github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 13:26:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,239 Commits 55 Branches 109 Tags
Commit Graph

2239 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ervin Hegedus
a217cb1056
Merge pull request #3389 from airween/v2/master 
chore: prepare v2.9.9
v2.9.9 		2025-05-21 21:31:41 +02:00
Ervin Hegedus
0fa2754a0e
Fix change's title 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-05-21 21:15:51 +02:00
Ervin Hegedus
9ab88d6206
chore: prepare v2.9.9 2025-05-21 21:10:34 +02:00
Ervin Hegedus
2714eb2f3f
Merge pull request #3388 from airween/v2/master 
docs: added changes
 2025-05-21 21:03:57 +02:00
Ervin Hegedus
26161b907e
Merge commit from fork 
fix: add ARGS to sanitize list only if it's not added yet
 2025-05-21 20:59:26 +02:00
Ervin Hegedus
cbbbaa6b0c
docs: added changes 2025-05-21 14:36:15 +02:00
Ervin Hegedus
fdfc2d5b21
fix: add ARGS to sanitize list only if it's not added yet 2025-05-19 10:53:50 +02:00
Ervin Hegedus
7d738112d3
Merge pull request #3387 from airween/v2/mutex_create 
chore: log error codes for global mutex failure modes.
 2025-05-19 10:01:34 +02:00
Joe Orton
5aa6ce0aa2
Log error codes for global mutex failure modes. 2025-05-17 14:55:09 +02:00
Ervin Hegedus
38850f912b
Merge pull request #3372 from notroj/v2-gcc-warning-fixes 
Fix compiler warnings from GCC
 2025-05-17 10:09:29 +02:00
Ervin Hegedus
f2996d6dac
Merge pull request #3383 from airween/v2/pcre2default 
chore: refactor build system to use PCRE2
 2025-05-17 09:28:21 +02:00
Joe Orton
de1cf63d26 Fix GCC warning in msc_headers_to_buffer(): 
In file included from /usr/include/stdio.h:970,
                 from modsecurity.h:18,
                 from msc_util.c:15:
In function 'sprintf',
    inlined from 'msc_headers_to_buffer' at msc_util.c:2331:17:
/usr/include/bits/stdio2.h:30:10: warning: '__sprintf_chk' argument 5 overlaps destination object 'buffer' [-Wrestrict]
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
msc_util.c: In function 'msc_headers_to_buffer':
msc_util.c:2306:64: note: destination object referenced by 'restrict'-qualified argument 1 was declared here
 2306 | int msc_headers_to_buffer(const apr_array_header_t *arr, char *buffer,
      |                                                          ~~~~~~^~~~~~
 2025-05-16 09:59:32 +01:00
Joe Orton
9d9a727349 Fix compiler warnings. Reported by GCC with flags: 
-Wall -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS

Note, e.g. sprintf(digest, "%s%02x", digest, ...) is undefined behaviour because
the destination and source variables overlap, and GCC warnings for this.

