mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-14 05:45:59 +03:00
Adds first version of Assay's materialization in a JSON format
That format will be used by the audit logs.
This commit is contained in:
Felipe Zimmerle
parent
610b10bcd5
commit
aa8dc9115b
@ -38,8 +38,25 @@ typedef struct Rules_t Rules;
|
||||
|
||||
#include "modsecurity/intervention.h"
|
||||
|
||||
#define LOGFY_ADD(a, b) \
|
||||
yajl_gen_string(g, reinterpret_cast<const unsigned char*>(a), strlen(a)); \
|
||||
if (b == NULL) { \
|
||||
yajl_gen_string(g, reinterpret_cast<const unsigned char*>(""), \
|
||||
strlen("")); \
|
||||
} else { \
|
||||
yajl_gen_string(g, reinterpret_cast<const unsigned char*>(b), \
|
||||
strlen(b)); \
|
||||
}
|
||||
|
||||
|
||||
#define LOGFY_ADD_INT(a, b) \
|
||||
yajl_gen_string(g, reinterpret_cast<const unsigned char*>(a), strlen(a)); \
|
||||
yajl_gen_number(g, reinterpret_cast<const char*>(b), strlen(b));
|
||||
|
||||
#define LOGFY_ADD_NUM(a, b) \
|
||||
yajl_gen_string(g, reinterpret_cast<const unsigned char*>(a), strlen(a)); \
|
||||
yajl_gen_integer(g, b);
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
namespace ModSecurity {
|
||||
@ -134,10 +151,13 @@ class Assay {
|
||||
|
||||
int http_code_returned;
|
||||
|
||||
std::string to_json(int parts);
|
||||
|
||||
private:
|
||||
std::string id;
|
||||
std::ofstream myfile;
|
||||
Rules *m_rules;
|
||||
|
||||
const char *m_clientIpAddress;
|
||||
const char *m_serverIpAddress;
|
||||
int m_clientPort;
|
||||
|
||||
@ -148,8 +148,8 @@ libmodsecurity_la_CPPFLAGS = \
|
||||
|
||||
|
||||
libmodsecurity_la_LIBADD = \
|
||||
@LEXLIB@
|
||||
|
||||
@LEXLIB@ \
|
||||
$(YAJL_LDADD)
|
||||
|
||||
libmodsecurity_la_LDFLAGS = \
|
||||
-version-info @MSC_VERSION_INFO@
|
||||
|
||||
110
src/assay.cc
110
src/assay.cc
@ -15,6 +15,8 @@
|
||||
|
||||
#include "modsecurity/assay.h"
|
||||
|
||||
#include <yajl/yajl_tree.h>
|
||||
#include <yajl/yajl_gen.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
@ -23,12 +25,14 @@
|
||||
#include <unordered_map>
|
||||
#include <fstream>
|
||||
#include <vector>
|
||||
#include <iomanip>
|
||||
|
||||
#include "modsecurity/modsecurity.h"
|
||||
#include "modsecurity/intervention.h"
|
||||
#include "actions/action.h"
|
||||
#include "src/utils.h"
|
||||
#include "src/audit_log.h"
|
||||
#include "src/unique_id.h"
|
||||
|
||||
using ModSecurity::actions::Action;
|
||||
|
||||
@ -682,6 +686,112 @@ ModSecurityIntervention *Assay::intervention() {
|
||||
}
|
||||
|
||||
|
||||
std::string Assay::to_json(int parts) {
|
||||
const unsigned char *buf;
|
||||
size_t len;
|
||||
yajl_gen g = NULL;
|
||||
std::string ts = ascTime(&m_timeStamp).c_str();
|
||||
std::string uniqueId = UniqueId::uniqueId();
|
||||
|
||||
g = yajl_gen_alloc(NULL);
|
||||
if (g == NULL) {
|
||||
return "";
|
||||
}
|
||||
yajl_gen_config(g, yajl_gen_beautify, 1);
|
||||
|
||||
/* main */
|
||||
yajl_gen_map_open(g);
|
||||
|
||||
/* trasaction */
|
||||
yajl_gen_string(g, reinterpret_cast<const unsigned char*>("transaction"),
|
||||
strlen("transaction"));
|
||||
|
||||
yajl_gen_map_open(g);
|
||||
LOGFY_ADD("client_ip", this->m_clientIpAddress);
|
||||
LOGFY_ADD("time_stamp", ts.c_str());
|
||||
LOGFY_ADD("server_id", uniqueId.c_str());
|
||||
LOGFY_ADD_NUM("client_port", m_clientPort);
|
||||
LOGFY_ADD("host_ip", m_serverIpAddress);
|
||||
LOGFY_ADD_NUM("host_port", m_serverPort);
|
||||
LOGFY_ADD("id", this->id.c_str());
|
||||
|
||||
/* request */
|
||||
yajl_gen_string(g, reinterpret_cast<const unsigned char*>("request"),
|
||||
strlen("request"));
|
||||
yajl_gen_map_open(g);
|
||||
|
||||
LOGFY_ADD("protocol", m_protocol);
|
||||
LOGFY_ADD_INT("http_version", m_httpVersion);
|
||||
LOGFY_ADD("uri", this->m_uri);
|
||||
LOGFY_ADD("body", this->m_requestBody.str().c_str());
|
||||
|
||||
/* request headers */
|
||||
yajl_gen_string(g, reinterpret_cast<const unsigned char*>("headers"),
|
||||
strlen("headers"));
|
||||
yajl_gen_map_open(g);
|
||||
|
||||
for (auto h : this->m_variables_strings) {
