github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 11:16:33 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,063 Commits 55 Branches 109 Tags
2d51efae493fad8e0c00c8f7b7e74174055fdb09
Commit Graph

504 Commits

Author SHA1 Message Date
Felipe Zimmerle
9245369a54 Adds support to action CtlRuleRemoteTargetByTag 2016-10-25 15:43:50 -03:00
Felipe Zimmerle
8757840bc3 Refactoring on the operators: negation is now being handled globally 
Other minors changes were also made, including adding the prefix `m_'
to all the members of the class.
 2016-10-19 10:30:26 -03:00
Abhi Joglekar
28a44b966a SecLang uses RESPONSE_STATUS as variable, not STATUS 
Seclang uses RESPONSE_STATUS as variable to encode the status code for the
request.
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#RESPONSE_STATUS

The CRS v3.0.0-dev rules, for instance, uses the RESPONSE_STATUS variable.
https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0.0-dev/rules/RESPONSE-50-DATA-LEAKAGES-IIS.conf

When processing response headers, the variable was named STATUS when creating/storing
it in the collection. Fix it, and update regression testcases.
 2016-10-18 21:30:06 -03:00
Felipe Zimmerle
678a97d0f7 Refectoring on the DebugLog mechanism 
The DebugLog implementation was modified to use shared memory
to keep the information about the opened files and file handles.
The modification was necessary to avoid race-conditions. This
commit also closes the issue SpiderLabs/ModSecurity-nginx#17
 2016-10-18 18:43:51 -03:00
Felipe Zimmerle
f3bbcfc7ef Removes SecDebugLog directive from the test cases 2016-10-18 18:23:35 -03:00
Felipe Zimmerle
b48e4b3a37 refactoring: Moves Phases enum to outside ModSecurity class 2016-10-07 19:05:50 -03:00
Felipe Zimmerle
c680ddf2cd Refactoring on rulesProperties class 
Among of other things the merge process was improved to detect if
certain properties were set on the origin rule set.
 2016-10-05 12:01:15 -03:00
Felipe Zimmerle
0e5f72977e Changes MATCHED_VAR behaviour 
Only cleanup the variable if there wasn't a match within the rule
 2016-07-29 10:40:45 -07:00
Felipe Zimmerle
f723870f18 Fix case sensitive variable resolution in in memory backend 
Variables are case insensitive
 2016-07-22 13:34:57 -03:00
Felipe Zimmerle
5d64f73817 Makes RULE collection to be resolved inside a macro expansion 2016-07-21 13:09:22 -03:00
Felipe Zimmerle
37079ef668 Adds support to SecRuleRemoveById 2016-07-18 15:02:38 -03:00
Felipe Zimmerle
4cf6c714ac Cosmetics: Fix coding style 2016-07-12 21:59:17 -03:00
Felipe Zimmerle
3615c84ee5 Adds check-coding-style target to our Makefiles 2016-07-12 21:39:07 -03:00
Felipe Zimmerle
f26824bcf4 Adds more suppressions to the cppcheck 2016-07-12 12:52:55 -03:00
Felipe Zimmerle
4078677b7f Cosmetic changes: applies changes suggested by static analysis 2016-07-12 00:46:12 -03:00
Andrei Belov
085d50c127 include test cases into the distribution 2016-07-11 11:08:41 -03:00
Andrei Belov
063850a4cb exclude build-time required headers from install target 2016-07-11 11:08:41 -03:00
Andrei Belov
2aa1d14477 fixed build of unit tests (broken by 34e0284) 2016-07-11 11:08:41 -03:00
Andrei Belov
649365481f automake: include all needed files into "make dist" target. 2016-07-11 11:08:41 -03:00
Felipe Zimmerle
38b338d1d6 Adds test case for regular express selection 2016-07-11 11:07:30 -03:00
Felipe Zimmerle
4daf9d8ab0 Adds a test case for WEBSERVER_ERROR_LOG 
WEBSERVER_ERROR_LOG is not supported by libmodsecurity. This test case
confirms the parser error that says so.
 2016-07-08 11:05:09 -03:00
Felipe Zimmerle
6e4226ee4d Adds support to global collections shared among different process 
There is a memory leak in the variable resolution that should be
contained by an internal change in the way that the variables
are resolved.
 2016-07-07 23:03:47 -03:00
Felipe Zimmerle
ac64983276 Adds cppcheck target on makefile 2016-07-07 15:44:55 -03:00
Felipe Zimmerle
