diff --git a/src/rule_message.cc b/src/rule_message.cc index eb679554..496fe7ca 100644 --- a/src/rule_message.cc +++ b/src/rule_message.cc @@ -29,17 +29,17 @@ std::string RuleMessage::_details(const RuleMessage *rm) { msg.append(" [file \"" + std::string(*rm->m_ruleFile.get()) + "\"]"); msg.append(" [line \"" + std::to_string(rm->m_ruleLine) + "\"]"); msg.append(" [id \"" + std::to_string(rm->m_ruleId) + "\"]"); - msg.append(" [rev \"" + rm->m_rev + "\"]"); + msg.append(" [rev \"" + utils::string::toHexIfNeeded(rm->m_rev, true) + "\"]"); msg.append(" [msg \"" + rm->m_message + "\"]"); - msg.append(" [data \"" + utils::string::limitTo(200, rm->m_data) + "\"]"); + msg.append(" [data \"" + utils::string::toHexIfNeeded(utils::string::limitTo(200, rm->m_data), true) + "\"]"); msg.append(" [severity \"" + std::to_string(rm->m_severity) + "\"]"); - msg.append(" [ver \"" + rm->m_ver + "\"]"); + msg.append(" [ver \"" + utils::string::toHexIfNeeded(rm->m_ver, true) + "\"]"); msg.append(" [maturity \"" + std::to_string(rm->m_maturity) + "\"]"); msg.append(" [accuracy \"" + std::to_string(rm->m_accuracy) + "\"]"); for (auto &a : rm->m_tags) { - msg.append(" [tag \"" + a + "\"]"); + msg.append(" [tag \"" + utils::string::toHexIfNeeded(a, true) + "\"]"); } msg.append(" [hostname \"" + *rm->m_serverIpAddress.get() \ diff --git a/src/utils/string.cc b/src/utils/string.cc index b7ec196a..eb370eea 100644 --- a/src/utils/string.cc +++ b/src/utils/string.cc @@ -135,13 +135,14 @@ std::string string_to_hex(const std::string& input) { return output; } - -std::string toHexIfNeeded(const std::string &str) { +std::string toHexIfNeeded(const std::string &str, bool escape_spec) { + // escape_spec: escape special chars or not + // spec chars: '"' (quotation mark, ascii 34), '\' (backslash, ascii 92) std::stringstream res; for (int i = 0; i < str.size(); i++) { int c = (unsigned char)str.at(i); - if (c < 32 || c > 126) { + if (c < 32 || c > 126 || (escape_spec == true && (c == 34 || c == 92))) { res << "\\x" << std::setw(2) << std::setfill('0') << std::hex << c; } else { res << str.at(i); @@ -267,7 +268,6 @@ void replaceAll(std::string *str, const std::string& from, } } - } // namespace string } // namespace utils } // namespace modsecurity diff --git a/src/utils/string.h b/src/utils/string.h index b864a38f..e3d40d89 100644 --- a/src/utils/string.h +++ b/src/utils/string.h @@ -61,7 +61,7 @@ std::string dash_if_empty(const std::string *str); std::string limitTo(int amount, const std::string &str); std::string removeBracketsIfNeeded(std::string a); std::string string_to_hex(const std::string& input); -std::string toHexIfNeeded(const std::string &str); +std::string toHexIfNeeded(const std::string &str, bool escape_spec = false); std::string tolower(std::string str); std::string toupper(std::string str); std::vector ssplit(std::string str, char delimiter);