github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Changes debuglogs schema to avoid unecessary str allocation

Browse Source
This commit is contained in:
Felipe Zimmerle
2018-10-19 16:56:33 -03:00
parent 23e0d35d2d
commit ef7f65db90
57 changed files with 1100 additions and 1374 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/operators/detect_sqli.cc
View File

@@ -35,26 +35,20 @@ bool DetectSQLi::evaluate(Transaction *t, Rule *rule,
if (issqli) {
if (t) {
t->m_matched.push_back(fingerprint);
#ifndef NO_LOGS
t->debug(4, "detected SQLi using libinjection with " \
ms_dbg_a(t, 4, "detected SQLi using libinjection with " \
"fingerprint '" + std::string(fingerprint) + "' at: '" +
input + "'");
#endif
if (rule && t && rule->m_containsCaptureAction) {
t->m_collections.m_tx_collection->storeOrUpdateFirst(
"0", std::string(fingerprint));
#ifndef NO_LOGS
t->debug(7, "Added DetectSQLi match TX.0: " + \
ms_dbg_a(t, 7, "Added DetectSQLi match TX.0: " + \
std::string(fingerprint));
#endif
}
}
} else {
if (t) {
#ifndef NO_LOGS
t->debug(9, "detected SQLi: not able to find an " \
ms_dbg_a(t, 9, "detected SQLi: not able to find an " \
"inject on '" + input + "'");
#endif
}
}

16
src/operators/detect_xss.cc
View File

@@ -33,22 +33,16 @@ bool DetectXSS::evaluate(Transaction *t, Rule *rule,
if (t) {
if (is_xss) {
#ifndef NO_LOGS
t->debug(5, "detected XSS using libinjection.");
#endif
ms_dbg_a(t, 5, "detected XSS using libinjection.");
if (rule && t && rule->m_containsCaptureAction) {
t->m_collections.m_tx_collection->storeOrUpdateFirst(
"0", std::string(input));
#ifndef NO_LOGS
t->debug(7, "Added DetectXSS match TX.0: " + \
ms_dbg_a(t, 7, "Added DetectXSS match TX.0: " + \
std::string(input));
#endif
}
}
} else {
#ifndef NO_LOGS
t->debug(9, "libinjection was not able to " \
"find any XSS in: " + input);
#endif
ms_dbg_a(t, 9, "libinjection was not able to " \
"find any XSS in: " + input);
}
}
return is_xss != 0;

8
src/operators/fuzzy_hash.cc
View File

@@ -103,19 +103,15 @@ bool FuzzyHash::evaluate(Transaction *t, const std::string &str) {
if (fuzzy_hash_buf((const unsigned char*)str.c_str(),
str.size(), result)) {
#ifndef NO_LOGS
t->debug(4, "Problems generating fuzzy hash");
#endif
ms_dbg_a(t, 4, "Problems generating fuzzy hash");
return false;
}
while (chunk != NULL) {
int i = fuzzy_compare(chunk->data, result);
if (i >= m_threshold) {
#ifndef NO_LOGS
t->debug(4, "Fuzzy hash: matched " \
ms_dbg_a(t, 4, "Fuzzy hash: matched " \
"with score: " + std::to_string(i) + ".");
#endif
return true;
}
chunk = chunk->next;

5
src/operators/geo_lookup.cc
View File

@@ -33,6 +33,11 @@
namespace modsecurity {
namespace operators {
bool GeoLookup::debug(Transaction *transaction, int x, std::string a) {
ms_dbg_a(transaction, x, a);
return true;
}
bool GeoLookup::evaluate(Transaction *trans, const std::string &exp) {
using std::placeholders::_1;

3
src/operators/geo_lookup.h
View File

@@ -30,6 +30,9 @@ class GeoLookup : public Operator {
GeoLookup()
: Operator("GeoLookup") { }
bool evaluate(Transaction *transaction, const std::string &exp) override;
protected:
bool debug(Transaction *transaction, int x, std::string a);
};
} // namespace operators

