github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,932 Commits 55 Branches 109 Tags
Commit Graph

2932 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
6ab464ab78
negative lookup on the key name instead of COLLECTION:key 2019-06-17 13:04:25 -03:00
Felipe Zimmerle
47dd9c5df4
Refactoring on the VariableValue class 2019-06-14 10:13:54 -03:00
Felipe Zimmerle
cbd15ec138
CHANGES: Adds info about #2113, #2111 2019-06-04 10:30:19 -03:00
Ervin Hegedus
c0142cf326
Changed compared variables of range id intervall in ruleRemoveById ctl action. #2111 
* changed the variables in clause
* added test case (@theMiddle)
* fixes #2111
 2019-06-04 10:28:30 -03:00
Felipe Zimmerle
9ebebfc838
Fix test case 1960 2019-06-04 08:38:45 -03:00
Felipe Zimmerle
b6995c528e
test case: Adds test case for issue 1960 2019-06-03 20:50:05 -03:00
Felipe Zimmerle
f50700e9d4
CHANGES: Adds info about #1960 2019-06-03 19:56:24 -03:00
Felipe Zimmerle
50abc072c4
Make block action execution dependent of the SecEngine status 2019-06-03 19:55:02 -03:00
Felipe Zimmerle
1cc22966db
CHANGES: Adds info on "Having body limits to respect ..." 2019-06-03 14:15:49 -03:00
Felipe Zimmerle
a4e8484115
Having body limits to respect the rule engine state 2019-06-03 14:05:10 -03:00
Felipe Zimmerle
c7fe50e5be
CHANGES: Adds info about #1872 2019-05-31 11:52:32 -03:00
Felipe Zimmerle
20b90364fa
Adds test case for #1872 2019-05-31 11:50:47 -03:00
Felipe Zimmerle
1b8d69da02
Fix dict element regular expression selection on SecRuleUpdateTargetByTag 2019-05-31 01:42:51 -03:00
Felipe Zimmerle
5472362313
Fix SecRuleUpdateTargetByTag with regular expressions 2019-05-31 01:42:47 -03:00
Felipe Zimmerle
b5823d4e0c CHANGES: Adds info about #2099, #2102 2019-05-30 10:22:00 -03:00
Felipe Zimmerle
2c136a2d9c Adds test case for #2099 on the test case list 2019-05-30 10:12:44 -03:00
Ervin Hegedus
7a93bea8f7 Added some test cases related to #2099 2019-05-30 09:52:27 -03:00
Ervin Hegedus
db298696fa Adds missing check for runtime ctl:ruleRemoveByTag 2019-05-30 09:50:56 -03:00
Felipe Zimmerle
7e8782d977
CHANGES: Adds info about #2063 2019-05-29 22:05:28 -03:00
Rufus125
86ce479b59
Adds new operator to check for data leakage of Austrian social security number 2019-05-29 20:57:08 -03:00
Rufus
6d266fae85
fixes typo 2019-05-29 10:29:30 -03:00
Felipe Zimmerle
f752291af8
CHANGES: Adds info about #2057 2019-05-27 17:43:06 -03:00
Julien Leproust
49900eec97
Fix variables output in debug logs 2019-05-27 17:39:04 -03:00
Felipe Zimmerle
25e4445834
CHANGES: Adds info about #2059 2019-05-27 17:14:29 -03:00
Tim Herren
75a5c8d334
correct typo validade in log output 2019-05-27 17:13:29 -03:00
Felipe Zimmerle
a0a99319a2
CHANGES: Adds info about #2068 2019-05-27 17:08:44 -03:00
Thierry Fournier
4a3e9734ef
fix/minor: Error encoding hexa decimal 
String is defined as an array of char. The char can be negative. The
cast "reinterpret_cast" from char to int keep the negative side, so
the "unsigned char" number 0x91 is negative as "char". When it is
"reinterpret_cast" as integer, it becomes 0xffffff91, so the hexadecimal
display is broken:

   [155493246391.747672] [/absolute?what=badarg2] [9]  T (0) t:hexEncode: "ffffff91ffffffecffffffe6334bffffffebffffff87ffffff9affffff824a06ffffffc33b4cffff (14 characters omitted)"

