github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,690 Commits 55 Branches 109 Tags
Commit Graph

357 Commits

Author SHA1 Message Date
Felipe Zimmerle
6b0ad8049a
Having default actions as o shared pointer 2020-03-26 09:59:57 -03:00
Felipe Zimmerle
9d158611cf
Makes Rule a shared pointer 2020-03-25 16:11:23 -03:00
Felipe Zimmerle
f1d22f9b02
Fix version check 2020-03-24 17:20:22 -03:00
Felipe Zimmerle
6367e6d5e9
Having a class Rules 2020-03-24 17:20:10 -03:00
Felipe Zimmerle
fb7714f202
Creates class RulesSetPhases 2020-03-24 14:00:28 -03:00
Felipe Zimmerle
1e26bf2078
Revert "Creates the RulesSetPhases clas" 
This reverts commit 072e4edc53e388fdf64a5eb9d4317544a1c8ada6.
 2020-03-11 08:17:56 -03:00
Felipe Zimmerle
072e4edc53
Creates the RulesSetPhases clas 2020-03-05 07:13:02 -03:00
Felipe Zimmerle
6a742cdf76
Refactoring: Renames RulesProperties to RulesSetProperties 2020-02-17 13:17:03 -03:00
martinhsv
f57265a3e2
Support configurable limit on number of arguments processed 2020-02-14 11:00:01 -03:00
Felipe Zimmerle
22ec307739
Fix 7495675d540b3b3ccce681773205a4fe34daeb64 2020-02-12 08:56:03 -03:00
Felipe Zimmerle
7495675d54
Refactoring: Renames Rules to RulesSet 
RulesSet does not only contain rules but alse properties
 2020-02-11 14:26:47 -03:00
Felipe Zimmerle
357c140003
Changens copyright year 2020-01-31 10:32:37 -03:00
Felipe Zimmerle
fe98ce4c7d
Cosmetics: address cppcheck warnings 2020-01-30 18:19:34 -03:00
Felipe Zimmerle
4f13fecbaf
cppcheck: make static analysis more pedantic 2020-01-22 09:16:10 -03:00
Felipe Zimmerle
86a5f471a9
Cosmetics: fixed static analysis issues. 2020-01-15 20:35:59 -03:00
Felipe Zimmerle
753145fbd1
Change release version to v3.0.4 2020-01-10 09:32:41 -03:00
Felipe Zimmerle
47dd9c5df4
Refactoring on the VariableValue class 2019-06-14 10:13:54 -03:00
Felipe Zimmerle
4e76c6adf0
Renames namespace Variables to variables 2019-03-06 15:53:20 -03:00
Andrei Belov
7c19ffea64
Implemented merge_bodylimitaction_value() for BodyLimitAction 
This change makes the following directives to be merged properly:

SecRequestBodyLimitAction
SecResponseBodyLimitAction
 2019-01-08 10:34:22 -03:00
Andrei Belov
3c41751eda
Implemented merge_ruleengine_value() for RuleEngine 
This change makes the SecRuleEngine directive to be merged properly.
 2019-01-08 10:34:22 -03:00
Andrei Belov
161c256333
Implemented merge_boolean_value() for ConfigBoolean 
This change makes the following directives to be merged properly:

SecRequestBodyAccess
SecResponseBodyAccess
SecXmlExternalEntity
SecUploadKeepFiles
SecTmpSaveUploadedFiles
 2019-01-08 10:34:22 -03:00
Andrei Belov
2d11ff1a14
Implemented merge() method for ConfigInt, ConfigDouble, ConfigString 
This change makes the following directives to be merged properly:

