github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-16 01:22:18 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,845 Commits 55 Branches 109 Tags
cce85c4d31a0c98ea713e08b67386e145cd2d3a9
Commit Graph

431 Commits

Author SHA1 Message Date
WGH
cce85c4d31 Add support for capturing group test cases 
This enables unit tests to compare the matching groups as well,
not just binary match-no match.
 2019-02-11 10:25:24 -03:00
Felipe Zimmerle
22136788c8 Makes re2 detectable by the build scripts 2019-02-11 10:25:23 -03:00
Felipe Zimmerle
686b6ffff7 Removes unecessary static methods from regex class 2019-02-11 10:25:23 -03:00
Felipe Zimmerle
57fc3b5084 Renames SMatch to RegexMatch 2019-02-11 10:25:23 -03:00
Felipe Zimmerle
d3f9974d52 Moving regex from utils to its own namespace 2019-02-11 10:25:23 -03:00
Felipe Zimmerle
3dda0ea2c6 Adds a regression test strdup to valgrind suppressions list 2019-02-11 10:22:28 -03:00
Felipe Zimmerle
145f2f35b7 tests: Updates secrules-language-tests 2019-02-05 11:26:03 -03:00
WGH
bd6a02d69b Fix test issue-1831.json on LMDB 
When LMDB is enabled, ModSecurity stores its persistent variables in
"./modsec-shared-collections" file. Since this file wasn't cleared between
tests, tests behaved differently on "in-memory per-process" and LMDB backend.

This test never worked in LMDB configuration. It hasn't been discovered
until now because Travis CI didn't test LMDB configuration when test was
introduced.
 2019-01-28 16:20:02 -03:00
WGH
ad28de4f14 Refactor regex code 
This commit fixes quite a few odd things in regex code:
 * Lack of encapsulation.
 * Non-method functions for matching without retrieving all groups.
 * Regex class being copyable without proper copy-constructor (potential UAF
   and double free due to pointer members m_pc and m_pce).
 * Redundant SMatch::m_length, which always equals to match.size() anyway.
 * Weird SMatch::size_ member which is initialized only by one of the three matching
   functions, and equals to the return value of that function anyways.
 * Several places in code having std::string value instead of reference.
 2019-01-18 10:34:01 -03:00
Felipe Zimmerle
d00ea5111d Adds initial support to drop action 2018-12-24 16:35:41 -03:00
Andrei Belov
0a85b599b6 Fix tests on FreeBSD 
FreeBSD has different prefix for bash (which is non-standard shell there),
thus "make check-TESTS" actually was doing nothing:

