added: now winix will not log post parameters with 'pass' in names (at the beginning)
changed: only first few characters are logged (from POST) git-svn-id: svn://ttmath.org/publicrep/winix/trunk@733 e52654a7-88a9-db11-a3e9-0013d4bc506e
This commit is contained in:
parent
c84997be30
commit
af8fbdae72
10
core/app.cpp
10
core/app.cpp
|
@ -152,6 +152,11 @@ bool App::Init()
|
|||
|
||||
CreateStaticTree();
|
||||
|
||||
get_parser.UTF8(config.utf8);
|
||||
post_parser.UTF8(config.utf8);
|
||||
post_parser.LogValueSize(config.log_post_value_size);
|
||||
// post_multi_parser has a pointer to the config
|
||||
|
||||
plugin.Call(WINIX_PLUGIN_INIT);
|
||||
|
||||
return true;
|
||||
|
@ -469,7 +474,6 @@ void App::LogAccess()
|
|||
void App::ReadGetPostVars()
|
||||
{
|
||||
// get parameters we have always
|
||||
get_parser.UTF8(config.utf8);
|
||||
get_parser.Parse(cur.request->env_request_uri, cur.request->get_tab);
|
||||
|
||||
if( cur.request->method == Request::post )
|
||||
|
@ -477,14 +481,10 @@ void App::ReadGetPostVars()
|
|||
if( IsSubStringNoCase("multipart/form-data", cur.request->env_content_type) )
|
||||
{
|
||||
log << log3 << "Request: post content type: multipart/form-data" << logend;
|
||||
// !! dodac metode UTF8 do post_multi_parsera
|
||||
// (narazie bierze bezposrednio z konfigu)
|
||||
// w ogole wywalic zaleznosc od konfiga
|
||||
post_multi_parser.Parse(fcgi_request.in, cur.request->post_tab, cur.request->post_file_tab);
|
||||
}
|
||||
else
|
||||
{
|
||||
post_parser.UTF8(config.utf8);
|
||||
post_parser.Parse(fcgi_request.in, cur.request->post_tab);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -109,6 +109,7 @@ void Config::AssignValues(bool stdout_is_closed)
|
|||
log_stdout = Bool(L"log_stdout", false);
|
||||
log_db_query = Bool(L"log_db_query", false);
|
||||
log_plugin_call = Bool(L"log_plugin_call", false);
|
||||
log_post_value_size = Size(L"log_post_value_size", 80);
|
||||
|
||||
post_file_max = Size(L"post_file_max", 8388608); // 8 MB
|
||||
upload_dir = Text(L"upload_dir");
|
||||
|
|
|
@ -72,6 +72,11 @@ public:
|
|||
// default: false
|
||||
bool log_plugin_call;
|
||||
|
||||
// how many characters in values should be logged from POST parameters
|
||||
// default: 80
|
||||
// set to 0 to turn off
|
||||
size_t log_post_value_size;
|
||||
|
||||
// request delimiter in the log file, default "---------"
|
||||
std::wstring log_delimiter;
|
||||
|
||||
|
|
13
core/log.cpp
13
core/log.cpp
|
@ -2,7 +2,7 @@
|
|||
* This file is a part of Winix
|
||||
* and is not publicly distributed
|
||||
*
|
||||
* Copyright (c) 2008-2010, Tomasz Sowa
|
||||
* Copyright (c) 2008-2011, Tomasz Sowa
|
||||
* All rights reserved.
|
||||
*
|
||||
*/
|
||||
|
@ -199,6 +199,16 @@ Log & Log::operator<<(char s)
|
|||
}
|
||||
|
||||
|
||||
Log & Log::operator<<(wchar_t s)
|
||||
{
|
||||
if( current_level <= log_level )
|
||||
{
|
||||
buffer << s;
|
||||
}
|
||||
|
||||
return *this;
|
||||
}
|
||||
|
||||
|
||||
Log & Log::operator<<(size_t s)
|
||||
{
|
||||
|
@ -269,6 +279,7 @@ return *this;
|
|||
}
|
||||
|
||||
|
||||
|
||||
void Log::SystemErr(int err)
|
||||
{
|
||||
(*this) << "errno: " << err;
|
||||
|
|
25
core/log.h
25
core/log.h
|
@ -2,7 +2,7 @@
|
|||
* This file is a part of Winix
|
||||
* and is not publicly distributed
|
||||
*
|
||||
* Copyright (c) 2008-2010, Tomasz Sowa
|
||||
* Copyright (c) 2008-2011, Tomasz Sowa
|
||||
* All rights reserved.
