Fix logging MATCHED_VARS issue

This commit is contained in:
brenosilva 2011-04-25 19:46:33 +00:00
parent 352514f7d8
commit cf97731cc0
2 changed files with 35 additions and 12 deletions

View File

@ -1129,7 +1129,7 @@ void sec_audit_logger(modsec_rec *msr) {
/* Matched Rules */
for(i = 0; i < msr->matched_rules->nelts; i++) {
rule = ((msre_rule **)msr->matched_rules->elts)[i];
if (rule != NULL && rule->actionset != NULL && rule->actionset->is_chained) {
if ((rule != NULL) && (rule->actionset != NULL) && rule->actionset->is_chained && (rule->chain_starter == NULL)) {
text = apr_psprintf(msr->mp, "Chain Starter [Match]: %s\n", rule->unparsed);
sec_auditlog_write(msr, text, strlen(text));
do {
@ -1153,9 +1153,13 @@ void sec_audit_logger(modsec_rec *msr) {
}
rule = next_rule;
} while (rule != NULL && rule->actionset != NULL && rule->actionset->is_chained);
} else {
text = apr_psprintf(msr->mp, "Rule [Match]: %s\n", rule->unparsed);
text = apr_psprintf(msr->mp, "\n");
sec_auditlog_write(msr, text, strlen(text));
} else {
if ((rule != NULL) && (rule->actionset != NULL) && !rule->actionset->is_chained && (rule->chain_starter == NULL)) {
text = apr_psprintf(msr->mp, "Rule [Match]: %s\n\n", rule->unparsed);
sec_auditlog_write(msr, text, strlen(text));
}
}
}
}
@ -1175,7 +1179,7 @@ void sec_audit_logger(modsec_rec *msr) {
rc = apr_global_mutex_unlock(msr->modsecurity->auditlog_lock);
if (rc != APR_SUCCESS) {
msr_log(msr, 1, "Audit log: Failed to unlock global mutex: %s",
get_apr_error(msr->mp, rc));
get_apr_error(msr->mp, rc));
}
return;
@ -1191,7 +1195,7 @@ void sec_audit_logger(modsec_rec *msr) {
apr_md5_final(md5hash, &msr->new_auditlog_md5ctx);
str2 = apr_psprintf(msr->mp, "%s %d %d md5:%s", msr->new_auditlog_filename, 0,
msr->new_auditlog_size, bytes2hex(msr->mp, md5hash, 16));
msr->new_auditlog_size, bytes2hex(msr->mp, md5hash, 16));
if (str2 == NULL) return;
/* We do not want the index line to be longer than 3980 bytes. */

View File

@ -1878,7 +1878,17 @@ static int var_matched_vars_names_generate(modsec_rec *msr, msre_var *var, msre_
rvar->value = apr_pstrndup(mptmp, str->name, strlen(str->name));
rvar->value_len = strlen(rvar->value);
rvar->name = apr_psprintf(mptmp, "MATCHED_VARS_NAMES:%s",
log_escape_nq(mptmp, str->name));
log_escape_nq(mptmp, str->name));
if(var->is_counting == 0)
rvar->is_counting = 0;
else
rvar->is_counting = 1;
if(var->is_negated == 0)
rvar->is_negated = 0;
else
rvar->is_negated = 1;
apr_table_setn(vartab, rvar->name, (void *)rvar);
@ -1896,7 +1906,7 @@ static int var_matched_vars_names_generate(modsec_rec *msr, msre_var *var, msre_
/* MATCHED_VARS */
static int var_matched_vars_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
apr_table_t *vartab, apr_pool_t *mptmp)
apr_table_t *vartab, apr_pool_t *mptmp)
{
const apr_array_header_t *arr = NULL;
const apr_table_entry_t *te = NULL;
@ -1914,7 +1924,7 @@ static int var_matched_vars_generate(modsec_rec *msr, msre_var *var, msre_rule *
if (var->param_data != NULL) { /* Regex. */
char *my_error_msg = NULL;
if (!(msc_regexec((msc_regex_t *)var->param_data, str->name,
strlen(str->name), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
strlen(str->name), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
} else { /* Simple comparison. */
if (strcasecmp(str->name, var->param) == 0) match = 1;
}
@ -1923,13 +1933,22 @@ static int var_matched_vars_generate(modsec_rec *msr, msre_var *var, msre_rule *
/* If we had a match add this argument to the collection. */
if (match && (strncmp(str->name,"MATCHED_VARS:",13) != 0) && (strncmp(str->name,"MATCHED_VARS_NAMES:",19))) {
//msre_var *rvar = apr_pmemdup(mptmp, var, sizeof(msre_var));
msre_var *rvar = apr_palloc(mptmp, sizeof(msre_var));
rvar->value = apr_pstrndup(mptmp, str->value, str->value_len);
rvar->value_len = str->value_len;
rvar->name = apr_psprintf(mptmp, "MATCHED_VARS:%s",
log_escape_nq(mptmp, str->name));
log_escape_nq(mptmp, str->name));
if(var->is_counting == 0)
rvar->is_counting = 0;
else
rvar->is_counting = 1;
if(var->is_negated == 0)
rvar->is_negated = 0;
else
rvar->is_negated = 1;
apr_table_setn(vartab, rvar->name, (void *)rvar);
@ -1947,7 +1966,7 @@ static int var_matched_vars_generate(modsec_rec *msr, msre_var *var, msre_rule *
/* REQUEST_COOKIES */
static int var_request_cookies_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
apr_table_t *vartab, apr_pool_t *mptmp)
apr_table_t *vartab, apr_pool_t *mptmp)
{
const apr_array_header_t *arr = NULL;
const apr_table_entry_t *te = NULL;
@ -1964,7 +1983,7 @@ static int var_request_cookies_generate(modsec_rec *msr, msre_var *var, msre_rul
if (var->param_data != NULL) { /* Regex. */
char *my_error_msg = NULL;
if (!(msc_regexec((msc_regex_t *)var->param_data, te[i].key,
strlen(te[i].key), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
strlen(te[i].key), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
} else { /* Simple comparison. */
if (strcasecmp(te[i].key, var->param) == 0) match = 1;
}