github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-16 01:22:18 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,272 Commits 55 Branches 109 Tags
7aae94b286aea141ee4f8a1e62789e91e922c015
Commit Graph

112 Commits

Author SHA1 Message Date
Martin Vierula
cb4d7ae371 Adjust some copyright dates 2023-10-31 06:23:19 -07:00
Martin Vierula
36adc58ea3 const-ify some references (satisfy cppcheck) 2023-10-27 06:20:01 -07:00
Martin Vierula
118e1b3a44 Support expirevar for in-memory collection 2023-09-29 11:40:03 -07:00
Martin Vierula
f812a3d725 Make MULTIPART_PART_HEADERS accessible to lua 2023-06-14 09:28:04 -07:00
Martin Vierula
b8e1aedef3 Fix: Lua scripts cannot read whole collection at once 2023-06-13 06:41:40 -07:00
martinhsv
09a135baab Merge pull request #2736 from brandonpayton/add-regex-match-limits-and-error-reporting 
Add isolated PCRE match limits as a layer of ReDoS defense
 2023-05-09 06:09:28 -07:00
Martin Vierula
1078a7cfab Change some parms from pass-by-value to reference-to-const 2023-04-29 13:21:00 -07:00
Martin Vierula
4fac8d72f4 Address some constParameter complaints from cppcheck 2023-04-28 08:20:37 -07:00
Brandon Payton
f3d8198b84 Respond to code review feedback 2023-04-11 13:47:02 -04:00
Brandon Payton
0c42ee229e Switch to simpler PCRE error flags 2023-04-11 13:44:07 -04:00
Brandon Payton
8c269d31c5 Update Regex util to support match limits 
If the rx or rxGlobal operator encounters a regex error,
the RX_ERROR and RX_ERROR_RULE_ID variables are set.
RX_ERROR contains a simple error code which can be either
OTHER or MATCH_LIMIT. RX_ERROR_RULE_ID unsurprisingly
contains the ID of the rule associated with the error.
More than one rule may encounter regex errors,
but only the first error is reflected in these variables.
 2023-04-11 13:40:40 -04:00
Martin Vierula
fa6e41857d Multipart parsing fixes and new MULTIPART_PART_HEADERS collection 2022-09-07 06:29:20 -07:00
Martin Vierula
b41139acd6 Fix: MULTIPART_INVALID_PART connected to wrong internal variable 2022-08-17 16:15:06 -07:00
Martin Vierula
606f5721c2 Change some parms to const reference (satisfies cppcheck) 2022-04-27 08:57:09 -07:00
Felipe Zimmerle
3748d62f19 Changes copyright dates on the code 2021-01-19 09:24:37 -03:00
Felipe Zimmerle
f18595f428 Makes regular expression selection on collections key case insensitive 
This issue was initially reported by @michaelgranzow-avi on #2296.

@airween made an initial attempt to provide a fixed at #2107; As a
consequence of the pull request review - provided by @victorhora,
@zimmerle, and @michaelgranzow-avi - @airween made a second attempt
at #2297. After reviewing by @martinhsv, @zimmerle, I have absorbed
the essential pieces from @airween patch into this one.

This patch differs from @airween's because @airween's patches were
partially working: Key exclusions with regex weren't covered, same
for anchored variables (e.g. ARGS). During the review, I have
highlighted the importance of having elementary test cases. A simple
test case on ARGS could spot the issue. Since that is an important
fix, I don't want to hold this for one more review cycle; therefore,
I am committing the fix myself.

