github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-17 22:56:18 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,452 Commits 55 Branches 109 Tags
Commit Graph

255 Commits

Author SHA1 Message Date
Felipe Zimmerle
734f63bd07
Adds support to REQBODY_* varibales in the libmodsec parser 
This commit makes the following variables to be recognizable:
REQBODY_PROCESSOR_ERROR_MSG, REQBODY_PROCESSOR_ERROR,
REQBODY_PROCESSOR, REQBODY_ERROR_MSG|REQBODY_ERROR
 2016-06-16 14:07:26 -03:00
Felipe Zimmerle
9919026620
Fixes regarding memory management 
Fixes assorted issues identified by valgrind.
 2016-06-16 00:03:57 -03:00
Alexey Zelkin
cb91af537c
Enforce bison requirement to 3.0.4. 
Previous versions of bison proven to generate broken code which caused to assert() regression
tests of libmodsecurity for clang 3.4 and gcc 4.8.  Upgrading bison to 3.0.4 solved mentioned issues
for FreeBSD 10, CentOS 7, RHEL 7 and Ubuntu 14.
 2016-06-15 23:10:27 -03:00
Alexey Zelkin
57ad70bb2b
Add missing 'retrun's for functions declared return value. This change fixes SIGILLs on executable built with clang 3.4. 
Tested against FreeBSD 10.3.
 2016-06-15 23:10:27 -03:00
Felipe Zimmerle
2e3da7ea24 Better support for multipart 
ModSecurity v2.x parser was ported into 3.x branch.

