Expands log_cb to share ruleMessage structure instead text

Text version still available and it is the default options
2025-09-30 03:34:29 +03:00 · 2017-02-26 01:34:52 -03:00
parent 9ea5b475b2
commit e2af60e765
70 changed files with 634 additions and 181 deletions
--- a/src/actions/audit_log.cc
+++ b/src/actions/audit_log.cc
@@ -17,6 +17,7 @@

 #include <iostream>
 #include <string>
+#include <memory>

 #include "modsecurity/transaction.h"
 #include "modsecurity/rule_message.h"
@@ -26,7 +27,7 @@ namespace actions {


 bool AuditLog::evaluate(Rule *rule, Transaction *transaction,
-    RuleMessage *rm) {
+    std::shared_ptr<RuleMessage> rm) {
    rm->m_noAuditLog = false;
    return true;
 }
--- a/src/actions/audit_log.h
+++ b/src/actions/audit_log.h
@@ -14,6 +14,7 @@
 */

 #include <string>
+#include <memory>

 #include "modsecurity/actions/action.h"

@@ -35,7 +36,7 @@ class AuditLog : public Action {
        : Action(action, RunTimeOnlyIfMatchKind) { }

    bool evaluate(Rule *rule, Transaction *transaction,
-        RuleMessage *rm) override;
+        std::shared_ptr<RuleMessage> rm) override;
 };


--- a/src/actions/data/status.cc
+++ b/src/actions/data/status.cc
@@ -17,6 +17,7 @@

 #include <iostream>
 #include <string>
+#include <memory>

 #include "modsecurity/transaction.h"

@@ -37,7 +38,8 @@ bool Status::init(std::string *error) {
 }


-bool Status::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
+bool Status::evaluate(Rule *rule, Transaction *transaction,
+    std::shared_ptr<RuleMessage> rm) {
    transaction->m_it.status = m_status;
    return true;
 }
--- a/src/actions/data/status.h
+++ b/src/actions/data/status.h
@@ -14,6 +14,7 @@
 */

 #include <string>
+#include <memory>

 #include "modsecurity/actions/action.h"
 #include "modsecurity/rule_message.h"
@@ -36,8 +37,8 @@ class Status : public Action {
    m_status(0) { }

    bool init(std::string *error) override;
-    bool evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm)
-        override;
+    bool evaluate(Rule *rule, Transaction *transaction,
+        std::shared_ptr<RuleMessage> rm) override;

    int m_status;
 };
--- a/src/actions/disruptive/block.cc
+++ b/src/actions/disruptive/block.cc
@@ -17,6 +17,7 @@

 #include <iostream>
 #include <string>
+#include <memory>

 #include "modsecurity/transaction.h"
 #include "modsecurity/rule.h"
@@ -29,7 +30,8 @@ namespace actions {
 namespace disruptive {


-bool Block::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
+bool Block::evaluate(Rule *rule, Transaction *transaction,
+    std::shared_ptr<RuleMessage> rm) {
    transaction->debug(8, "Marking request as disruptive.");

    for (Action *a : transaction->m_rules->m_defaultActions[rule->m_phase]) {
--- a/src/actions/disruptive/block.h
+++ b/src/actions/disruptive/block.h
@@ -14,6 +14,7 @@
 */

 #include <string>
+#include <memory>

 #include "modsecurity/actions/action.h"
 #include "modsecurity/rule_message.h"
@@ -36,7 +37,7 @@ class Block : public Action {
    explicit Block(std::string action) : Action(action) { }

    bool evaluate(Rule *rule, Transaction *transaction,
-        RuleMessage *rm) override;
+        std::shared_ptr<RuleMessage> rm) override;
    bool isDisruptive() override { return true; }
 };

--- a/src/actions/disruptive/deny.cc
+++ b/src/actions/disruptive/deny.cc
@@ -19,6 +19,7 @@
 #include <iostream>
 #include <string>
 #include <cstring>
+#include <memory>

 #include "modsecurity/transaction.h"

@@ -27,7 +28,8 @@ namespace actions {
 namespace disruptive {


-bool Deny::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
+bool Deny::evaluate(Rule *rule, Transaction *transaction,
+    std::shared_ptr<RuleMessage> rm) {
 #ifndef NO_LOGS
    transaction->debug(8, "Running action deny");
 #endif
@@ -41,11 +43,13 @@ bool Deny::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
    log.append(" (phase ");
    log.append(std::to_string(rm->m_rule->m_phase - 1) + "). ");

+    rm->m_disruptiveMessage.assign(log);
    transaction->m_it.disruptive = true;
    intervention::freeLog(&transaction->m_it);
    transaction->m_it.log = strdup(
-        rm->disruptiveErrorLog(transaction, log).c_str());
+        rm->disruptiveErrorLog().c_str());

+    rm->m_isDisruptive = true;
    return true;
 }

--- a/src/actions/disruptive/deny.h
+++ b/src/actions/disruptive/deny.h
@@ -14,6 +14,7 @@
 */

 #include <string>
+#include <memory>

 #include "modsecurity/actions/action.h"
 #include "modsecurity/transaction.h"
@@ -32,7 +33,7 @@ class Deny : public Action {
    explicit Deny(std::string action) : Action(action) { }

    bool evaluate(Rule *rule, Transaction *transaction,
-        RuleMessage *rm) override;
+        std::shared_ptr<RuleMessage> rm) override;
    bool isDisruptive() override { return true; }
 };

--- a/src/actions/disruptive/pass.cc
+++ b/src/actions/disruptive/pass.cc
@@ -17,6 +17,7 @@

 #include <iostream>
 #include <string>
+#include <memory>

 #include "modsecurity/transaction.h"
 #include "modsecurity/rule.h"
@@ -27,7 +28,8 @@ namespace actions {
 namespace disruptive {


