github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added matching rules to audit log data. See #93.

Browse Source
This commit is contained in:
brectanus 2007-11-30 00:52:21 +00:00
parent 85053718d9
commit dcdce0cbc5
7 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -2,6 +2,8 @@
29 Nov 2007 - 2.5.0-dev3 29 Nov 2007 - 2.5.0-dev3
------------------------ ------------------------
* Added matching rules to audit log data.
* Implemented SecRequestBodyNoFilesLimit. * Implemented SecRequestBodyNoFilesLimit.
* Enhance handling of the case where we run out of disk space while * Enhance handling of the case where we run out of disk space while

2
apache2/apache2_config.c
View File

@ -659,7 +659,7 @@ static const char *add_rule(cmd_parms *cmd, directory_config *dcfg, const char *
/* -- Configuration directives -- */ /* -- Configuration directives -- */
static const char *cmd_action(cmd_parms *cmd, void *_dcfg, const char *p1) { static const char *cmd_action(cmd_parms *cmd, void *_dcfg, const char *p1) {
return add_rule(cmd, (directory_config *)_dcfg, "REQUEST_URI", "@unconditionalMatch", p1); return add_rule(cmd, (directory_config *)_dcfg, SECACTION_TARGETS, SECACTION_ARGS, p1);
} }
static const char *cmd_argument_separator(cmd_parms *cmd, void *_dcfg, const char *p1) { static const char *cmd_argument_separator(cmd_parms *cmd, void *_dcfg, const char *p1) {

3
apache2/modsecurity.c
View File

@ -304,6 +304,9 @@ apr_status_t modsecurity_tx_init(modsec_rec *msr) {
msr->tcache = apr_hash_make(msr->mp); msr->tcache = apr_hash_make(msr->mp);
if (msr->tcache == NULL) return -1; if (msr->tcache == NULL) return -1;
msr->matched_rules = apr_array_make(msr->mp, 16, sizeof(void *));
if (msr->matched_rules == NULL) return -1;
msr->matched_var = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string)); msr->matched_var = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
if (msr->matched_var == NULL) return -1; if (msr->matched_var == NULL) return -1;

4
apache2/modsecurity.h
View File

@ -114,6 +114,9 @@ extern DSOLOCAL modsec_build_type_rec modsec_build_type[];
#define RESPONSE_BODY_LIMIT_ACTION_REJECT 0 #define RESPONSE_BODY_LIMIT_ACTION_REJECT 0
#define RESPONSE_BODY_LIMIT_ACTION_PARTIAL 1 #define RESPONSE_BODY_LIMIT_ACTION_PARTIAL 1
#define SECACTION_TARGETS "REQUEST_URI"
#define SECACTION_ARGS "@unconditionalMatch"
#if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE) #if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
#include "unixd.h" #include "unixd.h"
#define __SET_MUTEX_PERMS #define __SET_MUTEX_PERMS
@ -333,6 +336,7 @@ struct modsec_rec {
apr_time_t time_checkpoint_2; apr_time_t time_checkpoint_2;
apr_time_t time_checkpoint_3; apr_time_t time_checkpoint_3;
apr_array_header_t *matched_rules;
msc_string *matched_var; msc_string *matched_var;
int highest_severity; int highest_severity;

9
apache2/msc_logging.c
View File

@ -8,6 +8,7 @@
* write to Breach Security, Inc. at support@breach.com. * write to Breach Security, Inc. at support@breach.com.
* *
*/ */
#include "re.h"
#include "msc_logging.h" #include "msc_logging.h"
#include "httpd.h" #include "httpd.h"
#include "apr_strings.h" #include "apr_strings.h"
@ -362,6 +363,7 @@ void sec_audit_logger(modsec_rec *msr) {
const apr_array_header_t *arr = NULL; const apr_array_header_t *arr = NULL;
apr_table_entry_t *te = NULL; apr_table_entry_t *te = NULL;
char *str1 = NULL, *str2 = NULL, *text = NULL; char *str1 = NULL, *str2 = NULL, *text = NULL;
const msre_rule *rule = NULL;
apr_size_t nbytes, nbytes_written; apr_size_t nbytes, nbytes_written;
unsigned char md5hash[APR_MD5_DIGESTSIZE]; unsigned char md5hash[APR_MD5_DIGESTSIZE];
int was_limited = 0; int was_limited = 0;
@ -732,6 +734,13 @@ void sec_audit_logger(modsec_rec *msr) {
sec_auditlog_write(msr, text, strlen(text)); sec_auditlog_write(msr, text, strlen(text));
} }
/* Matched Rules */
for(i = 0; i < msr->matched_rules->nelts; i++) {
rule = ((msre_rule **)msr->matched_rules->elts)[i];
text = apr_psprintf(msr->mp, "MatchedRule: %s\n", rule->unparsed);
sec_auditlog_write(msr, text, strlen(text));
}
/* Apache error messages */ /* Apache error messages */
for(i = 0; i < msr->error_messages->nelts; i++) { for(i = 0; i < msr->error_messages->nelts; i++) {
error_message *em = (((error_message**)msr->error_messages->elts)[i]); error_message *em = (((error_message**)msr->error_messages->elts)[i]);

4
apache2/re.c
View File

@ -1214,6 +1214,7 @@ msre_rule *msre_rule_create(msre_ruleset *ruleset,
rule->ruleset = ruleset; rule->ruleset = ruleset;
rule->targets = apr_array_make(ruleset->mp, 10, sizeof(const msre_var *)); rule->targets = apr_array_make(ruleset->mp, 10, sizeof(const msre_var *));
rule->p1 = apr_pstrdup(ruleset->mp, targets); rule->p1 = apr_pstrdup(ruleset->mp, targets);
rule->unparsed = apr_pstrcat(ruleset->mp, ((strcmp(SECACTION_TARGETS, targets) || strcmp(SECACTION_TARGETS, args)) ? "SecRule" : "SecAction"), " ", targets, " ", args, " ", actions, NULL);
rule->filename = apr_pstrdup(ruleset->mp, fn); rule->filename = apr_pstrdup(ruleset->mp, fn);
rule->line_num = line; rule->line_num = line;
@ -1424,6 +1425,9 @@ static int execute_operator(msre_var *var, msre_rule *rule, modsec_rec *msr,
log_escape(msr->mp, full_varname)); log_escape(msr->mp, full_varname));
} }
/* Save the rules that match */
*(const msre_rule **)apr_array_push(msr->matched_rules) = rule;
/* Save the last matched var data */ /* Save the last matched var data */
msr->matched_var->name = apr_pstrdup(msr->mp, var->name); msr->matched_var->name = apr_pstrdup(msr->mp, var->name);
msr->matched_var->name_len = strlen(msr->matched_var->name); msr->matched_var->name_len = strlen(msr->matched_var->name);

1
apache2/re.h
View File

@ -121,6 +121,7 @@ struct msre_rule {
unsigned int op_negated; unsigned int op_negated;
msre_actionset *actionset; msre_actionset *actionset;
const char *p1; const char *p1;
const char *unparsed;
const char *filename; const char *filename;
int line_num; int line_num;
int placeholder; int placeholder;