github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 07:56:12 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,047 Commits 55 Branches 109 Tags
Commit Graph

1005 Commits

Author SHA1 Message Date
Felipe Zimmerle
768a76a61e
perf. improvement/rx: Only compute dynamic regex in case of macro 
On #1528 was added the support for macro expansion on @rx operator.
The performance improvement suggested on the pull request was not
thread safe, therefore removed. This patch adds a performance
improvement on top of #1528. The benchmarks points to 10x faster
results on OWASP CRS.
 2018-02-20 13:39:59 -03:00
Felipe Zimmerle
eaa4770c5d
Fix issue related to Lua script load 2017-12-13 16:20:18 -03:00
Victor Hora
c98e665475
Improvements on LUA build scripts and support for LUA 5.2 2017-12-12 09:51:10 -03:00
Izik Abramov
e9f3312ea9
fixed compilation error with disable_debug_log flag 2017-12-12 09:48:08 -03:00
Felipe Zimmerle
9c0ed6109d
Fix assorted minor memory management issues 2017-11-14 09:36:32 -03:00
Felipe Zimmerle
b7698d6899
Fix memory leak in @fuzzyHash 2017-11-13 23:54:30 -03:00
Felipe Zimmerle
3fb71f32d8
Coding style fixes 2017-11-13 22:32:11 -03:00
Felipe Zimmerle
023e7acbad
Refactoring on the JSON parser 
It also address the issue #1576 and #1577
 2017-11-10 17:26:23 -03:00
Felipe Zimmerle
23cf656f93
Adds support to WEBAPPID variable 2017-11-08 10:28:56 -03:00
Felipe Zimmerle
082a3e3287
Adds support to SecWebAppID 2017-11-08 09:33:14 -03:00
Felipe Zimmerle
ec667a4609
Adds support for SecRuleRemoveByTag 2017-11-07 14:52:50 -03:00
Felipe Zimmerle
4d7fd5c30a
Adds support for update target by message 2017-11-06 23:29:25 -03:00
Felipe Zimmerle
7fa5ca9ba0
Makes lua optional 2017-11-06 00:44:54 -03:00
Felipe Zimmerle
e52bd7d635
Adds support to SecRuleScript directive 2017-11-05 23:31:16 -03:00
Felipe Zimmerle
cb3363c7d5
Adds support for the exec action 2017-11-05 23:31:07 -03:00
Felipe Zimmerle
a676f313c3
Initial support for Lua script engine 2017-11-05 23:30:50 -03:00
Felipe Zimmerle
1866a3a9eb
Adds support for the @inspectFile operator 2017-10-31 09:59:17 -03:00
Felipe Zimmerle
1189e9b0ef
Adds support to LUA in configure scripts 2017-10-31 09:59:12 -03:00
Felipe Zimmerle
9369efcb90
Adds support to the collection RESOURCE 2017-10-30 09:07:49 -03:00
Felipe Zimmerle
7622866f97
Adds support for @fuzzyHash 
Issue #997
 2017-10-26 17:44:17 -03:00
Athmane Madjoudj
968d83f1ff
Fix build on non x86 arch build failed on ppc64/ppc64le/arch64/armv7hl/s390x due to how this arch represent chars 2017-10-25 16:44:27 -03:00
Felipe Zimmerle
371fc03218
Fix memory issue while changing rule target dynamic 
Issue #1590
 2017-10-24 00:03:13 -03:00
Felipe Zimmerle
c4fcb36f4c
Fix log while displaying the name of a dict selection by regex 2017-10-20 21:46:24 -03:00
Felipe Zimmerle
93e18ca5ea
Support pipes inside quoted variable selection 
As of #1591 the pipe support was disable in the general selection which
was also affecting the quoted selection. This pactch adds the support
for pipes inside the quoted selection only.
 2017-10-20 11:02:42 -03:00
Felipe Zimmerle
34e8b140e5
Setting http response code on the auditlog 2017-10-19 23:27:30 -03:00
Felipe Zimmerle
274f9e5aa1
Refactoring on RuleMessage class, now accepting http code as parameter 2017-10-19 23:00:47 -03:00
Felipe Zimmerle
39fb75c34d
Having disruptive msgs as disruptive [instead of warnings] on audit log 
Issue #1592
