github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,243 Commits 55 Branches 109 Tags
Commit Graph

44 Commits

Author SHA1 Message Date
Joe Orton
9d9a727349 Fix compiler warnings. Reported by GCC with flags: 
-Wall -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS

Note, e.g. sprintf(digest, "%s%02x", digest, ...) is undefined behaviour because
the destination and source variables overlap, and GCC warnings for this.

acmp.c:258:13: warning: 'acmp_clone_node_no_state' defined but not used [-Wunused-function]
apache2_config.c:806:9: warning: unused variable 'offset' [-Wunused-variable]
apache2_config.c:1886:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_config.c:1942:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_config.c:2470:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_config.c:2538:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_util.c:226:11: warning: unused variable 'str' [-Wunused-variable]
apache2_util.c:225:11: warning: unused variable 'saved' [-Wunused-variable]
apache2_util.c:224:11: warning: unused variable 'parse_remote' [-Wunused-variable]
apache2_util.c:223:11: warning: unused variable 'remote' [-Wunused-variable]
msc_status_engine.c:216:17: warning: unused variable 'i' [-Wunused-variable]
msc_status_engine.c:375:55: warning: the address of 'pcre' will always evaluate as 'true' [-Waddress]
msc_crypt.c:67:17: warning: unused variable 'bytes' [-Wunused-variable]
msc_crypt.c:1083:33: warning: variable 'enc' set but not used [-Wunused-but-set-variable]
msc_crypt.c:1090:29: warning: variable 'enc' set but not used [-Wunused-but-set-variable]
/usr/include/bits/stdio2.h:30:10: warning: '__sprintf_chk' argument 5 overlaps destination object 'digest' [-Wrestrict]
msc_json.c:405:11: warning: unused variable 'json_data' [-Wunused-variable]
msc_crypt.c:1097:79: warning: '%s' directive argument is null [-Wformat-overflow=]
msc_logging.c:1144:20: warning: unused variable 'now' [-Wunused-variable]
msc_remote_rules.c:729:19: warning: unused variable 'word' [-Wunused-variable]
msc_remote_rules.c:727:17: warning: unused variable 'tmp' [-Wunused-variable]
msc_remote_rules.c:805:1: warning: control reaches end of non-void function [-Wreturn-type]
msc_tree.c:836:19: warning: unused variable 'ip' [-Wunused-variable]
msc_xml.c:29:44: warning: variable 'entity' set but not used [-Wunused-but-set-variable]
msc_util.c:2627:11: warning: unused variable 'start' [-Wunused-variable]
msc_util.c:2626:17: warning: unused variable 'fd' [-Wunused-variable]
msc_util.c:2624:18: warning: unused variable 'rc' [-Wunused-variable]
msc_util.c:1077:19: warning: array subscript 1 is outside array bounds of 'unsigned char[1]' [-Warray-bounds=]
 2025-05-16 09:59:32 +01:00
RedXanadu
0c7dadc4c7
Correct indentation 2025-05-14 11:51:01 +01:00
Xanadu
652b942cfb
Add extra conditional compilation for err logging 
Restores the original format string for error logging for ModSecurity
when compiled as a standalone module. Specifically, the format string
has "[client %s]" back again: this is required for standalone modules as
Apache is not present to implicitly log the client source IP address.
 2025-05-14 11:51:01 +01:00
Marc Stern
0be1f1566a
Remove redundant entry 
[client %s] is added by the standard httpd log function => remove it
 2024-07-31 09:38:20 +02:00
Marc Stern
91da5872c1 Many null pointer checks 2024-02-20 13:15:52 +01:00
Marc Stern
7575eae3f5 Check return code of apr_procattr_io_set() 2023-08-14 16:57:21 +02:00
Erki Aring
b5130acb45 Move APLOG_USE_MODULE out of modsecurity.h 2022-11-15 17:31:18 +02:00
Marc Stern
c1c91e24cd
{dis|en}able-filename-logging: Option to disable logging of filename in audit log [Issue #1065 - Marc Stern] 2017-04-07 10:55:08 -03:00
vfolin
