Fossil SCM

Write failed attempts to POST from a different origin into the error log. Add a new category to the error log filter for such messages.

drh 2025-03-17 13:16 trunk

Commit 2269ac697f5b06117c94de896f0b6adf852485fd463af7e08c37ec3fd6751319

Parent 3046c5e9609b5a8…

3 files changed +9 -2 +1 -1 +32 -26

~ src/cgi.c ~ src/main.c ~ src/security_audit.c

M src/cgi.c

+9 -2

		--- src/cgi.c
		+++ src/cgi.c
		@@ -688,12 +688,16 @@
688	688	}
689	689
690	690
691	691	/*
692	692	** Return true if the current request is coming from the same origin.
	693	+**
	694	+** If the request comes from a different origin and bErrorLog is true, then
	695	+** put a warning message on the error log as this was a possible hack
	696	+** attempt.
693	697	*/
694		-int cgi_same_origin(void){
	698	+int cgi_same_origin(int bErrorLog){
695	699	const char *zRef;
696	700	char *zToFree = 0;
697	701	int nBase;
698	702	int rc;
699	703	if( g.zBaseURL==0 ) return 0;
		@@ -710,10 +714,13 @@
710	714	}else if( zRef[nBase]!=0 && zRef[nBase]!='/' ){
711	715	rc = 0;
712	716	}else{
713	717	rc = 1;
714	718	}
	719	+ if( rc==0 && bErrorLog ){
	720	+ fossil_errorlog("warning: POST from different origin");
	721	+ }
715	722	fossil_free(zToFree);
716	723	return rc;
717	724	}
718	725
719	726	/*
		@@ -746,11 +753,11 @@
746	753	** 3: (2) plus there is a valid "csrf" token in the request
747	754	*/
748	755	int cgi_csrf_safe(int securityLevel){
749	756	if( g.okCsrf<0 ) return 0;
750	757	if( g.okCsrf==0 ){
751		- if( !cgi_same_origin() ){
	758	+ if( !cgi_same_origin(1) ){
752	759	g.okCsrf = -1;
753	760	}else{
754	761	g.okCsrf = 1;
755	762	if( cgi_is_post_request() ){
756	763	g.okCsrf = 2;
757	764

	--- src/cgi.c
	+++ src/cgi.c
	@@ -688,12 +688,16 @@
688	}
689
690
691	/*
692	** Return true if the current request is coming from the same origin.




693	*/
694	int cgi_same_origin(void){
695	const char *zRef;
696	char *zToFree = 0;
697	int nBase;
698	int rc;
699	if( g.zBaseURL==0 ) return 0;
	@@ -710,10 +714,13 @@
710	}else if( zRef[nBase]!=0 && zRef[nBase]!='/' ){
711	rc = 0;
712	}else{
713	rc = 1;
714	}



715	fossil_free(zToFree);
716	return rc;
717	}
718
719	/*
	@@ -746,11 +753,11 @@
746	** 3: (2) plus there is a valid "csrf" token in the request
747	*/
748	int cgi_csrf_safe(int securityLevel){
749	if( g.okCsrf<0 ) return 0;
750	if( g.okCsrf==0 ){
751	if( !cgi_same_origin() ){
752	g.okCsrf = -1;
753	}else{
754	g.okCsrf = 1;
755	if( cgi_is_post_request() ){
756	g.okCsrf = 2;
757

	--- src/cgi.c
	+++ src/cgi.c
	@@ -688,12 +688,16 @@
688	}
689
690
691	/*
692	** Return true if the current request is coming from the same origin.
693	**
694	** If the request comes from a different origin and bErrorLog is true, then
695	** put a warning message on the error log as this was a possible hack
696	** attempt.
697	*/
698	int cgi_same_origin(int bErrorLog){
699	const char *zRef;
700	char *zToFree = 0;
701	int nBase;
702	int rc;
703	if( g.zBaseURL==0 ) return 0;
	@@ -710,10 +714,13 @@
714	}else if( zRef[nBase]!=0 && zRef[nBase]!='/' ){
715	rc = 0;
716	}else{
717	rc = 1;
718	}
719	if( rc==0 && bErrorLog ){
720	fossil_errorlog("warning: POST from different origin");
721	}
722	fossil_free(zToFree);
723	return rc;
724	}
725
726	/*
	@@ -746,11 +753,11 @@
753	** 3: (2) plus there is a valid "csrf" token in the request
754	*/
755	int cgi_csrf_safe(int securityLevel){
756	if( g.okCsrf<0 ) return 0;
757	if( g.okCsrf==0 ){
758	if( !cgi_same_origin(1) ){
759	g.okCsrf = -1;
760	}else{
761	g.okCsrf = 1;
762	if( cgi_is_post_request() ){
763	g.okCsrf = 2;
764

