github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 11:16:33 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,580 Commits 55 Branches 109 Tags
de7c5c89bb20e366b624c21b8fc66adf0301974a
Commit Graph

2580 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
2244e874e2 Moves static methods from class String to the namespace string 2016-11-04 16:00:44 -03:00
Felipe Zimmerle
62a0cb468b Renames utils/msc_string.[h|cc] to utils/string.[h|cc] 2016-11-04 16:00:42 -03:00
Felipe Zimmerle
424418f54b Renames msc_system.[h|cc] to system.[h|cc] 2016-11-04 16:00:36 -03:00
Felipe Zimmerle
4ced1d18e0 Using full path in the header inclusion 2016-11-04 14:45:01 -03:00
Felipe Zimmerle
768cc74f0e Moves RuleMessage to its own file 2016-11-04 11:58:57 -03:00
Felipe Zimmerle
ac4cb53d09 parser: Better understands escaped quotes in operator parameters 2016-11-04 01:55:47 -03:00
Felipe Zimmerle
1bf53c0576 Deletes ruleMessage by the end of the rule execution 2016-11-04 01:08:41 -03:00
Felipe Zimmerle
5fa02f17ce Fix Utils::hexdigest 2016-11-03 22:59:57 -03:00
Felipe Zimmerle
507ec44cc2 Refactoring on `utils.cc' and adjacents 
Completely removed the `utils.cc' by moving residual functions into
sub-classes of `utils/'
 2016-11-03 20:26:27 -03:00
Felipe Zimmerle
b48dccff70 Removes unused `urldecode_uni_nonstrict_inplace_ex' 2016-11-03 11:01:14 -03:00
Felipe Zimmerle
78d6d20982 Moves phase' related functions from utils' to `utils/phase' 2016-11-03 10:48:27 -03:00
Felipe Zimmerle
f1e742c159 Moves system related functions from utils' to utils/system' 2016-11-03 10:48:10 -03:00
Felipe Zimmerle
73c4d69174 Moves string related functions from utils' to utils/string' 2016-11-03 10:47:22 -03:00
Felipe Zimmerle
9733cacd4d Refactoring: moves ctl_ actions into ctl namespace 2016-11-01 14:58:51 -03:00
Felipe Zimmerle
2bb9d7988f Cosmetics: huge refactoring in the parser 
The parser is now more elegant and resilient.
 2016-10-31 17:33:24 -03:00
Felipe Zimmerle
d3de1c743a Adds missing action-ctl_rule_remove_by_id.json 2016-10-31 13:19:34 -03:00
Felipe Zimmerle
721983a05a Adds missing ctl_request_body.* 2016-10-31 13:16:34 -03:00
Felipe Zimmerle
75a5000b16 Cosmetics: coding style 2016-10-28 09:57:59 -03:00
Felipe Zimmerle
4711644600 dds support to CtlRequestBodyAccess 2016-10-28 09:48:10 -03:00
Felipe Zimmerle
10d263cd36 parser: Relax the characters accepted by ctl:ruleRemoveByX 2016-10-26 16:21:07 -03:00
Felipe Zimmerle
fead971558 Cosmetics: Fix typo. Remove not Remote 2016-10-26 11:12:05 -03:00
Felipe Zimmerle
1c21d1aeba Adds support to action CtlRuleRemoveById 2016-10-26 11:00:18 -03:00
Felipe Zimmerle
161cc36acf Adds support to action CtlRuleRemoteTargetById 2016-10-26 10:58:42 -03:00
Felipe Zimmerle
9245369a54 Adds support to action CtlRuleRemoteTargetByTag 2016-10-25 15:43:50 -03:00
Felipe Zimmerle
730d7dbd28 Cosmetic: Coding style fixes. 2016-10-24 10:07:01 -03:00
Felipe Zimmerle
8757840bc3 Refactoring on the operators: negation is now being handled globally 
Other minors changes were also made, including adding the prefix `m_'
to all the members of the class.
 2016-10-19 10:30:26 -03:00
Abhi Joglekar
28a44b966a SecLang uses RESPONSE_STATUS as variable, not STATUS 
Seclang uses RESPONSE_STATUS as variable to encode the status code for the
request.
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#RESPONSE_STATUS

