github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,002 Commits 55 Branches 109 Tags
Commit Graph

3002 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
0669c2e64d
parser: new bison version 2019-04-22 10:46:27 -03:00
Felipe Zimmerle
b574418386
regression: Using github instead of modsecurity.org for SecRemoteRules 2019-04-05 12:59:34 -03:00
Felipe Zimmerle
4e76c6adf0
Renames namespace Variables to variables 2019-03-06 15:53:20 -03:00
Felipe Zimmerle
b9ed150224
Fix namespace utilization on seclang-parser.yy 2019-03-06 15:12:44 -03:00
Felipe Zimmerle
6d5198b1a6
make check: Updates test cases list 2019-02-12 10:13:51 -03:00
Ervin Hegedus
ccd90c51c5
Increment OVECCOUNT value for bigger regex's 2019-02-12 10:08:47 -03:00
Felipe Zimmerle
44efae6cdc
CHANGES: Adds info about #2024 2019-02-12 09:32:26 -03:00
Ervin Hegedus
a6e6bc2b5f
Allow empty anchored variable to use 2019-02-12 09:31:19 -03:00
Felipe Zimmerle
b392a1ca36
CHANGES: Adds info about #2016 2019-02-12 09:16:25 -03:00
Ervin Hegedus
2d3fbbc56a
Modified affected test cases, which checked wrong variables 2019-02-12 09:16:07 -03:00
Ervin Hegedus
17d79ed7ba
Fixed data collecting in multipart parsing 2019-02-12 09:16:07 -03:00
Felipe Zimmerle
ac61bf5fda
CHANGES: Adds info about #2017 2019-02-12 09:11:31 -03:00
Ervin Hegedus
4b3e6328e3
Fixed validateByteRange parsing method 2019-02-12 09:10:36 -03:00
Felipe Zimmerle
3dda0ea2c6
Adds a regression test strdup to valgrind suppressions list 2019-02-11 10:22:28 -03:00
Felipe Zimmerle
2dff768262
Removes a memory leak on the JSON parser 2019-02-11 10:17:02 -03:00
Felipe Zimmerle
145f2f35b7
tests: Updates secrules-language-tests 2019-02-05 11:26:03 -03:00
Felipe Zimmerle
f77db2cc2e
CHANGES: dds info about #2011 2019-01-28 16:43:31 -03:00
WGH
bd6a02d69b
Fix test issue-1831.json on LMDB 
When LMDB is enabled, ModSecurity stores its persistent variables in
"./modsec-shared-collections" file. Since this file wasn't cleared between
tests, tests behaved differently on "in-memory per-process" and LMDB backend.

This test never worked in LMDB configuration. It hasn't been discovered
until now because Travis CI didn't test LMDB configuration when test was
introduced.
 2019-01-28 16:20:02 -03:00
WGH
37cf60b8d2
Fix use of deleted Regex copy constructor in LMDB code 
Bug introduced in ad28de4f. Fixes #2008.
 2019-01-28 16:20:02 -03:00
WGH
79a24ef88d
Enable LMDB in Travis CI configuration 
LMBD is not built by default since 6143eb9,
so add explicit --with-lmdb configuration.

Missing --with-lmdb build allowed a bug in PR #2003 to pass
through, causing issue #2008.
 2019-01-28 16:20:01 -03:00
Felipe Zimmerle
dc78c0e180
Fix: Extra whitespace in some configuration directives causing error 
Issue #2006
 2019-01-21 14:44:31 -03:00
Felipe Zimmerle
df3c3f62b7 Cosmetics: coding style 2019-01-18 11:02:22 -03:00
WGH
ad28de4f14 Refactor regex code 
This commit fixes quite a few odd things in regex code:
 * Lack of encapsulation.
 * Non-method functions for matching without retrieving all groups.
 * Regex class being copyable without proper copy-constructor (potential UAF
   and double free due to pointer members m_pc and m_pce).
 * Redundant SMatch::m_length, which always equals to match.size() anyway.
 * Weird SMatch::size_ member which is initialized only by one of the three matching
   functions, and equals to the return value of that function anyways.
 * Several places in code having std::string value instead of reference.
 2019-01-18 10:34:01 -03:00
Felipe Zimmerle
e0a0fa05cc
CHANGES: Info on #2002 2019-01-14 16:29:48 -03:00
Andrei Belov
ae02076340
Fixed buffer overflow in Utils::Md5::hexdigest() 
Found via failed test (auditlog.json) on Alpine Linux 3.8.2.
 2019-01-14 16:29:07 -03:00
Felipe Zimmerle
3c1fba278c
CHANGES: Adds info about #1990 2019-01-08 10:35:33 -03:00
Andrei Belov
7c19ffea64
Implemented merge_bodylimitaction_value() for BodyLimitAction 
This change makes the following directives to be merged properly:

