github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,964 Commits 55 Branches 109 Tags
Commit Graph

2964 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Wenfeng Liu
ec1112c648
Fix memory leak in AuditLog::init() 2018-10-23 16:39:15 -03:00
Felipe Zimmerle
8c549c65c4
CHANGES: Adds info on #1901 2018-10-23 16:39:12 -03:00
Steven
b12a8f5c6f
Fix RulesProperties::appendRules() 
RulesProperties::appendRules() was not checking for duplicate IDs as well as
throwing an error if there were secMarkers in more than one file (when
calling any combination of rules->load(), rules->loadFromUri() or
rules->loadRemote() more than once). To fix the secMarker issue, the if
statement on rules_properties.h:441 just needed to be negated.

This function also doesn't accurately check for duplicate IDs. the check
can be circumvented by putting the rule in a different phase. To fix this
the ruleId list (v) had to be populated completely before checking against
the other list.
 2018-10-23 16:39:04 -03:00
Felipe Zimmerle
f1da6dd29b
CHANGES: Adds info on 0x3077c 2018-10-23 16:38:59 -03:00
Felipe Zimmerle
8bda7c0a45
Fix RULE lookup in chained rules. 2018-10-23 16:37:54 -03:00
Felipe Zimmerle
120108fd33
Adds support for /32 in @ipMatch cidr notation. 
/32 is the representation of the ip itself. Not sure if it is needed,
but there is a complaint for that: #849
 2018-10-23 16:37:53 -03:00
Felipe Zimmerle
a5a40a71a9
Makes matchedvars inline 2018-10-23 16:37:49 -03:00
Felipe Zimmerle
b58018e778
Fix multimatch behavior to match what we have on v2 2018-10-23 16:37:42 -03:00
Felipe Zimmerle
a47738ab04
CHANGES: Adds info about: 0x14316 2018-10-23 16:37:28 -03:00
Felipe Zimmerle
dba73f5367
Using values after transformation at MATCHED_VARS 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
7c50fa7c00
Small fix on @detectXSS test case 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
85ecd190d9
Adds full support to UpdateActionById. 
Issue #1800
 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
3e8e28da48
Refactoring on the RULE variable 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
554251bade
Refactoring on the Rule class 2018-10-23 16:26:10 -03:00
Felipe Zimmerle
74841779f8
Adds partial support to UpdateActionById 2018-10-23 16:26:10 -03:00
Victor Hora
68398a51f3 CHANGES: adds info on #1922 2018-10-13 19:27:08 -04:00
Steven
004047ef6c Add correct C function prototypes for msc_init and msc_create_rule_set 2018-10-13 19:25:13 -04:00
Victor Hora
c1925a4677 CHANGES: adds info on #1909 and #1185 2018-10-12 17:36:28 -04:00
Victor Hora
20ef01d75c Allow LuaJIT 2.1 to be used 2018-10-12 17:32:10 -04:00
Victor Hora
28f6f2201f Match m_id JSON log with RuleMessage and v2 format 2018-10-12 13:10:11 -04:00
Felipe Zimmerle
bc3d3f1915
Adds support to setenv action 
Issue #1044
 2018-09-25 10:19:52 -03:00
Felipe Zimmerle
4dd2812757
Adds new transaction constructor that accepts the transaction id as parameter. 2018-09-24 21:36:06 -03:00
Felipe Zimmerle
c721e101c0
Adds request IDs and URIs to the debug log 2018-09-24 21:07:11 -03:00
Felipe Zimmerle
0e8cd767e7
CHANGES: Adds info about: 0x028e0 and 0x275a1 2018-09-24 16:40:34 -03:00
Felipe Zimmerle
cdf2da1a09
Adds test case related to issue #1725 2018-09-24 16:39:57 -03:00
Felipe Zimmerle
98b9ae659d
Having a better organization for Variables:: 2018-09-24 16:39:48 -03:00
Felipe Zimmerle
ee50fea266
Handling key exceptions on the variable itself 
This is the first step towords to solve #1697
 2018-09-24 16:16:30 -03:00
Victor Hora
0d53111cb0 CHANGES: Adds info about: #1859 2018-09-19 19:51:20 -04:00
Victor Hora
5aa79c17f2 Add test cases for m.setvar in Lua scripts 2018-09-19 19:47:05 -04:00
Victor Hora
6f458b5203 Fix on top of jmx's m.setvar commit for USER collection in Lua scripts 2018-09-19 19:41:49 -04:00
jxm
45cdb0ed90 fix: function m.setvar not work in lua script 2018-09-19 19:34:13 -04:00
Felipe Zimmerle
c2bc695265
parser: Fix typo on SanitiseArgs 
Related to: #715 and #1889
 2018-09-12 09:37:34 -03:00
Felipe Zimmerle
9c73c09abd
parser: Updates the generated parser file 2018-09-11 21:01:13 -03:00
Victor Hora
a719871458
Fix matching condition and adjust test case 2018-09-11 20:53:17 -03:00
Victor Hora
379f370095
Fix SecResponseBodyAccess and ctl:requestBodyAccess directives 2018-09-11 20:52:30 -03:00
Victor Hora
5c048e3cc4
Explicitly include time.h to fix building the examples 2018-09-11 20:46:19 -03:00
Victor Hora
dce2fed310
Add exception to linker as OpenBSD doesn't like static 2018-09-11 20:45:58 -03:00
Victor Hora
0c0b09ec52
Use glob.h when using OpenBSD 2018-09-11 20:45:58 -03:00
Victor Hora
d97688804e
Fix parser to support GeoLookup with MaxMind 2018-09-11 20:40:28 -03:00
Victor Hora
0a88e0237f
Allow libMaxmind to work with Ubuntu PPA packages 2018-09-11 20:36:30 -03:00
Felipe Zimmerle
dfbff090be
test case: Adds test case related to #1831 2018-09-11 15:40:41 -03:00
Felipe Zimmerle
764a2e43ff
parser: Fix simple quote setvar in the end of the line. 
Fix #1831
 2018-09-11 15:35:26 -03:00
Felipe Zimmerle
738e328723
CHANGES: Adds info about: #1847 2018-09-06 15:39:42 -03:00
Guillaume Quintard
788b696421
Fix pc file 
the include path can't have @PACKAGE@ at the end as we include headers
with

 #include <modsecurity/modsecurity.h>

so it's already in there
 2018-09-06 15:38:17 -03:00
Felipe Zimmerle
16ab99ce3e
modsec_rules_check: uses the gnu .la' instead of .a' file 2018-09-06 11:48:14 -03:00
Felipe Zimmerle
d7b9726357
good practices: Initialize variables before use it 
Original author: Marc Stern (#1889)
 2018-09-05 23:35:24 -03:00
Felipe Zimmerle
d302b99ec5
Adds test case for: #1812 2018-09-05 16:00:42 -03:00
Felipe Zimmerle
4585216ae6
Adds more tests to REQUEST_BASENAME 
Meant to test #1795
 2018-09-04 22:02:56 -03:00
Felipe Zimmerle
a85ca00a55
Fix utf-8 character encoding conversion 
Reported on: #1794
 2018-09-04 21:01:11 -03:00
Victor Hora
90197bdd99 CHANGES: Adds info about: #1807 2018-08-23 12:09:21 -04:00