github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,047 Commits 55 Branches 109 Tags
Commit Graph

3047 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Martin Vierula
d16c3250a9
Add a few cppcheck suppressions 2021-11-16 11:26:16 -08:00
martinhsv
d8afc4029b
Merge pull request #2642 from martinhsv/v3/master 
Support configurable limit on depth of JSON parsing
 2021-11-15 22:28:49 -05:00
Martin Vierula
ac79c1c29b
Support configurable limit on depth of JSON parsing 2021-11-15 18:51:25 -08:00
EarlRoth
ec86b242e1
Update README.md 2021-09-13 16:28:54 -06:00
Filip Sandborg-Olsen
465db29b76 docs: correct project name 2021-07-09 10:22:51 -03:00
Felipe Zimmerle
873a94a73f CHANGES: Preparing for a next version 2021-07-09 10:21:10 -03:00
Felipe Zimmerle
bf881a4eda Change release version to v3.0.5 v3.0.5 2021-07-07 10:13:14 -03:00
martinhsv
cd5fba8974 Handle URI received with uri-fragment 2021-07-05 14:51:21 -03:00
martinhsv
faad65d385
Merge pull request #2586 from martinhsv/v3/master 
Add commented-out sample rule to engage JSON Processor for more subtypes
 2021-07-03 13:15:16 -04:00
martinhsv
bffd68e4d1
Add commented-out sample rule to engage JSON Processor for more subtypes 2021-06-30 11:38:52 -07:00
Felipe Zimmerle
5a0ae73ba6
Update README.md 2021-06-21 13:30:52 -03:00
Takaya Saeki
3bfe4b81af build: Fix pcre's JIT support detection was not working 2021-05-24 10:33:11 -03:00
Felipe Zimmerle
662c05f89b build: Adding a new path while searching for liblua. 
Alpine has a different folder to hold concurrent versions of
Lua. This commit address issue #2560.
 2021-05-24 10:33:11 -03:00
Felipe Zimmerle
a589f6b693 Build: using PKG-CONFIG in a new fashion 
Trying to avoid bulid errors if pkg-config is available.
 2021-05-24 10:33:11 -03:00
Kedu SCCL
754daebfb0 Update README.md 
Fixed typo in README
 2021-05-24 08:50:10 -03:00
martinhsv
65e7e474b1
fix missing parentheses in filename* parsing 2021-05-11 13:46:50 -07:00
Felipe Zimmerle
7fccb0d225 Cosmetic: pleasing cppcheck 2021-05-11 10:27:58 -03:00
Felipe Zimmerle
6fdba42c02 Cosmetics: Having cppcheck pleased 
(...) remove_comments.cc,62,style,knownConditionTrueFalse,Condition 'incomment==0' is always true
(...) remove_comments.cc,66,style,knownConditionTrueFalse,Condition 'incomment==0' is always true
(...) remove_comments.cc,69,style,knownConditionTrueFalse,Condition 'incomment==0' is always true
 2021-05-10 12:32:09 -03:00
Felipe Zimmerle
66ba7b065a Cosmetic: fix static warning 2021-05-04 21:04:21 -03:00
Felipe Zimmerle
1e2ccc1578 test: Fix optimization test 2021-05-04 12:57:09 -03:00
Neil Craig
1376882f7d Fix typo 2021-04-29 14:28:28 -03:00
Felipe Zimmerle
4127c1bf52
README: States the sponsor note 2021-03-08 09:36:02 -03:00
Felipe Zimmerle
a18d18a28f
Revert "Adds hyperscan to the build matrix" 
This reverts commit a496865e9606cc3a159dc7d4269f33589f4ef32c.
 2021-02-26 11:33:18 -03:00
Felipe Zimmerle
4cdcc15334
Revert "Adds suppor for HyperScan in the bulid system" 
This reverts commit 912704b6d4e45aa601b87c5a4cf4b6061d1bbccb.
 2021-02-26 11:33:12 -03:00
Felipe Zimmerle
a496865e96
Adds hyperscan to the build matrix 2021-02-26 11:23:29 -03:00
Felipe Zimmerle
912704b6d4
Adds suppor for HyperScan in the bulid system 2021-02-26 11:15:02 -03:00
Felipe Zimmerle
2e69ce6ccf
build: Fix curl include path 
Issue #2519
 2021-02-24 13:20:24 -03:00
Felipe Zimmerle
50fc347ed4
Fix rules dump 
The unique pointer for file name was being used multiple times
on SecMarker.
 2021-02-04 11:07:22 -03:00
martinhsv
6ca028b6f5
Fix memory leak in rx operator when pattern includes macro 2021-01-25 19:39:10 -03:00
Felipe Zimmerle
9764b1fb3b
CHANGES: Fix entry for ARGS_NAMES 2021-01-25 14:59:17 -03:00
Felipe Zimmerle
53d36ab63a
Updates libInjection 
* Updates libInjection repository to libinjection.github.io
 * Update libInjection to version 3.9.2, plus:
   - Pass the correct pointer to memmem()
     In parse_money(), if there is a "$foobar$", it calls memmem() to
     find it again. Wrong pointer can cause itself to backtrack in a
     dead loop and hang the entire process.
   - Addresses some issues reported by cppcheck, including an overflow
     on parse_slash.
 2021-01-25 14:16:22 -03:00
Dmitri Toubelis
102f4bdd91
Make the configure step more reliable 
Iyt appears that in cross compile environments the location of the
"current" directory cannot be assumed. This fix makes it explicit.
 2021-01-25 09:26:51 -03:00
martinhsv
fbea73120c
Fix: FILES variable does not use multipart part name for key 2021-01-24 15:06:30 -03:00
Felipe Zimmerle
f1f2527c03
Using setenv instead of putenv on SetEnv action 2021-01-24 14:59:59 -03:00
Felipe Zimmerle
03b3e472d4
cosmetics: Please static check 2021-01-24 11:53:52 -03:00
Felipe Zimmerle
e8bd2151f2
Having _NAMES, variables proxied 
Some variables share content with others; that is the case
for ARGS and ARGS_NAMES. Those are different in value, as
ARGS_NAMES holds the key name as value.

