Felipe Zimmerle
3c53869915
Adds transformation normalisePath to seclang parser
2015-09-09 23:02:07 -03:00
Felipe Zimmerle
92563da930
Adds t:utf8toUnicode and variable XML to the seclang parser
2015-09-09 22:51:19 -03:00
Felipe Zimmerle
736183b7f1
Adds ctl:forceRequestBodyVariable to the seclang parser
2015-09-09 22:43:18 -03:00
Felipe Zimmerle
4095ae7b52
Adds action accuracy to the parser
2015-09-09 22:26:35 -03:00
Felipe Zimmerle
1079b5ba54
Adds action maturity to the parser
2015-09-09 22:19:07 -03:00
Felipe Zimmerle
09651baf9a
Adds action ver to the seclang parser
2015-09-09 22:10:45 -03:00
Felipe Zimmerle
254b29265e
Adds action expirevar to the parser and fix the line counting
2015-09-09 18:31:37 -03:00
Felipe Zimmerle
ee8b886371
Adds parser support to ctl:[auditEngine|ruleEngine]
2015-09-09 17:51:53 -03:00
Felipe Zimmerle
ec6a5a0cd2
Adds support to t:sha1 and t:hexEncode at seclang parser
2015-09-09 17:13:07 -03:00
Felipe Zimmerle
d1fa2cfa7b
Parser: Fix redirect action and adds SecRule first line-only comment syle
2015-09-09 15:10:38 -03:00
Felipe Zimmerle
5c3a4b608d
Adds support to SecMarker and skipAfter
2015-09-08 10:06:37 -03:00
Felipe Zimmerle
b048794f4e
Adds support to unconditional rules
2015-09-04 15:55:53 -03:00
Felipe Zimmerle
010c18f63f
Adds support to SecDefaultAction configuration directive
2015-09-04 10:56:04 -03:00
Felipe Zimmerle
f2ed890ea6
Now accept SecRules regardless of the letter case
2015-09-03 11:09:40 -03:00
Felipe Zimmerle
45d81e1c04
Adds sanity check to the rule id action
2015-09-03 09:38:12 -03:00
Felipe Zimmerle
a63aa50f1b
Changes the default operator to be @rx not @pm
...
For some reason the default operator was @pm, which was a huge mistake.
The default operator is @rx, thanks for Sanders who have noticed that.
2015-09-02 18:31:02 -03:00
Felipe Zimmerle
ea4cd53221
Accepts phases with its name instead of a number
2015-09-02 18:31:02 -03:00
Felipe Zimmerle
035040cd13
Adds sanity check to confirm that the rule has an ID and it is not duplicated
2015-09-02 18:30:41 -03:00
Felipe Zimmerle
fa4f72d90d
Adds support to ctl:auditLogParts variation
2015-09-02 10:55:29 -03:00
Felipe Zimmerle
e89e395a32
Fix various minor issues on the auditlog schema
2015-08-27 17:50:42 -03:00
Felipe Zimmerle
24b7d72666
DebugLogs are now being redirected to the correct files
2015-08-27 15:36:56 -03:00
Felipe Zimmerle
01542e28c3
Allows blank line (or line with space) at the end of a rules file
2015-08-25 15:50:40 -03:00
Felipe Zimmerle
e76af0eab9
Correctly handling nginx configuration merge
2015-08-25 15:50:27 -03:00
Felipe Zimmerle
004ef066ed
Fix rules chain and action execution
...
- Rules chains are respecting the phase of the first rule in chain.
- The actions are only executed if all chain match.
2015-08-25 13:44:20 -03:00
Felipe Zimmerle
c586ba0178
Removes an unused state from the seclang parser
2015-08-25 08:15:27 -03:00
Felipe Zimmerle
1065e297b2
Fix several minor issues on the seclang grammar
2015-08-22 11:06:28 -03:00
Felipe Zimmerle
e78d7f5b91
Makes the parser understand some missing configuration directives
...
