From d240a026cef8b22813a96c3e9db484bc3ff9b784 Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <fcosta@trustwave.com>
Date: Wed, 15 Mar 2017 21:35:33 -0300
Subject: [PATCH] Having a better error handler for the highlight feature

---
 .../reading_logs_via_rule_message.h           | 15 ++++--
 src/modsecurity.cc                            | 52 ++++++++++++++++---
 2 files changed, 54 insertions(+), 13 deletions(-)

diff --git a/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h b/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h
index 22f03332..dd463bed 100644
--- a/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h
+++ b/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h
@@ -86,8 +86,12 @@ static void *process_request(void *data) {
         modsecTransaction->processURI(request_uri, "GET", "1.1");
 
         usleep(10);
-        modsecTransaction->addRequestHeader("Host",
-            "net.tutsplus.com");
+	/*
+        for (auto &i : m_requestHeaders) {
+            modsecTransaction->addRequestHeader(i.first,
+                i.second);
+        }
+	*/
         modsecTransaction->processRequestHeaders();
         modsecTransaction->processRequestBody();
         modsecTransaction->addResponseHeader("HTTP/1.1",
@@ -109,14 +113,15 @@ static void *process_request(void *data) {
 
 class ReadingLogsViaRuleMessage {
  public:
-    ReadingLogsViaRuleMessage(char *request_header,
+    ReadingLogsViaRuleMessage(
+        std::unordered_multimap<std::string, std::string> requestHeaders,
         char *request_uri,
         char *request_body,
         char *response_headers,
         char *response_body,
         char *ip,
         std::string rules) :
-            m_request_header(request_header),
+            m_requestHeaders(requestHeaders),
             m_request_uri(request_uri),
             m_request_body(request_body),
             m_response_headers(response_headers),
@@ -245,7 +250,7 @@ end:
     }
 
  protected:
-    char *m_request_header;
+    std::unordered_multimap<std::string, std::string> m_requestHeaders;
     char *m_request_uri;
     char *m_request_body;
     char *m_response_headers;
diff --git a/src/modsecurity.cc b/src/modsecurity.cc
index cd96a31a..8861c39f 100644
--- a/src/modsecurity.cc
+++ b/src/modsecurity.cc
@@ -197,11 +197,37 @@ void ModSecurity::serverLog(void *data, std::shared_ptr<RuleMessage> rm) {
     if (m_logProperties & RuleMessageLogProperty) {
         const void *a = static_cast<const void *>(rm.get());
         if (m_logProperties & IncludeFullHighlightLogProperty) {
-            processContentOffset(rm->m_buf.c_str(), rm->m_buf.size(),
-                rm->m_reference.c_str(), &rm->m_highlightJSON, NULL);
-            m_logCb(data, a);
-            return;
+            const char *err = NULL;
+            const char *buf = NULL;
+            size_t z;
+            int ret = processContentOffset(rm->m_buf.c_str(), rm->m_buf.size(),
+                rm->m_reference.c_str(), &rm->m_highlightJSON, &err);
+            if (ret < 0) {
+#ifdef WITH_YAJL
+                yajl_gen g;
+                g = yajl_gen_alloc(NULL);
+                if (g == NULL) {
+                    rm->m_highlightJSON.append(err);
+                    goto out;
+                }
+                yajl_gen_config(g, yajl_gen_beautify, 1);
+                yajl_gen_map_open(g);
+                yajl_gen_string(g, reinterpret_cast<const unsigned char*>("error"),
+                    strlen("error"));
+                yajl_gen_string(g, reinterpret_cast<const unsigned char*>(err),
+                    strlen(err));
+                yajl_gen_map_close(g);
+                yajl_gen_get_buf(g, (const unsigned char**)&buf, &z);
+
+                &rm->m_highlightJSON.append(buf);
+
+                yajl_gen_free(g);
+#else
+                rm->m_highlightJSON.append(err);
+#endif
+            }
         }
+out:
         m_logCb(data, a);
         return;
     }
@@ -227,7 +253,7 @@ int ModSecurity::processContentOffset(const char *content, size_t len,
 
     g = yajl_gen_alloc(NULL);
     if (g == NULL) {
-        *err = "Failed to allocate memory for the JSON creation.";
+        *err = strdup("Failed to allocate memory for the JSON creation.");
         return -1;
     }
 
@@ -270,7 +296,12 @@ int ModSecurity::processContentOffset(const char *content, size_t len,
         yajl_gen_map_close(g);
 
         if (stoi(startingAt) >= len) {
-            *err = "Offset is out of the content limits.";
+            std::stringstream e;
+            e << "Offset for the variables are out of the content limits. " \
+                "Trying to read position " << startingAt.c_str() << " from a buffer "\
+                "with only " << len << " bytes. Buffer: " <<  content \
+                << std::endl;
+            *err = strdup(e.str().c_str());
             return -1;
         }
 
@@ -352,7 +383,12 @@ int ModSecurity::processContentOffset(const char *content, size_t len,
         yajl_gen_map_close(g);
 
         if (stoi(startingAt) >= varValue.size()) {
-            *err = "Offset is out of the variable limits.";
+            std::stringstream e;
+            e << "Offset for the operator is out of the variable limit. " \
+                "Trying to read " << startingAt.c_str() << " from a buffer with " \
+                "only " << std::to_string(varValue.size()) << " bytes. Buffer: " \
+                "" << varValue << std::endl;
+                *err = strdup(e.str().c_str());
             return -1;
         }
         yajl_gen_string(g,
@@ -383,7 +419,7 @@ int ModSecurity::processContentOffset(const char *content, size_t len,
 
     yajl_gen_free(g);
 #else
-    *err = "Without YAJL support, we cannot generate JSON.";
+    *err = strdup("Without YAJL support, we cannot generate JSON.");
     return -1;
 #endif
     return 0;