github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,907 Commits 55 Branches 109 Tags
Commit Graph

448 Commits

Author SHA1 Message Date
martinhsv
0470168056 Fix: audit log data omitted when nolog,auditlog 2020-01-07 11:16:07 -03:00
martinhsv
b8160cce6b Fix Cookie header parsing issues 2019-11-20 08:51:06 -03:00
Ervin Hegedus
7ba77631f9 Replace Cookie parsing method 2019-11-20 08:51:05 -03:00
martinhsv
9cac167faf Fix argument key-value pair parsing cases 2019-11-05 13:06:29 -03:00
felipe
c41ab312f3
Updates test cases 2019-10-24 09:59:57 -03:00
Felipe Zimmerle
beedddd6c6 Fix @pm lookup for possible matches on offset zero 2019-10-02 08:05:14 -07:00
Felipe Zimmerle
2bdc5f9d0a
Adds test case to cover issue #2005 2019-06-18 15:10:43 -03:00
Felipe Zimmerle
6ab464ab78
negative lookup on the key name instead of COLLECTION:key 2019-06-17 13:04:25 -03:00
Ervin Hegedus
c0142cf326
Changed compared variables of range id intervall in ruleRemoveById ctl action. #2111 
* changed the variables in clause
* added test case (@theMiddle)
* fixes #2111
 2019-06-04 10:28:30 -03:00
Felipe Zimmerle
9ebebfc838
Fix test case 1960 2019-06-04 08:38:45 -03:00
Felipe Zimmerle
50abc072c4
Make block action execution dependent of the SecEngine status 2019-06-03 19:55:02 -03:00
Felipe Zimmerle
a4e8484115
Having body limits to respect the rule engine state 2019-06-03 14:05:10 -03:00
Felipe Zimmerle
20b90364fa
Adds test case for #1872 2019-05-31 11:50:47 -03:00
Felipe Zimmerle
1b8d69da02
Fix dict element regular expression selection on SecRuleUpdateTargetByTag 2019-05-31 01:42:51 -03:00
Felipe Zimmerle
5472362313
Fix SecRuleUpdateTargetByTag with regular expressions 2019-05-31 01:42:47 -03:00
Ervin Hegedus
7a93bea8f7 Added some test cases related to #2099 2019-05-30 09:52:27 -03:00
Rufus125
86ce479b59
Adds new operator to check for data leakage of Austrian social security number 2019-05-29 20:57:08 -03:00
Felipe Zimmerle
b574418386
regression: Using github instead of modsecurity.org for SecRemoteRules 2019-04-05 12:59:34 -03:00
Ervin Hegedus
a6e6bc2b5f
Allow empty anchored variable to use 2019-02-12 09:31:19 -03:00
Ervin Hegedus
2d3fbbc56a
Modified affected test cases, which checked wrong variables 2019-02-12 09:16:07 -03:00
Ervin Hegedus
17d79ed7ba
Fixed data collecting in multipart parsing 2019-02-12 09:16:07 -03:00
Ervin Hegedus
4b3e6328e3
Fixed validateByteRange parsing method 2019-02-12 09:10:36 -03:00
Felipe Zimmerle
3dda0ea2c6
Adds a regression test strdup to valgrind suppressions list 2019-02-11 10:22:28 -03:00
Felipe Zimmerle
145f2f35b7
tests: Updates secrules-language-tests 2019-02-05 11:26:03 -03:00
WGH
bd6a02d69b
Fix test issue-1831.json on LMDB 
When LMDB is enabled, ModSecurity stores its persistent variables in
"./modsec-shared-collections" file. Since this file wasn't cleared between
tests, tests behaved differently on "in-memory per-process" and LMDB backend.

