github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 07:56:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

Using performLogging function

Browse Source
This commit is contained in:
Felipe Zimmerle 2019-03-12 13:42:06 -03:00
parent a1547eaa32
commit 7e0bc26917
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
4 changed files with 76 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
headers/modsecurity/rule_with_actions.h
View File

@ -79,6 +79,11 @@ class RuleWithActions : public Rule {
int *nth) const; int *nth) const;
void performLogging(Transaction *trans,
std::shared_ptr<RuleMessage> ruleMessage,
bool lastLog = true,
bool chainedParentNull = false);
std::vector<actions::Action *> getActionsByName(const std::string& name, std::vector<actions::Action *> getActionsByName(const std::string& name,
Transaction *t); Transaction *t);
bool containsTag(const std::string& name, Transaction *t); bool containsTag(const std::string& name, Transaction *t);

23
src/rule_unconditional.cc
View File

@ -14,7 +14,7 @@
*/ */
#include "modsecurity/rule_unconditional.h" #include "modsecurity/rule_unconditional.h"
#include "modsecurity/rule_message.h"
namespace modsecurity { namespace modsecurity {
@ -34,26 +34,7 @@ bool RuleUnconditional::evaluate(Transaction *trans,
executeActionsAfterFullMatch(trans, containsBlock, ruleMessage); executeActionsAfterFullMatch(trans, containsBlock, ruleMessage);
/* last rule in the chain. */ performLogging(trans, ruleMessage);
bool isItToBeLogged = ruleMessage->m_saveMessage;
if (isItToBeLogged && !hasMultimatch()
&& !ruleMessage->m_message.empty()) {
/* warn */
trans->m_rulesMessages.push_back(*ruleMessage);
/* error */
if (!ruleMessage->m_isDisruptive) {
trans->serverLog(ruleMessage);
}
}
else if (hasBlockAction() && !hasMultimatch()) {
/* warn */
trans->m_rulesMessages.push_back(*ruleMessage);
/* error */
if (!ruleMessage->m_isDisruptive) {
trans->serverLog(ruleMessage);
}
}
return true; return true;
} }

66
src/rule_with_actions.cc
View File

@ -474,6 +474,72 @@ std::vector<actions::Action *> RuleWithActions::getActionsByName(const std::stri
return ret; return ret;
} }
void RuleWithActions::performLogging(Transaction *trans,
std::shared_ptr<RuleMessage> ruleMessage,
bool lastLog,
bool chainedParentNull) {
/* last rule in the chain. */
bool isItToBeLogged = ruleMessage->m_saveMessage;
/**
*
* RuleMessage is stacked allocated for the rule execution,
* anything beyond this may lead to invalid pointer access.
*
* In case of a warning, o set of messages is saved to be read
* at audit log generation. Therefore demands a copy here.
*
* FIXME: Study an way to avoid the copy.
*
**/
if (lastLog) {
if (chainedParentNull) {
isItToBeLogged = (ruleMessage->m_saveMessage && (m_chainedRuleParent == nullptr));
if (isItToBeLogged && !hasMultimatch()) {
/* warn */
trans->m_rulesMessages.push_back(*ruleMessage);
/* error */
if (!ruleMessage->m_isDisruptive) {
trans->serverLog(ruleMessage);
}
}
} else if (hasBlockAction() && !hasMultimatch()) {
/* warn */
trans->m_rulesMessages.push_back(*ruleMessage);
/* error */
if (!ruleMessage->m_isDisruptive) {
trans->serverLog(ruleMessage);
}
} else {
if (isItToBeLogged && !hasMultimatch()
&& !ruleMessage->m_message.empty()) {
/* warn */
trans->m_rulesMessages.push_back(*ruleMessage);
/* error */
if (!ruleMessage->m_isDisruptive) {
trans->serverLog(ruleMessage);
}
}
}
} else {
if (hasMultimatch() && isItToBeLogged) {
/* warn */
trans->m_rulesMessages.push_back(*ruleMessage.get());
/* error */
if (!ruleMessage->m_isDisruptive) {
trans->serverLog(ruleMessage);
}
RuleMessage *rm = new RuleMessage(this, trans);
rm->m_saveMessage = ruleMessage->m_saveMessage;
ruleMessage.reset(rm);
}
}
}
std::string RuleWithActions::logData(Transaction *t) { return m_logData->data(t); } std::string RuleWithActions::logData(Transaction *t) { return m_logData->data(t); }
std::string RuleWithActions::msg(Transaction *t) { return m_msg->data(t); } std::string RuleWithActions::msg(Transaction *t) { return m_msg->data(t); }

26
src/rule_with_operator.cc
View File

@ -325,20 +325,7 @@ bool RuleWithOperator::evaluate(Transaction *trans,
executeActionsIndependentOfChainedRuleResult(trans, executeActionsIndependentOfChainedRuleResult(trans,
&containsBlock, ruleMessage); &containsBlock, ruleMessage);
bool isItToBeLogged = ruleMessage->m_saveMessage; performLogging(trans, ruleMessage, false);
if (hasMultimatch() && isItToBeLogged) {
/* warn */
trans->m_rulesMessages.push_back(*ruleMessage);
/* error */
if (!ruleMessage->m_isDisruptive) {
trans->serverLog(ruleMessage);
}
RuleMessage *rm = new RuleMessage(this, trans);
rm->m_saveMessage = ruleMessage->m_saveMessage;
ruleMessage.reset(rm);
}
globalRet = true; globalRet = true;
} }
@ -382,16 +369,7 @@ end_exec:
executeActionsAfterFullMatch(trans, containsBlock, ruleMessage); executeActionsAfterFullMatch(trans, containsBlock, ruleMessage);
/* last rule in the chain. */ /* last rule in the chain. */
bool isItToBeLogged = (ruleMessage->m_saveMessage && (m_chainedRuleParent == nullptr)); performLogging(trans, ruleMessage, true, true);
if (isItToBeLogged && !hasMultimatch()) {
/* warn */
trans->m_rulesMessages.push_back(*ruleMessage);
/* error */
if (!ruleMessage->m_isDisruptive) {
trans->serverLog(ruleMessage);
}
}
return true; return true;
} }