Adds support to https audit log output

This functionality was built for test only.
2025-08-14 05:45:59 +03:00 · 2016-04-02 14:44:46 -03:00 · 2016-04-02 14:44:46 -03:00 · 8d052853a8
commit 8d052853a8
parent e5acc95de8
9 changed files with 165 additions and 2 deletions
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -182,6 +182,7 @@ libmodsecurity_la_SOURCES = \
 	transaction.cc \
 	audit_log/audit_log.cc \
 	audit_log/writer.cc \
+	audit_log/writer/https.cc \
 	audit_log/writer/serial.cc \
 	audit_log/writer/parallel.cc \
 	modsecurity.cc \
--- a/src/audit_log/audit_log.cc
+++ b/src/audit_log/audit_log.cc
@ -21,6 +21,7 @@

 #include <fstream>

+#include "audit_log/writer/https.h"
 #include "audit_log/writer/parallel.h"
 #include "audit_log/writer/serial.h"
 #include "utils/regex.h"
@ -184,6 +185,9 @@ bool AuditLog::init() {
    if (m_type == SerialAuditLogType) {
        m_writer = new audit_log::writer::Serial(this);
    }
+    if (m_type == HttpsAuditLogType) {
+        m_writer = new audit_log::writer::Https(this);
+    }
    m_writer->refCountIncrease();

    if (m_writer == NULL || m_writer->init() == false) {
--- a/src/audit_log/audit_log.h
+++ b/src/audit_log/audit_log.h
@ -42,6 +42,7 @@ class AuditLog {
    enum AuditLogType {
     SerialAuditLogType,
     ParallelAuditLogType,
+     HttpsAuditLogType
    };

    enum AuditLogStatus {
--- a/src/audit_log/writer/https.cc
+++ b/src/audit_log/writer/https.cc
@ -0,0 +1,61 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#include "audit_log/writer/https.h"
+
+#include <time.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#include <fstream>
+#include <mutex>
+
+#include "audit_log/audit_log.h"
+#include "modsecurity/transaction.h"
+#include "src/utils.h"
+#include "utils/md5.h"
+#include "utils/https_client.h"
+
+namespace modsecurity {
+namespace audit_log {
+namespace writer {
+
+
+Https::~Https() {
+}
+
+
+bool Https::init() {
+    return true;
+}
+
+
+bool Https::write(Transaction *transaction, int parts) {
+    Utils::HttpsClient m_http_client;
+    transaction->debug(7, "Sending logs to: " + m_audit->m_path1);
+
+    std::string log = transaction->toJSON(parts);
+    m_http_client.setRequestType("application/json");
+    m_http_client.setRequestBody(log.c_str());
+    m_http_client.download(m_audit->m_path1);
+    return true;
+}
+
+}  // namespace writer
+}  // namespace audit_log
+}  // namespace modsecurity
--- a/src/audit_log/writer/https.h
+++ b/src/audit_log/writer/https.h
@ -0,0 +1,64 @@
+/*
+ * ModSecurity, http://www.modsecurity.org/
+ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ *
+ * You may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * If any of the files related to licensing are missing or if you have any
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
+ * directly using the email address security@modsecurity.org.
+ *
+ */
+
+#ifdef __cplusplus
+#include <iostream>
+#include <fstream>
+#include <string>
+#endif
+
+#ifndef SRC_AUDIT_LOG_WRITER_HTTPS_H_
+#define SRC_AUDIT_LOG_WRITER_HTTPS_H_
+
+#include "audit_log/writer.h"
+#include "modsecurity/transaction.h"
+
+#ifdef __cplusplus
+
+namespace modsecurity {
+namespace audit_log {
+namespace writer {
+
+/** @ingroup ModSecurity_CPP_API */
+class Https : public audit_log::Writer {
+ public:
+    explicit Https(audit_log::AuditLog *audit)
+        : audit_log::Writer(audit) { }
+
+    ~Https() override;
+
+    void refCountIncrease() override {
+        m_refereceCount++;
+    }
+
+
+    void refCountDecreaseAndCheck() override {
+        m_refereceCount--;
+        if (m_refereceCount == 0) {
+            delete this;
+        }
+    }
+
+    bool init() override;
+    bool write(Transaction *transaction, int parts) override;
+
+};
+
+}  // namespace writer
+}  // namespace audit_log
+}  // namespace modsecurity
+#endif
+
+#endif  // SRC_AUDIT_LOG_WRITER_HTTPS_H_
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@ -180,6 +180,7 @@ using modsecurity::Variables::Tx;
 %token <std::string> CONFIG_VALUE_ON
 %token <std::string> CONFIG_VALUE_OFF
 %token <std::string> CONFIG_VALUE_DETC
+%token <std::string> CONFIG_VALUE_HTTPS
 %token <std::string> CONFIG_VALUE_SERIAL
 %token <std::string> CONFIG_VALUE_PARALLEL
 %token <std::string> CONFIG_VALUE_RELEVANT_ONLY
@ -354,6 +355,10 @@ audit_log:
      {
        driver.audit_log->setType(modsecurity::audit_log::AuditLog::ParallelAuditLogType);
      }
+    | CONFIG_DIR_AUDIT_TPE CONFIG_VALUE_HTTPS
+      {
+        driver.audit_log->setType(modsecurity::audit_log::AuditLog::HttpsAuditLogType);
+      }
    ;

