github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,398 Commits 55 Branches 109 Tags
Commit Graph

2398 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexey Zelkin
647019a804
Use internal PCRE based implementation of regular expressions instead of std C++ regex library. 
C++ regex library proven to be unusable for gcc 4.8 and earlier version, so
reimplement code using PCRE library in order to build workable version of
unit_test executable for CentOS 7, RHEL 7, Ubuntu 14 and SUSE Linux 12.
 2016-06-16 13:50:50 -03:00
Felipe Zimmerle
21777aec41
Fix invalid memory read in msc_tree 2016-06-16 13:31:31 -03:00
Felipe Zimmerle
8b9041c2da
Fix memory leak on VerifyCC operator 2016-06-16 12:40:05 -03:00
Felipe Zimmerle
a4c7d534f2
Fix invalid memory write on base64 forgiven decode 2016-06-16 12:26:05 -03:00
Felipe Zimmerle
7be5fde62a
Fix memory leak on the @pm operator 
Binary tree was not being cleaned right, now looking (and cleaning)
the sibling nodes.
 2016-06-16 10:37:52 -03:00
Felipe Zimmerle
1b35e57c4e
Adds more suppressions to the valgrind list 
Those are suppressing leaks while the parse fail to load the
rules.
 2016-06-16 10:35:25 -03:00
Felipe Zimmerle
9cec9db794
Fix memory leak in the method toJSON from Transaction class 2016-06-16 10:33:15 -03:00
Felipe Zimmerle
f833a61089
Fix memory leak on html dentity decode transformation 2016-06-16 10:32:44 -03:00
Felipe Zimmerle
e6c542c5b5
Fix invalid read on sql hex decode transformation 2016-06-16 10:31:15 -03:00
Felipe Zimmerle
9919026620
Fixes regarding memory management 
Fixes assorted issues identified by valgrind.
 2016-06-16 00:03:57 -03:00
Alexey Zelkin
cb91af537c
Enforce bison requirement to 3.0.4. 
Previous versions of bison proven to generate broken code which caused to assert() regression
tests of libmodsecurity for clang 3.4 and gcc 4.8.  Upgrading bison to 3.0.4 solved mentioned issues
for FreeBSD 10, CentOS 7, RHEL 7 and Ubuntu 14.
 2016-06-15 23:10:27 -03:00
Alexey Zelkin
32f22d1a79
Use explicit variable size for copying char. 
For some reason plain call to "ret.append(&b)" copy 32 bit of data.  This change unbreaks
CmdLine unit tests for FreeBSD 10, CentOS 7, RHEL 7 and Debian 8.
 2016-06-15 23:10:27 -03:00
Alexey Zelkin
57ad70bb2b
Add missing 'retrun's for functions declared return value. This change fixes SIGILLs on executable built with clang 3.4. 
Tested against FreeBSD 10.3.
 2016-06-15 23:10:27 -03:00
Felipe Zimmerle
1e6b40ebea
Fix some improperly formatted test cases 2016-06-14 15:32:37 -03:00
Felipe Zimmerle
8cdb138076
Adds support to make check-valgrind 
make check-valgrind is useful to identify any memory related issue.
 2016-06-14 14:05:28 -03:00
Felipe Zimmerle
f0155e3f32 Adds support to make check 
The regression and unit tests are now integrated with `make check`.
It is possible to use make check -jN to have multiple tests running
in parallel.
 2016-06-14 09:47:41 -03:00
Felipe Zimmerle
2e3da7ea24 Better support for multipart 
ModSecurity v2.x parser was ported into 3.x branch.

All the multipart related variables should be workbale.