|
||||
*
|
||||
*/
|
||||
|
@ -48,10 +48,14 @@ public:
|
|||
Log & operator<<(int s);
|
||||
Log & operator<<(long s);
|
||||
Log & operator<<(char s);
|
||||
Log & operator<<(wchar_t s);
|
||||
Log & operator<<(size_t s);
|
||||
Log & operator<<(double s);
|
||||
Log & operator<<(Manipulators m);
|
||||
|
||||
template<class StringType>
|
||||
void LogString(const StringType & value, size_t max_size);
|
||||
|
||||
void SystemErr(int err);
|
||||
void SaveLog();
|
||||
void SaveLogAndClear();
|
||||
|
@ -100,6 +104,25 @@ private:
|
|||
|
||||
|
||||
|
||||
template<class StringType>
|
||||
void Log::LogString(const StringType & value, size_t max_size)
|
||||
{
|
||||
size_t min_size = value.size() < max_size ? value.size() : max_size;
|
||||
|
||||
if( current_level <= log_level )
|
||||
{
|
||||
for(size_t i=0 ; i<min_size ; ++i)
|
||||
{
|
||||
if( value[i] < 32 )
|
||||
buffer << '.';
|
||||
else
|
||||
buffer << value[i];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
extern Log log;
|
||||
extern Log nlog;
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
* This file is a part of Winix
|
||||
* and is not publicly distributed
|
||||
*
|
||||
* Copyright (c) 2008-2010, Tomasz Sowa
|
||||
* Copyright (c) 2008-2011, Tomasz Sowa
|
||||
* All rights reserved.
|
||||
*
|
||||
*/
|
||||
|
@ -1011,3 +1011,8 @@ void QEncode(const std::wstring & in, std::string & out, bool clear)
|
|||
out += "?=";
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
* This file is a part of Winix
|
||||
* and is not publicly distributed
|
||||
*
|
||||
* Copyright (c) 2008-2010, Tomasz Sowa
|
||||
* Copyright (c) 2008-2011, Tomasz Sowa
|
||||
* All rights reserved.
|
||||
*
|
||||
*/
|
||||
|
@ -428,4 +428,6 @@ void UrlEncode(const std::wstring & in, std::string & out, bool clear_out = true
|
|||
|
||||
void QEncode(const std::wstring & in, std::string & out, bool clear = true);
|
||||
|
||||
|
||||
|
||||
#endif
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
* This file is a part of Winix
|
||||
* and is not publicly distributed
|
||||
*
|
||||
* Copyright (c) 2008-2010, Tomasz Sowa
|
||||
* Copyright (c) 2008-2011, Tomasz Sowa
|
||||
* All rights reserved.