Directives:
- SecPcreMatchLimitRecursion
- SecPcreMatchLimit
- SecResponseBodyMimeType
- SecTmpDir
- SecDataDir
- SecArgumentSeparator
- SecCookieFormat
- SecStatusEngine
Those are not implemented yet, but the parser is now able to understand it.
2015-08-20 13:04:54 -03:00
Felipe Zimmerle
a453a656c3
Fix continuation line and VARIABLENOCOLON
2015-08-19 23:12:34 -03:00
Felipe Zimmerle
0b225f0239
Parser: adds support to SecRequestBodyInMemoryLimit
2015-08-19 22:42:46 -03:00
Felipe Zimmerle
2d56aa521b
Cosmetics: fix actions on yy file
...
- added action for:
ctl:requestBodyProcessor=XML
ctl:requestBodyProcessor=JSON
- added CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT
2015-08-19 22:36:31 -03:00
Felipe Zimmerle
a230a4ff3c
parser: Adds support for continuation lines
2015-08-19 17:20:43 -03:00
Felipe Zimmerle
ef99615401
parser: Understanding @pm if no operator is provided
2015-08-19 16:58:14 -03:00
Felipe Zimmerle
101fddfc9b
Extends DICT_ELEMENT to support "-"
2015-08-18 22:19:32 -03:00
Felipe Zimmerle
d5bf955028
Using DetectionOnly instead of DetectOnly
2015-08-18 22:16:38 -03:00
Felipe Zimmerle
b7fb65fe65
seclanguage: ignore lines starting with "#"
2015-08-18 22:10:55 -03:00
Felipe Zimmerle
d5fe21ce3c
Code cosmetics: reduce the amount of cppcheck warnings
2015-08-12 22:40:26 -03:00
Felipe Zimmerle
2ff0a44df2
Eliminates the sec language grammar shift-reduce problem
2015-08-11 16:53:05 -03:00
Felipe Zimmerle
9096055ea7
Reduces bison dependency to 3.0
2015-08-10 14:11:30 -03:00
Felipe Zimmerle
c06179f18e
Adds support for Log and Rev actions
2015-08-07 14:27:43 -03:00
Felipe Zimmerle
ad9393a8c2
Adds support for the tag action
2015-08-07 14:27:43 -03:00
Felipe Zimmerle
f519717bdf
Adds support to the msg action
2015-08-07 14:27:43 -03:00
Felipe Zimmerle
e12d95b10d
Adds support to the TX collection and setvar action
2015-08-07 14:27:43 -03:00
Felipe Zimmerle
88c53575be
Adds support to & (count) and ! (exclusion) as variables variations
2015-08-07 14:27:33 -03:00
Felipe Zimmerle
4f47651a6f
Adds variable TX and action "capture".
2015-08-05 10:07:47 -03:00
Felipe Zimmerle
c2d33823f5
Adds method init to Operator class
2015-07-27 22:44:34 -03:00
Felipe Zimmerle
e016b72a8e
Handles better the memory utilization
...
- Added reference counts to Rule and AuditLog;
- Some memory leaks were removed, including GeoLookup;
- Deal better with parser errors;
- Overriding the AutlogLogWritter destructor.
2015-07-26 22:51:57 -03:00
Felipe Zimmerle
0e7c13e3c0
Adds more regression tests to SecRemoteRules
2015-07-25 08:18:59 -03:00
Felipe Zimmerle
7ba5c76c78
Returns elegant errors if rules load operation failed
2015-07-25 03:04:57 -03:00
Felipe Zimmerle
b8f7fb441d
Adds support to SecRemoteRules and Include directives
...
This commit includes a refactoring on important pieces of the parser
to allow it work in a stack fashion. Driver and Rules classes were
simplified and the RulesProperties class was created.
2015-07-24 22:57:29 -03:00
Felipe Zimmerle
76b34af357
Adds support to load remote rules
2015-07-23 14:40:56 -03:00
