From 22f1b1cab909ca775c61178b0d897629c243468e Mon Sep 17 00:00:00 2001
From: Robert Paprocki <robert@cryptobells.com>
Date: Fri, 21 Oct 2016 20:31:39 -0700
Subject: [PATCH] Allow exec() in log phase

Fixes issue #228.
---
 lib/resty/waf.lua             | 13 ++++++++++---
 lib/resty/waf/collections.lua |  3 ++-
 lib/resty/waf/phase.lua       |  2 +-
 t/unit/phase/01_phase.t       |  2 +-
 tools/Modsec2LRW.pm           |  2 +-
 5 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/lib/resty/waf.lua b/lib/resty/waf.lua
index 3bc86295..218dbea5 100644
--- a/lib/resty/waf.lua
+++ b/lib/resty/waf.lua
@@ -137,6 +137,10 @@ local function _finalize(self, ctx)
 
 	-- store the local copy of the ctx table
 	ngx.ctx = ctx
+
+	if (ctx.phase == 'log') then
+		self:write_log_events(true)
+	end
 end
 
 -- use the lookup table to figure out what to do
@@ -598,12 +602,15 @@ end
 
 -- push log data regarding matching rule(s) to the configured target
 -- in the case of socket or file logging, this data will be buffered
-function _M.write_log_events(self)
+function _M.write_log_events(self, has_ctx)
 	-- there is a small bit of code duplication here to get our context
 	-- because this lives outside exec()
 	local ctx = ngx.ctx
-	if (ctx.opts) then
-		_load(self, ctx.opts)
+
+	if (not has_ctx) then
+		if (ctx.opts) then
+			_load(self, ctx.opts)
+		end
 	end
 
 	if (not ctx.lrw_initted) then
diff --git a/lib/resty/waf/collections.lua b/lib/resty/waf/collections.lua
index c4803351..606f342c 100644
--- a/lib/resty/waf/collections.lua
+++ b/lib/resty/waf/collections.lua
@@ -97,7 +97,8 @@ _M.lookup = {
 			collections.RESPONSE_BODY = table_concat(ctx.buffers, '')
 			ngx.arg[1] = collections.RESPONSE_BODY
 		end
-	end
+	end,
+	log = function() end
 }
 
 return _M
diff --git a/lib/resty/waf/phase.lua b/lib/resty/waf/phase.lua
index 457370b5..2a518bc5 100644
--- a/lib/resty/waf/phase.lua
+++ b/lib/resty/waf/phase.lua
@@ -4,7 +4,7 @@ _M.version = "0.8.2"
 
 local util = require "resty.waf.util"
 
-_M.phases = { access = 1, header_filter = 2, body_filter = 3 }
+_M.phases = { access = 1, header_filter = 2, body_filter = 3, log = 4 }
 
 function _M.is_valid_phase(phase)
 	return util.table_has_key(phase, _M.phases)
diff --git a/t/unit/phase/01_phase.t b/t/unit/phase/01_phase.t
index 8ea104e9..37312157 100644
--- a/t/unit/phase/01_phase.t
+++ b/t/unit/phase/01_phase.t
@@ -187,7 +187,7 @@ true
 --- no_error_log
 [error]
 
-=== TEST 11: Log is not a valid phase
+=== TEST 11: Log is a valid phase
 --- http_config eval: $::HttpConfig
 --- config
 	location /t {
diff --git a/tools/Modsec2LRW.pm b/tools/Modsec2LRW.pm
index 034b3433..5f4c0ba3 100644
--- a/tools/Modsec2LRW.pm
+++ b/tools/Modsec2LRW.pm
@@ -146,7 +146,7 @@ my $phase_lookup = {
 	2 => 'access',
 	3 => 'header_filter',
 	4 => 'body_filter',
-	5 => 'body_filter', # lua-resty-waf doesnt have a proper logging phase
+	5 => 'log',
 };
 
 my $op_sep_lookup = {