|
||||
*
|
||||
*/
|
||||
|
@ -211,8 +211,6 @@ return true;
|
|||
|
||||
void PostMultiParser::LogFirst(const std::string & to_log, size_t len)
|
||||
{
|
||||
size_t i;
|
||||
|
||||
if( len > to_log.size() )
|
||||
len = to_log.size();
|
||||
|
||||
|
@ -224,15 +222,7 @@ size_t i;
|
|||
log << "empty";
|
||||
|
||||
log << "): \"";
|
||||
|
||||
for(i=0 ; i<len ; ++i)
|
||||
{
|
||||
if( to_log[i] < 32 )
|
||||
log << '.';
|
||||
else
|
||||
log << to_log[i];
|
||||
}
|
||||
|
||||
log.LogString(to_log, len);
|
||||
log << "\"" << logend;
|
||||
}
|
||||
|
||||
|
@ -357,7 +347,9 @@ void PostMultiParser::ReadContent()
|
|||
ReadContentLoop();
|
||||
|
||||
log << log2 << "PMP: content size: " << content_len << " bytes" << logend;
|
||||
LogFirst(content, 200);
|
||||
|
||||
if( !IsSubStringNoCase("pass", name.c_str()) )
|
||||
LogFirst(content, config->log_post_value_size);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
* This file is a part of Winix
|
||||
* and is not publicly distributed
|
||||
*
|
||||
* Copyright (c) 2008-2010, Tomasz Sowa
|
||||
* Copyright (c) 2008-2011, Tomasz Sowa
|
||||
* All rights reserved.
|
||||
*
|
||||
*/
|
||||
|
@ -17,6 +17,7 @@
|
|||
#include "misc.h"
|
||||
#include "utf8.h"
|
||||
#include "log.h"
|
||||
#include "config.h"
|
||||
|
||||
|
||||
|
||||
|
@ -27,6 +28,8 @@ class PostParser : public HttpSimpleParser
|
|||
PostTab * post_tab;
|
||||
std::wstring temp_name, temp_value;
|
||||
bool input_as_utf8;
|
||||
size_t log_value_size;
|
||||
|
||||
|
||||
protected:
|
||||
|
||||
|
@ -37,6 +40,29 @@ protected:
|
|||
}
|
||||
|
||||
|
||||
void CreateLog(bool param_added)
|
||||
{
|
||||
log << log2 << "Method POST, name: \"" << temp_name << "\"";
|
||||
|
||||
if( log_value_size > 0 && !IsSubStringNoCase(L"pass", temp_name.c_str()) )
|
||||
{
|
||||
log << ", value: ";
|
||||
|
||||
if( temp_value.size() > log_value_size )
|
||||
log << "(first " << log_value_size << " characters) ";
|
||||
|
||||
log << "\"";
|
||||
log.LogString(temp_value, log_value_size);
|
||||
log << "\" (size: " << temp_value.size() << ")";
|
||||
}
|
||||
|
||||
if( param_added == false )
|
||||
log << log2 << " (skipped)";
|
||||
|
||||
log << log2 << logend;
|
||||
}
|
||||
|
||||
|
||||
virtual void Parameter(std::string & name, std::string & value)
|
||||
{
|
||||
if( input_as_utf8 )
|
||||
|
@ -51,13 +77,7 @@ protected:
|
|||
}
|
||||
|
||||
std::pair<PostTab::iterator, bool> res = post_tab->insert( std::make_pair(temp_name, temp_value) );
|
||||
|
||||
log << log2 << "Method POST, name: \"" << temp_name << "\", value: \"" << temp_value << "\"";
|
||||
|
||||
if( res.second == false )
|
||||
log << log2 << " (skipped)";
|
||||
|
||||
log << log2 << logend;
|
||||
CreateLog(res.second);
|
||||
}
|
||||
|
||||
|
||||
|
@ -66,6 +86,7 @@ public:
|
|||
PostParser()
|
||||
{
|
||||
input_as_utf8 = false;
|
||||
log_value_size = 0;
|
||||
}
|
||||
|
||||
|
||||
|
@ -74,6 +95,10 @@ public:
|
|||
input_as_utf8 = utf;
|
||||
}
|
||||
|
||||
void LogValueSize(size_t s)
|
||||
{
|
||||
log_value_size = s;
|
||||
}
|
||||
|
||||
void Parse(FCGX_Stream * in_, PostTab & post_tab_)
|
||||
{
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
* This file is a part of Winix
|
||||
* and is not publicly distributed
|
||||
*
|
||||
* Copyright (c) 2008-2010, Tomasz Sowa
|
||||
* Copyright (c) 2008-2011, Tomasz Sowa
|
||||
* All rights reserved.
|
||||
*
|
||||
*/
|
||||
|
|
Loading…
Reference in New Issue