Commit a07ed61

authored

Merge pull request #3432 from szedenik-adam/auditlog-header

Add custom leading text to audit log lines

2 parents f9f4011 + 4e2788e commit a07ed61Copy full SHA for a07ed61

File tree

12 files changed

+6159

-6031

lines changed

headers/modsecurity
- audit_log.h
- transaction.h
src
- audit_log
  - audit_log.cc
  - writer
    - parallel.cc
    - serial.cc
- parser
- transaction.cc
test/test-cases/regression
- auditlog.json

12 files changed

+6159

-6031

lines changed

`‎headers/modsecurity/audit_log.h‎`

Lines changed: 21 additions & 19 deletions

Original file line number	Diff line number	Diff line change
`@@ -153,17 +153,18 @@ class AuditLog {`
`153`	`153`	`bool setStorageDirMode(int permission);`
`154`	`154`	`bool setFileMode(int permission);`
`155`	`155`	`bool setStatus(AuditLogStatus new_status);`
`156`		`- bool setRelevantStatus(const std::basic_string<char>& new_relevant_status);`
`157`		`- bool setFilePath1(const std::basic_string<char>& path);`
`158`		`- bool setFilePath2(const std::basic_string<char>& path);`
`159`		`- bool setStorageDir(const std::basic_string<char>& path);`
	`156`	`+ bool setRelevantStatus(std::string_view new_relevant_status);`
	`157`	`+ bool setFilePath1(std::string_view path);`
	`158`	`+ bool setFilePath2(std::string_view path);`
	`159`	`+ bool setStorageDir(std::string_view path);`
	`160`	`+ bool setPrefix(std::string_view prefix);`
`160`	`161`	`bool setFormat(AuditLogFormat fmt);`
`161`	`162`
`162`	`163`	`int getDirectoryPermission() const;`
`163`	`164`	`int getFilePermission() const;`
`164`	`165`	`int getParts() const;`
`165`	`166`
`166`		`- bool setParts(conststd::basic_string<char>& new_parts);`
	`167`	`+ bool setParts(std::string_view new_parts);`
`167`	`168`	`bool setType(AuditLogType audit_type);`
`168`	`169`
`169`	`170`	`bool init(std::string *error);`
`@@ -173,40 +174,41 @@ class AuditLog {`
`173`	`174`	`bool saveIfRelevant(Transaction *transaction, int parts);`
`174`	`175`	`bool isRelevant(int status);`
`175`	`176`
`176`		`- static int addParts(int parts, conststd::string& new_parts);`
`177`		`- static int removeParts(int parts, conststd::string& new_parts);`
	`177`	`+ static int addParts(int parts, std::string_view new_parts);`
	`178`	`+ static int removeParts(int parts, std::string_view new_parts);`
`178`	`179`
`179`	`180`	`void setCtlAuditEngineActive() {`
`180`	`181`	`m_ctlAuditEngineActive = true;`
`181`	`182`	`}`
`182`	`183`
`183`	`184`	`bool merge(AuditLog from, std::string error);`
`184`	`185`
`185`		`- std::string m_path1;`
`186`		`- std::string m_path2;`
`187`		`- std::string m_storage_dir;`
	`186`	`+ std::string m_path1 = std::string("");`
	`187`	`+ std::string m_path2 = std::string("");`
	`188`	`+ std::string m_storage_dir = std::string("");`
	`189`	`+ std::string m_prefix = std::string("");`
`188`	`190`
`189`		`- AuditLogFormat m_format;`
	`191`	`+ AuditLogFormat m_format = NotSetAuditLogFormat;`
`190`	`192`
`191`	`193`	`protected:`
`192`		`- int m_parts;`
	`194`	`+ int m_parts = -1;`
`193`	`195`	`int m_defaultParts = AAuditLogPart \| BAuditLogPart \| CAuditLogPart`
`194`	`196`	`\| FAuditLogPart \| HAuditLogPart \| ZAuditLogPart;`
`195`	`197`
`196`		`- int m_filePermission;`
	`198`	`+ int m_filePermission = -1;`
`197`	`199`	`int m_defaultFilePermission = 0640;`
`198`	`200`
`199`		`- int m_directoryPermission;`
	`201`	`+ int m_directoryPermission = -1;`
`200`	`202`	`int m_defaultDirectoryPermission = 0750;`
`201`	`203`
`202`	`204`	`private:`
`203`		`- AuditLogStatus m_status;`
	`205`	`+ AuditLogStatus m_status = NotSetLogStatus;`
`204`	`206`
`205`		`- AuditLogType m_type;`
`206`		`- std::string m_relevant;`
	`207`	`+ AuditLogType m_type = NotSetAuditLogType;`
	`208`	`+ std::string m_relevant = std::string("");`
`207`	`209`
`208`		`- audit_log::writer::Writer *m_writer;`
`209`		`- bool m_ctlAuditEngineActive; // rules have at least one action On or RelevantOnly`
	`210`	`+ audit_log::writer::Writer *m_writer = nullptr;`
	`211`	`+ bool m_ctlAuditEngineActive = false; // rules have at least one action On or RelevantOnly`
`210`	`212`	`};`
`211`	`213`
`212`	`214`

