github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 07:56:12 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,270 Commits 55 Branches 109 Tags
Commit Graph

70 Commits

Author SHA1 Message Date
Felipe Zimmerle
2d29740ca4
Cosmetics: better format the serial audit logs 2016-12-15 23:32:53 -03:00
Felipe Zimmerle
c1e96d6c2b
Fix rules messages in the audit logs 2016-12-15 23:11:54 -03:00
Felipe Zimmerle
2e9a35c358
Refactoring on the audit logs implementation 
Among of other things, it is now supporting shared file locks between
different process.
 2016-12-14 23:17:28 -03:00
Felipe Zimmerle
31d5d79089 Removes charset=UTF-8 from content-type variable 2016-12-07 15:59:20 -03:00
Felipe Zimmerle
cce6179dcc
Refactoring: new structure for logging alerts 
Disruptive actions were moved to actions::disruptive namespace
 2016-12-01 14:14:54 -03:00
Felipe Zimmerle
bfc30dad34
Refactoring: how to report to error logs 2016-12-01 01:05:29 -03:00
Felipe Zimmerle
9116a19bcc
Using the decoded uri in REQUEST_URI instead of the encoded one 2016-11-28 12:20:11 -03:00
Felipe Zimmerle
d3a4ec760c
Removes slash from REQUEST_BASENAME 2016-11-22 15:33:32 -03:00
Felipe Zimmerle
293a849668
Adds m_uri_no_query_string_decoded to transaction 2016-11-22 15:23:47 -03:00
David Testé
f5898e94c7
Fix documentation typos 2016-11-14 10:23:51 -03:00
Felipe Zimmerle
3ee7b24928
Adds refCounter to actions 2016-11-08 18:14:34 -03:00
Felipe Zimmerle
2244e874e2
Moves static methods from class String to the namespace string 2016-11-04 16:00:44 -03:00
Felipe Zimmerle
62a0cb468b
Renames utils/msc_string.[h|cc] to utils/string.[h|cc] 2016-11-04 16:00:42 -03:00
Felipe Zimmerle
424418f54b
Renames msc_system.[h|cc] to system.[h|cc] 2016-11-04 16:00:36 -03:00
Felipe Zimmerle
4ced1d18e0
Using full path in the header inclusion 2016-11-04 14:45:01 -03:00
Felipe Zimmerle
768cc74f0e
Moves RuleMessage to its own file 2016-11-04 11:58:57 -03:00
Felipe Zimmerle
507ec44cc2
Refactoring on `utils.cc' and adjacents 
Completely removed the `utils.cc' by moving residual functions into
sub-classes of `utils/'
 2016-11-03 20:26:27 -03:00
Felipe Zimmerle
f1e742c159
Moves system related functions from utils' to utils/system' 2016-11-03 10:48:10 -03:00
Felipe Zimmerle
73c4d69174
Moves string related functions from utils' to utils/string' 2016-11-03 10:47:22 -03:00
Felipe Zimmerle
4711644600
dds support to CtlRequestBodyAccess 2016-10-28 09:48:10 -03:00
Abhi Joglekar
28a44b966a
SecLang uses RESPONSE_STATUS as variable, not STATUS 
Seclang uses RESPONSE_STATUS as variable to encode the status code for the
request.
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#RESPONSE_STATUS

The CRS v3.0.0-dev rules, for instance, uses the RESPONSE_STATUS variable.
https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0.0-dev/rules/RESPONSE-50-DATA-LEAKAGES-IIS.conf

