Holds the request body, in case of any. * Holds the request body, in case of any.
*/ */

5
src/actions/action.h
View File

@ -17,6 +17,7 @@
#include <iostream> #include <iostream>
#include "modsecurity/intervention.h" #include "modsecurity/intervention.h"
#include "modsecurity/rule.h"
#ifndef SRC_ACTIONS_ACTION_H_ #ifndef SRC_ACTIONS_ACTION_H_
#define SRC_ACTIONS_ACTION_H_ #define SRC_ACTIONS_ACTION_H_
@ -89,6 +90,10 @@ class Action {
virtual std::string evaluate(std::string exp, virtual std::string evaluate(std::string exp,
Transaction *transaction); Transaction *transaction);
virtual bool evaluate(Rule *rule, Transaction *transaction); virtual bool evaluate(Rule *rule, Transaction *transaction);
virtual bool evaluate(Rule *rule, Transaction *transaction,
RuleMessage *ruleMessage) {
return evaluate(rule, transaction);
}
virtual bool init(std::string *error) { return true; } virtual bool init(std::string *error) { return true; }
virtual bool isDisruptive() { return false; } virtual bool isDisruptive() { return false; }

6
src/actions/log_data.cc
View File

@ -35,10 +35,12 @@ LogData::LogData(std::string action)
} }
bool LogData::evaluate(Rule *rule, Transaction *transaction) { bool LogData::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
std::string data = MacroExpansion::expand(m_data, transaction); std::string data = MacroExpansion::expand(m_data, transaction);
rule->m_log_data = data; rm->m_data = data;
return true;
} }

2
src/actions/log_data.h
View File

@ -31,7 +31,7 @@ class LogData : public Action {
public: public:
explicit LogData(std::string action); explicit LogData(std::string action);
bool evaluate(Rule *rule, Transaction *transaction) override; bool evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) override;
private: private:
std::string m_data; std::string m_data;

2
src/actions/rev.cc
View File

@ -38,7 +38,7 @@ Rev::Rev(std::string action)
bool Rev::evaluate(Rule *rule, Transaction *transaction) { bool Rev::evaluate(Rule *rule, Transaction *transaction) {
rule->rev = m_rev; rule->m_rev = m_rev;
return true; return true;
} }

6
src/actions/severity.cc
View File

@ -20,6 +20,7 @@
#include "actions/action.h" #include "actions/action.h"
#include "modsecurity/transaction.h" #include "modsecurity/transaction.h"
#include "modsecurity/rule.h"
#include "src/utils.h" #include "src/utils.h"
namespace modsecurity { namespace modsecurity {
@ -50,13 +51,16 @@ Severity::Severity(std::string action)
} }
bool Severity::evaluate(Rule *rule, Transaction *transaction) { bool Severity::evaluate(Rule *rule, Transaction *transaction,
RuleMessage *rm) {
#ifndef NO_LOGS #ifndef NO_LOGS
transaction->debug(9, "This rule severity is: " + \ transaction->debug(9, "This rule severity is: " + \
std::to_string(this->m_severity) + " current transaction is: " + \ std::to_string(this->m_severity) + " current transaction is: " + \
std::to_string(transaction->m_highestSeverityAction)); std::to_string(transaction->m_highestSeverityAction));
#endif #endif
rm->m_severity = m_severity;
if (transaction->m_highestSeverityAction > this->m_severity) { if (transaction->m_highestSeverityAction > this->m_severity) {
transaction->m_highestSeverityAction = this->m_severity; transaction->m_highestSeverityAction = this->m_severity;
} }

3
src/actions/severity.h
View File

@ -33,7 +33,8 @@ class Severity : public Action {
public: public:
explicit Severity(std::string action); explicit Severity(std::string action);
bool evaluate(Rule *rule, Transaction *transaction) override; bool evaluate(Rule *rule, Transaction *transaction,
RuleMessage *rm) override;
private: private:
int m_severity; int m_severity;