$ gmake check-TESTS
(   0/  0/   0): test/test-cases/regression/issue-1591.json
(   0/  0/   0): test/test-cases/regression/issue-1785.json
(   0/  0/   0): test/test-cases/regression/issue-1812.json
(   0/  0/   0): test/test-cases/regression/issue-1831.json
(   0/  0/   0): test/test-cases/regression/issue-1844.json
(   0/  0/   0): test/test-cases/regression/issue-1850.json
[..]
Testsuite summary for modsecurity 3.0
 2018-12-04 10:49:25 -03:00
Felipe Zimmerle
25bb1f1bcc Changes ENV test case to read the default MODSECURTIY env var 2018-11-29 15:21:28 -03:00
Felipe Zimmerle
b736f0292d Regression: Sets MODSECURITY env var during the tests execution 2018-11-29 15:19:58 -03:00
Felipe Zimmerle
d2b14de268 Allow 0 length JSON requests 
As discussed at: #1822
 2018-11-29 10:39:46 -03:00
Felipe Zimmerle
ce3abf2626 Adds support to multiple ranges in ctl:ruleRemoveById 
Issue #1956
 2018-11-26 20:48:18 -03:00
Victor Hora
cbf2fe9703 Adjust boundary test cases for the less strict parsing 2018-11-20 22:17:53 -03:00
Victor Hora
b638e523af Make the boundary check less strict as per RFC2046 2018-11-20 22:17:22 -03:00
Felipe Zimmerle
9d80983e55 Fix on top of #1943 + adding test cases 2018-11-01 16:11:39 -03:00
Victor Hora
e3b9f7c913 Fix SecUnicodeMapFile support 
Makes SecUnicodeMapFile read the file and adjust transformation to use the
right variable.
 2018-10-31 22:57:39 -03:00
Victor Hora
84ece3edcb Add test case for SecUnicodeMap 2018-10-31 22:19:27 -03:00
Felipe Zimmerle
065c2e67b6 Adds test case for #1850 2018-10-30 18:25:46 -03:00
Felipe Zimmerle
e1e8a01ed2 Override the default status code if not suitable to redirect action 
Issue #1850
 2018-10-30 18:20:23 -03:00
Felipe Zimmerle
3f0ea90970 Test case skeleton for #1941 2018-10-29 11:14:31 -03:00
Felipe Zimmerle
b05901e8ae Changes the regression test client to read the interception msg 2018-10-25 21:51:23 -03:00
Felipe Zimmerle
973c1f1028 Fix rule line number 
Issue #1844
 2018-10-24 21:02:35 -03:00
Felipe Zimmerle
ef7f65db90 Changes debuglogs schema to avoid unecessary str allocation 2018-10-23 17:00:16 -03:00
Felipe Zimmerle
69cd61439d Changes the timing to save the rule message 2018-10-23 16:58:42 -03:00
Felipe Zimmerle
120108fd33 Adds support for /32 in @ipMatch cidr notation. 
/32 is the representation of the ip itself. Not sure if it is needed,
but there is a complaint for that: #849
 2018-10-23 16:37:53 -03:00
Felipe Zimmerle
7c50fa7c00 Small fix on @detectXSS test case 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
85ecd190d9 Adds full support to UpdateActionById. 
Issue #1800
 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
554251bade Refactoring on the Rule class 2018-10-23 16:26:10 -03:00
Felipe Zimmerle
bc3d3f1915 Adds support to setenv action 
Issue #1044
 2018-09-25 10:19:52 -03:00
Felipe Zimmerle
c721e101c0 Adds request IDs and URIs to the debug log 2018-09-24 21:07:11 -03:00
Felipe Zimmerle
cdf2da1a09 Adds test case related to issue #1725 2018-09-24 16:39:57 -03:00
Felipe Zimmerle
98b9ae659d Having a better organization for Variables:: 2018-09-24 16:39:48 -03:00
Felipe Zimmerle
ee50fea266 Handling key exceptions on the variable itself 
This is the first step towords to solve #1697
 2018-09-24 16:16:30 -03:00
Victor Hora
5aa79c17f2 Add test cases for m.setvar in Lua scripts 2018-09-19 19:47:05 -04:00
Victor Hora
a719871458 Fix matching condition and adjust test case 2018-09-11 20:53:17 -03:00
Felipe Zimmerle
dfbff090be test case: Adds test case related to #1831 2018-09-11 15:40:41 -03:00
Felipe Zimmerle
d302b99ec5 Adds test case for: #1812 2018-09-05 16:00:42 -03:00
Felipe Zimmerle
4585216ae6 Adds more tests to REQUEST_BASENAME 
Meant to test #1795
 2018-09-04 22:02:56 -03:00
Victor Hora
aa158ceef3 Set the correct variable (m_requestBodyType) and add test case 2018-08-22 22:46:37 -03:00
michaelgranzow-avi
d810de9166 #1818: Variable names must match fully, not partially; also revert to hash table lookup instead of linear search; add test case 2018-06-26 10:47:03 -03:00
Victor Hora
fd8e72fd97 Allow empty strings to be evaluated by regex::searchAll 2018-06-18 22:11:48 -03:00
Ervin Hegedus
76887b8b22 Added new tests, aligned to new UNMATCHED_BOUNDARY flag value 2018-06-12 01:09:37 -03:00
Ervin Hegedus
af4afd348c Fixed false positive MULTIPART_UNMATCHED_BOUNDARY errors 2018-06-12 01:09:36 -03:00
Felipe Zimmerle
202a15bea8 Changes the behavior of the default sec actions 
Fix #1629
 2018-05-31 14:52:53 -03:00
Felipe Zimmerle
42a472adbd Check if response body inspection is enabled before process it 2018-05-08 10:59:30 -03:00
Scott Leggett
98b4e75465 Fix LDFLAGS for unit tests. 2018-05-03 13:44:59 -03:00
Robert Paprocki
d0a63aac03 Define m_secmarker_skipped as an integer type 
There's no reason to treat this this as a double, since it
represents a human-readable data value that is only meaningful
as an integer. In doing so we write cleaner audit logs and save
a small amount of space.
 2018-04-24 11:49:13 -03:00