github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,909 Commits 55 Branches 109 Tags
Commit Graph

477 Commits

Author SHA1 Message Date
Felipe Zimmerle
7c6bf810e4
CHANGES: Preparing to 3.0.4+ 2020-01-14 11:02:44 -03:00
Felipe Zimmerle
753145fbd1
Change release version to v3.0.4 2020-01-10 09:32:41 -03:00
martinhsv
0470168056 Fix: audit log data omitted when nolog,auditlog 2020-01-07 11:16:07 -03:00
root
6624a18a4e
Fixed inspectFile operator does not pass FILES_TMPNAMES 
pass FILES_TMPNAMES variable to lua engine Fixed Lua engine
should also be aware of the variable and pass it to the target
lua script main function
 2019-11-26 08:40:53 -03:00
Felipe Zimmerle
05e9e7cf31
XML: Remove error messages from stderr 2019-11-25 09:27:11 -03:00
Felipe Zimmerle
42a16c71cf
CHANGES: Adds info about #1645 2019-11-22 14:49:50 -03:00
martinhsv
ea7cacf289
Additional adjustment to Cookie header parsing 2019-11-21 16:50:27 -03:00
martinhsv
6395fe07ce
Restore chained rule logging to be more like 2.9 2019-11-21 08:21:59 -03:00
Ervin Hegedus
038522ad9b
Small fixes in log messages to help debugging 2019-11-20 15:24:30 -03:00
martinhsv
b8160cce6b Fix Cookie header parsing issues 2019-11-20 08:51:06 -03:00
martinhsv
199a9db3e2
Fix nolog rules logging to part H 2019-11-11 13:50:44 -03:00
martinhsv
9cac167faf Fix argument key-value pair parsing cases 2019-11-05 13:06:29 -03:00
martinhsv
68c995ca98 Fix: audit log part for response body for JSON format to be E 2019-10-25 09:51:26 -03:00
Victor Hora
d4dc3dbf2a
Make sure m_rulesMessages is filled after successfull match 2019-10-16 09:40:04 -03:00
Felipe Zimmerle
beedddd6c6 Fix @pm lookup for possible matches on offset zero 2019-10-02 08:05:14 -07:00
Felipe Zimmerle
341a5d01e1
CHANGES: Regex lookup on the key name instead of COLLECTION:key 2019-06-26 11:01:43 -03:00
Felipe Zimmerle
74eee9330b
CHANGES: Adds info about #2106 2019-06-17 14:57:13 -03:00
Felipe Zimmerle
cbd15ec138
CHANGES: Adds info about #2113, #2111 2019-06-04 10:30:19 -03:00
Felipe Zimmerle
f50700e9d4
CHANGES: Adds info about #1960 2019-06-03 19:56:24 -03:00
Felipe Zimmerle
1cc22966db
CHANGES: Adds info on "Having body limits to respect ..." 2019-06-03 14:15:49 -03:00
Felipe Zimmerle
c7fe50e5be
CHANGES: Adds info about #1872 2019-05-31 11:52:32 -03:00
Felipe Zimmerle
b5823d4e0c CHANGES: Adds info about #2099, #2102 2019-05-30 10:22:00 -03:00
Felipe Zimmerle
7e8782d977
CHANGES: Adds info about #2063 2019-05-29 22:05:28 -03:00
Felipe Zimmerle
f752291af8
CHANGES: Adds info about #2057 2019-05-27 17:43:06 -03:00
Felipe Zimmerle
25e4445834
CHANGES: Adds info about #2059 2019-05-27 17:14:29 -03:00
Felipe Zimmerle
a0a99319a2
CHANGES: Adds info about #2068 2019-05-27 17:08:44 -03:00
Felipe Zimmerle
033942c925
CHANGES: Adds info about #2073 2019-05-27 17:05:16 -03:00
Felipe Zimmerle
61c11251b6
parser: Fix filename 2019-04-23 13:17:23 -03:00
Felipe Zimmerle
44efae6cdc
CHANGES: Adds info about #2024 2019-02-12 09:32:26 -03:00
Felipe Zimmerle
b392a1ca36
CHANGES: Adds info about #2016 2019-02-12 09:16:25 -03:00
Felipe Zimmerle
ac61bf5fda
CHANGES: Adds info about #2017 2019-02-12 09:11:31 -03:00
Felipe Zimmerle
2dff768262
Removes a memory leak on the JSON parser 2019-02-11 10:17:02 -03:00
Felipe Zimmerle
f77db2cc2e
CHANGES: dds info about #2011 2019-01-28 16:43:31 -03:00
Felipe Zimmerle
dc78c0e180
Fix: Extra whitespace in some configuration directives causing error 
Issue #2006
 2019-01-21 14:44:31 -03:00
WGH
ad28de4f14 Refactor regex code 
This commit fixes quite a few odd things in regex code:
 * Lack of encapsulation.
 * Non-method functions for matching without retrieving all groups.
 * Regex class being copyable without proper copy-constructor (potential UAF
   and double free due to pointer members m_pc and m_pce).
 * Redundant SMatch::m_length, which always equals to match.size() anyway.
 * Weird SMatch::size_ member which is initialized only by one of the three matching
   functions, and equals to the return value of that function anyways.
 * Several places in code having std::string value instead of reference.
 2019-01-18 10:34:01 -03:00
Felipe Zimmerle
e0a0fa05cc
CHANGES: Info on #2002 2019-01-14 16:29:48 -03:00
Felipe Zimmerle
3c1fba278c
CHANGES: Adds info about #1990 2019-01-08 10:35:33 -03:00
Felipe Zimmerle
d00ea5111d
Adds initial support to drop action 2018-12-24 16:35:41 -03:00
Felipe Zimmerle
ba4273b8ec
CHANGES: Adds info on #1978 2018-12-24 13:59:21 -03:00
Felipe Zimmerle
4283883695
CHANGES: Adds info on #1984 2018-12-17 10:21:25 -03:00
Felipe Zimmerle
a9e9da8694
CHANGES: Adds info on #1980 2018-12-10 15:09:09 -03:00
Felipe Zimmerle
1ecd971306
CHANGES: Updates issue #1973 2018-12-04 10:50:16 -03:00
Felipe Zimmerle
07330e53f1
CHANGES: Updates issue #1969 2018-11-29 21:49:41 -03:00
Felipe Zimmerle
25bb1f1bcc
Changes ENV test case to read the default MODSECURTIY env var 2018-11-29 15:21:28 -03:00
Felipe Zimmerle
b736f0292d
Regression: Sets MODSECURITY env var during the tests execution 2018-11-29 15:19:58 -03:00
Felipe Zimmerle
407b6c0f4b
Fix setenv action to strdup key=variable 2018-11-29 15:18:15 -03:00
Felipe Zimmerle
af137442d5
CHANGES: Adds @steven-j-wojcik to 0xb7c36 and 0x5ac20. 2018-11-29 13:31:46 -03:00
Felipe Zimmerle
d2b14de268
Allow 0 length JSON requests 
As discussed at: #1822
 2018-11-29 10:39:46 -03:00
Felipe Zimmerle
d29f2a8986
CHANGES: Adds info about #1966 2018-11-29 10:00:38 -03:00
Felipe Zimmerle
2d3d56aa4b
CHANGES: Adds info about #1949 2018-11-27 10:10:06 -03:00