github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-17 22:56:18 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,972 Commits 55 Branches 109 Tags
Commit Graph

359 Commits

Author SHA1 Message Date
Felipe Zimmerle
764a2e43ff
parser: Fix simple quote setvar in the end of the line. 
Fix #1831
 2018-09-11 15:35:26 -03:00
Victor Hora
f999f54eda
Adds support for ctl:requestBodyProcessor=URLENCODED 2018-08-22 22:07:04 -03:00
Victor Hora
87e64e3c25
Actually fix setvar parsing of quoted data 2018-05-17 13:43:12 -03:00
Victor Hora
5e40850697
Fix setvar parsing of quoted data 2018-05-03 14:40:48 -03:00
Victor Hora
bb2ecdf4db
Add missing escapeSeqDecode, urlEncode and trimLeft/Right tfns to parser 2018-04-24 09:26:30 -03:00
Felipe Zimmerle
6d5bb42bd8
Normalizes Bison version 2018-04-24 09:15:39 -03:00
Victor Hora
2037a08b34
Fix STATUS var parsing and accept STATUS_LINE var for v2 backward compatibility 2018-04-24 09:06:39 -03:00
Felipe Zimmerle
0ca5994744
Adds support for ctl:ruleRemoveByTag action 2018-03-26 17:01:53 -03:00
Felipe Zimmerle
df169ea108
Adds support for libMaxMind 2018-03-22 19:11:42 -03:00
Felipe Zimmerle
7bff76d794
Parser: Updates the generated parser files 2018-03-21 18:18:58 -03:00
Victor Hora
480a2f89d7
Disable SecCollectionTimeout parser error 2018-03-12 22:28:07 -03:00
Victor Hora
e50c317b7a
Temporarily accept invalid MULTIPART_SEMICOLON_MISSING operator 2018-03-12 20:09:17 -03:00
Felipe Zimmerle
60b2469097
Updates bison parser 2018-03-08 19:05:53 -03:00
Victor Hora
64ce41280d
Prettier error messages for unsupported configurations (UX) 2018-03-07 17:58:29 -03:00
Victor Hora
a66acebc05
Add missing verify*** transformation statements to parser 2018-03-05 17:50:14 -03:00
Felipe Zimmerle
8bb64c3ee3
Code cosmetics: removes an unused piece of code 2018-03-01 11:52:01 -03:00
Felipe Zimmerle
c8666fae31
Check for disruptive action on SecDefaultAction 2018-02-28 14:02:47 -03:00
Victor Hora
ab78b0cfb1
Add missing Base64 transformation statements to parser 2018-02-23 10:34:32 -03:00
Felipe Zimmerle
43bba3f942
Removes the depricated MacroExpansion class 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
f17af95728
Using RunTimeString on setvar action 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
a6830c76f2
parser refactoring: ops no longer carry a payload 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
a299997e02
Using run time string on the operators 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
6a97dbee7a
Using stack to save parser state 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
b5e996602c
Removes useless state 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
2d892a3176
Adds support for multipart vars on the parser 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
6fe8655ed9
Adds support for RunTimeString 
Using RunTimeStrings instead of runtime parser for
macro expansion.
 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
768a76a61e
perf. improvement/rx: Only compute dynamic regex in case of macro 
On #1528 was added the support for macro expansion on @rx operator.
The performance improvement suggested on the pull request was not
thread safe, therefore removed. This patch adds a performance
improvement on top of #1528. The benchmarks points to 10x faster
results on OWASP CRS.
 2018-02-20 13:39:59 -03:00
Felipe Zimmerle
eaa4770c5d
Fix issue related to Lua script load 2017-12-13 16:20:18 -03:00
Felipe Zimmerle
23cf656f93
Adds support to WEBAPPID variable 2017-11-08 10:28:56 -03:00
Felipe Zimmerle
082a3e3287
Adds support to SecWebAppID 2017-11-08 09:33:14 -03:00
Felipe Zimmerle
ec667a4609
Adds support for SecRuleRemoveByTag 2017-11-07 14:52:50 -03:00
Felipe Zimmerle
4d7fd5c30a
Adds support for update target by message 2017-11-06 23:29:25 -03:00
Felipe Zimmerle
e52bd7d635
Adds support to SecRuleScript directive 2017-11-05 23:31:16 -03:00
Felipe Zimmerle
cb3363c7d5
Adds support for the exec action 2017-11-05 23:31:07 -03:00
Felipe Zimmerle
a676f313c3
Initial support for Lua script engine 2017-11-05 23:30:50 -03:00
Felipe Zimmerle
1866a3a9eb
Adds support for the @inspectFile operator 2017-10-31 09:59:17 -03:00
Felipe Zimmerle
9369efcb90
Adds support to the collection RESOURCE 2017-10-30 09:07:49 -03:00
Felipe Zimmerle
7622866f97
Adds support for @fuzzyHash 
Issue #997
 2017-10-26 17:44:17 -03:00
Felipe Zimmerle
93e18ca5ea
Support pipes inside quoted variable selection 
As of #1591 the pipe support was disable in the general selection which
was also affecting the quoted selection. This pactch adds the support
for pipes inside the quoted selection only.
 2017-10-20 11:02:42 -03:00
Felipe Zimmerle
30797a458b
Parser: Pipes are no longer welcomed inside regex dict element selection. 
Issue #1591
 2017-10-17 11:46:44 -03:00
Victor Hora
63bef3d142
Support to JSON stuff on serial logging 2017-10-09 09:02:31 -03:00
Felipe Zimmerle
210e72aa21
Consideres under quote variable while loading the rules 2017-10-06 20:25:20 +00:00
Mirko Dziadzka
5c737c2c06
Treat _NAMES variables as collections (#5) 
* Treat _NAMES variables as collections

* Fix an issue with the offset of ARGS_NAMES.

* Fix regression tests for the new behaviour.

* Add generated seclang files.
 2017-08-24 00:39:21 -03:00
Felipe Zimmerle
9069a453e5
Revert "Treating ARGS_NAMES as an array instead of scalar" 
This reverts commit 1d3c4c670db1bb475c83cd2f24455bb5bd6ee6a4.
 2017-08-24 00:10:42 -03:00
Felipe Zimmerle
1d3c4c670d
Treating ARGS_NAMES as an array instead of scalar 
Both value and key are the same.
 2017-08-22 18:26:56 -03:00
Felipe Zimmerle
81879cd131
parser: SecRequestBodyInMemoryLimit is now returning an error msg 2017-08-22 10:44:35 -03:00
Felipe Zimmerle
2cf636cf76
parser: Adds generated parser files after 0xfce65 2017-08-21 23:41:37 -03:00
asterite
0be821ded7
change parsing of SetVar actions 
Change tokenization of SetVar expressions and use syntax
analyzer (seclang-parser) to process them. More precisely:
 1 SetVar expression is tokenized in two modes, quoted and
   not quoted, depending on whether it started with single
   quote (')
 2 Variable name and value can consist of multiple tokens,
   which are assembled back in syntax analyzer.
This allows to support escapes (escape single/double quote,
spaces etc.) and correctly detect where the expression ends.
Fixes #1529
 2017-08-21 23:39:12 -03:00
Felipe Zimmerle
e0ebf28540
Adds `$' as a valid character in ruleRemoveTargetById 
Issue #1533
 2017-08-21 22:59:12 -03:00
asterite
039bd2cc84
fix negated implicit @rx operator 
When an operator starts with '!' and no explicit operator
is specified, a negated @rx operator should be created.
Due to a bug, a regular @rx operator with regex starting
with '!' was created. This commit fixes it
 2017-08-20 19:39:05 -03:00