-bool Pass::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
+bool Pass::evaluate(Rule *rule, Transaction *transaction,
+    std::shared_ptr<RuleMessage> rm) {
    intervention::free(&transaction->m_it);
    intervention::reset(&transaction->m_it);

--- a/src/actions/disruptive/pass.h
+++ b/src/actions/disruptive/pass.h
@@ -14,6 +14,7 @@
 */

 #include <string>
+#include <memory>

 #include "modsecurity/actions/action.h"
 #include "modsecurity/transaction.h"
@@ -30,8 +31,8 @@ class Pass : public Action {
 public:
    explicit Pass(std::string action) : Action(action) { }

-    bool evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm)
-        override;
+    bool evaluate(Rule *rule, Transaction *transaction,
+        std::shared_ptr<RuleMessage> rm) override;
    bool isDisruptive() override { return true; }
 };

--- a/src/actions/disruptive/redirect.cc
+++ b/src/actions/disruptive/redirect.cc
@@ -18,7 +18,7 @@
 #include <string.h>
 #include <iostream>
 #include <string>
-
+#include <memory>

 #include "modsecurity/transaction.h"
 #include "src/macro_expansion.h"
@@ -36,7 +36,7 @@ bool Redirect::init(std::string *error) {


 bool Redirect::evaluate(Rule *rule, Transaction *transaction,
-    RuleMessage *rm) {
+   std::shared_ptr<RuleMessage> rm) {
    m_urlExpanded = MacroExpansion::expand(m_url, transaction);
    std::string log;

@@ -48,13 +48,15 @@ bool Redirect::evaluate(Rule *rule, Transaction *transaction,
    log.append(" (phase ");
    log.append(std::to_string(rm->m_rule->m_phase - 1) + "). ");

+    rm->m_disruptiveMessage.assign(log);
    intervention::freeUrl(&transaction->m_it);
    transaction->m_it.url = strdup(m_urlExpanded.c_str());
    transaction->m_it.disruptive = true;
    intervention::freeLog(&transaction->m_it);
    transaction->m_it.log = strdup(
-        rm->disruptiveErrorLog(transaction, log).c_str());
+        rm->disruptiveErrorLog().c_str());

+    rm->m_isDisruptive = true;
    return true;
 }

--- a/src/actions/disruptive/redirect.h
+++ b/src/actions/disruptive/redirect.h
@@ -14,6 +14,7 @@
 */

 #include <string>
+#include <memory>

 #include "modsecurity/actions/action.h"
 #include "modsecurity/rule_message.h"
@@ -39,8 +40,8 @@ class Redirect : public Action {
        m_urlExpanded(""),
        m_url("") { }

-    bool evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm)
-        override;
+    bool evaluate(Rule *rule, Transaction *transaction,
+        std::shared_ptr<RuleMessage> rm) override;
    bool init(std::string *error) override;
    bool isDisruptive() override { return true; }

--- a/src/actions/log.cc
+++ b/src/actions/log.cc
@@ -17,6 +17,7 @@

 #include <iostream>
 #include <string>
+#include <memory>

 #include "modsecurity/actions/action.h"
 #include "modsecurity/transaction.h"
@@ -27,7 +28,8 @@ namespace modsecurity {
 namespace actions {


-bool Log::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
+bool Log::evaluate(Rule *rule, Transaction *transaction,
+    std::shared_ptr<RuleMessage> rm) {
    transaction->debug(9, "Saving transaction to logs");
    rm->m_saveMessage = true;
    return true;
--- a/src/actions/log.h
+++ b/src/actions/log.h
@@ -14,6 +14,7 @@
 */

 #include <string>
+#include <memory>

 #include "modsecurity/actions/action.h"

@@ -32,8 +33,8 @@ class Log : public Action {
    explicit Log(std::string action)
        : Action(action, RunTimeOnlyIfMatchKind) { }

-    bool evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm)
-        override;
+    bool evaluate(Rule *rule, Transaction *transaction,
+        std::shared_ptr<RuleMessage> rm) override;
 };

 }  // namespace actions
--- a/src/actions/log_data.cc
+++ b/src/actions/log_data.cc
@@ -17,6 +17,7 @@

 #include <iostream>
 #include <string>
+#include <memory>

 #include "modsecurity/actions/action.h"
 #include "modsecurity/transaction.h"
@@ -29,7 +30,8 @@ namespace modsecurity {
 namespace actions {


-bool LogData::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
+bool LogData::evaluate(Rule *rule, Transaction *transaction,
+    std::shared_ptr<RuleMessage> rm) {
    rm->m_data = data(transaction);

    transaction->m_collections.storeOrUpdateFirst("RULE:logdata", rm->m_data);
--- a/src/actions/log_data.h
+++ b/src/actions/log_data.h
@@ -14,6 +14,7 @@
 */

 #include <string>
+#include <memory>

 #include "modsecurity/actions/action.h"

@@ -33,7 +34,7 @@ class LogData : public Action {
        : Action(action, RunTimeOnlyIfMatchKind) { }

    bool evaluate(Rule *rule, Transaction *transaction,
-        RuleMessage *rm) override;
+       std::shared_ptr<RuleMessage> rm) override;

    std::string data(Transaction *Transaction);
 };
--- a/src/actions/msg.cc
+++ b/src/actions/msg.cc
@@ -17,6 +17,7 @@

 #include <iostream>
 #include <string>
+#include <memory>

 #include "modsecurity/actions/action.h"
 #include "modsecurity/transaction.h"
@@ -46,14 +47,14 @@ namespace modsecurity {
 namespace actions {


-bool Msg::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
+bool Msg::evaluate(Rule *rule, Transaction *transaction,
+    std::shared_ptr<RuleMessage> rm) {
    std::string msg = data(transaction);
    rm->m_message = msg;
    transaction->debug(9, "Saving msg: " + msg);

    transaction->m_collections.storeOrUpdateFirst("RULE:msg", msg);

