diff --git a/headers/modsecurity/rules_properties.h b/headers/modsecurity/rules_properties.h index 3b8cb703..afe3f27e 100644 --- a/headers/modsecurity/rules_properties.h +++ b/headers/modsecurity/rules_properties.h @@ -33,7 +33,9 @@ namespace modsecurity { class Rule; +namespace audit_log { class AuditLog; +} namespace actions { class Action; } @@ -207,7 +209,7 @@ class RulesProperties { std::ostringstream parserError; - AuditLog *audit_log; + audit_log::AuditLog *audit_log; OnFailedRemoteRulesAction remoteRulesActionOnFailed; }; diff --git a/src/Makefile.am b/src/Makefile.am index fe22c0c1..92572d71 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -177,10 +177,10 @@ libmodsecurity_la_SOURCES = \ parser/seclang-scanner.ll \ parser/driver.cc \ transaction.cc \ - audit_log.cc \ - audit_log_writer.cc \ - audit_log_writer_serial.cc \ - audit_log_writer_parallel.cc \ + audit_log/audit_log.cc \ + audit_log/writer.cc \ + audit_log/writer/serial.cc \ + audit_log/writer/parallel.cc \ modsecurity.cc \ rules.cc \ utils.cc \ diff --git a/src/audit_log.cc b/src/audit_log/audit_log.cc similarity index 95% rename from src/audit_log.cc rename to src/audit_log/audit_log.cc index 268a86e8..eada339b 100644 --- a/src/audit_log.cc +++ b/src/audit_log/audit_log.cc @@ -13,7 +13,7 @@ * */ -#include "src/audit_log.h" +#include "audit_log/audit_log.h" #include #include @@ -21,8 +21,8 @@ #include -#include "src/audit_log_writer_parallel.h" -#include "src/audit_log_writer_serial.h" +#include "audit_log/writer/parallel.h" +#include "audit_log/writer/serial.h" #include "utils/regex.h" #define PARTS_CONSTAINS(a, c) \ @@ -38,6 +38,7 @@ } namespace modsecurity { +namespace audit_log { AuditLog::AuditLog() : m_status(OffAuditLogStatus), @@ -178,10 +179,10 @@ bool AuditLog::setType(AuditLogType audit_type) { bool AuditLog::init() { if (m_type == ParallelAuditLogType) { - m_writer = new AuditLogWriterParallel(this); + m_writer = new audit_log::writer::Parallel(this); } if (m_type == SerialAuditLogType) { - m_writer = new AuditLogWriterSerial(this); + m_writer = new audit_log::writer::Serial(this); } m_writer->refCountIncrease(); @@ -253,4 +254,5 @@ bool AuditLog::close() { } +} // namespace audit_log } // namespace modsecurity diff --git a/src/audit_log.h b/src/audit_log/audit_log.h similarity index 95% rename from src/audit_log.h rename to src/audit_log/audit_log.h index 787d6ab7..31622e1c 100644 --- a/src/audit_log.h +++ b/src/audit_log/audit_log.h @@ -19,15 +19,16 @@ #include #endif -#ifndef SRC_AUDIT_LOG_H_ -#define SRC_AUDIT_LOG_H_ +#ifndef SRC_AUDIT_LOG_AUDIT_LOG_H_ +#define SRC_AUDIT_LOG_AUDIT_LOG_H_ #include "modsecurity/transaction.h" -#include "src/audit_log_writer.h" +#include "audit_log/writer.h" #ifdef __cplusplus namespace modsecurity { +namespace audit_log { /** @ingroup ModSecurity_CPP_API */ class AuditLog { @@ -176,11 +177,12 @@ class AuditLog { AuditLogType m_type; std::string m_relevant; - AuditLogWriter *m_writer; + audit_log::Writer *m_writer; int m_refereceCount; }; +} // namespace audit_log } // namespace modsecurity #endif -#endif // SRC_AUDIT_LOG_H_ +#endif // SRC_AUDIT_LOG_AUDIT_LOG_H_ diff --git a/src/audit_log_writer.cc b/src/audit_log/writer.cc similarity index 79% rename from src/audit_log_writer.cc rename to src/audit_log/writer.cc index 33739d23..3f9623c6 100644 --- a/src/audit_log_writer.cc +++ b/src/audit_log/writer.cc @@ -13,15 +13,16 @@ * */ -#include "src/audit_log_writer.h" +#include "audit_log/writer.h" #include -#include "src/audit_log.h" +#include "audit_log/audit_log.h" namespace modsecurity { +namespace audit_log { -std::string AuditLogWriter::file_name(const std::string& unique_id) { +std::string Writer::file_name(const std::string& unique_id) { time_t timer; time(&timer); @@ -33,10 +34,11 @@ std::string AuditLogWriter::file_name(const std::string& unique_id) { * Temporary print the log into the std::cout to debug purposes. * */ -bool AuditLogWriter::write(Transaction *transaction, int parts) { +bool Writer::write(Transaction *transaction, int parts) { std::cout << transaction->toJSON(0) << std::endl; return true; } +} // namespace audit_log } // namespace modsecurity diff --git a/src/audit_log_writer.h b/src/audit_log/writer.h similarity index 90% rename from src/audit_log_writer.h rename to src/audit_log/writer.h index fa07fe69..48600b8f 100644 --- a/src/audit_log_writer.h +++ b/src/audit_log/writer.h @@ -26,16 +26,18 @@ #ifdef __cplusplus namespace modsecurity { +namespace audit_log { + class AuditLog; /** @ingroup ModSecurity_CPP_API */ -class AuditLogWriter { +class Writer { public: - explicit AuditLogWriter(AuditLog *audit) + explicit Writer(AuditLog *audit) : m_audit(audit), m_refereceCount(0) { } - virtual ~AuditLogWriter() { } + virtual ~Writer() { } virtual void refCountIncrease() = 0; virtual void refCountDecreaseAndCheck() = 0; @@ -50,6 +52,7 @@ class AuditLogWriter { int m_refereceCount; }; +} // namespace audit_log } // namespace modsecurity #endif diff --git a/src/audit_log_writer_parallel.cc b/src/audit_log/writer/parallel.cc similarity index 91% rename from src/audit_log_writer_parallel.cc rename to src/audit_log/writer/parallel.cc index c8ed9e73..e90b461c 100644 --- a/src/audit_log_writer_parallel.cc +++ b/src/audit_log/writer/parallel.cc @@ -13,7 +13,7 @@ * */ -#include "src/audit_log_writer_parallel.h" +#include "audit_log/writer/parallel.h" #include #include @@ -24,15 +24,16 @@ #include -#include "src/audit_log.h" +#include "audit_log/audit_log.h" #include "modsecurity/transaction.h" #include "src/utils.h" #include "utils/md5.h" namespace modsecurity { +namespace audit_log { +namespace writer { - -AuditLogWriterParallel::~AuditLogWriterParallel() { +Parallel::~Parallel() { if (log1.is_open()) { log1.close(); } @@ -43,7 +44,7 @@ AuditLogWriterParallel::~AuditLogWriterParallel() { } -inline std::string AuditLogWriterParallel::logFilePath(time_t *t, +inline std::string Parallel::logFilePath(time_t *t, int part) { struct tm timeinfo; char tstr[300]; @@ -73,7 +74,7 @@ inline std::string AuditLogWriterParallel::logFilePath(time_t *t, } -bool AuditLogWriterParallel::init() { +bool Parallel::init() { /** TODO:: Check if the directory exists. */ /** TODO:: Checking if we have permission to write in the target dir */ @@ -89,7 +90,7 @@ bool AuditLogWriterParallel::init() { } -bool AuditLogWriterParallel::write(Transaction *transaction, int parts) { +bool Parallel::write(Transaction *transaction, int parts) { FILE *fp; int fd; std::string log = transaction->toJSON(parts); @@ -136,5 +137,6 @@ bool AuditLogWriterParallel::write(Transaction *transaction, int parts) { return true; } - +} // namespace writer +} // namespace audit_log } // namespace modsecurity diff --git a/src/audit_log_writer_parallel.h b/src/audit_log/writer/parallel.h similarity index 87% rename from src/audit_log_writer_parallel.h rename to src/audit_log/writer/parallel.h