github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 07:56:12 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,950 Commits 55 Branches 109 Tags
Commit Graph

204 Commits

Author SHA1 Message Date
brectanus
7a1e2db148 Fixed code according to Ivan's review. 2008-02-20 00:41:43 +00:00
brectanus
e4eaade2ca Make Lua support optional since it is still experimental (--without-lua). If someone still uses SecRuleScript, however, it iignores it and just warns on Apache startup. 2008-02-16 00:27:44 +00:00
brectanus
aef091a849 Reverted r950 which moved the periods from the message to after the "[offset ...]" tag. This tag was intended to be interpreted as metadata. 
Enhanced the documentation from r951 to reflect "[offset ...]" as metadata and not the message.
 2008-02-15 23:05:30 +00:00
ivanr
258ef32adb Minor changes to operator messages. 2008-02-14 15:40:38 +00:00
brectanus
cc2110b187 Updates to build on Windows with MS VC++ 8. 2008-02-13 07:10:54 +00:00
brectanus
8e43107827 Add target name to validateUrlEncoding message. 2008-02-08 01:17:46 +00:00
brectanus
16b2821d51 Update string match text for @within to not include the target test. 
Make sure the empty string always matches (it does in @rx and @m so it should in other string operators).
 2008-02-08 00:04:09 +00:00
brectanus
827a5831e2 A pattern of "" (empty string) should always match. 2008-02-07 23:21:31 +00:00
brectanus
f428d37680 Cleanup - remove extraneous whitespace and tabs. 2008-02-07 21:45:05 +00:00
brectanus
96ff268f64 Replace TABs with 4 spaces. 2008-01-18 01:04:47 +00:00
brectanus
9fb03d277d Fixing code based on review comments... 
Cleaned up what vars are cacheable.
Added parens around "*foo++" where it clarified the operation to be "*(foo++)".
Added " at VARNAME" to operator matches where needed.
Escaped var->name in the var generation (user-supplied data).
Marked a bunch of TODOs as ENHs instead.
Transformed some C++ style comments to C style.
Removed the %0-9 macros code which was commented out.
Optimized some ctl action code so that multiple ifs are else ifs.
Implemented some error messages marked as ENH.
Make commented out acmp debugging a configure-time option.
Cleanup GEO debug log messages.
Added relative filename support for geo dbs.
Added help text to Sec* directives.
 2008-01-18 00:47:30 +00:00
brectanus
b5033e6e29 It is 2008 now :) 2008-01-11 00:00:31 +00:00
brectanus
246ed9cbc5 Make sure a zero-length CC# does not verify. 2007-12-20 19:19:34 +00:00
ivanr
f64c7c39e8 Lua: Added support for scripting to @inspectFile. 2007-12-20 15:53:23 +00:00
brectanus
4e7c243c39 Make libxml2 *required*. 2007-12-19 18:13:41 +00:00
brectanus
5da9a05d1c Remove the callback from the verifyCC regex (not used anymore). 2007-12-19 00:26:19 +00:00
brectanus
2203428507 Prefer "offset" to "pos". 2007-12-12 18:43:40 +00:00
brectanus
e7e9756966 Add var name to validateUtf8Encoding message. See #408. 2007-12-12 18:40:35 +00:00
brectanus
3c1d5a0210 More efficient multimatch support and cleaned up debugging and messages. See #69. 2007-12-12 17:56:25 +00:00
brectanus
2dff0fb9f5 Speed up luhn algorithm and add multimatching capabilities to verifyCC. See #69. 2007-12-12 01:30:58 +00:00
brectanus
715a8eae58 Implement SecMarker. See #416. 2007-12-11 17:53:50 +00:00
ivanr
37f5231ccd Minor code fixes. 2007-12-03 21:13:37 +00:00
brectanus
9e9bb318b3 Rewrite the luhn algorithm to be faster and easier to read. See #69. 2007-12-01 00:42:28 +00:00
brectanus
13e209909f Add in verifyCC operator from mod_security2_op_verifyCC.c. See #69. 
This still needs to be fixed.