When processing response headers, the variable was named STATUS when creating/storing
it in the collection. Fix it, and update regression testcases.
 2016-10-18 21:30:06 -03:00
Felipe Zimmerle
b48e4b3a37
refactoring: Moves Phases enum to outside ModSecurity class 2016-10-07 19:05:50 -03:00
Felipe Zimmerle
c680ddf2cd
Refactoring on rulesProperties class 
Among of other things the merge process was improved to detect if
certain properties were set on the origin rule set.
 2016-10-05 12:01:15 -03:00
Felipe Zimmerle
52808b6cf0
Allows REQUEST_HEADERS:Content-Type to be null 
If REQUEST_HEADERS:Content-Type is null, REQBODY_ERROR will be marked as "0"
 2016-07-18 21:31:26 -03:00
Felipe Zimmerle
4cf6c714ac
Cosmetics: Fix coding style 2016-07-12 21:59:17 -03:00
Felipe Zimmerle
4078677b7f
Cosmetic changes: applies changes suggested by static analysis 2016-07-12 00:46:12 -03:00
Alexey Zelkin
f43704dbef
Add explicit 'return true;' for Transaction::extractArguments() 
Unbreaks runtime for FreeBSD 10 (clang generated code)
 2016-07-04 22:42:36 -03:00
Felipe Zimmerle
f72bd587ec
Adds support to the allow action 2016-06-30 20:44:51 -03:00
Felipe Zimmerle
e77e4c4c14
Adds missing test case to Makefile.am and initializes the skip var 2016-06-30 13:46:15 -03:00
Felipe Zimmerle
90adb53935
Adds support to JSON request body parser 2016-06-29 21:55:41 -03:00
Felipe Zimmerle
2477470607
Adds support to the resource collection 2016-06-24 15:17:29 -03:00
Felipe Zimmerle
60be385ebe
Adds support to the SERVER_NAME variable 2016-06-21 10:53:11 -03:00
Felipe Zimmerle
df1f7c5e08
Adds support to the RESPONSE_PROTOCOL variable 2016-06-21 10:52:18 -03:00
Felipe Zimmerle
b8bd0c5960
API CHANGE: response status is now set on processResponseHeaders 
That change was needed to move the variable attribution to earliest
as possible. We also have a new field for HTTP_PROTOCOL version used
on the response.
 2016-06-21 09:24:46 -03:00
Felipe Zimmerle
a36b2da86a
Adds support to the STATUS variable 2016-06-20 20:34:39 -03:00
Felipe Zimmerle
6052d2628b
Adds support to URLENCODED_ERROR variable 2016-06-20 11:34:43 -03:00
Felipe Zimmerle
c5262d54f2
Fix argument uri decode order 
The uri decode happens after the string is splitted, not before.
 2016-06-17 15:34:06 -03:00
Felipe Zimmerle
dbaf79fb8e
Adds extractArguments facilitator method 
Little refactoring to use this method instead of doing it
manually in different parts of the code.
 2016-06-17 15:15:44 -03:00
Felipe Zimmerle
5c088c8be4
Adds addArgument method to transaction class 
There was a bit of refactoring to use the addArgument function, instead
of adding the items manually.
 2016-06-17 14:34:22 -03:00
Felipe Zimmerle
ebe8424758
Adds support to REQBODY_ERROR_MSG and REQBODY_ERROR 
Support to REQBODY_PROCESSOR_ERROR and REQBODY_PROCESSOR_ERROR_MSG
were also added.
 2016-06-16 23:14:15 -03:00
Felipe Zimmerle
7bd6e9a2bd
Makes XML request body processor to be selected only by ctl:equestBodyProcessor 2016-06-16 17:20:47 -03:00
Felipe Zimmerle
7cb27eb9fc
Implements the support to fill the REQBODY_PROCESSOR variable 2016-06-16 15:47:40 -03:00
Felipe Zimmerle
9cec9db794
Fix memory leak in the method toJSON from Transaction class 2016-06-16 10:33:15 -03:00
Felipe Zimmerle
9919026620
Fixes regarding memory management 
Fixes assorted issues identified by valgrind.
 2016-06-16 00:03:57 -03:00
Felipe Zimmerle
2e3da7ea24 Better support for multipart 
ModSecurity v2.x parser was ported into 3.x branch.

All the multipart related variables should be workbale.
 2016-06-10 09:40:08 -03:00
Felipe Zimmerle
6a7b970fe3 Adds support to ctl:requestBodyProcessor=XML 2016-05-18 10:30:25 -03:00
Felipe Zimmerle
8c714af8e1 Actions refactoring: now there is a clear definiation on the action name 2016-05-17 14:36:59 -03:00
Felipe Zimmerle
6a40752500 Adds XML variable, xml body request processor and @validateSchema 2016-05-12 11:11:40 -03:00
Felipe Zimmerle
758ecb5d6d Adds support to USER collection, setuid action and USERID variable 
More details on: #1026, #1024, #1048
 2016-05-09 20:27:08 -03:00
Felipe Zimmerle
a2a47798e9 Adds support to the collection SESSION and setsid action 2016-05-06 14:38:04 -03:00