diff --git a/headers/modsecurity/assay.h b/headers/modsecurity/assay.h index 13c71bcf..627b74d8 100644 --- a/headers/modsecurity/assay.h +++ b/headers/modsecurity/assay.h @@ -127,6 +127,9 @@ class Assay { void debug(int, std::string); std::vector actions; + bool save_in_auditlog; + bool do_not_save_in_auditlog; + private: std::ofstream myfile; Rules *m_rules; diff --git a/src/Makefile.am b/src/Makefile.am index 16c1efed..8bccd6bb 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -31,7 +31,9 @@ pkginclude_HEADERS = \ ACTIONS = \ actions/action.cc \ + actions/audit_log.cc \ actions/block.cc \ + actions/no_audit_log.cc \ actions/phase.cc \ actions/redirect.cc \ actions/rule_id.cc \ diff --git a/src/actions/audit_log.cc b/src/actions/audit_log.cc new file mode 100644 index 00000000..81ac95f0 --- /dev/null +++ b/src/actions/audit_log.cc @@ -0,0 +1,32 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include "actions/audit_log.h" + +#include +#include + +#include "modsecurity/assay.h" + +namespace ModSecurity { +namespace actions { + +bool AuditLog::evaluate(Assay *assay) { + assay->save_in_auditlog = true; + return true; +} + +} // namespace actions +} // namespace ModSecurity diff --git a/src/actions/audit_log.h b/src/actions/audit_log.h new file mode 100644 index 00000000..d4b4b321 --- /dev/null +++ b/src/actions/audit_log.h @@ -0,0 +1,44 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include + +#include "actions/action.h" + +#ifndef SRC_ACTIONS_AUDIT_LOG_H_ +#define SRC_ACTIONS_AUDIT_LOG_H_ + +#ifdef __cplusplus +class Assay; + +namespace ModSecurity { +class Assay; + +namespace actions { + + +class AuditLog : public Action { + public: + explicit AuditLog(std::string action) + : Action(action, RunTimeOnlyIfMatchKind) { } + + bool evaluate(Assay *assay) override; +}; + +} // namespace actions +} // namespace ModSecurity +#endif + +#endif // SRC_ACTIONS_AUDIT_LOG_H_ diff --git a/src/actions/no_audit_log.cc b/src/actions/no_audit_log.cc new file mode 100644 index 00000000..030e17b1 --- /dev/null +++ b/src/actions/no_audit_log.cc @@ -0,0 +1,32 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include "actions/no_audit_log.h" + +#include +#include + +#include "modsecurity/assay.h" + +namespace ModSecurity { +namespace actions { + +bool NoAuditLog::evaluate(Assay *assay) { + assay->do_not_save_in_auditlog = true; + return true; +} + +} // namespace actions +} // namespace ModSecurity diff --git a/src/actions/no_audit_log.h b/src/actions/no_audit_log.h new file mode 100644 index 00000000..e5f9e751 --- /dev/null +++ b/src/actions/no_audit_log.h @@ -0,0 +1,44 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include + +#include "actions/action.h" + +#ifndef SRC_ACTIONS_NO_AUDIT_LOG_H_ +#define SRC_ACTIONS_NO_AUDIT_LOG_H_ + +#ifdef __cplusplus +class Assay; + +namespace ModSecurity { +class Assay; + +namespace actions { + + +class NoAuditLog : public Action { + public: + explicit NoAuditLog(std::string action) + : Action(action, RunTimeOnlyIfMatchKind) { } + + bool evaluate(Assay *assay) override; +}; + +} // namespace actions +} // namespace ModSecurity +#endif + +#endif // SRC_ACTIONS_NO_AUDIT_LOG_H_ diff --git a/src/assay.cc b/src/assay.cc index 7d3d0afb..9bda31e3 100644 --- a/src/assay.cc +++ b/src/assay.cc @@ -75,7 +75,9 @@ namespace ModSecurity { Assay::Assay(ModSecurity *ms, Rules *rules) : m_ipAddress(NULL), m_uri(NULL), - m_rules(rules) { + m_rules(rules), + save_in_auditlog(false), + do_not_save_in_auditlog(false) { m_rules->incrementReferenceCount(); this->debug(4, "Initialising transaction"); }