-    rm->m_server_logs.push_back(rm->errorLog(transaction));
    return true;
 }

--- a/src/actions/msg.h
+++ b/src/actions/msg.h
@@ -14,6 +14,7 @@
 */

 #include <string>
+#include <memory>

 #include "modsecurity/actions/action.h"
 #include "modsecurity/rule_message.h"
@@ -33,8 +34,8 @@ class Msg : public Action {
    explicit Msg(std::string action)
        : Action(action, RunTimeOnlyIfMatchKind) { }

-    bool evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm)
-        override;
+    bool evaluate(Rule *rule, Transaction *transaction,
+        std::shared_ptr<RuleMessage> rm) override;

    std::string data(Transaction *Transaction);
 };
--- a/src/actions/no_audit_log.cc
+++ b/src/actions/no_audit_log.cc
@@ -27,7 +27,7 @@ namespace actions {


 bool NoAuditLog::evaluate(Rule *rule, Transaction *transaction,
-    RuleMessage *rm) {
+    std::shared_ptr<RuleMessage> rm) {
    rm->m_noAuditLog = true;
    return true;
 }
--- a/src/actions/no_audit_log.h
+++ b/src/actions/no_audit_log.h
@@ -14,6 +14,7 @@
 */

 #include <string>
+#include <memory>

 #include "modsecurity/actions/action.h"

@@ -35,7 +36,7 @@ class NoAuditLog : public Action {
        : Action(action, RunTimeOnlyIfMatchKind) { }

    bool evaluate(Rule *rule, Transaction *transaction,
-        RuleMessage *rm) override;
+        std::shared_ptr<RuleMessage> rm) override;
 };

 }  // namespace actions
--- a/src/actions/no_log.cc
+++ b/src/actions/no_log.cc
@@ -17,6 +17,7 @@

 #include <iostream>
 #include <string>
+#include <memory>

 #include "modsecurity/actions/action.h"
 #include "modsecurity/transaction.h"
@@ -28,7 +29,8 @@ namespace modsecurity {
 namespace actions {


-bool NoLog::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
+bool NoLog::evaluate(Rule *rule, Transaction *transaction,
+    std::shared_ptr<RuleMessage> rm) {
    rm->m_saveMessage = false;
    return true;
 }
--- a/src/actions/no_log.h
+++ b/src/actions/no_log.h
@@ -14,6 +14,7 @@
 */

 #include <string>
+#include <memory>

 #include "modsecurity/actions/action.h"

@@ -32,8 +33,8 @@ class NoLog : public Action {
    explicit NoLog(std::string action)
        : Action(action, RunTimeOnlyIfMatchKind) { }

-    bool evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm)
-        override;
+    bool evaluate(Rule *rule, Transaction *transaction,
+        std::shared_ptr<RuleMessage> rm) override;
 };

 }  // namespace actions
--- a/src/actions/severity.cc
+++ b/src/actions/severity.cc
@@ -17,6 +17,7 @@

 #include <iostream>
 #include <string>
+#include <memory>

 #include "modsecurity/actions/action.h"
 #include "modsecurity/transaction.h"
@@ -70,7 +71,7 @@ bool Severity::init(std::string *error) {


 bool Severity::evaluate(Rule *rule, Transaction *transaction,
-    RuleMessage *rm) {
+    std::shared_ptr<RuleMessage> rm) {
 #ifndef NO_LOGS
    transaction->debug(9, "This rule severity is: " + \
        std::to_string(this->m_severity) + " current transaction is: " + \
--- a/src/actions/severity.h
+++ b/src/actions/severity.h
@@ -14,6 +14,7 @@
 */

 #include <string>
+#include <memory>

 #include "modsecurity/actions/action.h"

@@ -35,7 +36,7 @@ class Severity : public Action {
        m_severity(0) { }

    bool evaluate(Rule *rule, Transaction *transaction,
-        RuleMessage *rm) override;
+        std::shared_ptr<RuleMessage> rm) override;
    bool init(std::string *error) override;

    int m_severity;
--- a/src/actions/tag.cc
+++ b/src/actions/tag.cc
@@ -17,6 +17,7 @@

 #include <iostream>
 #include <string>
+#include <memory>

 #include "modsecurity/actions/action.h"
 #include "modsecurity/transaction.h"
@@ -56,7 +57,8 @@ std::string Tag::getName(Transaction *transaction) {
 }


-bool Tag::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) {
+bool Tag::evaluate(Rule *rule, Transaction *transaction,
+    std::shared_ptr<RuleMessage> rm) {
    std::string tag = getName(transaction);

 #ifndef NO_LOGS
--- a/src/actions/tag.h
+++ b/src/actions/tag.h
@@ -14,6 +14,7 @@
 */

 #include <string>
+#include <memory>

 #include "modsecurity/actions/action.h"

@@ -35,7 +36,7 @@ class Tag : public Action {
    std::string getName(Transaction *transaction);

    bool evaluate(Rule *rule, Transaction *transaction,
-        RuleMessage *rm) override;
+        std::shared_ptr<RuleMessage> rm) override;
 };


--- a/src/actions/transformations/transformation.h
+++ b/src/actions/transformations/transformation.h
@@ -39,7 +39,6 @@ class Transformation : public Action {
        Transaction *transaction) override;

    static Transformation* instantiate(std::string a);
-
 };

 }  // namespace transformations
--- a/src/modsecurity.cc
+++ b/src/modsecurity.cc
@@ -18,6 +18,7 @@

 #include "modsecurity/modsecurity.h"
 #include "modsecurity/rule.h"
+#include "modsecurity/rule_message.h"
 #include "src/collection/backend/in_memory-per_process.h"
 #include "src/collection/backend/lmdb.h"
 #include "src/config.h"
@@ -166,12 +167,33 @@ const std::string& ModSecurity::getConnectorInformation() {
    return m_connector;
 }

