github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 19:47:47 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,674 Commits 55 Branches 109 Tags
87e64e3c2549d1dadd9d78c37754e185a058aa3d
Commit Graph

190 Commits

Author SHA1 Message Date
Felipe Zimmerle
c97db2f361 Adds verbose message when a resource is not found. 
Fix #1309
 2017-05-02 13:39:37 -03:00
Felipe Zimmerle
b3c8e97ff7 Parse fix: accepting variables in between quotes 2017-03-30 10:02:36 -03:00
Felipe Zimmerle
f2d149fc5f Extends the direct access model to other collections 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
ca24b6bb06 PoC: Adds support to direct access on ARGS collection 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
c1f11ab4e5 Cosmetics: assorted fixes on the coding style 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
b516cc6de1 Adds operation unset to setVar action 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
e95555132e Contionuation of 1 time variable patch 
Now we have almost 100% of the transaction variables hosted on the
new schema. Variable modifcators (count and exclusion) are not yet
supported on the new schema. Notice that setvar is now using the
parser.
 2017-03-06 15:01:58 -03:00
Felipe Zimmerle
703da3c4f0 Adds PoC about 1-time variable resolution and draft for offset 
There is no need for the variable purely associated with the
transaction (transient) be part of collection that demands
lookups. Also, those variables will held the concept of offset:
The offset from the first byte of the request till the start of
the variable.
 2017-03-06 15:01:52 -03:00
Felipe Zimmerle
03d0570e99 Deletes the Rule object in case of a parser failure 2017-03-06 15:01:52 -03:00
Felipe Zimmerle
839ac62585 Fix memory leaks in parser failures 2017-03-06 15:01:51 -03:00
Felipe Zimmerle
5880524db6 cosmetics: Improves the tokens organization 2017-03-06 15:01:51 -03:00
Felipe Zimmerle
60402d8b80 Renames defaultActions to m_defaultActions in RulesProperties 2017-03-06 15:01:50 -03:00
Felipe Zimmerle
59114dd598 Refactoring on the operators parsers (2/2) 
This is the first step towards remove the memory leaks in the parser
 2017-03-06 15:01:50 -03:00
Felipe Zimmerle
9cda4c0be0 cosmetics: Having the parser in a better shape regarding operators 1/2 2017-03-06 15:01:50 -03:00
Felipe Zimmerle
15b81d09e7 Refactoring on the transformation classes 2016-12-28 19:53:37 -03:00
Felipe Zimmerle
9c7416da97 Refactoring the actions classes 2016-12-28 15:20:06 -03:00
Felipe Zimmerle
2e9a35c358 Refactoring on the audit logs implementation 
Among of other things, it is now supporting shared file locks between
different process.
 2016-12-14 23:17:28 -03:00
Felipe Zimmerle
bfc30dad34 Refactoring: how to report to error logs 2016-12-01 01:05:29 -03:00
Felipe Zimmerle
a776cce6d7 Changes RULE variable group to be save at transient collection 2016-11-28 13:00:04 -03:00
Felipe Zimmerle
3ee7b24928 Adds refCounter to actions 2016-11-08 18:14:34 -03:00
Felipe Zimmerle
2244e874e2 Moves static methods from class String to the namespace string 2016-11-04 16:00:44 -03:00
Felipe Zimmerle
62a0cb468b Renames utils/msc_string.[h|cc] to utils/string.[h|cc] 2016-11-04 16:00:42 -03:00
Felipe Zimmerle
424418f54b Renames msc_system.[h|cc] to system.[h|cc] 2016-11-04 16:00:36 -03:00
Felipe Zimmerle
4ced1d18e0 Using full path in the header inclusion 2016-11-04 14:45:01 -03:00
Felipe Zimmerle