5daf4873b5 build: Searching for LMDB during the configuration phase 2016-07-05 11:56:19 -03:00
Felipe Zimmerle
3d1d0514fd Fix pass action behaviour: now only ingore actions within the same rule 
More details on issue #1152
 2016-07-01 11:01:51 -03:00
Felipe Zimmerle
b332018cc2 Adds regressiont test for issue #1152 2016-06-30 23:50:21 -03:00
Felipe Zimmerle
f72bd587ec Adds support to the allow action 2016-06-30 20:44:51 -03:00
Felipe Zimmerle
b0f69b1262 Adds support to the `skip' action 2016-06-30 10:35:42 -03:00
Felipe Zimmerle
90adb53935 Adds support to JSON request body parser 2016-06-29 21:55:41 -03:00
Felipe Zimmerle
193fa2e804 Changes regressions tests to fit the recent modification on the parser 2016-06-24 09:18:48 -03:00
Felipe Zimmerle
02909f7cd8 parser: arbitraty text can be used instead of operator 
The usage of an arbitrary text instead operator was expecting that the
arbitrary text start by something different from "@" or "!", now it can
start with anything, including "@", and/or "!". Notice however that
there aren't such thing as a bad  operator. Bad operator will be used as
input of @rx. Issue #1136.
 2016-06-22 16:59:50 -03:00
Felipe Zimmerle
0d53dda1a1 Adds support to @unconditionalMatch 
Issue #1002
 2016-06-21 13:46:55 -03:00
Felipe Zimmerle
60be385ebe Adds support to the SERVER_NAME variable 2016-06-21 10:53:11 -03:00
Felipe Zimmerle
df1f7c5e08 Adds support to the RESPONSE_PROTOCOL variable 2016-06-21 10:52:18 -03:00
Felipe Zimmerle
b8bd0c5960 API CHANGE: response status is now set on processResponseHeaders 
That change was needed to move the variable attribution to earliest
as possible. We also have a new field for HTTP_PROTOCOL version used
on the response.
 2016-06-21 09:24:46 -03:00
Felipe Zimmerle
a36b2da86a Adds support to the STATUS variable 2016-06-20 20:34:39 -03:00
Felipe Zimmerle
56d084a7f4 Adds support the variable rule 
Issue #1016
 2016-06-20 14:03:45 -03:00
Felipe Zimmerle
45bfb594b9 Adds missing tests cases 2016-06-20 11:35:00 -03:00
Felipe Zimmerle
6052d2628b Adds support to URLENCODED_ERROR variable 2016-06-20 11:34:43 -03:00
Felipe Zimmerle
c5262d54f2 Fix argument uri decode order 
The uri decode happens after the string is splitted, not before.
 2016-06-17 15:34:06 -03:00
Alexey Zelkin
647019a804 Use internal PCRE based implementation of regular expressions instead of std C++ regex library. 
C++ regex library proven to be unusable for gcc 4.8 and earlier version, so
reimplement code using PCRE library in order to build workable version of
unit_test executable for CentOS 7, RHEL 7, Ubuntu 14 and SUSE Linux 12.
 2016-06-16 13:50:50 -03:00
Felipe Zimmerle
1b35e57c4e Adds more suppressions to the valgrind list 
Those are suppressing leaks while the parse fail to load the
rules.
 2016-06-16 10:35:25 -03:00
Felipe Zimmerle
9919026620 Fixes regarding memory management 
Fixes assorted issues identified by valgrind.
 2016-06-16 00:03:57 -03:00
Felipe Zimmerle
1e6b40ebea Fix some improperly formatted test cases 2016-06-14 15:32:37 -03:00
Felipe Zimmerle
8cdb138076 Adds support to make check-valgrind 
make check-valgrind is useful to identify any memory related issue.
 2016-06-14 14:05:28 -03:00
Felipe Zimmerle
f0155e3f32 Adds support to make check 
The regression and unit tests are now integrated with `make check`.
It is possible to use make check -jN to have multiple tests running
in parallel.
 2016-06-14 09:47:41 -03:00
Felipe Zimmerle
2e3da7ea24 Better support for multipart 
ModSecurity v2.x parser was ported into 3.x branch.

All the multipart related variables should be workbale.
 2016-06-10 09:40:08 -03:00
Felipe Zimmerle
967c8c90f2 Fixed minor behavior on the trasnformations and added sha1-mbedtls 2016-05-30 16:54:13 -03:00
Felipe Zimmerle
f35d28b8d3 Loads the transformations test cases during the unit test 
Related to: #1156
 2016-05-27 11:03:46 -03:00
Felipe Zimmerle
1fe0e34201 Adds support to sqlHexDecode transformation 
Issue #973
 2016-05-25 20:19:54 -03:00