This test never worked in LMDB configuration. It hasn't been discovered
until now because Travis CI didn't test LMDB configuration when test was
introduced.
 2019-01-28 16:20:02 -03:00
WGH
ad28de4f14 Refactor regex code 
This commit fixes quite a few odd things in regex code:
 * Lack of encapsulation.
 * Non-method functions for matching without retrieving all groups.
 * Regex class being copyable without proper copy-constructor (potential UAF
   and double free due to pointer members m_pc and m_pce).
 * Redundant SMatch::m_length, which always equals to match.size() anyway.
 * Weird SMatch::size_ member which is initialized only by one of the three matching
   functions, and equals to the return value of that function anyways.
 * Several places in code having std::string value instead of reference.
 2019-01-18 10:34:01 -03:00
Felipe Zimmerle
d00ea5111d
Adds initial support to drop action 2018-12-24 16:35:41 -03:00
Andrei Belov
0a85b599b6
Fix tests on FreeBSD 
FreeBSD has different prefix for bash (which is non-standard shell there),
thus "make check-TESTS" actually was doing nothing:

$ gmake check-TESTS
(   0/  0/   0): test/test-cases/regression/issue-1591.json
(   0/  0/   0): test/test-cases/regression/issue-1785.json
(   0/  0/   0): test/test-cases/regression/issue-1812.json
(   0/  0/   0): test/test-cases/regression/issue-1831.json
(   0/  0/   0): test/test-cases/regression/issue-1844.json
(   0/  0/   0): test/test-cases/regression/issue-1850.json
[..]
Testsuite summary for modsecurity 3.0
 2018-12-04 10:49:25 -03:00
Felipe Zimmerle
25bb1f1bcc
Changes ENV test case to read the default MODSECURTIY env var 2018-11-29 15:21:28 -03:00
Felipe Zimmerle
b736f0292d
Regression: Sets MODSECURITY env var during the tests execution 2018-11-29 15:19:58 -03:00
Felipe Zimmerle
d2b14de268
Allow 0 length JSON requests 
As discussed at: #1822
 2018-11-29 10:39:46 -03:00
Felipe Zimmerle
ce3abf2626
Adds support to multiple ranges in ctl:ruleRemoveById 
Issue #1956
 2018-11-26 20:48:18 -03:00
Victor Hora
cbf2fe9703
Adjust boundary test cases for the less strict parsing 2018-11-20 22:17:53 -03:00
Victor Hora
b638e523af
Make the boundary check less strict as per RFC2046 2018-11-20 22:17:22 -03:00
Felipe Zimmerle
9d80983e55
Fix on top of #1943 + adding test cases 2018-11-01 16:11:39 -03:00
Victor Hora
e3b9f7c913
Fix SecUnicodeMapFile support 
Makes SecUnicodeMapFile read the file and adjust transformation to use the
right variable.
 2018-10-31 22:57:39 -03:00
Victor Hora
84ece3edcb
Add test case for SecUnicodeMap 2018-10-31 22:19:27 -03:00
Felipe Zimmerle
065c2e67b6
Adds test case for #1850 2018-10-30 18:25:46 -03:00
Felipe Zimmerle
e1e8a01ed2
Override the default status code if not suitable to redirect action 
Issue #1850
 2018-10-30 18:20:23 -03:00
Felipe Zimmerle
3f0ea90970
Test case skeleton for #1941 2018-10-29 11:14:31 -03:00
Felipe Zimmerle
b05901e8ae
Changes the regression test client to read the interception msg 2018-10-25 21:51:23 -03:00
Felipe Zimmerle
973c1f1028
Fix rule line number 
Issue #1844
 2018-10-24 21:02:35 -03:00
Felipe Zimmerle
ef7f65db90
Changes debuglogs schema to avoid unecessary str allocation 2018-10-23 17:00:16 -03:00
Felipe Zimmerle
69cd61439d
Changes the timing to save the rule message 2018-10-23 16:58:42 -03:00
Felipe Zimmerle
120108fd33
Adds support for /32 in @ipMatch cidr notation. 
/32 is the representation of the ip itself. Not sure if it is needed,
but there is a complaint for that: #849
 2018-10-23 16:37:53 -03:00
Felipe Zimmerle
7c50fa7c00
Small fix on @detectXSS test case 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
85ecd190d9
Adds full support to UpdateActionById. 
Issue #1800
 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
554251bade
Refactoring on the Rule class 2018-10-23 16:26:10 -03:00
Felipe Zimmerle
bc3d3f1915
Adds support to setenv action 
Issue #1044
 2018-09-25 10:19:52 -03:00
Felipe Zimmerle
c721e101c0
Adds request IDs and URIs to the debug log 2018-09-24 21:07:11 -03:00