From fc83a5d0f001eaa10c91164837bc1d9a32cfb7b3 Mon Sep 17 00:00:00 2001 From: florian-eichelberger Date: Tue, 30 May 2017 22:05:16 -0300 Subject: [PATCH] Enables sanitizing of json request bodies in the apache module for native log format --- apache2/msc_json.c | 5 +++++ apache2/msc_logging.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/apache2/msc_json.c b/apache2/msc_json.c index 0f9a4645..1909f9b5 100644 --- a/apache2/msc_json.c +++ b/apache2/msc_json.c @@ -16,6 +16,8 @@ #ifdef WITH_YAJL +char *base_offset=NULL; + int json_add_argument(modsec_rec *msr, const char *value, unsigned length) { msc_arg *arg = (msc_arg *) NULL; @@ -48,6 +50,8 @@ int json_add_argument(modsec_rec *msr, const char *value, unsigned length) */ arg->value = apr_pstrmemdup(msr->mp, value, length); arg->value_len = length; + arg->value_origin_len = length; + arg->value_origin_offset = value-base_offset; arg->origin = "JSON"; if (msr->txcfg->debuglog_level >= 9) { @@ -273,6 +277,7 @@ int json_init(modsec_rec *msr, char **error_msg) { int json_process_chunk(modsec_rec *msr, const char *buf, unsigned int size, char **error_msg) { if (error_msg == NULL) return -1; *error_msg = NULL; + base_offset=buf; /* Feed our parser and catch any errors */ msr->json->status = yajl_parse(msr->json->handle, buf, size); diff --git a/apache2/msc_logging.c b/apache2/msc_logging.c index c2274c7f..37abd723 100644 --- a/apache2/msc_logging.c +++ b/apache2/msc_logging.c @@ -878,7 +878,7 @@ void sec_audit_logger_json(modsec_rec *msr) { for(i = 0; i < tarr->nelts; i++) { msc_arg *arg = (msc_arg *)telts[i].val; if (arg->origin != NULL && - strcmp(arg->origin, "BODY") != 0) + ( strcmp(arg->origin, "BODY") != 0 && strcmp(arg->origin, "JSON") !=0) ) continue; if (last_offset == 0) { /* The first time we're here. */