-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
Copy pathrule_message.cc
98 lines (76 loc) · 3.27 KB
/
rule_message.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 - 2023 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address [email protected].
*
*/
#include "modsecurity/rule_message.h"
#include "modsecurity/rules_set.h"
#include "modsecurity/modsecurity.h"
#include "modsecurity/transaction.h"
#include "src/utils/string.h"
namespace modsecurity {
std::string RuleMessage::_details(const RuleMessage &rm) {
std::string msg;
msg.append(" [file \"" + rm.m_rule.getFileName() + "\"]");
msg.append(" [line \"" + std::to_string(rm.m_rule.getLineNumber()) + "\"]");
msg.append(" [id \"" + std::to_string(rm.m_rule.m_ruleId) + "\"]");
msg.append(" [rev \"" + utils::string::toHexIfNeeded(rm.m_rule.m_rev, true) + "\"]");
msg.append(" [msg \"" + rm.m_message + "\"]");
msg.append(" [data \"" + utils::string::toHexIfNeeded(utils::string::limitTo(200, rm.m_data), true) + "\"]");
msg.append(" [severity \"" +
std::to_string(rm.m_severity) + "\"]");
msg.append(" [ver \"" + utils::string::toHexIfNeeded(rm.m_rule.m_ver, true) + "\"]");
msg.append(" [maturity \"" + std::to_string(rm.m_rule.m_maturity) + "\"]");
msg.append(" [accuracy \"" + std::to_string(rm.m_rule.m_accuracy) + "\"]");
for (const auto &a : rm.m_tags) {
msg.append(" [tag \"" + utils::string::toHexIfNeeded(a, true) + "\"]");
}
msg.append(" [hostname \"" + rm.m_transaction.m_requestHostName \
+ "\"]");
msg.append(" [uri \"" + utils::string::limitTo(200, rm.m_transaction.m_uri_no_query_string_decoded) + "\"]");
msg.append(" [unique_id \"" + rm.m_transaction.m_id + "\"]");
msg.append(" [ref \"" + utils::string::limitTo(200, rm.m_reference) + "\"]");
return msg;
}
std::string RuleMessage::_errorLogTail(const RuleMessage &rm) {
std::string msg;
msg.append("[hostname \"" + rm.m_transaction.m_serverIpAddress + "\"]");
msg.append(" [uri \"" + utils::string::limitTo(200, rm.m_transaction.m_uri_no_query_string_decoded) + "\"]");
msg.append(" [unique_id \"" + rm.m_transaction.m_id + "\"]");
return msg;
}
std::string RuleMessage::log(const RuleMessage &rm, int props, int code) {
std::string msg("");
msg.reserve(2048);
if (props & ClientLogMessageInfo) {
msg.append("[client " + rm.m_transaction.m_clientIpAddress + "] ");
}
if (rm.m_isDisruptive) {
msg.append("ModSecurity: Access denied with code ");
if (code == -1) {
msg.append("%d");
} else {
msg.append(std::to_string(code));
}
msg.append(" (phase ");
msg.append(std::to_string(rm.getPhase()) + "). ");
} else {
msg.append("ModSecurity: Warning. ");
}
msg.append(rm.m_match);
msg.append(_details(rm));
if (props & ErrorLogTailLogMessageInfo) {
msg.append(" " + _errorLogTail(rm));
}
return modsecurity::utils::string::toHexIfNeeded(msg);
}
} // namespace modsecurity