This patch fix this behavior using classic cast without reinterpret_cast:

   [155493251286.221115] [/absolute?what=badarg2] [9]  T (0) t:hexEncode: "91ece6334beb879a824a06c33b4cb4240e4c6f56"
 2019-05-27 17:06:51 -03:00
Felipe Zimmerle
033942c925
CHANGES: Adds info about #2073 2019-05-27 17:05:16 -03:00
Julien Leproust
1acd87a803
Limit log variables to 200 characters 
To avoid generating too long log lines which end up truncated (like in
nginx's error log), and missing important bits.
 2019-05-27 17:04:32 -03:00
Felipe Zimmerle
61c11251b6
parser: Fix filename 2019-04-23 13:17:23 -03:00
Felipe Zimmerle
0669c2e64d
parser: new bison version 2019-04-22 10:46:27 -03:00
Felipe Zimmerle
b574418386
regression: Using github instead of modsecurity.org for SecRemoteRules 2019-04-05 12:59:34 -03:00
Felipe Zimmerle
4e76c6adf0
Renames namespace Variables to variables 2019-03-06 15:53:20 -03:00
Felipe Zimmerle
b9ed150224
Fix namespace utilization on seclang-parser.yy 2019-03-06 15:12:44 -03:00
Felipe Zimmerle
6d5198b1a6
make check: Updates test cases list 2019-02-12 10:13:51 -03:00
Ervin Hegedus
ccd90c51c5
Increment OVECCOUNT value for bigger regex's 2019-02-12 10:08:47 -03:00
Felipe Zimmerle
44efae6cdc
CHANGES: Adds info about #2024 2019-02-12 09:32:26 -03:00
Ervin Hegedus
a6e6bc2b5f
Allow empty anchored variable to use 2019-02-12 09:31:19 -03:00
Felipe Zimmerle
b392a1ca36
CHANGES: Adds info about #2016 2019-02-12 09:16:25 -03:00
Ervin Hegedus
2d3fbbc56a
Modified affected test cases, which checked wrong variables 2019-02-12 09:16:07 -03:00
Ervin Hegedus
17d79ed7ba
Fixed data collecting in multipart parsing 2019-02-12 09:16:07 -03:00
Felipe Zimmerle
ac61bf5fda
CHANGES: Adds info about #2017 2019-02-12 09:11:31 -03:00
Ervin Hegedus
4b3e6328e3
Fixed validateByteRange parsing method 2019-02-12 09:10:36 -03:00
Felipe Zimmerle
3dda0ea2c6
Adds a regression test strdup to valgrind suppressions list 2019-02-11 10:22:28 -03:00
Felipe Zimmerle
2dff768262
Removes a memory leak on the JSON parser 2019-02-11 10:17:02 -03:00
Felipe Zimmerle
145f2f35b7
tests: Updates secrules-language-tests 2019-02-05 11:26:03 -03:00
Felipe Zimmerle
f77db2cc2e
CHANGES: dds info about #2011 2019-01-28 16:43:31 -03:00
WGH
bd6a02d69b
Fix test issue-1831.json on LMDB 
When LMDB is enabled, ModSecurity stores its persistent variables in
"./modsec-shared-collections" file. Since this file wasn't cleared between
tests, tests behaved differently on "in-memory per-process" and LMDB backend.

This test never worked in LMDB configuration. It hasn't been discovered
until now because Travis CI didn't test LMDB configuration when test was
introduced.
 2019-01-28 16:20:02 -03:00
WGH
37cf60b8d2
Fix use of deleted Regex copy constructor in LMDB code 
Bug introduced in ad28de4f. Fixes #2008.
 2019-01-28 16:20:02 -03:00
WGH
79a24ef88d
Enable LMDB in Travis CI configuration 
LMBD is not built by default since 6143eb9,
so add explicit --with-lmdb configuration.

Missing --with-lmdb build allowed a bug in PR #2003 to pass
through, causing issue #2008.
 2019-01-28 16:20:01 -03:00