github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,281 Commits 55 Branches 109 Tags
Commit Graph

109 Commits

Author SHA1 Message Date
Ervin Hegedus
c964f9cbf6
Remove unused tests 2025-07-28 21:51:51 +02:00
Ervin Hegedus
b6d14b7fce
Add necessary arguments to perl test script 2025-07-28 17:38:37 +02:00
Ervin Hegedus
c7cacf80f2
Fix xml processing tests 2025-07-28 17:21:44 +02:00
Ervin Hegedus
63af83080c
Fix pmfromfile external tests - temporary suspended all tests 2025-07-28 16:22:29 +02:00
Ervin Hegedus
780304caf4
Fix ipmatchfromfile external tests - temporary suspended all tests 2025-07-28 16:19:26 +02:00
Ervin Hegedus
1362a30e93
Fix SecRemoteRules test - that's need anymore 2025-07-28 16:18:14 +02:00
Ervin Hegedus
bc01714ca1
Fix status engine tests 2025-07-28 16:11:24 +02:00
Ervin Hegedus
33791eb14a
Fix multipart tests 2025-07-28 16:09:10 +02:00
Ervin Hegedus
10659ad14d
Fix request directives test cases 2025-07-28 15:30:04 +02:00
Ervin Hegedus
575314fe59
Fix misc directives test cases 2025-07-28 14:18:15 +02:00
Ervin Hegedus
36876ff5fb
Fix load tests 2025-07-27 19:56:32 +02:00
Ervin Hegedus
158084c7ec
Fix startup errors, missing getopt() args 2025-07-27 19:54:58 +02:00
Ervin Hegedus
302fce71e8
fix: 'make test' is able to run again 2025-05-10 21:29:17 +02:00
Martin Vierula
afb48b2c97
Adjust one automated test 2023-01-04 08:00:49 -08:00
Martin Vierula
0981b325a7
Support configurable limit on number of arguments processed 2022-12-14 07:01:23 -08:00
Martin Vierula
bb372850ac
Adjust parser activation rules in modsecurity.conf-recommended 2022-09-07 11:43:54 -07:00
Martin Vierula
7a489bd07c
Multipart parsing fixes and new MULTIPART_PART_HEADERS collection 2022-09-07 11:09:47 -07:00
Martin Vierula
159cb4e93c
Fix a failing test. 2022-08-20 15:24:37 -07:00
Martin Vierula
4a98032b7f
Allow no-key, single-value JSON body 2022-05-03 12:34:03 -07:00
Martin Vierula
065dbe7e76
Multipart names may include single quote if double-quote enclosed 2021-12-22 10:37:03 -08:00
Martin Vierula
41918335fa
Support configurable limit on depth of JSON parsing 2021-11-18 17:35:40 -08:00
Felipe Zimmerle
25e5543c7f Allow empty arrays in JSON parser 
Issue #1576
 2018-11-26 10:40:46 -03:00
Felipe Zimmerle
fecc4296e3
Adds more tests to REQUEST_BASENAME 
Meant to test #1795
 2018-09-04 22:40:26 -03:00
Felipe Zimmerle
9f92321afb
Fix test case to match new version of curl. 
Error message was changed
 2017-07-14 10:37:58 -03:00
Mario D. Santana
e3b3721ee3 Allow mod_proxy's "nocanon" behavior to be specified in proxy actions. 2016-01-06 08:23:52 -03:00
Felipe Zimmerle
462308be74 Improves the accuracy of version identification on status calls 
Trying to differentiate among IIS, Apache, NGINX, and Standalone builds.
 2015-02-11 18:37:01 -08:00
Felipe Zimmerle
ce4cf24f6e Refactoring external resources download warn messages 
Holding the message to be displayed when Apache is ready to write on the
error_log instead of the default output. Regression tests were added.
 2014-12-11 12:42:49 -08:00
Felipe Zimmerle
23823bb2c3 Makes Curl no longer a mandatory depedency for ModSecurity core 
As reported by Rainer Jung, Curl may not be mandatory to build
	ModSecurity core. This patch make it optional by:
	- Concentrate all downloads using curl on msc_remote_rules.c
	- Split Curl build definitions checks into: WITH_CURL, WITH_REMOTE_RULES
	and WITH_CRYPTO.
	  - WITH_CURL: Contains Culr headers and binaries during the build time.
	  - WITH_REMOTE_RULES: Currently enabled if Curl is present.
	  - WITH_CRYPTO: Set if apr tool was compiled with crypto support.
	- Renames msc_remote_grab_content to msc_remote_download_content
 2014-12-03 08:28:59 -08:00
Felipe Zimmerle
b019f6056f fix typo 
- Adds a missing "s" while informing the amount of remote loaded rules.
- Renames text file that was wrongly named as .py
 2014-11-17 19:32:43 -08:00
Felipe Zimmerle
9fe72b72de Improves the CA validation 
On IIS CA validation was not working as libcurl on windows does not look for a
certificate store, unless it is specified. The resource downloads are now
respecting the SecRemoteRulesFailAction.
