github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,630 Commits 55 Branches 109 Tags
Commit Graph

249 Commits

Author SHA1 Message Date
Felipe Zimmerle
59114dd598
Refactoring on the operators parsers (2/2) 
This is the first step towards remove the memory leaks in the parser
 2017-03-06 15:01:50 -03:00
Felipe Zimmerle
9cda4c0be0
cosmetics: Having the parser in a better shape regarding operators 1/2 2017-03-06 15:01:50 -03:00
Felipe Zimmerle
15b81d09e7
Refactoring on the transformation classes 2016-12-28 19:53:37 -03:00
Felipe Zimmerle
9c7416da97
Refactoring the actions classes 2016-12-28 15:20:06 -03:00
Felipe Zimmerle
ab88083159
parser: Fix the expanded list inclusion 2016-11-16 15:47:21 -03:00
Felipe Zimmerle
4643501507
parser: Improves the include error when the file does not exist 2016-11-14 10:23:00 -03:00
Felipe Zimmerle
8b4f1bc46c
Fix rule file inclusion path 
The inclusion was not taking `*' into consideration, leading the
relative configuration inclusion to fail. That was very annoying.
 2016-11-11 15:15:51 -03:00
Felipe Zimmerle
2244e874e2
Moves static methods from class String to the namespace string 2016-11-04 16:00:44 -03:00
Felipe Zimmerle
62a0cb468b
Renames utils/msc_string.[h|cc] to utils/string.[h|cc] 2016-11-04 16:00:42 -03:00
Felipe Zimmerle
4ced1d18e0
Using full path in the header inclusion 2016-11-04 14:45:01 -03:00
Felipe Zimmerle
ac4cb53d09
parser: Better understands escaped quotes in operator parameters 2016-11-04 01:55:47 -03:00
Felipe Zimmerle
507ec44cc2
Refactoring on `utils.cc' and adjacents 
Completely removed the `utils.cc' by moving residual functions into
sub-classes of `utils/'
 2016-11-03 20:26:27 -03:00
Felipe Zimmerle
f1e742c159
Moves system related functions from utils' to utils/system' 2016-11-03 10:48:10 -03:00
Felipe Zimmerle
73c4d69174
Moves string related functions from utils' to utils/string' 2016-11-03 10:47:22 -03:00
Felipe Zimmerle
2bb9d7988f
Cosmetics: huge refactoring in the parser 
The parser is now more elegant and resilient.
 2016-10-31 17:33:24 -03:00
Felipe Zimmerle
4711644600
dds support to CtlRequestBodyAccess 2016-10-28 09:48:10 -03:00
Felipe Zimmerle
10d263cd36
parser: Relax the characters accepted by ctl:ruleRemoveByX 2016-10-26 16:21:07 -03:00
Felipe Zimmerle
1c21d1aeba
Adds support to action CtlRuleRemoveById 2016-10-26 11:00:18 -03:00
Felipe Zimmerle
161cc36acf
Adds support to action CtlRuleRemoteTargetById 2016-10-26 10:58:42 -03:00
Felipe Zimmerle
9245369a54
Adds support to action CtlRuleRemoteTargetByTag 2016-10-25 15:43:50 -03:00
Felipe Zimmerle
c680ddf2cd
Refactoring on rulesProperties class 
Among of other things the merge process was improved to detect if
certain properties were set on the origin rule set.
 2016-10-05 12:01:15 -03:00
Felipe Zimmerle
8d84ff6f4d
Accepting both: normalizePath and normalisePath 2016-08-26 16:26:16 -03:00
Felipe Zimmerle
37079ef668
Adds support to SecRuleRemoveById 2016-07-18 15:02:38 -03:00
Felipe Zimmerle
71acdaf8c5
Accept new line + caridge return in the rules parser 2016-07-01 16:06:34 -03:00
Felipe Zimmerle
578dabea8b
Informs the https client a key if any is given 2016-07-01 15:04:17 -03:00
Felipe Zimmerle
f72bd587ec
Adds support to the allow action 2016-06-30 20:44:51 -03:00
Felipe Zimmerle
bad3e13612
parser: Fix commented SecRule parser 
No longer treat the next line as comment. Instead changes the
parser state to comment and figure out what to do.
 2016-06-24 13:51:54 -03:00
Felipe Zimmerle
0c0a9b3083
Accepts component signature between brackets 2016-06-23 23:14:01 -03:00
Felipe Zimmerle
37c18326c6
parser: Avoid to duplicate the invalid character 2016-06-23 16:01:05 -03:00
Felipe Zimmerle
cf2ffe7e11
Fix the line counter while showing an parser error 2016-06-23 15:40:19 -03:00
Felipe Zimmerle
02909f7cd8
parser: arbitraty text can be used instead of operator 
The usage of an arbitrary text instead operator was expecting that the
arbitrary text start by something different from "@" or "!", now it can
start with anything, including "@", and/or "!". Notice however that
there aren't such thing as a bad  operator. Bad operator will be used as
input of @rx. Issue #1136.
 2016-06-22 16:59:50 -03:00
Felipe Zimmerle
0d53dda1a1
Adds support to @unconditionalMatch 
Issue #1002
 2016-06-21 13:46:55 -03:00
Felipe Zimmerle
60be385ebe
Adds support to the SERVER_NAME variable 2016-06-21 10:53:11 -03:00
Felipe Zimmerle
a36b2da86a
Adds support to the STATUS variable 2016-06-20 20:34:39 -03:00
Felipe Zimmerle
56d084a7f4
Adds support the variable rule 
Issue #1016
 2016-06-20 14:03:45 -03:00
Felipe Zimmerle
6052d2628b
Adds support to URLENCODED_ERROR variable 2016-06-20 11:34:43 -03:00
Felipe Zimmerle
734f63bd07
Adds support to REQBODY_* varibales in the libmodsec parser 
This commit makes the following variables to be recognizable:
REQBODY_PROCESSOR_ERROR_MSG, REQBODY_PROCESSOR_ERROR,
REQBODY_PROCESSOR, REQBODY_ERROR_MSG|REQBODY_ERROR
 2016-06-16 14:07:26 -03:00
Felipe Zimmerle
2e3da7ea24 Better support for multipart 
ModSecurity v2.x parser was ported into 3.x branch.

