github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-16 08:27:10 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,016 Commits 55 Branches 109 Tags
8191b7efc8887dbd7c8fd1c7d206b15d1943cfda
Commit Graph

104 Commits

Author SHA1 Message Date
Victor Hora
a66acebc05 Add missing verify*** transformation statements to parser 2018-03-05 17:50:14 -03:00
Felipe Zimmerle
8bb64c3ee3 Code cosmetics: removes an unused piece of code 2018-03-01 11:52:01 -03:00
Felipe Zimmerle
c8666fae31 Check for disruptive action on SecDefaultAction 2018-02-28 14:02:47 -03:00
Victor Hora
ab78b0cfb1 Add missing Base64 transformation statements to parser 2018-02-23 10:34:32 -03:00
Felipe Zimmerle
43bba3f942 Removes the depricated MacroExpansion class 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
f17af95728 Using RunTimeString on setvar action 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
a6830c76f2 parser refactoring: ops no longer carry a payload 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
a299997e02 Using run time string on the operators 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
2d892a3176 Adds support for multipart vars on the parser 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
6fe8655ed9 Adds support for RunTimeString 
Using RunTimeStrings instead of runtime parser for
macro expansion.
 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
eaa4770c5d Fix issue related to Lua script load 2017-12-13 16:20:18 -03:00
Felipe Zimmerle
23cf656f93 Adds support to WEBAPPID variable 2017-11-08 10:28:56 -03:00
Felipe Zimmerle
082a3e3287 Adds support to SecWebAppID 2017-11-08 09:33:14 -03:00
Felipe Zimmerle
ec667a4609 Adds support for SecRuleRemoveByTag 2017-11-07 14:52:50 -03:00
Felipe Zimmerle
4d7fd5c30a Adds support for update target by message 2017-11-06 23:29:25 -03:00
Felipe Zimmerle
cb3363c7d5 Adds support for the exec action 2017-11-05 23:31:07 -03:00
Felipe Zimmerle
a676f313c3 Initial support for Lua script engine 2017-11-05 23:30:50 -03:00
Felipe Zimmerle
1866a3a9eb Adds support for the @inspectFile operator 2017-10-31 09:59:17 -03:00
Felipe Zimmerle
9369efcb90 Adds support to the collection RESOURCE 2017-10-30 09:07:49 -03:00
Felipe Zimmerle
7622866f97 Adds support for @fuzzyHash 
Issue #997
 2017-10-26 17:44:17 -03:00
Victor Hora
63bef3d142 Support to JSON stuff on serial logging 2017-10-09 09:02:31 -03:00
Mirko Dziadzka
5c737c2c06 Treat _NAMES variables as collections (#5) 
* Treat _NAMES variables as collections

* Fix an issue with the offset of ARGS_NAMES.

* Fix regression tests for the new behaviour.

* Add generated seclang files.
 2017-08-24 00:39:21 -03:00
Felipe Zimmerle
9069a453e5 Revert "Treating ARGS_NAMES as an array instead of scalar" 
This reverts commit 1d3c4c670d.
 2017-08-24 00:10:42 -03:00
Felipe Zimmerle
1d3c4c670d Treating ARGS_NAMES as an array instead of scalar 
Both value and key are the same.
 2017-08-22 18:26:56 -03:00
Felipe Zimmerle
81879cd131 parser: SecRequestBodyInMemoryLimit is now returning an error msg 2017-08-22 10:44:35 -03:00
Felipe Zimmerle
2cf636cf76 parser: Adds generated parser files after 0xfce65 2017-08-21 23:41:37 -03:00
asterite
039bd2cc84 fix negated implicit @rx operator 
When an operator starts with '!' and no explicit operator
is specified, a negated @rx operator should be created.
Due to a bug, a regular @rx operator with regex starting
with '!' was created. This commit fixes it
 2017-08-20 19:39:05 -03:00
Felipe Zimmerle
945ee27a85 parser: Adds SecRuleUpdateActionById is not yet supported 2017-08-17 15:08:38 -03:00
Felipe Zimmerle
d7eab6b7a3 Adds support to SecRuleRemoveByMsg 2017-08-16 23:42:13 -03:00
Felipe Zimmerle
b4051246b1 Adds support to SecResponseBodyMimeTypesClear 2017-08-16 22:21:03 -03:00
Felipe Zimmerle
48f1470269 Adds support to SecArgumentSeparator 2017-08-16 18:27:51 -03:00
Felipe Zimmerle
a302538521 parser: Adds SecWebAppId not supported note 2017-08-16 17:31:59 -03:00
Felipe Zimmerle
bb2fe0e039 parser: Adds note saying that SecServerSignature is not supported 2017-08-16 17:14:42 -03:00
Felipe Zimmerle
e6cfd5379d parser: Adds SecRuleScript not implemented note 2017-08-16 17:00:36 -03:00
Felipe Zimmerle
9abc37157d parser: Adds msg: ContentInjection is not yet supported 2017-08-16 09:21:23 -03:00
Felipe Zimmerle
c525cbfb20 parser: Adds ability to inform auditlog status without quotes 2017-08-16 00:17:58 -03:00
Victor Hora
53ff0e1a57 Adds initial support to SecHttpBlKey 2017-07-29 00:12:14 -03:00
Felipe Zimmerle
4bec6b0019 Adds support to ctl:ruleEngine 2017-07-27 22:05:10 -03:00
Felipe Zimmerle
e14dc602e5 Adds support to SecRuleUpdateTargetById 2017-07-04 13:13:13 -07:00
Felipe Zimmerle
fba9c20ea1 Adds initial support to SecRuleUpdateTargetByTag 2017-07-03 17:42:34 -07:00
Felipe Zimmerle
c3a0d8d9bb Fix collections element selection by regex 
Reported at #1369
 2017-06-17 00:11:28 -03:00
Felipe Zimmerle
9cb3f23b50 Adds support to setrsc action 2017-06-09 16:59:04 -03:00
Felipe Zimmerle
e795253ecf Fix crash on SecRuleRemoveById malformated parameter 
Fix issue #1440
 2017-06-06 22:14:13 -03:00
Victor Hora
37868d1534 Add missing feature: t:uppercase transformation 2017-06-02 21:47:54 -03:00
Victor Hora
9d70345d3d Add missing hexDecode transformation to seclang parser 2017-05-29 22:48:23 -03:00
Felipe Zimmerle
c97db2f361 Adds verbose message when a resource is not found. 
Fix #1309
 2017-05-02 13:39:37 -03:00
Felipe Zimmerle
b3c8e97ff7 Parse fix: accepting variables in between quotes 2017-03-30 10:02:36 -03:00
Felipe Zimmerle
e95efa05cc Fix assorted memory and static analysis errors 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
f2d149fc5f Extends the direct access model to other collections 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
ca24b6bb06 PoC: Adds support to direct access on ARGS collection 2017-03-06 15:01:59 -03:00