github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,035 Commits 55 Branches 109 Tags
Commit Graph

501 Commits

Author SHA1 Message Date
Felipe Zimmerle
8bc8be6429
Cleanup on Action class 2021-03-04 11:11:21 -03:00
Felipe Zimmerle
d196bec0bc
Refactoring: Makes transformations to work with new execute signature 2021-03-01 14:57:58 -03:00
Felipe Zimmerle
eacbbf89e7
Refactoring: rename evaluate to execute on actions 2021-03-01 14:57:58 -03:00
Felipe Zimmerle
bff00b1ea4
Refactoring in the Rule class to make it more elegant 2021-03-01 14:57:58 -03:00
Felipe Zimmerle
6e24e60a02
Adds new method for rule merge 
IMPORTANT: SecDefaultAction specified on a child configuration will
overwrite the ones specified on the parent; Previously it was
concatenating.
 2021-03-01 14:57:58 -03:00
marshal09
42eec41a46
Add new transformation call phpArgsNames 2021-03-01 14:57:57 -03:00
Felipe Zimmerle
4cdcc15334
Revert "Adds suppor for HyperScan in the bulid system" 
This reverts commit 912704b6d4e45aa601b87c5a4cf4b6061d1bbccb.
 2021-02-26 11:33:12 -03:00
Felipe Zimmerle
912704b6d4
Adds suppor for HyperScan in the bulid system 2021-02-26 11:15:02 -03:00
Felipe Zimmerle
2e69ce6ccf
build: Fix curl include path 
Issue #2519
 2021-02-24 13:20:24 -03:00
martinhsv
fbea73120c
Fix: FILES variable does not use multipart part name for key 2021-01-24 15:06:30 -03:00
Felipe Zimmerle
f1f2527c03
Using setenv instead of putenv on SetEnv action 2021-01-24 14:59:59 -03:00
Felipe Zimmerle
03b3e472d4
cosmetics: Please static check 2021-01-24 11:53:52 -03:00
Felipe Zimmerle
e8bd2151f2
Having _NAMES, variables proxied 
Some variables share content with others; that is the case
for ARGS and ARGS_NAMES. Those are different in value, as
ARGS_NAMES holds the key name as value.

Instead of duplicating the strings for the different
collections, this patch unifies the collection in radix,
avoiding memory fragmentation. It is currently doing some
fragmentation while resolving the variable, but to be
mitigated by shared_ptr is VariableValues, a different
change.

TODO: place others variables such as COOKIE*NAMES to use
the same proxy.
 2021-01-24 11:30:22 -03:00
Felipe Zimmerle
3748d62f19
Changes copyright dates on the code 2021-01-19 09:24:37 -03:00
Felipe Zimmerle
f948d637f2
Having the QA on GitHub workflow 2021-01-14 09:15:18 -03:00
Felipe Zimmerle
e6bdadeb69
tests: Prints test number on segfault 2021-01-13 13:38:38 -03:00
Felipe Zimmerle
9b40a045bb
Cosmetics: fix some cppcheck complains to please QA 2021-01-13 13:30:04 -03:00
Felipe Zimmerle
f18595f428
Makes regular expression selection on collections key case insensitive 
This issue was initially reported by @michaelgranzow-avi on #2296.

@airween made an initial attempt to provide a fixed at #2107; As a
consequence of the pull request review - provided by @victorhora,
@zimmerle, and @michaelgranzow-avi - @airween made a second attempt
at #2297. After reviewing by @martinhsv, @zimmerle, I have absorbed
the essential pieces from @airween patch into this one.

This patch differs from @airween's because @airween's patches were
partially working: Key exclusions with regex weren't covered, same
for anchored variables (e.g. ARGS). During the review, I have
highlighted the importance of having elementary test cases. A simple
test case on ARGS could spot the issue. Since that is an important
fix, I don't want to hold this for one more review cycle; therefore,
I am committing the fix myself.

