From af8fbdae722df8b04c1689848f7bd96a16a4e085 Mon Sep 17 00:00:00 2001
From: Tomasz Sowa <t.sowa@ttmath.org>
Date: Mon, 6 Jun 2011 22:47:34 +0000
Subject: [PATCH] added:   now winix will not log post parameters with 'pass'
 in names (at the beginning) changed: only first few characters are logged
 (from POST)

git-svn-id: svn://ttmath.org/publicrep/winix/trunk@733 e52654a7-88a9-db11-a3e9-0013d4bc506e
---
 core/app.cpp             | 10 +++++-----
 core/config.cpp          |  3 ++-
 core/config.h            |  5 +++++
 core/log.cpp             | 13 +++++++++++-
 core/log.h               | 27 +++++++++++++++++++++++--
 core/misc.cpp            |  7 ++++++-
 core/misc.h              |  4 +++-
 core/postmultiparser.cpp | 20 ++++++-------------
 core/postparser.h        | 43 +++++++++++++++++++++++++++++++---------
 main/main.cpp            |  2 +-
 10 files changed, 99 insertions(+), 35 deletions(-)

diff --git a/core/app.cpp b/core/app.cpp
index a7670c4..d99395e 100755
--- a/core/app.cpp
+++ b/core/app.cpp
@@ -152,6 +152,11 @@ bool App::Init()
 
 	CreateStaticTree();
 
+	get_parser.UTF8(config.utf8);
+	post_parser.UTF8(config.utf8);
+	post_parser.LogValueSize(config.log_post_value_size);
+	// post_multi_parser has a pointer to the config
+
 	plugin.Call(WINIX_PLUGIN_INIT);
 
 return true;
@@ -469,7 +474,6 @@ void App::LogAccess()
 void App::ReadGetPostVars()
 {
 	// get parameters we have always
-	get_parser.UTF8(config.utf8);
 	get_parser.Parse(cur.request->env_request_uri, cur.request->get_tab);		
 	
 	if( cur.request->method == Request::post )
@@ -477,14 +481,10 @@ void App::ReadGetPostVars()
 		if( IsSubStringNoCase("multipart/form-data", cur.request->env_content_type) )
 		{
 			log << log3 << "Request: post content type: multipart/form-data" << logend;
-			// !! dodac metode UTF8 do post_multi_parsera
-			// (narazie bierze bezposrednio z konfigu)
-			// w ogole wywalic zaleznosc od konfiga
 			post_multi_parser.Parse(fcgi_request.in, cur.request->post_tab, cur.request->post_file_tab);
 		}
 		else
 		{
-			post_parser.UTF8(config.utf8);
 			post_parser.Parse(fcgi_request.in, cur.request->post_tab);
 		}
 	}
diff --git a/core/config.cpp b/core/config.cpp
index de9ff5b..840f3ba 100755
--- a/core/config.cpp
+++ b/core/config.cpp
@@ -109,7 +109,8 @@ void Config::AssignValues(bool stdout_is_closed)
 	log_stdout        = Bool(L"log_stdout", false);
 	log_db_query      = Bool(L"log_db_query", false);
 	log_plugin_call   = Bool(L"log_plugin_call", false);
-	
+	log_post_value_size = Size(L"log_post_value_size", 80);
+
 	post_file_max      = Size(L"post_file_max", 8388608); // 8 MB
 	upload_dir         = Text(L"upload_dir");
 	upload_dirs_chmod  = Int(L"upload_dirs_chmod", 0750);
diff --git a/core/config.h b/core/config.h
index ae2d969..05671ff 100755
--- a/core/config.h
+++ b/core/config.h
@@ -72,6 +72,11 @@ public:
 	// default: false
 	bool log_plugin_call;
 
+	// how many characters in values should be logged from POST parameters
+	// default: 80
+	// set to 0 to turn off
+	size_t log_post_value_size;
+
 	// request delimiter in the log file, default "---------"
 	std::wstring log_delimiter;
 
diff --git a/core/log.cpp b/core/log.cpp
index ad8e73f..c8e8b22 100755
--- a/core/log.cpp
+++ b/core/log.cpp
@@ -2,7 +2,7 @@
  * This file is a part of Winix
  * and is not publicly distributed
  * 
- * Copyright (c) 2008-2010, Tomasz Sowa
+ * Copyright (c) 2008-2011, Tomasz Sowa
  * All rights reserved.
  * 
  */
@@ -199,6 +199,16 @@ Log & Log::operator<<(char s)
 }
 
