github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,410 Commits 55 Branches 109 Tags
Commit Graph

2410 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
ddac1fb6f6 Upgrades the unit test repo to the most recent version 
This update includes the verify ssn test case
 2017-06-27 23:57:49 -03:00
Felipe Zimmerle
a7f7532a2c Adds verify ssn operator to the unit test list 2017-06-27 23:57:22 -03:00
Felipe Zimmerle
ad8182e2a8 Adds support to the verify ssn operator 2017-06-27 23:55:47 -03:00
David Buckle
d465c2f1a3 Removes the beauty of the JSON logging 
The beautify options makes the JSON easy to be read by human eyes.
No need to have pretty print JSON for production, as beautify the JSON
is not a hard task. Atop of that there are some disvantages to use the
JSON in pretty format, as described on the issue: #1472
 2017-06-27 08:39:58 -03:00
Felipe Zimmerle
1edd3570e1 Adds a set of sanity checks to validate API inputs (2 of 2) 2017-06-21 19:11:25 -07:00
Felipe Zimmerle
508a2b5a4a Adds sanity check on SecRemoteRules directive input 2017-06-21 19:08:12 -07:00
Felipe Zimmerle
49b7ea99e6 Adds a set of sanity checks to validate API inputs (1 of 2) 2017-06-21 12:59:19 -07:00
Felipe Zimmerle
5a32b389b4
chunks example: Sets the freed variables to NULL 2017-06-19 19:08:26 -03:00
Felipe Zimmerle
6d77c76b27
Implements intervention support inside using chunks example 
In the example the disruptive action is printed in the console output.
 2017-06-19 18:33:51 -03:00
Felipe Zimmerle
f5b47a8077
Duplicates the url variable in the disruptive action 
The log message needs to be freed by the consumer. Doing the same with
the url to keep the API consistent.
 2017-06-19 18:32:17 -03:00
Felipe Zimmerle
c3a0d8d9bb
Fix collections element selection by regex 
Reported at #1369
 2017-06-17 00:11:28 -03:00
Felipe Zimmerle
3ebc2d61fb
Enables random number generation 2017-06-16 23:20:28 -03:00
Felipe Zimmerle
4726912ec8
Audit Log: Adds space after response size 
Reported at #1452
 2017-06-16 22:55:15 -03:00
Felipe Zimmerle
20134ef242
Fix examples/using_bodies_in_chunks compilation 2017-06-10 20:40:12 -03:00
Felipe Zimmerle
e1f52a1cf2
Adds using bodies in chunks example 2017-06-10 09:28:22 -03:00
Felipe Zimmerle
9cb3f23b50
Adds support to setrsc action 2017-06-09 16:59:04 -03:00
Felipe Zimmerle
616a95bfe0
Adds -lpthread to the reading_logs_via_rule_message example 2017-06-07 14:22:33 -03:00
Felipe Zimmerle
e795253ecf
Fix crash on SecRuleRemoveById malformated parameter 
Fix issue #1440
 2017-06-06 22:14:13 -03:00
Felipe Zimmerle
2a5085255e
Using multiple threads in reading logs via rule message example 2017-06-03 16:40:47 -03:00
Felipe Zimmerle
8fbb9e8128
Using pthreads to avoid concurrent access to the collection 2017-06-03 16:07:35 -03:00
Victor Hora
37868d1534
Add missing feature: t:uppercase transformation 2017-06-02 21:47:54 -03:00
Victor Hora
9d70345d3d
Add missing hexDecode transformation to seclang parser 2017-05-29 22:48:23 -03:00
Felipe Zimmerle
a90b2a3ff7
Code cosmetics: init a vector. 2017-05-28 22:27:10 -03:00
Felipe Zimmerle
e1d3abc8e7
Removes memory leak on the counter variable modificator 2017-05-28 22:10:30 -03:00
Felipe Zimmerle
c49688fd7d
Verify if a certain resource exists before do any other sanity check 2017-05-28 22:10:15 -03:00
Felipe Zimmerle
6143eb99e3
Removes LMDB from the default configuration options 2017-05-10 12:50:38 -03:00
Felipe Zimmerle
37619bae77
Removes local cache for transformations 2017-05-10 09:29:08 -03:00
Felipe Zimmerle
0e05b7bb8a
Avoids to load a directory structure as a rules file 2017-05-02 16:42:22 -03:00
Felipe Zimmerle
c97db2f361
Adds verbose message when a resource is not found. 
