github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,542 Commits 55 Branches 109 Tags
Commit Graph

1228 Commits

Author SHA1 Message Date
Martin Vierula
f7f8a9827f
Fix initcol error message wording 2022-04-26 16:40:03 -07:00
Martin Vierula
6e56950cdf
Tolerate other parameters after boundary in multipart C-T 2022-04-26 11:17:46 -07:00
Liu DongMiao
6b7f2b0d63
fix memory in transaction.cc when log REMOTE_USER 2022-04-24 17:06:30 +08:00
Martin Vierula
1aa7616c18
Add DebugLog message for bad pattern in rx operator 2022-04-21 11:16:01 -07:00
Martin Vierula
f84614fe06 Support PCRE2 2022-04-13 10:44:56 -07:00
tomasz.ziolkowski
3b50b2634b remove destructor, close environment only once 2022-03-08 12:27:08 +01:00
tomasz.ziolkowski
1fa95ec2e8 set initialized flag, remove unnecessary semicolon 2022-03-08 11:21:43 +01:00
tomasz.ziolkowski
46f40899e7 Fix parallel lmdb readonly transactions 2022-03-06 15:19:59 +01:00
Martin Vierula
4c526fc218
Support SecRequestBodyNoFilesLimit 2022-02-15 14:53:34 -08:00
Martin Vierula
5106307cc6
Change one parm from pass-by-value to reference-to-const 2022-02-09 13:02:06 -08:00
martinhsv
d0813fec45
Merge pull request #2602 from LMDB/issue2601 
Fix #2601 misuses of LMDB API
 2022-02-09 10:46:15 -05:00
martinhsv
b89c737ad3
Merge pull request #2677 from gleydsonsoares/loadFromUri_zap_duplicate_words 
tweak loadFromUri: zap duplicate words in comment
 2022-01-26 20:13:50 -05:00
martinhsv
2cde1933a7
Merge pull request #2680 from SpiderLabs/v3/dev/issue_2606_a 
Add ctl:auditengine action support
 2022-01-26 15:53:53 -05:00
Martin Vierula
2d51efae49 Add ctl:auditengine action support 2022-01-20 14:04:30 -08:00
Gleydson Soares
b052adf0b8 tweak loadFromUri: zap duplicate words in comment 2022-01-20 10:47:21 -03:00
Martin Vierula
3ee6e108d6
Fix multiMatch msg, etc, population in audit log 2022-01-14 09:25:07 -08:00
Martin Vierula
cb80837e6a
Remove old commented-out re: audit log, relevant 2022-01-08 09:08:25 -08:00
martinhsv
2de14cb000
Merge pull request #2635 from Mesar-Ali/patch-1 
Adjust confusing variable name in setRequestBody method
 2021-12-30 11:29:37 -05:00
Mesar ali
f82b98c04d
Confusing variable name in setRequestBody method 2021-12-30 08:55:51 +05:30
Martin Vierula
f34b49f666
Multipart names may include single quote if double-quote enclosed 2021-12-23 08:02:43 -08:00
Martin Vierula
19d50f4da4
Add a const to satisfy cppcheck 2021-12-20 09:41:38 -08:00
Martin Vierula
ac79c1c29b
Support configurable limit on depth of JSON parsing 2021-11-15 18:51:25 -08:00
Mesar ali
5aec781d39
Confusing variable name in setRequestBody method 2021-11-02 12:35:29 +05:30
Howard Chu
a6e1074844 Fix #2601 misuses of LMDB API 
Only open DBI once, doesn't need closing.
Never reuse a txn handle after commit.
Use MDB_RDONLY for txns that aren't doing any writes
 2021-08-09 14:28:54 +01:00
martinhsv
cd5fba8974 Handle URI received with uri-fragment 2021-07-05 14:51:21 -03:00
martinhsv
65e7e474b1
fix missing parentheses in filename* parsing 2021-05-11 13:46:50 -07:00
Felipe Zimmerle
7fccb0d225 Cosmetic: pleasing cppcheck 2021-05-11 10:27:58 -03:00
Felipe Zimmerle
6fdba42c02 Cosmetics: Having cppcheck pleased 
(...) remove_comments.cc,62,style,knownConditionTrueFalse,Condition 'incomment==0' is always true
(...) remove_comments.cc,66,style,knownConditionTrueFalse,Condition 'incomment==0' is always true
(...) remove_comments.cc,69,style,knownConditionTrueFalse,Condition 'incomment==0' is always true
 2021-05-10 12:32:09 -03:00
Felipe Zimmerle
66ba7b065a Cosmetic: fix static warning 2021-05-04 21:04:21 -03:00
Felipe Zimmerle
4cdcc15334
Revert "Adds suppor for HyperScan in the bulid system" 
This reverts commit 912704b6d4e45aa601b87c5a4cf4b6061d1bbccb.
 2021-02-26 11:33:12 -03:00
Felipe Zimmerle
912704b6d4
Adds suppor for HyperScan in the bulid system 2021-02-26 11:15:02 -03:00
Felipe Zimmerle
2e69ce6ccf
build: Fix curl include path 
Issue #2519
 2021-02-24 13:20:24 -03:00
Felipe Zimmerle
50fc347ed4
Fix rules dump 
The unique pointer for file name was being used multiple times
on SecMarker.
 2021-02-04 11:07:22 -03:00
martinhsv
6ca028b6f5
Fix memory leak in rx operator when pattern includes macro 2021-01-25 19:39:10 -03:00
martinhsv
fbea73120c
Fix: FILES variable does not use multipart part name for key 2021-01-24 15:06:30 -03:00
Felipe Zimmerle
f1f2527c03
Using setenv instead of putenv on SetEnv action 2021-01-24 14:59:59 -03:00
Felipe Zimmerle
e8bd2151f2
Having _NAMES, variables proxied 
Some variables share content with others; that is the case
for ARGS and ARGS_NAMES. Those are different in value, as
ARGS_NAMES holds the key name as value.