|
||||
std::string filter = "REQUEST_HEADERS:";
|
||||
std::string a = h.first;
|
||||
std::string b = h.second;
|
||||
|
||||
if (a.compare(0, filter.length(), filter) == 0) {
|
||||
if (a.length() > filter.length()) {
|
||||
LOGFY_ADD(a.c_str() + filter.length(), b.c_str());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* end: request headers */
|
||||
yajl_gen_map_close(g);
|
||||
/* end: request */
|
||||
yajl_gen_map_close(g);
|
||||
|
||||
/* response */
|
||||
yajl_gen_string(g, reinterpret_cast<const unsigned char*>("response"),
|
||||
strlen("response"));
|
||||
yajl_gen_map_open(g);
|
||||
|
||||
LOGFY_ADD("body", this->m_responseBody.str().c_str());
|
||||
LOGFY_ADD_NUM("http_code", http_code_returned);
|
||||
|
||||
/* response headers */
|
||||
yajl_gen_string(g, reinterpret_cast<const unsigned char*>("headers"),
|
||||
strlen("headers"));
|
||||
yajl_gen_map_open(g);
|
||||
|
||||
for (auto h : this->m_variables_strings) {
|
||||
std::string filter = "RESPONSE_HEADERS:";
|
||||
std::string a = h.first;
|
||||
std::string b = h.second;
|
||||
|
||||
if (a.compare(0, filter.length(), filter) == 0) {
|
||||
if (a.length() > filter.length()) {
|
||||
LOGFY_ADD(a.c_str() + filter.length(), b.c_str());
|
||||
}
|
||||
}
|
||||
}
|
||||
/* end: response headers */
|
||||
yajl_gen_map_close(g);
|
||||
/* end: response */
|
||||
yajl_gen_map_close(g);
|
||||
|
||||
|
||||
/* end: transaction */
|
||||
yajl_gen_map_close(g);
|
||||
|
||||
/* end: main */
|
||||
yajl_gen_map_close(g);
|
||||
|
||||
yajl_gen_get_buf(g, &buf, &len);
|
||||
|
||||
std::string log(reinterpret_cast<const char*>(buf), len);
|
||||
|
||||
yajl_gen_free(g);
|
||||
|
||||
return log;
|
||||
}
|
||||
|
||||
void Assay::store_variable(std::string key, std::string value) {
|
||||
this->m_variables_strings[key] = value;
|
||||
}
|
||||
|
||||
@ -15,8 +15,6 @@
|
||||
|
||||
#include "src/audit_log.h"
|
||||
|
||||
#include <yajl/yajl_tree.h>
|
||||
#include <yajl/yajl_gen.h>
|
||||
#include <stddef.h>
|
||||
#include <stdio.h>
|
||||
#include <ctype.h>
|
||||
@ -150,7 +148,7 @@ bool AuditLog::saveIfRelevant(Assay *assay) {
|
||||
return true;
|
||||
}
|
||||
|
||||
std::string log = logfy(assay);
|
||||
std::string log = assay->to_json(0);
|
||||
|
||||
m_writer->write(log);
|
||||
|
||||
@ -158,12 +156,6 @@ bool AuditLog::saveIfRelevant(Assay *assay) {
|
||||
}
|
||||
|
||||
|
||||
std::string AuditLog::logfy(Assay *assay) {
|
||||
std::string log("ops");
|
||||
return log;
|
||||
}
|
||||
|
||||
|
||||
bool AuditLog::close() {
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -160,7 +160,6 @@ class AuditLog {
|
||||
bool close();
|
||||
|
||||
bool saveIfRelevant(Assay *assay);
|
||||
std::string logfy(Assay *assay);
|
||||
bool isRelevant(int status);
|
||||
|
||||
private:
|
||||
|
||||
@ -28,6 +28,14 @@ std::string AuditLogWriter::file_name(const std::string& unique_id) {
|
||||
/** TODO: return file with time stamp and etc. */
|
||||
return std::string("/tmp/temp_audit_log_file.txt");
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* Temporary print the log into the std::cout to debug purposes.
|
||||
*
|
||||
*/
|
||||
bool AuditLogWriter::write(const std::string& log) {
|
||||
std::cout << log << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
} // namespace ModSecurity
|
||||
|
||||
@ -34,7 +34,7 @@ class AuditLogWriter : public std::ofstream {
|
||||
|
||||
virtual bool close() { return true; }
|
||||
virtual bool init() { return true; }
|
||||
virtual bool write(const std::string& log) { return true; }
|
||||
virtual bool write(const std::string& log);
|
||||
|
||||
std::string file_name(const std::string& unique_id);
|
||||
};
|
||||
|
||||
@ -6,7 +6,8 @@ benchmark_SOURCES = \
|
||||
benchmark.cc
|
||||
|
||||
benchmark_LDADD = \
|
||||
$(top_builddir)/src/.libs/libmodsecurity.a
|
||||
$(top_builddir)/src/.libs/libmodsecurity.a \
|
||||
$(YAJL_LDADD)
|
||||
|
||||
benchmark_CPPFLAGS = \
|
||||
-std=c++11 \
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user