ModSecurity

mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 03:06:33 +03:00

Author	SHA1	Message	Date
Elia Pinto	7fed599fdb	src/request_body_processor/multipart.cc: reduce the scope of variable in a for () loop In general, it is always preferable to reduce the scope of a variable in a for loop	2024-02-29 20:20:41 +01:00
Ervin Hegedüs	6623c0ae29	Changed strip methodology to MULTIPART_PART_HEADERS	2023-04-23 17:32:26 +02:00
Ervin Hegedüs	6fbdee9ff0	Merge branch 'v3/master' of https://github.com/SpiderLabs/ModSecurity into v3/multipartpartheaderfix	2023-04-23 17:17:29 +02:00
Martin Vierula	a5320add21	Refactoring: remove two unneeded local vars from multipart parser	2023-04-17 12:29:40 -07:00
Ervin Hegedüs	514abeb513	Remove EOL chars from MULTIPART_PART_HEADER variable	2023-01-28 21:48:51 +01:00
Ervin Hegedüs	aa44c7b726	Fix FILES_TMP_CONTENT collection key naming mechanism	2022-11-14 17:03:50 +01:00
Martin Vierula	fa6e41857d	Multipart parsing fixes and new MULTIPART_PART_HEADERS collection	2022-09-07 06:29:20 -07:00
Martin Vierula	6e56950cdf	Tolerate other parameters after boundary in multipart C-T	2022-04-26 11:17:46 -07:00
Martin Vierula	f34b49f666	Multipart names may include single quote if double-quote enclosed	2021-12-23 08:02:43 -08:00
Martin Vierula	ac79c1c29b	Support configurable limit on depth of JSON parsing	2021-11-15 18:51:25 -08:00
martinhsv	65e7e474b1	fix missing parentheses in filename* parsing	2021-05-11 13:46:50 -07:00
martinhsv	fbea73120c	Fix: FILES variable does not use multipart part name for key	2021-01-24 15:06:30 -03:00
Felipe Zimmerle	3748d62f19	Changes copyright dates on the code	2021-01-19 09:24:37 -03:00
martinhsv	d72be1c470	Fix: Only delete Multipart tmp files after rules have run	2020-11-04 13:50:07 -03:00
Felipe Zimmerle	4b425850cf	Cosmetics: fix cppcheck warnings	2020-10-23 08:29:07 -03:00
Felipe Zimmerle	a609249d64	Makes m_id a shared pointer	2020-03-27 15:48:11 -03:00
Felipe Zimmerle	6a742cdf76	Refactoring: Renames RulesProperties to RulesSetProperties	2020-02-17 13:17:03 -03:00
martinhsv	f57265a3e2	Support configurable limit on number of arguments processed	2020-02-14 11:00:01 -03:00
Felipe Zimmerle	7495675d54	Refactoring: Renames Rules to RulesSet RulesSet does not only contain rules but alse properties	2020-02-11 14:26:47 -03:00
martinhsv	136db3e582	Multipart Content-Disposition should allow filename* field	2020-02-11 10:29:38 -03:00
Felipe Zimmerle	357c140003	Changens copyright year	2020-01-31 10:32:37 -03:00
Felipe Zimmerle	fe98ce4c7d	Cosmetics: address cppcheck warnings	2020-01-30 18:19:34 -03:00
Felipe Zimmerle	05e9e7cf31	XML: Remove error messages from stderr	2019-11-25 09:27:11 -03:00
Ervin Hegedus	038522ad9b	Small fixes in log messages to help debugging	2019-11-20 15:24:30 -03:00
Ervin Hegedus	17d79ed7ba	Fixed data collecting in multipart parsing	2019-02-12 09:16:07 -03:00
Felipe Zimmerle	2dff768262	Removes a memory leak on the JSON parser	2019-02-11 10:17:02 -03:00
Victor Hora	b638e523af	Make the boundary check less strict as per RFC2046	2018-11-20 22:17:22 -03:00
Felipe Zimmerle	ef7f65db90	Changes debuglogs schema to avoid unecessary str allocation	2018-10-23 17:00:16 -03:00
Ervin Hegedus	4d0ca94490	Modified the false pos. UNMATCHED_BOUNDARY error flag	2018-06-12 01:09:36 -03:00
Ervin Hegedus	af4afd348c	Fixed false positive MULTIPART_UNMATCHED_BOUNDARY errors	2018-06-12 01:09:36 -03:00
Victor Hora	5018358371	Fix variable FILES_TMPNAMES	2018-04-22 11:11:46 -03:00
Felipe Zimmerle	ac100785d1	Fix compilation issue while xml is disabled	2018-02-21 16:15:05 -03:00
Felipe Zimmerle	2b052b0edb	Checking std::deque size before use it	2018-02-20 13:40:01 -03:00
Felipe Zimmerle	2d892a3176	Adds support for multipart vars on the parser	2018-02-20 13:40:00 -03:00
Felipe Zimmerle	3fb71f32d8	Coding style fixes	2017-11-13 22:32:11 -03:00
Felipe Zimmerle	023e7acbad	Refactoring on the JSON parser It also address the issue #1576 and #1577	2017-11-10 17:26:23 -03:00
Felipe Zimmerle	41bf7f716b	Calls xml init and xml cleanup to avoid memory leak Fix #1553	2017-10-10 15:03:50 -03:00
michaelgranzow-avi	3a048ee2db	Support --enable-debug-logs=no option of configure script (#2 ) * Support --enable-debug-logs=no option of configure script * Undo unintended white space changes * Undo more unintended white space changes * Address review comments - thanks Mirko * Address more review comments - thanks Mirko	2017-08-23 23:50:16 -03:00
Lasse Karstensen	5e06a67fbe	Demote log lines to improve debug log SNR. The debug logging is verbose and sometimes hard to read. Demote some of the boilerplate output to log level 9, to make it easier to see the important parts on lower verbosity levels.	2017-07-28 22:11:06 -03:00
Felipe Zimmerle	4ad3574cf2	Adds offset regression tests and assorted fixes on var's offsets	2017-03-06 15:02:02 -03:00
Felipe Zimmerle	6f47462110	Fix compilation when YAJL is not present	2017-03-06 15:02:00 -03:00
Felipe Zimmerle	e95efa05cc	Fix assorted memory and static analysis errors	2017-03-06 15:02:00 -03:00
Felipe Zimmerle	f2d149fc5f	Extends the direct access model to other collections	2017-03-06 15:02:00 -03:00
Felipe Zimmerle	ca24b6bb06	PoC: Adds support to direct access on ARGS collection	2017-03-06 15:01:59 -03:00
Felipe Zimmerle	ecbf292f6d	Adds first PoC for the operator offset feature	2017-03-06 15:01:59 -03:00
Felipe Zimmerle	e95555132e	Contionuation of 1 time variable patch Now we have almost 100% of the transaction variables hosted on the new schema. Variable modifcators (count and exclusion) are not yet supported on the new schema. Notice that setvar is now using the parser.	2017-03-06 15:01:58 -03:00
Felipe Zimmerle	88fb456a16	Cosmetics: Reduces the static analysis warnings	2016-12-28 17:46:47 -03:00
Felipe Zimmerle	2244e874e2	Moves static methods from class String to the namespace string	2016-11-04 16:00:44 -03:00
Felipe Zimmerle	62a0cb468b	Renames utils/msc_string.[h\|cc] to utils/string.[h\|cc]	2016-11-04 16:00:42 -03:00
Felipe Zimmerle	4ced1d18e0	Using full path in the header inclusion	2016-11-04 14:45:01 -03:00

1 2

85 Commits