github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-15 17:12:14 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,818 Commits 55 Branches 109 Tags
v3/dev/sec_binary_rules
Commit Graph

104 Commits

Author SHA1 Message Date
Fred Nicolson
3d2030426c Replaced log locking using mutex with fcntl lock 
When reloading Nginx, there is a race condition which is visible under high
load. As the logging mutex is shared between multiple workers, when a worker
is sent a stop signal during a reload, and the log mutex is held, write()
will never return, which means that the mutex will never unlock. As other
workers share this mutex, they will deadlock.

fcntl does not suffer from this issue.
 2018-11-27 10:09:29 -03:00
Felipe Zimmerle
120108fd33 Adds support for /32 in @ipMatch cidr notation. 
/32 is the representation of the ip itself. Not sure if it is needed,
but there is a complaint for that: #849
 2018-10-23 16:37:53 -03:00
Victor Hora
0c0b09ec52 Use glob.h when using OpenBSD 2018-09-11 20:45:58 -03:00
Felipe Zimmerle
d7b9726357 good practices: Initialize variables before use it 
Original author: Marc Stern (#1889)
 2018-09-05 23:35:24 -03:00
Victor Hora
fd8e72fd97 Allow empty strings to be evaluated by regex::searchAll 2018-06-18 22:11:48 -03:00
Reed Morrison
95048d5fcf Fix ip tree lookup on netmask content 2018-06-07 14:29:27 -03:00
Wenfeng Liu
45e531236a Return false in SharedFiles::open() when an error happens 2018-05-24 10:21:37 -03:00
Robert Paprocki
e4c822e663 Code cleanup: Initialize variables and others good practice 
- initialize invalid_countin UrlDecode :: evaluate
- Free resources before the process die (good practice)
 2018-05-13 17:08:07 -03:00
Robert Paprocki
cd1a058c33 Code cosmetics: Clean up MD5 hexdigest 
The null terminator is not necessary when using this form of the
std::string constructor, and its use was confusing given the extra
indent.
 2018-05-03 13:41:49 -03:00
Andrei Belov
268f34bbcc Fix memory leak in modsecurity::utils::expandEnv() 
Found by ASAN.
 2018-04-23 22:54:13 -03:00
Andrei Belov
5e65d560f8 Fix utils::string::ssplit() to handle delimiter in the end of string 
This closes #1743.
 2018-04-22 11:37:30 -03:00
Felipe Zimmerle
df169ea108 Adds support for libMaxMind 2018-03-22 19:11:42 -03:00
Felipe Zimmerle
dca642369e Fix on top of #1677 2018-02-26 17:53:18 -03:00
Andrei Belov
ccc1f2031a Fix "include /foo/*.conf" for single matched object in directory 2018-02-23 14:01:41 -03:00
Athmane Madjoudj
968d83f1ff Fix build on non x86 arch build failed on ppc64/ppc64le/arch64/armv7hl/s390x due to how this arch represent chars 2017-10-25 16:44:27 -03:00
Felipe Zimmerle
119a6fc074 test-only: Placing a mutex while evaluating the pm operator 
Performing an earlier optimization of the tree (before threads creation)
 2017-09-26 16:33:26 +00:00
Mirko Dziadzka
43e3ff91e8 Fixes a bug with an unitialized variable. 
new_debug_log was unitialized during an error code path.