index b3d47adc..611d49ba 100644 --- a/src/audit_log_writer_parallel.h +++ b/src/audit_log/writer/parallel.h @@ -18,20 +18,22 @@ #ifndef SRC_AUDIT_LOG_WRITER_PARALLEL_H_ #define SRC_AUDIT_LOG_WRITER_PARALLEL_H_ -#include "src/audit_log_writer.h" +#include "audit_log/writer.h" #include "modsecurity/transaction.h" #ifdef __cplusplus namespace modsecurity { +namespace audit_log { +namespace writer { /** @ingroup ModSecurity_CPP_API */ -class AuditLogWriterParallel : public AuditLogWriter { +class Parallel : public audit_log::Writer { public: - explicit AuditLogWriterParallel(AuditLog *audit) - : AuditLogWriter(audit) { } + explicit Parallel(AuditLog *audit) + : audit_log::Writer(audit) { } - ~AuditLogWriterParallel() override; + ~Parallel() override; bool init() override; bool write(Transaction *transaction, int parts) override; @@ -75,6 +77,8 @@ class AuditLogWriterParallel : public AuditLogWriter { inline std::string logFilePath(time_t *t, int part); }; +} // namespace writer +} // namespace audit_log } // namespace modsecurity #endif diff --git a/src/audit_log_writer_serial.cc b/src/audit_log/writer/serial.cc similarity index 80% rename from src/audit_log_writer_serial.cc rename to src/audit_log/writer/serial.cc index b761a340..2f2fda54 100644 --- a/src/audit_log_writer_serial.cc +++ b/src/audit_log/writer/serial.cc @@ -13,23 +13,24 @@ * */ -#include "src/audit_log_writer_serial.h" +#include "audit_log/writer/serial.h" // #include -#include "src/audit_log.h" +#include "audit_log/audit_log.h" namespace modsecurity { - +namespace audit_log { +namespace writer { // static std::mutex serialLoggingMutex; -AuditLogWriterSerial::~AuditLogWriterSerial() { +Serial::~Serial() { m_log.close(); } -void AuditLogWriterSerial::generateBoundary(std::string *boundary) { +void Serial::generateBoundary(std::string *boundary) { static const char alphanum[] = "0123456789" "ABCDEFGHIJKLMNOPQRSTUVWXYZ" @@ -41,13 +42,13 @@ void AuditLogWriterSerial::generateBoundary(std::string *boundary) { } -bool AuditLogWriterSerial::init() { +bool Serial::init() { m_log.open(m_audit->m_path1, std::fstream::out | std::fstream::app); return true; } -bool AuditLogWriterSerial::write(Transaction *transaction, int parts) { +bool Serial::write(Transaction *transaction, int parts) { std::string boundary; generateBoundary(&boundary); @@ -62,5 +63,6 @@ bool AuditLogWriterSerial::write(Transaction *transaction, int parts) { return true; } - +} // namespace writer +} // namespace audit_log } // namespace modsecurity diff --git a/src/audit_log_writer_serial.h b/src/audit_log/writer/serial.h similarity index 83% rename from src/audit_log_writer_serial.h rename to src/audit_log/writer/serial.h index dd30a456..87b2268f 100644 --- a/src/audit_log_writer_serial.h +++ b/src/audit_log/writer/serial.h @@ -22,22 +22,24 @@ #ifndef SRC_AUDIT_LOG_WRITER_SERIAL_H_ #define SRC_AUDIT_LOG_WRITER_SERIAL_H_ -#include "src/audit_log_writer.h" +#include "audit_log/writer.h" #include "modsecurity/transaction.h" #ifdef __cplusplus namespace modsecurity { +namespace audit_log { +namespace writer { #define SERIAL_AUDIT_LOG_BOUNDARY_LENGTH 8 /** @ingroup ModSecurity_CPP_API */ -class AuditLogWriterSerial : public AuditLogWriter { +class Serial : public audit_log::Writer { public: - explicit AuditLogWriterSerial(AuditLog *audit) - : AuditLogWriter(audit) { } + explicit Serial(audit_log::AuditLog *audit) + : audit_log::Writer(audit) { } - ~AuditLogWriterSerial() override; + ~Serial() override; void