Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit8559399

Browse files
p0pr0ck5Felipe Zimmerle
authored and
Felipe Zimmerle
committed
Update JSON structure for matched rules
Create a separate map for each matched rule chain,making it easier to identify chains in which only a portionof rules actually matched.
1 parent7a39b4b commit8559399

File tree

1 file changed

+22
-0
lines changed

1 file changed

+22
-0
lines changed

‎apache2/msc_logging.c‎

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1326,6 +1326,15 @@ void sec_audit_logger_json(modsec_rec *msr) {
13261326
for(i=0;i<msr->matched_rules->nelts;i++) {
13271327
rule= ((msre_rule**)msr->matched_rules->elts)[i];
13281328
if ((rule!=NULL)&& (rule->actionset!=NULL)&&rule->actionset->is_chained&& (rule->chain_starter==NULL)) {
1329+
/*
1330+
* create a separate map for each rule chain
1331+
* this makes it a lot easier to search for partial chains
1332+
*/
1333+
yajl_gen_map_open(g);// map for this chain
1334+
yajl_kv_bool(g,"chain",1);
1335+
yajl_string(g,"rules");
1336+
yajl_gen_array_open(g);// array for the rules
1337+
13291338
write_rule_json(msr,rule,g);
13301339
do {
13311340
if (rule->ruleset!=NULL) {
@@ -1344,10 +1353,23 @@ void sec_audit_logger_json(modsec_rec *msr) {
13441353
}
13451354
rule=next_rule;
13461355
}while (rule!=NULL&&rule->actionset!=NULL&&rule->actionset->is_chained);
1356+
yajl_gen_array_close(g);
1357+
1358+
yajl_kv_bool(g,"full_chain_match",present);// if one of the rules didnt match, present is set to 0
1359+
yajl_gen_map_close(g);// close the map for this chain
13471360
}else {
1361+
yajl_gen_map_open(g);
1362+
1363+
yajl_kv_bool(g,"chain",0);
1364+
yajl_string(g,"rules");// this really should be 'rule', but we're keeping in line with other chain maps
1365+
1366+
yajl_gen_array_open(g);
13481367
if ((rule!=NULL)&& (rule->actionset!=NULL)&& !rule->actionset->is_chained&& (rule->chain_starter==NULL)) {
13491368
write_rule_json(msr,rule,g);
13501369
}
1370+
yajl_gen_array_close(g);
1371+
1372+
yajl_gen_map_close(g);
13511373
}
13521374
}
13531375
yajl_gen_array_close(g);// matched_rules top-level key is finished

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp