From e89e395a328a874daf7de93ba3a2016d8d620c39 Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <fcosta@trustwave.com>
Date: Thu, 27 Aug 2015 17:50:42 -0300
Subject: [PATCH] Fix various minor issues on the auditlog schema

---
 examples/simple_example_using_c/test.c | 1 +
 src/audit_log.cc                       | 2 +-
 src/parser/seclang-parser.yy           | 6 ++++++
 src/parser/seclang-scanner.ll          | 6 ++++--
 src/utils.cc                           | 2 +-
 5 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/examples/simple_example_using_c/test.c b/examples/simple_example_using_c/test.c
index 19dad72e..858f5dc3 100644
--- a/examples/simple_example_using_c/test.c
+++ b/examples/simple_example_using_c/test.c
@@ -65,6 +65,7 @@ int main (int argc, char **argv)
     msc_process_request_body(assay);
     msc_process_response_headers(assay);
     msc_process_response_body(assay);
+    msc_process_logging(assay, 200);
 end:
     msc_rules_cleanup(rules);
     msc_cleanup(modsec);
diff --git a/src/audit_log.cc b/src/audit_log.cc
index 46e212e7..390034ef 100644
--- a/src/audit_log.cc
+++ b/src/audit_log.cc
@@ -44,7 +44,7 @@ AuditLog::AuditLog()
     m_writer(NULL),
     m_relevant(""),
     filePermission(0600),
-    directoryPermission(0600),
+    directoryPermission(0766),
     m_refereceCount(0) { }
 
 AuditLog::~AuditLog() {
diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy
index 72328514..6a2343d9 100644
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@@ -17,6 +17,7 @@ class Driver;
 }
 
 #include "actions/action.h"
+#include "actions/audit_log.h"
 #include "actions/set_var.h"
 #include "actions/severity.h"
 #include "actions/msg.h"
@@ -201,6 +202,7 @@ using ModSecurity::Variables::Variable;
 %token <std::string> OPERATOR
 %token <std::string> FREE_TEXT
 %token <std::string> ACTION
+%token <std::string> ACTION_AUDIT_LOG
 %token <std::string> ACTION_SEVERITY
 %token <std::string> ACTION_SETVAR
 %token <std::string> ACTION_MSG
@@ -619,6 +621,10 @@ act:
 
         $$ = setVar;
       }
+    | ACTION_AUDIT_LOG
+      {
+        $$ = new ModSecurity::actions::AuditLog($1);
+      }
     | LOG_DATA
       {
         $$ = new LogData($1);
diff --git a/src/parser/seclang-scanner.ll b/src/parser/seclang-scanner.ll
index 378b1185..8d96a1ab 100755
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@@ -23,7 +23,8 @@ using ModSecurity::split;
 %}
 %option noyywrap nounput batch debug noinput
 
-ACTION          (?i:accuracy|allow|append|auditlog|block|capture|chain|deny|deprecatevar|drop|exec|expirevar|id:[0-9]+|id:'[0-9]+'|initcol|log|maturity|multiMatch|noauditlog|nolog|pass|pause|phase:[0-9]+|prepend|proxy|redirect:[A-Z0-9_\|\&\:\/\/\.]+|sanitiseArg|sanitiseMatched|sanitiseMatchedBytes|sanitiseRequestHeader|sanitiseResponseHeader|setuid|setrsc|setsid|setenv|skip|skipAfter|status:[0-9]+|ver|xmlns)
+ACTION          (?i:accuracy|allow|append|block|capture|chain|deny|deprecatevar|drop|exec|expirevar|id:[0-9]+|id:'[0-9]+'|initcol|log|maturity|multiMatch|noauditlog|nolog|pass|pause|phase:[0-9]+|prepend|proxy|redirect:[A-Z0-9_\|\&\:\/\/\.]+|sanitiseArg|sanitiseMatched|sanitiseMatchedBytes|sanitiseRequestHeader|sanitiseResponseHeader|setuid|setrsc|setsid|setenv|skip|skipAfter|status:[0-9]+|ver|xmlns)
+ACTION_AUDIT_LOG (?i:auditlog)
 ACTION_SEVERITY (?i:severity)
 ACTION_SEVERITY_VALUE (?i:(EMERGENCY|ALERT|CRITICAL|ERROR|WARNING|NOTICE|INFO|DEBUG)|[0-9]+)
 ACTION_SETVAR   (?i:setvar)
@@ -112,7 +113,7 @@ CONFIG_VALUE_ON On
 CONFIG_VALUE_OFF    Off
 CONFIG_VALUE_DETC    DetectionOnly
 CONFIG_VALUE_SERIAL Serial
-CONFIG_VALUE_PARALLEL Parallel
+CONFIG_VALUE_PARALLEL (?i:Parallel|Concurrent)
 CONFIG_VALUE_RELEVANT_ONLY RelevantOnly
 
 CONFIG_VALUE_PROCESS_PARTIAL (?i:ProcessPartial)
@@ -247,6 +248,7 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
 }
 
 {ACTION}                        { return yy::seclang_parser::make_ACTION(yytext, *driver.loc.back()); }
+{ACTION_AUDIT_LOG}              { return yy::seclang_parser::make_ACTION_AUDIT_LOG(yytext, *driver.loc.back()); }
 
 {ACTION_SEVERITY}:{ACTION_SEVERITY_VALUE}       { return yy::seclang_parser::make_ACTION_SEVERITY(yytext + 9, *driver.loc.back()); }
 {ACTION_SEVERITY}:'{ACTION_SEVERITY_VALUE}'     { return yy::seclang_parser::make_ACTION_SEVERITY(std::string(yytext, 10, yyleng - 11), *driver.loc.back()); }
diff --git a/src/utils.cc b/src/utils.cc
index 03ae6e7b..84e7a194 100644
--- a/src/utils.cc
+++ b/src/utils.cc
@@ -73,7 +73,7 @@ double random_number(const double from, const double to) {
 
 
 std::string dash_if_empty(const std::string& str) {
-    if (str.empty()) {
+    if (&str == NULL || str.empty()) {
         return "-";
     }