 actings:
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@ -144,6 +144,7 @@ CONFIG_VALUE_OFF    (?i:Off)
 CONFIG_VALUE_DETC    (?i:DetectionOnly)
 CONFIG_VALUE_SERIAL (?i:Serial)
 CONFIG_VALUE_PARALLEL (?i:Parallel|Concurrent)
+CONFIG_VALUE_HTTPS     (?i:https)
 CONFIG_VALUE_RELEVANT_ONLY (?i:RelevantOnly)

 CONFIG_VALUE_PROCESS_PARTIAL (?i:ProcessPartial)
@ -152,7 +153,7 @@ CONFIG_VALUE_REJECT (?i:Reject)
 CONFIG_VALUE_ABORT   (?i:Abort)
 CONFIG_VALUE_WARN    (?i:Warn)

-CONFIG_VALUE_PATH    [0-9A-Za-z_/\.\-\*]+
+CONFIG_VALUE_PATH    [0-9A-Za-z_\/\.\-\*\:]+
 AUDIT_PARTS [ABCDEFHJKIZ]+
 CONFIG_VALUE_NUMBER [0-9]+

@ -294,6 +295,7 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
 {CONFIG_VALUE_OFF}              { return yy::seclang_parser::make_CONFIG_VALUE_OFF(yytext, *driver.loc.back()); }
 {CONFIG_VALUE_SERIAL}           { return yy::seclang_parser::make_CONFIG_VALUE_SERIAL(yytext, *driver.loc.back()); }
 {CONFIG_VALUE_PARALLEL}         { return yy::seclang_parser::make_CONFIG_VALUE_PARALLEL(yytext, *driver.loc.back()); }
+{CONFIG_VALUE_HTTPS}            { return yy::seclang_parser::make_CONFIG_VALUE_HTTPS(yytext, *driver.loc.back()); }
 {CONFIG_VALUE_DETC}             { return yy::seclang_parser::make_CONFIG_VALUE_DETC(yytext, *driver.loc.back()); }
 {CONFIG_VALUE_RELEVANT_ONLY}    { return yy::seclang_parser::make_CONFIG_VALUE_RELEVANT_ONLY(yytext, *driver.loc.back()); }
 {CONFIG_VALUE_PROCESS_PARTIAL}  { return yy::seclang_parser::make_CONFIG_VALUE_PROCESS_PARTIAL(yytext, *driver.loc.back()); }
--- a/src/utils/https_client.cc
+++ b/src/utils/https_client.cc
@ -50,6 +50,15 @@ void HttpsClient::setKey(const std::string& key) {
    m_key = "ModSec-key: " + key;
 }

+void HttpsClient::setRequestBody(const std::string& requestBody) {
+    m_requestBody = requestBody;
+}
+
+void HttpsClient::setRequestType(const std::string& requestType) {
+    m_requestType = requestType;
+}
+
+
 #ifdef MSC_WITH_CURL
 bool HttpsClient::download(const std::string &uri) {
    CURL *curl;
@ -68,6 +77,12 @@ bool HttpsClient::download(const std::string &uri) {

    headers_chunk = curl_slist_append(headers_chunk, uniqueId.c_str());
    headers_chunk = curl_slist_append(headers_chunk, status.c_str());
+
+    if (m_requestType.empty() == false) {
+        std::string hdr = "Content-Type: " + m_requestType;
+        headers_chunk = curl_slist_append(headers_chunk, hdr.c_str());
+    }
+
    if (m_key.empty() == false) {
        headers_chunk = curl_slist_append(headers_chunk, m_key.c_str());
    }
@ -91,6 +106,10 @@ bool HttpsClient::download(const std::string &uri) {
    /* We want Curl to return error in case there is an HTTP error code */
    curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1);

+    if (m_requestBody.empty() == false) {
+        curl_easy_setopt(curl, CURLOPT_POSTFIELDS, m_requestBody.c_str());
+    }
+
    res = curl_easy_perform(curl);

    curl_slist_free_all(headers_chunk);
--- a/src/utils/https_client.h
+++ b/src/utils/https_client.h
@ -36,7 +36,9 @@ class HttpsClient {
    HttpsClient()
        : content(""),
        error(""),
-        m_key("") { }
+        m_key(""),
+        m_requestBody(""),
+        m_requestType("") { }

    bool download(const std::string &uri);
    std::string content;
@ -44,10 +46,14 @@ class HttpsClient {
    static size_t handle(char * data, size_t size, size_t nmemb, void * p);
    size_t handle_impl(char * data, size_t size, size_t nmemb);
    void setKey(const std::string& key);
+    void setRequestType(const std::string& requestType);
+    void setRequestBody(const std::string& requestType);

    std::string error;
 private:
    std::string m_key;
+    std::string m_requestBody;
+    std::string m_requestType;
 };