github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-17 22:56:18 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,014 Commits 55 Branches 109 Tags
Commit Graph

105 Commits

Author SHA1 Message Date
Felipe Zimmerle
7640f7b40b
Refactoring: Makes transformations to work with new execute signature 2021-01-12 13:01:18 -03:00
Felipe Zimmerle
08e63662e8
Cosmetics: fix some cppcheck complains 2021-01-12 13:01:18 -03:00
Felipe Zimmerle
affdc49a9e
Refactoring: rename evaluate to execute on actions 2021-01-12 13:01:18 -03:00
Felipe Zimmerle
47ec32fba8
Refactoring in the Rule class to make it more elegant 2021-01-12 13:01:18 -03:00
marshal09
409c5e491d
Add new transformation call phpArgsNames 2021-01-12 13:01:17 -03:00
Felipe Zimmerle
9c526b3647
Avoids copy on the transformation operation 2020-03-27 16:12:55 -03:00
Felipe Zimmerle
6a742cdf76
Refactoring: Renames RulesProperties to RulesSetProperties 2020-02-17 13:17:03 -03:00
Felipe Zimmerle
7495675d54
Refactoring: Renames Rules to RulesSet 
RulesSet does not only contain rules but alse properties
 2020-02-11 14:26:47 -03:00
Felipe Zimmerle
357c140003
Changens copyright year 2020-01-31 10:32:37 -03:00
Felipe Zimmerle
9101a8ab15
Cosmetics: address cppcheck warnings on src/actions 2020-01-22 10:37:51 -03:00
Felipe Zimmerle
86a5f471a9
Cosmetics: fixed static analysis issues. 2020-01-15 20:35:59 -03:00
martinhsv
01c7a2689b
Fix test issue-1974 2019-10-24 09:57:49 -03:00
Thierry Fournier
4a3e9734ef
fix/minor: Error encoding hexa decimal 
String is defined as an array of char. The char can be negative. The
cast "reinterpret_cast" from char to int keep the negative side, so
the "unsigned char" number 0x91 is negative as "char". When it is
"reinterpret_cast" as integer, it becomes 0xffffff91, so the hexadecimal
display is broken:

   [155493246391.747672] [/absolute?what=badarg2] [9]  T (0) t:hexEncode: "ffffff91ffffffecffffffe6334bffffffebffffff87ffffff9affffff824a06ffffffc33b4cffff (14 characters omitted)"

This patch fix this behavior using classic cast without reinterpret_cast:

