github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-15 17:12:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

Encode possible binary characters from user input in audit logs

Browse Source
This commit is contained in:
Ervin Hegedus
2025-11-13 11:49:32 +01:00
parent 032ccae9d3
commit 85384febb7
3 changed files with 63 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/transaction.cc
View File

@@ -1610,7 +1610,7 @@ std::string Transaction::toJSON(int parts) {
if (parts & audit_log::AuditLog::CAuditLogPart) {
// FIXME: check for the binary content size.
LOGFY_ADD("body", this->m_requestBody.str());
LOGFY_ADD("body", utils::string::toHexIfNeeded(this->m_requestBody.str()));
}
/* request headers */
@@ -1712,7 +1712,7 @@ std::string Transaction::toJSON(int parts) {
LOGFY_ADD("ruleId", std::to_string(a.m_rule.m_ruleId));
LOGFY_ADD("file", a.m_rule.getFileName());
LOGFY_ADD("lineNumber", std::to_string(a.m_rule.getLineNumber()));
LOGFY_ADD("data", a.m_data);
LOGFY_ADD("data", utils::string::toHexIfNeeded(a.m_data));
LOGFY_ADD("severity", std::to_string(a.m_severity));
LOGFY_ADD("ver", a.m_rule.m_ver);
LOGFY_ADD("rev", a.m_rule.m_rev);