github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 11:16:33 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,106 Commits 55 Branches 109 Tags
97550881fe7b4b7399c0021a4557c18a6ba39fe2
Commit Graph

295 Commits

Author SHA1 Message Date
Felipe Zimmerle
68152d8d29 Adds test case for issue #1576 2017-11-13 22:32:55 -03:00
Felipe Zimmerle
023e7acbad Refactoring on the JSON parser 
It also address the issue #1576 and #1577
 2017-11-10 17:26:23 -03:00
Felipe Zimmerle
23cf656f93 Adds support to WEBAPPID variable 2017-11-08 10:28:56 -03:00
Felipe Zimmerle
082a3e3287 Adds support to SecWebAppID 2017-11-08 09:33:14 -03:00
Felipe Zimmerle
ec667a4609 Adds support for SecRuleRemoveByTag 2017-11-07 14:52:50 -03:00
Felipe Zimmerle
4d7fd5c30a Adds support for update target by message 2017-11-06 23:29:25 -03:00
Felipe Zimmerle
7d7c0c03c5 Adds missing SecRuleScript test case 2017-11-06 23:27:00 -03:00
Felipe Zimmerle
7fa5ca9ba0 Makes lua optional 2017-11-06 00:44:54 -03:00
Felipe Zimmerle
cb3363c7d5 Adds support for the exec action 2017-11-05 23:31:07 -03:00
Felipe Zimmerle
7bec78a5a5 Adds support for transformations inside Lua engine 2017-11-05 23:31:07 -03:00
Felipe Zimmerle
a676f313c3 Initial support for Lua script engine 2017-11-05 23:30:50 -03:00
Felipe Zimmerle
1866a3a9eb Adds support for the @inspectFile operator 2017-10-31 09:59:17 -03:00
Felipe Zimmerle
9369efcb90 Adds support to the collection RESOURCE 2017-10-30 09:07:49 -03:00
Felipe Zimmerle
e6106ae0eb Fix regression tests for fuzzyHash 2017-10-27 14:47:04 -03:00
Felipe Zimmerle
7622866f97 Adds support for @fuzzyHash 
Issue #997
 2017-10-26 17:44:17 -03:00
Felipe Zimmerle
93e18ca5ea Support pipes inside quoted variable selection 
As of #1591 the pipe support was disable in the general selection which
was also affecting the quoted selection. This pactch adds the support
for pipes inside the quoted selection only.
 2017-10-20 11:02:42 -03:00
Felipe Zimmerle
30797a458b Parser: Pipes are no longer welcomed inside regex dict element selection. 
Issue #1591
 2017-10-17 11:46:44 -03:00
Felipe Zimmerle
1518c43d61 Adds test case for issue #1565 2017-10-11 23:19:20 -03:00
asterite
10c4f9b1b2 add a test for macro expansion in @rx 2017-10-06 20:30:04 +00:00
Felipe Zimmerle
210e72aa21 Consideres under quote variable while loading the rules 2017-10-06 20:25:20 +00:00
Felipe Zimmerle
9069a453e5 Revert "Treating ARGS_NAMES as an array instead of scalar" 
This reverts commit 1d3c4c670d.
 2017-08-24 00:10:42 -03:00
Felipe Zimmerle
1d3c4c670d Treating ARGS_NAMES as an array instead of scalar 
Both value and key are the same.
 2017-08-22 18:26:56 -03:00
asterite
58872e7eda adds a test for validateByteRange with bytes > 127 2017-08-20 20:07:54 -03:00
Lasse Karstensen
7665d96a13 Improve action-allow test titles 2017-08-20 20:00:28 -03:00
Lasse Karstensen
fc06915cc6 Extend RESPONSE_BODY test case. 2017-08-20 20:00:07 -03:00
asterite
b8789ab9f4 add a test for negated implicit @rx operator 2017-08-20 19:39:18 -03:00
Felipe Zimmerle
b4051246b1 Adds support to SecResponseBodyMimeTypesClear 2017-08-16 22:21:03 -03:00
Felipe Zimmerle
56baef5f1f Fix test case as consequence of the changes at #1514 2017-07-28 22:24:21 -03:00
Felipe Zimmerle
0242646610 Adds test case for the ctl:ruleEngine action 2017-07-27 22:10:58 -03:00
Felipe Zimmerle
337216fd87 fix: remove target by {id,tag} are now considering collections 
Fix issue #1409
 2017-07-25 09:19:21 -03:00
Felipe Zimmerle
e14dc602e5 Adds support to SecRuleUpdateTargetById 2017-07-04 13:13:13 -07:00
Felipe Zimmerle
52c5631ae7 Adds test case to UpdateTargetByTag 2017-07-04 11:00:11 -07:00
Felipe Zimmerle
9cb3f23b50 Adds support to setrsc action 2017-06-09 16:59:04 -03:00
Felipe Zimmerle
c97db2f361 Adds verbose message when a resource is not found. 
Fix #1309
 2017-05-02 13:39:37 -03:00
Felipe Zimmerle
6421ff087a Forces disruptive to be first-rule-only 
ModSecurity version 3 is capable to handle disruptive actions in different
rules from the chain. However, lets get it working in the same fashion that
we have in version 2.
 2017-04-24 21:06:35 -03:00
Felipe Zimmerle
e2bbe9858f XML Parser: removes unnecessary message from debug logs 
Fix #44
 2017-04-05 09:40:05 -03:00
Felipe Zimmerle
4ad3574cf2 Adds offset regression tests and assorted fixes on var's offsets 2017-03-06 15:02:02 -03:00
Felipe Zimmerle
c06daba398 Adds support for curl resource on the regression tests 2017-03-06 15:02:01 -03:00
Felipe Zimmerle
f2d149fc5f Extends the direct access model to other collections 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
6abbb7e91e Fix regular expression test case and updates the test list 
Repoted on #1295
 2017-03-06 15:01:52 -03:00
Felipe Zimmerle
a6f07f621d Makes the lexical errors a little bit more verbose 2017-03-06 15:01:51 -03:00
Felipe Zimmerle
59114dd598 Refactoring on the operators parsers (2/2) 
This is the first step towards remove the memory leaks in the parser
 2017-03-06 15:01:50 -03:00
Felipe Zimmerle
a7f465cf3a Avoids string copy by working with pointers while resolving variables 2016-12-28 20:00:14 -03:00
Felipe Zimmerle
1218d8c845 Fix the audit log engine status selection 
SecAuditEngine was not being respected by the auditlog generation
 2016-12-15 14:55:31 -03:00
Felipe Zimmerle
2e9a35c358 Refactoring on the audit logs implementation 
Among of other things, it is now supporting shared file locks between
different process.
 2016-12-14 23:17:28 -03:00
Felipe Zimmerle
bfc30dad34 Refactoring: how to report to error logs 2016-12-01 01:05:29 -03:00
Felipe Zimmerle
9bd37ccb63 Refactoring: Rule class 2016-11-28 13:07:25 -03:00
Felipe Zimmerle
eecb90cfd0 setvar: needs review 2016-11-28 12:12:04 -03:00
Felipe Zimmerle
d3a4ec760c Removes slash from REQUEST_BASENAME 2016-11-22 15:33:32 -03:00
Felipe Zimmerle
c98be42f8f Limits the transformation output to 80 chars in the debug logs 2016-11-16 15:37:52 -03:00