M src/main.c

+1 -1

		--- src/main.c
		+++ src/main.c
		@@ -2161,11 +2161,11 @@
2161	2161	}
2162	2162	}
2163	2163	#endif
2164	2164	if( (pCmd->eCmdFlags & CMDFLAG_RAWCONTENT)==0 ){
2165	2165	cgi_decode_post_parameters();
2166		- if( !cgi_same_origin() ){
	2166	+ if( !cgi_same_origin(0) ){
2167	2167	isReadonly = 1;
2168	2168	db_protect(PROTECT_READONLY);
2169	2169	}
2170	2170	}
2171	2171	if( g.fCgiTrace ){
2172	2172

	--- src/main.c
	+++ src/main.c
	@@ -2161,11 +2161,11 @@
2161	}
2162	}
2163	#endif
2164	if( (pCmd->eCmdFlags & CMDFLAG_RAWCONTENT)==0 ){
2165	cgi_decode_post_parameters();
2166	if( !cgi_same_origin() ){
2167	isReadonly = 1;
2168	db_protect(PROTECT_READONLY);
2169	}
2170	}
2171	if( g.fCgiTrace ){
2172

	--- src/main.c
	+++ src/main.c
	@@ -2161,11 +2161,11 @@
2161	}
2162	}
2163	#endif
2164	if( (pCmd->eCmdFlags & CMDFLAG_RAWCONTENT)==0 ){
2165	cgi_decode_post_parameters();
2166	if( !cgi_same_origin(0) ){
2167	isReadonly = 1;
2168	db_protect(PROTECT_READONLY);
2169	}
2170	}
2171	if( g.fCgiTrace ){
2172

M src/security_audit.c

+32 -26

		--- src/security_audit.c
		+++ src/security_audit.c
		@@ -813,10 +813,11 @@
813	813	** this page.
814	814	**
815	815	** y=0x01 Show only hack attempts
816	816	** y=0x02 Show only panics and assertion faults
817	817	** y=0x04 Show hung backoffice processes
	818	+** y=0x08 Show POST requests from a different origin
818	819	** y=0x40 Show other uncategorized messages
819	820	**
820	821	** If y is omitted or is zero, a count of the various message types is
821	822	** shown.
822	823	*/
		@@ -823,18 +824,19 @@
823	824	void errorlog_page(void){
824	825	i64 szFile;
825	826	FILE *in;
826	827	char *zLog;
827	828	const char *zType = P("y");
828		- static const int eAllTypes = 0x47;
	829	+ static const int eAllTypes = 0x4f;
829	830	long eType = 0;
830	831	int bOutput = 0;
831	832	int prevWasTime = 0;
832	833	int nHack = 0;
833	834	int nPanic = 0;
834	835	int nOther = 0;
835	836	int nHang = 0;
	837	+ int nXPost = 0;
836	838	char z[10000];
837	839	char zTime[10000];
838	840
839	841	login_check_credentials();
840	842	if( !g.perm.Admin ){
		@@ -901,10 +903,13 @@
901	903	@ <li>Panics and assertion faults
902	904	}
903	905	if( eType & 0x04 ){
904	906	@ <li>Hung backoffice processes
905	907	}
	908	+ if( eType & 0x08 ){
	909	+ @ <li>POST requests from different origin
	910	+ }
906	911	if( eType & 0x40 ){
907	912	@ <li>Other uncategorized messages
908	913	}
909	914	@ </ul>
910	915	}
		@@ -923,11 +928,16 @@
923	928	nPanic++;
924	929	}else
925	930	if( sqlite3_strglob("warning: backoffice process * still *",z)==0 ){
926	931	bOutput = (eType & 0x04)!=0;
927	932	nHang++;
928		- }else{
	933	+ }else
	934	+ if( sqlite3_strglob("warning: POST from different origin*",z)==0 ){
	935	+ bOutput = (eType & 0x08)!=0;
	936	+ nXPost++;
	937	+ }else
	938	+ {
929	939	bOutput = (eType & 0x40)!=0;
930	940	nOther++;
931	941	}
932	942	if( bOutput ){
933	943	@ %h(zTime)\
		@@ -948,40 +958,36 @@
948	958	fclose(in);
949	959	if( eType ){
950	960	@ </pre>
951	961	}
952	962	if( eType==0 ){
953		- int nNonHack = nPanic+nHang+nOther;
954		- int nTotal = nNonHack + nHack;
	963	+ int nNonHack = nPanic + nHang + nOther;
	964	+ int nTotal = nNonHack + nHack + nXPost;
955	965	@ <p><table border="a" cellspacing="0" cellpadding="5">
956		- @ <tr><td align="right">%d(nPanic)</td>
957	966	if( nPanic>0 ){
	967	+ @ <tr><td align="right">%d(nPanic)</td>
958	968	@ <td><a href="./errorlog?y=2">Panics</a></td>
959		- } else {
960		- @ <td>Panics</td>
961	969	}
962		- @ <tr><td align="right">%d(nHack)</td>
963	970	if( nHack>0 ){
	971	+ @ <tr><td align="right">%d(nHack)</td>
964	972	@ <td><a href="./errorlog?y=1">Hack Attempts</a></td>
965		- if( nNonHack ){
966		- @ <tr><td align="right">%d(nNonHack)</td>
967		- @ <td><a href="%R/errorlog?y=70">Other than hack attempts</a></td>
968		- }
969		- }else{
970		- @ <td>Hack Attempts</td>
971		- }
972		- @ <tr><td align="right">%d(nHang)</td>
973		- if( nHang>0 ){
974		- @ <td><a href="./errorlog?y=4/">Hung Backoffice</a></td>
975		- }else{
976		- @ <td>Hung Backoffice</td>
977		- }
978		- @ <tr><td align="right">%d(nHang)</td>
979		- if( nOther>0 ){
980		- @ <td><a href="./errorlog?y=64/">Other</a></td>
981		- }else{
982		- @ <td>Other</td>
	973	+ }
	974	+ if( nHang>0 ){
	975	+ @ <tr><td align="right">%d(nHang)</td>
	976	+ @ <td><a href="./errorlog?y=4/">Hung Backoffice</a></td>
	977	+ }
	978	+ if( nXPost>0 ){
	979	+ @ <tr><td align="right">%d(nXPost)</td>
	980	+ @ <td><a href="./errorlog?y=8/">POSTs from different origin</a></td>
	981	+ }
	982	+ if( nOther>0 ){
	983	+ @ <tr><td align="right">%d(nOther)</td>
	984	+ @ <td><a href="./errorlog?y=64/">Other</a></td>
	985	+ }
	986	+ if( nHack+nXPost>0 && nNonHack>0 ){
	987	+ @ <tr><td align="right">%d(nNonHack)</td>
	988	+ @ <td><a href="%R/errorlog?y=70">Other than hack attempts</a></td>
983	989	}
984	990	@ <tr><td align="right">%d(nTotal)</td>
985	991	if( nTotal>0 ){
986	992	@ <td><a href="./errorlog">All Messages</a></td>
987	993	}else{
988	994