Fix #1309
 2017-05-02 13:39:37 -03:00
Felipe Zimmerle
77a658c7cd
Updates libinjection version 2017-04-27 18:35:01 -03:00
Felipe Zimmerle
6421ff087a
Forces disruptive to be first-rule-only 
ModSecurity version 3 is capable to handle disruptive actions in different
rules from the chain. However, lets get it working in the same fashion that
we have in version 2.
 2017-04-24 21:06:35 -03:00
Michael Simpson
7e59250068
Fix JSON parsing error message 2017-04-24 16:37:35 -03:00
Chaim Sanders
b58f713fe9
add support for soap+xml 
As was talked about by @emphazer in https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/721, RFC 3902 adds support for the application/soap+xml header used by SOAP 1.2.
 2017-04-06 09:49:45 -03:00
Felipe Zimmerle
e2bbe9858f
XML Parser: removes unnecessary message from debug logs 
Fix #44
 2017-04-05 09:40:05 -03:00
Felipe Zimmerle
ba070c9eaa
Speeds up utils::string::toupper function 2017-03-31 14:35:26 -03:00
Felipe Zimmerle
b3c8e97ff7
Parse fix: accepting variables in between quotes 2017-03-30 10:02:36 -03:00
Felipe Zimmerle
c7053e572f
Postponing the decision to whenever save or not a log message to the last rule 
Whenever there is a chained rule, the decision of saving a message on the
webserver's log will be taken after the execution of all actions on the chain,
including the default actions.
 2017-03-29 14:51:32 -03:00
Felipe Zimmerle
4d03ef512e
Fix TX dictionary element name on logs 
Before this patch the element name was not being shown.
 2017-03-29 14:49:57 -03:00
Felipe Zimmerle
5f60bb5224
Yet another fix on the debuglogs merge 2017-03-28 18:11:31 -03:00
Felipe Zimmerle
cf4deaa3a0
Using uint64_t instead of u_int64_t 2017-03-28 12:55:40 -03:00
Felipe Zimmerle
d15b57895b
Fix the Multipart parser error for unknown content type 2017-03-28 09:38:10 -03:00
Felipe Zimmerle
80cfca6fa3
Fix the debug log level merge function 2017-03-27 14:09:42 -03:00
Felipe Zimmerle
2a54bf23e5
Fix the debug log merge function 2017-03-27 11:30:26 -03:00
Felipe Zimmerle
eb12b15146
Flush [shared-] file after write it 2017-03-24 18:08:13 -03:00
Felipe Zimmerle
dbcf5a7198
API CHANGE: Rules::merge signature was change to includes error msg 2017-03-23 09:52:39 -03:00
Felipe Zimmerle
5e59d19121
Improves macro expansion speed and variable set attribution 2017-03-23 08:53:51 -03:00
Felipe Zimmerle
f17da09fc0
Avoids call `toupper' twice while resolving a variable 2017-03-23 08:53:51 -03:00
Andrei Belov
85f98c8a66
Fix "make dist" after recent changes to parser 
In particular, it is now possible to either build ModSecurity
with pre-generated parser, or use "--enable-parser-generation"
configure option to rebuild parser from sources.
 2017-03-09 18:18:00 -03:00
Felipe Zimmerle
c290c73f9b
Updates travis' badge 2017-03-08 09:44:17 -03:00
Felipe Zimmerle
53485c7f74
Fix pcre_exec offset values 2017-03-06 15:02:04 -03:00