-
-void ModSecurity::serverLog(void *data, const std::string& msg) {
+void ModSecurity::serverLog(void *data, std::shared_ptr<RuleMessage> rm) {
    if (m_logCb == NULL) {
-        std::cout << "Server log callback is not set -- " << msg << std::endl;
-    } else {
-        m_logCb(data, msg.c_str());
+        std::cerr << "Server log callback is not set -- " << rm->errorLog();
+        std::cerr << std::endl;
+        return;
+    }
+
+    if (rm == NULL) {
+        return;
+    }
+
+    if (m_logProperties & TextLogProperty) {
+        char *d = strdup(rm->log().c_str());
+        const void *a = static_cast<const void *>(d);
+        m_logCb(data, a);
+        free(d);
+        return;
+    }
+
+    if (m_logProperties & RuleMessageLogProperty) {
+        const void *a = static_cast<const void *>(rm.get());
+        if (m_logProperties & IncludeFullHighlightLogProperty) {
+            m_logCb(data, a);
+            return;
+        }
+        m_logCb(data, a);
+        return;
    }
 }

@@ -355,8 +377,14 @@ int ModSecurity::processContentOffset(const char *content, size_t len,
 }


-void ModSecurity::setServerLogCb(LogCb cb) {
-    m_logCb = (LogCb) cb;
+void ModSecurity::setServerLogCb(ModSecLogCb cb) {
+    setServerLogCb(cb, TextLogProperty);
+}
+
+
+void ModSecurity::setServerLogCb(ModSecLogCb cb, int properties) {
+    m_logCb = (ModSecLogCb) cb;
+    m_logProperties = properties;
 }

 /**
@@ -367,11 +395,11 @@ void ModSecurity::setServerLogCb(LogCb cb) {
 * connector should be called when logging is required.
 *
 * @oarm msc The current ModSecurity instance
- * @param LogCB The callback function to which a reference to the log msgs 
+ * @param ModSecLogCb The callback function to which a reference to the log msgs 
 * will be passed.
 *
 */
-extern "C" void msc_set_log_cb(ModSecurity *msc, LogCb cb) {
+extern "C" void msc_set_log_cb(ModSecurity *msc, ModSecLogCb cb) {
    msc->setServerLogCb(cb);
 }

--- a/src/operators/begins_with.cc
+++ b/src/operators/begins_with.cc
@@ -25,7 +25,7 @@ namespace operators {


 bool BeginsWith::evaluate(Transaction *transaction, Rule *rule,
-    const std::string &str, RuleMessage *ruleMessage) {
+    const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
    bool ret = false;

    std::string p = MacroExpansion::expand(m_param, transaction);
--- a/src/operators/begins_with.h
+++ b/src/operators/begins_with.h
@@ -17,6 +17,7 @@
 #define SRC_OPERATORS_BEGINS_WITH_H_

 #include <string>
+#include <memory>

 #include "src/operators/operator.h"

@@ -33,7 +34,7 @@ class BeginsWith : public Operator {
        : Operator("BeginsWith", param) { }

    bool evaluate(Transaction *transaction, Rule *rule, const std::string &str,
-        RuleMessage *ruleMessage) override;
+        std::shared_ptr<RuleMessage> ruleMessage) override;
 };

 }  // namespace operators
--- a/src/operators/contains.cc
+++ b/src/operators/contains.cc
@@ -23,7 +23,7 @@ namespace modsecurity {
 namespace operators {

 bool Contains::evaluate(Transaction *transaction, Rule *rule,
-        const std::string &input, RuleMessage *ruleMessage) {
+        const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
    std::string p = MacroExpansion::expand(m_param, transaction);
    size_t offset = input.find(p);

--- a/src/operators/contains.h
+++ b/src/operators/contains.h
@@ -18,6 +18,7 @@

 #include <string>
 #include <list>
+#include <memory>

 #include "modsecurity/transaction.h"
 #include "modsecurity/rule_message.h"
@@ -35,7 +36,8 @@ class Contains : public Operator {
    explicit Contains(std::string param)
        : Operator("Contains", param) { }
    bool evaluate(Transaction *transaction, Rule *rule,
-        const std::string &str, RuleMessage *ruleMessage) override;
+        const std::string &str,
+        std::shared_ptr<RuleMessage> ruleMessage) override;
 };

 }  // namespace operators
--- a/src/operators/contains_word.cc
+++ b/src/operators/contains_word.cc
@@ -38,7 +38,7 @@ bool ContainsWord::acceptableChar(const std::string& a, size_t pos) {
 }

 bool ContainsWord::evaluate(Transaction *transaction, Rule *rule,
-    const std::string &input, RuleMessage *ruleMessage) {
+    const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
    std::string paramTarget = MacroExpansion::expand(m_param, transaction);

    if (paramTarget.empty()) {
--- a/src/operators/contains_word.h
+++ b/src/operators/contains_word.h
@@ -17,6 +17,7 @@
 #define SRC_OPERATORS_CONTAINS_WORD_H_

 #include <string>
+#include <memory>

 #include "src/operators/operator.h"
 #include "modsecurity/rule_message.h"
@@ -32,7 +33,8 @@ class ContainsWord : public Operator {
    explicit ContainsWord(std::string param)
        : Operator("ContainsWord", param) { }
    bool evaluate(Transaction *transaction, Rule *rule,
-        const std::string &str, RuleMessage *ruleMessage) override;
+        const std::string &str,
+        std::shared_ptr<RuleMessage> ruleMessage) override;

    bool acceptableChar(const std::string& a, size_t pos);
 };
--- a/src/operators/ends_with.cc
+++ b/src/operators/ends_with.cc
@@ -25,7 +25,7 @@ namespace operators {


 bool EndsWith::evaluate(Transaction *transaction, Rule *rule,
-    const std::string &input, RuleMessage *ruleMessage) {
+    const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
    bool ret = false;
    std::string p = MacroExpansion::expand(m_param, transaction);

