github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 11:44:32 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,968 Commits 55 Branches 109 Tags
59d4268882d78b2d20ab8042f1ea74eaf8a04c5f
Commit Graph

971 Commits

Author SHA1 Message Date
Felipe Zimmerle
e3b6b4ccff Fix resource load on ip match from file 2018-02-22 21:23:20 -03:00
Felipe Zimmerle
ac100785d1 Fix compilation issue while xml is disabled 2018-02-21 16:15:05 -03:00
Felipe Zimmerle
ff782ddfa4 Having LDADD and LDFLAGS organized on Makefile.am 2018-02-21 14:26:47 -03:00
Felipe Zimmerle
2b052b0edb Checking std::deque size before use it 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
eeec7efb68 Renames collection::Variable to VariableValue 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
de7c5c89bb Using shared var for variables names 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
6f7fdd9493 Using direct variable access instead m_collections 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
43bba3f942 Removes the depricated MacroExpansion class 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
f17af95728 Using RunTimeString on setvar action 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
a6830c76f2 parser refactoring: ops no longer carry a payload 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
a299997e02 Using run time string on the operators 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
6a97dbee7a Using stack to save parser state 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
b5e996602c Removes useless state 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
2d892a3176 Adds support for multipart vars on the parser 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
6fe8655ed9 Adds support for RunTimeString 
Using RunTimeStrings instead of runtime parser for
macro expansion.
 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
2ba788d2d7 perf improvement: Checks debuglog level before format debug msg 2018-02-20 13:39:59 -03:00
Felipe Zimmerle
768a76a61e perf. improvement/rx: Only compute dynamic regex in case of macro 
On #1528 was added the support for macro expansion on @rx operator.
The performance improvement suggested on the pull request was not
thread safe, therefore removed. This patch adds a performance
improvement on top of #1528. The benchmarks points to 10x faster
results on OWASP CRS.
 2018-02-20 13:39:59 -03:00
Felipe Zimmerle
eaa4770c5d Fix issue related to Lua script load 2017-12-13 16:20:18 -03:00
Victor Hora
c98e665475 Improvements on LUA build scripts and support for LUA 5.2 2017-12-12 09:51:10 -03:00
Izik Abramov
e9f3312ea9 fixed compilation error with disable_debug_log flag 2017-12-12 09:48:08 -03:00
Felipe Zimmerle
9c0ed6109d Fix assorted minor memory management issues 2017-11-14 09:36:32 -03:00
Felipe Zimmerle
b7698d6899 Fix memory leak in @fuzzyHash 2017-11-13 23:54:30 -03:00
Felipe Zimmerle
3fb71f32d8 Coding style fixes 2017-11-13 22:32:11 -03:00
Felipe Zimmerle
023e7acbad Refactoring on the JSON parser 
It also address the issue #1576 and #1577
 2017-11-10 17:26:23 -03:00
Felipe Zimmerle
23cf656f93 Adds support to WEBAPPID variable 2017-11-08 10:28:56 -03:00
Felipe Zimmerle
082a3e3287 Adds support to SecWebAppID 2017-11-08 09:33:14 -03:00
Felipe Zimmerle
ec667a4609 Adds support for SecRuleRemoveByTag 2017-11-07 14:52:50 -03:00
Felipe Zimmerle
4d7fd5c30a Adds support for update target by message 2017-11-06 23:29:25 -03:00
Felipe Zimmerle
7fa5ca9ba0 Makes lua optional 2017-11-06 00:44:54 -03:00
Felipe Zimmerle
e52bd7d635 Adds support to SecRuleScript directive 2017-11-05 23:31:16 -03:00
Felipe Zimmerle
cb3363c7d5 Adds support for the exec action 2017-11-05 23:31:07 -03:00
Felipe Zimmerle
a676f313c3 Initial support for Lua script engine 2017-11-05 23:30:50 -03:00
Felipe Zimmerle
1866a3a9eb Adds support for the @inspectFile operator 2017-10-31 09:59:17 -03:00
Felipe Zimmerle
1189e9b0ef Adds support to LUA in configure scripts 2017-10-31 09:59:12 -03:00
Felipe Zimmerle
9369efcb90 Adds support to the collection RESOURCE 2017-10-30 09:07:49 -03:00
Felipe Zimmerle
7622866f97 Adds support for @fuzzyHash 
Issue #997
 2017-10-26 17:44:17 -03:00
Athmane Madjoudj
968d83f1ff Fix build on non x86 arch build failed on ppc64/ppc64le/arch64/armv7hl/s390x due to how this arch represent chars 2017-10-25 16:44:27 -03:00
Felipe Zimmerle
371fc03218 Fix memory issue while changing rule target dynamic 
Issue #1590
 2017-10-24 00:03:13 -03:00
Felipe Zimmerle
c4fcb36f4c Fix log while displaying the name of a dict selection by regex 2017-10-20 21:46:24 -03:00
Felipe Zimmerle
93e18ca5ea Support pipes inside quoted variable selection 
As of #1591 the pipe support was disable in the general selection which
was also affecting the quoted selection. This pactch adds the support
for pipes inside the quoted selection only.
 2017-10-20 11:02:42 -03:00
Felipe Zimmerle
34e8b140e5 Setting http response code on the auditlog 2017-10-19 23:27:30 -03:00
Felipe Zimmerle
274f9e5aa1 Refactoring on RuleMessage class, now accepting http code as parameter 2017-10-19 23:00:47 -03:00
Felipe Zimmerle
39fb75c34d Having disruptive msgs as disruptive [instead of warnings] on audit log 
Issue #1592
 2017-10-17 14:58:04 -03:00
Felipe Zimmerle
30797a458b Parser: Pipes are no longer welcomed inside regex dict element selection. 
Issue #1591
 2017-10-17 11:46:44 -03:00
Felipe Zimmerle
1ad95254cd Avoids unicode initialization on every rules block 
ModSecurity-nginx/#67
ModSecurity/#1563
 2017-10-11 12:40:48 -03:00
Felipe Zimmerle
20edf9ab77 Removes xml initialization from CURL if/def 2017-10-10 18:14:41 -03:00
Felipe Zimmerle
41bf7f716b Calls xml init and xml cleanup to avoid memory leak 
Fix #1553
 2017-10-10 15:03:50 -03:00
Felipe Zimmerle
30364628a0 Makes clear to the user when audit log is empty due to missing JSON sup. 2017-10-10 10:25:53 -03:00
Felipe Zimmerle
d3f979f1d2 Makes auditlog more verbose on debug logs 2017-10-10 09:30:21 -03:00
Victor Hora
d285bc02b8 Add missing statements 2017-10-09 09:02:32 -03:00