Felipe Zimmerle
8772daec4d
Adds functions limitTo and toHexIfNeed into utils.cc
...
Those will be used in order to make the debug and audit logs
readable.
2015-09-15 16:07:03 -03:00
Felipe Zimmerle
97214edf6e
Fix multipart parser on binary content
2015-09-15 16:06:41 -03:00
Felipe Zimmerle
23d843259d
Fix rule.h include on modsecurity.cc and seclang-parser.yy
2015-09-15 16:05:29 -03:00
Felipe Zimmerle
a0a2d2c77e
Adds support to read request body from a file
2015-09-15 16:04:27 -03:00
Felipe Zimmerle
140a62a2b5
Changes rule_id to long in order to have it visible by systemtap
2015-09-11 12:41:36 -03:00
Felipe Zimmerle
2a8f45b895
Adds transformations removeComments and replaceComments to the seclang parsers
2015-09-11 12:41:09 -03:00
Felipe Zimmerle
3c53869915
Adds transformation normalisePath to seclang parser
2015-09-09 23:02:07 -03:00
Felipe Zimmerle
92563da930
Adds t:utf8toUnicode and variable XML to the seclang parser
2015-09-09 22:51:19 -03:00
Felipe Zimmerle
736183b7f1
Adds ctl:forceRequestBodyVariable to the seclang parser
2015-09-09 22:43:18 -03:00
Felipe Zimmerle
4095ae7b52
Adds action accuracy to the parser
2015-09-09 22:26:35 -03:00
Felipe Zimmerle
1079b5ba54
Adds action maturity to the parser
2015-09-09 22:19:07 -03:00
Felipe Zimmerle
09651baf9a
Adds action ver to the seclang parser
2015-09-09 22:10:45 -03:00
Felipe Zimmerle
254b29265e
Adds action expirevar to the parser and fix the line counting
2015-09-09 18:31:37 -03:00
Felipe Zimmerle
ee8b886371
Adds parser support to ctl:[auditEngine|ruleEngine]
2015-09-09 17:51:53 -03:00
Felipe Zimmerle
ec6a5a0cd2
Adds support to t:sha1 and t:hexEncode at seclang parser
2015-09-09 17:13:07 -03:00
Felipe Zimmerle
d1fa2cfa7b
Parser: Fix redirect action and adds SecRule first line-only comment syle
2015-09-09 15:10:38 -03:00
Felipe Zimmerle
5c3a4b608d
Adds support to SecMarker and skipAfter
2015-09-08 10:06:37 -03:00
Felipe Zimmerle
b048794f4e
Adds support to unconditional rules
2015-09-04 15:55:53 -03:00
Chaim Sanders
4e8bb276b8
Fixing compilation problem on newer versions of gcc (Fedora 22+)
2015-09-04 11:08:15 -03:00
Felipe Zimmerle
010c18f63f
Adds support to SecDefaultAction configuration directive
2015-09-04 10:56:04 -03:00
Felipe Zimmerle
f2ed890ea6
Now accept SecRules regardless of the letter case
2015-09-03 11:09:40 -03:00
Felipe Zimmerle
7afd93196d
Adds contains to the list of operators compatibles with the capture action
2015-09-03 09:38:19 -03:00
Felipe Zimmerle
3de845fac1
Fix macro expansion string replacement
...
It was removing more characters from the string than the actual %{variable}%
2015-09-03 09:38:19 -03:00
Felipe Zimmerle
45d81e1c04
Adds sanity check to the rule id action
2015-09-03 09:38:12 -03:00
Felipe Zimmerle
a63aa50f1b
Changes the default operator to be @rx not @pm
...
For some reason the default operator was @pm, which was a huge mistake.
The default operator is @rx, thanks for Sanders who have noticed that.
