github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,227 Commits 55 Branches 109 Tags
Commit Graph

2227 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
4ced1d18e0
Using full path in the header inclusion 2016-11-04 14:45:01 -03:00
Felipe Zimmerle
768cc74f0e
Moves RuleMessage to its own file 2016-11-04 11:58:57 -03:00
Felipe Zimmerle
ac4cb53d09
parser: Better understands escaped quotes in operator parameters 2016-11-04 01:55:47 -03:00
Felipe Zimmerle
1bf53c0576
Deletes ruleMessage by the end of the rule execution 2016-11-04 01:08:41 -03:00
Felipe Zimmerle
5fa02f17ce
Fix Utils::hexdigest 2016-11-03 22:59:57 -03:00
Felipe Zimmerle
507ec44cc2
Refactoring on `utils.cc' and adjacents 
Completely removed the `utils.cc' by moving residual functions into
sub-classes of `utils/'
 2016-11-03 20:26:27 -03:00
Felipe Zimmerle
b48dccff70
Removes unused `urldecode_uni_nonstrict_inplace_ex' 2016-11-03 11:01:14 -03:00
Felipe Zimmerle
78d6d20982
Moves phase' related functions from utils' to `utils/phase' 2016-11-03 10:48:27 -03:00
Felipe Zimmerle
f1e742c159
Moves system related functions from utils' to utils/system' 2016-11-03 10:48:10 -03:00
Felipe Zimmerle
73c4d69174
Moves string related functions from utils' to utils/string' 2016-11-03 10:47:22 -03:00
Felipe Zimmerle
9733cacd4d
Refactoring: moves ctl_ actions into ctl namespace 2016-11-01 14:58:51 -03:00
Felipe Zimmerle
2bb9d7988f
Cosmetics: huge refactoring in the parser 
The parser is now more elegant and resilient.
 2016-10-31 17:33:24 -03:00
Felipe Zimmerle
d3de1c743a
Adds missing action-ctl_rule_remove_by_id.json 2016-10-31 13:19:34 -03:00
Felipe Zimmerle
721983a05a
Adds missing ctl_request_body.* 2016-10-31 13:16:34 -03:00
Felipe Zimmerle
75a5000b16
Cosmetics: coding style 2016-10-28 09:57:59 -03:00
Felipe Zimmerle
4711644600
dds support to CtlRequestBodyAccess 2016-10-28 09:48:10 -03:00
Felipe Zimmerle
10d263cd36
parser: Relax the characters accepted by ctl:ruleRemoveByX 2016-10-26 16:21:07 -03:00
Felipe Zimmerle
fead971558
Cosmetics: Fix typo. Remove not Remote 2016-10-26 11:12:05 -03:00
Felipe Zimmerle
1c21d1aeba
Adds support to action CtlRuleRemoveById 2016-10-26 11:00:18 -03:00
Felipe Zimmerle
161cc36acf
Adds support to action CtlRuleRemoteTargetById 2016-10-26 10:58:42 -03:00
Felipe Zimmerle
9245369a54
Adds support to action CtlRuleRemoteTargetByTag 2016-10-25 15:43:50 -03:00
Felipe Zimmerle
730d7dbd28
Cosmetic: Coding style fixes. 2016-10-24 10:07:01 -03:00
Felipe Zimmerle
8757840bc3
Refactoring on the operators: negation is now being handled globally 
Other minors changes were also made, including adding the prefix `m_'
to all the members of the class.
 2016-10-19 10:30:26 -03:00
Abhi Joglekar
28a44b966a
SecLang uses RESPONSE_STATUS as variable, not STATUS 
Seclang uses RESPONSE_STATUS as variable to encode the status code for the
request.
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#RESPONSE_STATUS

The CRS v3.0.0-dev rules, for instance, uses the RESPONSE_STATUS variable.
https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0.0-dev/rules/RESPONSE-50-DATA-LEAKAGES-IIS.conf

