github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,601 Commits 55 Branches 109 Tags
Commit Graph

76 Commits

Author SHA1 Message Date
Ervin Hegedus
c3c2c6f280
Make variable const pointer 2025-03-12 22:19:00 +01:00
Eduardo Arias
2ad87f640f Reference RuleWithActions & Transaction object instead of copying values in RuleMessage 
- Because the lifetime of the RuleMessage instances do not extend beyond
  the lifetime of the enclosing RuleWithActions & Transaction,
  RuleMessage can just reference it and simplify its definition.
- Additionally, make the references const to show that it doesn't modify it.
- Replace RuleMessage copy constructor with default implementations.
- Removed unused RuleMessage assignment operator (which cannot be implemented
  now that it has reference members).
- Removed constructor from RuleMessage pointer.
- Addressed Sonarcloud suggestions: Do not use the constructor's
  initializer list for data member "xxx". Use the in-class initializer
  instead.
 2024-09-04 10:48:07 -03:00
Ervin Hegedus
b4f52325bd
Merge pull request #3228 from eduar-hte/asctime-multithread 
Replace usage of std::ctime, which is not safe in multithread contexts
 2024-08-14 14:55:53 +02:00
Ervin Hegedus
a6b287e120
Merge pull request #3225 from airween/v3/mpinvcharreqbody 
feat: Check if the MP header contains invalid character
 2024-08-14 09:06:14 +02:00
Eduardo Arias
23a341eb6a Calculate sizes of strftime buffers based on format strings 
- Leverage std::size to determine buffer size at compile time.
- Simplified 'TimeMon::evaluate' implementation as it was using strftime
  to get the month, convert the string to int, and then decrement it by
  one to make it zero based. This same value is already available in
  the 'struct tm' previously generated with the call to localtime_r (and
  where the month is already zero-based)
 2024-08-13 13:36:03 -07:00
Ervin Hegedus
6388d88f38
Check if the MP header contains invalid character 2024-08-13 18:26:18 +02:00
Eduardo Arias
77adb57524 Avoid std::string copy in ssplit argument 
- Other minor changes reported by sonarcloud
 2024-08-12 12:59:28 -07:00
Eduardo Arias
1534ee2448 Removed unnecessary copies 2024-08-09 12:52:25 -07:00
Eduardo Arias
373633ffe2 mkstemp is not available in Windows build, replaced with _mktemp_s plus _open. 
- Updated included headers to support compilation on Windows (using
  Visual C++)
- Minor change to use C++ default (zero) initialization instead of
  calling memset.
 2024-05-03 23:05:34 -03:00
Elia Pinto
7fed599fdb src/request_body_processor/multipart.cc: reduce the scope of variable in a for () loop 
In general, it is always preferable to reduce
the scope of a variable in a for loop
 2024-02-29 20:20:41 +01:00
Ervin Hegedüs
6623c0ae29 Changed strip methodology to MULTIPART_PART_HEADERS 2023-04-23 17:32:26 +02:00
Ervin Hegedüs
6fbdee9ff0 Merge branch 'v3/master' of https://github.com/SpiderLabs/ModSecurity into v3/multipartpartheaderfix 2023-04-23 17:17:29 +02:00
Martin Vierula
a5320add21
Refactoring: remove two unneeded local vars from multipart parser 2023-04-17 12:29:40 -07:00
Ervin Hegedüs
514abeb513 Remove EOL chars from MULTIPART_PART_HEADER variable 2023-01-28 21:48:51 +01:00
Ervin Hegedüs
aa44c7b726 Fix FILES_TMP_CONTENT collection key naming mechanism 2022-11-14 17:03:50 +01:00
Martin Vierula
fa6e41857d
Multipart parsing fixes and new MULTIPART_PART_HEADERS collection 2022-09-07 06:29:20 -07:00
Martin Vierula
6e56950cdf
Tolerate other parameters after boundary in multipart C-T 2022-04-26 11:17:46 -07:00
Martin Vierula
f34b49f666
Multipart names may include single quote if double-quote enclosed 2021-12-23 08:02:43 -08:00
martinhsv
65e7e474b1
fix missing parentheses in filename* parsing 2021-05-11 13:46:50 -07:00
martinhsv
fbea73120c
Fix: FILES variable does not use multipart part name for key 2021-01-24 15:06:30 -03:00
Felipe Zimmerle
3748d62f19
Changes copyright dates on the code 2021-01-19 09:24:37 -03:00
martinhsv
d72be1c470
Fix: Only delete Multipart tmp files after rules have run 2020-11-04 13:50:07 -03:00
Felipe Zimmerle
a609249d64
Makes m_id a shared pointer 2020-03-27 15:48:11 -03:00
Felipe Zimmerle
6a742cdf76
Refactoring: Renames RulesProperties to RulesSetProperties 2020-02-17 13:17:03 -03:00
Felipe Zimmerle
7495675d54
Refactoring: Renames Rules to RulesSet 
RulesSet does not only contain rules but alse properties
 2020-02-11 14:26:47 -03:00
martinhsv
136db3e582
Multipart Content-Disposition should allow filename* field 2020-02-11 10:29:38 -03:00
Felipe Zimmerle
357c140003
Changens copyright year 2020-01-31 10:32:37 -03:00
Felipe Zimmerle
fe98ce4c7d
Cosmetics: address cppcheck warnings 2020-01-30 18:19:34 -03:00
Ervin Hegedus
038522ad9b
Small fixes in log messages to help debugging 2019-11-20 15:24:30 -03:00
Ervin Hegedus
17d79ed7ba
Fixed data collecting in multipart parsing 2019-02-12 09:16:07 -03:00
Victor Hora
b638e523af
Make the boundary check less strict as per RFC2046 2018-11-20 22:17:22 -03:00
Felipe Zimmerle
ef7f65db90
Changes debuglogs schema to avoid unecessary str allocation 2018-10-23 17:00:16 -03:00
Ervin Hegedus
4d0ca94490
Modified the false pos. UNMATCHED_BOUNDARY error flag 2018-06-12 01:09:36 -03:00
Ervin Hegedus
af4afd348c
Fixed false positive MULTIPART_UNMATCHED_BOUNDARY errors 2018-06-12 01:09:36 -03:00
Victor Hora
5018358371
Fix variable FILES_TMPNAMES 2018-04-22 11:11:46 -03:00
Felipe Zimmerle
2d892a3176
Adds support for multipart vars on the parser 2018-02-20 13:40:00 -03:00
michaelgranzow-avi
3a048ee2db
Support --enable-debug-logs=no option of configure script (#2) 
* Support --enable-debug-logs=no option of configure script