 
+Log & Log::operator<<(wchar_t s)
+{
+	if( current_level <= log_level )
+	{
+		buffer << s;
+	}
+
+    return *this;
+}
+
 
 Log & Log::operator<<(size_t s)
 {
@@ -269,6 +279,7 @@ return *this;
 }
 
 
+
 void Log::SystemErr(int err)
 {
 	(*this) << "errno: " << err;
diff --git a/core/log.h b/core/log.h
index c99a192..705a54b 100755
--- a/core/log.h
+++ b/core/log.h
@@ -2,7 +2,7 @@
  * This file is a part of Winix
  * and is not publicly distributed
  * 
- * Copyright (c) 2008-2010, Tomasz Sowa
+ * Copyright (c) 2008-2011, Tomasz Sowa
  * All rights reserved.
  * 
  */
@@ -48,10 +48,14 @@ public:
 	Log & operator<<(int s);
 	Log & operator<<(long s);
 	Log & operator<<(char s);
+	Log & operator<<(wchar_t s);
 	Log & operator<<(size_t s);
 	Log & operator<<(double s);
 	Log & operator<<(Manipulators m);
-	
+
+	template<class StringType>
+	void LogString(const StringType & value, size_t max_size);
+
 	void SystemErr(int err);
 	void SaveLog();
 	void SaveLogAndClear();
@@ -100,6 +104,25 @@ private:
 
 
 
+template<class StringType>
+void Log::LogString(const StringType & value, size_t max_size)
+{
+size_t min_size = value.size() < max_size ? value.size() : max_size;
+	
+	if( current_level <= log_level )
+	{
+		for(size_t i=0 ; i<min_size ; ++i)
+		{
+			if( value[i] < 32 )
+				buffer << '.';
+			else
+				buffer << value[i];
+		}
+	}
+}
+
+
+
 extern Log log;
 extern Log nlog;
 
diff --git a/core/misc.cpp b/core/misc.cpp
index aa529a4..5f8ddb9 100755
--- a/core/misc.cpp
+++ b/core/misc.cpp
@@ -2,7 +2,7 @@
  * This file is a part of Winix
  * and is not publicly distributed
  * 
- * Copyright (c) 2008-2010, Tomasz Sowa
+ * Copyright (c) 2008-2011, Tomasz Sowa
  * All rights reserved.
  * 
  */
@@ -1011,3 +1011,8 @@ void QEncode(const std::wstring & in, std::string & out, bool clear)
 	out += "?=";
 }
 
+
+
+
+
+
diff --git a/core/misc.h b/core/misc.h
index 2132f6d..7b05006 100755
--- a/core/misc.h
+++ b/core/misc.h
@@ -2,7 +2,7 @@
  * This file is a part of Winix
  * and is not publicly distributed
  * 
- * Copyright (c) 2008-2010, Tomasz Sowa
+ * Copyright (c) 2008-2011, Tomasz Sowa
  * All rights reserved.
  * 
  */
@@ -428,4 +428,6 @@ void UrlEncode(const std::wstring & in, std::string & out, bool clear_out = true
 
 void QEncode(const std::wstring & in, std::string & out, bool clear = true);
 
+
+
 #endif
diff --git a/core/postmultiparser.cpp b/core/postmultiparser.cpp
index a7251d0..96f6cd8 100755
--- a/core/postmultiparser.cpp
+++ b/core/postmultiparser.cpp
@@ -2,7 +2,7 @@
  * This file is a part of Winix
  * and is not publicly distributed
  * 
- * Copyright (c) 2008-2010, Tomasz Sowa
+ * Copyright (c) 2008-2011, Tomasz Sowa
  * All rights reserved.
  * 
  */
@@ -211,8 +211,6 @@ return true;
 
 void PostMultiParser::LogFirst(const std::string & to_log, size_t len)
 {
-size_t i;
-
 	if( len > to_log.size() )
 		len = to_log.size();
 