`‎headers/modsecurity/transaction.h‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -411,7 +411,7 @@ class Transaction : public TransactionAnchoredVariables, public TransactionSecMa`
`411`	`411`	`int getRuleEngineState() const;`
`412`	`412`
`413`	`413`	`std::string toJSON(int parts);`
`414`		`- std::string toOldAuditLogFormat(int parts, const std::string &trailer);`
	`414`	`+ std::string toOldAuditLogFormat(int parts, const std::string &trailer, const std::string &header);`
`415`	`415`	`std::string toOldAuditLogFormatIndex(const std::string &filename,`
`416`	`416`	`double size, const std::string &md5);`
`417`	`417`

`‎src/audit_log/audit_log.cc‎`

Lines changed: 20 additions & 25 deletions

Original file line number	Diff line number	Diff line change
`@@ -51,25 +51,13 @@ namespace modsecurity {`
`51`	`51`	`namespace audit_log {`
`52`	`52`
`53`	`53`
`54`		`-AuditLog::AuditLog()`
`55`		`- : m_path1(""),`
`56`		`- m_path2(""),`
`57`		`- m_storage_dir(""),`
`58`		`- m_format(NotSetAuditLogFormat),`
`59`		`- m_parts(-1),`
`60`		`- m_filePermission(-1),`
`61`		`- m_directoryPermission(-1),`
`62`		`- m_status(NotSetLogStatus),`
`63`		`- m_type(NotSetAuditLogType),`
`64`		`- m_relevant(""),`
`65`		`- m_writer(NULL),`
`66`		`- m_ctlAuditEngineActive(false) { }`
	`54`	`+AuditLog::AuditLog() = default;`
`67`	`55`
`68`	`56`
`69`	`57`	`AuditLog::~AuditLog() {`
`70`	`58`	`if (m_writer) {`
`71`	`59`	`delete m_writer;`
`72`		`- m_writer = NULL;`
	`60`	`+ m_writer = nullptr;`
`73`	`61`	`}`
`74`	`62`	`}`
`75`	`63`
`@@ -108,35 +96,42 @@ bool AuditLog::setStatus(AuditLogStatus status) {`
`108`	`96`	`}`
`109`	`97`
`110`	`98`
`111`		`-bool AuditLog::setRelevantStatus(conststd::basic_string<char>& status) {`
	`99`	`+bool AuditLog::setRelevantStatus(std::string_view status) {`
`112`	`100`	`this->m_relevant = std::string(status);`
`113`	`101`	`return true;`
`114`	`102`	`}`
`115`	`103`
`116`	`104`
`117`		`-bool AuditLog::setStorageDir(conststd::basic_string<char>& path) {`
	`105`	`+bool AuditLog::setStorageDir(std::string_view path) {`
`118`	`106`	`this->m_storage_dir = path;`
`119`	`107`	`return true;`
`120`	`108`	`}`
`121`	`109`
`122`	`110`
`123`		`-bool AuditLog::setFilePath1(conststd::basic_string<char>& path) {`
	`111`	`+bool AuditLog::setFilePath1(std::string_view path) {`
`124`	`112`	`this->m_path1 = path;`
`125`	`113`	`return true;`
`126`	`114`	`}`
`127`	`115`
`128`	`116`
`129`		`-bool AuditLog::setFilePath2(conststd::basic_string<char>& path) {`
	`117`	`+bool AuditLog::setFilePath2(std::string_view path) {`
`130`	`118`	`this->m_path2 = path;`
`131`	`119`	`return true;`
`132`	`120`	`}`
`133`	`121`
	`122`	`+`
	`123`	`+bool AuditLog::setPrefix(std::string_view prefix) {`
	`124`	`+ this->m_prefix = prefix;`
	`125`	`+ return true;`
	`126`	`+}`
	`127`	`+`
	`128`	`+`
`134`	`129`	`bool AuditLog::setFormat(AuditLogFormat fmt) {`
`135`	`130`	`this->m_format = fmt;`
`136`	`131`	`return true;`
`137`	`132`	`}`
`138`	`133`
`139`		`-int AuditLog::addParts(int parts, conststd::string& new_parts) {`
	`134`	`+int AuditLog::addParts(int parts, std::string_view new_parts) {`
`140`	`135`	`PARTS_CONSTAINS('A', AAuditLogPart)`
`141`	`136`	`PARTS_CONSTAINS('B', BAuditLogPart)`
`142`	`137`	`PARTS_CONSTAINS('C', CAuditLogPart)`
`@@ -154,7 +149,7 @@ int AuditLog::addParts(int parts, const std::string& new_parts) {`
`154`	`149`	`}`
`155`	`150`
`156`	`151`
`157`		`-int AuditLog::removeParts(int parts, conststd::string& new_parts) {`
	`152`	`+int AuditLog::removeParts(int parts, std::string_view new_parts) {`
`158`	`153`	`PARTS_CONSTAINS_REM('A', AAuditLogPart)`
`159`	`154`	`PARTS_CONSTAINS_REM('B', BAuditLogPart)`
`160`	`155`	`PARTS_CONSTAINS_REM('C', CAuditLogPart)`
`@@ -172,7 +167,7 @@ int AuditLog::removeParts(int parts, const std::string& new_parts) {`
`172`	`167`	`}`
`173`	`168`
`174`	`169`
`175`		`-bool AuditLog::setParts(conststd::basic_string<char>& new_parts) {`
	`170`	`+bool AuditLog::setParts(std::string_view new_parts) {`
`176`	`171`	`int parts = 0;`
`177`	`172`
`178`	`173`	`PARTS_CONSTAINS('A', AAuditLogPart)`
`@@ -208,15 +203,14 @@ bool AuditLog::setType(AuditLogType audit_type) {`
`208`	`203`	`}`
`209`	`204`
`210`	`205`
`211`		`-`
`212`	`206`	`bool AuditLog::init(std::string *error) {`
`213`	`207`	`audit_log::writer::Writer *tmp_writer;`
`214`	`208`
`215`	`209`	`if ((m_status == OffAuditLogStatus \|\| m_status == NotSetLogStatus)`
`216`	`210`	`&& !m_ctlAuditEngineActive) {`
`217`	`211`	`if (m_writer) {`
`218`	`212`	`delete m_writer;`
`219`		`- m_writer = NULL;`
	`213`	`+ m_writer = nullptr;`
`220`	`214`	`}`
`221`	`215`	`return true;`
`222`	`216`	`}`
`@@ -234,7 +228,7 @@ bool AuditLog::init(std::string *error) {`
`234`	`228`	`tmp_writer = new audit_log::writer::Serial(this);`
`235`	`229`	`}`
`236`	`230`
`237`		`- if (tmp_writer == NULL) {`
	`231`	`+ if (tmp_writer == nullptr) {`
`238`	`232`	`error->assign("Writer memory alloc failed!");`
`239`	`233`	`return false;`
`240`	`234`	`}`
`@@ -312,7 +306,7 @@ bool AuditLog::saveIfRelevant(Transaction *transaction, int parts) {`
`312`	`306`	`}`
`313`	`307`	`ms_dbg_a(transaction, 5, "Saving this request as part " \`
`314`	`308`	`"of the audit logs.");`
`315`		`- if (m_writer == NULL) {`
	`309`	`+ if (m_writer == nullptr) {`
`316`	`310`	`ms_dbg_a(transaction, 1, "Internal error, audit log writer is null");`
`317`	`311`	`} else {`
`318`	`312`	`std::string error;`
`@@ -337,6 +331,7 @@ bool AuditLog::merge(AuditLog from, std::string error) {`
`337`	`331`	`AL_MERGE_STRING_CONF(from->m_path2, m_path2);`
`338`	`332`	`AL_MERGE_STRING_CONF(from->m_storage_dir, m_storage_dir);`
`339`	`333`	`AL_MERGE_STRING_CONF(from->m_relevant, m_relevant);`
	`334`	`+ AL_MERGE_STRING_CONF(from->m_prefix, m_prefix);`
`340`	`335`
`341`	`336`	`if (from->m_filePermission != -1) {`
`342`	`337`	`m_filePermission = from->m_filePermission;`