acmp.c:258:13: warning: 'acmp_clone_node_no_state' defined but not used [-Wunused-function]
apache2_config.c:806:9: warning: unused variable 'offset' [-Wunused-variable]
apache2_config.c:1886:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_config.c:1942:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_config.c:2470:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_config.c:2538:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_util.c:226:11: warning: unused variable 'str' [-Wunused-variable]
apache2_util.c:225:11: warning: unused variable 'saved' [-Wunused-variable]
apache2_util.c:224:11: warning: unused variable 'parse_remote' [-Wunused-variable]
apache2_util.c:223:11: warning: unused variable 'remote' [-Wunused-variable]
msc_status_engine.c:216:17: warning: unused variable 'i' [-Wunused-variable]
msc_status_engine.c:375:55: warning: the address of 'pcre' will always evaluate as 'true' [-Waddress]
msc_crypt.c:67:17: warning: unused variable 'bytes' [-Wunused-variable]
msc_crypt.c:1083:33: warning: variable 'enc' set but not used [-Wunused-but-set-variable]
msc_crypt.c:1090:29: warning: variable 'enc' set but not used [-Wunused-but-set-variable]
/usr/include/bits/stdio2.h:30:10: warning: '__sprintf_chk' argument 5 overlaps destination object 'digest' [-Wrestrict]
msc_json.c:405:11: warning: unused variable 'json_data' [-Wunused-variable]
msc_crypt.c:1097:79: warning: '%s' directive argument is null [-Wformat-overflow=]
msc_logging.c:1144:20: warning: unused variable 'now' [-Wunused-variable]
msc_remote_rules.c:729:19: warning: unused variable 'word' [-Wunused-variable]
msc_remote_rules.c:727:17: warning: unused variable 'tmp' [-Wunused-variable]
msc_remote_rules.c:805:1: warning: control reaches end of non-void function [-Wreturn-type]
msc_tree.c:836:19: warning: unused variable 'ip' [-Wunused-variable]
msc_xml.c:29:44: warning: variable 'entity' set but not used [-Wunused-but-set-variable]
msc_util.c:2627:11: warning: unused variable 'start' [-Wunused-variable]
msc_util.c:2626:17: warning: unused variable 'fd' [-Wunused-variable]
msc_util.c:2624:18: warning: unused variable 'rc' [-Wunused-variable]
msc_util.c:1077:19: warning: array subscript 1 is outside array bounds of 'unsigned char[1]' [-Warray-bounds=]
 2025-05-16 09:59:32 +01:00
Ervin Hegedus
854906de7c
Typo fix 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-05-16 09:40:10 +02:00
Ervin Hegedus
2ed32f2035
Fix option check condition 2025-05-15 21:50:02 +02:00
Ervin Hegedus
d7b38f034e
Refactor code and build system to use libpcre2 as the default 2025-05-15 21:13:52 +02:00
Ervin Hegedus
9bc3300a3a
Merge pull request #3374 from RedXanadu/fix_standalone_error_logging 
Fix error logging for standalone module
 2025-05-14 13:24:42 +02:00
RedXanadu
0c7dadc4c7
Correct indentation 2025-05-14 11:51:01 +01:00
Xanadu
652b942cfb
Add extra conditional compilation for err logging 
Restores the original format string for error logging for ModSecurity
when compiled as a standalone module. Specifically, the format string
has "[client %s]" back again: this is required for standalone modules as
Apache is not present to implicitly log the client source IP address.
 2025-05-14 11:51:01 +01:00
Ervin Hegedus
377629b212
Merge pull request #3379 from airween/v2/extendci 
feat: add 'make test' to v2's workflow
 2025-05-13 22:02:25 +02:00
Ervin Hegedus
1514353b6b
Add --no-install-recommends flag to avoid install "only" recommended packages 
Co-authored-by: Felipe Zipitría <3012076+fzipi@users.noreply.github.com>
 2025-05-11 16:09:49 +02:00
Ervin Hegedus
0710feb06c
feat: add 'make test' to v2's workflow 2025-05-11 10:07:20 +02:00
Ervin Hegedus
888109736b
Merge pull request #3378 from airween/v2/testfix 
fix: 'make test' is able to run again
 2025-05-11 09:26:12 +02:00
Ervin Hegedus
302fce71e8
fix: 'make test' is able to run again 2025-05-10 21:29:17 +02:00
Ervin Hegedus
5f70b3a8a6
Merge pull request #3377 from airween/v2/standalonepcre2 
fix: add PCRE2 capability to standalone module
 2025-05-10 20:56:57 +02:00
Ervin Hegedus
e978a30102
Add comment to explain the if-else-endif statements 2025-05-10 20:36:51 +02:00
Ervin Hegedus
e0e732aaef
Merge pull request #3375 from airween/v2/failjiterr 
fix: add msc_fullinfo() to check JIT compilation
 2025-05-10 20:12:56 +02:00
Ervin Hegedus
c2216b2616
fix: set 'rc' value for fill ovector correctly 2025-05-10 13:34:56 +02:00
Ervin Hegedus
33d0f50698
Add all compilation conditions to the new function 2025-05-10 13:21:29 +02:00
Ervin Hegedus
5f3537ec21
add copilation condition to avoid build error in case of old PCRE 2025-05-10 13:13:55 +02:00
Ervin Hegedus
1549132fb5
chore: refacorize setting of JIT related variables 2025-05-10 13:08:29 +02:00
Ervin Hegedus
06cb10f838
Merge pull request #3376 from airween/v2/makefilefix 
chore: remove unnecessary @LIBXML2_CFLAGS@ from linker flags
 2025-05-10 12:42:58 +02:00
Ervin Hegedus
eaba30f1c7
fix: add PCRE2 capability to standalone module 2025-05-10 11:44:42 +02:00
Ervin Hegedus
d26a1d0d2c
chore: remove unnecessary @LIBXML2_CFLAGS@ from linker flags 2025-05-10 11:12:58 +02:00
Ervin Hegedus
bc500582a2
fix: add msc_fullinfo() to check JIT compilation 2025-05-10 10:13:29 +02:00
Ervin Hegedus
1a2de10b34
Merge pull request #3358 from airween/v2/xmlargsfeat 
feat: improved XMLArgs processing
 2025-05-04 19:46:10 +02:00
Ervin Hegedus
87cbf9ea2e
Update explanation 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-30 08:50:55 +02:00
Ervin Hegedus
19b7e98fb6
Change node value's parsing to concatenate instead of duplicate it every time 2025-04-28 21:12:32 +02:00
Ervin Hegedus
4c043a0889
Change directive format to strict camel case 2025-04-28 21:05:18 +02:00
Ervin Hegedus
bd45108024
Fix error message explanation. 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-27 11:28:18 +02:00
Ervin Hegedus
c11bd6c6f2
Fix retval logic explanation 2025-04-27 11:25:59 +02:00
Ervin Hegedus
ed24e70c58
Typo fix. 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-26 20:37:00 +02:00
Ervin Hegedus
b5188237f4
Typo fix. 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-26 20:36:32 +02:00
Ervin Hegedus
f1ecdb1cf7
Typo fix. 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-26 20:35:44 +02:00
Ervin Hegedus
21d71bb603
Typo fix. 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-26 20:33:12 +02:00
Ervin Hegedus
bfe8047c04
Typo fix. 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-26 20:32:55 +02:00
Ervin Hegedus
c19f90195c
Typo fix. 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-26 20:32:25 +02:00
Ervin Hegedus
c3ab480979
Typo fix. 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-26 20:31:43 +02:00
Ervin Hegedus
321c554965
Typo fix. 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-26 20:25:05 +02:00
Ervin Hegedus
3829d65792
Debug message clarification 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-04-26 20:08:40 +02:00