github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 07:56:12 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,230 Commits 55 Branches 109 Tags
Commit Graph

59 Commits

Author SHA1 Message Date
Felipe Zimmerle
2244e874e2
Moves static methods from class String to the namespace string 2016-11-04 16:00:44 -03:00
Felipe Zimmerle
62a0cb468b
Renames utils/msc_string.[h|cc] to utils/string.[h|cc] 2016-11-04 16:00:42 -03:00
Felipe Zimmerle
424418f54b
Renames msc_system.[h|cc] to system.[h|cc] 2016-11-04 16:00:36 -03:00
Felipe Zimmerle
4ced1d18e0
Using full path in the header inclusion 2016-11-04 14:45:01 -03:00
Felipe Zimmerle
768cc74f0e
Moves RuleMessage to its own file 2016-11-04 11:58:57 -03:00
Felipe Zimmerle
507ec44cc2
Refactoring on `utils.cc' and adjacents 
Completely removed the `utils.cc' by moving residual functions into
sub-classes of `utils/'
 2016-11-03 20:26:27 -03:00
Felipe Zimmerle
f1e742c159
Moves system related functions from utils' to utils/system' 2016-11-03 10:48:10 -03:00
Felipe Zimmerle
73c4d69174
Moves string related functions from utils' to utils/string' 2016-11-03 10:47:22 -03:00
Felipe Zimmerle
4711644600
dds support to CtlRequestBodyAccess 2016-10-28 09:48:10 -03:00
Abhi Joglekar
28a44b966a
SecLang uses RESPONSE_STATUS as variable, not STATUS 
Seclang uses RESPONSE_STATUS as variable to encode the status code for the
request.
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#RESPONSE_STATUS

The CRS v3.0.0-dev rules, for instance, uses the RESPONSE_STATUS variable.
https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0.0-dev/rules/RESPONSE-50-DATA-LEAKAGES-IIS.conf

When processing response headers, the variable was named STATUS when creating/storing
it in the collection. Fix it, and update regression testcases.
 2016-10-18 21:30:06 -03:00
Felipe Zimmerle
b48e4b3a37
refactoring: Moves Phases enum to outside ModSecurity class 2016-10-07 19:05:50 -03:00
Felipe Zimmerle
c680ddf2cd
Refactoring on rulesProperties class 
Among of other things the merge process was improved to detect if
certain properties were set on the origin rule set.
 2016-10-05 12:01:15 -03:00
Felipe Zimmerle
52808b6cf0
Allows REQUEST_HEADERS:Content-Type to be null 
If REQUEST_HEADERS:Content-Type is null, REQBODY_ERROR will be marked as "0"
 2016-07-18 21:31:26 -03:00
Felipe Zimmerle
4cf6c714ac
Cosmetics: Fix coding style 2016-07-12 21:59:17 -03:00
Felipe Zimmerle
4078677b7f
Cosmetic changes: applies changes suggested by static analysis 2016-07-12 00:46:12 -03:00
Alexey Zelkin
f43704dbef
Add explicit 'return true;' for Transaction::extractArguments() 
Unbreaks runtime for FreeBSD 10 (clang generated code)
 2016-07-04 22:42:36 -03:00
Felipe Zimmerle
f72bd587ec
Adds support to the allow action 2016-06-30 20:44:51 -03:00
Felipe Zimmerle
e77e4c4c14
Adds missing test case to Makefile.am and initializes the skip var 2016-06-30 13:46:15 -03:00
Felipe Zimmerle
90adb53935
Adds support to JSON request body parser 2016-06-29 21:55:41 -03:00
Felipe Zimmerle
2477470607
Adds support to the resource collection 2016-06-24 15:17:29 -03:00
Felipe Zimmerle
60be385ebe
Adds support to the SERVER_NAME variable 2016-06-21 10:53:11 -03:00
Felipe Zimmerle
df1f7c5e08
Adds support to the RESPONSE_PROTOCOL variable 2016-06-21 10:52:18 -03:00
Felipe Zimmerle
b8bd0c5960
API CHANGE: response status is now set on processResponseHeaders 
That change was needed to move the variable attribution to earliest
as possible. We also have a new field for HTTP_PROTOCOL version used
on the response.
 2016-06-21 09:24:46 -03:00
Felipe Zimmerle
a36b2da86a
Adds support to the STATUS variable 2016-06-20 20:34:39 -03:00
Felipe Zimmerle
6052d2628b
Adds support to URLENCODED_ERROR variable 2016-06-20 11:34:43 -03:00
Felipe Zimmerle
c5262d54f2
Fix argument uri decode order 
The uri decode happens after the string is splitted, not before.
 2016-06-17 15:34:06 -03:00
Felipe Zimmerle
dbaf79fb8e
Adds extractArguments facilitator method 
Little refactoring to use this method instead of doing it
manually in different parts of the code.
 2016-06-17 15:15:44 -03:00
Felipe Zimmerle
5c088c8be4
Adds addArgument method to transaction class 
There was a bit of refactoring to use the addArgument function, instead
of adding the items manually.
 2016-06-17 14:34:22 -03:00
Felipe Zimmerle
ebe8424758
Adds support to REQBODY_ERROR_MSG and REQBODY_ERROR 
Support to REQBODY_PROCESSOR_ERROR and REQBODY_PROCESSOR_ERROR_MSG
were also added.
 2016-06-16 23:14:15 -03:00
Felipe Zimmerle
7bd6e9a2bd
Makes XML request body processor to be selected only by ctl:equestBodyProcessor 2016-06-16 17:20:47 -03:00
Felipe Zimmerle
7cb27eb9fc
Implements the support to fill the REQBODY_PROCESSOR variable 2016-06-16 15:47:40 -03:00
Felipe Zimmerle
9cec9db794
Fix memory leak in the method toJSON from Transaction class 2016-06-16 10:33:15 -03:00
Felipe Zimmerle
9919026620
Fixes regarding memory management 
Fixes assorted issues identified by valgrind.
 2016-06-16 00:03:57 -03:00
Felipe Zimmerle
2e3da7ea24 Better support for multipart 
ModSecurity v2.x parser was ported into 3.x branch.

