github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,947 Commits 55 Branches 109 Tags
Commit Graph

952 Commits

Author SHA1 Message Date
Ervin Hegedus
e7ea5433d5
Initialize m_dtd member in ValidateDTD class as NULL 2018-04-23 22:43:36 -03:00
Andrei Belov
5e65d560f8
Fix utils::string::ssplit() to handle delimiter in the end of string 
This closes #1743.
 2018-04-22 11:37:30 -03:00
Victor Hora
5018358371
Fix variable FILES_TMPNAMES 2018-04-22 11:11:46 -03:00
Andrei Belov
8285a97460
Fix memory leak in Collections 
This closes #1729.
 2018-04-05 09:48:51 -03:00
Felipe Zimmerle
0ca5994744
Adds support for ctl:ruleRemoveByTag action 2018-03-26 17:01:53 -03:00
Andrei Belov
138e301695
Reverse logic of checking output in @inspectFile 
This change makes @inspectFile in ModSecurity 3.x to operate in exact
the same way as it operates in ModSecurity 2.x, so existing helper scripts
like runav.pl [1] will work without any changes.

[1] https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0/master/util/av-scanning/runav.pl
 2018-03-22 23:06:30 -03:00
Felipe Zimmerle
df169ea108
Adds support for libMaxMind 2018-03-22 19:11:42 -03:00
Felipe Zimmerle
7bff76d794
Parser: Updates the generated parser files 2018-03-21 18:18:58 -03:00
Victor Hora
480a2f89d7
Disable SecCollectionTimeout parser error 2018-03-12 22:28:07 -03:00
Victor Hora
22334c9bb6
Adds capture action to detectXSS 2018-03-12 22:10:56 -03:00
Victor Hora
e50c317b7a
Temporarily accept invalid MULTIPART_SEMICOLON_MISSING operator 2018-03-12 20:09:17 -03:00
Felipe Zimmerle
70ace0faa4
Adds capture action to detectSQLi 2018-03-09 12:58:00 -03:00
Felipe Zimmerle
0f361b7065
Adds capture action to RBL 2018-03-09 12:49:12 -03:00
Felipe Zimmerle
df25c48f53
Adds capture action to verifyCC 2018-03-09 11:26:24 -03:00
Felipe Zimmerle
77a885da5f
Adds capture action to verifySSN 2018-03-09 09:42:05 -03:00
Felipe Zimmerle
60b2469097
Updates bison parser 2018-03-08 19:05:53 -03:00
Felipe Zimmerle
0b494c4cdc
Adds capture action to verifyCPF 2018-03-08 19:05:31 -03:00
Victor Hora
64ce41280d
Prettier error messages for unsupported configurations (UX) 2018-03-07 17:58:29 -03:00
Victor Hora
a66acebc05
Add missing verify*** transformation statements to parser 2018-03-05 17:50:14 -03:00
Felipe Zimmerle
8bb64c3ee3
Code cosmetics: removes an unused piece of code 2018-03-01 11:52:01 -03:00
Felipe Zimmerle
450c966da0
Fix a set of compilation warnings 2018-03-01 11:36:31 -03:00
Felipe Zimmerle
c8666fae31
Check for disruptive action on SecDefaultAction 2018-02-28 14:02:47 -03:00
Felipe Zimmerle
6842d4bba8
Fix block-block infinite loop. 
Issue #1614
 2018-02-28 12:05:28 -03:00
Felipe Zimmerle
4ac14a2622
Cosmetics on top of: #1636 2018-02-28 11:03:19 -03:00
Minasu
a0bea7356d
Correction remove_by_tag and remove_by_msg 2018-02-28 10:31:45 -03:00
Hegedüs Ervin
8d61a3df90
Fix LMDB compile error 2018-02-28 08:52:40 -03:00
Felipe Zimmerle
dca642369e
Fix on top of #1677 2018-02-26 17:53:18 -03:00
Andrei Belov
ebc068b8ce
Fix msc_who_am_i() to return pointer to a valid C string 
Previously this function was unusable as it returned pointer
to some garbage data.
 2018-02-23 18:42:33 -03:00
Andrei Belov
b50658d1e3
Fix "make dist" target to include necessary headers for Lua 2018-02-23 14:10:39 -03:00
Andrei Belov
ccc1f2031a
Fix "include /foo/*.conf" for single matched object in directory 2018-02-23 14:01:41 -03:00
Victor Hora
ab78b0cfb1
Add missing Base64 transformation statements to parser 2018-02-23 10:34:32 -03:00
Felipe Zimmerle
e3b6b4ccff
Fix resource load on ip match from file 2018-02-22 21:23:20 -03:00
Felipe Zimmerle
ac100785d1
Fix compilation issue while xml is disabled 2018-02-21 16:15:05 -03:00
Felipe Zimmerle
ff782ddfa4
Having LDADD and LDFLAGS organized on Makefile.am 2018-02-21 14:26:47 -03:00
Felipe Zimmerle
2b052b0edb
Checking std::deque size before use it 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
eeec7efb68
Renames collection::Variable to VariableValue 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
de7c5c89bb
Using shared var for variables names 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
6f7fdd9493
Using direct variable access instead m_collections 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
43bba3f942
Removes the depricated MacroExpansion class 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
f17af95728
Using RunTimeString on setvar action 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
a6830c76f2
parser refactoring: ops no longer carry a payload 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
a299997e02
Using run time string on the operators 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
6a97dbee7a
Using stack to save parser state 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
b5e996602c
Removes useless state 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
2d892a3176
Adds support for multipart vars on the parser 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
6fe8655ed9
Adds support for RunTimeString 
Using RunTimeStrings instead of runtime parser for
macro expansion.
 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
2ba788d2d7
perf improvement: Checks debuglog level before format debug msg 2018-02-20 13:39:59 -03:00
Felipe Zimmerle
768a76a61e
perf. improvement/rx: Only compute dynamic regex in case of macro 
On #1528 was added the support for macro expansion on @rx operator.
The performance improvement suggested on the pull request was not
thread safe, therefore removed. This patch adds a performance
improvement on top of #1528. The benchmarks points to 10x faster
results on OWASP CRS.
 2018-02-20 13:39:59 -03:00
Felipe Zimmerle
eaa4770c5d
Fix issue related to Lua script load 2017-12-13 16:20:18 -03:00
Victor Hora
c98e665475
Improvements on LUA build scripts and support for LUA 5.2 2017-12-12 09:51:10 -03:00