From d61da493ebd4ca3a4bd042027c07a1bea6f0167f Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <fcosta@trustwave.com>
Date: Wed, 15 Mar 2017 21:35:33 -0300
Subject: [PATCH] Having a better error handler for the highlight feature

---
 .../reading_logs_via_rule_message.h           | 15 ++++--
 .../simple_request.cc                         | 10 +++-
 src/modsecurity.cc                            | 52 ++++++++++++++++---
 3 files changed, 63 insertions(+), 14 deletions(-)

diff --git a/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h b/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h
index 418d07a4..87bfe94b 100644
--- a/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h
+++ b/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h
@@ -85,8 +85,12 @@ static void *process_request(void *data) {
         modsecTransaction->processURI(request_uri, "GET", "1.1");
 
         usleep(10);
-        modsecTransaction->addRequestHeader("Host",
-            "net.tutsplus.com");
+	/*
+        for (auto &i : m_requestHeaders) {
+            modsecTransaction->addRequestHeader(i.first,
+                i.second);
+        }
+	*/
         modsecTransaction->processRequestHeaders();
         modsecTransaction->processRequestBody();
         modsecTransaction->addResponseHeader("HTTP/1.1",
@@ -108,14 +112,15 @@ static void *process_request(void *data) {
 
 class ReadingLogsViaRuleMessage {
  public:
-    ReadingLogsViaRuleMessage(char *request_header,
+    ReadingLogsViaRuleMessage(
+        std::unordered_multimap<std::string, std::string> requestHeaders,
         char *request_uri,
         char *request_body,
         char *response_headers,
         char *response_body,
         char *ip,
         std::string rules) :
-            m_request_header(request_header),
+            m_requestHeaders(requestHeaders),
             m_request_uri(request_uri),
             m_request_body(request_body),
             m_response_headers(response_headers),
@@ -243,7 +248,7 @@ end:
     }
 
  protected:
-    char *m_request_header;
+    std::unordered_multimap<std::string, std::string> m_requestHeaders;
     char *m_request_uri;
     char *m_request_body;
     char *m_response_headers;
diff --git a/examples/reading_logs_via_rule_message/simple_request.cc b/examples/reading_logs_via_rule_message/simple_request.cc
index 04b6e7c4..0a0554fe 100644
--- a/examples/reading_logs_via_rule_message/simple_request.cc
+++ b/examples/reading_logs_via_rule_message/simple_request.cc
@@ -21,6 +21,9 @@
 #include "examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h"
 
 
+char request_uri2[] = "/index.html?d=1";
+
+std::unordered_multimap<std::string, std::string> requestHeaders;
 
 int main(int argc, char **argv) {
     *argv++;
@@ -31,8 +34,13 @@ int main(int argc, char **argv) {
         return -1;
     }
 
+    requestHeaders.emplace("Host", "SITE2");
+    requestHeaders.emplace("User-Agent", "wFetch");
+    requestHeaders.emplace("test", "21321");
+
+
     std::string rules(*argv);
-    ReadingLogsViaRuleMessage rlvrm(request_header, request_uri, request_body,
+    ReadingLogsViaRuleMessage rlvrm(requestHeaders, request_uri, request_body,
         "", response_body, ip, rules);
     rlvrm.process();
 
diff --git a/src/modsecurity.cc b/src/modsecurity.cc
index 79fa6adc..37fe3c2d 100644
--- a/src/modsecurity.cc
+++ b/src/modsecurity.cc
@@ -189,11 +189,37 @@ void ModSecurity::serverLog(void *data, std::shared_ptr<RuleMessage> rm) {
     if (m_logProperties & RuleMessageLogProperty) {
         const void *a = static_cast<const void *>(rm.get());
         if (m_logProperties & IncludeFullHighlightLogProperty) {
-            processContentOffset(rm->m_buf.c_str(), rm->m_buf.size(),
-                rm->m_reference.c_str(), &rm->m_highlightJSON, NULL);
-            m_logCb(data, a);
-            return;
+            const char *err = NULL;
+            const char *buf = NULL;
+            size_t z;
+            int ret = processContentOffset(rm->m_buf.c_str(), rm->m_buf.size(),
+                rm->m_reference.c_str(), &rm->m_highlightJSON, &err);
+            if (ret < 0) {
+#ifdef WITH_YAJL
+                yajl_gen g;
+                g = yajl_gen_alloc(NULL);
+                if (g == NULL) {
+                    rm->m_highlightJSON.append(err);
+                    goto out;
+                }
+                yajl_gen_config(g, yajl_gen_beautify, 1);
+                yajl_gen_map_open(g);
+                yajl_gen_string(g, reinterpret_cast<const unsigned char*>("error"),
+                    strlen("error"));
+                yajl_gen_string(g, reinterpret_cast<const unsigned char*>(err),
+                    strlen(err));
+                yajl_gen_map_close(g);
+                yajl_gen_get_buf(g, (const unsigned char**)&buf, &z);
+
+                &rm->m_highlightJSON.append(buf);
+
+                yajl_gen_free(g);
+#else
+                rm->m_highlightJSON.append(err);
+#endif
+            }
         }
+out:
         m_logCb(data, a);
         return;
     }
@@ -219,7 +245,7 @@ int ModSecurity::processContentOffset(const char *content, size_t len,
 
     g = yajl_gen_alloc(NULL);
     if (g == NULL) {
-        *err = "Failed to allocate memory for the JSON creation.";
+        *err = strdup("Failed to allocate memory for the JSON creation.");
         return -1;
     }
 
@@ -262,7 +288,12 @@ int ModSecurity::processContentOffset(const char *content, size_t len,
         yajl_gen_map_close(g);
 
         if (stoi(startingAt) >= len) {
-            *err = "Offset is out of the content limits.";
+            std::stringstream e;
+            e << "Offset for the variables are out of the content limits. " \
+                "Trying to read position " << startingAt.c_str() << " from a buffer "\
+                "with only " << len << " bytes. Buffer: " <<  content \
+                << std::endl;
+            *err = strdup(e.str().c_str());
             return -1;
         }
 
@@ -342,7 +373,12 @@ int ModSecurity::processContentOffset(const char *content, size_t len,
         yajl_gen_map_close(g);
 
         if (stoi(startingAt) >= varValue.size()) {
-            *err = "Offset is out of the variable limits.";
+            std::stringstream e;
+            e << "Offset for the operator is out of the variable limit. " \
+                "Trying to read " << startingAt.c_str() << " from a buffer with " \
+                "only " << std::to_string(varValue.size()) << " bytes. Buffer: " \
+                "" << varValue << std::endl;
+                *err = strdup(e.str().c_str());
             return -1;
         }
         yajl_gen_string(g,
@@ -373,7 +409,7 @@ int ModSecurity::processContentOffset(const char *content, size_t len,
 
     yajl_gen_free(g);
 #else
-    *err = "Without YAJL support, we cannot generate JSON.";
+    *err = strdup("Without YAJL support, we cannot generate JSON.");
     return -1;
 #endif
     return 0;