Fixed this by explicit initializing it to NULL and fixing the order of
the error labels. They now present the correct (reverse) order of the
goto statements.
 2017-08-23 23:53:46 -03:00
Felipe Zimmerle
4b9bd499eb Fix to_hex_if_need function on string utils 
This fix issue #1535. Solution was the same suggested on #1523.
 2017-08-21 22:47:49 -03:00
Felipe Zimmerle
9ee412735d parser: Improves the reading for the url in the redirect action 2017-08-15 15:18:52 -03:00
Felipe Zimmerle
49b7ea99e6 Adds a set of sanity checks to validate API inputs (1 of 2) 2017-06-21 12:59:19 -07:00
Felipe Zimmerle
3ebc2d61fb Enables random number generation 2017-06-16 23:20:28 -03:00
Felipe Zimmerle
e795253ecf Fix crash on SecRuleRemoveById malformated parameter 
Fix issue #1440
 2017-06-06 22:14:13 -03:00
Felipe Zimmerle
a90b2a3ff7 Code cosmetics: init a vector. 2017-05-28 22:27:10 -03:00
Felipe Zimmerle
c49688fd7d Verify if a certain resource exists before do any other sanity check 2017-05-28 22:10:15 -03:00
Felipe Zimmerle
0e05b7bb8a Avoids to load a directory structure as a rules file 2017-05-02 16:42:22 -03:00
Felipe Zimmerle
c97db2f361 Adds verbose message when a resource is not found. 
Fix #1309
 2017-05-02 13:39:37 -03:00
Felipe Zimmerle
ba070c9eaa Speeds up utils::string::toupper function 2017-03-31 14:35:26 -03:00
Felipe Zimmerle
eb12b15146 Flush [shared-] file after write it 2017-03-24 18:08:13 -03:00
Felipe Zimmerle
53485c7f74 Fix pcre_exec offset values 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
d2c5b31b17 Uses FILE instead of _IO_FILE 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
7f9cd76619 Improvements on the SharedFiles class 
examples/multiprocess_c/multi
 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
01c13da510 Fix segfault due to invalid memory access on SharedFiles class 
Issue #1318
 2017-03-06 15:02:03 -03:00
David Testé
87f6b478fb Fix typo in returned string 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
7aae5dc183 Fix Regex::searchAll to behave like global modifier 2017-03-06 15:02:02 -03:00
Felipe Zimmerle
71a9677f38 Adds configure.h to system.cc in oder to read the MACOSX def 2017-03-06 15:02:01 -03:00
Felipe Zimmerle
e95efa05cc Fix assorted memory and static analysis errors 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
f2d149fc5f Extends the direct access model to other collections 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
c1f11ab4e5 Cosmetics: assorted fixes on the coding style 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
ecbf292f6d Adds first PoC for the operator offset feature 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
fd341145d5 Fixed memory leak in the acmp implementation 2017-03-06 15:01:50 -03:00
Felipe Zimmerle
3a413080f9 Fix string size on regexp search all 2017-01-13 23:36:34 -03:00
Felipe Zimmerle
36d6bb9664 Fix substring constructor in regex search all 
Apparently the substring constructor for std::string cannot handle well
\0 characters. Leading to a crash. Issue reported on #1304
 2017-01-13 11:02:34 -03:00
Felipe Zimmerle
88fb456a16 Cosmetics: Reduces the static analysis warnings 2016-12-28 17:46:47 -03:00
Felipe Zimmerle
2e9a35c358 Refactoring on the audit logs implementation 
Among of other things, it is now supporting shared file locks between
different process.
 2016-12-14 23:17:28 -03:00
Felipe Zimmerle
cce6179dcc Refactoring: new structure for logging alerts 
Disruptive actions were moved to actions::disruptive namespace
 2016-12-01 14:14:54 -03:00
Felipe Zimmerle
bfc30dad34 Refactoring: how to report to error logs 2016-12-01 01:05:29 -03:00
Felipe Zimmerle
e6b58014db Cosmetics: Fix some static analysis report 2016-11-29 14:31:15 -03:00
Felipe Zimmerle
9c7988d88f Adds support to regexp::searchAll 2016-11-22 15:37:12 -03:00
Felipe Zimmerle
ab88083159 parser: Fix the expanded list inclusion 2016-11-16 15:47:21 -03:00
Felipe Zimmerle
8b4f1bc46c Fix rule file inclusion path 
The inclusion was not taking `*' into consideration, leading the
relative configuration inclusion to fail. That was very annoying.
 2016-11-11 15:15:51 -03:00