added: now winix will not log post parameters with 'pass' in names (at the beginning)

changed: only first few characters are logged (from POST)


git-svn-id: svn://ttmath.org/publicrep/winix/trunk@733 e52654a7-88a9-db11-a3e9-0013d4bc506e
This commit is contained in:
Tomasz Sowa 2011-06-06 22:47:34 +00:00
parent c84997be30
commit af8fbdae72
10 changed files with 99 additions and 35 deletions

View File

@ -152,6 +152,11 @@ bool App::Init()
CreateStaticTree();
get_parser.UTF8(config.utf8);
post_parser.UTF8(config.utf8);
post_parser.LogValueSize(config.log_post_value_size);
// post_multi_parser has a pointer to the config
plugin.Call(WINIX_PLUGIN_INIT);
return true;
@ -469,7 +474,6 @@ void App::LogAccess()
void App::ReadGetPostVars()
{
// get parameters we have always
get_parser.UTF8(config.utf8);
get_parser.Parse(cur.request->env_request_uri, cur.request->get_tab);
if( cur.request->method == Request::post )
@ -477,14 +481,10 @@ void App::ReadGetPostVars()
if( IsSubStringNoCase("multipart/form-data", cur.request->env_content_type) )
{
log << log3 << "Request: post content type: multipart/form-data" << logend;
// !! dodac metode UTF8 do post_multi_parsera
// (narazie bierze bezposrednio z konfigu)
// w ogole wywalic zaleznosc od konfiga
post_multi_parser.Parse(fcgi_request.in, cur.request->post_tab, cur.request->post_file_tab);
}
else
{
post_parser.UTF8(config.utf8);
post_parser.Parse(fcgi_request.in, cur.request->post_tab);
}
}

View File

@ -109,7 +109,8 @@ void Config::AssignValues(bool stdout_is_closed)
log_stdout = Bool(L"log_stdout", false);
log_db_query = Bool(L"log_db_query", false);
log_plugin_call = Bool(L"log_plugin_call", false);
log_post_value_size = Size(L"log_post_value_size", 80);
post_file_max = Size(L"post_file_max", 8388608); // 8 MB
upload_dir = Text(L"upload_dir");
upload_dirs_chmod = Int(L"upload_dirs_chmod", 0750);

View File

@ -72,6 +72,11 @@ public:
// default: false
bool log_plugin_call;
// how many characters in values should be logged from POST parameters
// default: 80
// set to 0 to turn off
size_t log_post_value_size;
// request delimiter in the log file, default "---------"
std::wstring log_delimiter;

View File

@ -2,7 +2,7 @@
* This file is a part of Winix
* and is not publicly distributed
*
* Copyright (c) 2008-2010, Tomasz Sowa
* Copyright (c) 2008-2011, Tomasz Sowa
* All rights reserved.
*
*/
@ -199,6 +199,16 @@ Log & Log::operator<<(char s)
}
Log & Log::operator<<(wchar_t s)
{
if( current_level <= log_level )
{
buffer << s;
}
return *this;
}
Log & Log::operator<<(size_t s)
{
@ -269,6 +279,7 @@ return *this;
}
void Log::SystemErr(int err)
{
(*this) << "errno: " << err;

View File

@ -2,7 +2,7 @@
* This file is a part of Winix
* and is not publicly distributed
*
* Copyright (c) 2008-2010, Tomasz Sowa
* Copyright (c) 2008-2011, Tomasz Sowa
* All rights reserved.
*
*/
@ -48,10 +48,14 @@ public:
Log & operator<<(int s);
Log & operator<<(long s);
Log & operator<<(char s);
Log & operator<<(wchar_t s);
Log & operator<<(size_t s);
Log & operator<<(double s);
Log & operator<<(Manipulators m);
template<class StringType>
void LogString(const StringType & value, size_t max_size);
void SystemErr(int err);
void SaveLog();
void SaveLogAndClear();
@ -100,6 +104,25 @@ private:
template<class StringType>
void Log::LogString(const StringType & value, size_t max_size)
{
size_t min_size = value.size() < max_size ? value.size() : max_size;
if( current_level <= log_level )
{
for(size_t i=0 ; i<min_size ; ++i)
{
if( value[i] < 32 )
buffer << '.';
else
buffer << value[i];
}
}
}
extern Log log;
extern Log nlog;

