github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 11:16:33 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,486 Commits 55 Branches 109 Tags
9d062f53a7f8d2581c594555697d019c6747728e
Commit Graph

38 Commits

Author SHA1 Message Date
Felipe Zimmerle
9069a453e5 Revert "Treating ARGS_NAMES as an array instead of scalar" 
This reverts commit 1d3c4c670d.
 2017-08-24 00:10:42 -03:00
Felipe Zimmerle
1d3c4c670d Treating ARGS_NAMES as an array instead of scalar 
Both value and key are the same.
 2017-08-22 18:26:56 -03:00
Felipe Zimmerle
c22658ec80 Adds `msc_update_status_code' method to the libmodsec api 2017-08-20 18:52:50 -03:00
Lasse Karstensen
bce5ef7704 Add the missing g in Transaction::GetReponseBodyLenth() 
This commit fixes a typo in the method name for retrieving
the body length.
 2017-07-28 22:30:25 -03:00
Felipe Zimmerle
4bec6b0019 Adds support to ctl:ruleEngine 2017-07-27 22:05:10 -03:00
Felipe Zimmerle
e2af60e765 Expands log_cb to share ruleMessage structure instead text 
Text version still available and it is the default options
 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
4ad3574cf2 Adds offset regression tests and assorted fixes on var's offsets 2017-03-06 15:02:02 -03:00
Felipe Zimmerle
f2d149fc5f Extends the direct access model to other collections 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
ca24b6bb06 PoC: Adds support to direct access on ARGS collection 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
17e5a63577 Removes memory leak on the "offset" feature 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
c1f11ab4e5 Cosmetics: assorted fixes on the coding style 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
ecbf292f6d Adds first PoC for the operator offset feature 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
e95555132e Contionuation of 1 time variable patch 
Now we have almost 100% of the transaction variables hosted on the
new schema. Variable modifcators (count and exclusion) are not yet
supported on the new schema. Notice that setvar is now using the
parser.
 2017-03-06 15:01:58 -03:00
Felipe Zimmerle
703da3c4f0 Adds PoC about 1-time variable resolution and draft for offset 
There is no need for the variable purely associated with the
transaction (transient) be part of collection that demands
lookups. Also, those variables will held the concept of offset:
The offset from the first byte of the request till the start of
the variable.
 2017-03-06 15:01:52 -03:00
Felipe Zimmerle
a7f465cf3a Avoids string copy by working with pointers while resolving variables 2016-12-28 20:00:14 -03:00
Felipe Zimmerle
bbb61d560c Changes the saving selection for the audit logs 2016-12-28 17:48:21 -03:00
Felipe Zimmerle
c1e96d6c2b Fix rules messages in the audit logs 2016-12-15 23:11:54 -03:00
Felipe Zimmerle
bfc30dad34 Refactoring: how to report to error logs 2016-12-01 01:05:29 -03:00
Felipe Zimmerle
293a849668 Adds m_uri_no_query_string_decoded to transaction 2016-11-22 15:23:47 -03:00
Felipe Zimmerle
4711644600 dds support to CtlRequestBodyAccess 2016-10-28 09:48:10 -03:00
Felipe Zimmerle
fead971558 Cosmetics: Fix typo. Remove not Remote 2016-10-26 11:12:05 -03:00
Felipe Zimmerle
1c21d1aeba Adds support to action CtlRuleRemoveById 2016-10-26 11:00:18 -03:00
Felipe Zimmerle
161cc36acf Adds support to action CtlRuleRemoteTargetById 2016-10-26 10:58:42 -03:00
Felipe Zimmerle
9245369a54 Adds support to action CtlRuleRemoteTargetByTag 2016-10-25 15:43:50 -03:00
Felipe Zimmerle
4cf6c714ac Cosmetics: Fix coding style 2016-07-12 21:59:17 -03:00
Felipe Zimmerle
f72bd587ec Adds support to the allow action 2016-06-30 20:44:51 -03:00
Felipe Zimmerle
b0f69b1262 Adds support to the `skip' action 2016-06-30 10:35:42 -03:00
Felipe Zimmerle
90adb53935 Adds support to JSON request body parser 2016-06-29 21:55:41 -03:00
Felipe Zimmerle
b8bd0c5960 API CHANGE: response status is now set on processResponseHeaders 
That change was needed to move the variable attribution to earliest
as possible. We also have a new field for HTTP_PROTOCOL version used
on the response.
 2016-06-21 09:24:46 -03:00
Felipe Zimmerle
dbaf79fb8e Adds extractArguments facilitator method 
Little refactoring to use this method instead of doing it
manually in different parts of the code.
 2016-06-17 15:15:44 -03:00
Felipe Zimmerle
5c088c8be4 Adds addArgument method to transaction class 
There was a bit of refactoring to use the addArgument function, instead
of adding the items manually.
 2016-06-17 14:34:22 -03:00
Felipe Zimmerle
6a7b970fe3 Adds support to ctl:requestBodyProcessor=XML 2016-05-18 10:30:25 -03:00
Felipe Zimmerle
6a40752500 Adds XML variable, xml body request processor and @validateSchema 2016-05-12 11:11:40 -03:00
Felipe Zimmerle
5643d2fa28 Warming up to the remote collections support 
Huge refactoring to have the code in shape to later support the
remote collections with different backends.
 2016-05-03 17:39:49 -03:00
Felipe Zimmerle
ed8b0c85d7 Fix `capture' memory management 
The capture action was implemented before the transaction concept.
While partially ported to use the transaction, some of the elements
were not freed correctly. Now it is fully ported to use the class
Transaction.
 2016-02-16 23:24:15 -03:00
Felipe Zimmerle
77900ed4e2 Fix rules `messages' on the auditlog 2016-02-10 12:03:52 -03:00
Felipe Zimmerle
9474373264 General improvements on audit logs information 
Making actions: msg, logdata, tag and others to work in the same
fashion that they work on ModSecurity v2.x
 2016-02-05 15:19:53 -03:00
Felipe Zimmerle
aaf995cc71 Adds missing file: transaction.h and removes assay.cc from git 2016-01-14 12:07:25 -03:00