From 3b7ca3e44cb8f9e7e22e04ddd9ce70a3d7753af4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ervin=20Heged=C3=BCs?= <airween@gmail.com>
Date: Fri, 30 Dec 2022 12:23:00 +0100
Subject: [PATCH 1/5] Escape log field 'data' value

---
 src/rule_message.cc |  2 +-
 src/utils/string.cc | 22 ++++++++++++++++++++++
 src/utils/string.h  |  1 +
 3 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/src/rule_message.cc b/src/rule_message.cc
index eb67955487..09b6ea1690 100644
--- a/src/rule_message.cc
+++ b/src/rule_message.cc
@@ -31,7 +31,7 @@ std::string RuleMessage::_details(const RuleMessage *rm) {
     msg.append(" [id \"" + std::to_string(rm->m_ruleId) + "\"]");
     msg.append(" [rev \"" + rm->m_rev + "\"]");
     msg.append(" [msg \"" + rm->m_message + "\"]");
-    msg.append(" [data \"" + utils::string::limitTo(200, rm->m_data) + "\"]");
+    msg.append(" [data \"" + utils::string::log_escape_hex(utils::string::limitTo(200, rm->m_data)) + "\"]");
     msg.append(" [severity \"" +
         std::to_string(rm->m_severity) + "\"]");
     msg.append(" [ver \"" + rm->m_ver + "\"]");
diff --git a/src/utils/string.cc b/src/utils/string.cc
index b7ec196a77..b2b6b84057 100644
--- a/src/utils/string.cc
+++ b/src/utils/string.cc
@@ -267,6 +267,28 @@ void replaceAll(std::string *str, const std::string& from,
     }
 }
 
+std::string log_escape_hex(std::string s) {
+
+    std::string ret = "";
+    char tchar[2];
+
+    for (std::string::size_type i = 0; i < s.size(); i++) {
+        if (  (s[i] == '"')
+                ||(s[i] == '\\')
+                ||(s[i] <= 0x1f)
+                ||(s[i] >= 0x7f))
+        {
+            ret.append("\\x");
+            c2x(s[i], (unsigned char*)tchar);
+            ret.push_back(tchar[0]);
+            ret.push_back(tchar[1]);
+        }
+        else {
+            ret.push_back(s[i]);
+        }
+    }
+    return ret;
+}
 
 }  // namespace string
 }  // namespace utils
diff --git a/src/utils/string.h b/src/utils/string.h
index b864a38f70..526adc54f9 100644
--- a/src/utils/string.h
+++ b/src/utils/string.h
@@ -72,6 +72,7 @@ void replaceAll(std::string *str, const std::string& from,
     const std::string& to);
 std::string removeWhiteSpacesIfNeeded(std::string a);
 std::string parserSanitizer(std::string a);
+std::string log_escape_hex(std::string s);
 
 unsigned char x2c(unsigned char *what);
 unsigned char xsingle2c(unsigned char *what);

From c7306d174a9ff37e14466bede27e69075b2950e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ervin=20Heged=C3=BCs?= <airween@gmail.com>
Date: Tue, 17 Jan 2023 20:57:03 +0100
Subject: [PATCH 2/5] Extend utils::string::toHexIfNeeded() to encode '"' and
 '\' characters optionally

---
 src/utils/string.cc | 32 +++++++-------------------------
 src/utils/string.h  |  1 +
 2 files changed, 8 insertions(+), 25 deletions(-)

diff --git a/src/utils/string.cc b/src/utils/string.cc
index b2b6b84057..b2ffcb232a 100644
--- a/src/utils/string.cc
+++ b/src/utils/string.cc
@@ -135,13 +135,18 @@ std::string string_to_hex(const std::string& input) {
     return output;
 }
 
-
 std::string toHexIfNeeded(const std::string &str) {
+    return toHexIfNeeded(str, false);
+}
+
+std::string toHexIfNeeded(const std::string &str, bool escape_spec) {
+    // escape_spec: escape special chars or not
+    // spec chars: '"' (quotation mark, ascii 34), '\' (backslash, ascii 92)
     std::stringstream res;
 
     for (int i = 0; i < str.size(); i++) {
         int c = (unsigned char)str.at(i);
-        if (c < 32 || c > 126) {
+        if (c < 32 || c > 126 || (escape_spec == true && (c == 34 || c == 92))) {
             res << "\\x" << std::setw(2) << std::setfill('0') << std::hex << c;
         } else {
             res << str.at(i);
@@ -267,29 +272,6 @@ void replaceAll(std::string *str, const std::string& from,
     }
 }
 
-std::string log_escape_hex(std::string s) {
-
-    std::string ret = "";
-    char tchar[2];
-
-    for (std::string::size_type i = 0; i < s.size(); i++) {
-        if (  (s[i] == '"')
-                ||(s[i] == '\\')
-                ||(s[i] <= 0x1f)
-                ||(s[i] >= 0x7f))
-        {
-            ret.append("\\x");
-            c2x(s[i], (unsigned char*)tchar);
-            ret.push_back(tchar[0]);
-            ret.push_back(tchar[1]);
-        }
-        else {
-            ret.push_back(s[i]);
-        }
-    }
-    return ret;
-}
-
 }  // namespace string
 }  // namespace utils
 }  // namespace modsecurity
diff --git a/src/utils/string.h b/src/utils/string.h
index 526adc54f9..a728e54cfa 100644
--- a/src/utils/string.h
+++ b/src/utils/string.h
@@ -62,6 +62,7 @@ std::string limitTo(int amount, const std::string &str);
 std::string removeBracketsIfNeeded(std::string a);
 std::string string_to_hex(const std::string& input);
 std::string toHexIfNeeded(const std::string &str);
+std::string toHexIfNeeded(const std::string &str, bool escape_spec);
 std::string tolower(std::string str);
 std::string toupper(std::string str);
 std::vector<std::string> ssplit(std::string str, char delimiter);