16
src/operators/operator.cc
View File

@@ -68,13 +68,6 @@ namespace modsecurity {
namespace operators {
bool Operator::debug(Transaction *transaction, int x, std::string a) {
#ifndef NO_LOGS
transaction->debug(x, a);
#endif
return true;
}
bool Operator::evaluateInternal(Transaction *transaction,
Rule *rule, const std::string& a, std::shared_ptr<RuleMessage> rm) {
bool res = evaluate(transaction, rule, a, rm);
@@ -138,13 +131,8 @@ std::string Operator::resolveMatchMessage(Transaction *t,
bool Operator::evaluate(Transaction *transaction, const std::string& a) {
#ifndef NO_LOGS
if (transaction) {
transaction->debug(2, "Operator: " + this->m_op + \
" is not implemented or malfunctioning.");
}
#endif
ms_dbg_a(transaction, 2, "Operator: " + m_op + \
" is not implemented or malfunctioning.");
return true;
}

3
src/operators/operator.h
View File

@@ -142,9 +142,6 @@ class Operator {
std::string m_param;
std::unique_ptr<RunTimeString> m_string;
bool m_couldContainsMacro;
protected:
bool debug(Transaction *transaction, int x, std::string a);
};
} // namespace operators

4
src/operators/pm.cc
View File

@@ -106,10 +106,8 @@ bool Pm::evaluate(Transaction *transaction, Rule *rule,
if (rule && rule->m_containsCaptureAction && transaction && rc) {
transaction->m_collections.m_tx_collection->storeOrUpdateFirst("0",
std::string(match));
#ifndef NO_LOGS
transaction->debug(7, "Added pm match TX.0: " + \
ms_dbg_a(transaction, 7, "Added pm match TX.0: " + \
std::string(match));
#endif
}
return rc > 0;

