Enables sanitizing of json request bodies in the apache module for native log format

This commit is contained in:
florian-eichelberger 2017-05-30 22:05:16 -03:00 committed by Felipe Zimmerle
parent 4ee1d9c179
commit f86de566d1
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
2 changed files with 6 additions and 1 deletions

View File

@ -16,6 +16,8 @@
#ifdef WITH_YAJL
char *base_offset=NULL;
int json_add_argument(modsec_rec *msr, const char *value, unsigned length)
{
msc_arg *arg = (msc_arg *) NULL;
@ -48,6 +50,8 @@ int json_add_argument(modsec_rec *msr, const char *value, unsigned length)
*/
arg->value = apr_pstrmemdup(msr->mp, value, length);
arg->value_len = length;
arg->value_origin_len = length;
arg->value_origin_offset = value-base_offset;
arg->origin = "JSON";
if (msr->txcfg->debuglog_level >= 9) {
@ -273,6 +277,7 @@ int json_init(modsec_rec *msr, char **error_msg) {
int json_process_chunk(modsec_rec *msr, const char *buf, unsigned int size, char **error_msg) {
if (error_msg == NULL) return -1;
*error_msg = NULL;
base_offset=buf;
/* Feed our parser and catch any errors */
msr->json->status = yajl_parse(msr->json->handle, buf, size);

View File

@ -878,7 +878,7 @@ void sec_audit_logger_json(modsec_rec *msr) {
for(i = 0; i < tarr->nelts; i++) {
msc_arg *arg = (msc_arg *)telts[i].val;
if (arg->origin != NULL &&
strcmp(arg->origin, "BODY") != 0)
( strcmp(arg->origin, "BODY") != 0 && strcmp(arg->origin, "JSON") !=0) )
continue;
if (last_offset == 0) { /* The first time we're here. */