Having a better error handler for the highlight feature

2025-08-15 23:55:03 +03:00 · 2017-03-15 21:35:33 -03:00 · 2017-03-15 21:35:33 -03:00 · 907397b7f2
commit 907397b7f2
parent ee8e0f90ef
3 changed files with 64 additions and 30 deletions
--- a/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h
+++ b/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h
@ -24,14 +24,15 @@

 class ReadingLogsViaRuleMessage {
 public:
-    ReadingLogsViaRuleMessage(char *request_header,
+    ReadingLogsViaRuleMessage(
+        std::unordered_multimap<std::string, std::string> requestHeaders,
        char *request_uri,
        char *request_body,
        char *response_headers,
        char *response_body,
        char *ip,
        std::string rules) :
-            m_request_header(request_header),
+            m_requestHeaders(requestHeaders),
            m_request_uri(request_uri),
            m_request_body(request_body),
            m_response_headers(response_headers),
@ -63,8 +64,11 @@ class ReadingLogsViaRuleMessage {
        modsecTransaction->processConnection(m_ip, 12345, "127.0.0.1", 80);
        modsecTransaction->processURI(m_request_uri, "GET", "1.1");

-        modsecTransaction->addRequestHeader("Host",
-            "net.tutsplus.com");
+        for (auto &i : m_requestHeaders) {
+            modsecTransaction->addRequestHeader(i.first,
+                i.second);
+        }
+
        modsecTransaction->processRequestHeaders();
        modsecTransaction->processRequestBody();

@ -159,7 +163,7 @@ end:
    }

 protected:
-    char *m_request_header;
+    std::unordered_multimap<std::string, std::string> m_requestHeaders;
    char *m_request_uri;
    char *m_request_body;
    char *m_response_headers;
--- a/examples/reading_logs_via_rule_message/simple_request.cc
+++ b/examples/reading_logs_via_rule_message/simple_request.cc
@ -21,26 +21,13 @@

 #include "examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h"

-char request_header[] =  "" \
-    "GET /tutorials/other/top-20-mysql-best-practices/ HTTP/1.1\n\r" \
-    "Host: net.tutsplus.com\n\r" \
-    "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5)" \
-    " Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)\n\r" \
-    "Accept: text/html,application/xhtml+xml,application/xml; " \
-    "q=0.9,*/*;q=0.8\n\r" \
-    "Accept-Language: en-us,en;q=0.5\n\r" \
-    "Accept-Encoding: gzip,deflate\n\r" \
-    "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\n\r" \
-    "Keep-Alive: 300\n\r" \
-    "Connection: keep-alive\n\r" \
-    "Cookie: PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120\n\r" \
-    "Pragma: no-cache\n\r" \
-    "Cache-Control: no-cache\n\r";
+

 char request_uri[] = "/TeSt.Pl?param1=TEsT&para2=TEST2";

-char request_body[] = "";
+char request_uri2[] = "/index.html?d=1";

+char request_body[] = "";

 char response_body[] = "" \
    "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n\r" \
@ -56,6 +43,7 @@ char response_body[] = "" \

 char ip[] = "200.249.12.31";

+std::unordered_multimap<std::string, std::string> requestHeaders;

 int main(int argc, char **argv) {
    (*argv++);
@ -65,8 +53,14 @@ int main(int argc, char **argv) {
        std::cout << std::endl << std::endl;
        return -1;
    }
+
+    requestHeaders.emplace("Host", "SITE2");
+    requestHeaders.emplace("User-Agent", "wFetch");
+    requestHeaders.emplace("test", "21321");
+
+
    std::string rules(*argv);
-    ReadingLogsViaRuleMessage rlvrm(request_header, request_uri, request_body,
+    ReadingLogsViaRuleMessage rlvrm(requestHeaders, request_uri, request_body,
        "", response_body, ip, rules);
    rlvrm.process();
    return 0;
--- a/src/modsecurity.cc
+++ b/src/modsecurity.cc
@ -189,11 +189,37 @@ void ModSecurity::serverLog(void *data, std::shared_ptr<RuleMessage> rm) {
    if (m_logProperties & RuleMessageLogProperty) {
        const void *a = static_cast<const void *>(rm.get());
        if (m_logProperties & IncludeFullHighlightLogProperty) {
-            processContentOffset(rm->m_buf.c_str(), rm->m_buf.size(),
-                rm->m_reference.c_str(), &rm->m_highlightJSON, NULL);
-            m_logCb(data, a);
-            return;
+            const char *err = NULL;
+            const char *buf = NULL;
+            size_t z;
+            int ret = processContentOffset(rm->m_buf.c_str(), rm->m_buf.size(),
+                rm->m_reference.c_str(), &rm->m_highlightJSON, &err);
+            if (ret < 0) {
+#ifdef WITH_YAJL
+                yajl_gen g;
+                g = yajl_gen_alloc(NULL);
+                if (g == NULL) {
+                    rm->m_highlightJSON.append(err);
+                    goto out;
+                }
+                yajl_gen_config(g, yajl_gen_beautify, 1);
+                yajl_gen_map_open(g);
+                yajl_gen_string(g, reinterpret_cast<const unsigned char*>("error"),
+                    strlen("error"));
+                yajl_gen_string(g, reinterpret_cast<const unsigned char*>(err),
+                    strlen(err));
+                yajl_gen_map_close(g);
+                yajl_gen_get_buf(g, (const unsigned char**)&buf, &z);
+
+                &rm->m_highlightJSON.append(buf);
+
+                yajl_gen_free(g);
+#else
+                rm->m_highlightJSON.append(err);
+#endif
+            }
        }
+out:
        m_logCb(data, a);
        return;
    }
@ -219,7 +245,7 @@ int ModSecurity::processContentOffset(const char *content, size_t len,

    g = yajl_gen_alloc(NULL);
    if (g == NULL) {
-        *err = "Failed to allocate memory for the JSON creation.";
+        *err = strdup("Failed to allocate memory for the JSON creation.");
        return -1;
    }

@ -262,7 +288,12 @@ int ModSecurity::processContentOffset(const char *content, size_t len,
        yajl_gen_map_close(g);

        if (stoi(startingAt) >= len) {
-            *err = "Offset is out of the content limits.";
+            std::stringstream e;
+            e << "Offset for the variables are out of the content limits. " \
+                "Trying to read position " << startingAt.c_str() << " from a buffer "\
+                "with only " << len << " bytes. Buffer: " <<  content \
+                << std::endl;
+            *err = strdup(e.str().c_str());
            return -1;
        }

@ -342,7 +373,12 @@ int ModSecurity::processContentOffset(const char *content, size_t len,
        yajl_gen_map_close(g);

        if (stoi(startingAt) >= varValue.size()) {
-            *err = "Offset is out of the variable limits.";
+            std::stringstream e;
+            e << "Offset for the operator is out of the variable limit. " \
+                "Trying to read " << startingAt.c_str() << " from a buffer with " \
+                "only " << std::to_string(varValue.size()) << " bytes. Buffer: " \
+                "" << varValue << std::endl;
+                *err = strdup(e.str().c_str());
            return -1;
        }
        yajl_gen_string(g,
@ -372,7 +408,7 @@ int ModSecurity::processContentOffset(const char *content, size_t len,

    yajl_gen_free(g);
 #else
-    *err = "Without YAJL support, we cannot generate JSON.";
+    *err = strdup("Without YAJL support, we cannot generate JSON.");
    return -1;
 #endif
    return 0;