All the multipart related variables should be workbale.
 2016-06-10 09:40:08 -03:00
Felipe Zimmerle
9e5cf2de8e Adds Upload configuration paramters to the libmodsec parser 2016-06-07 14:23:56 -03:00
Felipe Zimmerle
8d49903279 Adds support to the transformations parity[even|odd|zero]7bit 
Issues: #968, #969, #967
 2016-05-27 10:45:05 -03:00
Felipe Zimmerle
59b1fe0305 Adds sqlHexDecode tranformation to libmodsecurity parser 2016-05-25 20:24:41 -03:00
Felipe Zimmerle
08df949bf6 Adds md5 transformation to the libmodsecurity parser 2016-05-25 10:30:12 -03:00
Felipe Zimmerle
4b9cff3ec7 Partially adds the REMOTE_USER variable support 2016-05-23 11:04:19 -03:00
Felipe Zimmerle
f989ecd5cb Adds support to SecXMLExternalEntity 2016-05-18 17:02:15 -03:00
Felipe Zimmerle
8c714af8e1 Actions refactoring: now there is a clear definiation on the action name 2016-05-17 14:36:59 -03:00
Felipe Zimmerle
1b88947d9b Adds support 'xmlns' action to the libmodsec parser 2016-05-16 18:24:54 -03:00
Felipe Zimmerle
6a40752500 Adds XML variable, xml body request processor and @validateSchema 2016-05-12 11:11:40 -03:00
Felipe Zimmerle
758ecb5d6d Adds support to USER collection, setuid action and USERID variable 
More details on: #1026, #1024, #1048
 2016-05-09 20:27:08 -03:00
Felipe Zimmerle
ff9aa5c7cf Adds support to the variable SESSIONID 2016-05-06 14:38:38 -03:00
Felipe Zimmerle
6f93563fc2 Fix in parser: now understanding the removeCommentsChar transformation 
SpiderLabs/ModSecurity#1098
 2016-04-04 15:25:34 -03:00