github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,243 Commits 55 Branches 109 Tags
Commit Graph

66 Commits

Author SHA1 Message Date
Ervin Hegedus
e7e11d972f
Merge pull request #3202 from marcstern/v2/pr/assert 
Fixed assert() usage
 2024-08-18 22:58:06 +02:00
Marc Stern
7c379c8d59 Fixed assert() usage: 
- added some missing
 - removed some invalid
 - removed some that were not relevant in the context of the current function, when done in a called function
 2024-07-31 11:17:36 +02:00
Marc Stern
cd65a44d64 Removed useless code 2024-07-22 16:53:58 +02:00
Marc Stern
91da5872c1 Many null pointer checks 2024-02-20 13:15:52 +01:00
Allan Boll
f15976f68f
Allow 0 length JSON requests. 0 len XML and multipart already allowed. 2018-11-27 09:01:05 -03:00
Allan Boll
2ae357be88
Let body parsers observe SecRequestBodyNoFilesLimit 
Previously, modsecurity_request_body_store would keep feeding the body parsers (JSON/XML/Multipart) even after the SecRequestBodyNoFilesLimit limit was met. This change prevents this. Also, modsecurity_request_body_end now returns an error code when the limit is met, so that a message can be logged for this event.
 2018-09-05 16:08:21 -03:00
Felipe Zimmerle
6406e2108d
Makes `large stream optimization' optional 2017-10-06 16:43:45 +00:00
Allan Boll
2e9ea0a677
Avoid use of min-macro, as it is not available in all envs 2017-10-05 17:20:41 +00:00
Allan Boll
7fff8938ba
Check return value of modsecurity_request_body_store 2017-10-05 17:20:41 +00:00
Allan Boll
023b863853
Ensure memory preallocation for streaming is bounded by SecRequestBodyLimit 2017-10-05 17:20:41 +00:00
Allan Boll
97b51ebfed
Renamed local var and initialized local vars. Undid accidental move. 2017-10-05 17:20:40 +00:00
Allan Boll
afae690655
Preallocate memory when SecStreamInBodyInspection is on. 20x speed improvement for 10mb upload. Also simplified modsecurity_request_body_to_stream. 2017-10-05 17:20:40 +00:00
Felipe Zimmerle
61bce8d9a9
Cosmetics: moving declaration to the too of the block 2017-07-14 13:47:30 -03:00
Robert Paprocki
709042a472
Don't unnecessarily rename request body parts in cleanup 
When tmp_dir and upload_dir are identical, there's no reason to
rename multipart and request body parts, as this is a non-op. Let's
save the cycles and syscall.
 2016-10-10 10:06:38 -03:00
Felipe Zimmerle
8d4c3e4f5c Makes the build system to look for yajl using a macro file 
Now searching for yajl using find_yajl.m4 macro file instead
of using pkg-config directly. If YAJL was not found or if it
was disabled in the configure phase, the code will be compiled
without JSON support.
 2014-03-31 16:22:09 -07:00
Ulisses Albuquerque
c23097ce18 Added support for JSON body processor 2014-03-31 16:22:09 -07:00
Breno Silva
aa18ec7f45 Updated copyright dates 2013-04-19 03:20:46 -04:00
Breno Silva
0840b13612 Fixed: chuck null pointer when unknown CT is sent and over in-memory limit 2013-04-04 11:04:22 -04:00
brenosilva
040d4469df Enable warning message with over SecRequestBodyNoFilesLimit 2012-08-30 16:22:23 +00:00
brenosilva
bdcecf50fa MODSEC-328 2012-08-09 17:20:21 +00:00
brenosilva
f92f8219d4 fix stream vars memory leak 2011-12-05 17:01:51 +00:00
brenosilva
de02ea5e4f Add new unicode map settings and fix requet body truncate bug 2011-06-30 13:22:39 +00:00
brenosilva
d4d3497539 clean stream buffer 2011-04-28 17:49:05 +00:00
brenosilva
0ee85b3485 clean stream buffer 2011-04-28 16:57:26 +00:00
brenosilva
0cc30904b9 Fix issue in input stream 2011-04-28 16:32:41 +00:00
brenosilva
1aa4cace65 Fix compiler warnings 2011-04-27 21:54:16 +00:00
brenosilva
3b4c46f27b Improvements in detection only 2011-04-05 21:16:58 +00:00
brenosilva
cb3353f13d Improvements in detection only 2011-04-05 00:18:37 +00:00
brenosilva
3377831b36 Improvements in detection only 2011-04-04 22:07:27 +00:00
brenosilva
50205ebf62 Improvements in detection only 2011-04-04 21:02:13 +00:00
brenosilva
104f0de46e New License 2011-03-30 14:12:44 +00:00
brenosilva
a2f01d31a4 Experimental reallocation memory for rsub 2011-03-26 14:53:04 +00:00
brenosilva
49732256f6 Improvements, fixes and new features 2011-03-25 13:51:13 +00:00
brenosilva
7f52d86e4b Include data edition, sanitizematched and few fixes 2011-02-14 12:49:55 +00:00
brenosilva
d0e2546f9b MODSEC-21 2011-01-14 16:22:15 +00:00
brenosilva
549f059480 move 2.5.13 into trunk 2010-12-08 18:58:18 +00:00
b1v1r
058283fb5a Add the ability to build custom request body parser extensions. 
Add an example for a request body parser extension.
 2010-05-05 23:01:11 +00:00
b1v1r
08edc0c26f Merge 2.5.x (2.5.12) changes into trunk. 2010-02-05 19:05:20 +00:00
ivanr
6d5e752cb3 Added URLENCODED_ERROR, which is raised when invalid URL encoding is encountered 2009-12-12 14:21:17 +00:00
b1v1r
b01f8190e4 Merged 2.5.x changes for 2.5.11 into trunk. 2009-11-06 18:38:15 +00:00
ivanr
aa1e053025 Fix typo 2009-08-28 16:56:44 +00:00
b1v1r
dc0a2161ac Merge 2.5.9 changes into trunk. 2009-03-12 15:31:10 +00:00
ivanr
5740f7a3eb Tidy up. 2008-09-10 14:15:37 +00:00
brectanus
f5af5ef429 Remove declaration of an unused variable. 2008-09-03 21:20:06 +00:00
brectanus
34798e9abe Allow ability to force request body buffering to memory. Fixes MODSEC-2. 2008-09-03 20:42:28 +00:00
brectanus
10713fbd37 Sync up branches/2.5.x and trunk. 2008-07-31 22:36:24 +00:00
ivanr
c8e35797fd Improve request body processing error messages (#504). 2008-05-30 12:13:27 +00:00
brectanus
aa6be1614e Make sure all filehandles are closed at the end of a trasaction. See #464 and #465. 
Fixes a few typos in some error messages when we are over the limits.
 2008-03-28 20:00:37 +00:00
brectanus
f428d37680 Cleanup - remove extraneous whitespace and tabs. 2008-02-07 21:45:05 +00:00
brectanus
e2ad283fdb Fix some sprintf formatters so they do not generate warnings. 2008-02-04 21:50:10 +00:00