76dfc1a90b Fix apache logging limitation by using correct apache call. Apache 2.4 brought the option to change the ErrorLogFormat. However, many fields remain empty, as ModSecurity uses the wrong apache logging function. This fixes this behaviour with the use of ap_log_rerror. 2015-12-10 12:29:37 -03:00
Breno Silva
cd31b39ce1 Removed SecDefineRemoteAddr and fixed Apache 2.4 mod_remoteip integration 2013-05-06 00:49:07 -04:00
Breno Silva
86d939fbee MODSEC-362 2013-04-22 14:05:51 -04:00
Breno Silva
aa18ec7f45 Updated copyright dates 2013-04-19 03:20:46 -04:00
Breno Silva
7ed0c305f3 Fixed MODSEC-364 2012-12-11 10:21:00 -04:00
brenosilva
0d2307192c MODSEC-336 2012-10-05 18:03:58 +00:00
brenosilva
2046a43bf4 Fixed AP_SERVER_MINOR instead of AP_SERVER_MAJOR 2011-12-19 15:09:38 +00:00
brenosilva
e1e43cfa15 Fixed new apache API 2011-12-19 14:28:42 +00:00
brenosilva
6b7edc4d47 Fixes, code cleanups, improvements 2011-04-27 15:58:22 +00:00
brenosilva
104f0de46e New License 2011-03-30 14:12:44 +00:00
brenosilva
49732256f6 Improvements, fixes and new features 2011-03-25 13:51:13 +00:00
brenosilva
549f059480 move 2.5.13 into trunk 2010-12-08 18:58:18 +00:00
b1v1r
08edc0c26f Merge 2.5.x (2.5.12) changes into trunk. 2010-02-05 19:05:20 +00:00
ivanr
7b56982f26 Implemented a new time-measuring mechanism. Added Stopwatch2. 2010-02-01 09:42:23 +00:00
b1v1r
05bd243347 Merge 2.5.x changes into trunk. 2009-06-15 21:14:30 +00:00
b1v1r
e5becf8407 Merge 2.5.x changes to trunk. 2009-05-31 08:45:50 +00:00
b1v1r
dc0a2161ac Merge 2.5.9 changes into trunk. 2009-03-12 15:31:10 +00:00
b1v1r
fa96c349e5 Merge 2.5 changes. 2009-03-05 21:50:55 +00:00
(no author)
4a336dadf2 Removed an invalid "Internal error" message forcing auditing of a request (MODSEC-29). 
Cleaned up error messages prior to using send_error_bucket().
 2008-10-21 17:45:18 +00:00
ivanr
2f7ff8f7ab Tidy up. 2008-09-10 11:34:16 +00:00
brectanus
deb6a816b4 Fixed MODSEC-2 by using the msr->hostname (ap_get_server_name(r)) vs r->hostname in the log. 2008-09-02 23:43:15 +00:00
brectanus
5298e29540 Added XML warn/error output to debug log. See #519. 2008-08-15 19:58:02 +00:00
brectanus
10713fbd37 Sync up branches/2.5.x and trunk. 2008-07-31 22:36:24 +00:00
brectanus
27601f6b40 Remove some extraneous debugging. 2008-04-11 20:12:42 +00:00
brectanus
563a8e0f0c Fixed issue where the exec action may not be able to execute shell scripts. See #475. 2008-04-11 20:05:44 +00:00
brectanus
f428d37680 Cleanup - remove extraneous whitespace and tabs. 2008-02-07 21:45:05 +00:00
brectanus
9dbc7807d9 Remove query string from error log. See #447. 2008-01-23 18:12:59 +00:00
brectanus
b5033e6e29 It is 2008 now :) 2008-01-11 00:00:31 +00:00
brectanus
e47fdeb420 Changed %p formatter to APRs %pp (wish that was documented). 
Marked msr_log() as a printf style function so GNU compiler can check formatting types.
Fixed a few other warnings with msr_log() formatters.
 2007-11-26 22:53:51 +00:00
brectanus
aff6900539 Initial full pass through code to fix issues with 64-bit/mismatch sign/mismatch size printf style formatters. 
Still need to look more into how we are handling time and convert to apr_time_t (or time_t) where appropriate.
Still need to look into our use of 'long' as windows is LLP64 where 'long' is still 32-bit.
 2007-11-15 19:09:14 +00:00
brectanus
fe1021e369 More cleanup of error messages and marking as relevant. See #4. 2007-09-28 20:02:02 +00:00
brectanus
63a47c370e Prefer %d string formatter to %i so we do not get warnings on some platforms. 2007-09-27 21:34:29 +00:00
brectanus
f3a8854fe9 Mark any error conditions/alerts as 'relevant'. 
Clean up/add error messages where this can happen.
 2007-09-27 21:18:23 +00:00
brectanus
d55e023bf7 Revert msr_log as macro (still work-in-progress) 2007-06-14 16:13:53 +00:00
brectanus
81d0f84ad3 Update copyright text to Breach Security, Inc. 
Merge in changes from branches/2.1.x
 2007-06-14 16:05:45 +00:00
ivanr
3f80fdac3b Import ModSecurity 2.1.0-rc7 2007-02-06 12:29:22 +00:00