--- a/src/operators/ends_with.h
+++ b/src/operators/ends_with.h
@@ -17,6 +17,7 @@
 #define SRC_OPERATORS_ENDS_WITH_H_

 #include <string>
+#include <memory>

 #include "src/operators/operator.h"

@@ -32,7 +33,8 @@ class EndsWith : public Operator {
    explicit EndsWith(std::string param)
        : Operator("EndsWith", param) { }
    bool evaluate(Transaction *transaction, Rule *rule,
-        const std::string &str, RuleMessage *ruleMessage) override;
+        const std::string &str,
+        std::shared_ptr<RuleMessage> ruleMessage) override;
 };


--- a/src/operators/operator.cc
+++ b/src/operators/operator.cc
@@ -16,7 +16,7 @@
 #include "src/operators/operator.h"

 #include <cstring>
-
+#include <memory>
 #include <string>

 #include "modsecurity/transaction.h"
@@ -76,7 +76,7 @@ bool Operator::debug(Transaction *transaction, int x, std::string a) {
 }

 bool Operator::evaluateInternal(Transaction *transaction,
-    Rule *rule, const std::string& a, RuleMessage *rm) {
+    Rule *rule, const std::string& a, std::shared_ptr<RuleMessage> rm) {
    bool res = evaluate(transaction, rule, a, rm);

    if (m_negation) {
--- a/src/operators/operator.h
+++ b/src/operators/operator.h
@@ -14,6 +14,7 @@
 */

 #include <string>
+#include <memory>

 #ifndef SRC_OPERATORS_OPERATOR_H__
 #define SRC_OPERATORS_OPERATOR_H__
@@ -63,7 +64,7 @@ class Operator {
    bool evaluateInternal(Transaction *t, Rule *rule,
        const std::string& a);
    bool evaluateInternal(Transaction *t, Rule *rule,
-        const std::string& a, RuleMessage *ruleMessage);
+        const std::string& a, std::shared_ptr<RuleMessage> ruleMessage);


    virtual bool evaluate(Transaction *transaction, const std::string &str);
@@ -72,11 +73,12 @@ class Operator {
        return evaluate(transaction, str);
    }
    virtual bool evaluate(Transaction *transaction, Rule *rule,
-        const std::string &str, RuleMessage *ruleMessage) {
+        const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
        return evaluate(transaction, str);
    }

-    static void logOffset(RuleMessage *ruleMessage, int offset, int len) {
+    static void logOffset(std::shared_ptr<RuleMessage> ruleMessage,
+        int offset, int len) {
        if (ruleMessage) {
            ruleMessage->m_reference.append("o"
                + std::to_string(offset) + ","
--- a/src/operators/pm.cc
+++ b/src/operators/pm.cc
@@ -23,6 +23,7 @@
 #include <sstream>
 #include <vector>
 #include <list>
+#include <memory>

 #include "src/operators/operator.h"
 #include "src/utils/acmp.h"
@@ -79,7 +80,7 @@ void Pm::postOrderTraversal(acmp_btree_node_t *node) {


 bool Pm::evaluate(Transaction *transaction, Rule *rule,
-    const std::string &input, RuleMessage *ruleMessage) {
+    const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
    int rc = 0;
    ACMPT pt;
    pt.parser = m_p;
--- a/src/operators/pm.h
+++ b/src/operators/pm.h
@@ -18,6 +18,7 @@

 #include <string>
 #include <list>
+#include <memory>

 #include "src/operators/operator.h"
 #include "src/utils/acmp.h"
@@ -44,7 +45,8 @@ class Pm : public Operator {
    }
    ~Pm();
    bool evaluate(Transaction *transaction, Rule *rule,
-        const std::string &str, RuleMessage *ruleMessage) override;
+        const std::string &str,
+        std::shared_ptr<RuleMessage> ruleMessage) override;


    bool init(const std::string &file, std::string *error) override;
--- a/src/operators/rx.cc
+++ b/src/operators/rx.cc
@@ -17,6 +17,7 @@

 #include <string>
 #include <list>
+#include <memory>

 #include "src/operators/operator.h"
 #include "src/macro_expansion.h"
@@ -29,7 +30,7 @@ namespace operators {


 bool Rx::evaluate(Transaction *transaction, Rule *rule,
-    const std::string& input, RuleMessage *ruleMessage) {
+    const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
    SMatch match;
    std::list<SMatch> matches;

--- a/src/operators/rx.h
+++ b/src/operators/rx.h
@@ -18,6 +18,7 @@

 #include <string>
 #include <list>
+#include <memory>

 #include "src/operators/operator.h"
 #include "src/utils/regex.h"
@@ -59,7 +60,8 @@ class Rx : public Operator {
        return evaluate(transaction, NULL, input);
    }
    bool evaluate(Transaction *transaction, Rule *rule,
-        const std::string& input, RuleMessage *ruleMessage) override;
+        const std::string& input,
+        std::shared_ptr<RuleMessage> ruleMessage) override;

 private:
    Regex *m_re;
--- a/src/operators/validate_byte_range.cc
+++ b/src/operators/validate_byte_range.cc
@@ -16,6 +16,7 @@
 #include "src/operators/validate_byte_range.h"

 #include <string>
+#include <memory>

 #include "src/operators/operator.h"

@@ -110,7 +111,7 @@ bool ValidateByteRange::init(const std::string &file,


 bool ValidateByteRange::evaluate(Transaction *transaction, Rule *rule,
-    const std::string &input, RuleMessage *ruleMessage) {
+    const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
    bool ret = true;

    size_t count = 0;
--- a/src/operators/validate_byte_range.h
+++ b/src/operators/validate_byte_range.h
@@ -19,6 +19,7 @@
 #include <string>
 #include <vector>
 #include <cstring>
+#include <memory>

 #include "src/operators/operator.h"

