github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,019 Commits 55 Branches 109 Tags
6ca028b6f5713ea505bcdd39a43a1aaa4fba936e
Commit Graph

3019 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Lasse Karstensen
7665d96a13 Improve action-allow test titles 2017-08-20 20:00:28 -03:00
Lasse Karstensen
fc06915cc6 Extend RESPONSE_BODY test case. 2017-08-20 20:00:07 -03:00
Felipe Zimmerle
31655e2c9b Updates secrules-language-tests 2017-08-20 19:57:58 -03:00
Felipe Zimmerle
0a3dd824fe Updates libinjection to v3.10.0 2017-08-20 19:57:06 -03:00
asterite
b8789ab9f4 add a test for negated implicit @rx operator 2017-08-20 19:39:18 -03:00
asterite
039bd2cc84 fix negated implicit @rx operator 
When an operator starts with '!' and no explicit operator
is specified, a negated @rx operator should be created.
Due to a bug, a regular @rx operator with regex starting
with '!' was created. This commit fixes it
 2017-08-20 19:39:05 -03:00
Victor Hora
ca9cbf4ddc Fix for @rbl operator to correctly recognize known supported RBL providers 2017-08-20 19:36:53 -03:00
Felipe Zimmerle
9d4ed52518 test: Counts the disabled tests as skiped on the test summary 2017-08-20 19:33:53 -03:00
Lasse Karstensen
d66f0c7e0d Add support for disabled test cases. 
This commit adds support for skipping test cases that have enabled=0 in
their JSON body.

A separate counter is kept and reported in the final non-automake
output, detailing disabled as a separate field.

Ref: #1513
 2017-08-20 19:28:26 -03:00
Lasse Karstensen
ab14b7c083 Add support for disabling test cases. 
The JSON test case format has an "enabled" key that is not
currently being honored. This trivial patch adds support for skipping
test cases that has enabled set to 0.
 2017-08-20 19:28:21 -03:00
Felipe Zimmerle
c22658ec80 Adds `msc_update_status_code' method to the libmodsec api 2017-08-20 18:52:50 -03:00
Felipe Zimmerle
fff5a57656 Changes auditlog type to serial by default 2017-08-20 17:32:44 -03:00
Felipe Zimmerle
bf281eb4df Relaxing the audit log sanity checks to allow empty relevant status 2017-08-20 15:52:07 -03:00
Lasse Karstensen
09ee471498 Handle zero byte rule files correctly. 
This corrects the stalling behaviour seen when trying to parse an empty
rule file.

