Merge pull request #3432 from szedenik-adam/auditlog-header

Add custom leading text to audit log lines

Author: airween

headers/modsecurity/audit_log.h

@@ -153,17 +153,18 @@ class AuditLog {
     bool setStorageDirMode(int permission);
     bool setFileMode(int permission);
     bool setStatus(AuditLogStatus new_status);
-    bool setRelevantStatus(const std::basic_string<char>& new_relevant_status);
-    bool setFilePath1(const std::basic_string<char>& path);
-    bool setFilePath2(const std::basic_string<char>& path);
-    bool setStorageDir(const std::basic_string<char>& path);
+    bool setRelevantStatus(std::string_view new_relevant_status);
+    bool setFilePath1(std::string_view path);
+    bool setFilePath2(std::string_view path);
+    bool setStorageDir(std::string_view path);
+    bool setPrefix(std::string_view prefix);
     bool setFormat(AuditLogFormat fmt);
 
     int getDirectoryPermission() const;
     int getFilePermission() const;
     int getParts() const;
 
-    bool setParts(const std::basic_string<char>& new_parts);
+    bool setParts(std::string_view new_parts);
     bool setType(AuditLogType audit_type);
 
     bool init(std::string *error);
@@ -173,40 +174,41 @@ class AuditLog {
     bool saveIfRelevant(Transaction *transaction, int parts);
     bool isRelevant(int status);
 
-    static int addParts(int parts, const std::string& new_parts);
-    static int removeParts(int parts, const std::string& new_parts);
+    static int addParts(int parts, std::string_view new_parts);
+    static int removeParts(int parts, std::string_view new_parts);
 
     void setCtlAuditEngineActive() {
         m_ctlAuditEngineActive = true;
     }
 
     bool merge(AuditLog *from, std::string *error);
 
-    std::string m_path1;
-    std::string m_path2;
-    std::string m_storage_dir;
+    std::string m_path1 = std::string("");
+    std::string m_path2 = std::string("");
+    std::string m_storage_dir = std::string("");
+    std::string m_prefix = std::string("");
 
-    AuditLogFormat m_format;
+    AuditLogFormat m_format = NotSetAuditLogFormat;
 
  protected:
-    int m_parts;
+    int m_parts = -1;
     int m_defaultParts = AAuditLogPart | BAuditLogPart | CAuditLogPart
         | FAuditLogPart | HAuditLogPart | ZAuditLogPart;
 
-    int m_filePermission;
+    int m_filePermission = -1;
     int m_defaultFilePermission = 0640;
 
-    int m_directoryPermission;
+    int m_directoryPermission = -1;
     int m_defaultDirectoryPermission = 0750;
 
  private:
-    AuditLogStatus m_status;
+    AuditLogStatus m_status = NotSetLogStatus;
 
-    AuditLogType m_type;
-    std::string m_relevant;
+    AuditLogType m_type = NotSetAuditLogType;
+    std::string m_relevant = std::string("");
 
-    audit_log::writer::Writer *m_writer;
-    bool m_ctlAuditEngineActive; // rules have at least one action On or RelevantOnly
+    audit_log::writer::Writer *m_writer = nullptr;
+    bool m_ctlAuditEngineActive = false; // rules have at least one action On or RelevantOnly
 };
 
 

headers/modsecurity/transaction.h

@@ -411,7 +411,7 @@ class Transaction : public TransactionAnchoredVariables, public TransactionSecMa
     int getRuleEngineState() const;
 
     std::string toJSON(int parts);
-    std::string toOldAuditLogFormat(int parts, const std::string &trailer);
+    std::string toOldAuditLogFormat(int parts, const std::string &trailer, const std::string &header);
     std::string toOldAuditLogFormatIndex(const std::string &filename,
         double size, const std::string &md5);
 

src/audit_log/audit_log.cc

@@ -51,25 +51,13 @@ namespace modsecurity {
 namespace audit_log {
 
 
-AuditLog::AuditLog()
-    : m_path1(""),
-    m_path2(""),
-    m_storage_dir(""),
-    m_format(NotSetAuditLogFormat),
-    m_parts(-1),
-    m_filePermission(-1),
-    m_directoryPermission(-1),
-    m_status(NotSetLogStatus),
-    m_type(NotSetAuditLogType),
-    m_relevant(""),
-    m_writer(NULL),
-    m_ctlAuditEngineActive(false) { }
+AuditLog::AuditLog() = default;
 
 
 AuditLog::~AuditLog() {
     if (m_writer) {
         delete m_writer;
-        m_writer = NULL;
+        m_writer = nullptr;
     }
 }
 
@@ -108,35 +96,42 @@ bool AuditLog::setStatus(AuditLogStatus status) {
 }
 
 
-bool AuditLog::setRelevantStatus(const std::basic_string<char>& status) {
+bool AuditLog::setRelevantStatus(std::string_view status) {
     this->m_relevant = std::string(status);
     return true;
 }
 
