Felipe Zimmerle
ea4cd53221
Accepts phases with its name instead of a number
2015-09-02 18:31:02 -03:00
Felipe Zimmerle
035040cd13
Adds sanity check to confirm that the rule has an ID and it is not duplicated
2015-09-02 18:30:41 -03:00
Felipe Zimmerle
fa4f72d90d
Adds support to ctl:auditLogParts variation
2015-09-02 10:55:29 -03:00
Felipe Zimmerle
e89e395a32
Fix various minor issues on the auditlog schema
2015-08-27 17:50:42 -03:00
Felipe Zimmerle
24b7d72666
DebugLogs are now being redirected to the correct files
2015-08-27 15:36:56 -03:00
Felipe Zimmerle
01542e28c3
Allows blank line (or line with space) at the end of a rules file
2015-08-25 15:50:40 -03:00
Felipe Zimmerle
e76af0eab9
Correctly handling nginx configuration merge
2015-08-25 15:50:27 -03:00
Felipe Zimmerle
004ef066ed
Fix rules chain and action execution
...
- Rules chains are respecting the phase of the first rule in chain.
- The actions are only executed if all chain match.
2015-08-25 13:44:20 -03:00
Felipe Zimmerle
c586ba0178
Removes an unused state from the seclang parser
2015-08-25 08:15:27 -03:00
Felipe Zimmerle
1065e297b2
Fix several minor issues on the seclang grammar
2015-08-22 11:06:28 -03:00
Felipe Zimmerle
e78d7f5b91
Makes the parser understand some missing configuration directives
...
Directives:
- SecPcreMatchLimitRecursion
- SecPcreMatchLimit
- SecResponseBodyMimeType
- SecTmpDir
- SecDataDir
- SecArgumentSeparator
- SecCookieFormat
- SecStatusEngine
Those are not implemented yet, but the parser is now able to understand it.
2015-08-20 13:04:54 -03:00
Felipe Zimmerle
a453a656c3
Fix continuation line and VARIABLENOCOLON
2015-08-19 23:12:34 -03:00
Felipe Zimmerle
0b225f0239
Parser: adds support to SecRequestBodyInMemoryLimit
2015-08-19 22:42:46 -03:00
Felipe Zimmerle
2d56aa521b
Cosmetics: fix actions on yy file
...
- added action for:
ctl:requestBodyProcessor=XML
ctl:requestBodyProcessor=JSON
- added CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT
2015-08-19 22:36:31 -03:00
Felipe Zimmerle
a230a4ff3c
parser: Adds support for continuation lines
2015-08-19 17:20:43 -03:00
Felipe Zimmerle
ef99615401
parser: Understanding @pm if no operator is provided
2015-08-19 16:58:14 -03:00
Felipe Zimmerle
101fddfc9b
Extends DICT_ELEMENT to support "-"
2015-08-18 22:19:32 -03:00
Felipe Zimmerle
d5bf955028
Using DetectionOnly instead of DetectOnly
2015-08-18 22:16:38 -03:00
Felipe Zimmerle
b7fb65fe65
seclanguage: ignore lines starting with "#"
2015-08-18 22:10:55 -03:00
Felipe Zimmerle
d5fe21ce3c
Code cosmetics: reduce the amount of cppcheck warnings
2015-08-12 22:40:26 -03:00
Felipe Zimmerle
2ff0a44df2
Eliminates the sec language grammar shift-reduce problem
2015-08-11 16:53:05 -03:00
Felipe Zimmerle
9096055ea7
Reduces bison dependency to 3.0
2015-08-10 14:11:30 -03:00
Felipe Zimmerle
c06179f18e
Adds support for Log and Rev actions
2015-08-07 14:27:43 -03:00
Felipe Zimmerle
ad9393a8c2
Adds support for the tag action
2015-08-07 14:27:43 -03:00
Felipe Zimmerle
f519717bdf
Adds support to the msg action
2015-08-07 14:27:43 -03:00
Felipe Zimmerle
e12d95b10d
Adds support to the TX collection and setvar action
2015-08-07 14:27:43 -03:00
Felipe Zimmerle
88c53575be
Adds support to & (count) and ! (exclusion) as variables variations
2015-08-07 14:27:33 -03:00
Felipe Zimmerle
4f47651a6f
Adds variable TX and action "capture".