* Undo unintended white space changes

* Undo more unintended white space changes

* Address review comments - thanks Mirko

* Address more review comments - thanks Mirko
 2017-08-23 23:50:16 -03:00
Felipe Zimmerle
4ad3574cf2
Adds offset regression tests and assorted fixes on var's offsets 2017-03-06 15:02:02 -03:00
Felipe Zimmerle
e95efa05cc
Fix assorted memory and static analysis errors 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
f2d149fc5f
Extends the direct access model to other collections 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
ca24b6bb06
PoC: Adds support to direct access on ARGS collection 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
e95555132e
Contionuation of 1 time variable patch 
Now we have almost 100% of the transaction variables hosted on the
new schema. Variable modifcators (count and exclusion) are not yet
supported on the new schema. Notice that setvar is now using the
parser.
 2017-03-06 15:01:58 -03:00
Felipe Zimmerle
88fb456a16
Cosmetics: Reduces the static analysis warnings 2016-12-28 17:46:47 -03:00
Felipe Zimmerle
2244e874e2
Moves static methods from class String to the namespace string 2016-11-04 16:00:44 -03:00
Felipe Zimmerle
62a0cb468b
Renames utils/msc_string.[h|cc] to utils/string.[h|cc] 2016-11-04 16:00:42 -03:00
Felipe Zimmerle
4ced1d18e0
Using full path in the header inclusion 2016-11-04 14:45:01 -03:00
Felipe Zimmerle
507ec44cc2
Refactoring on `utils.cc' and adjacents 
Completely removed the `utils.cc' by moving residual functions into
sub-classes of `utils/'
 2016-11-03 20:26:27 -03:00
Felipe Zimmerle
73c4d69174
Moves string related functions from utils' to utils/string' 2016-11-03 10:47:22 -03:00
Felipe Zimmerle
b48e4b3a37
refactoring: Moves Phases enum to outside ModSecurity class 2016-10-07 19:05:50 -03:00
Felipe Zimmerle
c680ddf2cd
Refactoring on rulesProperties class 
Among of other things the merge process was improved to detect if
certain properties were set on the origin rule set.
 2016-10-05 12:01:15 -03:00