 
-bool AuditLog::setStorageDir(const std::basic_string<char>& path) {
+bool AuditLog::setStorageDir(std::string_view path) {
     this->m_storage_dir = path;
     return true;
 }
 
 
-bool AuditLog::setFilePath1(const std::basic_string<char>& path) {
+bool AuditLog::setFilePath1(std::string_view path) {
     this->m_path1 = path;
     return true;
 }
 
 
-bool AuditLog::setFilePath2(const std::basic_string<char>& path) {
+bool AuditLog::setFilePath2(std::string_view path) {
     this->m_path2 = path;
     return true;
 }
 
+
+bool AuditLog::setPrefix(std::string_view prefix) {
+    this->m_prefix = prefix;
+    return true;
+}
+
+
 bool AuditLog::setFormat(AuditLogFormat fmt) {
     this->m_format = fmt;
     return true;
 }
 
-int AuditLog::addParts(int parts, const std::string& new_parts) {
+int AuditLog::addParts(int parts, std::string_view new_parts) {
     PARTS_CONSTAINS('A', AAuditLogPart)
     PARTS_CONSTAINS('B', BAuditLogPart)
     PARTS_CONSTAINS('C', CAuditLogPart)
@@ -154,7 +149,7 @@ int AuditLog::addParts(int parts, const std::string& new_parts) {
 }
 
 
-int AuditLog::removeParts(int parts, const std::string& new_parts) {
+int AuditLog::removeParts(int parts, std::string_view new_parts) {
     PARTS_CONSTAINS_REM('A', AAuditLogPart)
     PARTS_CONSTAINS_REM('B', BAuditLogPart)
     PARTS_CONSTAINS_REM('C', CAuditLogPart)
@@ -172,7 +167,7 @@ int AuditLog::removeParts(int parts, const std::string& new_parts) {
 }
 
 
-bool AuditLog::setParts(const std::basic_string<char>& new_parts) {
+bool AuditLog::setParts(std::string_view new_parts) {
     int parts = 0;
 
     PARTS_CONSTAINS('A', AAuditLogPart)
@@ -208,15 +203,14 @@ bool AuditLog::setType(AuditLogType audit_type) {
 }
 
 
-
 bool AuditLog::init(std::string *error) {
     audit_log::writer::Writer *tmp_writer;
 
     if ((m_status == OffAuditLogStatus || m_status == NotSetLogStatus)
         && !m_ctlAuditEngineActive) {
         if (m_writer) {
             delete m_writer;
-            m_writer = NULL;
+            m_writer = nullptr;
         }
         return true;
     }
@@ -234,7 +228,7 @@ bool AuditLog::init(std::string *error) {
         tmp_writer = new audit_log::writer::Serial(this);
     }
 
-    if (tmp_writer == NULL) {
+    if (tmp_writer == nullptr) {
         error->assign("Writer memory alloc failed!");
         return false;
     }
@@ -312,7 +306,7 @@ bool AuditLog::saveIfRelevant(Transaction *transaction, int parts) {
     }
     ms_dbg_a(transaction, 5, "Saving this request as part " \
             "of the audit logs.");
-    if (m_writer == NULL) {
+    if (m_writer == nullptr) {
         ms_dbg_a(transaction, 1, "Internal error, audit log writer is null");
     } else {
         std::string error;
@@ -337,6 +331,7 @@ bool AuditLog::merge(AuditLog *from, std::string *error) {
     AL_MERGE_STRING_CONF(from->m_path2, m_path2);
     AL_MERGE_STRING_CONF(from->m_storage_dir, m_storage_dir);
     AL_MERGE_STRING_CONF(from->m_relevant, m_relevant);
+    AL_MERGE_STRING_CONF(from->m_prefix, m_prefix);
 
     if (from->m_filePermission != -1) {
         m_filePermission = from->m_filePermission;

src/audit_log/writer/parallel.cc

@@ -119,7 +119,7 @@ bool Parallel::write(Transaction *transaction, int parts, std::string *error) {
     } else {
         std::string boundary;
         generateBoundary(&boundary);
-        log = transaction->toOldAuditLogFormat(parts, "-" + boundary + "--");
+        log = transaction->toOldAuditLogFormat(parts, "-" + boundary + "--", m_audit->m_prefix);
     }
 
     const auto &logPath = m_audit->m_storage_dir;

src/audit_log/writer/serial.cc

@@ -42,7 +42,7 @@ bool Serial::write(Transaction *transaction, int parts, std::string *error) {
     } else {
         std::string boundary;
         generateBoundary(&boundary);
-        msg = transaction->toOldAuditLogFormat(parts, "-" + boundary + "--");
+        msg = transaction->toOldAuditLogFormat(parts, "-" + boundary + "--", m_audit->m_prefix);
     }
 
     return utils::SharedFiles::getInstance().write(m_audit->m_path1, msg,