2015-08-05 10:07:47 -03:00
Felipe Zimmerle
c2d33823f5
Adds method init to Operator class
2015-07-27 22:44:34 -03:00
Felipe Zimmerle
e016b72a8e
Handles better the memory utilization
...
- Added reference counts to Rule and AuditLog;
- Some memory leaks were removed, including GeoLookup;
- Deal better with parser errors;
- Overriding the AutlogLogWritter destructor.
2015-07-26 22:51:57 -03:00
Felipe Zimmerle
0e7c13e3c0
Adds more regression tests to SecRemoteRules
2015-07-25 08:18:59 -03:00
Felipe Zimmerle
7ba5c76c78
Returns elegant errors if rules load operation failed
2015-07-25 03:04:57 -03:00
Felipe Zimmerle
b8f7fb441d
Adds support to SecRemoteRules and Include directives
...
This commit includes a refactoring on important pieces of the parser
to allow it work in a stack fashion. Driver and Rules classes were
simplified and the RulesProperties class was created.
2015-07-24 22:57:29 -03:00
Felipe Zimmerle
76b34af357
Adds support to load remote rules
2015-07-23 14:40:56 -03:00
Felipe Zimmerle
70bc15cb73
Adds support to quoted ID action
2015-07-23 14:14:19 -03:00
Felipe Zimmerle
64543e3aa2
Using A-Z instead of A-z while parsing with ?i: to avoid warnings
2015-07-23 09:45:25 -03:00
Felipe Zimmerle
b5ca607e76
Places class Driver under the Parser namespace
2015-07-23 01:37:15 -03:00
Felipe Zimmerle
9c2158958e
parser: Loads content straight from buffer.
2015-07-23 01:37:08 -03:00
Felipe Zimmerle
d3eb0fd913
Driver class is extending the Rules class instead of duplicate elements
2015-07-23 00:10:32 -03:00
Felipe Zimmerle
dc0b13ad74
Cosmetic: fix copyright header
2015-07-22 23:03:09 -03:00
Felipe Zimmerle
16bb253d0e
Adds all variables to the 'Variables' name space
2015-07-22 22:36:30 -03:00
Felipe Zimmerle
261ee9f115
Adds support to BodyLimitAction and support for parser errors
2015-07-22 21:31:58 -03:00
Felipe Zimmerle
667586c42e
Adds UNIQUE_ID variable
2015-07-22 21:24:21 -03:00
Felipe Zimmerle
d20a47fb03
Adds support to the variables: REMOTE_HOST, SERVER_{ADDR,PORT}
2015-07-22 21:24:18 -03:00
Felipe Zimmerle
6f7d3fa67a
Adds support to the TIME* variables
2015-07-22 01:07:42 -03:00
Felipe Zimmerle
dbbb2c526e
Adds support to REMOTE_PORT variable
2015-07-21 23:21:15 -03:00
Felipe Zimmerle
e8476771e6
Adds support to REMOTE_HOST variable
2015-07-21 23:14:56 -03:00
Felipe Zimmerle
7f76bb6df1
Adds PATH_INFO variable
2015-07-21 22:29:52 -03:00
Felipe Zimmerle
62fece7823
Adds support to SecResponseBodyLimit directive and OUTBOUND_DATA_ERROR var
2015-07-21 19:46:15 -03:00
Felipe Zimmerle
a9147b76ad
Adds support to the MULTIPART_STRICT_ERROR variable
...
Still missing to check:
- MULTIPART_FILE_LIMIT_EXCEEDED
- REQBODY_PROCESSOR_ERROR
- MULTIPART_HEADER_FOLDING
- MULTIPART_INVALID_HEADER_FOLDING
2015-07-21 17:47:00 -03:00
