T864 - Separate log file for unparsed queries

acra-censor/acra-censor_configuration_provider.go

@@ -17,17 +17,17 @@ limitations under the License.
 package acracensor
 
 import (
+	"github.com/cossacklabs/acra/acra-censor/common"
 	"github.com/cossacklabs/acra/acra-censor/handlers"
 	"gopkg.in/yaml.v2"
 	"strings"
 )
 
 // Query handlers' names.
 const (
-	BlacklistConfigStr    = "blacklist"
-	WhitelistConfigStr    = "whitelist"
-	QueryCaptureConfigStr = "query_capture"
-	QueryIgnoreConfigStr  = "query_ignore"
+	BlacklistConfigStr   = "blacklist"
+	WhitelistConfigStr   = "whitelist"
+	QueryIgnoreConfigStr = "query_ignore"
 )
 
 // Config shows handlers configuration: queries, tables, patterns
@@ -37,9 +37,10 @@ type Config struct {
 		Queries  []string
 		Tables   []string
 		Patterns []string
-		Filepath string
 	}
-	IgnoreParseError bool `yaml:"ignore_parse_error"`
+	IgnoreParseError bool   `yaml:"ignore_parse_error"`
+	ParseErrorsLog   string `yaml:"parse_errors_log"`
+	CaptureLog       string `yaml:"capture_log"`
 }
 
 // LoadConfiguration loads configuration of AcraCensor
@@ -50,6 +51,21 @@ func (acraCensor *AcraCensor) LoadConfiguration(configuration []byte) error {
 		return err
 	}
 	acraCensor.ignoreParseError = censorConfiguration.IgnoreParseError
+	if !strings.EqualFold(censorConfiguration.CaptureLog, "") {
+		queryWriter, err := common.NewFileQueryWriter(censorConfiguration.CaptureLog)
+		if err != nil {
+			return err
+		}
+		acraCensor.parsedQueriesWriter = queryWriter
+	}
+	if !strings.EqualFold(censorConfiguration.ParseErrorsLog, "") {
+		queryWriter, err := common.NewFileQueryWriter(censorConfiguration.ParseErrorsLog)
+		if err != nil {
+			return err
+		}
+		acraCensor.unparsedQueriesWriter = queryWriter
+	}
+
 	for _, handlerConfiguration := range censorConfiguration.Handlers {
 		switch handlerConfiguration.Handler {
 		case WhitelistConfigStr:
@@ -78,16 +94,6 @@ func (acraCensor *AcraCensor) LoadConfiguration(configuration []byte) error {
 			}
 			acraCensor.AddHandler(blacklistHandler)
 			break
-		case QueryCaptureConfigStr:
-			if strings.EqualFold(handlerConfiguration.Filepath, "") {
-				break
-			}
-			queryCaptureHandler, err := handlers.NewQueryCaptureHandler(handlerConfiguration.Filepath)
-			if err != nil {
-				return err
-			}
-			acraCensor.AddHandler(queryCaptureHandler)
-			break
 		case QueryIgnoreConfigStr:
 			queryIgnoreHandler := handlers.NewQueryIgnoreHandler()
 			queryIgnoreHandler.AddQueries(handlerConfiguration.Queries)

acra-censor/acra-censor_implementation.go

@@ -18,7 +18,6 @@ package acracensor
 
 import (
 	"github.com/cossacklabs/acra/acra-censor/common"
-	"github.com/cossacklabs/acra/acra-censor/handlers"
 	log "github.com/sirupsen/logrus"
 )
 
@@ -27,9 +26,11 @@ const ServiceName = "acra-censor"
 
 // AcraCensor describes censor data: query handler, logger and reaction on parsing errors.
 type AcraCensor struct {
-	handlers         []QueryHandlerInterface
-	ignoreParseError bool
-	logger           *log.Entry
+	handlers              []QueryHandlerInterface
+	ignoreParseError      bool
+	parsedQueriesWriter   *common.QueryWriter
+	unparsedQueriesWriter *common.QueryWriter
+	logger                *log.Entry
 }
 
 // NewAcraCensor creates new censor object.
@@ -65,37 +66,25 @@ func (acraCensor *AcraCensor) ReleaseAll() {
 
 // HandleQuery processes every query through each handler.
 func (acraCensor *AcraCensor) HandleQuery(rawQuery string) error {
-	if len(acraCensor.handlers) == 0 {
+	if len(acraCensor.handlers) == 0 && acraCensor.parsedQueriesWriter == nil && acraCensor.unparsedQueriesWriter == nil {
 		// no handlers, AcraCensor won't work
 		return nil
 	}
 	normalizedQuery, queryWithHiddenValues, parsedQuery, err := common.HandleRawSQLQuery(rawQuery)
+	// Unparsed query handling
 	if err == common.ErrQuerySyntaxError {
 		acraCensor.logger.WithError(err).Warning("Failed to parse input query")
+		acraCensor.saveUnparsedQuery(rawQuery)
 		if acraCensor.ignoreParseError {
-			acraCensor.logger.Infof("Unparsed query has been allowed")
+			acraCensor.logger.Infoln("Unparsed query has been allowed")
 			return nil
 		}
-		acraCensor.logger.Errorf("Unparsed query has been forbidden")
+		acraCensor.logger.Errorln("Unparsed query has been forbidden")
 		return err
 	}
-
+	// Parsed query handling
+	acraCensor.saveParsedQuery(queryWithHiddenValues)
 	for _, handler := range acraCensor.handlers {
-		// in QueryCapture Handler we use only redacted queries
-		if queryCaptureHandler, ok := handler.(*handlers.QueryCaptureHandler); ok {
-			queryCaptureHandler.CheckQuery(queryWithHiddenValues, parsedQuery)
-			continue
-		}
-		// in QueryIgnore Handler we use only raw queries
-		if queryIgnoreHandler, ok := handler.(*handlers.QueryIgnoreHandler); ok {
-			continueHandling, _ := queryIgnoreHandler.CheckQuery(rawQuery, parsedQuery)
-			if continueHandling {
-				continue
-			} else {
-				break
-			}
-		}
-		// remained handlers operate
 		continueHandling, err := handler.CheckQuery(normalizedQuery, parsedQuery)
 		if err != nil {
 			acraCensor.logger.Errorf("Forbidden query: '%s'", queryWithHiddenValues)
@@ -110,3 +99,15 @@ func (acraCensor *AcraCensor) HandleQuery(rawQuery string) error {
 	acraCensor.logger.Infof("Allowed query: '%s'", queryWithHiddenValues)
 	return nil
 }
+
+func (acraCensor *AcraCensor) saveUnparsedQuery(query string) {
+	if acraCensor.unparsedQueriesWriter != nil {
+		acraCensor.unparsedQueriesWriter.CheckQuery(query, nil)
+	}
+}
+
+func (acraCensor *AcraCensor) saveParsedQuery(query string) {
+	if acraCensor.parsedQueriesWriter != nil {
+		acraCensor.parsedQueriesWriter.CheckQuery(query, nil)
+	}
+}

acra-censor/acra-censor_interfaces.go

@@ -22,7 +22,9 @@ limitations under the License.
 // https://github.com/cossacklabs/acra/wiki/AcraCensor
 package acracensor
 
-import "github.com/cossacklabs/acra/sqlparser"
+import (
+	"github.com/cossacklabs/acra/sqlparser"
+)
 
 // QueryHandlerInterface describes what actions are available for queries.
 type QueryHandlerInterface interface {