github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,805 Commits 55 Branches 109 Tags
d2b14de26860916bcd80864b5e985cada9c638f5
Commit Graph

329 Commits

Author SHA1 Message Date
Felipe Zimmerle
9245369a54 Adds support to action CtlRuleRemoteTargetByTag 2016-10-25 15:43:50 -03:00
Felipe Zimmerle
678a97d0f7 Refectoring on the DebugLog mechanism 
The DebugLog implementation was modified to use shared memory
to keep the information about the opened files and file handles.
The modification was necessary to avoid race-conditions. This
commit also closes the issue SpiderLabs/ModSecurity-nginx#17
 2016-10-18 18:43:51 -03:00
Felipe Zimmerle
b48e4b3a37 refactoring: Moves Phases enum to outside ModSecurity class 2016-10-07 19:05:50 -03:00
Felipe Zimmerle
c680ddf2cd Refactoring on rulesProperties class 
Among of other things the merge process was improved to detect if
certain properties were set on the origin rule set.
 2016-10-05 12:01:15 -03:00
Felipe Zimmerle
8f5c1c3cf6 parser: avoids parser error while loading an empty file 2016-09-22 10:16:00 -03:00
Felipe Zimmerle
8d84ff6f4d Accepting both: normalizePath and normalisePath 2016-08-26 16:26:16 -03:00
Felipe Zimmerle
37079ef668 Adds support to SecRuleRemoveById 2016-07-18 15:02:38 -03:00
Felipe Zimmerle
c0ebd45a68 Reduces bison required version to test it over the buildbots 2016-07-14 00:20:01 -03:00
Felipe Zimmerle
71acdaf8c5 Accept new line + caridge return in the rules parser 2016-07-01 16:06:34 -03:00
Felipe Zimmerle
578dabea8b Informs the https client a key if any is given 2016-07-01 15:04:17 -03:00
Felipe Zimmerle
f72bd587ec Adds support to the allow action 2016-06-30 20:44:51 -03:00
Felipe Zimmerle
b0f69b1262 Adds support to the `skip' action 2016-06-30 10:35:42 -03:00
Felipe Zimmerle
90adb53935 Adds support to JSON request body parser 2016-06-29 21:55:41 -03:00
Felipe Zimmerle
bad3e13612 parser: Fix commented SecRule parser 
No longer treat the next line as comment. Instead changes the
parser state to comment and figure out what to do.
 2016-06-24 13:51:54 -03:00
Felipe Zimmerle
0c0a9b3083 Accepts component signature between brackets 2016-06-23 23:14:01 -03:00
Felipe Zimmerle
7317079945 parser: Reporting the right column position in case of error 2016-06-23 16:02:09 -03:00
Felipe Zimmerle
37c18326c6 parser: Avoid to duplicate the invalid character 2016-06-23 16:01:05 -03:00
Felipe Zimmerle
cf2ffe7e11 Fix the line counter while showing an parser error 2016-06-23 15:40:19 -03:00
Felipe Zimmerle
02909f7cd8 parser: arbitraty text can be used instead of operator 
The usage of an arbitrary text instead operator was expecting that the
arbitrary text start by something different from "@" or "!", now it can
start with anything, including "@", and/or "!". Notice however that
there aren't such thing as a bad  operator. Bad operator will be used as
input of @rx. Issue #1136.
 2016-06-22 16:59:50 -03:00
Felipe Zimmerle
0d53dda1a1 Adds support to @unconditionalMatch 
Issue #1002
 2016-06-21 13:46:55 -03:00
Felipe Zimmerle
60be385ebe Adds support to the SERVER_NAME variable 2016-06-21 10:53:11 -03:00
Felipe Zimmerle
a36b2da86a Adds support to the STATUS variable 2016-06-20 20:34:39 -03:00
Felipe Zimmerle
56d084a7f4 Adds support the variable rule 
Issue #1016
 2016-06-20 14:03:45 -03:00
Felipe Zimmerle
6052d2628b Adds support to URLENCODED_ERROR variable 2016-06-20 11:34:43 -03:00
Felipe Zimmerle
734f63bd07 Adds support to REQBODY_* varibales in the libmodsec parser 
This commit makes the following variables to be recognizable:
REQBODY_PROCESSOR_ERROR_MSG, REQBODY_PROCESSOR_ERROR,
REQBODY_PROCESSOR, REQBODY_ERROR_MSG|REQBODY_ERROR
 2016-06-16 14:07:26 -03:00
Felipe Zimmerle
9919026620 Fixes regarding memory management 
Fixes assorted issues identified by valgrind.
 2016-06-16 00:03:57 -03:00
Alexey Zelkin
cb91af537c Enforce bison requirement to 3.0.4. 
Previous versions of bison proven to generate broken code which caused to assert() regression
tests of libmodsecurity for clang 3.4 and gcc 4.8.  Upgrading bison to 3.0.4 solved mentioned issues
for FreeBSD 10, CentOS 7, RHEL 7 and Ubuntu 14.
 2016-06-15 23:10:27 -03:00
Alexey Zelkin
57ad70bb2b Add missing 'retrun's for functions declared return value. This change fixes SIGILLs on executable built with clang 3.4. 
Tested against FreeBSD 10.3.
 2016-06-15 23:10:27 -03:00
Felipe Zimmerle
2e3da7ea24 Better support for multipart 
ModSecurity v2.x parser was ported into 3.x branch.

