845 Commits

Author	SHA1	Message	Date
Felipe Zimmerle	98b9ae659d	Having a better organization for Variables::	2018-09-24 16:39:48 -03:00
Felipe Zimmerle	ee50fea266	Handling key exceptions on the variable itself ... This is the first step towords to solve #1697	2018-09-24 16:16:30 -03:00
Victor Hora	6f458b5203	Fix on top of jmx's m.setvar commit for USER collection in Lua scripts	2018-09-19 19:41:49 -04:00
jxm	45cdb0ed90	fix: function m.setvar not work in lua script	2018-09-19 19:34:13 -04:00
Felipe Zimmerle	c2bc695265	parser: Fix typo on SanitiseArgs ... Related to: #715 and #1889	2018-09-12 09:37:34 -03:00
Felipe Zimmerle	9c73c09abd	parser: Updates the generated parser file	2018-09-11 21:01:13 -03:00
Victor Hora	a719871458	Fix matching condition and adjust test case	2018-09-11 20:53:17 -03:00
Victor Hora	379f370095	Fix SecResponseBodyAccess and ctl:requestBodyAccess directives	2018-09-11 20:52:30 -03:00
Victor Hora	0c0b09ec52	Use glob.h when using OpenBSD	2018-09-11 20:45:58 -03:00
Victor Hora	d97688804e	Fix parser to support GeoLookup with MaxMind	2018-09-11 20:40:28 -03:00
Felipe Zimmerle	764a2e43ff	parser: Fix simple quote setvar in the end of the line. ... Fix #1831	2018-09-11 15:35:26 -03:00
Felipe Zimmerle	d7b9726357	good practices: Initialize variables before use it ... Original author: Marc Stern (#1889)	2018-09-05 23:35:24 -03:00
Felipe Zimmerle	a85ca00a55	Fix utf-8 character encoding conversion ... Reported on: #1794	2018-09-04 21:01:11 -03:00
Victor Hora	aa158ceef3	Set the correct variable (m_requestBodyType) and add test case	2018-08-22 22:46:37 -03:00
Victor Hora	f999f54eda	Adds support for ctl:requestBodyProcessor=URLENCODED	2018-08-22 22:07:04 -03:00
Robert Paprocki	dee9898449	Implement support for Lua 5.1	2018-07-27 15:43:12 -04:00
michaelgranzow-avi	d810de9166	#1818: Variable names must match fully, not partially; also revert to hash table lookup instead of linear search; add test case	2018-06-26 10:47:03 -03:00
Victor Hora	fd8e72fd97	Allow empty strings to be evaluated by regex::searchAll	2018-06-18 22:11:48 -03:00
Felipe Zimmerle	e51297b436	Improvements on top of #1787	2018-06-12 15:43:08 -03:00
Ervin Hegedus	edb5993d5f	Fixed LMDB collection errors	2018-06-12 14:47:44 -03:00
Ervin Hegedus	4d0ca94490	Modified the false pos. UNMATCHED_BOUNDARY error flag	2018-06-12 01:09:36 -03:00
Ervin Hegedus	af4afd348c	Fixed false positive MULTIPART_UNMATCHED_BOUNDARY errors	2018-06-12 01:09:36 -03:00
Reed Morrison	95048d5fcf	Fix ip tree lookup on netmask content	2018-06-07 14:29:27 -03:00
Felipe Zimmerle	202a15bea8	Changes the behavior of the default sec actions ... Fix #1629	2018-05-31 14:52:53 -03:00
Felipe Zimmerle	892beb5360	Refactoring on {global,ip,resources,session,tx,user} collections ... Now using the same name schema and interface for these "special" collection. Fix: #1754, #1778	2018-05-29 23:48:05 -03:00
Felipe Zimmerle	f928e44765	Revert "Fix memory leak in msc_rules_* C APIs" ... This reverts commit 58701e7e11a4f65ee5edc2c142c507e578ff7c1b. It was breaking the multi-thread examples.	2018-05-28 18:59:55 -03:00