SecRequestBodyLimitAction
SecResponseBodyLimitAction
 2019-01-08 10:34:22 -03:00
Andrei Belov
3c41751eda
Implemented merge_ruleengine_value() for RuleEngine 
This change makes the SecRuleEngine directive to be merged properly.
 2019-01-08 10:34:22 -03:00
Andrei Belov
161c256333
Implemented merge_boolean_value() for ConfigBoolean 
This change makes the following directives to be merged properly:

SecRequestBodyAccess
SecResponseBodyAccess
SecXmlExternalEntity
SecUploadKeepFiles
SecTmpSaveUploadedFiles
 2019-01-08 10:34:22 -03:00
Andrei Belov
2d11ff1a14
Implemented merge() method for ConfigInt, ConfigDouble, ConfigString 
This change makes the following directives to be merged properly:

SecRequestBodyLimit
SecResponseBodyLimit
SecUploadFileLimit
SecUploadFileMode
SecUploadDir
SecTmpDir
SecArgumentSeparator
SecWebAppId
SecHttpBlKey
 2019-01-08 10:34:22 -03:00
Felipe Zimmerle
78b7fa4e2c
Adds missing drop.h 2018-12-26 11:05:54 -03:00
Felipe Zimmerle
d00ea5111d
Adds initial support to drop action 2018-12-24 16:35:41 -03:00
Felipe Zimmerle
ba4273b8ec
CHANGES: Adds info on #1978 2018-12-24 13:59:21 -03:00
Andrei Belov
9b24199a22
Complete merging of particular rule properties 
Closes SpiderLabs/ModSecurity-nginx#142 issue.
 2018-12-24 13:58:28 -03:00
Felipe Zimmerle
4283883695
CHANGES: Adds info on #1984 2018-12-17 10:21:25 -03:00
chuckwolber
8af8cad907
Use of AC_CHECK_FILE prevents cross compilation. 
The use of AC_CHECK_FILE causes the following error when cross compiling:

  configure: error: cannot check for file existence when cross compiling

The solution is to check for the file directly instead of using a macro.

Resolves: #1983
 2018-12-17 10:19:55 -03:00
Felipe Zimmerle
a9e9da8694
CHANGES: Adds info on #1980 2018-12-10 15:09:09 -03:00
Ervin Hegedus
77854ed1b5
Fix inet addr handling on 64 bit big endian systems 2018-12-10 15:03:09 -03:00
Felipe Zimmerle
dccb5e9e5f
GitHub: Adds issue template 2018-12-05 14:54:43 -03:00
Felipe Zimmerle
1ecd971306
CHANGES: Updates issue #1973 2018-12-04 10:50:16 -03:00
Andrei Belov
0a85b599b6
Fix tests on FreeBSD 
FreeBSD has different prefix for bash (which is non-standard shell there),
thus "make check-TESTS" actually was doing nothing:

$ gmake check-TESTS
(   0/  0/   0): test/test-cases/regression/issue-1591.json
(   0/  0/   0): test/test-cases/regression/issue-1785.json
(   0/  0/   0): test/test-cases/regression/issue-1812.json
(   0/  0/   0): test/test-cases/regression/issue-1831.json
(   0/  0/   0): test/test-cases/regression/issue-1844.json
(   0/  0/   0): test/test-cases/regression/issue-1850.json
[..]
Testsuite summary for modsecurity 3.0
 2018-12-04 10:49:25 -03:00
Felipe Zimmerle
e756dd039d
README: Adds link to v2 repo 
Making a reference to v2/repo.
 2018-12-03 09:06:28 -03:00
Felipe Zimmerle
07330e53f1
CHANGES: Updates issue #1969 2018-11-29 21:49:41 -03:00
Felipe Zimmerle
25bb1f1bcc
Changes ENV test case to read the default MODSECURTIY env var 2018-11-29 15:21:28 -03:00
Felipe Zimmerle
b736f0292d
Regression: Sets MODSECURITY env var during the tests execution 2018-11-29 15:19:58 -03:00
Felipe Zimmerle
407b6c0f4b
Fix setenv action to strdup key=variable 2018-11-29 15:18:15 -03:00
Felipe Zimmerle
af137442d5
CHANGES: Adds @steven-j-wojcik to 0xb7c36 and 0x5ac20. 2018-11-29 13:31:46 -03:00
Felipe Zimmerle
d2b14de268
Allow 0 length JSON requests 
As discussed at: #1822
 2018-11-29 10:39:46 -03:00
Felipe Zimmerle
d29f2a8986
CHANGES: Adds info about #1966 2018-11-29 10:00:38 -03:00
Andrei Belov
65e866cb3e
Fix "make dist" target to include default configuration 2018-11-29 09:59:46 -03:00