github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,230 Commits 55 Branches 109 Tags
Commit Graph

94 Commits

Author SHA1 Message Date
Joe Orton
9d9a727349 Fix compiler warnings. Reported by GCC with flags: 
-Wall -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS

Note, e.g. sprintf(digest, "%s%02x", digest, ...) is undefined behaviour because
the destination and source variables overlap, and GCC warnings for this.

acmp.c:258:13: warning: 'acmp_clone_node_no_state' defined but not used [-Wunused-function]
apache2_config.c:806:9: warning: unused variable 'offset' [-Wunused-variable]
apache2_config.c:1886:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_config.c:1942:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_config.c:2470:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_config.c:2538:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_util.c:226:11: warning: unused variable 'str' [-Wunused-variable]
apache2_util.c:225:11: warning: unused variable 'saved' [-Wunused-variable]
apache2_util.c:224:11: warning: unused variable 'parse_remote' [-Wunused-variable]
apache2_util.c:223:11: warning: unused variable 'remote' [-Wunused-variable]
msc_status_engine.c:216:17: warning: unused variable 'i' [-Wunused-variable]
msc_status_engine.c:375:55: warning: the address of 'pcre' will always evaluate as 'true' [-Waddress]
msc_crypt.c:67:17: warning: unused variable 'bytes' [-Wunused-variable]
msc_crypt.c:1083:33: warning: variable 'enc' set but not used [-Wunused-but-set-variable]
msc_crypt.c:1090:29: warning: variable 'enc' set but not used [-Wunused-but-set-variable]
/usr/include/bits/stdio2.h:30:10: warning: '__sprintf_chk' argument 5 overlaps destination object 'digest' [-Wrestrict]
msc_json.c:405:11: warning: unused variable 'json_data' [-Wunused-variable]
msc_crypt.c:1097:79: warning: '%s' directive argument is null [-Wformat-overflow=]
msc_logging.c:1144:20: warning: unused variable 'now' [-Wunused-variable]
msc_remote_rules.c:729:19: warning: unused variable 'word' [-Wunused-variable]
msc_remote_rules.c:727:17: warning: unused variable 'tmp' [-Wunused-variable]
msc_remote_rules.c:805:1: warning: control reaches end of non-void function [-Wreturn-type]
msc_tree.c:836:19: warning: unused variable 'ip' [-Wunused-variable]
msc_xml.c:29:44: warning: variable 'entity' set but not used [-Wunused-but-set-variable]
msc_util.c:2627:11: warning: unused variable 'start' [-Wunused-variable]
msc_util.c:2626:17: warning: unused variable 'fd' [-Wunused-variable]
msc_util.c:2624:18: warning: unused variable 'rc' [-Wunused-variable]
msc_util.c:1077:19: warning: array subscript 1 is outside array bounds of 'unsigned char[1]' [-Warray-bounds=]
 2025-05-16 09:59:32 +01:00
Marc Stern
b8e8e30730 Fixed parameters/functions names 2024-09-30 13:12:38 +02:00
Marc Stern
b52201010d msr_global_mutex_lock: Handle errors from apr_global_mutex_lock 2024-09-12 12:18:25 +02:00
Ervin Hegedus
f65415ae8a
Merge pull request #3191 from marcstern/v2/pr/mem_leak_re 
Memory leaks + enhanced logging
 2024-08-26 16:37:01 +02:00
Marc Stern
7c379c8d59 Fixed assert() usage: 
- added some missing
 - removed some invalid
 - removed some that were not relevant in the context of the current function, when done in a called function
 2024-07-31 11:17:36 +02:00
Marc Stern
243d9c978a Log audit lock name in case of problem 2024-07-22 15:57:15 +02:00
Marc Stern
649aea7288
Merge branch 'v2/master' into v2/mst/nullcheck2 2024-04-04 16:08:59 +02:00
Marc Stern
91da5872c1 Many null pointer checks 2024-02-20 13:15:52 +01:00
Ervin Hegedus
3f8d21c4b1
Revert "Centralized function to get user name" 2024-02-07 23:08:06 +01:00
Marc Stern
063fc9f5c8
Update msc_logging.c 2023-08-18 16:54:19 +02:00
martinhsv
8f04f44b09
Merge pull request #2046 from arminabf/segfault-with-assigned-user 
segfault with assigned user id on OpenShift
 2022-11-23 14:20:25 -08:00
Nao YONASHIRO
774ff40c96
fix: care non-null terminated chunk data 2019-05-27 10:29:01 -03:00
Armin Abfalterer
46c6cb2759 use uid if user name is not available 2019-03-13 13:11:24 +01:00
Victor Hora
1adea9f1e8
Merge pull request #1714 from p0pr0ck5/sanitize-json 2018-11-12 19:45:38 -05:00
Victor Hora
a3dc602128 ju5t patch to fix mpm-itk mod_ruid2 compatibility 2018-10-12 21:20:40 -04:00
Robert Paprocki
8d4124eee2 Enable sanitizing JSON request bodies in native audit log format 
f86de56 enabled sanitizing JSON request body data in JSON audit
log formats (the commit message is misleading). This commit supplements
JSON request body sanitization to support sanitized elements in
native audit log formats.
 2018-03-20 11:35:40 -07:00
florian-eichelberger
f86de566d1
Enables sanitizing of json request bodies in the apache module for native log format 2018-02-05 09:36:45 -03:00
Marc Stern
89764f12b0
Fixed typos: LOG_NO_STOPWATCH instead of DLOG_NO_STOPWATCH $log_server_context instead of $log_server_context 2017-09-29 18:34:30 +00:00
Felipe Zimmerle
d6bd0badc5
Cosmetics: fix #1400 indentation and help message 2017-05-08 16:01:37 -03:00
Marc Stern
70322304f2
{dis|en}able-server-context-logging: Option to disable logging of server info (log producer, sanitized objects, ...) in audit log. 2017-05-08 15:36:58 -03:00
Felipe Zimmerle
3e9e4b39cc
Cosmetics changes top of #1402 2017-05-02 17:14:06 -03:00
Marc Stern
7246998f09
Adds option to disable logging of stopwatches in audit log. 2017-05-02 17:11:58 -03:00
Marc Stern
d7383c39dd
Option to disable logging of dechunking 2017-05-02 11:09:42 -03:00
Marc Stern
7b86d8c51d
Extends a7731c by adding JSON support 2017-04-26 16:38:12 -03:00
Felipe Zimmerle
3de0dfc5fd
Cosmetics: fix #1381 indentation 2017-04-26 16:04:31 -03:00
Marc Stern
d1376c5525
Adds option to disable logging of Apache handler in audit log 2017-04-26 16:03:58 -03:00
Marc Stern
9244cd9824
Option to disable logging of "Server" in audit log when log level < 9. [Issue #1070 - Marc Stern] 2017-04-10 12:13:55 -03:00
Robert Paprocki
a34f9eb785
Append a newline to concurrent JSON audit logs 2016-10-20 09:43:22 -03:00
Robert Paprocki
2b4ece14c6
Remove logdata and msg fields from JSON audit log rule elements 
Writing macro-expanded strings to JSON elements during the post-logging
phase can be misleading, because it's possible that variable contents
(such as MATCHED_VAR) could have changed after the rule match, altering
their expected contents. Writing macro-epanded audit data really only
makes sense when the macros are expanded immediately following the
rule match. See issue #1174 for more details.
 2016-10-04 09:31:25 -03:00
Chaim sanders
947cef7c8c
Adapted patch from 977 to fix status failing to report in Nginx auditlogs 2016-07-11 13:32:56 -03:00
Robert Paprocki
f2ef2017f1
Fix file upload JSON audit log entry 
Each uploaded file is a separate yajl array, but we forgot to open
the a map for the proper k/v pairs.

