github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 11:44:32 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,463 Commits 55 Branches 109 Tags
13203ae5e7dba5ce8e80fd720573ca6e1e3155e6
Commit Graph

1188 Commits

Author SHA1 Message Date
Martin Vierula
b41139acd6 Fix: MULTIPART_INVALID_PART connected to wrong internal variable 2022-08-17 16:15:06 -07:00
Martin Vierula
c3b7a7f4f0 Change some args from pass-by-value (satisfies cppcheck) 2022-06-15 07:20:28 -07:00
Danila Vershinin
204908cf50 Prevent segfault for #2755 
Make transactions no-op if the file handle is invalid
 2022-06-09 18:10:26 +03:00
Martin Vierula
14c94e2eb2 Restore Unique_id to include random portion after timestamp 2022-06-03 10:32:53 -07:00
Martin Vierula
0362af4db4 Move PCRE2 match block from member variable 2022-05-20 06:58:31 -07:00
martinhsv
844e1bf6eb Merge pull request #2727 from liudongmiao/patch-1 
fix memory leak when concurrent log includes REMOTE_USER
 2022-05-05 18:24:02 -04:00
martinhsv
83c302e6ab Merge pull request #2688 from ziollek/lmdb_single_env 
LMDB - fix integration, restoring ability of use lmdb with nginx-modsecurity
 2022-04-29 13:08:39 -04:00
tomasz.ziolkowski
82326ffe2b shift lmdb initialization to provider constructor which is called only once 2022-04-29 08:06:23 +02:00
tomasz.ziolkowski
00483e4009 swtich singleton to thread safe version 2022-04-28 10:58:27 +02:00
Martin Vierula
606f5721c2 Change some parms to const reference (satisfies cppcheck) 2022-04-27 08:57:09 -07:00
Martin Vierula
f7f8a9827f Fix initcol error message wording 2022-04-26 16:40:03 -07:00
Martin Vierula
6e56950cdf Tolerate other parameters after boundary in multipart C-T 2022-04-26 11:17:46 -07:00
Liu DongMiao
6b7f2b0d63 fix memory in transaction.cc when log REMOTE_USER 2022-04-24 17:06:30 +08:00
Martin Vierula
1aa7616c18 Add DebugLog message for bad pattern in rx operator 2022-04-21 11:16:01 -07:00
Martin Vierula
f84614fe06 Support PCRE2 2022-04-13 10:44:56 -07:00
tomasz.ziolkowski
3b50b2634b remove destructor, close environment only once 2022-03-08 12:27:08 +01:00
tomasz.ziolkowski
1fa95ec2e8 set initialized flag, remove unnecessary semicolon 2022-03-08 11:21:43 +01:00
tomasz.ziolkowski
46f40899e7 Fix parallel lmdb readonly transactions 2022-03-06 15:19:59 +01:00
Martin Vierula
4c526fc218 Support SecRequestBodyNoFilesLimit 2022-02-15 14:53:34 -08:00
Martin Vierula
5106307cc6 Change one parm from pass-by-value to reference-to-const 2022-02-09 13:02:06 -08:00
martinhsv
d0813fec45 Merge pull request #2602 from LMDB/issue2601 
Fix #2601 misuses of LMDB API
 2022-02-09 10:46:15 -05:00
martinhsv
b89c737ad3 Merge pull request #2677 from gleydsonsoares/loadFromUri_zap_duplicate_words 
tweak loadFromUri: zap duplicate words in comment
 2022-01-26 20:13:50 -05:00
martinhsv
2cde1933a7 Merge pull request #2680 from SpiderLabs/v3/dev/issue_2606_a 
Add ctl:auditengine action support
 2022-01-26 15:53:53 -05:00
Martin Vierula
2d51efae49 Add ctl:auditengine action support 2022-01-20 14:04:30 -08:00
Gleydson Soares
b052adf0b8 tweak loadFromUri: zap duplicate words in comment 2022-01-20 10:47:21 -03:00
Martin Vierula
3ee6e108d6 Fix multiMatch msg, etc, population in audit log 2022-01-14 09:25:07 -08:00
Martin Vierula
cb80837e6a Remove old commented-out re: audit log, relevant 2022-01-08 09:08:25 -08:00
martinhsv
2de14cb000 Merge pull request #2635 from Mesar-Ali/patch-1 
Adjust confusing variable name in setRequestBody method
 2021-12-30 11:29:37 -05:00
Mesar ali
f82b98c04d Confusing variable name in setRequestBody method 2021-12-30 08:55:51 +05:30
Martin Vierula
f34b49f666 Multipart names may include single quote if double-quote enclosed 2021-12-23 08:02:43 -08:00
Martin Vierula
19d50f4da4 Add a const to satisfy cppcheck 2021-12-20 09:41:38 -08:00
Martin Vierula
ac79c1c29b Support configurable limit on depth of JSON parsing 2021-11-15 18:51:25 -08:00
Mesar ali
5aec781d39 Confusing variable name in setRequestBody method 2021-11-02 12:35:29 +05:30
Howard Chu
a6e1074844 Fix #2601 misuses of LMDB API 
Only open DBI once, doesn't need closing.
Never reuse a txn handle after commit.
Use MDB_RDONLY for txns that aren't doing any writes
 2021-08-09 14:28:54 +01:00
martinhsv
cd5fba8974 Handle URI received with uri-fragment 2021-07-05 14:51:21 -03:00
martinhsv
65e7e474b1 fix missing parentheses in filename* parsing 2021-05-11 13:46:50 -07:00
Felipe Zimmerle
7fccb0d225 Cosmetic: pleasing cppcheck 2021-05-11 10:27:58 -03:00
Felipe Zimmerle
6fdba42c02 Cosmetics: Having cppcheck pleased 
(...) remove_comments.cc,62,style,knownConditionTrueFalse,Condition 'incomment==0' is always true
(...) remove_comments.cc,66,style,knownConditionTrueFalse,Condition 'incomment==0' is always true
(...) remove_comments.cc,69,style,knownConditionTrueFalse,Condition 'incomment==0' is always true
 2021-05-10 12:32:09 -03:00
Felipe Zimmerle
66ba7b065a Cosmetic: fix static warning 2021-05-04 21:04:21 -03:00
Felipe Zimmerle
4cdcc15334 Revert "Adds suppor for HyperScan in the bulid system" 
This reverts commit 912704b6d4.
 2021-02-26 11:33:12 -03:00
Felipe Zimmerle
912704b6d4 Adds suppor for HyperScan in the bulid system 2021-02-26 11:15:02 -03:00
Felipe Zimmerle
2e69ce6ccf build: Fix curl include path 
Issue #2519
 2021-02-24 13:20:24 -03:00
Felipe Zimmerle
50fc347ed4 Fix rules dump 
The unique pointer for file name was being used multiple times
on SecMarker.
 2021-02-04 11:07:22 -03:00
martinhsv
6ca028b6f5 Fix memory leak in rx operator when pattern includes macro 2021-01-25 19:39:10 -03:00
martinhsv
fbea73120c Fix: FILES variable does not use multipart part name for key 2021-01-24 15:06:30 -03:00
Felipe Zimmerle
f1f2527c03 Using setenv instead of putenv on SetEnv action 2021-01-24 14:59:59 -03:00
Felipe Zimmerle
e8bd2151f2 Having _NAMES, variables proxied 
Some variables share content with others; that is the case
for ARGS and ARGS_NAMES. Those are different in value, as
ARGS_NAMES holds the key name as value.