507ec44cc2 Refactoring on `utils.cc' and adjacents 
Completely removed the `utils.cc' by moving residual functions into
sub-classes of `utils/'
 2016-11-03 20:26:27 -03:00
Felipe Zimmerle
f1e742c159 Moves system related functions from utils' to utils/system' 2016-11-03 10:48:10 -03:00
Felipe Zimmerle
73c4d69174 Moves string related functions from utils' to utils/string' 2016-11-03 10:47:22 -03:00
Felipe Zimmerle
9733cacd4d Refactoring: moves ctl_ actions into ctl namespace 2016-11-01 14:58:51 -03:00
Felipe Zimmerle
2bb9d7988f Cosmetics: huge refactoring in the parser 
The parser is now more elegant and resilient.
 2016-10-31 17:33:24 -03:00
Felipe Zimmerle
4711644600 dds support to CtlRequestBodyAccess 2016-10-28 09:48:10 -03:00
Felipe Zimmerle
1c21d1aeba Adds support to action CtlRuleRemoveById 2016-10-26 11:00:18 -03:00
Felipe Zimmerle
161cc36acf Adds support to action CtlRuleRemoteTargetById 2016-10-26 10:58:42 -03:00
Felipe Zimmerle
9245369a54 Adds support to action CtlRuleRemoteTargetByTag 2016-10-25 15:43:50 -03:00
Felipe Zimmerle
678a97d0f7 Refectoring on the DebugLog mechanism 
The DebugLog implementation was modified to use shared memory
to keep the information about the opened files and file handles.
The modification was necessary to avoid race-conditions. This
commit also closes the issue SpiderLabs/ModSecurity-nginx#17
 2016-10-18 18:43:51 -03:00
Felipe Zimmerle
b48e4b3a37 refactoring: Moves Phases enum to outside ModSecurity class 2016-10-07 19:05:50 -03:00
Felipe Zimmerle
c680ddf2cd Refactoring on rulesProperties class 
Among of other things the merge process was improved to detect if
certain properties were set on the origin rule set.
 2016-10-05 12:01:15 -03:00
Felipe Zimmerle
8f5c1c3cf6 parser: avoids parser error while loading an empty file 2016-09-22 10:16:00 -03:00
Felipe Zimmerle
37079ef668 Adds support to SecRuleRemoveById 2016-07-18 15:02:38 -03:00
Felipe Zimmerle
c0ebd45a68 Reduces bison required version to test it over the buildbots 2016-07-14 00:20:01 -03:00
Felipe Zimmerle
f72bd587ec Adds support to the allow action 2016-06-30 20:44:51 -03:00
Felipe Zimmerle
b0f69b1262 Adds support to the `skip' action 2016-06-30 10:35:42 -03:00
Felipe Zimmerle
90adb53935 Adds support to JSON request body parser 2016-06-29 21:55:41 -03:00
Felipe Zimmerle
0c0a9b3083 Accepts component signature between brackets 2016-06-23 23:14:01 -03:00
Felipe Zimmerle
a36b2da86a Adds support to the STATUS variable 2016-06-20 20:34:39 -03:00
Felipe Zimmerle
56d084a7f4 Adds support the variable rule 
Issue #1016
 2016-06-20 14:03:45 -03:00
Felipe Zimmerle
9919026620 Fixes regarding memory management 
Fixes assorted issues identified by valgrind.
 2016-06-16 00:03:57 -03:00
Alexey Zelkin
cb91af537c Enforce bison requirement to 3.0.4. 
Previous versions of bison proven to generate broken code which caused to assert() regression
tests of libmodsecurity for clang 3.4 and gcc 4.8.  Upgrading bison to 3.0.4 solved mentioned issues
for FreeBSD 10, CentOS 7, RHEL 7 and Ubuntu 14.
 2016-06-15 23:10:27 -03:00
Felipe Zimmerle
2e3da7ea24 Better support for multipart 
ModSecurity v2.x parser was ported into 3.x branch.

All the multipart related variables should be workbale.
 2016-06-10 09:40:08 -03:00
Felipe Zimmerle
9e5cf2de8e Adds Upload configuration paramters to the libmodsec parser 2016-06-07 14:23:56 -03:00
Felipe Zimmerle
4b9cff3ec7 Partially adds the REMOTE_USER variable support 2016-05-23 11:04:19 -03:00