github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,968 Commits 55 Branches 109 Tags
Commit Graph

168 Commits

Author SHA1 Message Date
Felipe Zimmerle
59d4268882
Refactoring: renames Rule to RuleWithOperator 2020-03-31 10:00:08 -03:00
Felipe Zimmerle
fda03c0016
Yet another refactoring in Rule 2020-03-30 15:38:51 -03:00
Felipe Zimmerle
6a742cdf76
Refactoring: Renames RulesProperties to RulesSetProperties 2020-02-17 13:17:03 -03:00
Felipe Zimmerle
7495675d54
Refactoring: Renames Rules to RulesSet 
RulesSet does not only contain rules but alse properties
 2020-02-11 14:26:47 -03:00
Felipe Zimmerle
357c140003
Changens copyright year 2020-01-31 10:32:37 -03:00
Felipe Zimmerle
fe98ce4c7d
Cosmetics: address cppcheck warnings 2020-01-30 18:19:34 -03:00
Felipe Zimmerle
ff590174da
Cosmetics: address cppcheck warnings on src/operators 2020-01-23 08:10:05 -03:00
Felipe Zimmerle
4f13fecbaf
cppcheck: make static analysis more pedantic 2020-01-22 09:16:10 -03:00
Felipe Zimmerle
86a5f471a9
Cosmetics: fixed static analysis issues. 2020-01-15 20:35:59 -03:00
root
6624a18a4e
Fixed inspectFile operator does not pass FILES_TMPNAMES 
pass FILES_TMPNAMES variable to lua engine Fixed Lua engine
should also be aware of the variable and pass it to the target
lua script main function
 2019-11-26 08:40:53 -03:00
toubley
7b1b00b5e1
filter comment or blank line for pmFromFile operator 2019-11-22 14:49:41 -03:00
Andrei Belov
5929277938
Avoid using NULL string (match) in Pm::evaluate 
Closes #2178.
 2019-10-07 08:37:05 -03:00
Felipe Zimmerle
beedddd6c6 Fix @pm lookup for possible matches on offset zero 2019-10-02 08:05:14 -07:00
marduone
96d36afeca
Add Missing throw in Operator::instantiate 2019-06-17 14:56:03 -03:00
Rufus125
86ce479b59
Adds new operator to check for data leakage of Austrian social security number 2019-05-29 20:57:08 -03:00
Tim Herren
75a5c8d334
correct typo validade in log output 2019-05-27 17:13:29 -03:00
Ervin Hegedus
4b3e6328e3
Fixed validateByteRange parsing method 2019-02-12 09:10:36 -03:00
WGH
ad28de4f14 Refactor regex code 
This commit fixes quite a few odd things in regex code:
 * Lack of encapsulation.
 * Non-method functions for matching without retrieving all groups.
 * Regex class being copyable without proper copy-constructor (potential UAF
   and double free due to pointer members m_pc and m_pce).
 * Redundant SMatch::m_length, which always equals to match.size() anyway.
 * Weird SMatch::size_ member which is initialized only by one of the three matching
   functions, and equals to the return value of that function anyways.
 * Several places in code having std::string value instead of reference.
 2019-01-18 10:34:01 -03:00
Felipe Zimmerle
ef7f65db90
Changes debuglogs schema to avoid unecessary str allocation 2018-10-23 17:00:16 -03:00
Felipe Zimmerle
554251bade
Refactoring on the Rule class 2018-10-23 16:26:10 -03:00
Felipe Zimmerle
74841779f8
Adds partial support to UpdateActionById 2018-10-23 16:26:10 -03:00
Felipe Zimmerle
ee50fea266
Handling key exceptions on the variable itself 
This is the first step towords to solve #1697
 2018-09-24 16:16:30 -03:00
Felipe Zimmerle
a85ca00a55
Fix utf-8 character encoding conversion 
Reported on: #1794
 2018-09-04 21:01:11 -03:00
Ervin Hegedus
e7ea5433d5
Initialize m_dtd member in ValidateDTD class as NULL 2018-04-23 22:43:36 -03:00
Andrei Belov
138e301695
Reverse logic of checking output in @inspectFile 
This change makes @inspectFile in ModSecurity 3.x to operate in exact
the same way as it operates in ModSecurity 2.x, so existing helper scripts
like runav.pl [1] will work without any changes.

[1] https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0/master/util/av-scanning/runav.pl
 2018-03-22 23:06:30 -03:00
Felipe Zimmerle
df169ea108
Adds support for libMaxMind 2018-03-22 19:11:42 -03:00
Victor Hora
22334c9bb6
Adds capture action to detectXSS 2018-03-12 22:10:56 -03:00
Felipe Zimmerle
70ace0faa4
Adds capture action to detectSQLi 2018-03-09 12:58:00 -03:00
Felipe Zimmerle
0f361b7065
Adds capture action to RBL 2018-03-09 12:49:12 -03:00
Felipe Zimmerle
df25c48f53
Adds capture action to verifyCC 2018-03-09 11:26:24 -03:00
Felipe Zimmerle
77a885da5f
Adds capture action to verifySSN 2018-03-09 09:42:05 -03:00
Felipe Zimmerle
0b494c4cdc
Adds capture action to verifyCPF 2018-03-08 19:05:31 -03:00
Felipe Zimmerle
450c966da0
Fix a set of compilation warnings 2018-03-01 11:36:31 -03:00
Felipe Zimmerle
dca642369e
Fix on top of #1677 2018-02-26 17:53:18 -03:00
Felipe Zimmerle
e3b6b4ccff
Fix resource load on ip match from file 2018-02-22 21:23:20 -03:00
Felipe Zimmerle
ac100785d1
Fix compilation issue while xml is disabled 2018-02-21 16:15:05 -03:00
Felipe Zimmerle
de7c5c89bb
Using shared var for variables names 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
6f7fdd9493
Using direct variable access instead m_collections 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
43bba3f942
Removes the depricated MacroExpansion class 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
a299997e02
Using run time string on the operators 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
768a76a61e
perf. improvement/rx: Only compute dynamic regex in case of macro 
On #1528 was added the support for macro expansion on @rx operator.
The performance improvement suggested on the pull request was not
thread safe, therefore removed. This patch adds a performance
improvement on top of #1528. The benchmarks points to 10x faster
results on OWASP CRS.
 2018-02-20 13:39:59 -03:00
Izik Abramov
e9f3312ea9
fixed compilation error with disable_debug_log flag 2017-12-12 09:48:08 -03:00
Felipe Zimmerle
9c0ed6109d
Fix assorted minor memory management issues 2017-11-14 09:36:32 -03:00
Felipe Zimmerle
b7698d6899
Fix memory leak in @fuzzyHash 2017-11-13 23:54:30 -03:00
Felipe Zimmerle
3fb71f32d8
Coding style fixes 2017-11-13 22:32:11 -03:00
Felipe Zimmerle
a676f313c3
Initial support for Lua script engine 2017-11-05 23:30:50 -03:00
Felipe Zimmerle
1866a3a9eb
Adds support for the @inspectFile operator 2017-10-31 09:59:17 -03:00
Felipe Zimmerle
7622866f97
Adds support for @fuzzyHash 
Issue #997
 2017-10-26 17:44:17 -03:00
Felipe Zimmerle
41bf7f716b
Calls xml init and xml cleanup to avoid memory leak 
Fix #1553
 2017-10-10 15:03:50 -03:00
Felipe Zimmerle
fa7973a4ef
Removes a regex optimization added at #1536 2017-10-06 20:32:40 +00:00