7
src/actions/tag.cc
View File

@ -57,12 +57,15 @@ Tag::Tag(std::string action)
} }
bool Tag::evaluate(Rule *rule, Transaction *transaction) { bool Tag::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
std::string tag = MacroExpansion::expand(m_tag, transaction); std::string tag = MacroExpansion::expand(m_tag, transaction);
#ifndef NO_LOGS #ifndef NO_LOGS
transaction->debug(9, "Rule tag: " + tag); transaction->debug(9, "Rule tag: " + tag);
#endif #endif
rule->m_tags.push_back(tag);
rm->m_tags.push_back(tag);
return true; return true;
} }

2
src/actions/tag.h
View File

@ -31,7 +31,7 @@ class Tag : public Action {
public: public:
explicit Tag(std::string action); explicit Tag(std::string action);
bool evaluate(Rule *rule, Transaction *transaction) override; bool evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) override;
private: private:
std::string m_tag; std::string m_tag;

5
src/rule.cc
View File

@ -267,6 +267,8 @@ bool Rule::evaluateActions(Transaction *trasn) {
bool Rule::evaluate(Transaction *trasn) { bool Rule::evaluate(Transaction *trasn) {
bool ret = false; bool ret = false;
std::vector<Variable *> *variables = this->variables; std::vector<Variable *> *variables = this->variables;
RuleMessage *ruleMessage = new modsecurity::RuleMessage(this, m_log_message);
if (m_secmarker == true) { if (m_secmarker == true) {
return true; return true;
@ -398,7 +400,7 @@ bool Rule::evaluate(Transaction *trasn) {
trasn->debug(4, "Running (_non_ disruptive) " \ trasn->debug(4, "Running (_non_ disruptive) " \
"action: " + a->action); "action: " + a->action);
#endif #endif
a->evaluate(this, trasn); a->evaluate(this, trasn, ruleMessage);
} else { } else {
containsDisruptive = true; containsDisruptive = true;
} }
@ -510,7 +512,6 @@ bool Rule::evaluate(Transaction *trasn) {
} }
if (!m_log_message.empty() || !m_log_data.empty()) { if (!m_log_message.empty() || !m_log_data.empty()) {
RuleMessage *ruleMessage = new modsecurity::RuleMessage(this, m_log_message);
ruleMessage->m_data = m_log_data; ruleMessage->m_data = m_log_data;
trasn->m_rulesMessages.push_back(ruleMessage); trasn->m_rulesMessages.push_back(ruleMessage);
} }

5
src/transaction.cc
View File

@ -1545,14 +1545,15 @@ std::string Transaction::toJSON(int parts) {
LOGFY_ADD("file", a->m_ruleFile.c_str()); LOGFY_ADD("file", a->m_ruleFile.c_str());
LOGFY_ADD("lineNumber", std::to_string(a->m_ruleLine).c_str()); LOGFY_ADD("lineNumber", std::to_string(a->m_ruleLine).c_str());
LOGFY_ADD("data", a->m_data.c_str()); LOGFY_ADD("data", a->m_data.c_str());
LOGFY_ADD("serverity", a->m_severity.c_str()); LOGFY_ADD("serverity", std::to_string(a->m_severity).c_str());
LOGFY_ADD("ver", a->m_ver.c_str()); LOGFY_ADD("ver", a->m_ver.c_str());
LOGFY_ADD("rev", a->m_rev.c_str());
yajl_gen_string(g, yajl_gen_string(g,
reinterpret_cast<const unsigned char*>("tags"), reinterpret_cast<const unsigned char*>("tags"),
strlen("tags")); strlen("tags"));
yajl_gen_array_open(g); yajl_gen_array_open(g);
for (auto b : a->m_rule->m_tags) { for (auto b : a->m_tags) {
yajl_gen_string(g, yajl_gen_string(g,
reinterpret_cast<const unsigned char*>(b.c_str()), reinterpret_cast<const unsigned char*>(b.c_str()),
strlen(b.c_str())); strlen(b.c_str()));