github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,002 Commits 55 Branches 109 Tags
Commit Graph

3002 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
martinhsv
ea7cacf289
Additional adjustment to Cookie header parsing 2019-11-21 16:50:27 -03:00
martinhsv
6395fe07ce
Restore chained rule logging to be more like 2.9 2019-11-21 08:21:59 -03:00
Ervin Hegedus
038522ad9b
Small fixes in log messages to help debugging 2019-11-20 15:24:30 -03:00
martinhsv
b8160cce6b Fix Cookie header parsing issues 2019-11-20 08:51:06 -03:00
Ervin Hegedus
7ba77631f9 Replace Cookie parsing method 2019-11-20 08:51:05 -03:00
martinhsv
199a9db3e2
Fix nolog rules logging to part H 2019-11-11 13:50:44 -03:00
martinhsv
9cac167faf Fix argument key-value pair parsing cases 2019-11-05 13:06:29 -03:00
martinhsv
68c995ca98 Fix: audit log part for response body for JSON format to be E 2019-10-25 09:51:26 -03:00
felipe
c41ab312f3
Updates test cases 2019-10-24 09:59:57 -03:00
martinhsv
01c7a2689b
Fix test issue-1974 2019-10-24 09:57:49 -03:00
Victor Hora
d4dc3dbf2a
Make sure m_rulesMessages is filled after successfull match 2019-10-16 09:40:04 -03:00
Felipe Zimmerle
42da29fed1
Merge pull request #2155 from patros/v3/master 
Correct minor README.md typo
 2019-10-15 16:30:35 -03:00
Andrei Belov
5929277938
Avoid using NULL string (match) in Pm::evaluate 
Closes #2178.
 2019-10-07 08:37:05 -03:00
Felipe Zimmerle
beedddd6c6 Fix @pm lookup for possible matches on offset zero 2019-10-02 08:05:14 -07:00
Patrick Dwyer
1d552673a1
Correct minor README.md typo 2019-08-22 21:28:25 +10:00
Felipe Zimmerle
d5b93c1013
Update README.md 2019-07-03 09:58:02 -03:00
Felipe Zimmerle
341a5d01e1
CHANGES: Regex lookup on the key name instead of COLLECTION:key 2019-06-26 11:01:43 -03:00
Felipe Zimmerle
2bdc5f9d0a
Adds test case to cover issue #2005 2019-06-18 15:10:43 -03:00
Felipe Zimmerle
74eee9330b
CHANGES: Adds info about #2106 2019-06-17 14:57:13 -03:00
marduone
96d36afeca
Add Missing throw in Operator::instantiate 2019-06-17 14:56:03 -03:00
Felipe Zimmerle
6ab464ab78
negative lookup on the key name instead of COLLECTION:key 2019-06-17 13:04:25 -03:00
Felipe Zimmerle
47dd9c5df4
Refactoring on the VariableValue class 2019-06-14 10:13:54 -03:00
Felipe Zimmerle
cbd15ec138
CHANGES: Adds info about #2113, #2111 2019-06-04 10:30:19 -03:00
Ervin Hegedus
c0142cf326
Changed compared variables of range id intervall in ruleRemoveById ctl action. #2111 
* changed the variables in clause
* added test case (@theMiddle)
* fixes #2111
 2019-06-04 10:28:30 -03:00
Felipe Zimmerle
9ebebfc838
Fix test case 1960 2019-06-04 08:38:45 -03:00
Felipe Zimmerle
b6995c528e
test case: Adds test case for issue 1960 2019-06-03 20:50:05 -03:00
Felipe Zimmerle
f50700e9d4
CHANGES: Adds info about #1960 2019-06-03 19:56:24 -03:00
Felipe Zimmerle
50abc072c4
Make block action execution dependent of the SecEngine status 2019-06-03 19:55:02 -03:00
Felipe Zimmerle
1cc22966db
CHANGES: Adds info on "Having body limits to respect ..." 2019-06-03 14:15:49 -03:00
Felipe Zimmerle
a4e8484115
Having body limits to respect the rule engine state 2019-06-03 14:05:10 -03:00
Felipe Zimmerle
c7fe50e5be
CHANGES: Adds info about #1872 2019-05-31 11:52:32 -03:00
Felipe Zimmerle
20b90364fa
Adds test case for #1872 2019-05-31 11:50:47 -03:00
Felipe Zimmerle
1b8d69da02
Fix dict element regular expression selection on SecRuleUpdateTargetByTag 2019-05-31 01:42:51 -03:00
Felipe Zimmerle
5472362313
Fix SecRuleUpdateTargetByTag with regular expressions 2019-05-31 01:42:47 -03:00
Felipe Zimmerle
b5823d4e0c CHANGES: Adds info about #2099, #2102 2019-05-30 10:22:00 -03:00
Felipe Zimmerle
2c136a2d9c Adds test case for #2099 on the test case list 2019-05-30 10:12:44 -03:00
Ervin Hegedus
7a93bea8f7 Added some test cases related to #2099 2019-05-30 09:52:27 -03:00
Ervin Hegedus
db298696fa Adds missing check for runtime ctl:ruleRemoveByTag 2019-05-30 09:50:56 -03:00
Felipe Zimmerle
7e8782d977
CHANGES: Adds info about #2063 2019-05-29 22:05:28 -03:00
Rufus125
86ce479b59
Adds new operator to check for data leakage of Austrian social security number 2019-05-29 20:57:08 -03:00
Rufus
6d266fae85
fixes typo 2019-05-29 10:29:30 -03:00
Felipe Zimmerle
f752291af8
CHANGES: Adds info about #2057 2019-05-27 17:43:06 -03:00
Julien Leproust
49900eec97
Fix variables output in debug logs 2019-05-27 17:39:04 -03:00
Felipe Zimmerle
25e4445834
CHANGES: Adds info about #2059 2019-05-27 17:14:29 -03:00
Tim Herren
75a5c8d334
correct typo validade in log output 2019-05-27 17:13:29 -03:00
Felipe Zimmerle
a0a99319a2
CHANGES: Adds info about #2068 2019-05-27 17:08:44 -03:00
Thierry Fournier
4a3e9734ef
fix/minor: Error encoding hexa decimal 
String is defined as an array of char. The char can be negative. The
cast "reinterpret_cast" from char to int keep the negative side, so
the "unsigned char" number 0x91 is negative as "char". When it is
"reinterpret_cast" as integer, it becomes 0xffffff91, so the hexadecimal
display is broken:

   [155493246391.747672] [/absolute?what=badarg2] [9]  T (0) t:hexEncode: "ffffff91ffffffecffffffe6334bffffffebffffff87ffffff9affffff824a06ffffffc33b4cffff (14 characters omitted)"

This patch fix this behavior using classic cast without reinterpret_cast:

   [155493251286.221115] [/absolute?what=badarg2] [9]  T (0) t:hexEncode: "91ece6334beb879a824a06c33b4cb4240e4c6f56"
 2019-05-27 17:06:51 -03:00
Felipe Zimmerle
033942c925
CHANGES: Adds info about #2073 2019-05-27 17:05:16 -03:00
Julien Leproust
1acd87a803
Limit log variables to 200 characters 
To avoid generating too long log lines which end up truncated (like in
nginx's error log), and missing important bits.
 2019-05-27 17:04:32 -03:00
Felipe Zimmerle
61c11251b6
parser: Fix filename 2019-04-23 13:17:23 -03:00