refCountIncrease() override { m_refereceCount++; @@ -65,6 +67,8 @@ class AuditLogWriterSerial : public AuditLogWriter { void generateBoundary(std::string *boundary); }; +} // namespace writer +} // namespace audit_log } // namespace modsecurity #endif diff --git a/src/parser/driver.cc b/src/parser/driver.cc index cecd6399..34f946a9 100644 --- a/src/parser/driver.cc +++ b/src/parser/driver.cc @@ -16,9 +16,9 @@ #include "parser/driver.h" #include "parser/seclang-parser.hh" -#include "src/audit_log.h" +#include "audit_log/audit_log.h" -using modsecurity::AuditLog; +using modsecurity::audit_log::AuditLog; using modsecurity::Rule; namespace modsecurity { @@ -27,7 +27,7 @@ namespace Parser { Driver::Driver() : trace_scanning(false), trace_parsing(false) { - audit_log = new AuditLog(); + audit_log = new audit_log::AuditLog(); audit_log->refCountIncrease(); } diff --git a/src/parser/driver.h b/src/parser/driver.h index 66b670ea..c8226f77 100644 --- a/src/parser/driver.h +++ b/src/parser/driver.h @@ -27,7 +27,7 @@ #include "modsecurity/modsecurity.h" #include "modsecurity/rules.h" #include "modsecurity/rules_properties.h" -#include "src/audit_log.h" +#include "audit_log/audit_log.h" #include "parser/seclang-parser.hh" diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy index 11ff1694..508dbb1f 100644 --- a/src/parser/seclang-parser.yy +++ b/src/parser/seclang-parser.yy @@ -37,7 +37,7 @@ class Driver; #include "operators/operator.h" #include "modsecurity/rule.h" #include "utils/geo_lookup.h" -#include "audit_log.h" +#include "audit_log/audit_log.h" #include "utils.h" #include "variables/variations/count.h" @@ -295,15 +295,15 @@ audit_log: /* SecAuditEngine */ | CONFIG_DIR_AUDIT_ENG CONFIG_VALUE_RELEVANT_ONLY { - driver.audit_log->setStatus(modsecurity::AuditLog::RelevantOnlyAuditLogStatus); + driver.audit_log->setStatus(modsecurity::audit_log::AuditLog::RelevantOnlyAuditLogStatus); } | CONFIG_DIR_AUDIT_ENG CONFIG_VALUE_OFF { - driver.audit_log->setStatus(modsecurity::AuditLog::OffAuditLogStatus); + driver.audit_log->setStatus(modsecurity::audit_log::AuditLog::OffAuditLogStatus); } | CONFIG_DIR_AUDIT_ENG CONFIG_VALUE_ON { - driver.audit_log->setStatus(modsecurity::AuditLog::OnAuditLogStatus); + driver.audit_log->setStatus(modsecurity::audit_log::AuditLog::OnAuditLogStatus); } /* SecAuditLogFileMode */ @@ -342,11 +342,11 @@ audit_log: /* SecAuditLogType */ | CONFIG_DIR_AUDIT_TPE CONFIG_VALUE_SERIAL { - driver.audit_log->setType(modsecurity::AuditLog::SerialAuditLogType); + driver.audit_log->setType(modsecurity::audit_log::AuditLog::SerialAuditLogType); } | CONFIG_DIR_AUDIT_TPE CONFIG_VALUE_PARALLEL { - driver.audit_log->setType(modsecurity::AuditLog::ParallelAuditLogType); + driver.audit_log->setType(modsecurity::audit_log::AuditLog::ParallelAuditLogType); } ; diff --git a/src/transaction.cc b/src/transaction.cc index 5b63ff7c..64cc9c41 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -37,7 +37,7 @@ #include "modsecurity/intervention.h" #include "modsecurity/modsecurity.h" #include "request_body_processor/multipart.h" -#include "src/audit_log.h" +#include "audit_log/audit_log.h" #include "src/unique_id.h" #include "src/utils.h" @@ -1303,7 +1303,7 @@ std::string Transaction::toOldAuditLogFormat(int parts, audit_log << " " << this->m_serverPort; audit_log << std::endl; - if (parts & AuditLog::BAuditLogPart) { + if (parts & audit_log::AuditLog::BAuditLogPart) { audit_log << "--" << trailer << "-" << "B--" << std::endl; audit_log << this->m_method << " " << this->m_uri << " " << "HTTP/"; audit_log << this->m_httpVersion << std::endl; @@ -1321,19 +1321,19 @@ std::string Transaction::toOldAuditLogFormat(int parts, } } } - if (parts & AuditLog::CAuditLogPart) { + if (parts & audit_log::AuditLog::CAuditLogPart) { audit_log << "--" << trailer << "-" << "C--" << std::endl; /** TODO: write audit_log C part. */ } - if (parts & AuditLog::DAuditLogPart) { + if (parts & audit_log::AuditLog::DAuditLogPart) { audit_log << "--" << trailer << "-" << "D--" << std::endl; /** TODO: write audit_log D part. */ } - if (parts & AuditLog::EAuditLogPart) { + if (parts & audit_log::AuditLog::EAuditLogPart) { audit_log << "--" << trailer << "-" << "E--" << std::endl; /** TODO: write audit_log E part. */ } - if (parts & AuditLog::FAuditLogPart) { + if (parts & audit_log::AuditLog::FAuditLogPart) { audit_log << "--" << trailer << "-" << "F--" << std::endl; for (auto h : m_collections.m_transient) { std::string filter = "RESPONSE_HEADERS:"; @@ -1348,23 +1348,23 @@ std::string Transaction::toOldAuditLogFormat(int parts, } } } - if (parts & AuditLog::GAuditLogPart) { + if (parts & audit_log::AuditLog::GAuditLogPart) { audit_log << "--" << trailer << "-" << "G--" << std::endl; /** TODO: write audit_log G part. */ } - if (parts & AuditLog::HAuditLogPart) { + if (parts & audit_log::AuditLog::HAuditLogPart) { audit_log << "--" << trailer << "-" << "H--" << std::endl; /** TODO: write audit_log H part. */ } - if (parts & AuditLog::IAuditLogPart) { + if (parts & audit_log::AuditLog::IAuditLogPart) { audit_log << "--" << trailer << "-" << "I--" << std::endl; /** TODO: write audit_log I part. */ } - if (parts & AuditLog::JAuditLogPart) { + if (parts & audit_log::AuditLog::JAuditLogPart) { audit_log << "--" << trailer << "-" << "J--" << std::endl; /** TODO: write audit_log J part. */ } - if (parts & AuditLog::KAuditLogPart) { + if (parts & audit_log::AuditLog::KAuditLogPart) { audit_log << "--" << trailer << "-" << "K--" << std::endl; /** TODO: write audit_log K part. */ } @@ -1415,12 +1415,12 @@ std::string Transaction::toJSON(int parts) { LOGFY_ADD_INT("http_version", m_httpVersion); LOGFY_ADD("uri", this->m_uri); - if (parts & AuditLog::CAuditLogPart) { + if (parts & audit_log::AuditLog::CAuditLogPart) { LOGFY_ADD("body", this->m_requestBody.str().c_str()); } /* request headers */ - if (parts & AuditLog::BAuditLogPart) { + if (parts & audit_log::AuditLog::BAuditLogPart) { yajl_gen_string(g, reinterpret_cast("headers"), strlen("headers")); yajl_gen_map_open(g); @@ -1449,13 +1449,13 @@ std::string Transaction::toJSON(int parts) { strlen("response")); yajl_gen_map_open(g); - if (parts & AuditLog::GAuditLogPart) { + if (parts & audit_log::AuditLog::GAuditLogPart) { LOGFY_ADD("body", this->m_responseBody.str().c_str()); } LOGFY_ADD_NUM("http_code", m_httpCodeReturned); /* response headers */ - if (parts & AuditLog::FAuditLogPart) { + if (parts & audit_log::AuditLog::FAuditLogPart) { yajl_gen_string(g, reinterpret_cast("headers"), strlen("headers")); yajl_gen_map_open(g); @@ -1478,7 +1478,7 @@ std::string Transaction::toJSON(int parts) { yajl_gen_map_close(g); /* producer */ - if (parts & AuditLog::HAuditLogPart) { + if (parts & audit_log::AuditLog::HAuditLogPart) { yajl_gen_string(g, reinterpret_cast("producer"), strlen("producer")); yajl_gen_map_open(g);