This fixes issue #1173.
 2016-07-11 12:14:37 -03:00
Felipe Zimmerle
a157ac2946 Fix compilation issue on "pedantic" compilers 2016-02-03 10:37:24 -03:00
Robert Paprocki
ddc25dbbaa Fix 'is_chained' value for final rule in chain 
'is_chained' should be true for an actionset when the is_chained
member of the struct is true, or when its rule has a valid
chain_starter member.
 2016-01-29 11:59:52 -03:00
Robert Paprocki
5bc75ec871 Do not compile in JSON logging support if yajl is not found 2016-01-29 11:59:52 -03:00
Robert Paprocki
0c95a7a2cd Clean up JSON rule writer 
* Escape rule actionset metadata
* Escape and truncate logdata
* Lazily add actionset tags as an array
* Add negated rule op_param
* Add unparsed rule representation
 2016-01-29 11:59:52 -03:00
Robert Paprocki
8559399ebd Update JSON structure for matched rules 
Create a separate map for each matched rule chain,
making it easier to identify chains in which only a portion
of rules actually matched.
 2016-01-29 11:59:52 -03:00
Robert Paprocki
7a39b4b5b9 Make JSON audit logging a configurable option 
Remove compile-time setting for generating audit logs
as JSON, creating a new config option (SecAuditLogFormat).
sec_audit_logger is now a wrapper for sec_audit_logger_json
or sec_audit_logger_native. This has the disadvantage of
making the audit log generation code harder to maintain,
but the logger function itself now is no longer pepper
with binary branches.
 2016-01-29 11:59:52 -03:00
Robert Paprocki
dd79bea0b4 Additional updates for JSON logging 
* Write Stopwatch2 values into a separate map
* Remove legacy Stopwatch
* Proper sanitization of request/response headers
* Lazily open maps for keys that may not have content
 2016-01-29 11:59:52 -03:00
Robert Paprocki
7b2ca1617e first pass at JSON logging implementation 2016-01-29 11:59:52 -03:00
Felipe Zimmerle
966e7e1ff1 Adds verification before access the strcmp 
Audit log was making the assumption that "arg->origin" was filled which
is not necessary true. This commit adds an verification.
 2014-03-31 16:22:09 -07:00
Ewald Dieterich
7e459827e0 Log why writing to audit log failed 
Add error description from apr_strerror() to message that is logged if
writing to audit log failed.
 2014-03-31 07:14:55 -07:00
Ewald Dieterich
607dfd229a Fix segmentation fault if writing to audit log fails 
A segmentation fault occurs if concurrent audit log format is enabled
(SecAuditLogType Concurrent) and writing to the log fails.
 2014-03-31 07:14:55 -07:00
Breno Silva
aa18ec7f45 Updated copyright dates 2013-04-19 03:20:46 -04:00
Breno Silva
ce3cf00a2c Fixed byte conversion issue during logging under zlinux 2012-10-31 17:05:41 -04:00
brenosilva
0d2307192c MODSEC-336 2012-10-05 18:03:58 +00:00
brenosilva
866cb6d6b4 Update trunk for 2.7 2012-05-10 23:18:39 +00:00
brenosilva
b19f32bb3e Make clean and maintainer-clean removes unused files, also add # when rule chain doenst match 2011-04-29 19:05:48 +00:00
brenosilva
f468224a40 Change log_escape_nq to log_escape 2011-04-27 16:40:08 +00:00
brenosilva
6b7edc4d47 Fixes, code cleanups, improvements 2011-04-27 15:58:22 +00:00
brenosilva
cf97731cc0 Fix logging MATCHED_VARS issue 2011-04-25 19:46:33 +00:00