github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2854 from airween/v3/logescape

Browse Source 
Escape log field 'data' value
This commit is contained in:
martinhsv 2023-01-18 14:36:01 -08:00 committed by GitHub
commit 860b1183ac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/rule_message.cc
View File

@ -29,17 +29,17 @@ std::string RuleMessage::_details(const RuleMessage *rm) {
msg.append(" [file \"" + std::string(*rm->m_ruleFile.get()) + "\"]");
msg.append(" [line \"" + std::to_string(rm->m_ruleLine) + "\"]");
msg.append(" [id \"" + std::to_string(rm->m_ruleId) + "\"]");
msg.append(" [rev \"" + rm->m_rev + "\"]");
msg.append(" [rev \"" + utils::string::toHexIfNeeded(rm->m_rev, true) + "\"]");
msg.append(" [msg \"" + rm->m_message + "\"]");
msg.append(" [data \"" + utils::string::limitTo(200, rm->m_data) + "\"]");
msg.append(" [data \"" + utils::string::toHexIfNeeded(utils::string::limitTo(200, rm->m_data), true) + "\"]");
msg.append(" [severity \"" +
std::to_string(rm->m_severity) + "\"]");
msg.append(" [ver \"" + rm->m_ver + "\"]");
msg.append(" [ver \"" + utils::string::toHexIfNeeded(rm->m_ver, true) + "\"]");
msg.append(" [maturity \"" + std::to_string(rm->m_maturity) + "\"]");
msg.append(" [accuracy \"" + std::to_string(rm->m_accuracy) + "\"]");
for (auto &a : rm->m_tags) {
msg.append(" [tag \"" + a + "\"]");
msg.append(" [tag \"" + utils::string::toHexIfNeeded(a, true) + "\"]");
}
msg.append(" [hostname \"" + *rm->m_serverIpAddress.get() \

8
src/utils/string.cc
View File

@ -135,13 +135,14 @@ std::string string_to_hex(const std::string& input) {
return output;
}
std::string toHexIfNeeded(const std::string &str) {
std::string toHexIfNeeded(const std::string &str, bool escape_spec) {
// escape_spec: escape special chars or not
// spec chars: '"' (quotation mark, ascii 34), '\' (backslash, ascii 92)
std::stringstream res;
for (int i = 0; i < str.size(); i++) {
int c = (unsigned char)str.at(i);
if (c < 32 || c > 126) {
if (c < 32 || c > 126 || (escape_spec == true && (c == 34 || c == 92))) {
res << "\\x" << std::setw(2) << std::setfill('0') << std::hex << c;
} else {
res << str.at(i);
@ -267,7 +268,6 @@ void replaceAll(std::string *str, const std::string& from,
}
}
} // namespace string
} // namespace utils
} // namespace modsecurity

2
src/utils/string.h
View File

@ -61,7 +61,7 @@ std::string dash_if_empty(const std::string *str);
std::string limitTo(int amount, const std::string &str);
std::string removeBracketsIfNeeded(std::string a);
std::string string_to_hex(const std::string& input);
std::string toHexIfNeeded(const std::string &str);
std::string toHexIfNeeded(const std::string &str, bool escape_spec = false);
std::string tolower(std::string str);
std::string toupper(std::string str);
std::vector<std::string> ssplit(std::string str, char delimiter);