Felipe Zimmerle
a8e5cce744
Moving the rules deletion to the RuleProperties class
...
The deletion was happning on the Rule class due to historical reasons.
The consequence of that was a parser memory leak.
2017-03-06 15:01:51 -03:00
Felipe Zimmerle
068a3eb517
Fixed bad memory access in utf8ToUnicode class
2017-03-06 15:01:50 -03:00
Felipe Zimmerle
fd341145d5
Fixed memory leak in the acmp implementation
2017-03-06 15:01:50 -03:00
Felipe Zimmerle
60402d8b80
Renames defaultActions to m_defaultActions in RulesProperties
2017-03-06 15:01:50 -03:00
Felipe Zimmerle
7927ddda91
Renames rules to m_rules in RulesProperties
2017-03-06 15:01:50 -03:00
Felipe Zimmerle
5086fef492
Fix parser while continuation line is used between var and op
2017-03-06 15:01:50 -03:00
Felipe Zimmerle
59114dd598
Refactoring on the operators parsers (2/2)
...
This is the first step towards remove the memory leaks in the parser
2017-03-06 15:01:50 -03:00
Felipe Zimmerle
9cda4c0be0
cosmetics: Having the parser in a better shape regarding operators 1/2
2017-03-06 15:01:50 -03:00
Felipe Zimmerle
3a413080f9
Fix string size on regexp search all
2017-01-13 23:36:34 -03:00
Felipe Zimmerle
36d6bb9664
Fix substring constructor in regex search all
...
Apparently the substring constructor for std::string cannot handle well
\0 characters. Leading to a crash. Issue reported on #1304
2017-01-13 11:02:34 -03:00
Felipe Zimmerle
e181cb7e0a
Fix lmdb collections backend
2016-12-30 16:43:56 -03:00
Felipe Zimmerle
b12cc91289
Adds valgrind suppression regarding rules load
2016-12-28 20:01:35 -03:00
Felipe Zimmerle
8bd5f03a3d
Fix memory leak on the regression tests
2016-12-28 20:01:12 -03:00
Felipe Zimmerle
f62dc287c9
Uses pointer instead of std::string copies while applying transformations
2016-12-28 20:00:44 -03:00
Felipe Zimmerle
63f3f2fd8b
Avoids unnecessary elapsed time calculations
2016-12-28 20:00:20 -03:00
Felipe Zimmerle
a7f465cf3a
Avoids string copy by working with pointers while resolving variables
2016-12-28 20:00:14 -03:00
Felipe Zimmerle
7834cf857b
Fix memory leak on the benchmark utility
2016-12-28 19:57:32 -03:00
Felipe Zimmerle
168fa22e19
Collections cleanup: removes resolveFirstCopy method
2016-12-28 19:56:27 -03:00
Felipe Zimmerle
6fff8c954a
Performance improvement: makes the collections lookup faster
2016-12-28 19:55:35 -03:00
Felipe Zimmerle
15b81d09e7
Refactoring on the transformation classes
2016-12-28 19:53:37 -03:00
Felipe Zimmerle
bbb61d560c
Changes the saving selection for the audit logs
2016-12-28 17:48:21 -03:00
Felipe Zimmerle
10cdf8fed9
Enforces that relevant status on the AuditLogs
2016-12-28 17:47:57 -03:00
Felipe Zimmerle
88fb456a16
Cosmetics: Reduces the static analysis warnings
2016-12-28 17:46:47 -03:00
Felipe Zimmerle
9c7416da97
Refactoring the actions classes
2016-12-28 15:20:06 -03:00
Felipe Zimmerle
73877d403a
Adds support to section "E" in the auditlogs
2016-12-16 10:55:30 -03:00
Felipe Zimmerle
317808fe54
Adds section "H" to serial audit log
2016-12-16 00:07:15 -03:00
Felipe Zimmerle
2d29740ca4
Cosmetics: better format the serial audit logs
2016-12-15 23:32:53 -03:00
Felipe Zimmerle
c1e96d6c2b
Fix rules messages in the audit logs
2016-12-15 23:11:54 -03:00
Felipe Zimmerle
1218d8c845
Fix the audit log engine status selection
...
SecAuditEngine was not being respected by the auditlog generation
2016-12-15 14:55:31 -03:00
Felipe Zimmerle
2e9a35c358
Refactoring on the audit logs implementation
...
Among of other things, it is now supporting shared file locks between
different process.
2016-12-14 23:17:28 -03:00
Felipe Zimmerle
9707d46e45
Adds `debug_log' headers in the no install list
2016-12-09 15:03:00 -03:00
Felipe Zimmerle
64e2927922
Moves debuglog stuff inside the debug_log namespace
2016-12-09 09:52:01 -03:00
Andrei Belov
a3787fedb8
Fix building with -Wl,--as-needed linker option with older ld versions
2016-12-09 09:20:56 -03:00
Felipe Zimmerle
31d5d79089
Removes charset=UTF-8 from content-type variable
2016-12-07 15:59:20 -03:00
Andrei Belov
8f16650595
Fix install and dist targets after 768cc74f, 9733cacd, bfc30dad
2016-12-07 10:31:34 -03:00
Andrei Belov
47f2e7ff4c
Use correct debugging CFLAGS in readme.
2016-12-01 15:36:21 -03:00
David Testé
89987806cd
Add (void) argument to be ANSI C compliant
...
Add void argument has to avoid warning messages when compiling python
bindings with CFFI since it uses -Wstrict-prototypes option by default.
Modify`msc_create_rules_set` and `msc_init` internals, now it returns
directly an instance like `msc_new_transaction` in transaction.cc.
2016-12-01 15:32:29 -03:00
Felipe Zimmerle
1719e1d7e9
test-cases: updates the remote reference
2016-12-01 14:23:18 -03:00
Felipe Zimmerle
cce6179dcc
Refactoring: new structure for logging alerts
...
Disruptive actions were moved to actions::disruptive namespace
2016-12-01 14:14:54 -03:00
Felipe Zimmerle
bfc30dad34
Refactoring: how to report to error logs
2016-12-01 01:05:29 -03:00
Felipe Zimmerle
e6b58014db
Cosmetics: Fix some static analysis report
2016-11-29 14:31:15 -03:00
Felipe Zimmerle
9bd37ccb63
Refactoring: Rule class
2016-11-28 13:07:25 -03:00
Felipe Zimmerle
a776cce6d7
Changes RULE variable group to be save at transient collection
2016-11-28 13:00:04 -03:00
Felipe Zimmerle
2930d40d57
Changes the actions to affect the ruleMessage instead of transaction
2016-11-28 12:32:31 -03:00
Felipe Zimmerle
8fa0523fe0
Adds initial support to the multiMatch action
2016-11-28 12:20:18 -03:00
Felipe Zimmerle
9116a19bcc
Using the decoded uri in REQUEST_URI instead of the encoded one
2016-11-28 12:20:11 -03:00
Felipe Zimmerle
7a36499f22
Makes @pm compatible with the brand new capture schema
2016-11-28 12:13:33 -03:00
Felipe Zimmerle
eecb90cfd0
setvar: needs review
2016-11-28 12:12:04 -03:00
Felipe Zimmerle
c339194c02
Changes operator rx to use regexp::searchAll
2016-11-22 15:42:35 -03:00
Felipe Zimmerle
9c7988d88f
Adds support to regexp::searchAll
2016-11-22 15:37:12 -03:00
