Skip to content

Commit 6529bc7

Browse files
airweenairween
committed
Set debug log message in every cases
1 parent 2999826 commit 6529bc7

1 file changed

Lines changed: 33 additions & 5 deletions

File tree

apache2/re_operators.c

Lines changed: 33 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2309,17 +2309,34 @@ static int msre_op_detectSQLi_execute(modsec_rec *msr, msre_rule *rule, msre_var
23092309

23102310
if (libinjection_evaluate(issqli)) {
23112311
switch(issqli) {
2312-
set_match_to_tx(msr, capture, fingerprint, 0);
23132312
case LIBINJECTION_RESULT_TRUE:
2313+
set_match_to_tx(msr, capture, fingerprint, 0);
23142314
*error_msg = apr_psprintf(msr->mp, "detected SQLi using libinjection with fingerprint '%s'",
23152315
fingerprint);
2316+
if (msr->txcfg->debuglog_level >= 9) {
2317+
msr_log(msr, 9, "ISSQL: libinjection fingerprint '%s' matched input '%s'",
2318+
fingerprint,
2319+
log_escape_ex(msr->mp, var->value, var->value_len));
2320+
}
23162321
break;
23172322
case LIBINJECTION_RESULT_ERROR:
2323+
set_match_to_tx(msr, capture, var->value, 0);
23182324
*error_msg = apr_psprintf(msr->mp, "libinjection parser error: '%s'",
23192325
var->value);
2326+
if (msr->txcfg->debuglog_level >= 9) {
2327+
msr_log(msr, 9, "ISSQL: libinjection's input '%s' caused a parser error",
2328+
log_escape_ex(msr->mp, var->value, var->value_len));
2329+
}
23202330
break;
23212331
default:
2322-
*error_msg = apr_psprintf(msr->mp, "unexpected libinjection result: %d", issqli);
2332+
set_match_to_tx(msr, capture, var->value, 0);
2333+
*error_msg = apr_psprintf(msr->mp, "unexpected libinjection result: (%d)", issqli);
2334+
if (msr->txcfg->debuglog_level >= 9) {
2335+
msr_log(msr, 9, "ISSQL: libinjection's input '%s' caused an unexpected result: (%d)",
2336+
log_escape_ex(msr->mp, var->value, var->value_len),
2337+
issqli);
2338+
}
2339+
break;
23232340
}
23242341
} else {
23252342
if (msr->txcfg->debuglog_level >= 9) {
@@ -2348,20 +2365,31 @@ static int msre_op_detectXSS_execute(modsec_rec *msr, msre_rule *rule, msre_var
23482365
capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;
23492366

23502367
if (libinjection_evaluate(is_xss)) {
2368+
set_match_to_tx(msr, capture, var->value, 0);
23512369
switch(is_xss) {
2352-
set_match_to_tx(msr, capture, var->value, 0);
23532370
case LIBINJECTION_RESULT_TRUE:
23542371
*error_msg = apr_psprintf(msr->mp, "detected XSS using libinjection.");
23552372
if (msr->txcfg->debuglog_level >= 9) {
2356-
msr_log(msr, 9, "IS_XSS: libinjection detected XSS.");
2373+
msr_log(msr, 9, "IS_XSS: libinjection detected XSS in input '%s'",
2374+
log_escape_ex(msr->mp, var->value, var->value_len));
23572375
}
23582376
break;
23592377
case LIBINJECTION_RESULT_ERROR:
23602378
*error_msg = apr_psprintf(msr->mp, "libinjection parser error: '%s'",
23612379
var->value);
2380+
if (msr->txcfg->debuglog_level >= 9) {
2381+
msr_log(msr, 9, "IS_XSS: libinjection's input '%s' caused a parser error",
2382+
log_escape_ex(msr->mp, var->value, var->value_len));
2383+
}
23622384
break;
23632385
default:
2364-
*error_msg = apr_psprintf(msr->mp, "unexpected libinjection result: %d", is_xss);
2386+
*error_msg = apr_psprintf(msr->mp, "unexpected libinjection result: (%d)", is_xss);
2387+
if (msr->txcfg->debuglog_level >= 9) {
2388+
msr_log(msr, 9, "IS_XSS: libinjection's input '%s' caused an unexpected result: (%d)",
2389+
log_escape_ex(msr->mp, var->value, var->value_len),
2390+
is_xss);
2391+
}
2392+
break;
23652393
}
23662394
} else {
23672395
if (msr->txcfg->debuglog_level >= 9) {

0 commit comments

Comments
 (0)