github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,927 Commits 55 Branches 109 Tags
1b1fdc055b8071ad3b24573abfe9b96e546c7abf
Commit Graph

2927 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
3c1fba278c CHANGES: Adds info about #1990 2019-01-08 10:35:33 -03:00
Andrei Belov
7c19ffea64 Implemented merge_bodylimitaction_value() for BodyLimitAction 
This change makes the following directives to be merged properly:

SecRequestBodyLimitAction
SecResponseBodyLimitAction
 2019-01-08 10:34:22 -03:00
Andrei Belov
3c41751eda Implemented merge_ruleengine_value() for RuleEngine 
This change makes the SecRuleEngine directive to be merged properly.
 2019-01-08 10:34:22 -03:00
Andrei Belov
161c256333 Implemented merge_boolean_value() for ConfigBoolean 
This change makes the following directives to be merged properly:

SecRequestBodyAccess
SecResponseBodyAccess
SecXmlExternalEntity
SecUploadKeepFiles
SecTmpSaveUploadedFiles
 2019-01-08 10:34:22 -03:00
Andrei Belov
2d11ff1a14 Implemented merge() method for ConfigInt, ConfigDouble, ConfigString 
This change makes the following directives to be merged properly:

SecRequestBodyLimit
SecResponseBodyLimit
SecUploadFileLimit
SecUploadFileMode
SecUploadDir
SecTmpDir
SecArgumentSeparator
SecWebAppId
SecHttpBlKey
 2019-01-08 10:34:22 -03:00
Felipe Zimmerle
78b7fa4e2c Adds missing drop.h 2018-12-26 11:05:54 -03:00
Felipe Zimmerle
d00ea5111d Adds initial support to drop action 2018-12-24 16:35:41 -03:00
Felipe Zimmerle
ba4273b8ec CHANGES: Adds info on #1978 2018-12-24 13:59:21 -03:00
Andrei Belov
9b24199a22 Complete merging of particular rule properties 
Closes SpiderLabs/ModSecurity-nginx#142 issue.
 2018-12-24 13:58:28 -03:00
Felipe Zimmerle
4283883695 CHANGES: Adds info on #1984 2018-12-17 10:21:25 -03:00
chuckwolber
8af8cad907 Use of AC_CHECK_FILE prevents cross compilation. 
The use of AC_CHECK_FILE causes the following error when cross compiling:

  configure: error: cannot check for file existence when cross compiling

The solution is to check for the file directly instead of using a macro.

Resolves: #1983
 2018-12-17 10:19:55 -03:00
Felipe Zimmerle
a9e9da8694 CHANGES: Adds info on #1980 2018-12-10 15:09:09 -03:00
Ervin Hegedus
77854ed1b5 Fix inet addr handling on 64 bit big endian systems 2018-12-10 15:03:09 -03:00
Felipe Zimmerle
dccb5e9e5f GitHub: Adds issue template 2018-12-05 14:54:43 -03:00
Felipe Zimmerle
1ecd971306 CHANGES: Updates issue #1973 2018-12-04 10:50:16 -03:00
Andrei Belov
0a85b599b6 Fix tests on FreeBSD 
FreeBSD has different prefix for bash (which is non-standard shell there),
thus "make check-TESTS" actually was doing nothing:

$ gmake check-TESTS
(   0/  0/   0): test/test-cases/regression/issue-1591.json
(   0/  0/   0): test/test-cases/regression/issue-1785.json
(   0/  0/   0): test/test-cases/regression/issue-1812.json
(   0/  0/   0): test/test-cases/regression/issue-1831.json
(   0/  0/   0): test/test-cases/regression/issue-1844.json
(   0/  0/   0): test/test-cases/regression/issue-1850.json
[..]
Testsuite summary for modsecurity 3.0
 2018-12-04 10:49:25 -03:00
Felipe Zimmerle
e756dd039d README: Adds link to v2 repo 
Making a reference to v2/repo.
 2018-12-03 09:06:28 -03:00
Felipe Zimmerle
07330e53f1 CHANGES: Updates issue #1969 2018-11-29 21:49:41 -03:00
Felipe Zimmerle
25bb1f1bcc Changes ENV test case to read the default MODSECURTIY env var 2018-11-29 15:21:28 -03:00
Felipe Zimmerle
b736f0292d Regression: Sets MODSECURITY env var during the tests execution 2018-11-29 15:19:58 -03:00
Felipe Zimmerle
407b6c0f4b Fix setenv action to strdup key=variable 2018-11-29 15:18:15 -03:00
Felipe Zimmerle
af137442d5 CHANGES: Adds @steven-j-wojcik to 0xb7c36 and 0x5ac20. 2018-11-29 13:31:46 -03:00
Felipe Zimmerle
d2b14de268 Allow 0 length JSON requests 
As discussed at: #1822
 2018-11-29 10:39:46 -03:00
Felipe Zimmerle
d29f2a8986 CHANGES: Adds info about #1966 2018-11-29 10:00:38 -03:00
Andrei Belov
65e866cb3e Fix "make dist" target to include default configuration 2018-11-29 09:59:46 -03:00
Felipe Zimmerle
2d3d56aa4b CHANGES: Adds info about #1949 2018-11-27 10:10:06 -03:00
Fred Nicolson
3d2030426c Replaced log locking using mutex with fcntl lock 
When reloading Nginx, there is a race condition which is visible under high
load. As the logging mutex is shared between multiple workers, when a worker
is sent a stop signal during a reload, and the log mutex is held, write()
will never return, which means that the mutex will never unlock. As other
workers share this mutex, they will deadlock.