View File

@ -2,7 +2,7 @@
* This file is a part of Winix
* and is not publicly distributed
*
* Copyright (c) 2008-2010, Tomasz Sowa
* Copyright (c) 2008-2011, Tomasz Sowa
* All rights reserved.
*
*/
@ -1011,3 +1011,8 @@ void QEncode(const std::wstring & in, std::string & out, bool clear)
out += "?=";
}

View File

@ -2,7 +2,7 @@
* This file is a part of Winix
* and is not publicly distributed
*
* Copyright (c) 2008-2010, Tomasz Sowa
* Copyright (c) 2008-2011, Tomasz Sowa
* All rights reserved.
*
*/
@ -428,4 +428,6 @@ void UrlEncode(const std::wstring & in, std::string & out, bool clear_out = true
void QEncode(const std::wstring & in, std::string & out, bool clear = true);
#endif

View File

@ -2,7 +2,7 @@
* This file is a part of Winix
* and is not publicly distributed
*
* Copyright (c) 2008-2010, Tomasz Sowa
* Copyright (c) 2008-2011, Tomasz Sowa
* All rights reserved.
*
*/
@ -211,8 +211,6 @@ return true;
void PostMultiParser::LogFirst(const std::string & to_log, size_t len)
{
size_t i;
if( len > to_log.size() )
len = to_log.size();
@ -224,15 +222,7 @@ size_t i;
log << "empty";
log << "): \"";
for(i=0 ; i<len ; ++i)
{
if( to_log[i] < 32 )
log << '.';
else
log << to_log[i];
}
log.LogString(to_log, len);
log << "\"" << logend;
}
@ -312,7 +302,7 @@ time_t t1, t2;
content.clear();
content.reserve(WINIX_POSTMULTI_OUTPUT_BUFFER);
content_len = 0;
t1 = time(0);
t1 = time(0);
ReadContentToFileLoop();
@ -357,7 +347,9 @@ void PostMultiParser::ReadContent()
ReadContentLoop();
log << log2 << "PMP: content size: " << content_len << " bytes" << logend;
LogFirst(content, 200);
if( !IsSubStringNoCase("pass", name.c_str()) )
LogFirst(content, config->log_post_value_size);
}

View File

@ -2,7 +2,7 @@
* This file is a part of Winix
* and is not publicly distributed
*
* Copyright (c) 2008-2010, Tomasz Sowa
* Copyright (c) 2008-2011, Tomasz Sowa
* All rights reserved.
*
*/
@ -17,6 +17,7 @@
#include "misc.h"
#include "utf8.h"
#include "log.h"
#include "config.h"
@ -27,6 +28,8 @@ class PostParser : public HttpSimpleParser
PostTab * post_tab;
std::wstring temp_name, temp_value;
bool input_as_utf8;
size_t log_value_size;
protected:
@ -37,6 +40,29 @@ protected:
}
void CreateLog(bool param_added)
{
log << log2 << "Method POST, name: \"" << temp_name << "\"";
if( log_value_size > 0 && !IsSubStringNoCase(L"pass", temp_name.c_str()) )
{
log << ", value: ";
if( temp_value.size() > log_value_size )
log << "(first " << log_value_size << " characters) ";
log << "\"";
log.LogString(temp_value, log_value_size);
log << "\" (size: " << temp_value.size() << ")";
}
if( param_added == false )
log << log2 << " (skipped)";
log << log2 << logend;
}
virtual void Parameter(std::string & name, std::string & value)
{
if( input_as_utf8 )
@ -51,13 +77,7 @@ protected:
}
std::pair<PostTab::iterator, bool> res = post_tab->insert( std::make_pair(temp_name, temp_value) );
log << log2 << "Method POST, name: \"" << temp_name << "\", value: \"" << temp_value << "\"";
if( res.second == false )
log << log2 << " (skipped)";
log << log2 << logend;
CreateLog(res.second);
}
@ -65,7 +85,8 @@ public:
PostParser()
{
input_as_utf8 = false;
input_as_utf8 = false;
log_value_size = 0;
}
@ -74,6 +95,10 @@ public:
input_as_utf8 = utf;
}
void LogValueSize(size_t s)
{
log_value_size = s;
}
void Parse(FCGX_Stream * in_, PostTab & post_tab_)
{

View File

@ -2,7 +2,7 @@
* This file is a part of Winix
* and is not publicly distributed
*
* Copyright (c) 2008-2010, Tomasz Sowa
* Copyright (c) 2008-2011, Tomasz Sowa
* All rights reserved.
*
*/