github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-19 18:54:23 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,538 Commits 55 Branches 109 Tags
7d9c80dedee332a469fb8f16be421ce1dfe31253
Commit Graph

285 Commits

Author SHA1 Message Date
Felipe Zimmerle
6b0ad8049a Having default actions as o shared pointer 2020-03-26 09:59:57 -03:00
Felipe Zimmerle
6367e6d5e9 Having a class Rules 2020-03-24 17:20:10 -03:00
Felipe Zimmerle
6a742cdf76 Refactoring: Renames RulesProperties to RulesSetProperties 2020-02-17 13:17:03 -03:00
Felipe Zimmerle
7495675d54 Refactoring: Renames Rules to RulesSet 
RulesSet does not only contain rules but alse properties
 2020-02-11 14:26:47 -03:00
Felipe Zimmerle
357c140003 Changens copyright year 2020-01-31 10:32:37 -03:00
Felipe Zimmerle
9101a8ab15 Cosmetics: address cppcheck warnings on src/actions 2020-01-22 10:37:51 -03:00
Felipe Zimmerle
86a5f471a9 Cosmetics: fixed static analysis issues. 2020-01-15 20:35:59 -03:00
martinhsv
0470168056 Fix: audit log data omitted when nolog,auditlog 2020-01-07 11:16:07 -03:00
martinhsv
01c7a2689b Fix test issue-1974 2019-10-24 09:57:49 -03:00
Felipe Zimmerle
47dd9c5df4 Refactoring on the VariableValue class 2019-06-14 10:13:54 -03:00
Ervin Hegedus
c0142cf326 Changed compared variables of range id intervall in ruleRemoveById ctl action. #2111 
* changed the variables in clause
* added test case (@theMiddle)
* fixes #2111
 2019-06-04 10:28:30 -03:00
Thierry Fournier
4a3e9734ef fix/minor: Error encoding hexa decimal 
String is defined as an array of char. The char can be negative. The
cast "reinterpret_cast" from char to int keep the negative side, so
the "unsigned char" number 0x91 is negative as "char". When it is
"reinterpret_cast" as integer, it becomes 0xffffff91, so the hexadecimal
display is broken:

   [155493246391.747672] [/absolute?what=badarg2] [9]  T (0) t:hexEncode: "ffffff91ffffffecffffffe6334bffffffebffffff87ffffff9affffff824a06ffffffc33b4cffff (14 characters omitted)"

This patch fix this behavior using classic cast without reinterpret_cast:

