github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 11:16:33 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,272 Commits 55 Branches 109 Tags
3f8de775f93a172def85023dd45362e4ad248e7b
Commit Graph

307 Commits

Author SHA1 Message Date
wangkai19
3f8de775f9 Fix small comment spell 2023-12-14 17:30:11 +08:00
Martin Vierula
bbde9381cb Change release version to v3.0.11 2023-12-06 10:52:41 -08:00
Martin Vierula
cb4d7ae371 Adjust some copyright dates 2023-10-31 06:23:19 -07:00
Martin Vierula
36adc58ea3 const-ify some references (satisfy cppcheck) 2023-10-27 06:20:01 -07:00
Martin Vierula
dc6cce5f0c refactoring and remove dead code in lmdb 2023-10-24 06:36:18 -07:00
Martin Vierula
118e1b3a44 Support expirevar for in-memory collection 2023-09-29 11:40:03 -07:00
Martin Vierula
ccc2d9b536 Change release version to v3.0.10 2023-07-25 07:23:07 -07:00
martinhsv
09a135baab Merge pull request #2736 from brandonpayton/add-regex-match-limits-and-error-reporting 
Add isolated PCRE match limits as a layer of ReDoS defense
 2023-05-09 06:09:28 -07:00
Martin Vierula
205dac0e8c Change release version to v3.0.9 2023-04-12 10:45:09 -07:00
Brandon Payton
f3d8198b84 Respond to code review feedback 2023-04-11 13:47:02 -04:00
Brandon Payton
0c42ee229e Switch to simpler PCRE error flags 2023-04-11 13:44:07 -04:00
Brandon Payton
8c269d31c5 Update Regex util to support match limits 
If the rx or rxGlobal operator encounters a regex error,
the RX_ERROR and RX_ERROR_RULE_ID variables are set.
RX_ERROR contains a simple error code which can be either
OTHER or MATCH_LIMIT. RX_ERROR_RULE_ID unsurprisingly
contains the ID of the rule associated with the error.
More than one rule may encounter regex errors,
but only the first error is reflected in these variables.
 2023-04-11 13:40:40 -04:00
Martin Vierula
e9a7ba4a60 Fix two rule-reload memory leak issues 2022-09-15 16:27:25 -07:00
Martin Vierula
996c7e1e1f Change release version to v3.0.8 2022-09-07 11:53:30 -07:00
Martin Vierula
fa6e41857d Multipart parsing fixes and new MULTIPART_PART_HEADERS collection 2022-09-07 06:29:20 -07:00
Martin Vierula
1bdd047400 Change release version to v3.0.7 2022-05-30 06:29:36 -07:00
Martin Vierula
606f5721c2 Change some parms to const reference (satisfies cppcheck) 2022-04-27 08:57:09 -07:00
Martin Vierula
4c526fc218 Support SecRequestBodyNoFilesLimit 2022-02-15 14:53:34 -08:00
Martin Vierula
5106307cc6 Change one parm from pass-by-value to reference-to-const 2022-02-09 13:02:06 -08:00
Martin Vierula
2d51efae49 Add ctl:auditengine action support 2022-01-20 14:04:30 -08:00
Martin Vierula
1a965a49ad Fix some name handling for ARGS_*NAMES: regex SecRuleUpdateTargetById, etc. 2022-01-04 11:47:18 -08:00
Martin Vierula
c3d7f4b560 Change release version to v3.0.6 2021-11-19 11:23:27 -08:00
Martin Vierula
ac79c1c29b Support configurable limit on depth of JSON parsing 2021-11-15 18:51:25 -08:00
Felipe Zimmerle
bf881a4eda Change release version to v3.0.5 2021-07-07 10:13:14 -03:00
Felipe Zimmerle
50fc347ed4 Fix rules dump 
The unique pointer for file name was being used multiple times
on SecMarker.
 2021-02-04 11:07:22 -03:00
Felipe Zimmerle
e8bd2151f2 Having _NAMES, variables proxied 
Some variables share content with others; that is the case
for ARGS and ARGS_NAMES. Those are different in value, as
ARGS_NAMES holds the key name as value.