38
src/operators/rbl.cc
View File

@@ -39,7 +39,7 @@ std::string Rbl::mapIpToAddress(std::string ipStr, Transaction *trans) {
}
if (sscanf(ipStr.c_str(), "%d.%d.%d.%d", &h0, &h1, &h2, &h3) != 4) {
debug(trans, 0, std::string("Failed to understand `" + ipStr +
ms_dbg_a(trans, 0, std::string("Failed to understand `" + ipStr +
"' as a valid IP address, assuming domain format input"));
addr = ipStr + "." + m_service;
@@ -47,7 +47,7 @@ std::string Rbl::mapIpToAddress(std::string ipStr, Transaction *trans) {
}
if (m_demandsPassword && key.empty()) {
debug(trans, 0, std::string("Missing RBL key, cannot continue " \
ms_dbg_a(trans, 0, std::string("Missing RBL key, cannot continue " \
"with the operator execution, please set the key using: " \
"SecHttpBlKey"));
return addr;
@@ -76,12 +76,12 @@ void Rbl::futherInfo_httpbl(struct sockaddr_in *sin, std::string ipStr,
respBl = inet_ntoa(sin->sin_addr);
if (sscanf(respBl, "%d.%d.%d.%d", &first, &days, &score, &type) != 4) {
debug(trans, 4, "RBL lookup of " + ipStr + " failed: bad response");
ms_dbg_a(trans, 4, "RBL lookup of " + ipStr + " failed: bad response");
return;
}
if (first != 127) {
debug(trans, 4, "RBL lookup of " + ipStr + " failed: bad response");
ms_dbg_a(trans, 4, "RBL lookup of " + ipStr + " failed: bad response");
return;
}
@@ -114,7 +114,7 @@ void Rbl::futherInfo_httpbl(struct sockaddr_in *sin, std::string ipStr,
ptype = " ";
}
debug(trans, 4, "RBL lookup of " + ipStr + " succeeded. %s: " \
ms_dbg_a(trans, 4, "RBL lookup of " + ipStr + " succeeded. %s: " \
+ std::to_string(days) + " " \
"days since last activity, threat score " \
+ std::to_string(score) + ". Case: " + ptype);
@@ -126,23 +126,23 @@ void Rbl::futherInfo_spamhaus(unsigned int high8bits, std::string ipStr,
switch (high8bits) {
case 2:
case 3:
debug(trans, 4, "RBL lookup of " + ipStr + " succeeded " \
ms_dbg_a(trans, 4, "RBL lookup of " + ipStr + " succeeded " \
"(Static UBE sources).");
break;
case 4:
case 5:
case 6:
case 7:
debug(trans, 4, "RBL lookup of " + ipStr + " succeeded " \
ms_dbg_a(trans, 4, "RBL lookup of " + ipStr + " succeeded " \
"(Illegal 3rd party exploits).");
break;
case 10:
case 11:
debug(trans, 4, "RBL lookup of " + ipStr + " succeeded " \
ms_dbg_a(trans, 4, "RBL lookup of " + ipStr + " succeeded " \
"(Delivering unauthenticated SMTP email).");
break;
default:
debug(trans, 4, "RBL lookup of " + ipStr + " succeeded ");
ms_dbg_a(trans, 4, "RBL lookup of " + ipStr + " succeeded ");
break;
}
}
@@ -152,24 +152,24 @@ void Rbl::futherInfo_uribl(unsigned int high8bits, std::string ipStr,
Transaction *trans) {
switch (high8bits) {
case 2:
debug(trans, 4, "RBL lookup of " + ipStr + " succeeded (BLACK).");
ms_dbg_a(trans, 4, "RBL lookup of " + ipStr + " succeeded (BLACK).");
break;
case 4:
debug(trans, 4, "RBL lookup of " + ipStr + " succeeded (GREY).");
ms_dbg_a(trans, 4, "RBL lookup of " + ipStr + " succeeded (GREY).");
break;
case 8:
debug(trans, 4, "RBL lookup of " + ipStr + " succeeded (RED).");
ms_dbg_a(trans, 4, "RBL lookup of " + ipStr + " succeeded (RED).");
break;
case 14:
debug(trans, 4, "RBL lookup of " + ipStr + " succeeded " \
ms_dbg_a(trans, 4, "RBL lookup of " + ipStr + " succeeded " \
"(BLACK,GREY,RED).");
break;
case 255:
debug(trans, 4, "RBL lookup of " + ipStr + " succeeded " \
ms_dbg_a(trans, 4, "RBL lookup of " + ipStr + " succeeded " \
"(DNS IS BLOCKED).");
break;
default:
debug(trans, 4, "RBL lookup of " + ipStr + " succeeded (WHITE).");
ms_dbg_a(trans, 4, "RBL lookup of " + ipStr + " succeeded (WHITE).");
break;
}
}
@@ -181,7 +181,7 @@ void Rbl::furtherInfo(struct sockaddr_in *sin, std::string ipStr,
switch (m_provider) {
case RblProvider::UnknownProvider:
debug(trans, 2, "RBL lookup of " + ipStr + " succeeded.");
ms_dbg_a(trans, 2, "RBL lookup of " + ipStr + " succeeded.");
break;
case RblProvider::httpbl:
futherInfo_httpbl(sin, ipStr, trans);
@@ -213,7 +213,7 @@ bool Rbl::evaluate(Transaction *t, Rule *rule,
if (info != NULL) {
freeaddrinfo(info);
}
debug(t, 5, "RBL lookup of " + ipStr + " failed.");
ms_dbg_a(t, 5, "RBL lookup of " + ipStr + " failed.");
return false;
}
@@ -225,10 +225,8 @@ bool Rbl::evaluate(Transaction *t, Rule *rule,
if (rule && t && rule->m_containsCaptureAction) {
t->m_collections.m_tx_collection->storeOrUpdateFirst(
"0", std::string(ipStr));
#ifndef NO_LOGS
t->debug(7, "Added RXL match TX.0: " + \
ms_dbg_a(t, 7, "Added RXL match TX.0: " + \
std::string(ipStr));
#endif
}
return true;

4
src/operators/rx.cc
View File

@@ -60,10 +60,8 @@ bool Rx::evaluate(Transaction *transaction, Rule *rule,
for (const SMatch& a : matches) {
transaction->m_collections.m_tx_collection->storeOrUpdateFirst(
std::to_string(i), a.match);
#ifndef NO_LOGS
transaction->debug(7, "Added regex subexpression TX." +
ms_dbg_a(transaction, 7, "Added regex subexpression TX." +
std::to_string(i) + ": " + a.match);
#endif
transaction->m_matched.push_back(a.match);
i++;
}