SecRequestBodyLimit
SecResponseBodyLimit
SecUploadFileLimit
SecUploadFileMode
SecUploadDir
SecTmpDir
SecArgumentSeparator
SecWebAppId
SecHttpBlKey
 2019-01-08 10:34:22 -03:00
Andrei Belov
9b24199a22
Complete merging of particular rule properties 
Closes SpiderLabs/ModSecurity-nginx#142 issue.
 2018-12-24 13:58:28 -03:00
Wenfeng Liu
3b3004d24d
Correct the usage of modsecurity::Phases::NUMBER_OF_PHASES 2018-11-27 09:23:00 -03:00
Felipe Zimmerle
ce3abf2626
Adds support to multiple ranges in ctl:ruleRemoveById 
Issue #1956
 2018-11-26 20:48:18 -03:00
Felipe Zimmerle
4e6e4243a8
Change release version to v3.0.3 2018-11-01 22:19:44 -03:00
Felipe Zimmerle
18cdffdbca
Encapsulates int[N] in a class to avoid compilation issues 
Depending on the compiler, there may be a compilation issue with the
usage of std::unique_ptr<int[]>. Therefore encapsulating it inside a
regular class.
 2018-11-01 11:50:15 -03:00
Victor Hora
e3b9f7c913
Fix SecUnicodeMapFile support 
Makes SecUnicodeMapFile read the file and adjust transformation to use the
right variable.
 2018-10-31 22:57:39 -03:00
Felipe Zimmerle
fa5f3784f2
Using shared_ptr instead of unique_ptr on rules exceptions 2018-10-23 17:03:18 -03:00
Felipe Zimmerle
ef7f65db90
Changes debuglogs schema to avoid unecessary str allocation 2018-10-23 17:00:16 -03:00
Felipe Zimmerle
23e0d35d2d
Fix the SecUnicodeMapFile and SecUnicodeCodePage 2018-10-23 17:00:11 -03:00
Steven
b12a8f5c6f
Fix RulesProperties::appendRules() 
RulesProperties::appendRules() was not checking for duplicate IDs as well as
throwing an error if there were secMarkers in more than one file (when
calling any combination of rules->load(), rules->loadFromUri() or
rules->loadRemote() more than once). To fix the secMarker issue, the if
statement on rules_properties.h:441 just needed to be negated.

This function also doesn't accurately check for duplicate IDs. the check
can be circumvented by putting the rule in a different phase. To fix this
the ruleId list (v) had to be populated completely before checking against
the other list.
 2018-10-23 16:39:04 -03:00
Felipe Zimmerle
8bda7c0a45
Fix RULE lookup in chained rules. 2018-10-23 16:37:54 -03:00
Felipe Zimmerle
a5a40a71a9
Makes matchedvars inline 2018-10-23 16:37:49 -03:00
Felipe Zimmerle
85ecd190d9
Adds full support to UpdateActionById. 
Issue #1800
 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
3e8e28da48
Refactoring on the RULE variable 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
554251bade
Refactoring on the Rule class 2018-10-23 16:26:10 -03:00
Felipe Zimmerle
74841779f8
Adds partial support to UpdateActionById 2018-10-23 16:26:10 -03:00
Steven
004047ef6c Add correct C function prototypes for msc_init and msc_create_rule_set 2018-10-13 19:25:13 -04:00
Felipe Zimmerle
4dd2812757
Adds new transaction constructor that accepts the transaction id as parameter. 2018-09-24 21:36:06 -03:00
Felipe Zimmerle
c721e101c0
Adds request IDs and URIs to the debug log 2018-09-24 21:07:11 -03:00
Felipe Zimmerle
98b9ae659d
Having a better organization for Variables:: 2018-09-24 16:39:48 -03:00
Felipe Zimmerle
ee50fea266
Handling key exceptions on the variable itself 
This is the first step towords to solve #1697
 2018-09-24 16:16:30 -03:00
Felipe Zimmerle
65aa7ae5e2
Improves the performance while loading the rules 
Based on the findings listed on #1735
 2018-06-22 14:09:54 -03:00
Felipe Zimmerle
6f92c8914a
Disables skip counter if debug log is disabled 2018-04-24 14:17:01 -03:00
Robert Paprocki
d0a63aac03
Define m_secmarker_skipped as an integer type 
There's no reason to treat this this as a double, since it
represents a human-readable data value that is only meaningful
as an integer. In doing so we write cleaner audit logs and save
a small amount of space.
 2018-04-24 11:49:13 -03:00
Felipe Zimmerle
8d0f51beda
Change release version to v3.0.2 2018-04-03 10:47:48 -03:00
Felipe Zimmerle
f67ff0aa67
Change release version to v3.0.1 2018-04-01 21:23:25 -03:00
Felipe Zimmerle
0ca5994744
Adds support for ctl:ruleRemoveByTag action 2018-03-26 17:01:53 -03:00
Felipe Zimmerle
9537cfceed
Fix SecUploadDir configuration merge 2018-03-23 11:32:46 -03:00