 2016-06-10 09:40:08 -03:00
Felipe Zimmerle
9e5cf2de8e Adds Upload configuration paramters to the libmodsec parser 2016-06-07 14:23:56 -03:00
Felipe Zimmerle
967c8c90f2 Fixed minor behavior on the trasnformations and added sha1-mbedtls 2016-05-30 16:54:13 -03:00
Felipe Zimmerle
f35d28b8d3 Loads the transformations test cases during the unit test 
Related to: #1156
 2016-05-27 11:03:46 -03:00
Felipe Zimmerle
8d49903279 Adds support to the transformations parity[even|odd|zero]7bit 
Issues: #968, #969, #967
 2016-05-27 10:45:05 -03:00
Felipe Zimmerle
59b1fe0305 Adds sqlHexDecode tranformation to libmodsecurity parser 2016-05-25 20:24:41 -03:00
Felipe Zimmerle
1fe0e34201 Adds support to sqlHexDecode transformation 
Issue #973
 2016-05-25 20:19:54 -03:00
Felipe Zimmerle
bd2e95953c Adds support to the hexDecode transformation 
Issue: #973
 2016-05-25 18:49:34 -03:00
Felipe Zimmerle
2b056485d0 Adds support to Utf8ToUnicode transformation 
Issue #974
 2016-05-25 18:21:26 -03:00
Felipe Zimmerle
d70f08d01e test: Using regexp to transform binary representation into binary blobs 2016-05-25 18:18:55 -03:00
Felipe Zimmerle
b7e82261ce Adds support to removeComments transformation on libmodsec 
Issue #970
 2016-05-25 11:17:32 -03:00
Felipe Zimmerle
08df949bf6 Adds md5 transformation to the libmodsecurity parser 2016-05-25 10:30:12 -03:00
Felipe Zimmerle
7ccf54d330 Adds md5 transformation 
Replaced the old md5 implementation by the mbetls one.
 2016-05-24 21:28:19 -03:00
Felipe Zimmerle
bf4a9d7633 Adds support to base64DecodeExt transformation 
More info on #964
 2016-05-24 21:28:19 -03:00
Felipe Zimmerle
056753d57a Adds support to base64 encode transformation 2016-05-24 21:28:14 -03:00
Felipe Zimmerle
bb5cbc969f Fix return value of Utilis::Base64::decode 2016-05-24 10:11:15 -03:00
Felipe Zimmerle
e48f468cbc Adds support to base64 decode transformation 2016-05-24 10:04:06 -03:00
Felipe Zimmerle
348cf3bfab Adds support to the REMOTE_USER variable 2016-05-23 18:32:53 -03:00
Felipe Zimmerle
a3ae686f25 Adds base64 support via mbedtls 
This is inspered in the work done at: #1123
 2016-05-23 18:27:28 -03:00
Felipe Zimmerle
4b9cff3ec7 Partially adds the REMOTE_USER variable support 2016-05-23 11:04:19 -03:00
Felipe Zimmerle
f989ecd5cb Adds support to SecXMLExternalEntity 2016-05-18 17:02:15 -03:00
Felipe Zimmerle
6a7b970fe3 Adds support to ctl:requestBodyProcessor=XML 2016-05-18 10:30:25 -03:00
Manish Malik
9202ffb17d Replacing include subdirectory name, transaction --> collection 2016-05-18 09:53:14 -03:00
Felipe Zimmerle
1f45d6cea8 Adds full support to the libxml action 
Issue #1148
 2016-05-18 09:47:30 -03:00
Felipe Zimmerle
a9e6716c6a Variables are now receiving the rule instance as parameter 2016-05-17 15:47:50 -03:00
Felipe Zimmerle
8c714af8e1 Actions refactoring: now there is a clear definiation on the action name 2016-05-17 14:36:59 -03:00
Felipe Zimmerle
1b88947d9b Adds support 'xmlns' action to the libmodsec parser 2016-05-16 18:24:54 -03:00
Felipe Zimmerle
3e8defb853 Adds support to the operator @validateDTD 
Further info #1003
 2016-05-13 09:20:10 -03:00
Felipe Zimmerle
6a40752500 Adds XML variable, xml body request processor and @validateSchema 2016-05-12 11:11:40 -03:00
Felipe Zimmerle
35636674e3 Adds the missing regression tests for USERID 2016-05-11 20:36:47 -03:00
Felipe Zimmerle
758ecb5d6d Adds support to USER collection, setuid action and USERID variable 
More details on: #1026, #1024, #1048
 2016-05-09 20:27:08 -03:00
Felipe Zimmerle
ff9aa5c7cf Adds support to the variable SESSIONID 2016-05-06 14:38:38 -03:00
Felipe Zimmerle
a2a47798e9 Adds support to the collection SESSION and setsid action 2016-05-06 14:38:04 -03:00
Felipe Zimmerle
33a704e918 Fix macro expansion: no more % abandoned by the end of variable 2016-05-06 14:16:37 -03:00