github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 11:44:32 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,907 Commits 55 Branches 109 Tags
0470168056e6031fbf9bfab91925633b40bec1e3
Commit Graph

930 Commits

Author SHA1 Message Date
Felipe Zimmerle
eb12b15146 Flush [shared-] file after write it 2017-03-24 18:08:13 -03:00
Felipe Zimmerle
dbcf5a7198 API CHANGE: Rules::merge signature was change to includes error msg 2017-03-23 09:52:39 -03:00
Felipe Zimmerle
5e59d19121 Improves macro expansion speed and variable set attribution 2017-03-23 08:53:51 -03:00
Felipe Zimmerle
f17da09fc0 Avoids call `toupper' twice while resolving a variable 2017-03-23 08:53:51 -03:00
Andrei Belov
85f98c8a66 Fix "make dist" after recent changes to parser 
In particular, it is now possible to either build ModSecurity
with pre-generated parser, or use "--enable-parser-generation"
configure option to rebuild parser from sources.
 2017-03-09 18:18:00 -03:00
Felipe Zimmerle
53485c7f74 Fix pcre_exec offset values 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
e79712095b Minor fix in the decision on whenever the log callback should be called 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
e2af60e765 Expands log_cb to share ruleMessage structure instead text 
Text version still available and it is the default options
 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
d2c5b31b17 Uses FILE instead of _IO_FILE 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
e2bd87d07d Fix minor parser errors 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
c3cb23f47d Removes the ';' from the x-www-form-urlencoded body-processor comparison 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
d6363607aa Accept quoted regexp in the collection selection 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
39761ce7b8 Discards the `charset' from the C-T while checking for body processors 
Issue #1330
 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
7ab192e90f Using method instead of procol in the audit logs. 
Issue #1331
 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
fcad290152 Having the DebugLogs using the SharedFile schema 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
7f9cd76619 Improvements on the SharedFiles class 
examples/multiprocess_c/multi
 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
01c13da510 Fix segfault due to invalid memory access on SharedFiles class 
Issue #1318
 2017-03-06 15:02:03 -03:00
David Testé
87f6b478fb Fix typo in returned string 2017-03-06 15:02:03 -03:00
David Testé
cc25390dc9 Fix copy/paste typo 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
027d50b76b Adds first version of `processContentOffset' 
This commit also includes an example application on how to use the
`processContentOffset' method.
 2017-03-06 15:02:02 -03:00
Felipe Zimmerle
7aae5dc183 Fix Regex::searchAll to behave like global modifier 2017-03-06 15:02:02 -03:00
Felipe Zimmerle
4ad3574cf2 Adds offset regression tests and assorted fixes on var's offsets 2017-03-06 15:02:02 -03:00
Felipe Zimmerle
71a9677f38 Adds configure.h to system.cc in oder to read the MACOSX def 2017-03-06 15:02:01 -03:00
Felipe Zimmerle
f9552ede2b Adds missing file 2017-03-06 15:02:01 -03:00
Felipe Zimmerle
36ab4b952f Fix lmdb compilation issue 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
6f47462110 Fix compilation when YAJL is not present 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
d851699529 Adds references to the collection variables 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
e95efa05cc Fix assorted memory and static analysis errors 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
f2d149fc5f Extends the direct access model to other collections 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
ca24b6bb06 PoC: Adds support to direct access on ARGS collection 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
c1f11ab4e5 Cosmetics: assorted fixes on the coding style 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
a88dc8efa9 Changes the check script to detect segfaults 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
ff65d618e4 Adds missing Makefile.am file 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
ecbf292f6d Adds first PoC for the operator offset feature 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
9a8fc3116a Instantiates the Class variable earlier 
Avoid the instantiation for every call
 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
ba6b972ca8 Makes global collection allowed to be set by setVar 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
b516cc6de1 Adds operation unset to setVar action 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
e95555132e Contionuation of 1 time variable patch 
Now we have almost 100% of the transaction variables hosted on the
new schema. Variable modifcators (count and exclusion) are not yet
supported on the new schema. Notice that setvar is now using the
parser.
 2017-03-06 15:01:58 -03:00
Felipe Zimmerle
703da3c4f0 Adds PoC about 1-time variable resolution and draft for offset 
There is no need for the variable purely associated with the
transaction (transient) be part of collection that demands
lookups. Also, those variables will held the concept of offset:
The offset from the first byte of the request till the start of
the variable.
 2017-03-06 15:01:52 -03:00
Felipe Zimmerle
1e8b374117 Removes the depency on bison/flex if it is not a parser build 2017-03-06 15:01:52 -03:00
Felipe Zimmerle
3eccfaf1f6 Disables parser generation on all builds 
The parser generation is now an configure option
 2017-03-06 15:01:52 -03:00
Felipe Zimmerle
03d0570e99 Deletes the Rule object in case of a parser failure 2017-03-06 15:01:52 -03:00
Felipe Zimmerle
1aa2a9c01b Avoids memory leak by cleaning loc stack on Driver's destructor 2017-03-06 15:01:52 -03:00
Felipe Zimmerle
839ac62585 Fix memory leaks in parser failures 2017-03-06 15:01:51 -03:00
Felipe Zimmerle
a6f07f621d Makes the lexical errors a little bit more verbose 2017-03-06 15:01:51 -03:00
Felipe Zimmerle
5880524db6 cosmetics: Improves the tokens organization 2017-03-06 15:01:51 -03:00
Felipe Zimmerle
9a1faab668 Deletes driver in case of parser failure 
This avoids memory leaks.
 2017-03-06 15:01:51 -03:00
Felipe Zimmerle
808fd23358 Avoids a second initialization of the Audit Log class 2017-03-06 15:01:51 -03:00
Felipe Zimmerle
557c29fd46 Changes variables destructor to virtual 
Avoid memory leak while destroying the Variable objects.
 2017-03-06 15:01:51 -03:00
Felipe Zimmerle
0c37ba336b Fixed utf8ToUnicode bad memory access 2017-03-06 15:01:51 -03:00