 2014-11-17 19:32:32 -08:00
Felipe Zimmerle
723336f1fb Adds regression test for FILE_TMP_CONTENT 2014-11-14 11:53:40 -08:00
Felipe Zimmerle
86787f2af9 Adds SecRemoteRules regression tests. 
Added two test cases for SecRemoteRules. Contents are loaded from
https://www.modsecurity.org
 2014-11-14 11:53:40 -08:00
Felipe Zimmerle
b5398abaf2 Forces downloads using https-only for resources or rules 
This commit makes ModSecurity to refuse to download or install rules
(SecRemoteRules) from sites that are not running HTTPS with a valid and
trusted certificate.
 2014-11-14 11:53:40 -08:00
Felipe Zimmerle
899ee0c365 Adds support to load remote resources to pmFromFile and ipMatchFromFile 
Initially those directives were only able to load content from a
local file. This commit extends this functionality allowing the user to
provide an HTTP URI that can be downloaded and loaded by ModSecurity.
Initially the download is associated with a server restart. For next
versions we expect to load such resources as it become outdated (Without
need to resetart the server).
 2014-11-14 11:53:40 -08:00
Felipe Zimmerle
81bde0842d Adds curl support to main core 
Curl was used only by mlogc, as we want to expand ModSecurity to load
external rules/resources it is now a dependency of the core as well.
 2014-11-14 11:53:40 -08:00
Felipe Zimmerle
288fedfd22 Adds real_server_signature symbol to msc_test 
Missing symbol was leading the tests to fail
 2014-11-14 11:53:39 -08:00
Felipe Zimmerle
cee205b109 Adds Status test case with the SecServerSignature being used 
If SecServerSignature is used ModSecurity should send the real data, not the
one informed to SecServerSignature.
Originally reported by: Linas
 2014-11-14 11:53:39 -08:00
Felipe Zimmerle
f2b45bfafa Automake: Using ../ instead of $(top_srcdir) 
After enable `subdir-objects', the variable $(top_srcdir) was not being
resolved, a directory labeled "$(top_srcdir)" was created instead.
 2014-11-14 11:53:39 -08:00
Felipe Zimmerle
c64a681c65 Temporarily disable a test that is leading nginx buildbot to fail. 2014-11-14 11:53:39 -08:00
Felipe Zimmerle
a45fe95ed5 FuzzyHash: if disable giving an run time error instead of config 
FuzzyHash operator is optional and only installed if the headers for libfuzzy
was found in the system. Otherwise, the FuzzyHash operator is disable during
the compilation. After this commit, if some rules tries to use it, ModSecurity
will produce an runtime error not a config time error, allowing the web server
to procede normal with its operations.
 2014-11-14 11:53:39 -08:00
Felipe Zimmerle
fa0c97ea7b Adds regression test to cover the @fuzzeHash operator 
Added 30-fuzzyHash.t and the ssdeep hash files. Hash files was generated using
files from ModSecurity repository.
 2014-11-14 11:53:39 -08:00
Felipe Zimmerle
873c628b1a Adds ssdeep support in our build system 
ssdeep will be used with the @fuzzyHash operator which is under
development
 2014-11-14 11:53:39 -08:00
Felipe Zimmerle
79639b5e47 Accepts random port on FULL_REQUEST regression test 
FULL_REQUEST regression test was failing over the buildbots due the
usage of non default ports. Now it is accepting any number.
 2014-07-25 04:46:59 -07:00
Felipe Zimmerle
731466cff0 Adds @ipMatch operator unit test. 
As reported on issue #706 the @ipMatch operator is not working as expected
creating this test case to confirm the issue and to avoid that happens in
the future.
 2014-06-11 09:31:53 -07:00
Felipe Zimmerle
66939d059b Adds initial support to @detectXSS 
Libinject was recently updated to support XSS detection. This commit adds
initial support to it.
 2014-03-31 16:22:11 -07:00
Felipe Zimmerle
52bef20ce5 Adds unit test to the JSON parser 
Unit test to test whenever the JSON parser is enabled
 2014-03-31 16:22:09 -07:00
Felipe Zimmerle
8d4c3e4f5c Makes the build system to look for yajl using a macro file 
Now searching for yajl using find_yajl.m4 macro file instead
of using pkg-config directly. If YAJL was not found or if it
was disabled in the configure phase, the code will be compiled
without JSON support.
 2014-03-31 16:22:09 -07:00
Felipe Zimmerle
d75e443b9b Adds regression test to SecStatusEngine 
Just checking the error log while have SecStatusEngine set to On in a first
test and Off in a second.
 2014-03-31 07:14:55 -07:00
Felipe Zimmerle
d93ce9ceee Adds REQUEST_FULL and REQUEST_FULL_LENGTH variables 
This variable is a combination from REQUEST_LINE, REQUEST_HEADERS and
REQUEST_BODY (if any). Expects for \n\n in between each of those values.
 2014-03-31 07:14:55 -07:00
Felipe Zimmerle
62f3d02894 Adds utf8toUnicode.t to our unit tests 
A bug was reported related to our utf8toUnicode transformation, so, adding this
unit test to confirm the bug and to check whenever it is fixed. Bug #671.
 2014-03-31 07:14:55 -07:00