@@ -40,7 +41,8 @@ class ValidateByteRange : public Operator {
    ~ValidateByteRange() override { }

    bool evaluate(Transaction *transaction, Rule *rule,
-        const std::string &input, RuleMessage *ruleMessage) override;
+        const std::string &input,
+        std::shared_ptr<RuleMessage> ruleMessage) override;
    bool getRange(const std::string &rangeRepresentation, std::string *error);
    bool init(const std::string& file, std::string *error) override;
 private:
--- a/src/operators/validate_url_encoding.cc
+++ b/src/operators/validate_url_encoding.cc
@@ -69,7 +69,7 @@ int ValidateUrlEncoding::validate_url_encoding(const char *input,


 bool ValidateUrlEncoding::evaluate(Transaction *transaction, Rule *rule,
-    const std::string &input, RuleMessage *ruleMessage) {
+    const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
    size_t offset = 0;
    bool res = false;

--- a/src/operators/validate_url_encoding.h
+++ b/src/operators/validate_url_encoding.h
@@ -17,6 +17,7 @@
 #define SRC_OPERATORS_VALIDATE_URL_ENCODING_H_

 #include <string>
+#include <memory>

 #include "src/operators/operator.h"

@@ -33,7 +34,8 @@ class ValidateUrlEncoding : public Operator {
        : Operator("ValidateUrlEncoding") { }

    bool evaluate(Transaction *transaction, Rule *rule,
-        const std::string &input, RuleMessage *ruleMessage) override;
+        const std::string &input,
+        std::shared_ptr<RuleMessage> ruleMessage) override;
    int validate_url_encoding(const char *input, uint64_t input_length,
        size_t *offset);
 };
--- a/src/operators/validate_utf8_encoding.cc
+++ b/src/operators/validate_utf8_encoding.cc
@@ -114,7 +114,7 @@ int ValidateUtf8Encoding::detect_utf8_character(
 }

 bool ValidateUtf8Encoding::evaluate(Transaction *transaction, Rule *rule,
-    const std::string &str, RuleMessage *ruleMessage) {
+    const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
    unsigned int i, bytes_left;

    const char *str_c = str.c_str();
--- a/src/operators/validate_utf8_encoding.h
+++ b/src/operators/validate_utf8_encoding.h
@@ -17,6 +17,7 @@
 #define SRC_OPERATORS_VALIDATE_UTF8_ENCODING_H_

 #include <string>
+#include <memory>

 #include "src/operators/operator.h"

@@ -40,7 +41,8 @@ class ValidateUtf8Encoding : public Operator {
        : Operator("ValidateUtf8Encoding") { }

    bool evaluate(Transaction *transaction, Rule *rule,
-        const std::string &str, RuleMessage *ruleMessage) override;
+        const std::string &str,
+        std::shared_ptr<RuleMessage> ruleMessage) override;

    int detect_utf8_character(const unsigned char *p_read,
        unsigned int length);
--- a/src/operators/within.cc
+++ b/src/operators/within.cc
@@ -25,7 +25,7 @@ namespace operators {


 bool Within::evaluate(Transaction *transaction, Rule *rule,
-    const std::string &str, RuleMessage *ruleMessage) {
+    const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
    bool res = false;
    std::string paramTarget = MacroExpansion::expand(m_param, transaction);
    size_t pos = 0;
--- a/src/operators/within.h
+++ b/src/operators/within.h
@@ -17,6 +17,7 @@
 #define SRC_OPERATORS_WITHIN_H_

 #include <string>
+#include <memory>

 #include "src/operators/operator.h"

@@ -32,7 +33,7 @@ class Within : public Operator {
    explicit Within(std::string param)
        : Operator("Within", param) { }
    bool evaluate(Transaction *transaction, Rule *rule,
-        const std::string &str, RuleMessage *ruleMessage);
+        const std::string &str, std::shared_ptr<RuleMessage> ruleMessage);
 };

 }  // namespace operators
--- a/src/rule.cc
+++ b/src/rule.cc
@@ -242,7 +242,7 @@ std::string Rule::resolveMatchMessage(std::string key, std::string value) {
            utils::string::limitTo(200, this->m_op->m_param) +
            "' against variable `" + key + "' (Value: `" +
            utils::string::limitTo(100, utils::string::toHexIfNeeded(value)) +
-            "' ) \" at " + key;
+            "' )";
    }

    return ret;
@@ -250,7 +250,7 @@ std::string Rule::resolveMatchMessage(std::string key, std::string value) {


 void Rule::executeActionsIndependentOfChainedRuleResult(Transaction *trans,
-    bool *containsDisruptive, RuleMessage *ruleMessage) {
+    bool *containsDisruptive, std::shared_ptr<RuleMessage> ruleMessage) {
    for (Action *a : this->m_actionsRuntimePos) {
        if (a->isDisruptive() == true) {
            if (a->m_name == "pass") {
@@ -272,7 +272,7 @@ void Rule::executeActionsIndependentOfChainedRuleResult(Transaction *trans,


 bool Rule::executeOperatorAt(Transaction *trans, std::string key,
-    std::string value, RuleMessage *ruleMessage) {
+    std::string value, std::shared_ptr<RuleMessage> ruleMessage) {
 #if MSC_EXEC_CLOCK_ENABLED
    clock_t begin = clock();
    clock_t end;
@@ -524,7 +524,7 @@ std::vector<std::unique_ptr<collection::Variable>> Rule::getFinalVars(


 void Rule::executeActionsAfterFullMatch(Transaction *trans,
-    bool containsDisruptive, RuleMessage *ruleMessage) {
+    bool containsDisruptive, std::shared_ptr<RuleMessage> ruleMessage) {

    for (Action *a : trans->m_rules->m_defaultActions[this->m_phase]) {
        if (a->action_kind != actions::Action::RunTimeOnlyIfMatchKind) {
@@ -581,15 +581,20 @@ void Rule::executeActionsAfterFullMatch(Transaction *trans,
 }