Thank you all involved in the solution of this very own issue.
 2020-12-10 10:05:07 -03:00
Felipe Zimmerle
4b425850cf Cosmetics: fix cppcheck warnings 2020-10-23 08:29:07 -03:00
Felipe Zimmerle
7a48245aed Creates RuleUnconditional 
Makes RuleScript child of RuleWithActions instead of Operator
 2020-03-31 14:44:19 -03:00
Felipe Zimmerle
59d4268882 Refactoring: renames Rule to RuleWithOperator 2020-03-31 10:00:08 -03:00
Felipe Zimmerle
fda03c0016 Yet another refactoring in Rule 2020-03-30 15:38:51 -03:00
Felipe Zimmerle
6a742cdf76 Refactoring: Renames RulesProperties to RulesSetProperties 2020-02-17 13:17:03 -03:00
Felipe Zimmerle
7495675d54 Refactoring: Renames Rules to RulesSet 
RulesSet does not only contain rules but alse properties
 2020-02-11 14:26:47 -03:00
martinhsv
1b1fdc055b Fix rule-update-target exclusions for plain (non-regex) variables 2020-02-11 09:42:37 -03:00
Felipe Zimmerle
357c140003 Changens copyright year 2020-01-31 10:32:37 -03:00
Felipe Zimmerle
fe98ce4c7d Cosmetics: address cppcheck warnings 2020-01-30 18:19:34 -03:00
Felipe Zimmerle
68ef2dece3 Cosmetics: address cppcheck warnings on src/variables 2020-01-27 09:08:31 -03:00
Felipe Zimmerle
4f13fecbaf cppcheck: make static analysis more pedantic 2020-01-22 09:16:10 -03:00
Felipe Zimmerle
86a5f471a9 Cosmetics: fixed static analysis issues. 2020-01-15 20:35:59 -03:00
Felipe Zimmerle
47dd9c5df4 Refactoring on the VariableValue class 2019-06-14 10:13:54 -03:00
Felipe Zimmerle
5472362313 Fix SecRuleUpdateTargetByTag with regular expressions 2019-05-31 01:42:47 -03:00
Julien Leproust
49900eec97 Fix variables output in debug logs 2019-05-27 17:39:04 -03:00
Felipe Zimmerle
4e76c6adf0 Renames namespace Variables to variables 2019-03-06 15:53:20 -03:00
Felipe Zimmerle
ef7f65db90 Changes debuglogs schema to avoid unecessary str allocation 2018-10-23 17:00:16 -03:00
Felipe Zimmerle
8bda7c0a45 Fix RULE lookup in chained rules. 2018-10-23 16:37:54 -03:00
Felipe Zimmerle
3e8e28da48 Refactoring on the RULE variable 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
554251bade Refactoring on the Rule class 2018-10-23 16:26:10 -03:00
Felipe Zimmerle
74841779f8 Adds partial support to UpdateActionById 2018-10-23 16:26:10 -03:00
Felipe Zimmerle
bc3d3f1915 Adds support to setenv action 
Issue #1044
 2018-09-25 10:19:52 -03:00
Felipe Zimmerle
98b9ae659d Having a better organization for Variables:: 2018-09-24 16:39:48 -03:00
Felipe Zimmerle
ee50fea266 Handling key exceptions on the variable itself 
This is the first step towords to solve #1697
 2018-09-24 16:16:30 -03:00
Felipe Zimmerle
892beb5360 Refactoring on {global,ip,resources,session,tx,user} collections 
Now using the same name schema and interface for these "special"
collection.

Fix: #1754, #1778
 2018-05-29 23:48:05 -03:00
Felipe Zimmerle
ac100785d1 Fix compilation issue while xml is disabled 2018-02-21 16:15:05 -03:00
Felipe Zimmerle
eeec7efb68 Renames collection::Variable to VariableValue 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
de7c5c89bb Using shared var for variables names 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
6f7fdd9493 Using direct variable access instead m_collections 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
f17af95728 Using RunTimeString on setvar action 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
2d892a3176 Adds support for multipart vars on the parser 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
3fb71f32d8 Coding style fixes 2017-11-13 22:32:11 -03:00
Felipe Zimmerle
23cf656f93 Adds support to WEBAPPID variable 2017-11-08 10:28:56 -03:00
Felipe Zimmerle
082a3e3287 Adds support to SecWebAppID 2017-11-08 09:33:14 -03:00