Thank you all involved in the solution of this very own issue.
 2020-12-10 10:05:07 -03:00
martinhsv
d72be1c470
Fix: Only delete Multipart tmp files after rules have run 2020-11-04 13:50:07 -03:00
Michael Granzow
1b7aa42c77
Issue-2423: Meta-actions like 'msg' should be applied at end of chain 2020-10-29 10:33:02 -03:00
martinhsv
2672db103e
Add support for new operator rxGlobal 2020-10-26 08:55:07 -03:00
Felipe Zimmerle
4b425850cf
Cosmetics: fix cppcheck warnings 2020-10-23 08:29:07 -03:00
Felipe Zimmerle
377fb723ca
Makes lua 5.1 workable again 
Issue #2389
 2020-09-21 10:04:40 -03:00
martinhsv
b9620c26a0
rx:exit after full match; fix TX population after unused group 2020-06-29 06:13:45 -07:00
martinhsv
a1547eaa32
Regression tests: audit log compare support and test cases 2020-03-31 15:01:26 -03:00
Felipe Zimmerle
7a48245aed
Creates RuleUnconditional 
Makes RuleScript child of RuleWithActions instead of Operator
 2020-03-31 14:44:19 -03:00
Felipe Zimmerle
43f8aee6b6
Splits Rule class into: Rule, RuleBase, RuleMarker 2020-03-30 20:21:36 -03:00
Felipe Zimmerle
fda03c0016
Yet another refactoring in Rule 2020-03-30 15:38:51 -03:00
Felipe Zimmerle
5ebfa5eacb
Removes referece count from audit logs 2020-03-26 10:38:55 -03:00
Felipe Zimmerle
9d158611cf
Makes Rule a shared pointer 2020-03-25 16:11:23 -03:00
Felipe Zimmerle
6367e6d5e9
Having a class Rules 2020-03-24 17:20:10 -03:00
Felipe Zimmerle
fb7714f202
Creates class RulesSetPhases 2020-03-24 14:00:28 -03:00
Felipe Zimmerle
7a0ad43087
fuzz: minor adjustment on op_test 2020-03-24 09:42:45 -03:00
Felipe Zimmerle
6de5c5984d
Adds some operators to the fuzzing tests 2020-03-23 22:15:48 -03:00
Felipe Zimmerle
edd0a4bb26
Updates the fuzzing example 2020-03-23 21:41:24 -03:00
Felipe Zimmerle
1e26bf2078
Revert "Creates the RulesSetPhases clas" 
This reverts commit 072e4edc53e388fdf64a5eb9d4317544a1c8ada6.
 2020-03-11 08:17:56 -03:00
Felipe Zimmerle
072e4edc53
Creates the RulesSetPhases clas 2020-03-05 07:13:02 -03:00
Felipe Zimmerle
014adabda4
cppcheck: Adds rules_set_properties.cc supressions 2020-02-18 14:18:22 -03:00
Felipe Zimmerle
6a742cdf76
Refactoring: Renames RulesProperties to RulesSetProperties 2020-02-17 13:17:03 -03:00
martinhsv
f57265a3e2
Support configurable limit on number of arguments processed 2020-02-14 11:00:01 -03:00
Felipe Zimmerle
4671608d5b
cppcheck: more suppressions 2020-02-12 09:32:15 -03:00
Felipe Zimmerle
b7e28c246f
static: fix static checks 2020-02-11 15:16:24 -03:00
Felipe Zimmerle
7495675d54
Refactoring: Renames Rules to RulesSet 
RulesSet does not only contain rules but alse properties
 2020-02-11 14:26:47 -03:00
martinhsv
136db3e582
Multipart Content-Disposition should allow filename* field 2020-02-11 10:29:38 -03:00
martinhsv
1b1fdc055b
Fix rule-update-target exclusions for plain (non-regex) variables 2020-02-11 09:42:37 -03:00
Felipe Zimmerle
357c140003
Changens copyright year 2020-01-31 10:32:37 -03:00
Felipe Zimmerle
fe98ce4c7d
Cosmetics: address cppcheck warnings 2020-01-30 18:19:34 -03:00
Felipe Zimmerle
ff9152ed74
Cosmetics: address cppcheck warnings on src/utils 2020-01-23 08:51:45 -03:00
Felipe Zimmerle
ff590174da
Cosmetics: address cppcheck warnings on src/operators 2020-01-23 08:10:05 -03:00
Felipe Zimmerle
4f13fecbaf
cppcheck: make static analysis more pedantic 2020-01-22 09:16:10 -03:00