	--- src/security_audit.c
	+++ src/security_audit.c
	@@ -813,10 +813,11 @@
813	** this page.
814	**
815	** y=0x01 Show only hack attempts
816	** y=0x02 Show only panics and assertion faults
817	** y=0x04 Show hung backoffice processes

818	** y=0x40 Show other uncategorized messages
819	**
820	** If y is omitted or is zero, a count of the various message types is
821	** shown.
822	*/
	@@ -823,18 +824,19 @@
823	void errorlog_page(void){
824	i64 szFile;
825	FILE *in;
826	char *zLog;
827	const char *zType = P("y");
828	static const int eAllTypes = 0x47;
829	long eType = 0;
830	int bOutput = 0;
831	int prevWasTime = 0;
832	int nHack = 0;
833	int nPanic = 0;
834	int nOther = 0;
835	int nHang = 0;

836	char z[10000];
837	char zTime[10000];
838
839	login_check_credentials();
840	if( !g.perm.Admin ){
	@@ -901,10 +903,13 @@
901	@ <li>Panics and assertion faults
902	}
903	if( eType & 0x04 ){
904	@ <li>Hung backoffice processes
905	}



906	if( eType & 0x40 ){
907	@ <li>Other uncategorized messages
908	}
909	@ </ul>
910	}
	@@ -923,11 +928,16 @@
923	nPanic++;
924	}else
925	if( sqlite3_strglob("warning: backoffice process * still *",z)==0 ){
926	bOutput = (eType & 0x04)!=0;
927	nHang++;
928	}else{





929	bOutput = (eType & 0x40)!=0;
930	nOther++;
931	}
932	if( bOutput ){
933	@ %h(zTime)\
	@@ -948,40 +958,36 @@
948	fclose(in);
949	if( eType ){
950	@ </pre>
951	}
952	if( eType==0 ){
953	int nNonHack = nPanic+nHang+nOther;
954	int nTotal = nNonHack + nHack;
955	@ <p><table border="a" cellspacing="0" cellpadding="5">
956	@ <tr><td align="right">%d(nPanic)</td>
957	if( nPanic>0 ){

958	@ <td><a href="./errorlog?y=2">Panics</a></td>
959	} else {
960	@ <td>Panics</td>
961	}
962	@ <tr><td align="right">%d(nHack)</td>
963	if( nHack>0 ){

