mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-14 05:45:59 +03:00
Fix logging MATCHED_VARS issue
This commit is contained in:
parent
352514f7d8
commit
cf97731cc0
@ -1129,7 +1129,7 @@ void sec_audit_logger(modsec_rec *msr) {
|
||||
/* Matched Rules */
|
||||
for(i = 0; i < msr->matched_rules->nelts; i++) {
|
||||
rule = ((msre_rule **)msr->matched_rules->elts)[i];
|
||||
if (rule != NULL && rule->actionset != NULL && rule->actionset->is_chained) {
|
||||
if ((rule != NULL) && (rule->actionset != NULL) && rule->actionset->is_chained && (rule->chain_starter == NULL)) {
|
||||
text = apr_psprintf(msr->mp, "Chain Starter [Match]: %s\n", rule->unparsed);
|
||||
sec_auditlog_write(msr, text, strlen(text));
|
||||
do {
|
||||
@ -1153,9 +1153,13 @@ void sec_audit_logger(modsec_rec *msr) {
|
||||
}
|
||||
rule = next_rule;
|
||||
} while (rule != NULL && rule->actionset != NULL && rule->actionset->is_chained);
|
||||
} else {
|
||||
text = apr_psprintf(msr->mp, "Rule [Match]: %s\n", rule->unparsed);
|
||||
text = apr_psprintf(msr->mp, "\n");
|
||||
sec_auditlog_write(msr, text, strlen(text));
|
||||
} else {
|
||||
if ((rule != NULL) && (rule->actionset != NULL) && !rule->actionset->is_chained && (rule->chain_starter == NULL)) {
|
||||
text = apr_psprintf(msr->mp, "Rule [Match]: %s\n\n", rule->unparsed);
|
||||
sec_auditlog_write(msr, text, strlen(text));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1175,7 +1179,7 @@ void sec_audit_logger(modsec_rec *msr) {
|
||||
rc = apr_global_mutex_unlock(msr->modsecurity->auditlog_lock);
|
||||
if (rc != APR_SUCCESS) {
|
||||
msr_log(msr, 1, "Audit log: Failed to unlock global mutex: %s",
|
||||
get_apr_error(msr->mp, rc));
|
||||
get_apr_error(msr->mp, rc));
|
||||
}
|
||||
|
||||
return;
|
||||
@ -1191,7 +1195,7 @@ void sec_audit_logger(modsec_rec *msr) {
|
||||
apr_md5_final(md5hash, &msr->new_auditlog_md5ctx);
|
||||
|
||||
str2 = apr_psprintf(msr->mp, "%s %d %d md5:%s", msr->new_auditlog_filename, 0,
|
||||
msr->new_auditlog_size, bytes2hex(msr->mp, md5hash, 16));
|
||||
msr->new_auditlog_size, bytes2hex(msr->mp, md5hash, 16));
|
||||
if (str2 == NULL) return;
|
||||
|
||||
/* We do not want the index line to be longer than 3980 bytes. */
|
||||
|
@ -1878,7 +1878,17 @@ static int var_matched_vars_names_generate(modsec_rec *msr, msre_var *var, msre_
|
||||
rvar->value = apr_pstrndup(mptmp, str->name, strlen(str->name));
|
||||
rvar->value_len = strlen(rvar->value);
|
||||
rvar->name = apr_psprintf(mptmp, "MATCHED_VARS_NAMES:%s",
|
||||
log_escape_nq(mptmp, str->name));
|
||||
log_escape_nq(mptmp, str->name));
|
||||
|
||||
if(var->is_counting == 0)
|
||||
rvar->is_counting = 0;
|
||||
else
|
||||
rvar->is_counting = 1;
|
||||
|
||||
if(var->is_negated == 0)
|
||||
rvar->is_negated = 0;
|
||||
else
|
||||
rvar->is_negated = 1;
|
||||
|
||||
apr_table_setn(vartab, rvar->name, (void *)rvar);
|
||||
|
||||
@ -1896,7 +1906,7 @@ static int var_matched_vars_names_generate(modsec_rec *msr, msre_var *var, msre_
|
||||
/* MATCHED_VARS */
|
||||
|
||||
static int var_matched_vars_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
|
||||
apr_table_t *vartab, apr_pool_t *mptmp)
|
||||
apr_table_t *vartab, apr_pool_t *mptmp)
|
||||
{
|
||||
const apr_array_header_t *arr = NULL;
|
||||
const apr_table_entry_t *te = NULL;
|
||||
@ -1914,7 +1924,7 @@ static int var_matched_vars_generate(modsec_rec *msr, msre_var *var, msre_rule *
|
||||
if (var->param_data != NULL) { /* Regex. */
|
||||
char *my_error_msg = NULL;
|
||||
if (!(msc_regexec((msc_regex_t *)var->param_data, str->name,
|
||||
strlen(str->name), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
|
||||
strlen(str->name), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
|
||||
} else { /* Simple comparison. */
|
||||
if (strcasecmp(str->name, var->param) == 0) match = 1;
|
||||
}
|
||||
@ -1923,13 +1933,22 @@ static int var_matched_vars_generate(modsec_rec *msr, msre_var *var, msre_rule *
|
||||
/* If we had a match add this argument to the collection. */
|
||||
if (match && (strncmp(str->name,"MATCHED_VARS:",13) != 0) && (strncmp(str->name,"MATCHED_VARS_NAMES:",19))) {
|
||||
|
||||
//msre_var *rvar = apr_pmemdup(mptmp, var, sizeof(msre_var));
|
||||
msre_var *rvar = apr_palloc(mptmp, sizeof(msre_var));
|
||||
|
||||
rvar->value = apr_pstrndup(mptmp, str->value, str->value_len);
|
||||
rvar->value_len = str->value_len;
|
||||
rvar->name = apr_psprintf(mptmp, "MATCHED_VARS:%s",
|
||||
log_escape_nq(mptmp, str->name));
|
||||
log_escape_nq(mptmp, str->name));
|
||||
|
||||
if(var->is_counting == 0)
|
||||
rvar->is_counting = 0;
|
||||
else
|
||||
rvar->is_counting = 1;
|
||||
|
||||
if(var->is_negated == 0)
|
||||
rvar->is_negated = 0;
|
||||
else
|
||||
rvar->is_negated = 1;
|
||||
|
||||
apr_table_setn(vartab, rvar->name, (void *)rvar);
|
||||
|
||||
@ -1947,7 +1966,7 @@ static int var_matched_vars_generate(modsec_rec *msr, msre_var *var, msre_rule *
|
||||
/* REQUEST_COOKIES */
|
||||
|
||||
static int var_request_cookies_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
|
||||
apr_table_t *vartab, apr_pool_t *mptmp)
|
||||
apr_table_t *vartab, apr_pool_t *mptmp)
|
||||
{
|
||||
const apr_array_header_t *arr = NULL;
|
||||
const apr_table_entry_t *te = NULL;
|
||||
@ -1964,7 +1983,7 @@ static int var_request_cookies_generate(modsec_rec *msr, msre_var *var, msre_rul
|
||||
if (var->param_data != NULL) { /* Regex. */
|
||||
char *my_error_msg = NULL;
|
||||
if (!(msc_regexec((msc_regex_t *)var->param_data, te[i].key,
|
||||
strlen(te[i].key), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
|
||||
strlen(te[i].key), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
|
||||
} else { /* Simple comparison. */
|
||||
if (strcasecmp(te[i].key, var->param) == 0) match = 1;
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user