github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,037 Commits 55 Branches 109 Tags
Commit Graph

3037 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
bff82cd80d Having RunTimeString in a better shape 
This is an effort towards better understanding the issues
reported on #2376
 2020-12-22 22:14:43 -03:00
Felipe Zimmerle
d3ba2318d6 Removes init from SetVar 2020-12-22 22:14:43 -03:00
Felipe Zimmerle
0f1d3bfc3e Use 'equal_range' instead of full scan for rule exceptions 
The original author was @WGH-, this change was proposed at #2370
 2020-12-22 22:14:42 -03:00
WGH
904fd030f9 Remove unnecessary copying in transformations 
In C++11, string data is always null-terminated[1], and can be
freely modified[2].

[1] https://stackoverflow.com/questions/6077189/will-stdstring-always-be-null-terminated-in-c11
[2] https://stackoverflow.com/questions/38875623/is-it-permitted-to-modify-the-internal-stdstring-buffer-returned-by-operator
 2020-12-22 22:14:42 -03:00
WGH
d7e9e0aa5b Make all "rule id" variables of type RuleId 
Previously, ModSecurity inconsistently used RuleId, int and double for
rule id variables in different places.
 2020-12-22 22:14:42 -03:00
Felipe Zimmerle
28c3cb3176 Makes RuleWithActions const in run time operations 2020-12-22 22:14:42 -03:00
Felipe Zimmerle
0a3b658969 Introduces ActionWithExecution 2020-12-22 22:14:41 -03:00
Felipe Zimmerle
7693bd33b9 Makes Lua::run const 2020-12-22 22:14:41 -03:00
Felipe Zimmerle
11111b5826 Removes method isDisruptive from Action class 2020-12-22 22:14:41 -03:00
Felipe Zimmerle
1522e7cd0a Action: make sure that null constructor is not used 2020-12-22 22:14:41 -03:00
Felipe Zimmerle
c38051324d Computes auditlog during rules load time 2020-12-22 22:14:41 -03:00
Felipe Zimmerle
bf3a1d84ff actions: Removes Rule parameter from runtime execute 
Generals organization on the Action class
 2020-12-22 22:14:38 -03:00
Felipe Zimmerle
eb3e05646d
actions: Compute the rule association during rules load 2020-12-10 10:10:49 -03:00
Felipe Zimmerle
374203b000
tests: Romoves unused header from a test case 2020-12-10 10:10:48 -03:00
Felipe Zimmerle
c44b5f95b1
tests: Prints test number on segfault 2020-12-10 10:10:48 -03:00
Felipe Zimmerle
e5846e3fd3
Replaces lower case implementation 2020-12-10 10:10:48 -03:00
Felipe Zimmerle
fc24f34843
Makes operator to use string_view 2020-12-10 10:10:48 -03:00
Felipe Zimmerle
96efe83174
Improves rules dump for better testing 2020-12-10 10:10:48 -03:00
Felipe Zimmerle
78d9575dd2
Better error handling when loading configurations 2020-12-10 10:10:48 -03:00
Felipe Zimmerle
942de22069
Adds method getVariableNames to variables 2020-12-10 10:10:48 -03:00
Felipe Zimmerle
5bd6c58385
Cosmetics: Defining a type for RuleId 2020-12-10 10:10:48 -03:00
Felipe Zimmerle
999af35e22
Moves rule* headers to src/ 2020-12-10 10:10:47 -03:00
Felipe Zimmerle
da618a6b7d
Cleanup on Action class 2020-12-10 10:10:47 -03:00
Felipe Zimmerle
3dcfc2582e
Removes RuleMessage from action execute signature 2020-12-10 10:10:47 -03:00
Felipe Zimmerle
68f85628dd
Refactoring: Makes transformations to work with new execute signature 2020-12-10 10:10:47 -03:00
nikolas
44c63d1048
Move travis to use a new version of Ubuntu 2020-12-10 10:10:47 -03:00
Felipe Zimmerle
d9d074f661
Cosmetics: fix some cppcheck complains 2020-12-10 10:10:47 -03:00
Felipe Zimmerle
55b68fdebc
Refactoring: rename evaluate to execute on actions 2020-12-10 10:10:47 -03:00
Felipe Zimmerle
f605359ca5
Refactoring in the Rule class to make it more elegant 2020-12-10 10:10:47 -03:00
Felipe Zimmerle
81542a0676
Rule: isMarker is no longer necessary 2020-12-10 10:10:46 -03:00
Felipe Zimmerle
2b9ec1a0f1
Adds new method for rule merge 
IMPORTANT: SecDefaultAction specified on a child configuration will
overwrite the ones specified on the parent; Previously it was
concatenating.
 2020-12-10 10:10:46 -03:00
Felipe Zimmerle
33def54fa9
Moves default actions to be part of the rules 2020-12-10 10:10:46 -03:00
martinhsv
36457f36bf
Fix: FILES variable does not use multipart part name for key 2020-12-10 10:10:46 -03:00
marshal09
288e9dbb3e
Add new transformation call phpArgsNames 2020-12-10 10:10:46 -03:00
Felipe Zimmerle
f18595f428
Makes regular expression selection on collections key case insensitive 
This issue was initially reported by @michaelgranzow-avi on #2296.

