github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 07:56:12 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,039 Commits 55 Branches 109 Tags
Commit Graph

1022 Commits

Author SHA1 Message Date
Felipe Zimmerle
202a15bea8
Changes the behavior of the default sec actions 
Fix #1629
 2018-05-31 14:52:53 -03:00
Felipe Zimmerle
892beb5360
Refactoring on {global,ip,resources,session,tx,user} collections 
Now using the same name schema and interface for these "special"
collection.

Fix: #1754, #1778
 2018-05-29 23:48:05 -03:00
Felipe Zimmerle
f928e44765
Revert "Fix memory leak in msc_rules_* C APIs" 
This reverts commit 58701e7e11a4f65ee5edc2c142c507e578ff7c1b.

It was breaking the multi-thread examples.
 2018-05-28 18:59:55 -03:00
Wenfeng Liu
b85a645610
Fix race condition in UniqueId::uniqueId() 2018-05-28 18:09:50 -03:00
Wenfeng Liu
58701e7e11
Fix memory leak in msc_rules_* C APIs 2018-05-24 12:51:13 -03:00
Wenfeng Liu
45e531236a
Return false in SharedFiles::open() when an error happens 2018-05-24 10:21:37 -03:00
Wenfeng Liu
fd9a161e74
Use rvalue reference in ModSecurity::serverLog to avoid string copy 2018-05-22 22:41:20 -03:00
Victor Hora
87e64e3c25
Actually fix setvar parsing of quoted data 2018-05-17 13:43:12 -03:00
Robert Paprocki
e4c822e663
Code cleanup: Initialize variables and others good practice 
- initialize invalid_countin UrlDecode :: evaluate
- Free resources before the process die (good practice)
 2018-05-13 17:08:07 -03:00
Felipe Zimmerle
42a472adbd
Check if response body inspection is enabled before process it 2018-05-08 10:59:30 -03:00
Robert Paprocki
2669add8e0
Fix memory leak in processContentOffset 2018-05-03 15:10:01 -03:00
Robert Paprocki
cc72035034
Remove an unused variable 2018-05-03 15:10:00 -03:00
Victor Hora
5e40850697
Fix setvar parsing of quoted data 2018-05-03 14:40:48 -03:00
Robert Paprocki
cd1a058c33
Code cosmetics: Clean up MD5 hexdigest 
The null terminator is not necessary when using this form of the
std::string constructor, and its use was confusing given the extra
indent.
 2018-05-03 13:41:49 -03:00
Felipe Zimmerle
d0b423fdd7
Adds time stamp back to the audit logs 
Fix issue #1762
 2018-05-03 13:37:01 -03:00
Felipe Zimmerle
6f92c8914a
Disables skip counter if debug log is disabled 2018-04-24 14:17:01 -03:00
Victor Hora
bb2ecdf4db
Add missing escapeSeqDecode, urlEncode and trimLeft/Right tfns to parser 2018-04-24 09:26:30 -03:00
Felipe Zimmerle
6d5bb42bd8
Normalizes Bison version 2018-04-24 09:15:39 -03:00
Victor Hora
2037a08b34
Fix STATUS var parsing and accept STATUS_LINE var for v2 backward compatibility 2018-04-24 09:06:39 -03:00
Andrei Belov
268f34bbcc
Fix memory leak in modsecurity::utils::expandEnv() 
Found by ASAN.
 2018-04-23 22:54:13 -03:00
Ervin Hegedus
e7ea5433d5
Initialize m_dtd member in ValidateDTD class as NULL 2018-04-23 22:43:36 -03:00
Andrei Belov
5e65d560f8
Fix utils::string::ssplit() to handle delimiter in the end of string 
This closes #1743.
 2018-04-22 11:37:30 -03:00
Victor Hora
5018358371
Fix variable FILES_TMPNAMES 2018-04-22 11:11:46 -03:00
Andrei Belov
8285a97460
Fix memory leak in Collections 
This closes #1729.
 2018-04-05 09:48:51 -03:00
Felipe Zimmerle
0ca5994744
Adds support for ctl:ruleRemoveByTag action 2018-03-26 17:01:53 -03:00
Andrei Belov
138e301695
Reverse logic of checking output in @inspectFile 
This change makes @inspectFile in ModSecurity 3.x to operate in exact
the same way as it operates in ModSecurity 2.x, so existing helper scripts
like runav.pl [1] will work without any changes.

[1] https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0/master/util/av-scanning/runav.pl
 2018-03-22 23:06:30 -03:00
Felipe Zimmerle
df169ea108
Adds support for libMaxMind 2018-03-22 19:11:42 -03:00
Felipe Zimmerle
7bff76d794
Parser: Updates the generated parser files 2018-03-21 18:18:58 -03:00
Victor Hora
480a2f89d7
Disable SecCollectionTimeout parser error 2018-03-12 22:28:07 -03:00
Victor Hora
22334c9bb6
Adds capture action to detectXSS 2018-03-12 22:10:56 -03:00
Victor Hora
e50c317b7a
Temporarily accept invalid MULTIPART_SEMICOLON_MISSING operator 2018-03-12 20:09:17 -03:00
Felipe Zimmerle
70ace0faa4
Adds capture action to detectSQLi 2018-03-09 12:58:00 -03:00
Felipe Zimmerle
0f361b7065
Adds capture action to RBL 2018-03-09 12:49:12 -03:00
Felipe Zimmerle
df25c48f53
Adds capture action to verifyCC 2018-03-09 11:26:24 -03:00
Felipe Zimmerle
77a885da5f
Adds capture action to verifySSN 2018-03-09 09:42:05 -03:00
Felipe Zimmerle
60b2469097
Updates bison parser 2018-03-08 19:05:53 -03:00
Felipe Zimmerle
0b494c4cdc
Adds capture action to verifyCPF 2018-03-08 19:05:31 -03:00
Victor Hora
64ce41280d
Prettier error messages for unsupported configurations (UX) 2018-03-07 17:58:29 -03:00
Victor Hora
a66acebc05
Add missing verify*** transformation statements to parser 2018-03-05 17:50:14 -03:00
Felipe Zimmerle
8bb64c3ee3
Code cosmetics: removes an unused piece of code 2018-03-01 11:52:01 -03:00
Felipe Zimmerle
450c966da0
Fix a set of compilation warnings 2018-03-01 11:36:31 -03:00
Felipe Zimmerle
c8666fae31
Check for disruptive action on SecDefaultAction 2018-02-28 14:02:47 -03:00
Felipe Zimmerle
6842d4bba8
Fix block-block infinite loop. 
Issue #1614
 2018-02-28 12:05:28 -03:00
Felipe Zimmerle
4ac14a2622
Cosmetics on top of: #1636 2018-02-28 11:03:19 -03:00
Minasu
a0bea7356d
Correction remove_by_tag and remove_by_msg 2018-02-28 10:31:45 -03:00
Hegedüs Ervin
8d61a3df90
Fix LMDB compile error 2018-02-28 08:52:40 -03:00
Felipe Zimmerle
dca642369e
Fix on top of #1677 2018-02-26 17:53:18 -03:00
Andrei Belov
ebc068b8ce
Fix msc_who_am_i() to return pointer to a valid C string 
Previously this function was unusable as it returned pointer
to some garbage data.
 2018-02-23 18:42:33 -03:00
Andrei Belov
b50658d1e3
Fix "make dist" target to include necessary headers for Lua 2018-02-23 14:10:39 -03:00
Andrei Belov
ccc1f2031a
Fix "include /foo/*.conf" for single matched object in directory 2018-02-23 14:01:41 -03:00