github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,243 Commits 55 Branches 109 Tags
Commit Graph

25 Commits

Author SHA1 Message Date
Ervin Hegedus
fdfc2d5b21
fix: add ARGS to sanitize list only if it's not added yet 2025-05-19 10:53:50 +02:00
Joe Orton
9d9a727349 Fix compiler warnings. Reported by GCC with flags: 
-Wall -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS

Note, e.g. sprintf(digest, "%s%02x", digest, ...) is undefined behaviour because
the destination and source variables overlap, and GCC warnings for this.

acmp.c:258:13: warning: 'acmp_clone_node_no_state' defined but not used [-Wunused-function]
apache2_config.c:806:9: warning: unused variable 'offset' [-Wunused-variable]
apache2_config.c:1886:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_config.c:1942:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_config.c:2470:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_config.c:2538:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_util.c:226:11: warning: unused variable 'str' [-Wunused-variable]
apache2_util.c:225:11: warning: unused variable 'saved' [-Wunused-variable]
apache2_util.c:224:11: warning: unused variable 'parse_remote' [-Wunused-variable]
apache2_util.c:223:11: warning: unused variable 'remote' [-Wunused-variable]
msc_status_engine.c:216:17: warning: unused variable 'i' [-Wunused-variable]
msc_status_engine.c:375:55: warning: the address of 'pcre' will always evaluate as 'true' [-Waddress]
msc_crypt.c:67:17: warning: unused variable 'bytes' [-Wunused-variable]
msc_crypt.c:1083:33: warning: variable 'enc' set but not used [-Wunused-but-set-variable]
msc_crypt.c:1090:29: warning: variable 'enc' set but not used [-Wunused-but-set-variable]
/usr/include/bits/stdio2.h:30:10: warning: '__sprintf_chk' argument 5 overlaps destination object 'digest' [-Wrestrict]
msc_json.c:405:11: warning: unused variable 'json_data' [-Wunused-variable]
msc_crypt.c:1097:79: warning: '%s' directive argument is null [-Wformat-overflow=]
msc_logging.c:1144:20: warning: unused variable 'now' [-Wunused-variable]
msc_remote_rules.c:729:19: warning: unused variable 'word' [-Wunused-variable]
msc_remote_rules.c:727:17: warning: unused variable 'tmp' [-Wunused-variable]
msc_remote_rules.c:805:1: warning: control reaches end of non-void function [-Wreturn-type]
msc_tree.c:836:19: warning: unused variable 'ip' [-Wunused-variable]
msc_xml.c:29:44: warning: variable 'entity' set but not used [-Wunused-but-set-variable]
msc_util.c:2627:11: warning: unused variable 'start' [-Wunused-variable]
msc_util.c:2626:17: warning: unused variable 'fd' [-Wunused-variable]
msc_util.c:2624:18: warning: unused variable 'rc' [-Wunused-variable]
msc_util.c:1077:19: warning: array subscript 1 is outside array bounds of 'unsigned char[1]' [-Warray-bounds=]
 2025-05-16 09:59:32 +01:00
Marc Stern
7c379c8d59 Fixed assert() usage: 
- added some missing
 - removed some invalid
 - removed some that were not relevant in the context of the current function, when done in a called function
 2024-07-31 11:17:36 +02:00
Marc Stern
746f57f963 Changed indentation 2024-05-16 15:52:31 +02:00
Marc Stern
a61820fe2c Enhanced logging [Issue #3107] 2024-05-10 17:26:23 +02:00
Marc Stern
649aea7288
Merge branch 'v2/master' into v2/mst/nullcheck2 2024-04-04 16:08:59 +02:00
Marc Stern
538ffa6baa Added some null pointer checks. 
Added a design doc.
 2024-04-04 15:45:55 +02:00
Marc Stern
91da5872c1 Many null pointer checks 2024-02-20 13:15:52 +01:00
Ervin Hegedus
7073c262b8
Revert "Compatibility with libyajl decoding the buffer inline" 2024-02-07 23:08:46 +01:00
Marc Stern
ea1d78c80e
Update msc_json.c 2023-08-18 16:48:25 +02:00
Marc Stern
1a552bcc5d
Update msc_json.c 2023-08-18 16:47:00 +02:00
Marc Stern
0d5a8dec2a Compatibility with libyajl decoding the buffer inline 2023-08-11 17:41:04 +02:00
Martin Vierula
0981b325a7
Support configurable limit on number of arguments processed 2022-12-14 07:01:23 -08:00
Martin Vierula
4a98032b7f
Allow no-key, single-value JSON body 2022-05-03 12:34:03 -07:00
Martin Vierula
c6582df2e5
Fix memory leak that occurs on JSON parsing error 2021-12-29 06:46:25 -08:00
Martin Vierula
41918335fa
Support configurable limit on depth of JSON parsing 2021-11-18 17:35:40 -08:00
Felipe Zimmerle
25e5543c7f Allow empty arrays in JSON parser 
Issue #1576
 2018-11-26 10:40:46 -03:00
Robert Paprocki
830f0b7c54 Fix compiler warning in JSON parser 2018-03-20 10:57:19 -07:00
florian-eichelberger
f86de566d1
Enables sanitizing of json request bodies in the apache module for native log format 2018-02-05 09:36:45 -03:00
Ephraim Vider
21a63cb83e
json parser handle cleanup 2016-09-21 00:03:40 -03:00
Felipe Zimmerle
ec61749a68 Changes JSON parser to not accept parcial contents 
Also cleanup installer file.
 2014-03-31 16:22:10 -07:00
Felipe Zimmerle
c5c2690809 Adds origin to the paramenters that cames from JSON 
That is necessary otherwise the Auditlog will try to access it generating
a segfault.
 2014-03-31 16:22:09 -07:00
Felipe Zimmerle
09ced44ffa Supports the yajl version 2 
Initially the code was made to support the yajl version 1. The
version 2 is now the default option in most of Linux distributions.
 2014-03-31 16:22:09 -07:00
Felipe Zimmerle
8d4c3e4f5c Makes the build system to look for yajl using a macro file 
Now searching for yajl using find_yajl.m4 macro file instead
of using pkg-config directly. If YAJL was not found or if it
was disabled in the configure phase, the code will be compiled
without JSON support.
 2014-03-31 16:22:09 -07:00
Ulisses Albuquerque
c23097ce18 Added support for JSON body processor 2014-03-31 16:22:09 -07:00