github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-10-01 03:57:47 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,253 Commits 55 Branches 109 Tags
2fcd373107c6c32e4b842ac7354770eb633afab8
Commit Graph

316 Commits

Author SHA1 Message Date
Felipe Zimmerle
2e3da7ea24 Better support for multipart 
ModSecurity v2.x parser was ported into 3.x branch.

All the multipart related variables should be workbale.
 2016-06-10 09:40:08 -03:00
Felipe Zimmerle
348cf3bfab Adds support to the REMOTE_USER variable 2016-05-23 18:32:53 -03:00
Felipe Zimmerle
f989ecd5cb Adds support to SecXMLExternalEntity 2016-05-18 17:02:15 -03:00
Felipe Zimmerle
6a7b970fe3 Adds support to ctl:requestBodyProcessor=XML 2016-05-18 10:30:25 -03:00
Felipe Zimmerle
1f45d6cea8 Adds full support to the libxml action 
Issue #1148
 2016-05-18 09:47:30 -03:00
Felipe Zimmerle
8c714af8e1 Actions refactoring: now there is a clear definiation on the action name 2016-05-17 14:36:59 -03:00
Felipe Zimmerle
1b88947d9b Adds support 'xmlns' action to the libmodsec parser 2016-05-16 18:24:54 -03:00
Felipe Zimmerle
3e8defb853 Adds support to the operator @validateDTD 
Further info #1003
 2016-05-13 09:20:10 -03:00
Felipe Zimmerle
6a40752500 Adds XML variable, xml body request processor and @validateSchema 2016-05-12 11:11:40 -03:00
Felipe Zimmerle
35636674e3 Adds the missing regression tests for USERID 2016-05-11 20:36:47 -03:00
Felipe Zimmerle
ff9aa5c7cf Adds support to the variable SESSIONID 2016-05-06 14:38:38 -03:00
Felipe Zimmerle
a2a47798e9 Adds support to the collection SESSION and setsid action 2016-05-06 14:38:04 -03:00
Felipe Zimmerle
5643d2fa28 Warming up to the remote collections support 
Huge refactoring to have the code in shape to later support the
remote collections with different backends.
 2016-05-03 17:39:49 -03:00
Felipe Zimmerle
e5acc95de8 First version of global' and ip' collections 2016-03-30 18:22:00 -03:00
Felipe Zimmerle
e0926fee37 Fix parser error while dealing with operator negation 
This patch closes the issue #960
 2016-03-17 18:06:46 -03:00
Felipe Zimmerle
a102b5ce2c Improves the method fill the ARGS collection 2016-01-15 10:35:24 -03:00
Felipe Zimmerle
a225f8b5b7 Fix SecResponseBodyMimeType test case 2016-01-06 17:00:43 -03:00
Felipe Zimmerle
decf04d264 Adds support to SecResponseBodyMimeType 2015-12-24 11:55:24 -03:00
Felipe Zimmerle
913e22a77d Adds initial support to initcol action 2015-12-22 12:10:15 -03:00
Felipe Zimmerle
2a950a435b Fix various minor bugs in the regression test suite 
Now if a test fails it keep testing the others tests from the same
family. The output was also improved.
 2015-12-10 18:36:20 -03:00
ajrpayne
45711b5224 Update issue-960.json with 3rd test. 2015-11-23 10:08:21 -03:00
Felipe Zimmerle
d8361d57c6 Adds a regression test for issue #960 2015-11-20 15:24:09 -03:00
Felipe Zimmerle
18c862a84a Adds the concept of `resources' to the regression test utility 
If a given resource is not available the test is skipped. Useful
to test operators that depends on 3rd party libraries that may
not be available, for instance: GeoIP.
 2015-11-20 13:39:57 -03:00
Felipe Zimmerle
3c45a57130 Fix regression tests structure : using method instead of protocol 2015-11-18 11:14:49 -03:00
Felipe Zimmerle
4a5e6b3e57 Fixed bad test cases 2015-10-19 23:05:44 -03:00
Felipe Zimmerle
c1e3eac09d Fix variable exclusion regression test (label only) 2015-10-19 19:38:44 -03:00
Felipe Zimmerle
0087a602f1 Fix phases execution 2015-09-30 18:48:38 -03:00
Felipe Zimmerle
3e067e7409 Core is now ready to deal with SecRulesEngine set to Off 2015-09-17 10:59:56 -03:00
Felipe Zimmerle
11e1a67d58 Fix disruptive action flow while RuleEngine is in DetectionOnly 2015-09-17 10:51:44 -03:00
Felipe Zimmerle
5228b685bf Fix disruptive actions execution 2015-09-16 19:43:31 -03:00
Felipe Zimmerle
081fe235ad Cosmetic: fix variable-REQUEST_BODY.json format 2015-09-16 18:11:43 -03:00
Felipe Zimmerle
a52a3a71ed Fix some regression tests to fit the most recent changes 2015-09-16 15:17:11 -03:00
Felipe Zimmerle
5c3a4b608d Adds support to SecMarker and skipAfter 2015-09-08 10:06:37 -03:00
Felipe Zimmerle
b048794f4e Adds support to unconditional rules 2015-09-04 15:55:53 -03:00
Felipe Zimmerle
010c18f63f Adds support to SecDefaultAction configuration directive 2015-09-04 10:56:04 -03:00
Felipe Zimmerle
f2ed890ea6 Now accept SecRules regardless of the letter case 2015-09-03 11:09:40 -03:00
Felipe Zimmerle
7afd93196d Adds contains to the list of operators compatibles with the capture action 2015-09-03 09:38:19 -03:00
Felipe Zimmerle
45d81e1c04 Adds sanity check to the rule id action 2015-09-03 09:38:12 -03:00
Felipe Zimmerle
6ab88472b1 Adds a simple regression test for the operator @rx 2015-09-02 18:50:19 -03:00
Felipe Zimmerle
ea4cd53221 Accepts phases with its name instead of a number 2015-09-02 18:31:02 -03:00
Felipe Zimmerle
035040cd13 Adds sanity check to confirm that the rule has an ID and it is not duplicated 2015-09-02 18:30:41 -03:00
Felipe Zimmerle
ef99615401 parser: Understanding @pm if no operator is provided 2015-08-19 16:58:14 -03:00
Felipe Zimmerle
2f1bcf6cb9 Ignores the parameters order on the test case 2015-08-10 13:19:34 -03:00
Felipe Zimmerle
9231f507bf Fill PATH_INFO with decoded value 2015-08-10 12:40:46 -03:00
Felipe Zimmerle
ad9393a8c2 Adds support for the tag action 2015-08-07 14:27:43 -03:00
Felipe Zimmerle
f519717bdf Adds support to the msg action 2015-08-07 14:27:43 -03:00
Felipe Zimmerle
5fdb5b7d2e Adds support to macro expansion in setvar action 2015-08-07 14:27:43 -03:00
Felipe Zimmerle
e12d95b10d Adds support to the TX collection and setvar action 2015-08-07 14:27:43 -03:00
Felipe Zimmerle
a9e0fbb41e Adds variable variations test cases 2015-08-07 14:27:43 -03:00
Felipe Zimmerle
4308ee0280 Adds t:none transformation 2015-08-05 23:54:12 -03:00