github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,670 Commits 55 Branches 109 Tags
Commit Graph

2670 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
274f9e5aa1
Refactoring on RuleMessage class, now accepting http code as parameter 2017-10-19 23:00:47 -03:00
Felipe Zimmerle
39fb75c34d
Having disruptive msgs as disruptive [instead of warnings] on audit log 
Issue #1592
 2017-10-17 14:58:04 -03:00
Felipe Zimmerle
30797a458b
Parser: Pipes are no longer welcomed inside regex dict element selection. 
Issue #1591
 2017-10-17 11:46:44 -03:00
Felipe Zimmerle
1518c43d61
Adds test case for issue #1565 2017-10-11 23:19:20 -03:00
Felipe Zimmerle
1ad95254cd
Avoids unicode initialization on every rules block 
ModSecurity-nginx/#67
ModSecurity/#1563
 2017-10-11 12:40:48 -03:00
Felipe Zimmerle
20edf9ab77
Removes xml initialization from CURL if/def 2017-10-10 18:14:41 -03:00
Felipe Zimmerle
41bf7f716b
Calls xml init and xml cleanup to avoid memory leak 
Fix #1553
 2017-10-10 15:03:50 -03:00
Felipe Zimmerle
30364628a0
Makes clear to the user when audit log is empty due to missing JSON sup. 2017-10-10 10:25:53 -03:00
Felipe Zimmerle
d3f979f1d2
Makes auditlog more verbose on debug logs 2017-10-10 09:30:21 -03:00
Felipe Zimmerle
e09304a08a
CHANGES: Adds info about #1583 2017-10-09 09:08:31 -03:00
Victor Hora
d285bc02b8
Add missing statements 2017-10-09 09:02:32 -03:00
Victor Hora
63bef3d142
Support to JSON stuff on serial logging 2017-10-09 09:02:31 -03:00
Felipe Zimmerle
2988c5bb07
CHANGES: add info about #1536 2017-10-06 20:35:09 +00:00
Felipe Zimmerle
fa7973a4ef
Removes a regex optimization added at #1536 2017-10-06 20:32:40 +00:00
asterite
9e9db08b87
add @rx macro expansion test to list in Makefile 2017-10-06 20:30:09 +00:00
asterite
10c4f9b1b2
add a test for macro expansion in @rx 2017-10-06 20:30:04 +00:00
asterite
a76030256e
support macro expansion in @rx 
try to use macro expansion on @rx argument before matching.
If after expansion argument changed, make new Regex from
the macro-expanded argument and use that for matching.
Fixes #1528
 2017-10-06 20:30:00 +00:00
Felipe Zimmerle
210e72aa21
Consideres under quote variable while loading the rules 2017-10-06 20:25:20 +00:00
Felipe Zimmerle
658c9b5dae
Adds CHANGES info for #1571 2017-09-29 17:18:36 +00:00
Dávid Major
a5266d6d1c
Store the connection and url parameters in std::string 2017-09-29 17:18:30 +00:00
Felipe Zimmerle
ba4e2e3737
Adds CHANGES info for #1572 2017-09-29 17:18:06 +00:00
Dávid Major
495b47d8a2
Eliminate some reorder and sign warnings 2017-09-29 17:16:09 +00:00
Felipe Zimmerle
4909713991
Adds CHANGES info for #1562 2017-09-27 12:41:40 +00:00
David Buckle
082a0d3aca
Adds ios::[open|app] to the parallel.cc to fix write over SELinux 2017-09-27 12:39:56 +00:00
Felipe Zimmerle
48be601ca7
Very first version of our changes file 2017-09-26 16:33:48 +00:00
Felipe Zimmerle
1c91e80777
Extends acmp_prepare to pm_from_file 2017-09-26 16:33:35 +00:00
Felipe Zimmerle
7d786b3350
Makes pm mutex optional via configuration flag 2017-09-26 16:33:31 +00:00
Felipe Zimmerle
119a6fc074
test-only: Placing a mutex while evaluating the pm operator 
Performing an earlier optimization of the tree (before threads creation)
 2017-09-26 16:33:26 +00:00
Felipe Zimmerle
a2427df27f
fix: ignore .git directory while generating the release file v3.0.0-rc1 2017-08-27 23:51:20 -03:00
Felipe Zimmerle
04f7009980
Adds a simple release script 2017-08-27 22:06:20 -03:00
Felipe Zimmerle
cca3642530
Changes release tag to -rc1 2017-08-27 22:06:20 -03:00
Felipe Zimmerle
224f6ef260
Fix configuration schema on the configure summary 2017-08-27 22:06:20 -03:00
Felipe Zimmerle
7ac6bf7241
Fix memory issues while resolving variables 2017-08-27 22:06:20 -03:00
Felipe Zimmerle
003a8e8e5f
Uses shared_ptr on variable names 2017-08-27 22:06:20 -03:00
Victor Hora
9d062f53a7 Merge pull request #1543 from defanator/remove-SecRequestBodyInMemoryLimit-from-conf 
Remove SecRequestBodyInMemoryLimit from configuration template
 2017-08-24 13:52:21 -04:00
Mirko Dziadzka
5c737c2c06
Treat _NAMES variables as collections (#5) 
* Treat _NAMES variables as collections