-bool Rule::evaluate(Transaction *trans) {
+bool Rule::evaluate(Transaction *trans,
+    std::shared_ptr<RuleMessage> ruleMessage) {
    bool globalRet = false;
    std::vector<Variable *> *variables = this->m_variables;
    bool recursiveGlobalRet;
    bool containsDisruptive = false;
-    RuleMessage ruleMessage(this);
    std::vector<std::unique_ptr<collection::Variable>> finalVars;
    std::string eparam;

+    if (ruleMessage == NULL) {
+        ruleMessage = std::shared_ptr<RuleMessage>(
+            new RuleMessage(this, trans));
+    }
+
    trans->m_matched.clear();

    if (m_secMarker == true) {
@@ -599,7 +604,7 @@ bool Rule::evaluate(Transaction *trans) {
        trans->debug(4, "(Rule: " + std::to_string(m_ruleId) \
            + ") Executing unconditional rule...");
        executeActionsIndependentOfChainedRuleResult(trans,
-            &containsDisruptive, &ruleMessage);
+            &containsDisruptive, ruleMessage);
        goto end_exec;
    }

@@ -646,17 +651,17 @@ bool Rule::evaluate(Transaction *trans) {
            bool ret;
            std::string valueAfterTrans = std::move(*valueTemp.first);

-            ret = executeOperatorAt(trans, key, valueAfterTrans, &ruleMessage);
+            ret = executeOperatorAt(trans, key, valueAfterTrans, ruleMessage);

            if (ret == true) {
-                ruleMessage.m_match = resolveMatchMessage(key, value);
+                ruleMessage->m_match = resolveMatchMessage(key, value);
                for (auto &i : v->m_orign) {
-                    ruleMessage.m_reference.append(i->toText());
+                    ruleMessage->m_reference.append(i->toText());
                }
-                ruleMessage.m_reference.append(*valueTemp.second);
+                ruleMessage->m_reference.append(*valueTemp.second);
                updateMatchedVars(trans, key, value);
                executeActionsIndependentOfChainedRuleResult(trans,
-                    &containsDisruptive, &ruleMessage);
+                    &containsDisruptive, ruleMessage);
                globalRet = true;
            }
        }
@@ -681,7 +686,7 @@ bool Rule::evaluate(Transaction *trans) {
    }

    trans->debug(4, "Executing chained rule.");
-    recursiveGlobalRet = this->m_chainedRule->evaluate(trans);
+    recursiveGlobalRet = this->m_chainedRule->evaluate(trans, ruleMessage);

    if (recursiveGlobalRet == true) {
        goto end_exec;
@@ -691,13 +696,10 @@ end_clean:
    return false;

 end_exec:
-    executeActionsAfterFullMatch(trans, containsDisruptive, &ruleMessage);
-    for (const auto &u : ruleMessage.m_server_logs) {
-        trans->serverLog(u);
-    }
-
-    if (ruleMessage.m_server_logs.size() > 0) {
-        trans->m_rulesMessages.push_back(ruleMessage);
+    executeActionsAfterFullMatch(trans, containsDisruptive, ruleMessage);
+    if (this->m_chained == false) {
+        trans->serverLog(ruleMessage);
+        trans->m_rulesMessages.push_back(*ruleMessage);
    }

    return true;
--- a/src/rule_message.cc
+++ b/src/rule_message.cc
@@ -23,79 +23,90 @@

 namespace modsecurity {

-std::string RuleMessage::disruptiveErrorLog(Transaction *trans,
-    std::string msg2) {
+std::string RuleMessage::disruptiveErrorLog(const RuleMessage *rm) {
    std::string msg;

-    msg.append("[client " + std::string(trans->m_clientIpAddress) + "]");
+    msg.append("[client " + std::string(rm->m_clientIpAddress) + "]");
    msg.append(" ModSecurity: ");
-    msg.append(msg2);
-    msg.append(m_match);
-    msg.append(" [file \"" + std::string(m_ruleFile) + "\"]");
-    msg.append(" [line \"" + std::to_string(m_ruleLine) + "\"]");
-    msg.append(" [id \"" + std::to_string(m_ruleId) + "\"]");
-    msg.append(" [rev \"" + m_rev + "\"]");
-    msg.append(" [msg \"" + m_message + "\"]");
-    msg.append(" [data \"" + m_data + "\"]");
+    msg.append(rm->m_disruptiveMessage);
+    msg.append(rm->m_match);
+    msg.append(" [file \"" + std::string(rm->m_ruleFile) + "\"]");
+    msg.append(" [line \"" + std::to_string(rm->m_ruleLine) + "\"]");
+    msg.append(" [id \"" + std::to_string(rm->m_ruleId) + "\"]");
+    msg.append(" [rev \"" + rm->m_rev + "\"]");
+    msg.append(" [msg \"" + rm->m_message + "\"]");
+    msg.append(" [data \"" + rm->m_data + "\"]");
    msg.append(" [severity \"" +
-        std::to_string(m_severity) + "\"]");
-    msg.append(" [ver \"" + m_ver + "\"]");
-    msg.append(" [maturity \"" + std::to_string(m_maturity) + "\"]");
-    msg.append(" [accuracy \"" + std::to_string(m_accuracy) + "\"]");
-    for (auto &a : m_tags) {
+        std::to_string(rm->m_severity) + "\"]");
+    msg.append(" [ver \"" + rm->m_ver + "\"]");
+    msg.append(" [maturity \"" + std::to_string(rm->m_maturity) + "\"]");
+    msg.append(" [accuracy \"" + std::to_string(rm->m_accuracy) + "\"]");
+    for (auto &a : rm->m_tags) {
        msg.append(" [tag \"" + a + "\"]");
    }
-    msg.append(" [hostname \"" + std::string(trans->m_serverIpAddress) \
+    msg.append(" [hostname \"" + std::string(rm->m_serverIpAddress) \
        + "\"]");
-    msg.append(" [uri \"" + trans->m_uri_no_query_string_decoded + "\"]");
-    msg.append(" [unique_id \"" + trans->m_id + "\"]");
-    msg.append(" [ref \"" + m_reference + "\"]");
+    msg.append(" [uri \"" + rm->m_uriNoQueryStringDecoded + "\"]");
+    msg.append(" [unique_id \"" + rm->m_id + "\"]");
+    msg.append(" [ref \"" + rm->m_reference + "\"]");

