github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,668 Commits 55 Branches 109 Tags
Commit Graph

95 Commits

Author SHA1 Message Date
Ervin Hegedus
72e3abdd12
Add Windows specific characters to config value syntax in config parser 2025-07-30 14:37:27 +02:00
Ervin Hegedus
9e41a53760
Finish XMLArgs processing in v3 2025-04-20 18:21:28 +02:00
Eduardo Arias
2c488386c4 Add options nounistd & never-interactive to seclang-scanner.ll 
- The parser is not used interactively so we can avoid including
  unistd.h, which is not available on Windows MSVC C++ compiler.
- The #ifdef WIN32 introduced in PR #3132 would probably be overwritten
  when the parser is updated.
 2024-05-19 16:38:03 +00:00
Eduardo Arias
a48856822c Updated included headers to support compilation on Windows (using Visual C++) 
- most of posix related functions and constants in unistd.h can be
  found in io.h in Visual C++
- introduced src/compat/msvc.h to adjust for compiler differences (and
  avoid updating code with #ifdef blocks for Windows support)
- removed some included headers that are not needed (both on Unix and
  Windows builds)
 2024-05-03 23:05:34 -03:00
Martin Vierula
118e1b3a44 Support expirevar for in-memory collection 2023-09-29 11:40:03 -07:00
Martin Vierula
938707d117
Fix: quoted Include config with wildcard 2023-05-30 09:32:07 -07:00
Brandon Payton
f3d8198b84 Respond to code review feedback 2023-04-11 13:47:02 -04:00
Brandon Payton
0c42ee229e Switch to simpler PCRE error flags 2023-04-11 13:44:07 -04:00
Brandon Payton
8c269d31c5 Update Regex util to support match limits 
If the rx or rxGlobal operator encounters a regex error,
the RX_ERROR and RX_ERROR_RULE_ID variables are set.
RX_ERROR contains a simple error code which can be either
OTHER or MATCH_LIMIT. RX_ERROR_RULE_ID unsurprisingly
contains the ID of the rule associated with the error.
More than one rule may encounter regex errors,
but only the first error is reflected in these variables.
 2023-04-11 13:40:40 -04:00
Martin Vierula
55d6aa94e1 Resolve memory leak (bison-generated position.filename) 2023-02-17 09:59:34 -08:00
Martin Vierula
ec1232a69b
Support equals sign in XPath expressions 2023-01-19 08:37:38 -08:00
Martin Vierula
69545eade9
Remove some no-longer-used parser definitions 2023-01-13 17:35:08 -08:00
Martin Vierula
53cf6eb6bf
Correct whitespace handling for Include directive 2022-09-14 12:27:21 -07:00
Martin Vierula
fa6e41857d
Multipart parsing fixes and new MULTIPART_PART_HEADERS collection 2022-09-07 06:29:20 -07:00
Martin Vierula
2d51efae49 Add ctl:auditengine action support 2022-01-20 14:04:30 -08:00
Martin Vierula
ac79c1c29b
Support configurable limit on depth of JSON parsing 2021-11-15 18:51:25 -08:00
martinhsv
2672db103e
Add support for new operator rxGlobal 2020-10-26 08:55:07 -03:00
martinhsv
f57265a3e2
Support configurable limit on number of arguments processed 2020-02-14 11:00:01 -03:00
Felipe Zimmerle
7495675d54
Refactoring: Renames Rules to RulesSet 
RulesSet does not only contain rules but alse properties
 2020-02-11 14:26:47 -03:00
Felipe Zimmerle
1b8d69da02
Fix dict element regular expression selection on SecRuleUpdateTargetByTag 2019-05-31 01:42:51 -03:00
Rufus125
86ce479b59
Adds new operator to check for data leakage of Austrian social security number 2019-05-29 20:57:08 -03:00
Felipe Zimmerle
61c11251b6
parser: Fix filename 2019-04-23 13:17:23 -03:00
Felipe Zimmerle
dc78c0e180
Fix: Extra whitespace in some configuration directives causing error 
Issue #2006
 2019-01-21 14:44:31 -03:00
Felipe Zimmerle
9d80983e55
Fix on top of #1943 + adding test cases 2018-11-01 16:11:39 -03:00
Victor Hora
e3b9f7c913
Fix SecUnicodeMapFile support 
Makes SecUnicodeMapFile read the file and adjust transformation to use the
right variable.
 2018-10-31 22:57:39 -03:00
Felipe Zimmerle
bfe917b6b1
parser: Fix the support for CRLF configuration files 2018-10-30 17:16:44 -03:00
Felipe Zimmerle
3f0ea90970
Test case skeleton for #1941 2018-10-29 11:14:31 -03:00
Felipe Zimmerle
973c1f1028
Fix rule line number 
Issue #1844
 2018-10-24 21:02:35 -03:00
Felipe Zimmerle
23e0d35d2d
Fix the SecUnicodeMapFile and SecUnicodeCodePage 2018-10-23 17:00:11 -03:00
Felipe Zimmerle
bc3d3f1915
Adds support to setenv action 
Issue #1044
 2018-09-25 10:19:52 -03:00
Felipe Zimmerle
c2bc695265
parser: Fix typo on SanitiseArgs 
Related to: #715 and #1889
 2018-09-12 09:37:34 -03:00
Felipe Zimmerle
764a2e43ff
parser: Fix simple quote setvar in the end of the line. 
Fix #1831
 2018-09-11 15:35:26 -03:00
Victor Hora
f999f54eda
Adds support for ctl:requestBodyProcessor=URLENCODED 2018-08-22 22:07:04 -03:00
Victor Hora
87e64e3c25
Actually fix setvar parsing of quoted data 2018-05-17 13:43:12 -03:00
Victor Hora
5e40850697
Fix setvar parsing of quoted data 2018-05-03 14:40:48 -03:00
Victor Hora
bb2ecdf4db
Add missing escapeSeqDecode, urlEncode and trimLeft/Right tfns to parser 2018-04-24 09:26:30 -03:00
Felipe Zimmerle
6d5bb42bd8
Normalizes Bison version 2018-04-24 09:15:39 -03:00
Victor Hora
2037a08b34
Fix STATUS var parsing and accept STATUS_LINE var for v2 backward compatibility 2018-04-24 09:06:39 -03:00
Felipe Zimmerle
0ca5994744
Adds support for ctl:ruleRemoveByTag action 2018-03-26 17:01:53 -03:00
Victor Hora
e50c317b7a
Temporarily accept invalid MULTIPART_SEMICOLON_MISSING operator 2018-03-12 20:09:17 -03:00
Felipe Zimmerle
60b2469097
Updates bison parser 2018-03-08 19:05:53 -03:00
Victor Hora
64ce41280d
Prettier error messages for unsupported configurations (UX) 2018-03-07 17:58:29 -03:00
Victor Hora
ab78b0cfb1
Add missing Base64 transformation statements to parser 2018-02-23 10:34:32 -03:00
Felipe Zimmerle
43bba3f942
Removes the depricated MacroExpansion class 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
f17af95728
Using RunTimeString on setvar action 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
a6830c76f2
parser refactoring: ops no longer carry a payload 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
a299997e02
Using run time string on the operators 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
6a97dbee7a
Using stack to save parser state 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
b5e996602c
Removes useless state 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
2d892a3176
Adds support for multipart vars on the parser 2018-02-20 13:40:00 -03:00