Wenfeng Liu	b85a645610	Fix race condition in UniqueId::uniqueId()	2018-05-28 18:09:50 -03:00
Wenfeng Liu	58701e7e11	Fix memory leak in msc_rules_* C APIs	2018-05-24 12:51:13 -03:00
Wenfeng Liu	45e531236a	Return false in SharedFiles::open() when an error happens	2018-05-24 10:21:37 -03:00
Wenfeng Liu	fd9a161e74	Use rvalue reference in ModSecurity::serverLog to avoid string copy	2018-05-22 22:41:20 -03:00
Victor Hora	87e64e3c25	Actually fix setvar parsing of quoted data	2018-05-17 13:43:12 -03:00
Robert Paprocki	e4c822e663	Code cleanup: Initialize variables and others good practice ... - initialize invalid_countin UrlDecode :: evaluate - Free resources before the process die (good practice)	2018-05-13 17:08:07 -03:00
Felipe Zimmerle	42a472adbd	Check if response body inspection is enabled before process it	2018-05-08 10:59:30 -03:00
Robert Paprocki	2669add8e0	Fix memory leak in processContentOffset	2018-05-03 15:10:01 -03:00
Robert Paprocki	cc72035034	Remove an unused variable	2018-05-03 15:10:00 -03:00
Victor Hora	5e40850697	Fix setvar parsing of quoted data	2018-05-03 14:40:48 -03:00
Robert Paprocki	cd1a058c33	Code cosmetics: Clean up MD5 hexdigest ... The null terminator is not necessary when using this form of the std::string constructor, and its use was confusing given the extra indent.	2018-05-03 13:41:49 -03:00
Felipe Zimmerle	d0b423fdd7	Adds time stamp back to the audit logs ... Fix issue #1762	2018-05-03 13:37:01 -03:00
Felipe Zimmerle	6f92c8914a	Disables skip counter if debug log is disabled	2018-04-24 14:17:01 -03:00
Victor Hora	bb2ecdf4db	Add missing escapeSeqDecode, urlEncode and trimLeft/Right tfns to parser	2018-04-24 09:26:30 -03:00
Felipe Zimmerle	6d5bb42bd8	Normalizes Bison version	2018-04-24 09:15:39 -03:00
Victor Hora	2037a08b34	Fix STATUS var parsing and accept STATUS_LINE var for v2 backward compatibility	2018-04-24 09:06:39 -03:00
Andrei Belov	268f34bbcc	Fix memory leak in modsecurity::utils::expandEnv() ... Found by ASAN.	2018-04-23 22:54:13 -03:00
Ervin Hegedus	e7ea5433d5	Initialize m_dtd member in ValidateDTD class as NULL	2018-04-23 22:43:36 -03:00
Andrei Belov	5e65d560f8	Fix utils::string::ssplit() to handle delimiter in the end of string ... This closes #1743.	2018-04-22 11:37:30 -03:00
Victor Hora	5018358371	Fix variable FILES_TMPNAMES	2018-04-22 11:11:46 -03:00
Andrei Belov	8285a97460	Fix memory leak in Collections ... This closes #1729.	2018-04-05 09:48:51 -03:00
Felipe Zimmerle	0ca5994744	Adds support for ctl:ruleRemoveByTag action	2018-03-26 17:01:53 -03:00
Andrei Belov	138e301695	Reverse logic of checking output in @inspectFile ... This change makes @inspectFile in ModSecurity 3.x to operate in exact the same way as it operates in ModSecurity 2.x, so existing helper scripts like runav.pl [1] will work without any changes. [1] https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0/master/util/av-scanning/runav.pl	2018-03-22 23:06:30 -03:00
Felipe Zimmerle	df169ea108	Adds support for libMaxMind	2018-03-22 19:11:42 -03:00