Instead of duplicating the strings for the different
collections, this patch unifies the collection in radix,
avoiding memory fragmentation. It is currently doing some
fragmentation while resolving the variable, but to be
mitigated by shared_ptr is VariableValues, a different
change.

TODO: place others variables such as COOKIE*NAMES to use
the same proxy.
 2021-01-24 11:30:22 -03:00
Felipe Zimmerle
3748d62f19 Changes copyright dates on the code 2021-01-19 09:24:37 -03:00
Felipe Zimmerle
9b40a045bb Cosmetics: fix some cppcheck complains to please QA 2021-01-13 13:30:04 -03:00
martinhsv
d72be1c470 Fix: Only delete Multipart tmp files after rules have run 2020-11-04 13:50:07 -03:00
Felipe Zimmerle
7e0bc26917 Using performLogging function 2020-03-31 15:20:15 -03:00
Felipe Zimmerle
7a48245aed Creates RuleUnconditional 
Makes RuleScript child of RuleWithActions instead of Operator
 2020-03-31 14:44:19 -03:00
Felipe Zimmerle
f63bd1a45d Moves Rule[WithActions|WithOperator] to their own files 2020-03-31 13:33:38 -03:00
Felipe Zimmerle
8274be066a Refactoring: Having RuleMarker in a separated file 2020-03-31 12:45:46 -03:00
Felipe Zimmerle
bdedfd2463 Refactoring: Renames RuleBase to Rule 2020-03-31 12:26:13 -03:00
Felipe Zimmerle
59d4268882 Refactoring: renames Rule to RuleWithOperator 2020-03-31 10:00:08 -03:00
Felipe Zimmerle
8eb7b8fe6c Refactoring: Splits Rule into Rule and RuleWithActions 2020-03-30 20:22:37 -03:00
Felipe Zimmerle
43f8aee6b6 Splits Rule class into: Rule, RuleBase, RuleMarker 2020-03-30 20:21:36 -03:00
Felipe Zimmerle
fda03c0016 Yet another refactoring in Rule 2020-03-30 15:38:51 -03:00
Felipe Zimmerle
b66224853b Refactoring in Rule: Meaningful structures name 2020-03-27 17:43:43 -03:00
Felipe Zimmerle
96849c07de Makes action name a shared pointer 2020-03-27 16:13:15 -03:00
Felipe Zimmerle
9c526b3647 Avoids copy on the transformation operation 2020-03-27 16:12:55 -03:00
Felipe Zimmerle
8cfb289cea Lets reserve some memory for rule message 2020-03-27 15:49:02 -03:00
Felipe Zimmerle
a609249d64 Makes m_id a shared pointer 2020-03-27 15:48:11 -03:00
Felipe Zimmerle
343b86c2a7 Makes m_fileName a shared pointer 2020-03-27 15:00:22 -03:00
Felipe Zimmerle
14b2bd77a0 Makes m_uri_no_query_string_decoded a shared pointer 2020-03-27 14:46:56 -03:00
Felipe Zimmerle
d7d5cd2a91 Makes m_serverIpAddress a shared pointer 2020-03-27 14:46:43 -03:00
Felipe Zimmerle
8df35deadb Makes m_clientIpAddress a shared pointer 2020-03-27 14:22:20 -03:00
Felipe Zimmerle
196adcae23 Removes reference counter for RulesSet 2020-03-27 14:06:12 -03:00
Felipe Zimmerle
5ebfa5eacb Removes referece count from audit logs 2020-03-26 10:38:55 -03:00
Felipe Zimmerle
4b94fabef9 Removes reference count form Actions 2020-03-26 10:01:11 -03:00