24
src/operators/validate_dtd.cc
View File

@@ -50,25 +50,19 @@ bool ValidateDTD::evaluate(Transaction *t, const std::string &str) {
if (m_dtd == NULL) {
std::string err = std::string("XML: Failed to load DTD: ") \
+ m_resource;
#ifndef NO_LOGS
t->debug(4, err);
#endif
ms_dbg_a(t, 4, err);
return true;
}
if (t->m_xml->m_data.doc == NULL) {
#ifndef NO_LOGS
t->debug(4, "XML document tree could not "\
ms_dbg_a(t, 4, "XML document tree could not "\
"be found for DTD validation.");
#endif
return true;
}
if (t->m_xml->m_data.well_formed != 1) {
#ifndef NO_LOGS
t->debug(4, "XML: DTD validation failed because " \
ms_dbg_a(t, 4, "XML: DTD validation failed because " \
"content is not well formed.");
#endif
return true;
}
@@ -84,9 +78,7 @@ bool ValidateDTD::evaluate(Transaction *t, const std::string &str) {
cvp = xmlNewValidCtxt();
if (cvp == NULL) {
#ifndef NO_LOGS
t->debug(4, "XML: Failed to create a validation context.");
#endif
ms_dbg_a(t, 4, "XML: Failed to create a validation context.");
return true;
}
@@ -96,17 +88,13 @@ bool ValidateDTD::evaluate(Transaction *t, const std::string &str) {
cvp->userData = t;
if (!xmlValidateDtd(cvp, t->m_xml->m_data.doc, m_dtd)) {
#ifndef NO_LOGS
t->debug(4, "XML: DTD validation failed.");
#endif
ms_dbg_a(t, 4, "XML: DTD validation failed.");
xmlFreeValidCtxt(cvp);
return true;
}
#ifndef NO_LOGS
t->debug(4, std::string("XML: Successfully validated " \
ms_dbg_a(t, 4, std::string("XML: Successfully validated " \
"payload against DTD: ") + m_resource);
#endif
xmlFreeValidCtxt(cvp);

8
src/operators/validate_dtd.h
View File

@@ -63,9 +63,7 @@ class ValidateDTD : public Operator {
if (len > 0) {
s = "XML Error: " + std::string(buf);
}
#ifndef NO_LOGS
t->debug(4, s);
#endif
ms_dbg_a(t, 4, s);
}
@@ -82,9 +80,7 @@ class ValidateDTD : public Operator {
if (len > 0) {
s = "XML Warning: " + std::string(buf);
}
#ifndef NO_LOGS
t->debug(4, s);
#endif
ms_dbg_a(t, 4, s);
}

32
src/operators/validate_schema.cc
View File

@@ -52,9 +52,7 @@ bool ValidateSchema::evaluate(Transaction *t,
if (m_err.empty() == false) {
err << m_err;
}
#ifndef NO_LOGS
t->debug(4, err.str());
#endif
ms_dbg_a(t, 4, err.str());
return true;
}
@@ -77,9 +75,7 @@ bool ValidateSchema::evaluate(Transaction *t,
if (m_err.empty() == false) {
err << " " << m_err;
}
#ifndef NO_LOGS
t->debug(4, err.str());
#endif
ms_dbg_a(t, 4, err.str());
xmlSchemaFreeParserCtxt(m_parserCtx);
return true;
}
@@ -90,9 +86,7 @@ bool ValidateSchema::evaluate(Transaction *t,
if (m_err.empty() == false) {
err << " " << m_err;
}
#ifndef NO_LOGS
t->debug(4, err.str());
#endif
ms_dbg_a(t, 4, err.str());
return true;
}
@@ -102,46 +96,36 @@ bool ValidateSchema::evaluate(Transaction *t,
(xmlSchemaValidityWarningFunc)warn_runtime, t);
if (t->m_xml->m_data.doc == NULL) {
#ifndef NO_LOGS
t->debug(4, "XML document tree could not be found for " \
ms_dbg_a(t, 4, "XML document tree could not be found for " \
"schema validation.");
#endif
return true;
}
if (t->m_xml->m_data.well_formed != 1) {
#ifndef NO_LOGS
t->debug(4, "XML: Schema validation failed because " \
ms_dbg_a(t, 4, "XML: Schema validation failed because " \
"content is not well formed.");
#endif
return true;
}
/* Make sure there were no other generic processing errors */
/*
if (msr->msc_reqbody_error) {
#ifndef NO_LOGS
t->debug(4, "XML: Schema validation could not proceed due to previous"
ms_dbg_a(t, 4, "XML: Schema validation could not proceed due to previous"
" processing errors.");
#endif
return true;
}
*/
rc = xmlSchemaValidateDoc(m_validCtx, t->m_xml->m_data.doc);
if (rc != 0) {
#ifndef NO_LOGS
t->debug(4, "XML: Schema validation failed.");
#endif
ms_dbg_a(t, 4, "XML: Schema validation failed.");
xmlSchemaFree(m_schema);
xmlSchemaFreeParserCtxt(m_parserCtx);
return true; /* No match. */
}
#ifndef NO_LOGS
t->debug(4, "XML: Successfully validated payload against " \
ms_dbg_a(t, 4, "XML: Successfully validated payload against " \
"Schema: " + m_resource);
#endif
xmlSchemaFree(m_schema);
xmlSchemaFreeParserCtxt(m_parserCtx);

