github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,154 Commits 55 Branches 109 Tags
12e6e325d1e6367f61dbaecc314919b99eed67fa
Commit Graph

3154 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Martin Vierula
0275c8847b Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended 2021-12-21 06:18:53 -08:00
Martin Vierula
19d50f4da4 Add a const to satisfy cppcheck 2021-12-20 09:41:38 -08:00
Martin Vierula
13e8be83c5 CHANGES: Preparing for next version 2021-12-20 06:38:45 -08:00
Martin Vierula
c3d7f4b560 Change release version to v3.0.6 v3.0.6 2021-11-19 11:23:27 -08:00
Martin Vierula
d16c3250a9 Add a few cppcheck suppressions 2021-11-16 11:26:16 -08:00
martinhsv
d8afc4029b Merge pull request #2642 from martinhsv/v3/master 
Support configurable limit on depth of JSON parsing
 2021-11-15 22:28:49 -05:00
Martin Vierula
ac79c1c29b Support configurable limit on depth of JSON parsing 2021-11-15 18:51:25 -08:00
Mesar ali
5aec781d39 Confusing variable name in setRequestBody method 2021-11-02 12:35:29 +05:30
EarlRoth
ec86b242e1 Update README.md 2021-09-13 16:28:54 -06:00
Howard Chu
a6e1074844 Fix #2601 misuses of LMDB API 
Only open DBI once, doesn't need closing.
Never reuse a txn handle after commit.
Use MDB_RDONLY for txns that aren't doing any writes
 2021-08-09 14:28:54 +01:00
Fabrice Fontaine
d2b700d7af build/libmaxmind.m4: fix build with host-pkgconf 
Build with maxminddb is broken since version 3.0.5 and
785958f9b5
because libmaxminddb has been removed from MAXMIND_POSSIBLE_LIB_NAMES

