github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,435 Commits 55 Branches 109 Tags
6388d88f389973fbe241891a8c1b1c95f894d9dc
Commit Graph

87 Commits

Author SHA1 Message Date
Ervin Hegedus
6388d88f38 Check if the MP header contains invalid character 2024-08-13 18:26:18 +02:00
Eduardo Arias
373633ffe2 mkstemp is not available in Windows build, replaced with _mktemp_s plus _open. 
- Updated included headers to support compilation on Windows (using
  Visual C++)
- Minor change to use C++ default (zero) initialization instead of
  calling memset.
 2024-05-03 23:05:34 -03:00
Elia Pinto
7fed599fdb src/request_body_processor/multipart.cc: reduce the scope of variable in a for () loop 
In general, it is always preferable to reduce
the scope of a variable in a for loop
 2024-02-29 20:20:41 +01:00
Ervin Hegedüs
6623c0ae29 Changed strip methodology to MULTIPART_PART_HEADERS 2023-04-23 17:32:26 +02:00
Ervin Hegedüs
6fbdee9ff0 Merge branch 'v3/master' of https://github.com/SpiderLabs/ModSecurity into v3/multipartpartheaderfix 2023-04-23 17:17:29 +02:00
Martin Vierula
a5320add21 Refactoring: remove two unneeded local vars from multipart parser 2023-04-17 12:29:40 -07:00
Ervin Hegedüs
514abeb513 Remove EOL chars from MULTIPART_PART_HEADER variable 2023-01-28 21:48:51 +01:00
Ervin Hegedüs
aa44c7b726 Fix FILES_TMP_CONTENT collection key naming mechanism 2022-11-14 17:03:50 +01:00
Martin Vierula
fa6e41857d Multipart parsing fixes and new MULTIPART_PART_HEADERS collection 2022-09-07 06:29:20 -07:00
Martin Vierula
6e56950cdf Tolerate other parameters after boundary in multipart C-T 2022-04-26 11:17:46 -07:00
Martin Vierula
f34b49f666 Multipart names may include single quote if double-quote enclosed 2021-12-23 08:02:43 -08:00
Martin Vierula
ac79c1c29b Support configurable limit on depth of JSON parsing 2021-11-15 18:51:25 -08:00
martinhsv
65e7e474b1 fix missing parentheses in filename* parsing 2021-05-11 13:46:50 -07:00
martinhsv
fbea73120c Fix: FILES variable does not use multipart part name for key 2021-01-24 15:06:30 -03:00
Felipe Zimmerle
3748d62f19 Changes copyright dates on the code 2021-01-19 09:24:37 -03:00
martinhsv
d72be1c470 Fix: Only delete Multipart tmp files after rules have run 2020-11-04 13:50:07 -03:00
Felipe Zimmerle
4b425850cf Cosmetics: fix cppcheck warnings 2020-10-23 08:29:07 -03:00
Felipe Zimmerle
a609249d64 Makes m_id a shared pointer 2020-03-27 15:48:11 -03:00
Felipe Zimmerle
6a742cdf76 Refactoring: Renames RulesProperties to RulesSetProperties 2020-02-17 13:17:03 -03:00
martinhsv
f57265a3e2 Support configurable limit on number of arguments processed 2020-02-14 11:00:01 -03:00
Felipe Zimmerle
7495675d54 Refactoring: Renames Rules to RulesSet 
RulesSet does not only contain rules but alse properties
 2020-02-11 14:26:47 -03:00
martinhsv
136db3e582 Multipart Content-Disposition should allow filename* field 2020-02-11 10:29:38 -03:00
Felipe Zimmerle
357c140003 Changens copyright year 2020-01-31 10:32:37 -03:00
Felipe Zimmerle
fe98ce4c7d Cosmetics: address cppcheck warnings 2020-01-30 18:19:34 -03:00
Felipe Zimmerle
05e9e7cf31 XML: Remove error messages from stderr 2019-11-25 09:27:11 -03:00
Ervin Hegedus
038522ad9b Small fixes in log messages to help debugging 2019-11-20 15:24:30 -03:00
Ervin Hegedus
17d79ed7ba Fixed data collecting in multipart parsing 2019-02-12 09:16:07 -03:00
Felipe Zimmerle
2dff768262 Removes a memory leak on the JSON parser 2019-02-11 10:17:02 -03:00
Victor Hora
b638e523af Make the boundary check less strict as per RFC2046 2018-11-20 22:17:22 -03:00
Felipe Zimmerle
ef7f65db90 Changes debuglogs schema to avoid unecessary str allocation 2018-10-23 17:00:16 -03:00
Ervin Hegedus
4d0ca94490 Modified the false pos. UNMATCHED_BOUNDARY error flag 2018-06-12 01:09:36 -03:00
Ervin Hegedus
af4afd348c Fixed false positive MULTIPART_UNMATCHED_BOUNDARY errors 2018-06-12 01:09:36 -03:00
Victor Hora
5018358371 Fix variable FILES_TMPNAMES 2018-04-22 11:11:46 -03:00
Felipe Zimmerle
ac100785d1 Fix compilation issue while xml is disabled 2018-02-21 16:15:05 -03:00
Felipe Zimmerle
2b052b0edb Checking std::deque size before use it 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
2d892a3176 Adds support for multipart vars on the parser 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
3fb71f32d8 Coding style fixes 2017-11-13 22:32:11 -03:00
Felipe Zimmerle
023e7acbad Refactoring on the JSON parser 
It also address the issue #1576 and #1577
 2017-11-10 17:26:23 -03:00
Felipe Zimmerle
41bf7f716b Calls xml init and xml cleanup to avoid memory leak 
Fix #1553
 2017-10-10 15:03:50 -03:00
michaelgranzow-avi
3a048ee2db Support --enable-debug-logs=no option of configure script (#2) 
* Support --enable-debug-logs=no option of configure script

* Undo unintended white space changes

* Undo more unintended white space changes

* Address review comments - thanks Mirko

* Address more review comments - thanks Mirko
 2017-08-23 23:50:16 -03:00
Lasse Karstensen
5e06a67fbe Demote log lines to improve debug log SNR. 
The debug logging is verbose and sometimes hard to read.

Demote some of the boilerplate output to log level 9, to make it easier
to see the important parts on lower verbosity levels.
 2017-07-28 22:11:06 -03:00
Felipe Zimmerle
4ad3574cf2 Adds offset regression tests and assorted fixes on var's offsets 2017-03-06 15:02:02 -03:00
Felipe Zimmerle
6f47462110 Fix compilation when YAJL is not present 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
e95efa05cc Fix assorted memory and static analysis errors 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
f2d149fc5f Extends the direct access model to other collections 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
ca24b6bb06 PoC: Adds support to direct access on ARGS collection 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
ecbf292f6d Adds first PoC for the operator offset feature 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
e95555132e Contionuation of 1 time variable patch 
Now we have almost 100% of the transaction variables hosted on the
new schema. Variable modifcators (count and exclusion) are not yet
supported on the new schema. Notice that setvar is now using the
parser.
 2017-03-06 15:01:58 -03:00
Felipe Zimmerle
88fb456a16 Cosmetics: Reduces the static analysis warnings 2016-12-28 17:46:47 -03:00
Felipe Zimmerle
2244e874e2 Moves static methods from class String to the namespace string 2016-11-04 16:00:44 -03:00