ModSecurity

mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00

Author	SHA1	Message	Date
Victor Hora	d97688804e	Fix parser to support GeoLookup with MaxMind	2018-09-11 20:40:28 -03:00
Felipe Zimmerle	764a2e43ff	parser: Fix simple quote setvar in the end of the line. Fix #1831	2018-09-11 15:35:26 -03:00
Felipe Zimmerle	d7b9726357	good practices: Initialize variables before use it Original author: Marc Stern (#1889)	2018-09-05 23:35:24 -03:00
Felipe Zimmerle	a85ca00a55	Fix utf-8 character encoding conversion Reported on: #1794	2018-09-04 21:01:11 -03:00
Victor Hora	aa158ceef3	Set the correct variable (m_requestBodyType) and add test case	2018-08-22 22:46:37 -03:00
Victor Hora	f999f54eda	Adds support for ctl:requestBodyProcessor=URLENCODED	2018-08-22 22:07:04 -03:00
Robert Paprocki	dee9898449	Implement support for Lua 5.1	2018-07-27 15:43:12 -04:00
michaelgranzow-avi	d810de9166	#1818 : Variable names must match fully, not partially; also revert to hash table lookup instead of linear search; add test case	2018-06-26 10:47:03 -03:00
Victor Hora	fd8e72fd97	Allow empty strings to be evaluated by regex::searchAll	2018-06-18 22:11:48 -03:00
Felipe Zimmerle	e51297b436	Improvements on top of #1787	2018-06-12 15:43:08 -03:00
Ervin Hegedus	edb5993d5f	Fixed LMDB collection errors	2018-06-12 14:47:44 -03:00
Ervin Hegedus	4d0ca94490	Modified the false pos. UNMATCHED_BOUNDARY error flag	2018-06-12 01:09:36 -03:00
Ervin Hegedus	af4afd348c	Fixed false positive MULTIPART_UNMATCHED_BOUNDARY errors	2018-06-12 01:09:36 -03:00
Reed Morrison	95048d5fcf	Fix ip tree lookup on netmask content	2018-06-07 14:29:27 -03:00
Felipe Zimmerle	202a15bea8	Changes the behavior of the default sec actions Fix #1629	2018-05-31 14:52:53 -03:00
Felipe Zimmerle	892beb5360	Refactoring on {global,ip,resources,session,tx,user} collections Now using the same name schema and interface for these "special" collection. Fix: #1754, #1778	2018-05-29 23:48:05 -03:00
Felipe Zimmerle	f928e44765	Revert "Fix memory leak in msc_rules_* C APIs" This reverts commit 58701e7e11a4f65ee5edc2c142c507e578ff7c1b. It was breaking the multi-thread examples.	2018-05-28 18:59:55 -03:00
Wenfeng Liu	b85a645610	Fix race condition in UniqueId::uniqueId()	2018-05-28 18:09:50 -03:00
Wenfeng Liu	58701e7e11	Fix memory leak in msc_rules_* C APIs	2018-05-24 12:51:13 -03:00
Wenfeng Liu	45e531236a	Return false in SharedFiles::open() when an error happens	2018-05-24 10:21:37 -03:00
Wenfeng Liu	fd9a161e74	Use rvalue reference in ModSecurity::serverLog to avoid string copy	2018-05-22 22:41:20 -03:00
Victor Hora	87e64e3c25	Actually fix setvar parsing of quoted data	2018-05-17 13:43:12 -03:00
Robert Paprocki	e4c822e663	Code cleanup: Initialize variables and others good practice - initialize invalid_countin UrlDecode :: evaluate - Free resources before the process die (good practice)	2018-05-13 17:08:07 -03:00
Felipe Zimmerle	42a472adbd	Check if response body inspection is enabled before process it	2018-05-08 10:59:30 -03:00
Robert Paprocki	2669add8e0	Fix memory leak in processContentOffset	2018-05-03 15:10:01 -03:00
Robert Paprocki	cc72035034	Remove an unused variable	2018-05-03 15:10:00 -03:00
Victor Hora	5e40850697	Fix setvar parsing of quoted data	2018-05-03 14:40:48 -03:00
Robert Paprocki	cd1a058c33	Code cosmetics: Clean up MD5 hexdigest The null terminator is not necessary when using this form of the std::string constructor, and its use was confusing given the extra indent.	2018-05-03 13:41:49 -03:00
Felipe Zimmerle	d0b423fdd7	Adds time stamp back to the audit logs Fix issue #1762	2018-05-03 13:37:01 -03:00
Felipe Zimmerle	6f92c8914a	Disables skip counter if debug log is disabled	2018-04-24 14:17:01 -03:00
Victor Hora	bb2ecdf4db	Add missing escapeSeqDecode, urlEncode and trimLeft/Right tfns to parser	2018-04-24 09:26:30 -03:00
Felipe Zimmerle	6d5bb42bd8	Normalizes Bison version	2018-04-24 09:15:39 -03:00
Victor Hora	2037a08b34	Fix STATUS var parsing and accept STATUS_LINE var for v2 backward compatibility	2018-04-24 09:06:39 -03:00
Andrei Belov	268f34bbcc	Fix memory leak in modsecurity::utils::expandEnv() Found by ASAN.	2018-04-23 22:54:13 -03:00
Ervin Hegedus	e7ea5433d5	Initialize m_dtd member in ValidateDTD class as NULL	2018-04-23 22:43:36 -03:00
Andrei Belov	5e65d560f8	Fix utils::string::ssplit() to handle delimiter in the end of string This closes #1743.	2018-04-22 11:37:30 -03:00
Victor Hora	5018358371	Fix variable FILES_TMPNAMES	2018-04-22 11:11:46 -03:00
Andrei Belov	8285a97460	Fix memory leak in Collections This closes #1729.	2018-04-05 09:48:51 -03:00
Felipe Zimmerle	0ca5994744	Adds support for ctl:ruleRemoveByTag action	2018-03-26 17:01:53 -03:00
Andrei Belov	138e301695	Reverse logic of checking output in @inspectFile This change makes @inspectFile in ModSecurity 3.x to operate in exact the same way as it operates in ModSecurity 2.x, so existing helper scripts like runav.pl [1] will work without any changes. [1] https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0/master/util/av-scanning/runav.pl	2018-03-22 23:06:30 -03:00
Felipe Zimmerle	df169ea108	Adds support for libMaxMind	2018-03-22 19:11:42 -03:00
Felipe Zimmerle	7bff76d794	Parser: Updates the generated parser files	2018-03-21 18:18:58 -03:00
Victor Hora	480a2f89d7	Disable SecCollectionTimeout parser error	2018-03-12 22:28:07 -03:00
Victor Hora	22334c9bb6	Adds capture action to detectXSS	2018-03-12 22:10:56 -03:00
Victor Hora	e50c317b7a	Temporarily accept invalid MULTIPART_SEMICOLON_MISSING operator	2018-03-12 20:09:17 -03:00
Felipe Zimmerle	70ace0faa4	Adds capture action to detectSQLi	2018-03-09 12:58:00 -03:00
Felipe Zimmerle	0f361b7065	Adds capture action to RBL	2018-03-09 12:49:12 -03:00
Felipe Zimmerle	df25c48f53	Adds capture action to verifyCC	2018-03-09 11:26:24 -03:00
Felipe Zimmerle	77a885da5f	Adds capture action to verifySSN	2018-03-09 09:42:05 -03:00
Felipe Zimmerle	60b2469097	Updates bison parser	2018-03-08 19:05:53 -03:00

... 2 3 4 5 6 ...

986 Commits