8
src/operators/validate_schema.h
View File

@@ -105,9 +105,7 @@ class ValidateSchema : public Operator {
if (len > 0) {
s = "XML Error: " + std::string(buf);
}
#ifndef NO_LOGS
t->debug(4, s);
#endif
ms_dbg_a(t, 4, s);
}
@@ -124,9 +122,7 @@ class ValidateSchema : public Operator {
if (len > 0) {
s = "XML Warning: " + std::string(buf);
}
#ifndef NO_LOGS
t->debug(4, s);
#endif
ms_dbg_a(t, 4, s);
}
static void null_error(void *ctx, const char *msg, ...) {

16
src/operators/validate_url_encoding.cc
View File

@@ -82,28 +82,22 @@ bool ValidateUrlEncoding::evaluate(Transaction *transaction, Rule *rule,
case 1 :
/* Encoding is valid */
if (transaction) {
#ifndef NO_LOGS
transaction->debug(7, "Valid URL Encoding at '" +input + "'");
#endif
ms_dbg_a(transaction, 7, "Valid URL Encoding at '" +input + "'");
}
res = false;
break;
case -2 :
if (transaction) {
#ifndef NO_LOGS
transaction->debug(7, "Invalid URL Encoding: Non-hexadecimal "
ms_dbg_a(transaction, 7, "Invalid URL Encoding: Non-hexadecimal "
"digits used at '" + input + "'");
#endif
logOffset(ruleMessage, offset, input.size());
}
res = true; /* Invalid match. */
break;
case -3 :
if (transaction) {
#ifndef NO_LOGS
transaction->debug(7, "Invalid URL Encoding: Not enough " \
ms_dbg_a(transaction, 7, "Invalid URL Encoding: Not enough " \
"characters at the end of input at '" + input + "'");
#endif
logOffset(ruleMessage, offset, input.size());
}
res = true; /* Invalid match. */
@@ -111,11 +105,9 @@ bool ValidateUrlEncoding::evaluate(Transaction *transaction, Rule *rule,
case -1 :
default :
if (transaction) {
#ifndef NO_LOGS
transaction->debug(7, "Invalid URL Encoding: Internal " \
ms_dbg_a(transaction, 7, "Invalid URL Encoding: Internal " \
"Error (rc = " + std::to_string(rc) + ") at '" +
input + "'");
#endif
logOffset(ruleMessage, offset, input.size());
}
res = true;

