From a61820fe2cae58ca8ed3336d07147d0e76d61638 Mon Sep 17 00:00:00 2001 From: Marc Stern Date: Fri, 10 May 2024 17:26:23 +0200 Subject: [PATCH 1/3] Enhanced logging [Issue #3107] --- CHANGES | 2 ++ apache2/msc_json.c | 10 +++++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index eb1b846c..80d8520c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ DD mmm YYYY - 2.9.x (to be released) ------------------- + * Enhance logging + [Issue #3107 - @marcstern] * Fix possible segfault in collection_unpack [Issue #3072 - @twouters] * Set the minimum security protocol version for SecRemoteRules diff --git a/apache2/msc_json.c b/apache2/msc_json.c index 4cbeebf5..f57d7802 100644 --- a/apache2/msc_json.c +++ b/apache2/msc_json.c @@ -65,6 +65,7 @@ int json_add_argument(modsec_rec *msr, const char *value, unsigned length) log_escape_ex(msr->mp, arg->value, arg->value_len)); } msr->msc_reqbody_error = 1; + msr->json->yajl_error = apr_psprintf(msr->mp, "More than %ld JSON keys", msr->txcfg->arguments_limit); return 0; } @@ -374,9 +375,12 @@ int json_process_chunk(modsec_rec *msr, const char *buf, unsigned int size, char if (msr->json->depth_limit_exceeded) { *error_msg = "JSON depth limit exceeded"; } else { - char *yajl_err = yajl_get_error(msr->json->handle, 0, buf, size); - *error_msg = apr_pstrdup(msr->mp, yajl_err); - yajl_free_error(msr->json->handle, yajl_err); + if (msr->json->yajl_error) *error_msg = msr->json->yajl_error; + else { + char* yajl_err = yajl_get_error(msr->json->handle, 0, buf, size); + *error_msg = apr_pstrdup(msr->mp, yajl_err); + yajl_free_error(msr->json->handle, yajl_err); + } } return -1; } From 746f57f96312ce2f564f708bf9ac116f9a92be96 Mon Sep 17 00:00:00 2001 From: Marc Stern Date: Thu, 16 May 2024 15:52:31 +0200 Subject: [PATCH 2/3] Changed indentation --- apache2/msc_json.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apache2/msc_json.c b/apache2/msc_json.c index f57d7802..136e8ad9 100644 --- a/apache2/msc_json.c +++ b/apache2/msc_json.c @@ -377,9 +377,9 @@ int json_process_chunk(modsec_rec *msr, const char *buf, unsigned int size, char } else { if (msr->json->yajl_error) *error_msg = msr->json->yajl_error; else { - char* yajl_err = yajl_get_error(msr->json->handle, 0, buf, size); - *error_msg = apr_pstrdup(msr->mp, yajl_err); - yajl_free_error(msr->json->handle, yajl_err); + char* yajl_err = yajl_get_error(msr->json->handle, 0, buf, size); + *error_msg = apr_pstrdup(msr->mp, yajl_err); + yajl_free_error(msr->json->handle, yajl_err); } } return -1; From 98dba00231589ee36b71856134b9402cbbdfcb83 Mon Sep 17 00:00:00 2001 From: Felipe Zipitria Date: Thu, 23 May 2024 09:40:09 -0300 Subject: [PATCH 3/3] docs: update README Signed-off-by: Felipe Zipitria --- README.md | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 7223af73..a8235851 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,13 @@ -ModSecurity for Apache 2.x -====== +# ModSecurity 2 -http://www.modsecurity.org/ +https://www.modsecurity.org/ -Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) +Copyright (c) 2004-2024 Trustwave Holdings, Inc. (https://www.trustwave.com/) +Copyright (c) 2024-2024 OWASP ModSecurity Project (https://www.owasp.org/) You may not use this file except in compliance with the License. You may obtain a copy of the License at: https://www.apache.org/licenses/LICENSE-2.0 -If any of the files related to licensing are missing or if you have any other questions related to licensing please contact Trustwave Holdings, Inc. directly using the email address: modsecurity@owasp.org. - +If any of the files related to licensing are missing or if you have any other questions related to licensing please contact us here: modsecurity@owasp.org. ## Documentation @@ -16,4 +15,8 @@ Please refer to: [the documentation folder](https://github.com/owasp-modsecurity ## Sponsor Note -Development of ModSecurity is sponsored by Trustwave. Sponsorship will end July 1, 2024. Additional information can be found here https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/ +Original Development of ModSecurity was sponsored by Trustwave. In 2024, [stewardship was transferred to OWASP](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trustwave-transfers-modsecurity-custodianship-to-the-open-worldwide-application-security-project/). + +Contact us for sponsorship! + +You can also send us donations using the [OWASP donations page](https://owasp.org/donate/?reponame=www-project-modsecurity&title=OWASP+ModSecurity).