owasp-modsecurity · victorhora · Oct 3, 2017 · Oct 6, 2017
diff --git a/headers/modsecurity/audit_log.h b/headers/modsecurity/audit_log.h
@@ -53,6 +53,12 @@ class AuditLog {
      RelevantOnlyAuditLogStatus
     };
 
+    enum AuditLogFormat {
+     NotSetAuditLogFormat,
+     JSONAuditLogFormat,
+     NativeAuditLogFormat
+    };
+
     enum AuditLogParts {
      /**
       * Audit log header (mandatory).
@@ -150,6 +156,7 @@ class AuditLog {
     bool setFilePath1(const std::basic_string<char>& path);
     bool setFilePath2(const std::basic_string<char>& path);
     bool setStorageDir(const std::basic_string<char>& path);
+    bool setFormat(AuditLogFormat fmt);
 
     int getDirectoryPermission();
     int getFilePermission();
@@ -186,6 +193,7 @@ class AuditLog {
         }
         return false;
     }
+    AuditLogFormat m_format;
 
  protected:
     int m_parts;
@@ -198,7 +206,7 @@ class AuditLog {
     int m_directoryPermission;
     int m_defaultDirectoryPermission = 0750;
 
- private:
+private:
     AuditLogStatus m_status;
 
     AuditLogType m_type;

diff --git a/headers/modsecurity/transaction.h b/headers/modsecurity/transaction.h
@@ -319,7 +319,8 @@ class Transaction : public TransactionAnchoredVariables {
         size_t offset);
 
     const char *getResponseBody();
-    int getResponseBodyLength();
+    size_t getResponseBodyLength();
+    size_t getRequestBodyLength();
 
 #ifndef NO_LOGS
     void debug(int, std::string);
@@ -612,7 +613,10 @@ int msc_process_uri(Transaction *transaction, const char *uri,
 const char *msc_get_response_body(Transaction *transaction);
 
 /** @ingroup ModSecurity_C_API */
-int msc_get_response_body_length(Transaction *transaction);
+size_t msc_get_response_body_length(Transaction *transaction);
+
+/** @ingroup ModSecurity_C_API */
+size_t msc_get_request_body_length(Transaction *transaction);
 
 /** @ingroup ModSecurity_C_API */
 void msc_transaction_cleanup(Transaction *transaction);

diff --git a/src/audit_log/audit_log.cc b/src/audit_log/audit_log.cc
@@ -59,6 +59,7 @@ AuditLog::AuditLog()
     m_parts(-1),
     m_status(NotSetLogStatus),
     m_type(NotSetAuditLogType),
+    m_format(NotSetAuditLogFormat),
     m_relevant(""),
     m_writer(NULL),
     m_refereceCount(1) { }
@@ -129,6 +130,10 @@ bool AuditLog::setFilePath2(const std::basic_string<char>& path) {
     return true;
 }
 
+bool AuditLog::setFormat(AuditLogFormat fmt) {
+    this->m_format = fmt;
+    return true;
+}
 
 int AuditLog::addParts(int parts, const std::string& new_parts) {
     PARTS_CONSTAINS('A', AAuditLogPart)
@@ -349,6 +354,10 @@ bool AuditLog::merge(AuditLog *from, std::string *error) {
         m_parts = from->m_parts;
     }
 
+    if (from->m_format != NotSetAuditLogFormat) {
+        m_format = from->m_format;
+    }
+
     return init(error);
 }
 

diff --git a/src/audit_log/writer/parallel.cc b/src/audit_log/writer/parallel.cc
@@ -103,12 +103,21 @@ bool Parallel::init(std::string *error) {
 
 bool Parallel::write(Transaction *transaction, int parts, std::string *error) {
     int fd;
-    std::string log = transaction->toJSON(parts);
+    std::string log;
     std::string fileName = logFilePath(&transaction->m_timeStamp,
         YearMonthDayDirectory | YearMonthDayAndTimeDirectory
         | YearMonthDayAndTimeFileName);
     bool ret;
 
