github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,932 Commits 55 Branches 109 Tags
b7e28c246f35a0a4f5f3594d8799e9a26d66f3a7
Commit Graph

2932 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
b332018cc2 Adds regressiont test for issue #1152 2016-06-30 23:50:21 -03:00
Felipe Zimmerle
f72bd587ec Adds support to the allow action 2016-06-30 20:44:51 -03:00
Felipe Zimmerle
e77e4c4c14 Adds missing test case to Makefile.am and initializes the skip var 2016-06-30 13:46:15 -03:00
Felipe Zimmerle
b0f69b1262 Adds support to the `skip' action 2016-06-30 10:35:42 -03:00
Alexey Zelkin
f00e625c8e Unbreak build with custom location of libyajl.so 2016-06-30 09:41:26 -03:00
Felipe Zimmerle
90adb53935 Adds support to JSON request body parser 2016-06-29 21:55:41 -03:00
Felipe Zimmerle
2477470607 Adds support to the resource collection 2016-06-24 15:17:29 -03:00
Felipe Zimmerle
bad3e13612 parser: Fix commented SecRule parser 
No longer treat the next line as comment. Instead changes the
parser state to comment and figure out what to do.
 2016-06-24 13:51:54 -03:00
Felipe Zimmerle
7d06c32b0d Adds error messages while failed to init a collection 2016-06-24 13:48:57 -03:00
Felipe Zimmerle
193fa2e804 Changes regressions tests to fit the recent modification on the parser 2016-06-24 09:18:48 -03:00
Felipe Zimmerle
0c0a9b3083 Accepts component signature between brackets 2016-06-23 23:14:01 -03:00
Felipe Zimmerle
74a34261ab Adds function removeBracketsIfNeeded to utils 2016-06-23 23:11:49 -03:00
Felipe Zimmerle
7317079945 parser: Reporting the right column position in case of error 2016-06-23 16:02:09 -03:00
Felipe Zimmerle
37c18326c6 parser: Avoid to duplicate the invalid character 2016-06-23 16:01:05 -03:00
Felipe Zimmerle
0fdde52532 Fix setvar action to accept equals nothing 2016-06-23 15:48:23 -03:00
Felipe Zimmerle
cf2ffe7e11 Fix the line counter while showing an parser error 2016-06-23 15:40:19 -03:00
Felipe Zimmerle
e5583c24bb Removed parserError from the rules class 
The Rules class inherits parserError from Rules Properties class
overwrite this variable suppress the error message from the parser
aconsumer.
 2016-06-23 10:47:52 -03:00
Felipe Zimmerle
02909f7cd8 parser: arbitraty text can be used instead of operator 
The usage of an arbitrary text instead operator was expecting that the
arbitrary text start by something different from "@" or "!", now it can
start with anything, including "@", and/or "!". Notice however that
there aren't such thing as a bad  operator. Bad operator will be used as
input of @rx. Issue #1136.
 2016-06-22 16:59:50 -03:00
Felipe Zimmerle
0d53dda1a1 Adds support to @unconditionalMatch 
Issue #1002
 2016-06-21 13:46:55 -03:00
Felipe Zimmerle
60be385ebe Adds support to the SERVER_NAME variable 2016-06-21 10:53:11 -03:00
Felipe Zimmerle
df1f7c5e08 Adds support to the RESPONSE_PROTOCOL variable 2016-06-21 10:52:18 -03:00
Felipe Zimmerle
b8bd0c5960 API CHANGE: response status is now set on processResponseHeaders 
That change was needed to move the variable attribution to earliest
as possible. We also have a new field for HTTP_PROTOCOL version used
on the response.
 2016-06-21 09:24:46 -03:00
Felipe Zimmerle
a36b2da86a Adds support to the STATUS variable 2016-06-20 20:34:39 -03:00
Felipe Zimmerle
56d084a7f4 Adds support the variable rule 
Issue #1016
 2016-06-20 14:03:45 -03:00
Felipe Zimmerle
45bfb594b9 Adds missing tests cases 2016-06-20 11:35:00 -03:00
Felipe Zimmerle
6052d2628b Adds support to URLENCODED_ERROR variable 2016-06-20 11:34:43 -03:00
Felipe Zimmerle
c5262d54f2 Fix argument uri decode order 
The uri decode happens after the string is splitted, not before.
 2016-06-17 15:34:06 -03:00
Felipe Zimmerle
dbaf79fb8e Adds extractArguments facilitator method 
Little refactoring to use this method instead of doing it
manually in different parts of the code.
 2016-06-17 15:15:44 -03:00
Felipe Zimmerle
5c088c8be4 Adds addArgument method to transaction class 
There was a bit of refactoring to use the addArgument function, instead
of adding the items manually.
 2016-06-17 14:34:22 -03:00
Felipe Zimmerle
ebe8424758 Adds support to REQBODY_ERROR_MSG and REQBODY_ERROR 
Support to REQBODY_PROCESSOR_ERROR and REQBODY_PROCESSOR_ERROR_MSG
were also added.
 2016-06-16 23:14:15 -03:00
Felipe Zimmerle
7bd6e9a2bd Makes XML request body processor to be selected only by ctl:equestBodyProcessor 2016-06-16 17:20:47 -03:00
Felipe Zimmerle
7cb27eb9fc Implements the support to fill the REQBODY_PROCESSOR variable 2016-06-16 15:47:40 -03:00
Felipe Zimmerle
734f63bd07 Adds support to REQBODY_* varibales in the libmodsec parser 
This commit makes the following variables to be recognizable:
REQBODY_PROCESSOR_ERROR_MSG, REQBODY_PROCESSOR_ERROR,
REQBODY_PROCESSOR, REQBODY_ERROR_MSG|REQBODY_ERROR
 2016-06-16 14:07:26 -03:00
Alexey Zelkin
767289c8da Fix compilation for libpthread users. 2016-06-16 13:56:54 -03:00
Alexey Zelkin
647019a804 Use internal PCRE based implementation of regular expressions instead of std C++ regex library. 
C++ regex library proven to be unusable for gcc 4.8 and earlier version, so
reimplement code using PCRE library in order to build workable version of
unit_test executable for CentOS 7, RHEL 7, Ubuntu 14 and SUSE Linux 12.
 2016-06-16 13:50:50 -03:00
Felipe Zimmerle
21777aec41 Fix invalid memory read in msc_tree 2016-06-16 13:31:31 -03:00
Felipe Zimmerle
8b9041c2da Fix memory leak on VerifyCC operator 2016-06-16 12:40:05 -03:00
Felipe Zimmerle
a4c7d534f2 Fix invalid memory write on base64 forgiven decode 2016-06-16 12:26:05 -03:00
Felipe Zimmerle
7be5fde62a Fix memory leak on the @pm operator 
Binary tree was not being cleaned right, now looking (and cleaning)
the sibling nodes.
 2016-06-16 10:37:52 -03:00
Felipe Zimmerle
1b35e57c4e Adds more suppressions to the valgrind list 
Those are suppressing leaks while the parse fail to load the
rules.
 2016-06-16 10:35:25 -03:00
Felipe Zimmerle
9cec9db794 Fix memory leak in the method toJSON from Transaction class 2016-06-16 10:33:15 -03:00
Felipe Zimmerle
f833a61089 Fix memory leak on html dentity decode transformation 2016-06-16 10:32:44 -03:00
Felipe Zimmerle
e6c542c5b5 Fix invalid read on sql hex decode transformation 2016-06-16 10:31:15 -03:00
Felipe Zimmerle
9919026620 Fixes regarding memory management 
Fixes assorted issues identified by valgrind.
 2016-06-16 00:03:57 -03:00
Alexey Zelkin
cb91af537c Enforce bison requirement to 3.0.4. 
Previous versions of bison proven to generate broken code which caused to assert() regression
tests of libmodsecurity for clang 3.4 and gcc 4.8.  Upgrading bison to 3.0.4 solved mentioned issues
for FreeBSD 10, CentOS 7, RHEL 7 and Ubuntu 14.
 2016-06-15 23:10:27 -03:00
Alexey Zelkin
32f22d1a79 Use explicit variable size for copying char. 
For some reason plain call to "ret.append(&b)" copy 32 bit of data.  This change unbreaks
CmdLine unit tests for FreeBSD 10, CentOS 7, RHEL 7 and Debian 8.
 2016-06-15 23:10:27 -03:00
Alexey Zelkin
57ad70bb2b Add missing 'retrun's for functions declared return value. This change fixes SIGILLs on executable built with clang 3.4. 
Tested against FreeBSD 10.3.
 2016-06-15 23:10:27 -03:00
Felipe Zimmerle
1e6b40ebea Fix some improperly formatted test cases 2016-06-14 15:32:37 -03:00
Felipe Zimmerle
8cdb138076 Adds support to make check-valgrind 
make check-valgrind is useful to identify any memory related issue.
 2016-06-14 14:05:28 -03:00
Felipe Zimmerle
f0155e3f32 Adds support to make check 
The regression and unit tests are now integrated with `make check`.
It is possible to use make check -jN to have multiple tests running
in parallel.
 2016-06-14 09:47:41 -03:00