2015-09-02 18:31:02 -03:00
Felipe Zimmerle
ea4cd53221
Accepts phases with its name instead of a number
2015-09-02 18:31:02 -03:00
Felipe Zimmerle
035040cd13
Adds sanity check to confirm that the rule has an ID and it is not duplicated
2015-09-02 18:30:41 -03:00
Felipe Zimmerle
aae8036c0c
Cosmetics: Fix debug log message
2015-09-02 10:55:35 -03:00
Felipe Zimmerle
5d24b237bd
Fix default parts to be logged on audit logs
2015-09-02 10:55:35 -03:00
Felipe Zimmerle
fa4f72d90d
Adds support to ctl:auditLogParts variation
2015-09-02 10:55:29 -03:00
Felipe Zimmerle
e89e395a32
Fix various minor issues on the auditlog schema
2015-08-27 17:50:42 -03:00
Felipe Zimmerle
24b7d72666
DebugLogs are now being redirected to the correct files
2015-08-27 15:36:56 -03:00
Felipe Zimmerle
01542e28c3
Allows blank line (or line with space) at the end of a rules file
2015-08-25 15:50:40 -03:00
Felipe Zimmerle
e76af0eab9
Correctly handling nginx configuration merge
2015-08-25 15:50:27 -03:00
Felipe Zimmerle
004ef066ed
Fix rules chain and action execution
...
- Rules chains are respecting the phase of the first rule in chain.
- The actions are only executed if all chain match.
2015-08-25 13:44:20 -03:00
Felipe Zimmerle
f2da6bb81d
Fix the ruturn value while loading the rules
2015-08-25 10:20:58 -03:00
Felipe Zimmerle
c586ba0178
Removes an unused state from the seclang parser
2015-08-25 08:15:27 -03:00
Felipe Zimmerle
e94226f1d8
Fix some build issues
...
Optional dependencies were temporarily marked as mandatory, in order
to sort any build problem, later it will be marked as optional again.
2015-08-25 00:25:33 -03:00
Felipe Zimmerle
fd8578351d
Fix segmentation fault in the regression tests
2015-08-25 00:24:28 -03:00
Felipe Zimmerle
a168502717
Adds missing file
2015-08-24 11:32:12 -03:00
Felipe Zimmerle
1065e297b2
Fix several minor issues on the seclang grammar
2015-08-22 11:06:28 -03:00
Felipe Zimmerle
e78d7f5b91
Makes the parser understand some missing configuration directives
...
Directives:
- SecPcreMatchLimitRecursion
- SecPcreMatchLimit
- SecResponseBodyMimeType
- SecTmpDir
- SecDataDir
- SecArgumentSeparator
- SecCookieFormat
- SecStatusEngine
Those are not implemented yet, but the parser is now able to understand it.
2015-08-20 13:04:54 -03:00
Felipe Zimmerle
a453a656c3
Fix continuation line and VARIABLENOCOLON
2015-08-19 23:12:34 -03:00
Felipe Zimmerle
0b225f0239
Parser: adds support to SecRequestBodyInMemoryLimit
2015-08-19 22:42:46 -03:00
Felipe Zimmerle
2d56aa521b
Cosmetics: fix actions on yy file
...
- added action for:
ctl:requestBodyProcessor=XML
ctl:requestBodyProcessor=JSON
- added CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT
2015-08-19 22:36:31 -03:00
Felipe Zimmerle
a230a4ff3c
parser: Adds support for continuation lines
2015-08-19 17:20:43 -03:00
Felipe Zimmerle
ef99615401
parser: Understanding @pm if no operator is provided
2015-08-19 16:58:14 -03:00
Felipe Zimmerle
101fddfc9b
Extends DICT_ELEMENT to support "-"
2015-08-18 22:19:32 -03:00
Felipe Zimmerle
d5bf955028
Using DetectionOnly instead of DetectOnly
2015-08-18 22:16:38 -03:00
Felipe Zimmerle
b7fb65fe65
seclanguage: ignore lines starting with "#"
2015-08-18 22:10:55 -03:00
