github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

API CHANGE: response status is now set on processResponseHeaders

Browse Source 
That change was needed to move the variable attribution to earliest
as possible. We also have a new field for HTTP_PROTOCOL version used
on the response.
This commit is contained in:
Felipe Zimmerle 2016-06-20 23:57:02 -03:00
parent a36b2da86a
commit b8bd0c5960
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
6 changed files with 37 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
examples/multithread_c/multi.c
View File

@ -66,9 +66,9 @@ void process_request (void *ptr)
msc_process_request_headers(transaction); msc_process_request_headers(transaction);
msc_process_request_body(transaction); msc_process_request_body(transaction);
msc_add_response_header(transaction, "Content-type", "text/html"); msc_add_response_header(transaction, "Content-type", "text/html");
msc_process_response_headers(transaction); msc_process_response_headers(transaction, 200, "HTTP 1.0");
msc_process_response_body(transaction); msc_process_response_body(transaction);
msc_process_logging(transaction, 200); msc_process_logging(transaction);
msc_transaction_cleanup(transaction); msc_transaction_cleanup(transaction);
tv.tv_sec = 0; tv.tv_sec = 0;
tv.tv_usec = 1000; tv.tv_usec = 1000;

4
examples/simple_example_using_c/test.c
View File

@ -63,9 +63,9 @@ int main (int argc, char **argv)
"GET", "1.1"); "GET", "1.1");
msc_process_request_headers(transaction); msc_process_request_headers(transaction);
msc_process_request_body(transaction); msc_process_request_body(transaction);
msc_process_response_headers(transaction); msc_process_response_headers(transaction, 200, "HTTP 1.3");
msc_process_response_body(transaction); msc_process_response_body(transaction);
msc_process_logging(transaction, 200); msc_process_logging(transaction);
end: end:
msc_rules_cleanup(rules); msc_rules_cleanup(rules);
msc_cleanup(modsec); msc_cleanup(modsec);

9
headers/modsecurity/transaction.h
View File

@ -131,7 +131,7 @@ class Transaction {
int appendRequestBody(const unsigned char *body, size_t size); int appendRequestBody(const unsigned char *body, size_t size);
int requestBodyFromFile(const char *path); int requestBodyFromFile(const char *path);
int processResponseHeaders(); int processResponseHeaders(int code, const std::string& proto);
int addResponseHeader(const std::string& key, const std::string& value); int addResponseHeader(const std::string& key, const std::string& value);
int addResponseHeader(const unsigned char *key, const unsigned char *value); int addResponseHeader(const unsigned char *key, const unsigned char *value);
int addResponseHeader(const unsigned char *key, size_t len_key, int addResponseHeader(const unsigned char *key, size_t len_key,
@ -140,7 +140,7 @@ class Transaction {
int processResponseBody(); int processResponseBody();
int appendResponseBody(const unsigned char *body, size_t size); int appendResponseBody(const unsigned char *body, size_t size);
int processLogging(int status_code); int processLogging();
bool intervention(ModSecurityIntervention *it); bool intervention(ModSecurityIntervention *it);
@ -392,7 +392,8 @@ int msc_append_request_body(Transaction *transaction,
int msc_request_body_from_file(Transaction *transaction, const char *path); int msc_request_body_from_file(Transaction *transaction, const char *path);
/** @ingroup ModSecurity_C_API */ /** @ingroup ModSecurity_C_API */
int msc_process_response_headers(Transaction *transaction); int msc_process_response_headers(Transaction *transaction, int code,
const char* protocol);
/** @ingroup ModSecurity_C_API */ /** @ingroup ModSecurity_C_API */
int msc_add_response_header(Transaction *transaction, int msc_add_response_header(Transaction *transaction,
@ -427,7 +428,7 @@ void msc_transaction_cleanup(Transaction *transaction);
int msc_intervention(Transaction *transaction, ModSecurityIntervention *it); int msc_intervention(Transaction *transaction, ModSecurityIntervention *it);
/** @ingroup ModSecurity_C_API */ /** @ingroup ModSecurity_C_API */
int msc_process_logging(Transaction *transaction, int code); int msc_process_logging(Transaction *transaction);
#ifdef __cplusplus #ifdef __cplusplus
} }

