MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: [log] Multipart support for access log

pull/8749/head
Jakub Onderka 2022-11-13 15:26:11 +01:00
parent 835a255dde
commit e013d7accb
2 changed files with 32 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
app/Controller/AccessLogsController.php
View File

@ -71,12 +71,14 @@ class AccessLogsController extends AppController
throw new NotFoundException(__('Request body is empty'));
}
list($contentType, $encoding, $data) = explode("\n", $request['AccessLog']['request'], 3);
$contentType = explode(';', $contentType, 2)[0];
if ($contentType === 'application/x-www-form-urlencoded') {
parse_str($data, $output);
$data = var_export($output, true);
$contentType = explode(';', $request['AccessLog']['request_content_type'], 2)[0];
if ($contentType === 'application/x-www-form-urlencoded' || $contentType === 'multipart/form-data') {
parse_str($request['AccessLog']['request'], $output);
$highlighted = highlight_string("<?php\n" . var_export($output, true) . "?>", true);
$highlighted = str_replace(["&lt;?php","?&gt;"] , '', $highlighted);
$data = $highlighted;
} else {
$data = h($request['AccessLog']['request']);
}
$this->set('request', $data);

28
app/Model/AccessLog.php
View File

@ -47,7 +47,11 @@ class AccessLog extends AppModel
$result['AccessLog']['request_method'] = self::REQUEST_TYPES[$result['AccessLog']['request_method']];
}
if (!empty($result['AccessLog']['request'])) {
$result['AccessLog']['request'] = $this->decodeRequest($result['AccessLog']['request']);
$request = $this->decodeRequest($result['AccessLog']['request']);
list($contentType, $encoding, $data) = explode("\n", $request, 3);
$result['AccessLog']['request'] = $data;
$result['AccessLog']['request_content_type'] = $contentType;
$result['AccessLog']['request_content_encoding'] = $encoding;
}
if (!empty($result['AccessLog']['memory_usage'])) {
$result['AccessLog']['memory_usage'] = $result['AccessLog']['memory_usage'] * 1024;
@ -121,9 +125,7 @@ class AccessLog extends AppModel
];
if ($includeRequestBody && $request->is(['post', 'put', 'delete'])) {
$requestContentType = $_SERVER['CONTENT_TYPE'] ?? null;
$requestEncoding = $_SERVER['HTTP_CONTENT_ENCODING'] ?? null;
$dataToSave['request'] = "$requestContentType\n$requestEncoding\n{$request->input()}";
$dataToSave['request'] = $this->requestBody($request);
}
// Save data on shutdown
@ -135,6 +137,24 @@ class AccessLog extends AppModel
return true;
}
/**
* @param CakeRequest $request
* @return string
*/
private function requestBody(CakeRequest $request)
{
$requestContentType = $_SERVER['CONTENT_TYPE'] ?? null;
$requestEncoding = $_SERVER['HTTP_CONTENT_ENCODING'] ?? null;
if (substr($requestContentType, 0, 19) === 'multipart/form-data') {
$input = http_build_query($request->data, '', '&');
} else {
$input = $request->input();
}
return "$requestContentType\n$requestEncoding\n$input";
}
/**
* @param array $data
* @param float $requestTime