github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update JSON structure for matched rules

Browse Source 
Create a separate map for each matched rule chain,
making it easier to identify chains in which only a portion
of rules actually matched.
This commit is contained in:
Robert Paprocki
2015-07-19 00:09:37 -07:00
committed by Felipe Zimmerle
parent 7a39b4b5b9
commit 8559399ebd
1 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
apache2/msc_logging.c
View File

@@ -1326,6 +1326,15 @@ void sec_audit_logger_json(modsec_rec *msr) {
for(i = 0; i < msr->matched_rules->nelts; i++) {
rule = ((msre_rule **)msr->matched_rules->elts)[i];
if ((rule != NULL) && (rule->actionset != NULL) && rule->actionset->is_chained && (rule->chain_starter == NULL)) {
/*
* create a separate map for each rule chain
* this makes it a lot easier to search for partial chains
*/
yajl_gen_map_open(g); // map for this chain
yajl_kv_bool(g, "chain", 1);
yajl_string(g, "rules");
yajl_gen_array_open(g); // array for the rules
write_rule_json(msr, rule, g);
do {
if (rule->ruleset != NULL) {
@@ -1344,10 +1353,23 @@ void sec_audit_logger_json(modsec_rec *msr) {
}
rule = next_rule;
} while (rule != NULL && rule->actionset != NULL && rule->actionset->is_chained);
yajl_gen_array_close(g);
yajl_kv_bool(g, "full_chain_match", present); // if one of the rules didnt match, present is set to 0
yajl_gen_map_close(g); // close the map for this chain
} else {
yajl_gen_map_open(g);
yajl_kv_bool(g, "chain", 0);
yajl_string(g, "rules"); // this really should be 'rule', but we're keeping in line with other chain maps
yajl_gen_array_open(g);
if ((rule != NULL) && (rule->actionset != NULL) && !rule->actionset->is_chained && (rule->chain_starter == NULL)) {
write_rule_json(msr, rule, g);
}
yajl_gen_array_close(g);
yajl_gen_map_close(g);
}
}
yajl_gen_array_close(g); // matched_rules top-level key is finished