Instead of duplicating the strings for the different
collections, this patch unifies the collection in radix,
avoiding memory fragmentation. It is currently doing some
fragmentation while resolving the variable, but to be
mitigated by shared_ptr is VariableValues, a different
change.

TODO: place others variables such as COOKIE*NAMES to use
the same proxy.
 2021-01-24 11:30:22 -03:00
Felipe Zimmerle
3748d62f19
Changes copyright dates on the code 2021-01-19 09:24:37 -03:00
Felipe Zimmerle
9b40a045bb
Cosmetics: fix some cppcheck complains to please QA 2021-01-13 13:30:04 -03:00
Felipe Zimmerle
f18595f428
Makes regular expression selection on collections key case insensitive 
This issue was initially reported by @michaelgranzow-avi on #2296.

@airween made an initial attempt to provide a fixed at #2107; As a
consequence of the pull request review - provided by @victorhora,
@zimmerle, and @michaelgranzow-avi - @airween made a second attempt
at #2297. After reviewing by @martinhsv, @zimmerle, I have absorbed
the essential pieces from @airween patch into this one.

This patch differs from @airween's because @airween's patches were
partially working: Key exclusions with regex weren't covered, same
for anchored variables (e.g. ARGS). During the review, I have
highlighted the importance of having elementary test cases. A simple
test case on ARGS could spot the issue. Since that is an important
fix, I don't want to hold this for one more review cycle; therefore,
I am committing the fix myself.

Thank you all involved in the solution of this very own issue.
 2020-12-10 10:05:07 -03:00
David Carlier
560f81200f Adding DragonFlyBSD support. 2020-12-10 09:51:03 -03:00
martinhsv
d72be1c470
Fix: Only delete Multipart tmp files after rules have run 2020-11-04 13:50:07 -03:00
Michael Granzow
1b7aa42c77
Issue-2423: Meta-actions like 'msg' should be applied at end of chain 2020-10-29 10:33:02 -03:00
martinhsv
2672db103e
Add support for new operator rxGlobal 2020-10-26 08:55:07 -03:00
Felipe Zimmerle
4b425850cf
Cosmetics: fix cppcheck warnings 2020-10-23 08:29:07 -03:00
martinhsv
8436c78993
Fix IP address logging in Section A 2020-10-16 13:14:42 -07:00
Felipe Zimmerle
995f22b3ce
Having Bison 3.7.2 2020-10-14 13:58:37 -03:00
Felipe Zimmerle
377fb723ca
Makes lua 5.1 workable again 
Issue #2389
 2020-09-21 10:04:40 -03:00
Felipe Zimmerle
8c85b78361
Adds support to lua 5.4 2020-08-17 11:08:03 -03:00
Felipe Zimmerle
ae3ad5eaa7
cosmetics: Address some cppcheck complains 2020-08-06 19:02:00 -03:00