-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathfind_naxsi_exlog.go
39 lines (33 loc) · 1.11 KB
/
find_naxsi_exlog.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
package main
import (
"net/url"
"regexp"
)
var naxsiExLogRegex = regexp.MustCompile(`NAXSI_EXLOG: (?P<naxsiExLog>[^ ]+),`)
func findNaxsiExLog(entry *nginxErrorEntry) {
if ok := naxsiExLogRegex.MatchString(entry.Message); ok {
matched := naxsiExLogRegex.FindStringSubmatch(entry.Message)
entry.Msg = stringPointer(replaceMatched(*entry.Msg, matched[0]))
query, err := url.ParseQuery(matched[1])
if err == nil {
entry.ErrorType = errorTypeNaxsiExLog
entry.NaxsiExLogIP = stringPointer(query.Get("ip"))
entry.NaxsiExLogServer = stringPointer(query.Get("server"))
entry.NaxsiExLogURI = stringPointer(query.Get("uri"))
entry.NaxsiExLogID = stringPointer(query.Get("id"))
entry.NaxsiExLogZone = stringPointer(query.Get("zone"))
entry.NaxsiExLogVarName = stringPointer(query.Get("var_name"))
entry.NaxsiExLogContent = stringPointer(query.Get("content"))
entry.checkSumParts = []string{
errorTypeNaxsiExLog,
query.Get("server"),
query.Get("uri"),
query.Get("id"),
query.Get("zone"),
query.Get("var_name"),
query.Get("content"),
}
entry.checkSumUseMsg = false
}
}
}