The CRS v3.0.0-dev rules, for instance, uses the RESPONSE_STATUS variable.
https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0.0-dev/rules/RESPONSE-50-DATA-LEAKAGES-IIS.conf

When processing response headers, the variable was named STATUS when creating/storing
it in the collection. Fix it, and update regression testcases.
 2016-10-18 21:30:06 -03:00
Felipe Zimmerle
678a97d0f7 Refectoring on the DebugLog mechanism 
The DebugLog implementation was modified to use shared memory
to keep the information about the opened files and file handles.
The modification was necessary to avoid race-conditions. This
commit also closes the issue SpiderLabs/ModSecurity-nginx#17
 2016-10-18 18:43:51 -03:00
Felipe Zimmerle
f3bbcfc7ef Removes SecDebugLog directive from the test cases 2016-10-18 18:23:35 -03:00
Felipe Zimmerle
8ac15e2915 Removes wrong test case: there is not transformation ge 2016-10-18 18:16:02 -03:00
Alexey Zelkin
4e3a599f68 Add hack to fix MacOS X build 2016-10-17 10:39:44 -03:00
Robert Paprocki
049f1abb62 Fix compilation error 
lmdb.cc fails to compile following commit c680ddf.
 2016-10-07 19:07:14 -03:00
Felipe Zimmerle
b48e4b3a37 refactoring: Moves Phases enum to outside ModSecurity class 2016-10-07 19:05:50 -03:00
Felipe Zimmerle
c680ddf2cd Refactoring on rulesProperties class 
Among of other things the merge process was improved to detect if
certain properties were set on the origin rule set.
 2016-10-05 12:01:15 -03:00
Andrei Belov
ae8698d8cf Makes JIT support in PCRE to be optional 
In particular, this change allows to build libmodsecurity on some old
but still supported systems such as RHEL/CentOS 6.
 2016-09-26 14:50:31 -03:00
Felipe Zimmerle
13b6a3ecf6 Fix: Rules ID are validated during a set merge 
Further info at: #1192
 2016-09-23 16:28:47 -03:00
Felipe Zimmerle
ecd3fd0dc1 build: avoids compilation problems due to non existence of the lmdb.h 
Based on: 56abe98cb8c791812d46c0902b4e742c8c39620e by @phantom-az
 2016-09-22 10:28:45 -03:00
Felipe Zimmerle
8f5c1c3cf6 parser: avoids parser error while loading an empty file 2016-09-22 10:16:00 -03:00
Felipe Zimmerle
5553b2a5b9 Moves web server message to appropriate place and removing the garbage 2016-09-20 22:23:23 -03:00
Felipe Zimmerle
16b8ef98fd Fix: placed missing variable initialization 2016-09-19 21:18:00 -03:00
Felipe Zimmerle
56cbbeff52 Adjust the phase value between the core and the rules 2016-09-19 21:17:03 -03:00
Felipe Zimmerle
115afffe33 Cosmetic: Limit the matched log size 2016-09-14 16:29:57 -03:00
Felipe Zimmerle
a1a1c71d6b Makes LMDB support optional 2016-09-13 09:51:03 -03:00
Felipe Zimmerle
0a22f880dd Adds support to custom operator's message in case of a match 2016-09-12 15:49:20 -03:00
Felipe Zimmerle
ad61838118 Considering collection RULE independent of the case at macro expansion 2016-09-12 15:27:03 -03:00
Felipe Zimmerle
241269eede Adds missing `nog_log' action 2016-09-12 10:34:45 -03:00
Felipe Zimmerle
c3378ec528 Fix the size of the rules and actions vectors 2016-09-01 00:39:54 -03:00
Felipe Zimmerle
8d84ff6f4d Accepting both: normalizePath and normalisePath 2016-08-26 16:26:16 -03:00
Felipe Zimmerle
fb0afdb34b Fix @validateByteRange initialization 2016-08-26 16:21:05 -03:00
Andrei Belov
ed18c73cda include pre-generated parser sources into the distribution 2016-08-16 20:01:53 -03:00