* Fix an issue with the offset of ARGS_NAMES.

* Fix regression tests for the new behaviour.

* Add generated seclang files.
 2017-08-24 00:39:21 -03:00
Felipe Zimmerle
9069a453e5
Revert "Treating ARGS_NAMES as an array instead of scalar" 
This reverts commit 1d3c4c670db1bb475c83cd2f24455bb5bd6ee6a4.
 2017-08-24 00:10:42 -03:00
Mirko Dziadzka
43e3ff91e8
Fixes a bug with an unitialized variable. 
new_debug_log was unitialized during an error code path.

Fixed this by explicit initializing it to NULL and fixing the order of
the error labels. They now present the correct (reverse) order of the
goto statements.
 2017-08-23 23:53:46 -03:00
michaelgranzow-avi
3a048ee2db
Support --enable-debug-logs=no option of configure script (#2) 
* Support --enable-debug-logs=no option of configure script

* Undo unintended white space changes

* Undo more unintended white space changes

* Address review comments - thanks Mirko

* Address more review comments - thanks Mirko
 2017-08-23 23:50:16 -03:00
Andrei Belov
f6af42c235
Remove SecRequestBodyInMemoryLimit from configuration template 
It is no longer supported since 81879cd, so it would be better
to remove any mentions from configuration as well to avoid possible
confusions.
 2017-08-23 11:42:23 +03:00
Felipe Zimmerle
1d3c4c670d
Treating ARGS_NAMES as an array instead of scalar 
Both value and key are the same.
 2017-08-22 18:26:56 -03:00
Felipe Zimmerle
81879cd131
parser: SecRequestBodyInMemoryLimit is now returning an error msg 2017-08-22 10:44:35 -03:00
Felipe Zimmerle
2cf636cf76
parser: Adds generated parser files after 0xfce65 2017-08-21 23:41:37 -03:00
asterite
0be821ded7
change parsing of SetVar actions 
Change tokenization of SetVar expressions and use syntax
analyzer (seclang-parser) to process them. More precisely:
 1 SetVar expression is tokenized in two modes, quoted and
   not quoted, depending on whether it started with single
   quote (')
 2 Variable name and value can consist of multiple tokens,
   which are assembled back in syntax analyzer.
This allows to support escapes (escape single/double quote,
spaces etc.) and correctly detect where the expression ends.
Fixes #1529
 2017-08-21 23:39:12 -03:00
Felipe Zimmerle
e0ebf28540
Adds `$' as a valid character in ruleRemoveTargetById 
Issue #1533
 2017-08-21 22:59:12 -03:00
Felipe Zimmerle
4b9bd499eb
Fix to_hex_if_need function on string utils 
This fix issue #1535. Solution was the same suggested on #1523.
 2017-08-21 22:47:49 -03:00
Felipe Zimmerle
8d6209f652
gitignore: Adds binaries from examples to the ignore list 2017-08-20 20:10:56 -03:00
Felipe Zimmerle
5e76d85636
Update test cases to include test propesed at #1523 2017-08-20 20:08:17 -03:00
asterite
31f1d04464
add validateByteRange regression test to list in Makefile 2017-08-20 20:08:01 -03:00
asterite
58872e7eda
adds a test for validateByteRange with bytes > 127 2017-08-20 20:07:54 -03:00