All the multipart related variables should be workbale.
 2016-06-10 09:40:08 -03:00
Felipe Zimmerle
6a7b970fe3 Adds support to ctl:requestBodyProcessor=XML 2016-05-18 10:30:25 -03:00
Felipe Zimmerle
8c714af8e1 Actions refactoring: now there is a clear definiation on the action name 2016-05-17 14:36:59 -03:00
Felipe Zimmerle
6a40752500 Adds XML variable, xml body request processor and @validateSchema 2016-05-12 11:11:40 -03:00
Felipe Zimmerle
758ecb5d6d Adds support to USER collection, setuid action and USERID variable 
More details on: #1026, #1024, #1048
 2016-05-09 20:27:08 -03:00
Felipe Zimmerle
a2a47798e9 Adds support to the collection SESSION and setsid action 2016-05-06 14:38:04 -03:00
Felipe Zimmerle
3062ff2aa5 Using Collection instead of GlobalCollection 
Both has the same methods and characteristics except for the fact that
one is global and the other not. That can be handled by the backend.
 2016-05-04 22:42:24 -03:00
Felipe Zimmerle
64c4f23a4e Collection class was changed to be a simple interface 
InMomoryPerProcess class was added to be used where the old Collection
was used.
 2016-05-04 22:42:17 -03:00
Felipe Zimmerle
5643d2fa28 Warming up to the remote collections support 
Huge refactoring to have the code in shape to later support the
remote collections with different backends.
 2016-05-03 17:39:49 -03:00
Felipe Zimmerle
8da49842d8 Fix typo on the audit logs. 
It is not _serverity_. Renamed to severity. Details on issue: #1114
 2016-04-04 13:38:23 -03:00
Felipe Zimmerle
e5acc95de8 First version of global' and ip' collections 2016-03-30 18:22:00 -03:00
Felipe Zimmerle
214cc15785 Cosmetics: Reduce the coding style warnings 2016-03-21 17:59:31 -03:00
Felipe Zimmerle
1e3cafb734 Fix memory management on the rules' messages (try 2) 2016-02-17 13:32:31 -03:00
Felipe Zimmerle
163483e8d4 Fix memory management on the rules' messages 2016-02-16 23:30:14 -03:00
Felipe Zimmerle
e346454374 Fix memory leaks on the collections/variables management 2016-02-16 23:04:11 -03:00
Felipe Zimmerle
a2ffb36159 Adds "matched" line to the audit logs 2016-02-12 13:28:43 -03:00
Felipe Zimmerle
362b376acb Adds verbose logs to audit logs while deciding or not to save a request 2016-02-12 11:51:33 -03:00