When processing response headers, the variable was named STATUS when creating/storing
it in the collection. Fix it, and update regression testcases.
 2016-10-18 21:30:06 -03:00
Felipe Zimmerle
678a97d0f7
Refectoring on the DebugLog mechanism 
The DebugLog implementation was modified to use shared memory
to keep the information about the opened files and file handles.
The modification was necessary to avoid race-conditions. This
commit also closes the issue SpiderLabs/ModSecurity-nginx#17
 2016-10-18 18:43:51 -03:00
Felipe Zimmerle
f3bbcfc7ef
Removes SecDebugLog directive from the test cases 2016-10-18 18:23:35 -03:00
Felipe Zimmerle
8ac15e2915
Removes wrong test case: there is not transformation ge 2016-10-18 18:16:02 -03:00
Alexey Zelkin
4e3a599f68
Add hack to fix MacOS X build 2016-10-17 10:39:44 -03:00
Robert Paprocki
049f1abb62
Fix compilation error 
lmdb.cc fails to compile following commit c680ddf.
 2016-10-07 19:07:14 -03:00
Felipe Zimmerle
b48e4b3a37
refactoring: Moves Phases enum to outside ModSecurity class 2016-10-07 19:05:50 -03:00
Felipe Zimmerle
c680ddf2cd
Refactoring on rulesProperties class 
Among of other things the merge process was improved to detect if
certain properties were set on the origin rule set.
 2016-10-05 12:01:15 -03:00
Andrei Belov
ae8698d8cf
Makes JIT support in PCRE to be optional 
In particular, this change allows to build libmodsecurity on some old
but still supported systems such as RHEL/CentOS 6.
 2016-09-26 14:50:31 -03:00
Felipe Zimmerle
13b6a3ecf6
Fix: Rules ID are validated during a set merge 
Further info at: #1192
 2016-09-23 16:28:47 -03:00
Felipe Zimmerle
ecd3fd0dc1
build: avoids compilation problems due to non existence of the lmdb.h 
Based on: 56abe98cb8c791812d46c0902b4e742c8c39620e by @phantom-az
 2016-09-22 10:28:45 -03:00
Felipe Zimmerle
8f5c1c3cf6
parser: avoids parser error while loading an empty file 2016-09-22 10:16:00 -03:00
Felipe Zimmerle
5553b2a5b9
Moves web server message to appropriate place and removing the garbage 2016-09-20 22:23:23 -03:00
Felipe Zimmerle
16b8ef98fd
Fix: placed missing variable initialization 2016-09-19 21:18:00 -03:00
Felipe Zimmerle
56cbbeff52
Adjust the phase value between the core and the rules 2016-09-19 21:17:03 -03:00
Felipe Zimmerle
115afffe33
Cosmetic: Limit the matched log size 2016-09-14 16:29:57 -03:00
Felipe Zimmerle
a1a1c71d6b
Makes LMDB support optional 2016-09-13 09:51:03 -03:00
Felipe Zimmerle
0a22f880dd
Adds support to custom operator's message in case of a match 2016-09-12 15:49:20 -03:00
Felipe Zimmerle
ad61838118
Considering collection RULE independent of the case at macro expansion 2016-09-12 15:27:03 -03:00
Felipe Zimmerle
241269eede
Adds missing `nog_log' action 2016-09-12 10:34:45 -03:00
Felipe Zimmerle
c3378ec528
Fix the size of the rules and actions vectors 2016-09-01 00:39:54 -03:00
Felipe Zimmerle
8d84ff6f4d
Accepting both: normalizePath and normalisePath 2016-08-26 16:26:16 -03:00
Felipe Zimmerle
fb0afdb34b
Fix @validateByteRange initialization 2016-08-26 16:21:05 -03:00
Andrei Belov
ed18c73cda include pre-generated parser sources into the distribution 2016-08-16 20:01:53 -03:00
Felipe Zimmerle
062dd17f14 Cosmetics: reducing the compilation warnings 2016-07-29 18:42:20 -03:00
Felipe Zimmerle
0e5f72977e Changes MATCHED_VAR behaviour 
Only cleanup the variable if there wasn't a match within the rule
 2016-07-29 10:40:45 -07:00
Felipe Zimmerle
665df04516 Cosmetics: avoid compilation warnings 2016-07-29 11:29:24 -03:00