964	@ <td><a href="./errorlog?y=1">Hack Attempts</a></td>
965	if( nNonHack ){
966	@ <tr><td align="right">%d(nNonHack)</td>
967	@ <td><a href="%R/errorlog?y=70">Other than hack attempts</a></td>
968	}
969	}else{
970	@ <td>Hack Attempts</td>
971	}
972	@ <tr><td align="right">%d(nHang)</td>
973	if( nHang>0 ){
974	@ <td><a href="./errorlog?y=4/">Hung Backoffice</a></td>
975	}else{
976	@ <td>Hung Backoffice</td>
977	}
978	@ <tr><td align="right">%d(nHang)</td>
979	if( nOther>0 ){
980	@ <td><a href="./errorlog?y=64/">Other</a></td>
981	}else{
982	@ <td>Other</td>
983	}
984	@ <tr><td align="right">%d(nTotal)</td>
985	if( nTotal>0 ){
986	@ <td><a href="./errorlog">All Messages</a></td>
987	}else{
988

	--- src/security_audit.c
	+++ src/security_audit.c
	@@ -813,10 +813,11 @@
813	** this page.
814	**
815	** y=0x01 Show only hack attempts
816	** y=0x02 Show only panics and assertion faults
817	** y=0x04 Show hung backoffice processes
818	** y=0x08 Show POST requests from a different origin
819	** y=0x40 Show other uncategorized messages
820	**
821	** If y is omitted or is zero, a count of the various message types is
822	** shown.
823	*/
	@@ -823,18 +824,19 @@
824	void errorlog_page(void){
825	i64 szFile;
826	FILE *in;
827	char *zLog;
828	const char *zType = P("y");
829	static const int eAllTypes = 0x4f;
830	long eType = 0;
831	int bOutput = 0;
832	int prevWasTime = 0;
833	int nHack = 0;
834	int nPanic = 0;
835	int nOther = 0;
836	int nHang = 0;
837	int nXPost = 0;
838	char z[10000];
839	char zTime[10000];
840
841	login_check_credentials();
842	if( !g.perm.Admin ){
	@@ -901,10 +903,13 @@
903	@ <li>Panics and assertion faults
904	}
905	if( eType & 0x04 ){
906	@ <li>Hung backoffice processes
907	}
908	if( eType & 0x08 ){
909	@ <li>POST requests from different origin
910	}
911	if( eType & 0x40 ){
912	@ <li>Other uncategorized messages
913	}
914	@ </ul>
915	}
	@@ -923,11 +928,16 @@
928	nPanic++;
929	}else
930	if( sqlite3_strglob("warning: backoffice process * still *",z)==0 ){
931	bOutput = (eType & 0x04)!=0;
932	nHang++;
933	}else
934	if( sqlite3_strglob("warning: POST from different origin*",z)==0 ){
935	bOutput = (eType & 0x08)!=0;
936	nXPost++;
937	}else
938	{
939	bOutput = (eType & 0x40)!=0;
940	nOther++;
941	}
942	if( bOutput ){
943	@ %h(zTime)\
	@@ -948,40 +958,36 @@
958	fclose(in);
959	if( eType ){
960	@ </pre>
961	}
962	if( eType==0 ){
963	int nNonHack = nPanic + nHang + nOther;
964	int nTotal = nNonHack + nHack + nXPost;
965	@ <p><table border="a" cellspacing="0" cellpadding="5">

966	if( nPanic>0 ){
967	@ <tr><td align="right">%d(nPanic)</td>
968	@ <td><a href="./errorlog?y=2">Panics</a></td>


969	}

970	if( nHack>0 ){
971	@ <tr><td align="right">%d(nHack)</td>
972	@ <td><a href="./errorlog?y=1">Hack Attempts</a></td>
973	}
974	if( nHang>0 ){
975	@ <tr><td align="right">%d(nHang)</td>
976	@ <td><a href="./errorlog?y=4/">Hung Backoffice</a></td>
977	}
978	if( nXPost>0 ){
979	@ <tr><td align="right">%d(nXPost)</td>
980	@ <td><a href="./errorlog?y=8/">POSTs from different origin</a></td>
981	}
982	if( nOther>0 ){
983	@ <tr><td align="right">%d(nOther)</td>
984	@ <td><a href="./errorlog?y=64/">Other</a></td>
985	}
986	if( nHack+nXPost>0 && nNonHack>0 ){
987	@ <tr><td align="right">%d(nNonHack)</td>
988	@ <td><a href="%R/errorlog?y=70">Other than hack attempts</a></td>


989	}
990	@ <tr><td align="right">%d(nTotal)</td>
991	if( nTotal>0 ){
992	@ <td><a href="./errorlog">All Messages</a></td>
993	}else{
994

Fossil SCM

Keyboard Shortcuts