github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 11:16:33 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,777 Commits 55 Branches 109 Tags
b05901e8ae5935cbdbb8db331c11b9b6e8134a42
Commit Graph

868 Commits

Author SHA1 Message Date
Felipe Zimmerle
91daeee9f6 Only calling server log if the message is not disruptive 
The disruptive message is already part of the interception object
 2018-10-25 18:04:27 -03:00
Felipe Zimmerle
448897d297 Marking message as disruptive before generate log msg 2018-10-25 18:04:07 -03:00
Felipe Zimmerle
973c1f1028 Fix rule line number 
Issue #1844
 2018-10-24 21:02:35 -03:00
Felipe Zimmerle
fa5f3784f2 Using shared_ptr instead of unique_ptr on rules exceptions 2018-10-23 17:03:18 -03:00
Felipe Zimmerle
ef7f65db90 Changes debuglogs schema to avoid unecessary str allocation 2018-10-23 17:00:16 -03:00
Felipe Zimmerle
23e0d35d2d Fix the SecUnicodeMapFile and SecUnicodeCodePage 2018-10-23 17:00:11 -03:00
Felipe Zimmerle
69cd61439d Changes the timing to save the rule message 2018-10-23 16:58:42 -03:00
Victor Hora
8088d6af71 Fix crash in msc_rules_add_file() when using disruptive action in child rule inside of chain 2018-10-23 16:39:21 -03:00
Wenfeng Liu
ec1112c648 Fix memory leak in AuditLog::init() 2018-10-23 16:39:15 -03:00
Felipe Zimmerle
8bda7c0a45 Fix RULE lookup in chained rules. 2018-10-23 16:37:54 -03:00
Felipe Zimmerle
120108fd33 Adds support for /32 in @ipMatch cidr notation. 
/32 is the representation of the ip itself. Not sure if it is needed,
but there is a complaint for that: #849
 2018-10-23 16:37:53 -03:00
Felipe Zimmerle
a5a40a71a9 Makes matchedvars inline 2018-10-23 16:37:49 -03:00
Felipe Zimmerle
b58018e778 Fix multimatch behavior to match what we have on v2 2018-10-23 16:37:42 -03:00
Felipe Zimmerle
dba73f5367 Using values after transformation at MATCHED_VARS 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
85ecd190d9 Adds full support to UpdateActionById. 
Issue #1800
 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
3e8e28da48 Refactoring on the RULE variable 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
554251bade Refactoring on the Rule class 2018-10-23 16:26:10 -03:00
Felipe Zimmerle
74841779f8 Adds partial support to UpdateActionById 2018-10-23 16:26:10 -03:00
Victor Hora
20ef01d75c Allow LuaJIT 2.1 to be used 2018-10-12 17:32:10 -04:00
Victor Hora
28f6f2201f Match m_id JSON log with RuleMessage and v2 format 2018-10-12 13:10:11 -04:00
Felipe Zimmerle
bc3d3f1915 Adds support to setenv action 
Issue #1044
 2018-09-25 10:19:52 -03:00
Felipe Zimmerle
4dd2812757 Adds new transaction constructor that accepts the transaction id as parameter. 2018-09-24 21:36:06 -03:00
Felipe Zimmerle
c721e101c0 Adds request IDs and URIs to the debug log 2018-09-24 21:07:11 -03:00
Felipe Zimmerle
98b9ae659d Having a better organization for Variables:: 2018-09-24 16:39:48 -03:00
Felipe Zimmerle
ee50fea266 Handling key exceptions on the variable itself 
This is the first step towords to solve #1697
 2018-09-24 16:16:30 -03:00
Victor Hora
6f458b5203 Fix on top of jmx's m.setvar commit for USER collection in Lua scripts 2018-09-19 19:41:49 -04:00
jxm
45cdb0ed90 fix: function m.setvar not work in lua script 2018-09-19 19:34:13 -04:00
Felipe Zimmerle
c2bc695265 parser: Fix typo on SanitiseArgs 
Related to: #715 and #1889
 2018-09-12 09:37:34 -03:00
Felipe Zimmerle
9c73c09abd parser: Updates the generated parser file 2018-09-11 21:01:13 -03:00
Victor Hora
a719871458 Fix matching condition and adjust test case 2018-09-11 20:53:17 -03:00
Victor Hora
379f370095 Fix SecResponseBodyAccess and ctl:requestBodyAccess directives 2018-09-11 20:52:30 -03:00
Victor Hora
0c0b09ec52 Use glob.h when using OpenBSD 2018-09-11 20:45:58 -03:00
Victor Hora
d97688804e Fix parser to support GeoLookup with MaxMind 2018-09-11 20:40:28 -03:00
Felipe Zimmerle
764a2e43ff parser: Fix simple quote setvar in the end of the line. 
Fix #1831
 2018-09-11 15:35:26 -03:00
Felipe Zimmerle
d7b9726357 good practices: Initialize variables before use it 
Original author: Marc Stern (#1889)
 2018-09-05 23:35:24 -03:00
Felipe Zimmerle
a85ca00a55 Fix utf-8 character encoding conversion 
Reported on: #1794
 2018-09-04 21:01:11 -03:00
Victor Hora
aa158ceef3 Set the correct variable (m_requestBodyType) and add test case 2018-08-22 22:46:37 -03:00
Victor Hora
f999f54eda Adds support for ctl:requestBodyProcessor=URLENCODED 2018-08-22 22:07:04 -03:00
Robert Paprocki
dee9898449 Implement support for Lua 5.1 2018-07-27 15:43:12 -04:00
michaelgranzow-avi
d810de9166 #1818: Variable names must match fully, not partially; also revert to hash table lookup instead of linear search; add test case 2018-06-26 10:47:03 -03:00
Victor Hora
fd8e72fd97 Allow empty strings to be evaluated by regex::searchAll 2018-06-18 22:11:48 -03:00
Felipe Zimmerle
e51297b436 Improvements on top of #1787 2018-06-12 15:43:08 -03:00
Ervin Hegedus
edb5993d5f Fixed LMDB collection errors 2018-06-12 14:47:44 -03:00
Ervin Hegedus
4d0ca94490 Modified the false pos. UNMATCHED_BOUNDARY error flag 2018-06-12 01:09:36 -03:00
Ervin Hegedus
af4afd348c Fixed false positive MULTIPART_UNMATCHED_BOUNDARY errors 2018-06-12 01:09:36 -03:00
Reed Morrison
95048d5fcf Fix ip tree lookup on netmask content 2018-06-07 14:29:27 -03:00
Felipe Zimmerle
202a15bea8 Changes the behavior of the default sec actions 
Fix #1629
 2018-05-31 14:52:53 -03:00
Felipe Zimmerle
892beb5360 Refactoring on {global,ip,resources,session,tx,user} collections 
Now using the same name schema and interface for these "special"
collection.

Fix: #1754, #1778
 2018-05-29 23:48:05 -03:00
Felipe Zimmerle
f928e44765 Revert "Fix memory leak in msc_rules_* C APIs" 
This reverts commit 58701e7e11.

It was breaking the multi-thread examples.
 2018-05-28 18:59:55 -03:00
Wenfeng Liu
b85a645610 Fix race condition in UniqueId::uniqueId() 2018-05-28 18:09:50 -03:00