github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
304 Commits 55 Branches 109 Tags
Commit Graph

231 Commits

Author SHA1 Message Date
brectanus
61e4623bae Move around some code to make unit tests easier to build. 2007-12-19 20:44:56 +00:00
brectanus
2103fb560b Rename msc-test to msc_test. 2007-12-19 20:40:33 +00:00
brectanus
4e7c243c39 Make libxml2 *required*. 2007-12-19 18:13:41 +00:00
ivanr
6974a1c781 Fixed l_log to prevent percentage characters from Lua interfering with formatting. 2007-12-19 17:47:08 +00:00
ivanr
f3fae3155d Adjust Lua debugging levels to 8, to avoid logging at level 9 from skewing the results. 2007-12-19 17:13:02 +00:00
brectanus
e834a860dd Avoid double close of DBM on error. 2007-12-19 16:43:27 +00:00
brectanus
a96cbc0f69 Merge in Lua to test framework. 2007-12-19 16:11:42 +00:00
ivanr
e357bb55af Add quoting to unparsed rule generation. 2007-12-19 16:11:32 +00:00
ivanr
cdcb3bdb14 Lua: Added support for retrieving parametarised parameters (e.g. ARGS:p). 2007-12-19 15:46:45 +00:00
ivanr
4414cb8527 Lua: Support retrieval of individual variables from scripts. 2007-12-19 14:35:20 +00:00
ivanr
aef5a460b6 Fix Lua support. Enable logging from Lua scripts (using m.log()). 2007-12-19 12:50:21 +00:00
ivanr
e0c444953c Update Makefile to compile with Lua support 2007-12-19 11:26:55 +00:00
ivanr
afd3cbf14f Implemented SecRuleScript LUA_SCRIPT [ACTIONS]. 2007-12-19 11:22:52 +00:00
ivanr
6f6934e9d3 Code polish. 2007-12-19 09:22:58 +00:00
brectanus
d2dee97a31 Fix jsDecode \xHH to verify HH is there and valid hex. See #439. 2007-12-19 00:31:08 +00:00
brectanus
5da9a05d1c Remove the callback from the verifyCC regex (not used anymore). 2007-12-19 00:26:19 +00:00
brectanus
499c3f3167 Add initial unit testing framework. See #438. 2007-12-19 00:09:30 +00:00
brectanus
8360aacc22 Use use new msr->rule_was_intercepted flag. See #425. 2007-12-17 19:58:35 +00:00
brectanus
a99357ad5b Add ability to use <IfDefine MODSEC_2.5>. See #436. 2007-12-17 19:06:08 +00:00
ivanr
a703c9c626 Minor allow bug fix. 2007-12-17 15:11:18 +00:00
ivanr
dc081c5df1 Removed some code that implemented SecRequestEncoding. Left the directive in, as well as the structure member as they are harmless. 2007-12-17 15:09:59 +00:00
ivanr
b9a28882b2 Enhanced allow. 2007-12-17 11:22:47 +00:00
brectanus
9b0ce5ae67 Move an extraneous debug log line from level 4 to level 9. 2007-12-17 05:43:49 +00:00
brectanus
8a1687bf36 Make phase 5 more strict and catch an inherited disruptive action. See #429. 2007-12-17 05:13:49 +00:00
brectanus
32100608e5 Handle actionset being NULL. See #66 and #429. 2007-12-15 00:42:39 +00:00
brectanus
476684e6ec Stricter configuration parsing. See #66 and #429. 2007-12-14 22:45:01 +00:00
brectanus
cd51a10046 Allow all rules to run in phase 5. See #425. 2007-12-14 22:34:16 +00:00
brectanus
5065852dfe More efficient collection persistance and deletion on retrieval. See #345 and #426. 2007-12-14 19:53:23 +00:00
brectanus
4c11791a94 Escape cache value in log. 2007-12-14 00:42:04 +00:00
brectanus
aa68fff104 Fixed decoding \9 with t:escapeSeqDecode. See #423. 2007-12-14 00:30:25 +00:00
brectanus
8aa31fd099 Change jsDecodeuni to jsDecode which also decodes all the other JS escapes. See #193. 2007-12-14 00:19:46 +00:00
brectanus
b0de659133 Added t:jsDecodeUni handling unicode similar to t:urlDecodeUni. See #193. 2007-12-13 00:58:02 +00:00
brectanus
cbf79d43ba Update version to ready for 2.5.0-rc1. 2007-12-12 23:08:14 +00:00
brectanus
54cac6461b Add IS_NEW and IS_EXPIRED collection variables. See #345. 2007-12-12 22:52:08 +00:00
brectanus
2203428507 Prefer "offset" to "pos". 2007-12-12 18:43:40 +00:00
brectanus
e7e9756966 Add var name to validateUtf8Encoding message. See #408. 2007-12-12 18:40:35 +00:00
brectanus
3c1d5a0210 More efficient multimatch support and cleaned up debugging and messages. See #69. 2007-12-12 17:56:25 +00:00
brectanus
2dff0fb9f5 Speed up luhn algorithm and add multimatching capabilities to verifyCC. See #69. 2007-12-12 01:30:58 +00:00
brectanus
715a8eae58 Implement SecMarker. See #416. 2007-12-11 17:53:50 +00:00
ivanr
37f5231ccd Minor code fixes. 2007-12-03 21:13:37 +00:00
ivanr
bbcf1d08fc Added an APR-Util variant of character encoding conversion. 2007-12-03 14:46:00 +00:00
ivanr
c25071b832 Initial experimental implementation of SecRequestEncoding. See #390 for more details. 2007-12-03 14:04:53 +00:00
brectanus
22873995f7 Rename placeholder type from RULE_PH_TARGET to RULE_PH_SKIPAFTER. 2007-12-02 16:26:05 +00:00
brectanus
2bf4556cd0 Checkin fix to rule removal code to avoid placeholders. 2007-12-02 15:35:09 +00:00
brectanus
9e9bb318b3 Rewrite the luhn algorithm to be faster and easier to read. See #69. 2007-12-01 00:42:28 +00:00
brectanus
13e209909f Add in verifyCC operator from mod_security2_op_verifyCC.c. See #69. 
This still needs to be fixed.
 2007-11-30 23:26:06 +00:00
brectanus
a6c2d867f4 Improvements to audit logging matching rules. See #93. 2007-11-30 21:31:12 +00:00
brectanus
dcdce0cbc5 Added matching rules to audit log data. See #93. 2007-11-30 00:52:21 +00:00
brectanus
85053718d9 Cleanup log output for skipAfter. See #258. 2007-11-29 23:14:02 +00:00
ivanr
d3a0a2887a Fix utf-8 validation (again\!\!\!). 2007-11-29 13:30:39 +00:00