Instead of duplicating the strings for the different
collections, this patch unifies the collection in radix,
avoiding memory fragmentation. It is currently doing some
fragmentation while resolving the variable, but to be
mitigated by shared_ptr is VariableValues, a different
change.

TODO: place others variables such as COOKIE*NAMES to use
the same proxy.
 2021-01-24 11:30:22 -03:00
Felipe Zimmerle
dd458dedb8
github workflow: having bison from brew 2021-01-22 20:52:49 -03:00
Felipe Zimmerle
3748d62f19
Changes copyright dates on the code 2021-01-19 09:24:37 -03:00
Felipe Zimmerle
33f7b46bcc
Using GitHub Workflow instead of Travis 
Changes QA badge to GitHub
 2021-01-19 09:17:25 -03:00
Felipe Zimmerle
b3cfd88819
Having Travis working again 2021-01-18 08:59:26 -03:00
Felipe Zimmerle
f948d637f2
Having the QA on GitHub workflow 2021-01-14 09:15:18 -03:00
Felipe Zimmerle
e6bdadeb69
tests: Prints test number on segfault 2021-01-13 13:38:38 -03:00
Felipe Zimmerle
9b40a045bb
Cosmetics: fix some cppcheck complains to please QA 2021-01-13 13:30:04 -03:00
LEI BAO
310cbf899b Fix the typo 2021-01-06 08:44:42 -03:00
Felipe Zimmerle
f18595f428
Makes regular expression selection on collections key case insensitive 
This issue was initially reported by @michaelgranzow-avi on #2296.

@airween made an initial attempt to provide a fixed at #2107; As a
consequence of the pull request review - provided by @victorhora,
@zimmerle, and @michaelgranzow-avi - @airween made a second attempt
at #2297. After reviewing by @martinhsv, @zimmerle, I have absorbed
the essential pieces from @airween patch into this one.

This patch differs from @airween's because @airween's patches were
partially working: Key exclusions with regex weren't covered, same
for anchored variables (e.g. ARGS). During the review, I have
highlighted the importance of having elementary test cases. A simple
test case on ARGS could spot the issue. Since that is an important
fix, I don't want to hold this for one more review cycle; therefore,
I am committing the fix myself.

Thank you all involved in the solution of this very own issue.
 2020-12-10 10:05:07 -03:00
David Carlier
560f81200f Adding DragonFlyBSD support. 2020-12-10 09:51:03 -03:00
Aleks
afefda53c6 Fix Path to projekt logo 2020-11-16 09:15:26 -03:00
martinhsv
d72be1c470
Fix: Only delete Multipart tmp files after rules have run 2020-11-04 13:50:07 -03:00
Michael Granzow
1b7aa42c77
Issue-2423: Meta-actions like 'msg' should be applied at end of chain 2020-10-29 10:33:02 -03:00
martinhsv
2672db103e
Add support for new operator rxGlobal 2020-10-26 08:55:07 -03:00