+    if (transaction->m_rules->m_auditLog->m_format ==
+            audit_log::AuditLog::JSONAuditLogFormat) {
+        log = transaction->toJSON(parts);
+    } else {
+        std::string boundary;
+        generateBoundary(&boundary);
+        log = transaction->toOldAuditLogFormat(parts, "-" + boundary + "--");
+    }
+
     std::string logPath = m_audit->m_storage_dir;
     fileName = logPath + fileName + "-" + transaction->m_id;
 

diff --git a/src/audit_log/writer/parallel.h b/src/audit_log/writer/parallel.h
@@ -22,6 +22,7 @@
 #include "modsecurity/transaction.h"
 #include "modsecurity/audit_log.h"
 #include "src/utils/shared_files.h"
+#include "modsecurity/rules.h"
 
 #ifdef __cplusplus
 

diff --git a/src/audit_log/writer/serial.cc b/src/audit_log/writer/serial.cc
@@ -28,29 +28,22 @@ Serial::~Serial() {
 }
 
 
-void Serial::generateBoundary(std::string *boundary) {
-    static const char alphanum[] =
-        "0123456789"
-        "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-        "abcdefghijklmnopqrstuvwxyz";
-
-    for (int i = 0; i < SERIAL_AUDIT_LOG_BOUNDARY_LENGTH; ++i) {
-        boundary->append(1, alphanum[rand() % (sizeof(alphanum) - 1)]);
-    }
-}
-
-
 bool Serial::init(std::string *error) {
     return utils::SharedFiles::getInstance().open(m_audit->m_path1, error);
 }
 
 
 bool Serial::write(Transaction *transaction, int parts, std::string *error) {
-    std::string boundary;
     std::string msg;
 
-    generateBoundary(&boundary);
-    msg = transaction->toOldAuditLogFormat(parts, "-" + boundary + "--");
+    if (transaction->m_rules->m_auditLog->m_format ==
+            audit_log::AuditLog::JSONAuditLogFormat) {
+        msg = transaction->toJSON(parts);
+    } else {
+        std::string boundary;
+        generateBoundary(&boundary);
+        msg = transaction->toOldAuditLogFormat(parts, "-" + boundary + "--");
+    }
 
     return utils::SharedFiles::getInstance().write(m_audit->m_path1, msg,
         error);

diff --git a/src/audit_log/writer/serial.h b/src/audit_log/writer/serial.h
@@ -26,15 +26,14 @@
 #include "src/utils/shared_files.h"
 #include "modsecurity/transaction.h"
 #include "modsecurity/audit_log.h"
+#include "modsecurity/rules.h"
 
 #ifdef __cplusplus
 
 namespace modsecurity {
 namespace audit_log {
 namespace writer {
 
-#define SERIAL_AUDIT_LOG_BOUNDARY_LENGTH 8
-
 
 /** @ingroup ModSecurity_CPP_API */
 class Serial : public Writer {
@@ -49,7 +48,6 @@ class Serial : public Writer {
     bool write(Transaction *transaction, int parts,
         std::string *error) override;
 
-    void generateBoundary(std::string *boundary);
 };
 
 }  // namespace writer

diff --git a/src/audit_log/writer/writer.cc b/src/audit_log/writer/writer.cc
@@ -23,7 +23,16 @@ namespace modsecurity {
 namespace audit_log {
 namespace writer {
 
+void Writer::generateBoundary(std::string *boundary) {
+    static const char alphanum[] =
+        "0123456789"
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+        "abcdefghijklmnopqrstuvwxyz";
 
+    for (int i = 0; i < SERIAL_AUDIT_LOG_BOUNDARY_LENGTH; ++i) {
+        boundary->append(1, alphanum[rand() % (sizeof(alphanum) - 1)]);
+    }
+}
 
 }  // namespace writer
 }  // namespace audit_log

diff --git a/src/audit_log/writer/writer.h b/src/audit_log/writer/writer.h
@@ -31,13 +31,13 @@
 #include "modsecurity/transaction.h"
 #include "modsecurity/audit_log.h"
 
+#define SERIAL_AUDIT_LOG_BOUNDARY_LENGTH 8
 
 namespace modsecurity {
 namespace audit_log {
 namespace writer {
 
 
-
 /** @ingroup ModSecurity_CPP_API */
 class Writer {
  public:
@@ -51,6 +51,7 @@ class Writer {
     virtual bool write(Transaction *transaction, int parts,
         std::string *error) = 0;
 
+    void generateBoundary(std::string *boundary);
 
     void refCountIncrease() {
         m_refereceCount++;