ModSecurity

mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 07:56:12 +03:00

Author	SHA1	Message	Date
Felipe Zimmerle	8bc8be6429	Cleanup on Action class	2021-03-04 11:11:21 -03:00
Felipe Zimmerle	6e24e60a02	Adds new method for rule merge IMPORTANT: SecDefaultAction specified on a child configuration will overwrite the ones specified on the parent; Previously it was concatenating.	2021-03-01 14:57:58 -03:00
martinhsv	6ca028b6f5	Fix memory leak in rx operator when pattern includes macro	2021-01-25 19:39:10 -03:00
Felipe Zimmerle	3748d62f19	Changes copyright dates on the code	2021-01-19 09:24:37 -03:00
Felipe Zimmerle	9b40a045bb	Cosmetics: fix some cppcheck complains to please QA	2021-01-13 13:30:04 -03:00
martinhsv	b9620c26a0	rx:exit after full match; fix TX population after unused group	2020-06-29 06:13:45 -07:00
Felipe Zimmerle	7a48245aed	Creates RuleUnconditional Makes RuleScript child of RuleWithActions instead of Operator	2020-03-31 14:44:19 -03:00
Felipe Zimmerle	59d4268882	Refactoring: renames Rule to RuleWithOperator	2020-03-31 10:00:08 -03:00
Felipe Zimmerle	fda03c0016	Yet another refactoring in Rule	2020-03-30 15:38:51 -03:00
Felipe Zimmerle	357c140003	Changens copyright year	2020-01-31 10:32:37 -03:00
WGH	ad28de4f14	Refactor regex code This commit fixes quite a few odd things in regex code: * Lack of encapsulation. * Non-method functions for matching without retrieving all groups. * Regex class being copyable without proper copy-constructor (potential UAF and double free due to pointer members m_pc and m_pce). * Redundant SMatch::m_length, which always equals to match.size() anyway. * Weird SMatch::size_ member which is initialized only by one of the three matching functions, and equals to the return value of that function anyways. * Several places in code having std::string value instead of reference.	2019-01-18 10:34:01 -03:00
Felipe Zimmerle	ef7f65db90	Changes debuglogs schema to avoid unecessary str allocation	2018-10-23 17:00:16 -03:00
Felipe Zimmerle	554251bade	Refactoring on the Rule class	2018-10-23 16:26:10 -03:00
Felipe Zimmerle	74841779f8	Adds partial support to UpdateActionById	2018-10-23 16:26:10 -03:00
Felipe Zimmerle	de7c5c89bb	Using shared var for variables names	2018-02-20 13:40:01 -03:00
Felipe Zimmerle	6f7fdd9493	Using direct variable access instead m_collections	2018-02-20 13:40:01 -03:00
Felipe Zimmerle	43bba3f942	Removes the depricated MacroExpansion class	2018-02-20 13:40:01 -03:00
Felipe Zimmerle	a299997e02	Using run time string on the operators	2018-02-20 13:40:00 -03:00
Felipe Zimmerle	768a76a61e	perf. improvement/rx: Only compute dynamic regex in case of macro On #1528 was added the support for macro expansion on @rx operator. The performance improvement suggested on the pull request was not thread safe, therefore removed. This patch adds a performance improvement on top of #1528. The benchmarks points to 10x faster results on OWASP CRS.	2018-02-20 13:39:59 -03:00
Felipe Zimmerle	fa7973a4ef	Removes a regex optimization added at #1536	2017-10-06 20:32:40 +00:00
asterite	a76030256e	support macro expansion in @rx try to use macro expansion on @rx argument before matching. If after expansion argument changed, make new Regex from the macro-expanded argument and use that for matching. Fixes #1528	2017-10-06 20:30:00 +00:00
michaelgranzow-avi	3a048ee2db	Support --enable-debug-logs=no option of configure script (#2 ) * Support --enable-debug-logs=no option of configure script * Undo unintended white space changes * Undo more unintended white space changes * Address review comments - thanks Mirko * Address more review comments - thanks Mirko	2017-08-23 23:50:16 -03:00
Felipe Zimmerle	e2af60e765	Expands log_cb to share ruleMessage structure instead text Text version still available and it is the default options	2017-03-06 15:02:04 -03:00
Felipe Zimmerle	ecbf292f6d	Adds first PoC for the operator offset feature	2017-03-06 15:01:59 -03:00
Felipe Zimmerle	eecb90cfd0	setvar: needs review	2016-11-28 12:12:04 -03:00
Felipe Zimmerle	c339194c02	Changes operator rx to use regexp::searchAll	2016-11-22 15:42:35 -03:00
Felipe Zimmerle	4ced1d18e0	Using full path in the header inclusion	2016-11-04 14:45:01 -03:00
Felipe Zimmerle	d0e0002283	Fix the regression tests as reported on #1142	2016-05-05 11:29:55 -03:00
Felipe Zimmerle	ed8b0c85d7	Fix `capture' memory management The capture action was implemented before the transaction concept. While partially ported to use the transaction, some of the elements were not freed correctly. Now it is fully ported to use the class Transaction.	2016-02-16 23:24:15 -03:00
Felipe Zimmerle	a51e707517	Renames class Assay to Transaction	2016-01-13 15:57:00 -03:00
Felipe Zimmerle	42ce0475b2	Coding style: changes the namespace in the comments	2015-12-10 13:20:32 -03:00
Felipe Zimmerle	b5a43871e6	Changes library namespace from ModSecurity to modsecurity	2015-12-01 10:55:59 -03:00
Felipe Zimmerle	c800214e6d	Fix pcre_exec matched string	2015-10-16 16:15:39 -03:00
Felipe Zimmerle	e54ef72051	Looks for external resources in the same path of the rule	2015-10-06 09:21:30 -03:00
Felipe Zimmerle	b497091017	Cosmetics: Fix coding style	2015-09-28 16:32:59 -03:00
Felipe Zimmerle	076a02951c	Huge performance improvement: passing variables as pointers avoiding copies	2015-09-18 20:21:12 -03:00
Felipe Zimmerle	2451bf05d7	Using pcre (with JIT) instead of pcrecpp	2015-09-17 19:26:44 -03:00
Felipe Zimmerle	9d60dc6df8	Adds macro expansion for all operators	2015-09-16 11:25:07 -03:00
Felipe Zimmerle	1065e297b2	Fix several minor issues on the seclang grammar	2015-08-22 11:06:28 -03:00
Felipe Zimmerle	4f47651a6f	Adds variable TX and action "capture".	2015-08-05 10:07:47 -03:00
Felipe Zimmerle	6cd4c0492a	Adds support to the Rx operator	2015-08-03 14:24:17 -03:00
Felipe Zimmerle	dc0b13ad74	Cosmetic: fix copyright header	2015-07-22 23:03:09 -03:00
Felipe Zimmerle	95cb4c56ab	Very first commit: libmodsecurity Check the README.md file for further information about the libmodsecurity.	2015-06-26 14:35:15 -03:00

43 Commits