`‎src/audit_log/writer/parallel.cc‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -119,7 +119,7 @@ bool Parallel::write(Transaction transaction, int parts, std::string error) {`
`119`	`119`	`} else {`
`120`	`120`	`std::string boundary;`
`121`	`121`	`generateBoundary(&boundary);`
`122`		`- log = transaction->toOldAuditLogFormat(parts, "-" + boundary + "--");`
	`122`	`+ log = transaction->toOldAuditLogFormat(parts, "-" + boundary + "--", m_audit->m_prefix);`
`123`	`123`	`}`
`124`	`124`
`125`	`125`	`const auto &logPath = m_audit->m_storage_dir;`

`‎src/audit_log/writer/serial.cc‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ bool Serial::write(Transaction transaction, int parts, std::string error) {`
`42`	`42`	`} else {`
`43`	`43`	`std::string boundary;`
`44`	`44`	`generateBoundary(&boundary);`
`45`		`- msg = transaction->toOldAuditLogFormat(parts, "-" + boundary + "--");`
	`45`	`+ msg = transaction->toOldAuditLogFormat(parts, "-" + boundary + "--", m_audit->m_prefix);`
`46`	`46`	`}`
`47`	`47`
`48`	`48`	`return utils::SharedFiles::getInstance().write(m_audit->m_path1, msg,`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit a07ed61

File tree

12 files changed

12 files changed

`‎headers/modsecurity/audit_log.h‎`

`‎headers/modsecurity/transaction.h‎`

`‎src/audit_log/audit_log.cc‎`

`‎src/audit_log/writer/parallel.cc‎`

`‎src/audit_log/writer/serial.cc‎`

0 commit comments