23
src/transaction.cc
View File

@ -823,16 +823,22 @@ int Transaction::appendRequestBody(const unsigned char *buf, size_t len) {
* *
* @note Remember to check for a possible intervention. * @note Remember to check for a possible intervention.
* *
* @param code The returned http code.
* @param proto Protocol used on the response.
*
* @returns If the operation was successful or not. * @returns If the operation was successful or not.
* @retval true Operation was successful. * @retval true Operation was successful.
* @retval false Operation failed. * @retval false Operation failed.
* *
*/ */
int Transaction::processResponseHeaders() { int Transaction::processResponseHeaders(int code, const std::string& proto) {
#ifndef NO_LOGS #ifndef NO_LOGS
debug(4, "Starting phase RESPONSE_HEADERS. (SecRules 3)"); debug(4, "Starting phase RESPONSE_HEADERS. (SecRules 3)");
#endif #endif
this->m_httpCodeReturned = code;
this->m_collections.store("STATUS", std::to_string(code));
if (m_rules->secRuleEngine == Rules::DisabledRuleEngine) { if (m_rules->secRuleEngine == Rules::DisabledRuleEngine) {
#ifndef NO_LOGS #ifndef NO_LOGS
debug(4, "Rule engine disabled, returning..."); debug(4, "Rule engine disabled, returning...");
@ -1123,7 +1129,7 @@ int Transaction::getResponseBodyLenth() {
* @retval false Operation failed. * @retval false Operation failed.
* *
*/ */
int Transaction::processLogging(int returned_code) { int Transaction::processLogging() {
#ifndef NO_LOGS #ifndef NO_LOGS
debug(4, "Starting phase LOGGING. (SecRules 5)"); debug(4, "Starting phase LOGGING. (SecRules 5)");
#endif #endif
@ -1135,9 +1141,6 @@ int Transaction::processLogging(int returned_code) {
return true; return true;
} }
this->m_httpCodeReturned = returned_code;
this->m_collections.store("STATUS", std::to_string(returned_code));
this->m_rules->evaluate(ModSecurity::LoggingPhase, this); this->m_rules->evaluate(ModSecurity::LoggingPhase, this);
/* If relevant, save this transaction information at the audit_logs */ /* If relevant, save this transaction information at the audit_logs */
@ -1720,8 +1723,9 @@ extern "C" int msc_request_body_from_file(Transaction *transaction,
* @retval 0 Operation failed. * @retval 0 Operation failed.
* *
*/ */
extern "C" int msc_process_response_headers(Transaction *transaction) { extern "C" int msc_process_response_headers(Transaction *transaction,
return transaction->processResponseHeaders(); int code, const char* protocol) {
return transaction->processResponseHeaders(code, protocol);
} }
@ -1961,15 +1965,14 @@ extern "C" int msc_get_response_body_length(Transaction *transaction) {
* delivered prior to the execution of this function. * delivered prior to the execution of this function.
* *
* @param transaction ModSecurity transaction. * @param transaction ModSecurity transaction.
* @param code HTTP code returned to the user.
* *
* @returns If the operation was successful or not. * @returns If the operation was successful or not.
* @retval 1 Operation was successful. * @retval 1 Operation was successful.
* @retval 0 Operation failed. * @retval 0 Operation failed.
* *
*/ */
extern "C" int msc_process_logging(Transaction *transaction, int code) { extern "C" int msc_process_logging(Transaction *transaction) {
return transaction->processLogging(code); return transaction->processLogging();
} }
} // namespace modsecurity } // namespace modsecurity