All the multipart related variables should be workbale.
 2016-06-10 09:40:08 -03:00
Felipe Zimmerle
9e5cf2de8e Adds Upload configuration paramters to the libmodsec parser 2016-06-07 14:23:56 -03:00
Felipe Zimmerle
8d49903279 Adds support to the transformations parity[even|odd|zero]7bit 
Issues: #968, #969, #967
 2016-05-27 10:45:05 -03:00
Felipe Zimmerle
59b1fe0305 Adds sqlHexDecode tranformation to libmodsecurity parser 2016-05-25 20:24:41 -03:00
Felipe Zimmerle
08df949bf6 Adds md5 transformation to the libmodsecurity parser 2016-05-25 10:30:12 -03:00
Felipe Zimmerle
4b9cff3ec7 Partially adds the REMOTE_USER variable support 2016-05-23 11:04:19 -03:00
Felipe Zimmerle
f989ecd5cb Adds support to SecXMLExternalEntity 2016-05-18 17:02:15 -03:00
Felipe Zimmerle
6a7b970fe3 Adds support to ctl:requestBodyProcessor=XML 2016-05-18 10:30:25 -03:00
Felipe Zimmerle
8c714af8e1 Actions refactoring: now there is a clear definiation on the action name 2016-05-17 14:36:59 -03:00
Felipe Zimmerle
1b88947d9b Adds support 'xmlns' action to the libmodsec parser 2016-05-16 18:24:54 -03:00
Felipe Zimmerle
6a40752500 Adds XML variable, xml body request processor and @validateSchema 2016-05-12 11:11:40 -03:00
Felipe Zimmerle
758ecb5d6d Adds support to USER collection, setuid action and USERID variable 
More details on: #1026, #1024, #1048
 2016-05-09 20:27:08 -03:00
Felipe Zimmerle
ff9aa5c7cf Adds support to the variable SESSIONID 2016-05-06 14:38:38 -03:00
Felipe Zimmerle
a2a47798e9 Adds support to the collection SESSION and setsid action 2016-05-06 14:38:04 -03:00
Felipe Zimmerle
6f93563fc2 Fix in parser: now understanding the removeCommentsChar transformation 
SpiderLabs/ModSecurity#1098
 2016-04-04 15:25:34 -03:00
Felipe Zimmerle
8d052853a8 Adds support to https audit log output 
This functionality was built for test only.
 2016-04-04 13:29:15 -03:00
Felipe Zimmerle
e0926fee37 Fix parser error while dealing with operator negation 
This patch closes the issue #960
 2016-03-17 18:06:46 -03:00
Felipe Zimmerle
f44143436b Fix parser error on free text operator 2016-02-18 10:11:54 -03:00
Felipe Zimmerle
77a1dcab9b parser: fix issue with skipAfter action 
Considering \n and/or \r as the end of the token.
 2016-02-11 16:42:39 -03:00
Felipe Zimmerle
8143f8ea89 Adds support to the action `maturity' 2016-02-10 13:55:12 -03:00
Felipe Zimmerle
714df8db20 Adds support to the action `accuracy' 2016-02-10 13:35:02 -03:00
Felipe Zimmerle
5a2a81a568 Adds support to the action `ver' 2016-02-10 12:53:22 -03:00