Instead of duplicating the strings for the different
collections, this patch unifies the collection in radix,
avoiding memory fragmentation. It is currently doing some
fragmentation while resolving the variable, but to be
mitigated by shared_ptr is VariableValues, a different
change.

TODO: place others variables such as COOKIE*NAMES to use
the same proxy.
 2021-01-24 11:30:22 -03:00
Felipe Zimmerle
3748d62f19 Changes copyright dates on the code 2021-01-19 09:24:37 -03:00
Felipe Zimmerle
9b40a045bb Cosmetics: fix some cppcheck complains to please QA 2021-01-13 13:30:04 -03:00
Felipe Zimmerle
f18595f428 Makes regular expression selection on collections key case insensitive 
This issue was initially reported by @michaelgranzow-avi on #2296.

@airween made an initial attempt to provide a fixed at #2107; As a
consequence of the pull request review - provided by @victorhora,
@zimmerle, and @michaelgranzow-avi - @airween made a second attempt
at #2297. After reviewing by @martinhsv, @zimmerle, I have absorbed
the essential pieces from @airween patch into this one.

This patch differs from @airween's because @airween's patches were
partially working: Key exclusions with regex weren't covered, same
for anchored variables (e.g. ARGS). During the review, I have
highlighted the importance of having elementary test cases. A simple
test case on ARGS could spot the issue. Since that is an important
fix, I don't want to hold this for one more review cycle; therefore,
I am committing the fix myself.

Thank you all involved in the solution of this very own issue.
 2020-12-10 10:05:07 -03:00