github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,392 Commits 55 Branches 109 Tags
20487300122aa688e93e8bdb83e6830e858d04e6
Commit Graph

580 Commits

Author SHA1 Message Date
Felipe Zimmerle
1218d8c845 Fix the audit log engine status selection 
SecAuditEngine was not being respected by the auditlog generation
 2016-12-15 14:55:31 -03:00
Felipe Zimmerle
2e9a35c358 Refactoring on the audit logs implementation 
Among of other things, it is now supporting shared file locks between
different process.
 2016-12-14 23:17:28 -03:00
Felipe Zimmerle
64e2927922 Moves debuglog stuff inside the debug_log namespace 2016-12-09 09:52:01 -03:00
Andrei Belov
a3787fedb8 Fix building with -Wl,--as-needed linker option with older ld versions 2016-12-09 09:20:56 -03:00
Felipe Zimmerle
1719e1d7e9 test-cases: updates the remote reference 2016-12-01 14:23:18 -03:00
Felipe Zimmerle
bfc30dad34 Refactoring: how to report to error logs 2016-12-01 01:05:29 -03:00
Felipe Zimmerle
e6b58014db Cosmetics: Fix some static analysis report 2016-11-29 14:31:15 -03:00
Felipe Zimmerle
9bd37ccb63 Refactoring: Rule class 2016-11-28 13:07:25 -03:00
Felipe Zimmerle
eecb90cfd0 setvar: needs review 2016-11-28 12:12:04 -03:00
Felipe Zimmerle
d3a4ec760c Removes slash from REQUEST_BASENAME 2016-11-22 15:33:32 -03:00
Felipe Zimmerle
ab88083159 parser: Fix the expanded list inclusion 2016-11-16 15:47:21 -03:00
Felipe Zimmerle
c98be42f8f Limits the transformation output to 80 chars in the debug logs 2016-11-16 15:37:52 -03:00
Felipe Zimmerle
361ec8340f benchmark: Removes the \n\r on the user agent 2016-11-11 13:53:56 -03:00
Felipe Zimmerle
8ceaf99d5d Updates the CRS script to target the recent v3.0.0 release 2016-11-11 13:53:24 -03:00
Felipe Zimmerle
3ab5c8057d Updates the fuzzer sub-project 2016-11-11 13:05:40 -03:00
Felipe Zimmerle
3ee7b24928 Adds refCounter to actions 2016-11-08 18:14:34 -03:00
Felipe Zimmerle
2244e874e2 Moves static methods from class String to the namespace string 2016-11-04 16:00:44 -03:00
Felipe Zimmerle
62a0cb468b Renames utils/msc_string.[h|cc] to utils/string.[h|cc] 2016-11-04 16:00:42 -03:00
Felipe Zimmerle
424418f54b Renames msc_system.[h|cc] to system.[h|cc] 2016-11-04 16:00:36 -03:00
Felipe Zimmerle
4ced1d18e0 Using full path in the header inclusion 2016-11-04 14:45:01 -03:00
Felipe Zimmerle
507ec44cc2 Refactoring on `utils.cc' and adjacents 
Completely removed the `utils.cc' by moving residual functions into
sub-classes of `utils/'
 2016-11-03 20:26:27 -03:00
Felipe Zimmerle
f1e742c159 Moves system related functions from utils' to utils/system' 2016-11-03 10:48:10 -03:00
Felipe Zimmerle
73c4d69174 Moves string related functions from utils' to utils/string' 2016-11-03 10:47:22 -03:00
Felipe Zimmerle
d3de1c743a Adds missing action-ctl_rule_remove_by_id.json 2016-10-31 13:19:34 -03:00
Felipe Zimmerle
4711644600 dds support to CtlRequestBodyAccess 2016-10-28 09:48:10 -03:00
Felipe Zimmerle
161cc36acf Adds support to action CtlRuleRemoteTargetById 2016-10-26 10:58:42 -03:00
Felipe Zimmerle
9245369a54 Adds support to action CtlRuleRemoteTargetByTag 2016-10-25 15:43:50 -03:00
Felipe Zimmerle
8757840bc3 Refactoring on the operators: negation is now being handled globally 
Other minors changes were also made, including adding the prefix `m_'
to all the members of the class.
 2016-10-19 10:30:26 -03:00
Abhi Joglekar
28a44b966a SecLang uses RESPONSE_STATUS as variable, not STATUS 
Seclang uses RESPONSE_STATUS as variable to encode the status code for the
request.
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#RESPONSE_STATUS