   [155493251286.221115] [/absolute?what=badarg2] [9]  T (0) t:hexEncode: "91ece6334beb879a824a06c33b4cb4240e4c6f56"
 2019-05-27 17:06:51 -03:00
Victor Hora
ecad8c6c7e Fix buffer size for utf8toUnicode transformation 2018-11-16 14:58:40 -05:00
Felipe Zimmerle
18cdffdbca
Encapsulates int[N] in a class to avoid compilation issues 
Depending on the compiler, there may be a compilation issue with the
usage of std::unique_ptr<int[]>. Therefore encapsulating it inside a
regular class.
 2018-11-01 11:50:15 -03:00
Victor Hora
e3b9f7c913
Fix SecUnicodeMapFile support 
Makes SecUnicodeMapFile read the file and adjust transformation to use the
right variable.
 2018-10-31 22:57:39 -03:00
Robert Paprocki
e4c822e663
Code cleanup: Initialize variables and others good practice 
- initialize invalid_countin UrlDecode :: evaluate
- Free resources before the process die (good practice)
 2018-05-13 17:08:07 -03:00
Felipe Zimmerle
3fb71f32d8
Coding style fixes 2017-11-13 22:32:11 -03:00
Felipe Zimmerle
1ad95254cd
Avoids unicode initialization on every rules block 
ModSecurity-nginx/#67
ModSecurity/#1563
 2017-10-11 12:40:48 -03:00
Victor Hora
37868d1534
Add missing feature: t:uppercase transformation 2017-06-02 21:47:54 -03:00
Felipe Zimmerle
37619bae77
Removes local cache for transformations 2017-05-10 09:29:08 -03:00
Felipe Zimmerle
cf4deaa3a0
Using uint64_t instead of u_int64_t 2017-03-28 12:55:40 -03:00
Felipe Zimmerle
e2af60e765
Expands log_cb to share ruleMessage structure instead text 
Text version still available and it is the default options
 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
027d50b76b
Adds first version of `processContentOffset' 
This commit also includes an example application on how to use the
`processContentOffset' method.
 2017-03-06 15:02:02 -03:00
Felipe Zimmerle
e95efa05cc
Fix assorted memory and static analysis errors 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
c1f11ab4e5
Cosmetics: assorted fixes on the coding style 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
0c37ba336b
Fixed utf8ToUnicode bad memory access 2017-03-06 15:01:51 -03:00
Felipe Zimmerle
068a3eb517
Fixed bad memory access in utf8ToUnicode class 2017-03-06 15:01:50 -03:00
Felipe Zimmerle
15b81d09e7
Refactoring on the transformation classes 2016-12-28 19:53:37 -03:00
Felipe Zimmerle
3ee7b24928
Adds refCounter to actions 2016-11-08 18:14:34 -03:00
Felipe Zimmerle
2244e874e2
Moves static methods from class String to the namespace string 2016-11-04 16:00:44 -03:00
Felipe Zimmerle
62a0cb468b
Renames utils/msc_string.[h|cc] to utils/string.[h|cc] 2016-11-04 16:00:42 -03:00
Felipe Zimmerle
4ced1d18e0
Using full path in the header inclusion 2016-11-04 14:45:01 -03:00
Felipe Zimmerle
507ec44cc2
Refactoring on `utils.cc' and adjacents 
Completely removed the `utils.cc' by moving residual functions into
sub-classes of `utils/'
 2016-11-03 20:26:27 -03:00
Felipe Zimmerle
c680ddf2cd
Refactoring on rulesProperties class 
Among of other things the merge process was improved to detect if
certain properties were set on the origin rule set.
 2016-10-05 12:01:15 -03:00
Felipe Zimmerle
8d84ff6f4d
Accepting both: normalizePath and normalisePath 2016-08-26 16:26:16 -03:00
Felipe Zimmerle
4cf6c714ac
Cosmetics: Fix coding style 2016-07-12 21:59:17 -03:00
Felipe Zimmerle
4078677b7f
Cosmetic changes: applies changes suggested by static analysis 2016-07-12 00:46:12 -03:00
Felipe Zimmerle
6052d2628b
Adds support to URLENCODED_ERROR variable 2016-06-20 11:34:43 -03:00
Felipe Zimmerle
f833a61089
Fix memory leak on html dentity decode transformation 2016-06-16 10:32:44 -03:00
Felipe Zimmerle
e6c542c5b5
Fix invalid read on sql hex decode transformation 2016-06-16 10:31:15 -03:00
Alexey Zelkin
32f22d1a79
Use explicit variable size for copying char. 
For some reason plain call to "ret.append(&b)" copy 32 bit of data.  This change unbreaks
CmdLine unit tests for FreeBSD 10, CentOS 7, RHEL 7 and Debian 8.
 2016-06-15 23:10:27 -03:00
Felipe Zimmerle
967c8c90f2 Fixed minor behavior on the trasnformations and added sha1-mbedtls 2016-05-30 16:54:13 -03:00
Felipe Zimmerle
8d49903279 Adds support to the transformations parity[even|odd|zero]7bit 
Issues: #968, #969, #967
 2016-05-27 10:45:05 -03:00
Felipe Zimmerle
1fe0e34201 Adds support to sqlHexDecode transformation 
Issue #973
 2016-05-25 20:19:54 -03:00
Felipe Zimmerle
bd2e95953c Adds support to the hexDecode transformation 
Issue: #973
 2016-05-25 18:49:34 -03:00
Felipe Zimmerle
2b056485d0 Adds support to Utf8ToUnicode transformation 
Issue #974
 2016-05-25 18:21:26 -03:00
Felipe Zimmerle
b7e82261ce Adds support to removeComments transformation on libmodsec 
Issue #970
 2016-05-25 11:17:32 -03:00
Felipe Zimmerle
7ccf54d330 Adds md5 transformation 
Replaced the old md5 implementation by the mbetls one.
 2016-05-24 21:28:19 -03:00
Felipe Zimmerle
bf4a9d7633 Adds support to base64DecodeExt transformation 
More info on #964
 2016-05-24 21:28:19 -03:00