Fixes: #1521
 2017-08-20 09:37:10 -03:00
Felipe Zimmerle
945ee27a85 parser: Adds SecRuleUpdateActionById is not yet supported 2017-08-17 15:08:38 -03:00
Felipe Zimmerle
d7eab6b7a3 Adds support to SecRuleRemoveByMsg 2017-08-16 23:42:13 -03:00
Felipe Zimmerle
562c2b2f5a parser: Adds support to tag action without quotes 2017-08-16 22:29:42 -03:00
Felipe Zimmerle
b4051246b1 Adds support to SecResponseBodyMimeTypesClear 2017-08-16 22:21:03 -03:00
Felipe Zimmerle
48f1470269 Adds support to SecArgumentSeparator 2017-08-16 18:27:51 -03:00
Felipe Zimmerle
a302538521 parser: Adds SecWebAppId not supported note 2017-08-16 17:31:59 -03:00
Felipe Zimmerle
2c4e65f7ee parser: Adds support to quoted paramenter in SecDataDir 2017-08-16 17:17:39 -03:00
Felipe Zimmerle
bb2fe0e039 parser: Adds note saying that SecServerSignature is not supported 2017-08-16 17:14:42 -03:00
Felipe Zimmerle
e6cfd5379d parser: Adds SecRuleScript not implemented note 2017-08-16 17:00:36 -03:00
Felipe Zimmerle
cd533e00e7 parser: Adds support to quoted arguments on SecUploadDir 2017-08-16 10:17:51 -03:00
Felipe Zimmerle
b5d0dc2409 paser: Adds support for quoted argument on SecTmpDir 2017-08-16 09:51:56 -03:00
Felipe Zimmerle
5ffc5c1633 parser: Adds support to quoted arguments in asorted configurations 2017-08-16 09:37:34 -03:00
Felipe Zimmerle
9abc37157d parser: Adds msg: ContentInjection is not yet supported 2017-08-16 09:21:23 -03:00
Felipe Zimmerle
06447ea3d4 parser: Adds support to double quotes on adit logs file 2017-08-16 00:18:06 -03:00
Felipe Zimmerle
c525cbfb20 parser: Adds ability to inform auditlog status without quotes 2017-08-16 00:17:58 -03:00
Felipe Zimmerle
9ee412735d parser: Improves the reading for the url in the redirect action 2017-08-15 15:18:52 -03:00
Felipe Zimmerle
8c66a1b4c2 Adds support to double quotes on debug logs conf 2017-08-15 14:20:39 -03:00
Felipe Zimmerle
0508395f8d Forces REQBODY_ERROR to zero whenever there is a valid XML 2017-07-31 14:12:18 -03:00
Felipe Zimmerle
b36c4260c1 Adds a graceful error if there is no memory for request body inspection 
Issue #1517
 2017-07-31 13:09:09 -03:00
Felipe Zimmerle
9a41942ce1 Optimization on the macro expansion function 2017-07-31 09:26:06 -03:00
Victor Hora
53ff0e1a57 Adds initial support to SecHttpBlKey 2017-07-29 00:12:14 -03:00
Lasse Karstensen
515e073503 Rename FromNowOneAllowType to FromNowOnAllowType. 
This misspelling is confusing (is it allow one more rule, or all of
them?) and since v3 isn't released yet, use the major version bump
opportunity to rectify it.
 2017-07-28 22:46:55 -03:00
Lasse Karstensen
bce5ef7704 Add the missing g in Transaction::GetReponseBodyLenth() 
This commit fixes a typo in the method name for retrieving
the body length.
 2017-07-28 22:30:25 -03:00
Felipe Zimmerle
56baef5f1f Fix test case as consequence of the changes at #1514 2017-07-28 22:24:21 -03:00
Lasse Karstensen
5e06a67fbe Demote log lines to improve debug log SNR. 
The debug logging is verbose and sometimes hard to read.

Demote some of the boilerplate output to log level 9, to make it easier
to see the important parts on lower verbosity levels.
 2017-07-28 22:11:06 -03:00
Lasse Karstensen
5c7892ce89 Reduce use of underscores in log output. 
The use of underscores in log lines makes them harder to read,
without contributing/adding extra information.
 2017-07-28 22:11:06 -03:00
Lasse Karstensen
e3b9e6061f Ignore droppings from make check. 2017-07-28 21:49:33 -03:00
Lasse Karstensen
4d1739a2c3 Ignore built files. 
Clean up git status output so the important parts are visible.
 2017-07-28 21:49:33 -03:00
Felipe Zimmerle
0242646610 Adds test case for the ctl:ruleEngine action 2017-07-27 22:10:58 -03:00
Felipe Zimmerle
4bec6b0019 Adds support to ctl:ruleEngine 2017-07-27 22:05:10 -03:00
Felipe Zimmerle
1f1e8324b1 Includes HTTP version and response code on auditlogs/F 2017-07-25 23:24:36 -03:00
Felipe Zimmerle
43cb8ed652 Adds support to C section on auditlogs 2017-07-25 23:13:23 -03:00
Felipe Zimmerle
15ca5ceab4 Yet another change on the audit log permissions 
The default values are set to 0640 and 0750. That is the real
value in version 2.
 2017-07-25 23:08:59 -03:00
Felipe Zimmerle
b58c8fe7ed Changes the default file creation permission to 1600 
Somewhat related to #1497.
 2017-07-25 15:11:27 -03:00
Felipe Zimmerle
27a8abc052 Changes the auditlog new derectories permission to 1872 
As well noticed on #1497 [by @met3or] we had an inconsistence in the
default permission value for new directories between version 2 and 3.
 2017-07-25 15:06:47 -03:00
Felipe Zimmerle
337216fd87 fix: remove target by {id,tag} are now considering collections 
Fix issue #1409
 2017-07-25 09:19:21 -03:00