From 98eca23a1b2e6038e15235c94e461736b8bafda5 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Thu, 7 Sep 2017 22:04:00 -0300 Subject: [PATCH] Adds support to m_highlightJSON in RuleMessage class This variable helds a JSON with information regarding all matches. Only filled when IncludeFullHighlightLog property is set. --- .../reading_logs_via_rule_message.h | 4 ++++ headers/modsecurity/modsecurity.h | 2 +- headers/modsecurity/rule_message.h | 1 + modsecurity.conf-recommended | 2 +- src/modsecurity.cc | 2 ++ src/rule_message.cc | 5 ++++- 6 files changed, 13 insertions(+), 3 deletions(-) diff --git a/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h b/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h index 50d6b352..418d07a4 100644 --- a/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h +++ b/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h @@ -235,6 +235,10 @@ end: modsecurity::RuleMessage::computeHighlight(ruleMessage, ruleMessage->m_buf); highlightToText(h); + std::cout << "Highlight JSON:" << std::endl; + std::cout << ruleMessage->m_highlightJSON << std::endl; + std::cout << "Request:" << std::endl; + std::cout << ruleMessage->m_buf; std::cout << std::endl; } diff --git a/headers/modsecurity/modsecurity.h b/headers/modsecurity/modsecurity.h index a5380c52..82ef925a 100644 --- a/headers/modsecurity/modsecurity.h +++ b/headers/modsecurity/modsecurity.h @@ -262,7 +262,7 @@ extern "C" { * Notice that the highlight can be calculate post-analisys. Calculate it * during the analisys may delay the analisys process. * - */ + */ IncludeFullHighlightLogProperty = 4, }; diff --git a/headers/modsecurity/rule_message.h b/headers/modsecurity/rule_message.h index 888897f3..d3ec2cb9 100644 --- a/headers/modsecurity/rule_message.h +++ b/headers/modsecurity/rule_message.h @@ -119,6 +119,7 @@ class RuleMessage { std::list m_tags; RuleMessageHighlight m_highlight; + std::string m_highlightJSON; }; diff --git a/modsecurity.conf-recommended b/modsecurity.conf-recommended index 8ad9b102..4609705d 100644 --- a/modsecurity.conf-recommended +++ b/modsecurity.conf-recommended @@ -174,7 +174,7 @@ SecDataDir /tmp/ # trigger a server error (determined by a 5xx or 4xx, excluding 404, # level response status codes). # -SecAuditEngine RelevantOnly +SecAuditEngine Off SecAuditLogRelevantStatus "^(?:5|4(?!04))" # Log everything we know about a transaction. diff --git a/src/modsecurity.cc b/src/modsecurity.cc index 46c70700..79fa6adc 100644 --- a/src/modsecurity.cc +++ b/src/modsecurity.cc @@ -189,6 +189,8 @@ void ModSecurity::serverLog(void *data, std::shared_ptr rm) { if (m_logProperties & RuleMessageLogProperty) { const void *a = static_cast(rm.get()); if (m_logProperties & IncludeFullHighlightLogProperty) { + processContentOffset(rm->m_buf.c_str(), rm->m_buf.size(), + rm->m_reference.c_str(), &rm->m_highlightJSON, NULL); m_logCb(data, a); return; } diff --git a/src/rule_message.cc b/src/rule_message.cc index 42761787..2fa7eddc 100644 --- a/src/rule_message.cc +++ b/src/rule_message.cc @@ -144,7 +144,10 @@ std::string RuleMessage::log(const RuleMessage *rm) { return msg; } - +/* + * Depricated. Do not use. Should be removed before merge. + * + */ RuleMessageHighlight RuleMessage::computeHighlight(const RuleMessage *rm, const std::string buf) { RuleMessageHighlight ret;