Integrate modsecurity logs into django

Author: GustavoKatel

django_pymodsecurity/middleware.py

@@ -25,6 +25,7 @@ def __init__(self, get_response):
         self.get_response = get_response
 
         self.modsecurity = ModSecurity.ModSecurity()
+        self.modsecurity.setServerLogCb(self.modsecurity_log_callback)
         self.rules = ModSecurity.Rules()
 
         self.rule_files = getattr(settings, SETTINGS_NAMES['rule_files'], None)
@@ -42,6 +43,9 @@ def __init__(self, get_response):
         if self.rule_lines is not None:
             self.load_rules(self.rule_lines)
 
+    def modsecurity_log_callback(self, data, msg):
+        logger.info(msg)
+
     @property
     def rules_count(self):
         return self._rules_count
@@ -58,7 +62,6 @@ def load_rule_files(self, rule_files):
                 if rules_count < 0:
                     msg = '[ModSecurity] Error trying to load rule file %s. %s' % (
                         rule_file, self.rules.getParserError())
-                    print(msg)
                     logger.warning(msg)
                 else:
                     self._rules_count += rules_count
@@ -75,7 +78,6 @@ def load_rules(self, rules):
         if rules_count < 0:
             msg = '[ModSecurity] Error trying to load rules: %s' % self.rules.getParserError(
             )
-            print(msg)
             logger.warning(msg)
         else:
             self._rules_count += rules_count

environment.devenv.yml

@@ -2,7 +2,7 @@ name: django-pymodsecurity
 
 dependencies:
   - django=2.1.2
-  - pymodsecurity=0.0.2
+  - pymodsecurity=0.0.3
   - pytest
   - pytest-runner
   - pytest-mock

setup.py

@@ -9,8 +9,5 @@
     author_email='[email protected]',
     license='MIT',
     packages=['django_pymodsecurity'],
-    install_requires=[
-        'Django',
-        'pymodsecurity'
-    ],
+    install_requires=['Django', 'pymodsecurity'],
     zip_safe=False)

tests/test_integration_request.py tests/test_integration.py

@@ -84,3 +84,36 @@ def test_no_intervention(middleware, get_response, request_factory):
     obtained = middleware(request)
 
     assert obtained == get_response.mock_response
+
+
+def test_log(get_response, request_factory, mocker):
+    from django_pymodsecurity.middleware import PyModSecurityMiddleware
+
+    request = request_factory.post(
+        '/api/users', {
+            'hello': 'world',
+            'attack': True
+        },
+        content_type='application/json')
+
+    get_response.mock_response = HttpResponse('Original response')
+
+    rule = 'SecRuleEngine On\n'
+    rule += 'SecRequestBodyAccess On\n'
+    rule += 'SecRule REQUEST_BODY "@contains attack" "id:43,phase:2,allow,msg:\'log test ok\'"'
+
+    mocker.spy(PyModSecurityMiddleware, 'modsecurity_log_callback')
+    middleware = PyModSecurityMiddleware(get_response)
+    assert middleware.rules.load(rule) > 0, \
+        middleware.rules.getParserError() or 'Failed to load rule'
+
+    response = middleware(request)
+
+    assert response == get_response.mock_response
+    assert response.status_code == 200
+
+    assert middleware.modsecurity_log_callback.call_count == 1
+    obj, data, msg = middleware.modsecurity_log_callback.call_args_list[0][0]
+    assert obj == middleware
+    assert data is None
+    assert 'log test ok' in msg