 2007-11-30 23:26:06 +00:00
ivanr
d3a0a2887a Fix utf-8 validation (again\!\!\!). 2007-11-29 13:30:39 +00:00
brectanus
1860e2a35e Renamed SecGeoLookupsDb to SecGeoLookupDB. 2007-11-26 17:04:42 +00:00
brectanus
aff6900539 Initial full pass through code to fix issues with 64-bit/mismatch sign/mismatch size printf style formatters. 
Still need to look more into how we are handling time and convert to apr_time_t (or time_t) where appropriate.
Still need to look into our use of 'long' as windows is LLP64 where 'long' is still 32-bit.
 2007-11-15 19:09:14 +00:00
brectanus
e45ea12fc8 Fix warnings on Solaris and/or 64bit builds. 2007-11-02 22:31:47 +00:00
brectanus
83a7886071 Now use memcmp() vs strncmp() in string comparison operators since we already short-circuit when the match will not fit in the target. 
Added @containsWord.  See #182.
 2007-10-02 18:50:35 +00:00
brectanus
da1399f0b8 Added TX:LAST_MATCHED_VAR_NAME. See #123. 2007-10-01 22:35:52 +00:00
brectanus
fe1021e369 More cleanup of error messages and marking as relevant. See #4. 2007-09-28 20:02:02 +00:00
brectanus
63a47c370e Prefer %d string formatter to %i so we do not get warnings on some platforms. 2007-09-27 21:34:29 +00:00
brectanus
2ec596e83a Fix error message in validateByteRange to include the target variable name. See #157. 2007-08-08 15:16:26 +00:00
brectanus
3e5e2a06b7 Stricter validation for @validateUtf8Encoding. 
Capture the match in TX:0 when using "capture" action w/@pm operators.
 2007-07-31 19:04:07 +00:00
brectanus
19887f9cc6 Added @within string comparison operator with support for macro expansion. See #134. 2007-06-21 02:21:06 +00:00
brectanus
b58efb3466 Update CHANGES. 
Reversion from 2.2. to 2.5.
Update @pmFromFile to base relative filenames off of rule file path.
 2007-06-20 19:58:01 +00:00
brectanus
81d0f84ad3 Update copyright text to Breach Security, Inc. 
Merge in changes from branches/2.1.x
 2007-06-14 16:05:45 +00:00
brectanus
11456dd87a Use pmFromFile instead of pmfile and p=phrase instead of parallel in docs. See #16. 2007-06-04 20:16:48 +00:00
brectanus
f1607d007b Cleanup message output. See #16. 2007-06-01 15:21:04 +00:00
brectanus
e887faac2b Add @pm/@pmfile operators (parallel patch). See #16. 2007-05-30 22:02:35 +00:00
brectanus
c594c205c3 Fix new string operators to all resolve macros. 
Rename startsWith operator in code to match docs.
See #54.
 2007-05-29 14:58:05 +00:00
brectanus
a627e96c75 Lessen "capture" debug log messages. 2007-05-17 12:02:59 +00:00
brectanus
e03ea11f9a Only calculate debug data when we are debugging. 2007-05-16 19:48:21 +00:00
brectanus
a68eb04884 Add geo lookup support. See #22. 2007-05-11 16:14:11 +00:00
brectanus
c559f3ee21 Change @eq to @streq. See #54. 2007-05-03 03:41:29 +00:00
brectanus
3f7fc7c758 Added string comparison operators: @contains, @is, @beginsWith and @endsWith with support for macro expansion. See #54. 2007-05-01 22:00:34 +00:00
brectanus
a3c3f25ae0 Fix macro expansion. See #118. 
Fix some debug log output to escape NULs properly in preparation for #54.
Up version to prepare for 2.2.0 pre-releases.
 2007-05-01 21:36:24 +00:00
brectanus
00dcb2714f Add the PCRE_DOLLAR_ENDONLY option when compiling regular expression for the @rx operator and variables. (trac #57) 2007-04-05 01:54:03 +00:00
brectanus
383119a147 Really set PCRE_DOTALL option when compiling the regular expression for the @rx operator as the docs state. (trac #51) 2007-03-27 17:22:35 +00:00
brectanus
485c664a42 Enhance debug log output for capturing to detect all regex/capture mismatches (trac #21). 2007-03-27 17:13:42 +00:00