All the multipart related variables should be workbale.
 2016-06-10 09:40:08 -03:00
Felipe Zimmerle
9e5cf2de8e Adds Upload configuration paramters to the libmodsec parser 2016-06-07 14:23:56 -03:00
Felipe Zimmerle
8d49903279 Adds support to the transformations parity[even|odd|zero]7bit 
Issues: #968, #969, #967
 2016-05-27 10:45:05 -03:00
Felipe Zimmerle
59b1fe0305 Adds sqlHexDecode tranformation to libmodsecurity parser 2016-05-25 20:24:41 -03:00
Felipe Zimmerle
08df949bf6 Adds md5 transformation to the libmodsecurity parser 2016-05-25 10:30:12 -03:00
Felipe Zimmerle
4b9cff3ec7 Partially adds the REMOTE_USER variable support 2016-05-23 11:04:19 -03:00
Felipe Zimmerle
f989ecd5cb Adds support to SecXMLExternalEntity 2016-05-18 17:02:15 -03:00
Felipe Zimmerle
6a7b970fe3 Adds support to ctl:requestBodyProcessor=XML 2016-05-18 10:30:25 -03:00
Felipe Zimmerle
8c714af8e1 Actions refactoring: now there is a clear definiation on the action name 2016-05-17 14:36:59 -03:00
Felipe Zimmerle
1b88947d9b Adds support 'xmlns' action to the libmodsec parser 2016-05-16 18:24:54 -03:00
Felipe Zimmerle
6a40752500 Adds XML variable, xml body request processor and @validateSchema 2016-05-12 11:11:40 -03:00
Felipe Zimmerle
758ecb5d6d Adds support to USER collection, setuid action and USERID variable 
More details on: #1026, #1024, #1048
 2016-05-09 20:27:08 -03:00
Felipe Zimmerle
ff9aa5c7cf Adds support to the variable SESSIONID 2016-05-06 14:38:38 -03:00
Felipe Zimmerle
a2a47798e9 Adds support to the collection SESSION and setsid action 2016-05-06 14:38:04 -03:00
Felipe Zimmerle
6f93563fc2 Fix in parser: now understanding the removeCommentsChar transformation 
SpiderLabs/ModSecurity#1098
 2016-04-04 15:25:34 -03:00
Felipe Zimmerle
8d052853a8 Adds support to https audit log output 
This functionality was built for test only.
 2016-04-04 13:29:15 -03:00
Felipe Zimmerle
e0926fee37 Fix parser error while dealing with operator negation 
This patch closes the issue #960
 2016-03-17 18:06:46 -03:00
Felipe Zimmerle
f44143436b Fix parser error on free text operator 2016-02-18 10:11:54 -03:00
Felipe Zimmerle
77a1dcab9b parser: fix issue with skipAfter action 
Considering \n and/or \r as the end of the token.
 2016-02-11 16:42:39 -03:00
Felipe Zimmerle
8143f8ea89 Adds support to the action `maturity' 2016-02-10 13:55:12 -03:00
Felipe Zimmerle
714df8db20 Adds support to the action `accuracy' 2016-02-10 13:35:02 -03:00
Felipe Zimmerle
5a2a81a568 Adds support to the action `ver' 2016-02-10 12:53:22 -03:00
Felipe Zimmerle
b06eaadac7 Places the classes related to audit log into a separate namespace 2016-01-14 14:29:36 -03:00
Felipe Zimmerle
d780fd6290 Fix the parse to distinguish between @pm content and a variable 
Before this patch the parser was not understanding @pm content that
contains a variable.
 2016-01-12 13:59:27 -03:00
Felipe Zimmerle
702551ed42 Adds support to action `exec' to sec lang parser 2016-01-12 10:57:06 -03:00
Felipe Zimmerle
923620fbd0 Adds support to the action `allow' in the sec parser 2016-01-12 10:42:36 -03:00
Felipe Zimmerle
7901c2c899 Adds the actions SetSID and SetUID to the seclang parser 2016-01-12 10:34:33 -03:00
Felipe Zimmerle
ab92bed6fa Parser improvement: Supporting variables selection with regex 2016-01-12 09:59:33 -03:00
Felipe Zimmerle
3acc013e49 Improves the secrules parser 2016-01-11 17:50:35 -03:00
Felipe Zimmerle
f23908f145 Improves the secrules parser 2016-01-11 15:14:26 -03:00
Felipe Zimmerle
decf04d264 Adds support to SecResponseBodyMimeType 2015-12-24 11:55:24 -03:00
Felipe Zimmerle
913e22a77d Adds initial support to initcol action 2015-12-22 12:10:15 -03:00
Felipe Zimmerle
fb3696ac04 Fix a few things to provide an easy interface for script bindings 2015-12-22 11:53:36 -03:00
Felipe Zimmerle
215c4d1071 Fix ARGS_POST and ARGS_GET variables order on the parser 2015-12-11 09:26:01 -03:00
Felipe Zimmerle
42ce0475b2 Coding style: changes the namespace in the comments 2015-12-10 13:20:32 -03:00
Felipe Zimmerle
b5a43871e6 Changes library namespace from ModSecurity to modsecurity 2015-12-01 10:55:59 -03:00
Felipe Zimmerle
09a958544d Makes @geoLookup optional depending on the availability of libGeoIP 2015-11-20 11:09:05 -03:00
Andrew Hutchings
c035e76ede Avoid segfault if parser `ref' is empty 2015-11-17 11:28:47 -03:00
Andrew Hutchings
f65b08b066 Fix parser to accept redirect action without single quote 2015-11-17 11:08:39 -03:00
Felipe Zimmerle
e641c3cc17 Huge improve in the variables resolution time 2015-11-03 22:44:59 -03:00
Felipe Zimmerle
48704c27a9 Removes some memory leaks 2015-10-30 18:59:08 -03:00
Felipe Zimmerle
3fff343009 Adds missing variables 2015-10-19 23:04:52 -03:00
Felipe Zimmerle
e65f0db13b Fix on the variable parser 2015-10-19 19:31:23 -03:00
Felipe Zimmerle
e57ee8908f Searches for included configuration using the resource policy 2015-10-07 15:26:08 -03:00
Felipe Zimmerle
e54ef72051 Looks for external resources in the same path of the rule 2015-10-06 09:21:30 -03:00
Felipe Zimmerle
5cc9e94505 Splits operator into OPERATOR and FREE_TEXT on sec lang grammar 2015-10-02 12:07:18 -03:00