Commit0c95a7a

p0pr0ck5

authored and

Felipe Zimmerle

committed

Clean up JSON rule writer

* Escape rule actionset metadata* Escape and truncate logdata* Lazily add actionset tags as an array* Add negated rule op_param* Add unparsed rule representation

1 parent8559399 commit0c95a7aCopy full SHA for 0c95a7a

File tree

1 file changed

+58

-6

lines changed

apache2
- msc_logging.c

1 file changed

+58

-6

lines changed

`‎apache2/msc_logging.c‎`

Lines changed: 58 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -539,26 +539,49 @@ static void format_performance_variables_json(modsec_rec *msr, yajl_gen g) {`
`539`	`539`	`* Write detailed information about a rule and its actionset into a JSON generator`
`540`	`540`	`*/`
`541`	`541`	`staticvoidwrite_rule_json(modsec_recmsr,constmsre_rulerule,yajl_geng) {`
`542`		`-intpresent=0;`
	`542`	`+constapr_array_header_t*tarr;`
	`543`	`+constapr_table_entry_t*telts;`
	`544`	`+intbeen_opened=0;`
	`545`	`+intk;`
`543`	`546`
`544`	`547`	`yajl_gen_map_open(g);`
`545`	`548`
`546`	`549`	`yajl_string(g,"actionset");`
`547`	`550`	`yajl_gen_map_open(g);`
`548`	`551`	`if (rule->actionset->id) {`
`549`		`-yajl_kv_string(g,"id",rule->actionset->id);`
	`552`	`+yajl_kv_string(g,"id",log_escape(msr->mp,rule->actionset->id));`
`550`	`553`	`}`
`551`	`554`	`if (rule->actionset->rev) {`
`552`		`-yajl_kv_string(g,"rev",rule->actionset->rev);`
	`555`	`+yajl_kv_string(g,"rev",log_escape(msr->mp,rule->actionset->rev));`
`553`	`556`	`}`
`554`	`557`	`if (rule->actionset->msg) {`
`555`		`-yajl_kv_string(g,"msg",rule->actionset->msg);`
	`558`	`+msc_stringvar= (msc_string)apr_palloc(msr->mp,sizeof(msc_string));`
	`559`	`+var->value= (char*)rule->actionset->msg;`
	`560`	`+var->value_len=strlen(rule->actionset->msg);`
	`561`	`+expand_macros(msr,var,NULL,msr->mp);`
	`562`	`+`
	`563`	`+yajl_kv_string(g,"msg",log_escape_ex(msr->mp,var->value,var->value_len));`
`556`	`564`	`}`
`557`	`565`	`if (rule->actionset->version) {`
`558`		`-yajl_kv_string(g,"version",rule->actionset->version);`
	`566`	`+yajl_kv_string(g,"version",log_escape(msr->mp,rule->actionset->version));`
`559`	`567`	`}`
`560`	`568`	`if (rule->actionset->logdata) {`
`561`		`-yajl_kv_string(g,"logdata",rule->actionset->logdata);`
	`569`	`+msc_stringvar= (msc_string)apr_pcalloc(msr->mp,sizeof(msc_string));`
	`570`	`+var->value= (char*)rule->actionset->logdata;`
	`571`	`+var->value_len=strlen(rule->actionset->logdata);`
	`572`	`+expand_macros(msr,var,NULL,msr->mp);`
	`573`	`+`
	`574`	`+charlogdata=apr_pstrdup(msr->mp,log_escape_hex(msr->mp, (unsignedchar)var->value,var->value_len));`
	`575`	`+`
	`576`	`+// if it is > 512 bytes, then truncate at 512 with ellipsis.`
	`577`	`+if (strlen(logdata)>515) {`
	`578`	`+logdata[512]='.';`
	`579`	`+logdata[513]='.';`
	`580`	`+logdata[514]='.';`
	`581`	`+logdata[515]='\0';`
	`582`	`+ }`
	`583`	`+`
	`584`	`+yajl_kv_string(g,"logdata",logdata);`
`562`	`585`	`}`
`563`	`586`	`if (rule->actionset->severity!=NOT_SET) {`
`564`	`587`	`yajl_kv_int(g,"severity",rule->actionset->severity);`
`@@ -576,13 +599,41 @@ static void write_rule_json(modsec_rec msr, const msre_rule rule, yajl_gen g)`
`576`	`599`	`if (rule->actionset->is_chained&& (rule->chain_starter==NULL)) {`
`577`	`600`	`yajl_kv_bool(g,"chain_starter",1);`
`578`	`601`	`}`
	`602`	`+`
	`603`	`+// tags, lazily opened`
	`604`	`+tarr=apr_table_elts(rule->actionset->actions);`
	`605`	`+telts= (constapr_table_entry_t*)tarr->elts;`
	`606`	`+for (k=0;k<tarr->nelts;k++) {`
	`607`	`+msre_actionaction= (msre_action)telts[k].val;`
	`608`	`+if (strcmp(telts[k].key,"tag")==0) {`
	`609`	`+if (been_opened==0) {`
	`610`	`+yajl_string(g,"tags");`
	`611`	`+yajl_gen_array_open(g);`
	`612`	`+been_opened=1;`
	`613`	`+ }`
	`614`	`+`
	`615`	`+// expand variables in the tag`
	`616`	`+msc_stringvar= (msc_string)apr_pcalloc(msr->mp,sizeof(msc_string));`
	`617`	`+var->value= (char*)action->param;`
	`618`	`+var->value_len=strlen(action->param);`
	`619`	`+expand_macros(msr,var,NULL,msr->mp);`
	`620`	`+`
	`621`	`+yajl_string(g,log_escape(msr->mp,var->value));`
	`622`	`+ }`
	`623`	`+ }`
	`624`	`+`
	`625`	`+if (been_opened==1) {`
	`626`	`+yajl_gen_array_close(g);`
	`627`	`+ }`
	`628`	`+`
`579`	`629`	`yajl_gen_map_close(g);`
`580`	`630`
`581`	`631`	`yajl_string(g,"operator");`
`582`	`632`	`yajl_gen_map_open(g);`
`583`	`633`	`yajl_kv_string(g,"operator",rule->op_name);`
`584`	`634`	`yajl_kv_string(g,"operator_param",rule->op_param);`
`585`	`635`	`yajl_kv_string(g,"target",rule->p1);`
	`636`	`+yajl_kv_bool(g,"negated",rule->op_negated);`
`586`	`637`	`yajl_gen_map_close(g);`
`587`	`638`
`588`	`639`	`yajl_string(g,"config");`
`@@ -591,6 +642,7 @@ static void write_rule_json(modsec_rec msr, const msre_rule rule, yajl_gen g)`
`591`	`642`	`yajl_kv_int(g,"line_num",rule->line_num);`
`592`	`643`	`yajl_gen_map_close(g);`
`593`	`644`
	`645`	`+yajl_kv_string(g,"unparsed",rule->unparsed);`
`594`	`646`	`yajl_kv_bool(g,"is_matched",chained_is_matched(msr,rule));`
`595`	`647`
`596`	`648`	`yajl_gen_map_close(g);`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit0c95a7a

File tree

1 file changed

1 file changed

`‎apache2/msc_logging.c‎`

0 commit comments