   [155493251286.221115] [/absolute?what=badarg2] [9]  T (0) t:hexEncode: "91ece6334beb879a824a06c33b4cb4240e4c6f56"
 2019-05-27 17:06:51 -03:00
Felipe Zimmerle
4e76c6adf0 Renames namespace Variables to variables 2019-03-06 15:53:20 -03:00
Felipe Zimmerle
78b7fa4e2c Adds missing drop.h 2018-12-26 11:05:54 -03:00
Felipe Zimmerle
d00ea5111d Adds initial support to drop action 2018-12-24 16:35:41 -03:00
Felipe Zimmerle
407b6c0f4b Fix setenv action to strdup key=variable 2018-11-29 15:18:15 -03:00
Wenfeng Liu
3b3004d24d Correct the usage of modsecurity::Phases::NUMBER_OF_PHASES 2018-11-27 09:23:00 -03:00
Felipe Zimmerle
ce3abf2626 Adds support to multiple ranges in ctl:ruleRemoveById 
Issue #1956
 2018-11-26 20:48:18 -03:00
Felipe Zimmerle
e712d30c56 Fix setvar to understand Rule variable in collections 
Issue #1961
 2018-11-26 19:49:44 -03:00
Victor Hora
ecad8c6c7e Fix buffer size for utf8toUnicode transformation 2018-11-16 14:58:40 -05:00
Felipe Zimmerle
18cdffdbca Encapsulates int[N] in a class to avoid compilation issues 
Depending on the compiler, there may be a compilation issue with the
usage of std::unique_ptr<int[]>. Therefore encapsulating it inside a
regular class.
 2018-11-01 11:50:15 -03:00
Victor Hora
e3b9f7c913 Fix SecUnicodeMapFile support 
Makes SecUnicodeMapFile read the file and adjust transformation to use the
right variable.
 2018-10-31 22:57:39 -03:00
Felipe Zimmerle
e1e8a01ed2 Override the default status code if not suitable to redirect action 
Issue #1850
 2018-10-30 18:20:23 -03:00
Felipe Zimmerle
448897d297 Marking message as disruptive before generate log msg 2018-10-25 18:04:07 -03:00
Felipe Zimmerle
ef7f65db90 Changes debuglogs schema to avoid unecessary str allocation 2018-10-23 17:00:16 -03:00
Felipe Zimmerle
85ecd190d9 Adds full support to UpdateActionById. 
Issue #1800
 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
3e8e28da48 Refactoring on the RULE variable 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
bc3d3f1915 Adds support to setenv action 
Issue #1044
 2018-09-25 10:19:52 -03:00
Felipe Zimmerle
ee50fea266 Handling key exceptions on the variable itself 
This is the first step towords to solve #1697
 2018-09-24 16:16:30 -03:00
Victor Hora
aa158ceef3 Set the correct variable (m_requestBodyType) and add test case 2018-08-22 22:46:37 -03:00
Victor Hora
f999f54eda Adds support for ctl:requestBodyProcessor=URLENCODED 2018-08-22 22:07:04 -03:00
Robert Paprocki
e4c822e663 Code cleanup: Initialize variables and others good practice 
- initialize invalid_countin UrlDecode :: evaluate
- Free resources before the process die (good practice)
 2018-05-13 17:08:07 -03:00
Felipe Zimmerle
0ca5994744 Adds support for ctl:ruleRemoveByTag action 2018-03-26 17:01:53 -03:00
Felipe Zimmerle
6842d4bba8 Fix block-block infinite loop. 
Issue #1614
 2018-02-28 12:05:28 -03:00
Felipe Zimmerle
eeec7efb68 Renames collection::Variable to VariableValue 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
6f7fdd9493 Using direct variable access instead m_collections 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
43bba3f942 Removes the depricated MacroExpansion class 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
f17af95728 Using RunTimeString on setvar action 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
a299997e02 Using run time string on the operators 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
6fe8655ed9 Adds support for RunTimeString 
Using RunTimeStrings instead of runtime parser for
macro expansion.
 2018-02-20 13:40:00 -03:00
Izik Abramov
e9f3312ea9 fixed compilation error with disable_debug_log flag 2017-12-12 09:48:08 -03:00
Felipe Zimmerle
3fb71f32d8 Coding style fixes 2017-11-13 22:32:11 -03:00
Felipe Zimmerle
082a3e3287 Adds support to SecWebAppID 2017-11-08 09:33:14 -03:00
Felipe Zimmerle
cb3363c7d5 Adds support for the exec action 2017-11-05 23:31:07 -03:00
Felipe Zimmerle
274f9e5aa1 Refactoring on RuleMessage class, now accepting http code as parameter 2017-10-19 23:00:47 -03:00
Felipe Zimmerle
1ad95254cd Avoids unicode initialization on every rules block 
ModSecurity-nginx/#67
ModSecurity/#1563
 2017-10-11 12:40:48 -03:00
michaelgranzow-avi
3a048ee2db Support --enable-debug-logs=no option of configure script (#2) 
* Support --enable-debug-logs=no option of configure script

* Undo unintended white space changes

* Undo more unintended white space changes

* Address review comments - thanks Mirko

* Address more review comments - thanks Mirko
 2017-08-23 23:50:16 -03:00
Felipe Zimmerle
9ee412735d parser: Improves the reading for the url in the redirect action 2017-08-15 15:18:52 -03:00
Lasse Karstensen
515e073503 Rename FromNowOneAllowType to FromNowOnAllowType. 
This misspelling is confusing (is it allow one more rule, or all of
them?) and since v3 isn't released yet, use the major version bump
opportunity to rectify it.
 2017-07-28 22:46:55 -03:00
Felipe Zimmerle
4bec6b0019 Adds support to ctl:ruleEngine 2017-07-27 22:05:10 -03:00