github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,762 Commits 55 Branches 109 Tags
Commit Graph

863 Commits

Author SHA1 Message Date
Felipe Zimmerle
5ed5377432
Using VariableValue instead of Variable 2018-10-11 10:01:32 -03:00
Felipe Zimmerle
2d87fc5184
highlight: Fix JSON structure 2018-10-11 10:01:28 -03:00
Felipe Zimmerle
7fb937eabe
Fix on the m_buf generation: avoid padding before request body 2018-10-11 10:01:22 -03:00
Felipe Zimmerle
665b54f5c4
Having a better error handler for the highlight feature 2018-10-11 10:01:13 -03:00
Felipe Zimmerle
a586809db5
Changes the line terminator to fixed value: \n 
\r is no longer take into consideration
 2018-10-11 10:01:09 -03:00
Felipe Zimmerle
2ddb8eb512
Adjusts the line terminator in the RuleMessage::m_buf variable 2018-10-11 10:01:04 -03:00
Felipe Zimmerle
e83f66ee49
Adds support to m_highlightJSON in RuleMessage class 
This variable helds a JSON with information regarding all matches.
Only filled when IncludeFullHighlightLog property is set.
 2018-10-11 10:00:59 -03:00
Felipe Zimmerle
eec95cfe17
First version of the inline highlight calculation 2018-10-11 10:00:54 -03:00
Felipe Zimmerle
aa8fb3434f
Makes matchedvars inline 2018-10-10 23:49:26 -03:00
Felipe Zimmerle
0961760c71
Fix multimatch behavior to match what we have on v2 2018-10-10 18:01:48 -03:00
Felipe Zimmerle
8c6a2ee11a
Using values after transformation at MATCHED_VARS 2018-10-09 22:04:20 -03:00
Felipe Zimmerle
3691186b75
Adds full support to UpdateActionById. 
Issue #1800
 2018-10-04 01:08:29 -03:00
Felipe Zimmerle
3e9ca37480
Refactoring on the RULE variable 2018-09-28 22:38:40 -03:00
Felipe Zimmerle
7110f97941
Refactoring on the Rule class 2018-09-28 14:13:15 -03:00
Felipe Zimmerle
5cf477ad48
Adds partial support to UpdateActionById 2018-09-26 15:57:02 -03:00
Felipe Zimmerle
bc3d3f1915
Adds support to setenv action 
Issue #1044
 2018-09-25 10:19:52 -03:00
Felipe Zimmerle
4dd2812757
Adds new transaction constructor that accepts the transaction id as parameter. 2018-09-24 21:36:06 -03:00
Felipe Zimmerle
c721e101c0
Adds request IDs and URIs to the debug log 2018-09-24 21:07:11 -03:00
Felipe Zimmerle
98b9ae659d
Having a better organization for Variables:: 2018-09-24 16:39:48 -03:00
Felipe Zimmerle
ee50fea266
Handling key exceptions on the variable itself 
This is the first step towords to solve #1697
 2018-09-24 16:16:30 -03:00
Victor Hora
6f458b5203 Fix on top of jmx's m.setvar commit for USER collection in Lua scripts 2018-09-19 19:41:49 -04:00
jxm
45cdb0ed90 fix: function m.setvar not work in lua script 2018-09-19 19:34:13 -04:00
Felipe Zimmerle
c2bc695265
parser: Fix typo on SanitiseArgs 
Related to: #715 and #1889
 2018-09-12 09:37:34 -03:00
Felipe Zimmerle
9c73c09abd
parser: Updates the generated parser file 2018-09-11 21:01:13 -03:00
Victor Hora
a719871458
Fix matching condition and adjust test case 2018-09-11 20:53:17 -03:00
Victor Hora
379f370095
Fix SecResponseBodyAccess and ctl:requestBodyAccess directives 2018-09-11 20:52:30 -03:00
Victor Hora
0c0b09ec52
Use glob.h when using OpenBSD 2018-09-11 20:45:58 -03:00
Victor Hora
d97688804e
Fix parser to support GeoLookup with MaxMind 2018-09-11 20:40:28 -03:00
Felipe Zimmerle
764a2e43ff
parser: Fix simple quote setvar in the end of the line. 
Fix #1831
 2018-09-11 15:35:26 -03:00
Felipe Zimmerle
d7b9726357
good practices: Initialize variables before use it 
Original author: Marc Stern (#1889)
 2018-09-05 23:35:24 -03:00
Felipe Zimmerle
a85ca00a55
Fix utf-8 character encoding conversion 
Reported on: #1794
 2018-09-04 21:01:11 -03:00
Victor Hora
aa158ceef3
Set the correct variable (m_requestBodyType) and add test case 2018-08-22 22:46:37 -03:00
Victor Hora
f999f54eda
Adds support for ctl:requestBodyProcessor=URLENCODED 2018-08-22 22:07:04 -03:00
Robert Paprocki
dee9898449 Implement support for Lua 5.1 2018-07-27 15:43:12 -04:00
michaelgranzow-avi
d810de9166
#1818: Variable names must match fully, not partially; also revert to hash table lookup instead of linear search; add test case 2018-06-26 10:47:03 -03:00
Victor Hora
fd8e72fd97
Allow empty strings to be evaluated by regex::searchAll 2018-06-18 22:11:48 -03:00
Felipe Zimmerle
e51297b436
Improvements on top of #1787 2018-06-12 15:43:08 -03:00
Ervin Hegedus
edb5993d5f
Fixed LMDB collection errors 2018-06-12 14:47:44 -03:00
Ervin Hegedus
4d0ca94490
Modified the false pos. UNMATCHED_BOUNDARY error flag 2018-06-12 01:09:36 -03:00
Ervin Hegedus
af4afd348c
Fixed false positive MULTIPART_UNMATCHED_BOUNDARY errors 2018-06-12 01:09:36 -03:00
Reed Morrison
95048d5fcf
Fix ip tree lookup on netmask content 2018-06-07 14:29:27 -03:00
Felipe Zimmerle
202a15bea8
Changes the behavior of the default sec actions 
Fix #1629
 2018-05-31 14:52:53 -03:00
Felipe Zimmerle
892beb5360
Refactoring on {global,ip,resources,session,tx,user} collections 
Now using the same name schema and interface for these "special"
collection.

Fix: #1754, #1778
 2018-05-29 23:48:05 -03:00
Felipe Zimmerle
f928e44765
Revert "Fix memory leak in msc_rules_* C APIs" 
This reverts commit 58701e7e11a4f65ee5edc2c142c507e578ff7c1b.

It was breaking the multi-thread examples.
 2018-05-28 18:59:55 -03:00
Wenfeng Liu
b85a645610
Fix race condition in UniqueId::uniqueId() 2018-05-28 18:09:50 -03:00
Wenfeng Liu
58701e7e11
Fix memory leak in msc_rules_* C APIs 2018-05-24 12:51:13 -03:00
Wenfeng Liu
45e531236a
Return false in SharedFiles::open() when an error happens 2018-05-24 10:21:37 -03:00
Wenfeng Liu
fd9a161e74
Use rvalue reference in ModSecurity::serverLog to avoid string copy 2018-05-22 22:41:20 -03:00
Victor Hora
87e64e3c25
Actually fix setvar parsing of quoted data 2018-05-17 13:43:12 -03:00
Robert Paprocki
e4c822e663
Code cleanup: Initialize variables and others good practice 
- initialize invalid_countin UrlDecode :: evaluate
- Free resources before the process die (good practice)
 2018-05-13 17:08:07 -03:00