@airween made an initial attempt to provide a fixed at #2107; As a
consequence of the pull request review - provided by @victorhora,
@zimmerle, and @michaelgranzow-avi - @airween made a second attempt
at #2297. After reviewing by @martinhsv, @zimmerle, I have absorbed
the essential pieces from @airween patch into this one.

This patch differs from @airween's because @airween's patches were
partially working: Key exclusions with regex weren't covered, same
for anchored variables (e.g. ARGS). During the review, I have
highlighted the importance of having elementary test cases. A simple
test case on ARGS could spot the issue. Since that is an important
fix, I don't want to hold this for one more review cycle; therefore,
I am committing the fix myself.

Thank you all involved in the solution of this very own issue.
 2020-12-10 10:05:07 -03:00
David Carlier
560f81200f Adding DragonFlyBSD support. 2020-12-10 09:51:03 -03:00
Aleks
afefda53c6 Fix Path to projekt logo 2020-11-16 09:15:26 -03:00
martinhsv
d72be1c470
Fix: Only delete Multipart tmp files after rules have run 2020-11-04 13:50:07 -03:00
Michael Granzow
1b7aa42c77
Issue-2423: Meta-actions like 'msg' should be applied at end of chain 2020-10-29 10:33:02 -03:00
martinhsv
2672db103e
Add support for new operator rxGlobal 2020-10-26 08:55:07 -03:00
Felipe Zimmerle
785958f9b5
Fix maxminddb link on FreeBSD 
Issue #2131
 2020-10-23 14:44:54 -03:00
Felipe Zimmerle
4b425850cf
Cosmetics: fix cppcheck warnings 2020-10-23 08:29:07 -03:00
martinhsv
8da787a390
Merge pull request #2424 from martinhsv/v3/master 
Fix IP address logging in Section A
 2020-10-19 09:09:05 -04:00
martinhsv
8436c78993
Fix IP address logging in Section A 2020-10-16 13:14:42 -07:00
Felipe Zimmerle
995f22b3ce
Having Bison 3.7.2 2020-10-14 13:58:37 -03:00
Felipe Zimmerle
377fb723ca
Makes lua 5.1 workable again 
Issue #2389
 2020-09-21 10:04:40 -03:00
Felipe Zimmerle
e9dce44f6a
build: Minor fixies on Lua detection 2020-08-18 09:19:51 -03:00
Felipe Zimmerle
9e6d8b7bbc
CHANGES: Adds support to lua 5.4 2020-08-17 11:35:51 -03:00
Felipe Zimmerle
8c85b78361
Adds support to lua 5.4 2020-08-17 11:08:03 -03:00
Felipe Zimmerle
ae3ad5eaa7
cosmetics: Address some cppcheck complains 2020-08-06 19:02:00 -03:00