4
test/benchmark/benchmark.cc
View File

@ -147,7 +147,7 @@ int main(int argc, char *argv[]) {
modsecTransaction->addResponseHeader("Content-Length", modsecTransaction->addResponseHeader("Content-Length",
"200"); "200");
modsecTransaction->processResponseHeaders(); modsecTransaction->processResponseHeaders(200, "HTTP 1.2");
if (modsecTransaction->intervention(&it)) { if (modsecTransaction->intervention(&it)) {
std::cout << "There is an intervention" << std::endl; std::cout << "There is an intervention" << std::endl;
@ -165,7 +165,7 @@ int main(int argc, char *argv[]) {
} }
next_request: next_request:
modsecTransaction->processLogging(200); modsecTransaction->processLogging();
delete modsecTransaction; delete modsecTransaction;
} }

16
test/regression/regression.cc
View File

@ -246,17 +246,21 @@ void perform_unit_test(ModSecurityTest<RegressionTest> *test,
t->clientPort, t->serverIp.c_str(), t->serverPort); t->clientPort, t->serverIp.c_str(), t->serverPort);
actions(&r, modsec_transaction); actions(&r, modsec_transaction);
#if 0
if (r.status != 200) { if (r.status != 200) {
goto end; goto end;
} }
#endif
modsec_transaction->processURI(t->uri.c_str(), t->method.c_str(), modsec_transaction->processURI(t->uri.c_str(), t->method.c_str(),
t->httpVersion.c_str()); t->httpVersion.c_str());
actions(&r, modsec_transaction); actions(&r, modsec_transaction);
#if 0
if (r.status != 200) { if (r.status != 200) {
goto end; goto end;
} }
#endif
for (std::pair<std::string, std::string> headers : for (std::pair<std::string, std::string> headers :
t->request_headers) { t->request_headers) {
@ -267,7 +271,7 @@ void perform_unit_test(ModSecurityTest<RegressionTest> *test,
modsec_transaction->processRequestHeaders(); modsec_transaction->processRequestHeaders();
actions(&r, modsec_transaction); actions(&r, modsec_transaction);
if (r.status != 200) { if (r.status != 200) {
goto end; //goto end;
} }
modsec_transaction->appendRequestBody( modsec_transaction->appendRequestBody(
@ -275,9 +279,11 @@ void perform_unit_test(ModSecurityTest<RegressionTest> *test,
t->request_body.size()); t->request_body.size());
modsec_transaction->processRequestBody(); modsec_transaction->processRequestBody();
actions(&r, modsec_transaction); actions(&r, modsec_transaction);
#if 0
if (r.status != 200) { if (r.status != 200) {
goto end; goto end;
} }
#endif
for (std::pair<std::string, std::string> headers : for (std::pair<std::string, std::string> headers :
t->response_headers) { t->response_headers) {
@ -285,23 +291,27 @@ void perform_unit_test(ModSecurityTest<RegressionTest> *test,
headers.second.c_str()); headers.second.c_str());
} }
modsec_transaction->processResponseHeaders(); modsec_transaction->processResponseHeaders(r.status, "HTTP 1.1");
actions(&r, modsec_transaction); actions(&r, modsec_transaction);
#if 0
if (r.status != 200) { if (r.status != 200) {
goto end; goto end;
} }
#endif
modsec_transaction->appendResponseBody( modsec_transaction->appendResponseBody(
(unsigned char *)t->response_body.c_str(), (unsigned char *)t->response_body.c_str(),
t->response_body.size()); t->response_body.size());
modsec_transaction->processResponseBody(); modsec_transaction->processResponseBody();
actions(&r, modsec_transaction); actions(&r, modsec_transaction);
#if 0
if (r.status != 200) { if (r.status != 200) {
goto end; goto end;
} }
#endif
end: end:
modsec_transaction->processLogging(r.status); modsec_transaction->processLogging();
CustomDebugLog *d = reinterpret_cast<CustomDebugLog *> CustomDebugLog *d = reinterpret_cast<CustomDebugLog *>
(modsec_rules->m_debugLog); (modsec_rules->m_debugLog);