24
src/operators/validate_utf8_encoding.cc
View File

@@ -126,58 +126,48 @@ bool ValidateUtf8Encoding::evaluate(Transaction *transaction, Rule *rule,
switch (rc) {
case UNICODE_ERROR_CHARACTERS_MISSING :
if (transaction) {
#ifndef NO_LOGS
transaction->debug(8, "Invalid UTF-8 encoding: "
ms_dbg_a(transaction, 8, "Invalid UTF-8 encoding: "
"not enough bytes in character "
"at " + str + ". [offset \"" +
std::to_string(i) + "\"]");
#endif
}
return true;
break;
case UNICODE_ERROR_INVALID_ENCODING :
if (transaction) {
#ifndef NO_LOGS
transaction->debug(8, "Invalid UTF-8 encoding: "
ms_dbg_a(transaction, 8, "Invalid UTF-8 encoding: "
"invalid byte value in character "
"at " + str + ". [offset \"" +
std::to_string(i) + "\"]");
#endif
logOffset(ruleMessage, i, str.size());
}
return true;
break;
case UNICODE_ERROR_OVERLONG_CHARACTER :
if (transaction) {
#ifndef NO_LOGS
transaction->debug(8, "Invalid UTF-8 encoding: "
ms_dbg_a(transaction, 8, "Invalid UTF-8 encoding: "
"overlong character detected "
"at " + str + ". [offset \"" +
std::to_string(i) + "\"]");
#endif
logOffset(ruleMessage, i, str.size());
}
return true;
break;
case UNICODE_ERROR_RESTRICTED_CHARACTER :
if (transaction) {
#ifndef NO_LOGS
transaction->debug(8, "Invalid UTF-8 encoding: "
ms_dbg_a(transaction, 8, "Invalid UTF-8 encoding: "
"use of restricted character "
"at " + str + ". [offset \"" +
std::to_string(i) + "\"]");
#endif
logOffset(ruleMessage, i, str.size());
}
return true;
break;
case UNICODE_ERROR_DECODING_ERROR :
if (transaction) {
#ifndef NO_LOGS
transaction->debug(8, "Error validating UTF-8 decoding "
ms_dbg_a(transaction, 8, "Error validating UTF-8 decoding "
"at " + str + ". [offset \"" +
std::to_string(i) + "\"]");
#endif
logOffset(ruleMessage, i, str.size());
}
return true;
@@ -186,11 +176,9 @@ bool ValidateUtf8Encoding::evaluate(Transaction *transaction, Rule *rule,
if (rc <= 0) {
if (transaction) {
#ifndef NO_LOGS
transaction->debug(8, "Internal error during UTF-8 validation "
ms_dbg_a(transaction, 8, "Internal error during UTF-8 validation "
"at " + str + ". [offset \"" +
std::to_string(i) + "\"]");
#endif
logOffset(ruleMessage, i, str.size());
}
return true;

8
src/operators/verify_cc.cc
View File

@@ -145,16 +145,12 @@ bool VerifyCC::evaluate(Transaction *t, Rule *rule,
if (rule && t && rule->m_containsCaptureAction) {
t->m_collections.m_tx_collection->storeOrUpdateFirst(
"0", std::string(match));
#ifndef NO_LOGS
t->debug(7, "Added VerifyCC match TX.0: " + \
ms_dbg_a(t, 7, "Added VerifyCC match TX.0: " + \
std::string(match));
#endif
}
#ifndef NO_LOGS
t->debug(9, "CC# match \"" + m_param +
ms_dbg_a(t, 9, "CC# match \"" + m_param +
"\" at " + i + ". [offset " +
std::to_string(offset) + "]");
#endif
}
return true;
}

4
src/operators/verify_cpf.cc
View File

@@ -136,10 +136,8 @@ bool VerifyCPF::evaluate(Transaction *t, Rule *rule,
if (rule && t && rule->m_containsCaptureAction) {
t->m_collections.m_tx_collection->storeOrUpdateFirst(
"0", std::string(i.match));
#ifndef NO_LOGS
t->debug(7, "Added VerifyCPF match TX.0: " + \
ms_dbg_a(t, 7, "Added VerifyCPF match TX.0: " + \
std::string(i.match));
#endif
}
goto out;

4
src/operators/verify_ssn.cc
View File

@@ -127,10 +127,8 @@ bool VerifySSN::evaluate(Transaction *t, Rule *rule,
if (rule && t && rule->m_containsCaptureAction) {
t->m_collections.m_tx_collection->storeOrUpdateFirst(
"0", std::string(i.match));
#ifndef NO_LOGS
t->debug(7, "Added VerifySSN match TX.0: " + \
ms_dbg_a(t, 7, "Added VerifySSN match TX.0: " + \
std::string(i.match));
#endif
}
goto out;