 2017-10-17 14:58:04 -03:00
Felipe Zimmerle
30797a458b
Parser: Pipes are no longer welcomed inside regex dict element selection. 
Issue #1591
 2017-10-17 11:46:44 -03:00
Felipe Zimmerle
1ad95254cd
Avoids unicode initialization on every rules block 
ModSecurity-nginx/#67
ModSecurity/#1563
 2017-10-11 12:40:48 -03:00
Felipe Zimmerle
20edf9ab77
Removes xml initialization from CURL if/def 2017-10-10 18:14:41 -03:00
Felipe Zimmerle
41bf7f716b
Calls xml init and xml cleanup to avoid memory leak 
Fix #1553
 2017-10-10 15:03:50 -03:00
Felipe Zimmerle
30364628a0
Makes clear to the user when audit log is empty due to missing JSON sup. 2017-10-10 10:25:53 -03:00
Felipe Zimmerle
d3f979f1d2
Makes auditlog more verbose on debug logs 2017-10-10 09:30:21 -03:00
Victor Hora
d285bc02b8
Add missing statements 2017-10-09 09:02:32 -03:00
Victor Hora
63bef3d142
Support to JSON stuff on serial logging 2017-10-09 09:02:31 -03:00
Felipe Zimmerle
fa7973a4ef
Removes a regex optimization added at #1536 2017-10-06 20:32:40 +00:00
asterite
a76030256e
support macro expansion in @rx 
try to use macro expansion on @rx argument before matching.
If after expansion argument changed, make new Regex from
the macro-expanded argument and use that for matching.
Fixes #1528
 2017-10-06 20:30:00 +00:00
Felipe Zimmerle
210e72aa21
Consideres under quote variable while loading the rules 2017-10-06 20:25:20 +00:00
Dávid Major
a5266d6d1c
Store the connection and url parameters in std::string 2017-09-29 17:18:30 +00:00
David Buckle
082a0d3aca
Adds ios::[open|app] to the parallel.cc to fix write over SELinux 2017-09-27 12:39:56 +00:00
Felipe Zimmerle
1c91e80777
Extends acmp_prepare to pm_from_file 2017-09-26 16:33:35 +00:00
Felipe Zimmerle
7d786b3350
Makes pm mutex optional via configuration flag 2017-09-26 16:33:31 +00:00
Felipe Zimmerle
119a6fc074
test-only: Placing a mutex while evaluating the pm operator 
Performing an earlier optimization of the tree (before threads creation)
 2017-09-26 16:33:26 +00:00
Felipe Zimmerle
7ac6bf7241
Fix memory issues while resolving variables 2017-08-27 22:06:20 -03:00
Felipe Zimmerle
003a8e8e5f
Uses shared_ptr on variable names 2017-08-27 22:06:20 -03:00
Mirko Dziadzka
5c737c2c06
Treat _NAMES variables as collections (#5) 
* Treat _NAMES variables as collections

* Fix an issue with the offset of ARGS_NAMES.

* Fix regression tests for the new behaviour.

* Add generated seclang files.
 2017-08-24 00:39:21 -03:00
Felipe Zimmerle
9069a453e5
Revert "Treating ARGS_NAMES as an array instead of scalar" 
This reverts commit 1d3c4c670db1bb475c83cd2f24455bb5bd6ee6a4.
 2017-08-24 00:10:42 -03:00
Mirko Dziadzka
43e3ff91e8
Fixes a bug with an unitialized variable. 
new_debug_log was unitialized during an error code path.

Fixed this by explicit initializing it to NULL and fixing the order of
the error labels. They now present the correct (reverse) order of the
goto statements.
 2017-08-23 23:53:46 -03:00
michaelgranzow-avi
3a048ee2db
Support --enable-debug-logs=no option of configure script (#2) 
* Support --enable-debug-logs=no option of configure script

* Undo unintended white space changes

* Undo more unintended white space changes

* Address review comments - thanks Mirko

* Address more review comments - thanks Mirko
 2017-08-23 23:50:16 -03:00
Felipe Zimmerle
1d3c4c670d
Treating ARGS_NAMES as an array instead of scalar 
Both value and key are the same.
 2017-08-22 18:26:56 -03:00