github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-17 14:46:13 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,034 Commits 55 Branches 109 Tags
Commit Graph

179 Commits

Author SHA1 Message Date
Alexey Zelkin
afd7a21d11
Correctly handle return values from pcre_study(3) 
If both function's return value and errptr are NULLs, it means
that pcre_study() does not make sense, so can be ignored.
 2016-07-05 11:48:52 -03:00
Felipe Zimmerle
0d53dda1a1
Adds support to @unconditionalMatch 
Issue #1002
 2016-06-21 13:46:55 -03:00
Felipe Zimmerle
8b9041c2da
Fix memory leak on VerifyCC operator 2016-06-16 12:40:05 -03:00
Felipe Zimmerle
7be5fde62a
Fix memory leak on the @pm operator 
Binary tree was not being cleaned right, now looking (and cleaning)
the sibling nodes.
 2016-06-16 10:37:52 -03:00
Felipe Zimmerle
9919026620
Fixes regarding memory management 
Fixes assorted issues identified by valgrind.
 2016-06-16 00:03:57 -03:00
Felipe Zimmerle
f989ecd5cb Adds support to SecXMLExternalEntity 2016-05-18 17:02:15 -03:00
Felipe Zimmerle
3e8defb853 Adds support to the operator @validateDTD 
Further info #1003
 2016-05-13 09:20:10 -03:00
Felipe Zimmerle
6a40752500 Adds XML variable, xml body request processor and @validateSchema 2016-05-12 11:11:40 -03:00
Felipe Zimmerle
d0e0002283 Fix the regression tests as reported on #1142 2016-05-05 11:29:55 -03:00
Felipe Zimmerle
c43391072c Fix some issues reported by the static analysis 2016-03-18 19:37:51 -03:00
Felipe Zimmerle
e0926fee37 Fix parser error while dealing with operator negation 
This patch closes the issue #960
 2016-03-17 18:06:46 -03:00
Felipe Zimmerle
ed8b0c85d7 Fix `capture' memory management 
The capture action was implemented before the transaction concept.
While partially ported to use the transaction, some of the elements
were not freed correctly. Now it is fully ported to use the class
Transaction.
 2016-02-16 23:24:15 -03:00
Felipe Zimmerle
049e4eb69d Adds support to the @rbl operator 2016-02-11 14:25:58 -03:00
Felipe Zimmerle
a51e707517 Renames class Assay to Transaction 2016-01-13 15:57:00 -03:00
Felipe Zimmerle
ac10d8863c Changes the operator evaluate method to only support two arguments 
Second argument can be empty if there is not need for it.
 2015-12-22 11:53:31 -03:00
Felipe Zimmerle
42ce0475b2 Coding style: changes the namespace in the comments 2015-12-10 13:20:32 -03:00
Felipe Zimmerle
b5a43871e6 Changes library namespace from ModSecurity to modsecurity 2015-12-01 10:55:59 -03:00
Felipe Zimmerle
09a958544d Makes @geoLookup optional depending on the availability of libGeoIP 2015-11-20 11:09:05 -03:00
Felipe Zimmerle
de79848285 Code cosmetics 2015-11-18 12:59:08 -03:00
Felipe Zimmerle
48704c27a9 Removes some memory leaks 2015-10-30 18:59:08 -03:00
Felipe Zimmerle
b6ae0585cd Refactoring: Place m_variables inside Collections 2015-10-29 13:46:45 -03:00
Felipe Zimmerle
787be98122 Refactoring: Pass all the control over the variables to the Variables class 2015-10-28 20:53:19 -03:00
Felipe Zimmerle
7afc07914f Cosmetics: Fix static analysis warnings 2015-10-27 13:58:32 -03:00
Felipe Zimmerle
11a1045f47 Adds support to capture this fingerprint of the detectSQLi operator 2015-10-27 10:40:35 -03:00
Felipe Zimmerle
93031d93d0 Cosmetics: Fix coding style issues 2015-10-27 10:21:14 -03:00
Felipe Zimmerle
2a062b7fe2 Not using pcrecpp on verifycc anymore 2015-10-27 08:55:04 -03:00
Felipe Zimmerle
59af8ab842 Cosmetics: fixed the coding style 2015-10-20 16:05:50 -03:00
Felipe Zimmerle
90c74beca1 Fix the init method signature in some operators 2015-10-20 13:23:08 -03:00
Felipe Zimmerle
c800214e6d Fix pcre_exec matched string 2015-10-16 16:15:39 -03:00
Felipe Zimmerle
e54ef72051 Looks for external resources in the same path of the rule 2015-10-06 09:21:30 -03:00
Felipe Zimmerle
b497091017 Cosmetics: Fix coding style 2015-09-28 16:32:59 -03:00
Felipe Zimmerle
076a02951c Huge performance improvement: passing variables as pointers avoiding copies 2015-09-18 20:21:12 -03:00
Felipe Zimmerle
2451bf05d7 Using pcre (with JIT) instead of pcrecpp 2015-09-17 19:26:44 -03:00
Felipe Zimmerle
ed86c24df6 Adds checks for the NO_LOGS definition and improved the vars resolution time 2015-09-17 17:41:38 -03:00
Felipe Zimmerle
9d60dc6df8 Adds macro expansion for all operators 2015-09-16 11:25:07 -03:00
Felipe Zimmerle
7afd93196d Adds contains to the list of operators compatibles with the capture action 2015-09-03 09:38:19 -03:00
Felipe Zimmerle
1065e297b2 Fix several minor issues on the seclang grammar 2015-08-22 11:06:28 -03:00
Felipe Zimmerle
cff74e7cea Fix ValidateUrlEncoding corner case 2015-08-14 00:40:44 -03:00
Felipe Zimmerle
1de6d07dfd Adds support to the @detectSQLi operator 2015-08-14 00:30:28 -03:00
Felipe Zimmerle
4baee88eb3 Adds support to the @detectXSS operator 2015-08-13 23:38:57 -03:00
Felipe Zimmerle
ad65a1abea Adds @noMatch operator 2015-08-13 23:38:50 -03:00
Felipe Zimmerle
d5fe21ce3c Code cosmetics: reduce the amount of cppcheck warnings 2015-08-12 22:40:26 -03:00
Felipe Zimmerle
21400ba454 Adds support to the @verifyCC operator 2015-08-12 13:14:33 -03:00
Felipe Zimmerle
1b0a918330 Adds support to the @validateUrlEncoding operator 2015-08-11 18:01:39 -03:00
Felipe Zimmerle
a324ff9317 Fix validate byte range table initizliation 2015-08-11 15:34:14 -03:00
Felipe Zimmerle
187be64edf Fix operator instantiation/selection 2015-08-11 15:07:50 -03:00
Felipe Zimmerle
9a7506f9e9 Adds support to the beginsWith operator 2015-08-11 15:07:50 -03:00
Felipe Zimmerle
209a3db47f Adds support to the @endsWith operator 2015-08-11 15:07:45 -03:00
Felipe Zimmerle
fb161a69a9 Removes some warnings by adding missing returns 2015-08-11 13:13:16 -03:00
Felipe Zimmerle
c5a4355348 Fix geolookup operator instantiation 2015-08-10 17:59:09 -03:00