The CRS v3.0.0-dev rules, for instance, uses the RESPONSE_STATUS variable.
https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0.0-dev/rules/RESPONSE-50-DATA-LEAKAGES-IIS.conf

When processing response headers, the variable was named STATUS when creating/storing
it in the collection. Fix it, and update regression testcases.
 2016-10-18 21:30:06 -03:00
Felipe Zimmerle
678a97d0f7 Refectoring on the DebugLog mechanism 
The DebugLog implementation was modified to use shared memory
to keep the information about the opened files and file handles.
The modification was necessary to avoid race-conditions. This
commit also closes the issue SpiderLabs/ModSecurity-nginx#17
 2016-10-18 18:43:51 -03:00
Felipe Zimmerle
f3bbcfc7ef Removes SecDebugLog directive from the test cases 2016-10-18 18:23:35 -03:00
Felipe Zimmerle
b48e4b3a37 refactoring: Moves Phases enum to outside ModSecurity class 2016-10-07 19:05:50 -03:00
Felipe Zimmerle
c680ddf2cd Refactoring on rulesProperties class 
Among of other things the merge process was improved to detect if
certain properties were set on the origin rule set.
 2016-10-05 12:01:15 -03:00
Felipe Zimmerle
0e5f72977e Changes MATCHED_VAR behaviour 
Only cleanup the variable if there wasn't a match within the rule
 2016-07-29 10:40:45 -07:00
Felipe Zimmerle
f723870f18 Fix case sensitive variable resolution in in memory backend 
Variables are case insensitive
 2016-07-22 13:34:57 -03:00
Felipe Zimmerle
5d64f73817 Makes RULE collection to be resolved inside a macro expansion 2016-07-21 13:09:22 -03:00
Felipe Zimmerle
37079ef668 Adds support to SecRuleRemoveById 2016-07-18 15:02:38 -03:00
Felipe Zimmerle
4cf6c714ac Cosmetics: Fix coding style 2016-07-12 21:59:17 -03:00
Felipe Zimmerle
3615c84ee5 Adds check-coding-style target to our Makefiles 2016-07-12 21:39:07 -03:00
Felipe Zimmerle
f26824bcf4 Adds more suppressions to the cppcheck 2016-07-12 12:52:55 -03:00
Felipe Zimmerle
4078677b7f Cosmetic changes: applies changes suggested by static analysis 2016-07-12 00:46:12 -03:00
Andrei Belov
085d50c127 include test cases into the distribution 2016-07-11 11:08:41 -03:00
Andrei Belov
063850a4cb exclude build-time required headers from install target 2016-07-11 11:08:41 -03:00
Andrei Belov
2aa1d14477 fixed build of unit tests (broken by 34e0284) 2016-07-11 11:08:41 -03:00
Andrei Belov
649365481f automake: include all needed files into "make dist" target. 2016-07-11 11:08:41 -03:00
Felipe Zimmerle
38b338d1d6 Adds test case for regular express selection 2016-07-11 11:07:30 -03:00
Felipe Zimmerle
4daf9d8ab0 Adds a test case for WEBSERVER_ERROR_LOG 
WEBSERVER_ERROR_LOG is not supported by libmodsecurity. This test case
confirms the parser error that says so.
 2016-07-08 11:05:09 -03:00
Felipe Zimmerle
6e4226ee4d Adds support to global collections shared among different process 
There is a memory leak in the variable resolution that should be
contained by an internal change in the way that the variables
are resolved.
 2016-07-07 23:03:47 -03:00
Felipe Zimmerle
ac64983276 Adds cppcheck target on makefile 2016-07-07 15:44:55 -03:00
Felipe Zimmerle
5daf4873b5 build: Searching for LMDB during the configuration phase 2016-07-05 11:56:19 -03:00