    return modsecurity::utils::string::toHexIfNeeded(msg);
 }


-std::string RuleMessage::noClientErrorLog(Transaction *trans) {
+std::string RuleMessage::noClientErrorLog(const RuleMessage *rm) {
    std::string msg;

    msg.append("ModSecurity: Warning. ");
-    msg.append(m_match);
-    msg.append(" [file \"" + std::string(m_ruleFile) + "\"]");
-    msg.append(" [line \"" + std::to_string(m_ruleLine) + "\"]");
-    msg.append(" [id \"" + std::to_string(m_ruleId) + "\"]");
-    msg.append(" [rev \"" + m_rev + "\"]");
-    msg.append(" [msg \"" + m_message + "\"]");
-    msg.append(" [data \"" + m_data + "\"]");
+    msg.append(rm->m_match);
+    msg.append(" [file \"" + std::string(rm->m_ruleFile) + "\"]");
+    msg.append(" [line \"" + std::to_string(rm->m_ruleLine) + "\"]");
+    msg.append(" [id \"" + std::to_string(rm->m_ruleId) + "\"]");
+    msg.append(" [rev \"" + rm->m_rev + "\"]");
+    msg.append(" [msg \"" + rm->m_message + "\"]");
+    msg.append(" [data \"" + rm->m_data + "\"]");
    msg.append(" [severity \"" +
-        std::to_string(m_severity) + "\"]");
-    msg.append(" [ver \"" + m_ver + "\"]");
-    msg.append(" [maturity \"" + std::to_string(m_maturity) + "\"]");
-    msg.append(" [accuracy \"" + std::to_string(m_accuracy) + "\"]");
-    for (auto &a : m_tags) {
+        std::to_string(rm->m_severity) + "\"]");
+    msg.append(" [ver \"" + rm->m_ver + "\"]");
+    msg.append(" [maturity \"" + std::to_string(rm->m_maturity) + "\"]");
+    msg.append(" [accuracy \"" + std::to_string(rm->m_accuracy) + "\"]");
+    for (auto &a : rm->m_tags) {
        msg.append(" [tag \"" + a + "\"]");
    }
-    msg.append(" [ref \"" + m_reference + "\"]");
+    msg.append(" [ref \"" + rm->m_reference + "\"]");

    return modsecurity::utils::string::toHexIfNeeded(msg);
 }

-std::string RuleMessage::errorLogTail(Transaction *trans) {
+std::string RuleMessage::errorLogTail(const RuleMessage *rm) {
    std::string msg;

-    msg.append("[hostname \"" + std::string(trans->m_serverIpAddress) \
+    msg.append("[hostname \"" + std::string(rm->m_serverIpAddress) \
        + "\"]");
-    msg.append(" [uri \"" + trans->m_uri_no_query_string_decoded + "\"]");
-    msg.append(" [unique_id \"" + trans->m_id + "\"]");
+    msg.append(" [uri \"" + rm->m_uriNoQueryStringDecoded + "\"]");
+    msg.append(" [unique_id \"" + rm->m_id + "\"]");

    return modsecurity::utils::string::toHexIfNeeded(msg);
 }

-std::string RuleMessage::errorLog(Transaction *trans) {
+std::string RuleMessage::errorLog(const RuleMessage *rm) {
    std::string msg;

-    msg.append("[client " + std::string(trans->m_clientIpAddress) + "] ");
-    msg.append(noClientErrorLog(trans));
-    msg.append(" " + errorLogTail(trans));
+    msg.append("[client " + std::string(rm->m_clientIpAddress) + "] ");
+    msg.append(noClientErrorLog(rm));
+    msg.append(" " + errorLogTail(rm));
+
+    return msg;
+}
+
+std::string RuleMessage::log(const RuleMessage *rm) {
+    std::string msg;
+
+    if (rm->m_isDisruptive) {
+        msg.append(disruptiveErrorLog(rm));
+    } else {
+        msg.append(errorLog(rm));
+    }

    return msg;
 }
--- a/src/rules.cc
+++ b/src/rules.cc
@@ -209,7 +209,7 @@ int Rules::evaluate(int phase, Transaction *transaction) {
            debug(9, "Skipped rule id '" + std::to_string(rule->m_ruleId) \
                + "'. Removed by an SecRuleRemove directive.");
        } else {
-            rule->evaluate(transaction);
+            rule->evaluate(transaction, NULL);
            if (transaction->m_it.disruptive == true) {
                debug(8, "Skipping this phase as this " \
                    "request was already intercepted.");
--- a/src/transaction.cc
+++ b/src/transaction.cc
@@ -1441,7 +1441,7 @@ std::string Transaction::toOldAuditLogFormat(int parts,
    if (parts & audit_log::AuditLog::HAuditLogPart) {
        audit_log << "--" << trailer << "-" << "H--" << std::endl;
        for (auto a : m_rulesMessages) {
-            audit_log << a.noClientErrorLog(this) << std::endl;
+            audit_log << a.noClientErrorLog() << std::endl;
        }
        audit_log << std::endl;
        /** TODO: write audit_log H part. */
@@ -1658,8 +1658,8 @@ std::string Transaction::toJSON(int parts) {
 }


-void Transaction::serverLog(const std::string& msg) {
-    m_ms->serverLog(m_logCbData, msg);
+void Transaction::serverLog(std::shared_ptr<RuleMessage> rm) {
+    m_ms->serverLog(m_logCbData, rm);
 }