@@ -224,15 +222,7 @@ size_t i;
 		log << "empty";
 
 	log << "): \"";
-
-	for(i=0 ; i<len ; ++i)
-	{
-		if( to_log[i] < 32 )
-			log << '.';
-		else
-			log << to_log[i];
-	}
-
+	log.LogString(to_log, len);
 	log << "\"" << logend;
 }
 
@@ -312,7 +302,7 @@ time_t t1, t2;
 	content.clear();
 	content.reserve(WINIX_POSTMULTI_OUTPUT_BUFFER);
 	content_len = 0;
-	t1  = time(0);
+	t1 = time(0);
 
 	ReadContentToFileLoop();
 
@@ -357,7 +347,9 @@ void PostMultiParser::ReadContent()
 	ReadContentLoop();
 	
 	log << log2 << "PMP: content size: " << content_len << " bytes" << logend;
-	LogFirst(content, 200);
+
+	if( !IsSubStringNoCase("pass", name.c_str()) )
+		LogFirst(content, config->log_post_value_size);
 }
 
 
diff --git a/core/postparser.h b/core/postparser.h
index ec26ffa..0a9c778 100755
--- a/core/postparser.h
+++ b/core/postparser.h
@@ -2,7 +2,7 @@
  * This file is a part of Winix
  * and is not publicly distributed
  * 
- * Copyright (c) 2008-2010, Tomasz Sowa
+ * Copyright (c) 2008-2011, Tomasz Sowa
  * All rights reserved.
  * 
  */
@@ -17,6 +17,7 @@
 #include "misc.h"
 #include "utf8.h"
 #include "log.h"
+#include "config.h"
 
 
 
@@ -27,6 +28,8 @@ class PostParser : public HttpSimpleParser
 	PostTab * post_tab;
 	std::wstring temp_name, temp_value;
 	bool input_as_utf8;
+	size_t log_value_size;
+
 
 protected:
 
@@ -37,6 +40,29 @@ protected:
 	}
 	
 
+	void CreateLog(bool param_added)
+	{
+		log << log2 << "Method POST, name: \"" << temp_name << "\"";
+		
+		if( log_value_size > 0 && !IsSubStringNoCase(L"pass", temp_name.c_str()) )
+		{
+			log << ", value: ";
+			
+			if( temp_value.size() > log_value_size )
+				log << "(first " << log_value_size << " characters) ";
+			
+			log << "\"";
+			log.LogString(temp_value, log_value_size);
+			log << "\" (size: " << temp_value.size() << ")";
+		}
+
+		if( param_added == false )
+			log << log2 << " (skipped)";
+			
+		log << log2 << logend;
+	}
+
+
 	virtual void Parameter(std::string & name, std::string & value)
 	{
 		if( input_as_utf8 )
@@ -51,13 +77,7 @@ protected:
 		}
 
 		std::pair<PostTab::iterator, bool> res = post_tab->insert( std::make_pair(temp_name, temp_value) );
-				
-		log << log2 << "Method POST, name: \"" << temp_name << "\", value: \"" << temp_value << "\"";
-		
-		if( res.second == false )
-			log << log2 << " (skipped)";
-			
-		log << log2 << logend;
+		CreateLog(res.second);
 	}
 	
 
@@ -65,7 +85,8 @@ public:
 
 	PostParser()
 	{
-		input_as_utf8 = false;
+		input_as_utf8  = false;
+		log_value_size = 0;
 	}
 
 
@@ -74,6 +95,10 @@ public:
 		input_as_utf8 = utf;
 	}
 
+	void LogValueSize(size_t s)
+	{
+		log_value_size = s;
+	}
 
 	void Parse(FCGX_Stream * in_, PostTab & post_tab_)
 	{
diff --git a/main/main.cpp b/main/main.cpp
index b4048e6..110d14e 100755
--- a/main/main.cpp
+++ b/main/main.cpp
@@ -2,7 +2,7 @@
  * This file is a part of Winix
  * and is not publicly distributed
  * 
- * Copyright (c) 2008-2010, Tomasz Sowa
+ * Copyright (c) 2008-2011, Tomasz Sowa
  * All rights reserved.
  * 
  */