github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-01 14:15:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

Computes auditlog during rules load time

Browse Source
This commit is contained in:
Felipe Zimmerle
2020-06-03 20:57:27 -03:00
committed by Felipe Zimmerle
parent bf3a1d84ff
commit c38051324d
18 changed files with 197 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/transaction.cc
View File

@@ -72,12 +72,15 @@ void TransactionRuleMessageManagement::logMatchLastRuleOnTheChain(RuleWithAction
rm->setRule(rule);
if (rule->hasDisruptiveAction() &&
if (rule->hasDisruptiveAction() && rule->isItToBeLogged() &&
(m_transaction->getRuleEngineState() == RulesSet::DetectionOnlyRuleEngine)) {
/* error */
// The error goes over the disruptive massage. We don't need it here.
//m_transaction->serverLog(rm);
} else if (rule->hasBlockAction() && (!rule->hasNoLogAction()) || rule->hasLogAction()) {
} else if (rule->hasBlockAction() && rule->isItToBeLogged()) {
/* Log as warning. */
m_transaction->serverLog(rm);
} else if (rule->isItToBeLogged()) {
/* Log as warning. */
m_transaction->serverLog(rm);
messageNew();
@@ -88,6 +91,15 @@ void TransactionRuleMessageManagement::messageNew() {
m_rulesMessages.push_back(new RuleMessage(m_transaction));
}
std::list<RuleMessage *> TransactionRuleMessageManagement::messageGetAll() {
std::list<RuleMessage *> messages;
for (RuleMessage *a : m_rulesMessages) {
messages.push_back(a);
}
return messages;
}
/**
* @name Transaction
@@ -272,7 +284,7 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, char *id, void *logCb
ms_dbg(4, "Initializing transaction");
if (m_rules != NULL && m_rules->m_auditLog != NULL) {
m_auditLogParts = this->m_rules->m_auditLog->getParts();
m_auditLogParts = m_rules->m_auditLog->getParts();
}
intervention::clean(&m_it);
@@ -1418,8 +1430,7 @@ int Transaction::processLogging() {
ms_dbg(8, "Checking if this request is suitable to be " \
"saved as an audit log.");
// FIXME: m_auditLogParts can be accessed via Transaction.
bool saved = this->m_rules->m_auditLog->saveIfRelevant(this, m_auditLogParts);
bool saved = m_rules->m_auditLog->saveIfRelevant(this);
if (saved) {
ms_dbg(8, "Request was relevant to be saved. Parts: " +
std::to_string(m_auditLogParts));
@@ -1605,6 +1616,9 @@ std::string Transaction::toOldAuditLogFormat(int parts,
if (parts & audit_log::AuditLog::HAuditLogPart) {
audit_log << "--" << trailer << "-" << "H--" << std::endl;
for (auto a : messageGetAll()) {
if (!a->toBeAuditLog()) {
continue;
}
audit_log << a->log(0, m_httpCodeReturned) << std::endl;
}
audit_log << std::endl;
@@ -1768,6 +1782,10 @@ std::string Transaction::toJSON(int parts) {
strlen("messages"));
yajl_gen_array_open(g);
for (auto a : messageGetAll()) {
if (!a->toBeAuditLog()) {
continue;
}
yajl_gen_map_open(g);
LOGFY_ADD("message", a->m_message.c_str());
yajl_gen_string(g,