So, as suggested by Arnout in #2131, don't use
MAXMIND_POSSIBLE_LIB_NAMES for pkg-config, because it was never called
anything other than libmaxminddb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 2021-07-25 18:35:59 +02:00
Filip Sandborg-Olsen
465db29b76 docs: correct project name 2021-07-09 10:22:51 -03:00
Felipe Zimmerle
873a94a73f CHANGES: Preparing for a next version 2021-07-09 10:21:10 -03:00
Felipe Zimmerle
bf881a4eda Change release version to v3.0.5 v3.0.5 2021-07-07 10:13:14 -03:00
martinhsv
cd5fba8974 Handle URI received with uri-fragment 2021-07-05 14:51:21 -03:00
martinhsv
faad65d385 Merge pull request #2586 from martinhsv/v3/master 
Add commented-out sample rule to engage JSON Processor for more subtypes
 2021-07-03 13:15:16 -04:00
martinhsv
bffd68e4d1 Add commented-out sample rule to engage JSON Processor for more subtypes 2021-06-30 11:38:52 -07:00
Felipe Zimmerle
5a0ae73ba6 Update README.md 2021-06-21 13:30:52 -03:00
Takaya Saeki
3bfe4b81af build: Fix pcre's JIT support detection was not working 2021-05-24 10:33:11 -03:00
Felipe Zimmerle
662c05f89b build: Adding a new path while searching for liblua. 
Alpine has a different folder to hold concurrent versions of
Lua. This commit address issue #2560.
 2021-05-24 10:33:11 -03:00
Felipe Zimmerle
a589f6b693 Build: using PKG-CONFIG in a new fashion 
Trying to avoid bulid errors if pkg-config is available.
 2021-05-24 10:33:11 -03:00
Kedu SCCL
754daebfb0 Update README.md 
Fixed typo in README
 2021-05-24 08:50:10 -03:00
martinhsv
65e7e474b1 fix missing parentheses in filename* parsing 2021-05-11 13:46:50 -07:00
Felipe Zimmerle
7fccb0d225 Cosmetic: pleasing cppcheck 2021-05-11 10:27:58 -03:00
Felipe Zimmerle
6fdba42c02 Cosmetics: Having cppcheck pleased 
(...) remove_comments.cc,62,style,knownConditionTrueFalse,Condition 'incomment==0' is always true
(...) remove_comments.cc,66,style,knownConditionTrueFalse,Condition 'incomment==0' is always true
(...) remove_comments.cc,69,style,knownConditionTrueFalse,Condition 'incomment==0' is always true
 2021-05-10 12:32:09 -03:00
Felipe Zimmerle
66ba7b065a Cosmetic: fix static warning 2021-05-04 21:04:21 -03:00
Felipe Zimmerle
1e2ccc1578 test: Fix optimization test 2021-05-04 12:57:09 -03:00
Neil Craig
1376882f7d Fix typo 2021-04-29 14:28:28 -03:00
Felipe Zimmerle
4127c1bf52 README: States the sponsor note 2021-03-08 09:36:02 -03:00
Felipe Zimmerle
a18d18a28f Revert "Adds hyperscan to the build matrix" 
This reverts commit a496865e96.
 2021-02-26 11:33:18 -03:00
Felipe Zimmerle
4cdcc15334 Revert "Adds suppor for HyperScan in the bulid system" 
This reverts commit 912704b6d4.
 2021-02-26 11:33:12 -03:00
Felipe Zimmerle
a496865e96 Adds hyperscan to the build matrix 2021-02-26 11:23:29 -03:00
Felipe Zimmerle
912704b6d4 Adds suppor for HyperScan in the bulid system 2021-02-26 11:15:02 -03:00
Felipe Zimmerle
2e69ce6ccf build: Fix curl include path 
Issue #2519
 2021-02-24 13:20:24 -03:00
Felipe Zimmerle
50fc347ed4 Fix rules dump 
The unique pointer for file name was being used multiple times
on SecMarker.
 2021-02-04 11:07:22 -03:00
martinhsv
6ca028b6f5 Fix memory leak in rx operator when pattern includes macro 2021-01-25 19:39:10 -03:00
Felipe Zimmerle
9764b1fb3b CHANGES: Fix entry for ARGS_NAMES 2021-01-25 14:59:17 -03:00
Felipe Zimmerle
53d36ab63a Updates libInjection 
* Updates libInjection repository to libinjection.github.io
 * Update libInjection to version 3.9.2, plus:
   - Pass the correct pointer to memmem()
     In parse_money(), if there is a "$foobar$", it calls memmem() to
     find it again. Wrong pointer can cause itself to backtrack in a
     dead loop and hang the entire process.
   - Addresses some issues reported by cppcheck, including an overflow
     on parse_slash.
 2021-01-25 14:16:22 -03:00
Dmitri Toubelis
102f4bdd91 Make the configure step more reliable 
Iyt appears that in cross compile environments the location of the
"current" directory cannot be assumed. This fix makes it explicit.
 2021-01-25 09:26:51 -03:00
martinhsv
fbea73120c Fix: FILES variable does not use multipart part name for key 2021-01-24 15:06:30 -03:00
Felipe Zimmerle
f1f2527c03 Using setenv instead of putenv on SetEnv action 2021-01-24 14:59:59 -03:00
Felipe Zimmerle
03b3e472d4 cosmetics: Please static check 2021-01-24 11:53:52 -03:00
Felipe Zimmerle
e8bd2151f2 Having _NAMES, variables proxied 
Some variables share content with others; that is the case
for ARGS and ARGS_NAMES. Those are different in value, as
ARGS_NAMES holds the key name as value.

Instead of duplicating the strings for the different
collections, this patch unifies the collection in radix,
avoiding memory fragmentation. It is currently doing some
fragmentation while resolving the variable, but to be
mitigated by shared_ptr is VariableValues, a different
change.

TODO: place others variables such as COOKIE*NAMES to use
the same proxy.
 2021-01-24 11:30:22 -03:00
Felipe Zimmerle
dd458dedb8 github workflow: having bison from brew 2021-01-22 20:52:49 -03:00
Felipe Zimmerle
3748d62f19 Changes copyright dates on the code 2021-01-19 09:24:37 -03:00
Felipe Zimmerle
33f7b46bcc Using GitHub Workflow instead of Travis 
Changes QA badge to GitHub
 2021-01-19 09:17:25 -03:00
Felipe Zimmerle
b3cfd88819 Having Travis working again 2021-01-18 08:59:26 -03:00
Felipe Zimmerle
f948d637f2 Having the QA on GitHub workflow 2021-01-14 09:15:18 -03:00
Felipe Zimmerle
e6bdadeb69 tests: Prints test number on segfault 2021-01-13 13:38:38 -03:00
Felipe Zimmerle
9b40a045bb Cosmetics: fix some cppcheck complains to please QA 2021-01-13 13:30:04 -03:00