fcntl does not suffer from this issue.
 2018-11-27 10:09:29 -03:00
Felipe Zimmerle
5a4ada39bc CHANGES: Adds info about #1959 2018-11-27 09:24:05 -03:00
Wenfeng Liu
3b3004d24d Correct the usage of modsecurity::Phases::NUMBER_OF_PHASES 2018-11-27 09:23:00 -03:00
Felipe Zimmerle
ce3abf2626 Adds support to multiple ranges in ctl:ruleRemoveById 
Issue #1956
 2018-11-26 20:48:18 -03:00
Felipe Zimmerle
e712d30c56 Fix setvar to understand Rule variable in collections 
Issue #1961
 2018-11-26 19:49:44 -03:00
Victor Hora
cbf2fe9703 Adjust boundary test cases for the less strict parsing 2018-11-20 22:17:53 -03:00
Victor Hora
b638e523af Make the boundary check less strict as per RFC2046 2018-11-20 22:17:22 -03:00
Victor Hora
ecad8c6c7e Fix buffer size for utf8toUnicode transformation 2018-11-16 14:58:40 -05:00
email@example.com
454669ffed CHANGES: Preparing to 3.0.4 2018-11-13 09:29:44 -03:00
Felipe Zimmerle
4e6e4243a8 Change release version to v3.0.3 v3.0.3 2018-11-01 22:19:44 -03:00
Felipe Zimmerle
e4d6d61cf4 Adds Victor to the AUTHORS file 2018-11-01 22:19:16 -03:00
Felipe Zimmerle
6cbcdd024f Fix libInjection version on configure summary 2018-11-01 22:15:23 -03:00
Felipe Zimmerle
9ada0a28c8 Changes the default configuration to mimic v2 behavior on multipart 
Further info on: #1747, #1924
 2018-11-01 18:04:23 -03:00
Felipe Zimmerle
31c8d4c520 CHANGES: Adds info about #1943 2018-11-01 16:15:18 -03:00
Felipe Zimmerle
9d80983e55 Fix on top of #1943 + adding test cases 2018-11-01 16:11:39 -03:00
supplient
39f4a5d7d2 Fix double macros bug 
Macro run strangely if I input double macros like "%{ARGS_COMBINED_SIZE}%{ARGS_COMBINED_SIZE}".
 2018-11-01 15:56:54 -03:00
Felipe Zimmerle
18cdffdbca Encapsulates int[N] in a class to avoid compilation issues 
Depending on the compiler, there may be a compilation issue with the
usage of std::unique_ptr<int[]>. Therefore encapsulating it inside a
regular class.
 2018-11-01 11:50:15 -03:00
Victor Hora
e3b9f7c913 Fix SecUnicodeMapFile support 
Makes SecUnicodeMapFile read the file and adjust transformation to use the
right variable.
 2018-10-31 22:57:39 -03:00
Victor Hora
84ece3edcb Add test case for SecUnicodeMap 2018-10-31 22:19:27 -03:00
Felipe Zimmerle
065c2e67b6 Adds test case for #1850 2018-10-30 18:25:46 -03:00
Felipe Zimmerle
e1e8a01ed2 Override the default status code if not suitable to redirect action 
Issue #1850
 2018-10-30 18:20:23 -03:00
Felipe Zimmerle
bfe917b6b1 parser: Fix the support for CRLF configuration files 2018-10-30 17:16:44 -03:00
Felipe Zimmerle
3f0ea90970 Test case skeleton for #1941 2018-10-29 11:14:31 -03:00
Victor Hora
662fe63a47 Add unicode.mapping file to v3/master branch 2018-10-26 03:01:03 -04:00