From 105c5909a12c075355a43510b27b1d2e397e7c77 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ervin=20Heged=C3=BCs?= <airween@gmail.com>
Date: Tue, 17 Jan 2023 20:57:51 +0100
Subject: [PATCH 3/5] Add more fields to encode filter: rev, ver and tag

---
 src/rule_message.cc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/rule_message.cc b/src/rule_message.cc
index 09b6ea1690..496fe7caab 100644
--- a/src/rule_message.cc
+++ b/src/rule_message.cc
@@ -29,17 +29,17 @@ std::string RuleMessage::_details(const RuleMessage *rm) {
     msg.append(" [file \"" + std::string(*rm->m_ruleFile.get()) + "\"]");
     msg.append(" [line \"" + std::to_string(rm->m_ruleLine) + "\"]");
     msg.append(" [id \"" + std::to_string(rm->m_ruleId) + "\"]");
-    msg.append(" [rev \"" + rm->m_rev + "\"]");
+    msg.append(" [rev \"" + utils::string::toHexIfNeeded(rm->m_rev, true) + "\"]");
     msg.append(" [msg \"" + rm->m_message + "\"]");
-    msg.append(" [data \"" + utils::string::log_escape_hex(utils::string::limitTo(200, rm->m_data)) + "\"]");
+    msg.append(" [data \"" + utils::string::toHexIfNeeded(utils::string::limitTo(200, rm->m_data), true) + "\"]");
     msg.append(" [severity \"" +
         std::to_string(rm->m_severity) + "\"]");
-    msg.append(" [ver \"" + rm->m_ver + "\"]");
+    msg.append(" [ver \"" + utils::string::toHexIfNeeded(rm->m_ver, true) + "\"]");
     msg.append(" [maturity \"" + std::to_string(rm->m_maturity) + "\"]");
     msg.append(" [accuracy \"" + std::to_string(rm->m_accuracy) + "\"]");
 
     for (auto &a : rm->m_tags) {
-        msg.append(" [tag \"" + a + "\"]");
+        msg.append(" [tag \"" + utils::string::toHexIfNeeded(a, true) + "\"]");
     }
 
     msg.append(" [hostname \"" + *rm->m_serverIpAddress.get() \

From d63d8849a815992a8d5343bf9cc17424d229688c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ervin=20Heged=C3=BCs?= <airween@gmail.com>
Date: Wed, 18 Jan 2023 16:28:47 +0100
Subject: [PATCH 4/5] Remove previously removed fn proto from header

---
 src/utils/string.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/utils/string.h b/src/utils/string.h
index a728e54cfa..eb89ac7981 100644
--- a/src/utils/string.h
+++ b/src/utils/string.h
@@ -73,7 +73,6 @@ void replaceAll(std::string *str, const std::string& from,
     const std::string& to);
 std::string removeWhiteSpacesIfNeeded(std::string a);
 std::string parserSanitizer(std::string a);
-std::string log_escape_hex(std::string s);
 
 unsigned char x2c(unsigned char *what);
 unsigned char xsingle2c(unsigned char *what);

From 6dd00be22940c208aff34e590454b632ec43fc14 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ervin=20Heged=C3=BCs?= <airween@gmail.com>
Date: Wed, 18 Jan 2023 16:40:52 +0100
Subject: [PATCH 5/5] Refactorized multiple prototypes

---
 src/utils/string.cc | 4 ----
 src/utils/string.h  | 3 +--
 2 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/src/utils/string.cc b/src/utils/string.cc
index b2ffcb232a..eb370eeae0 100644
--- a/src/utils/string.cc
+++ b/src/utils/string.cc
@@ -135,10 +135,6 @@ std::string string_to_hex(const std::string& input) {
     return output;
 }
 
-std::string toHexIfNeeded(const std::string &str) {
-    return toHexIfNeeded(str, false);
-}
-
 std::string toHexIfNeeded(const std::string &str, bool escape_spec) {
     // escape_spec: escape special chars or not
     // spec chars: '"' (quotation mark, ascii 34), '\' (backslash, ascii 92)
diff --git a/src/utils/string.h b/src/utils/string.h
index eb89ac7981..e3d40d89b8 100644
--- a/src/utils/string.h
+++ b/src/utils/string.h
@@ -61,8 +61,7 @@ std::string dash_if_empty(const std::string *str);
 std::string limitTo(int amount, const std::string &str);
 std::string removeBracketsIfNeeded(std::string a);
 std::string string_to_hex(const std::string& input);
-std::string toHexIfNeeded(const std::string &str);
-std::string toHexIfNeeded(const std::string &str, bool escape_spec);
+std::string toHexIfNeeded(const std::string &str, bool escape_spec = false);
 std::string tolower(std::string str);
 std::string toupper(std::string str);
 std::vector<std::string> ssplit(std::string str, char delimiter);