github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 11:16:33 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,889 Commits 55 Branches 109 Tags
592927793856fa3f4f764112807169e2cbba2207
Commit Graph

157 Commits

Author SHA1 Message Date
Felipe Zimmerle
e2af60e765 Expands log_cb to share ruleMessage structure instead text 
Text version still available and it is the default options
 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
4ad3574cf2 Adds offset regression tests and assorted fixes on var's offsets 2017-03-06 15:02:02 -03:00
Felipe Zimmerle
d851699529 Adds references to the collection variables 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
f2d149fc5f Extends the direct access model to other collections 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
c1f11ab4e5 Cosmetics: assorted fixes on the coding style 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
a88dc8efa9 Changes the check script to detect segfaults 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
ecbf292f6d Adds first PoC for the operator offset feature 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
59114dd598 Refactoring on the operators parsers (2/2) 
This is the first step towards remove the memory leaks in the parser
 2017-03-06 15:01:50 -03:00
Felipe Zimmerle
9cda4c0be0 cosmetics: Having the parser in a better shape regarding operators 1/2 2017-03-06 15:01:50 -03:00
Felipe Zimmerle
88fb456a16 Cosmetics: Reduces the static analysis warnings 2016-12-28 17:46:47 -03:00
Felipe Zimmerle
bfc30dad34 Refactoring: how to report to error logs 2016-12-01 01:05:29 -03:00
Felipe Zimmerle
e6b58014db Cosmetics: Fix some static analysis report 2016-11-29 14:31:15 -03:00
Felipe Zimmerle
7a36499f22 Makes @pm compatible with the brand new capture schema 2016-11-28 12:13:33 -03:00
Felipe Zimmerle
eecb90cfd0 setvar: needs review 2016-11-28 12:12:04 -03:00
Felipe Zimmerle
c339194c02 Changes operator rx to use regexp::searchAll 2016-11-22 15:42:35 -03:00
Felipe Zimmerle
3ab5c8057d Updates the fuzzer sub-project 2016-11-11 13:05:40 -03:00
Felipe Zimmerle
424418f54b Renames msc_system.[h|cc] to system.[h|cc] 2016-11-04 16:00:36 -03:00
Felipe Zimmerle
4ced1d18e0 Using full path in the header inclusion 2016-11-04 14:45:01 -03:00
Felipe Zimmerle
507ec44cc2 Refactoring on `utils.cc' and adjacents 
Completely removed the `utils.cc' by moving residual functions into
sub-classes of `utils/'
 2016-11-03 20:26:27 -03:00
Felipe Zimmerle
f1e742c159 Moves system related functions from utils' to utils/system' 2016-11-03 10:48:10 -03:00
Felipe Zimmerle
8757840bc3 Refactoring on the operators: negation is now being handled globally 
Other minors changes were also made, including adding the prefix `m_'
to all the members of the class.
 2016-10-19 10:30:26 -03:00
Felipe Zimmerle
b48e4b3a37 refactoring: Moves Phases enum to outside ModSecurity class 2016-10-07 19:05:50 -03:00
Felipe Zimmerle
c680ddf2cd Refactoring on rulesProperties class 
Among of other things the merge process was improved to detect if
certain properties were set on the origin rule set.
 2016-10-05 12:01:15 -03:00
Andrei Belov
ae8698d8cf Makes JIT support in PCRE to be optional 
In particular, this change allows to build libmodsecurity on some old
but still supported systems such as RHEL/CentOS 6.
 2016-09-26 14:50:31 -03:00
Felipe Zimmerle
0a22f880dd Adds support to custom operator's message in case of a match 2016-09-12 15:49:20 -03:00
Felipe Zimmerle
fb0afdb34b Fix @validateByteRange initialization 2016-08-26 16:21:05 -03:00
Felipe Zimmerle
4cf6c714ac Cosmetics: Fix coding style 2016-07-12 21:59:17 -03:00
Felipe Zimmerle
4078677b7f Cosmetic changes: applies changes suggested by static analysis 2016-07-12 00:46:12 -03:00
Alexey Zelkin
afd7a21d11 Correctly handle return values from pcre_study(3) 
If both function's return value and errptr are NULLs, it means
that pcre_study() does not make sense, so can be ignored.
 2016-07-05 11:48:52 -03:00
Felipe Zimmerle
0d53dda1a1 Adds support to @unconditionalMatch 
Issue #1002
 2016-06-21 13:46:55 -03:00
Felipe Zimmerle
8b9041c2da Fix memory leak on VerifyCC operator 2016-06-16 12:40:05 -03:00
Felipe Zimmerle
7be5fde62a Fix memory leak on the @pm operator 
Binary tree was not being cleaned right, now looking (and cleaning)
the sibling nodes.
 2016-06-16 10:37:52 -03:00
Felipe Zimmerle
9919026620 Fixes regarding memory management 
Fixes assorted issues identified by valgrind.
 2016-06-16 00:03:57 -03:00
Felipe Zimmerle
f989ecd5cb Adds support to SecXMLExternalEntity 2016-05-18 17:02:15 -03:00
Felipe Zimmerle
3e8defb853 Adds support to the operator @validateDTD 
Further info #1003
 2016-05-13 09:20:10 -03:00
Felipe Zimmerle
6a40752500 Adds XML variable, xml body request processor and @validateSchema 2016-05-12 11:11:40 -03:00
Felipe Zimmerle
d0e0002283 Fix the regression tests as reported on #1142 2016-05-05 11:29:55 -03:00
Felipe Zimmerle
c43391072c Fix some issues reported by the static analysis 2016-03-18 19:37:51 -03:00
Felipe Zimmerle
e0926fee37 Fix parser error while dealing with operator negation 
This patch closes the issue #960
 2016-03-17 18:06:46 -03:00
Felipe Zimmerle
ed8b0c85d7 Fix `capture' memory management 
The capture action was implemented before the transaction concept.
While partially ported to use the transaction, some of the elements
were not freed correctly. Now it is fully ported to use the class
Transaction.
 2016-02-16 23:24:15 -03:00
Felipe Zimmerle
049e4eb69d Adds support to the @rbl operator 2016-02-11 14:25:58 -03:00
Felipe Zimmerle
a51e707517 Renames class Assay to Transaction 2016-01-13 15:57:00 -03:00
Felipe Zimmerle
ac10d8863c Changes the operator evaluate method to only support two arguments 
Second argument can be empty if there is not need for it.
 2015-12-22 11:53:31 -03:00
Felipe Zimmerle
42ce0475b2 Coding style: changes the namespace in the comments 2015-12-10 13:20:32 -03:00
Felipe Zimmerle
b5a43871e6 Changes library namespace from ModSecurity to modsecurity 2015-12-01 10:55:59 -03:00
Felipe Zimmerle
09a958544d Makes @geoLookup optional depending on the availability of libGeoIP 2015-11-20 11:09:05 -03:00
Felipe Zimmerle
de79848285 Code cosmetics 2015-11-18 12:59:08 -03:00
Felipe Zimmerle
48704c27a9 Removes some memory leaks 2015-10-30 18:59:08 -03:00
Felipe Zimmerle
b6ae0585cd Refactoring: Place m_variables inside Collections 2015-10-29 13:46:45 -03:00
Felipe Zimmerle
787be98122 Refactoring: Pass all the control over the variables to the Variables class 2015-10-28 20:53:19 -03:00