131 Commits

Author SHA1 Message Date
Felipe Zimmerle
b0f69b1262
Adds support to the `skip' action 2016-06-30 10:35:42 -03:00
Alexey Zelkin
f00e625c8e
Unbreak build with custom location of libyajl.so 2016-06-30 09:41:26 -03:00
Felipe Zimmerle
90adb53935
Adds support to JSON request body parser 2016-06-29 21:55:41 -03:00
Felipe Zimmerle
0d53dda1a1
Adds support to @unconditionalMatch
Issue #1002
2016-06-21 13:46:55 -03:00
Felipe Zimmerle
56d084a7f4
Adds support the variable rule
Issue #1016
2016-06-20 14:03:45 -03:00
Felipe Zimmerle
2e3da7ea24 Better support for multipart
ModSecurity v2.x parser was ported into 3.x branch.

All the multipart related variables should be workbale.
2016-06-10 09:40:08 -03:00
Felipe Zimmerle
967c8c90f2 Fixed minor behavior on the trasnformations and added sha1-mbedtls 2016-05-30 16:54:13 -03:00
Felipe Zimmerle
7ccf54d330 Adds md5 transformation
Replaced the old md5 implementation by the mbetls one.
2016-05-24 21:28:19 -03:00
Felipe Zimmerle
056753d57a Adds support to base64 encode transformation 2016-05-24 21:28:14 -03:00
Felipe Zimmerle
a3ae686f25 Adds base64 support via mbedtls
This is inspered in the work done at: #1123
2016-05-23 18:27:28 -03:00
Felipe Zimmerle
4b9cff3ec7 Partially adds the REMOTE_USER variable support 2016-05-23 11:04:19 -03:00
Felipe Zimmerle
6a7b970fe3 Adds support to ctl:requestBodyProcessor=XML 2016-05-18 10:30:25 -03:00
Manish Malik
9202ffb17d Replacing include subdirectory name, transaction --> collection 2016-05-18 09:53:14 -03:00
Felipe Zimmerle
1b88947d9b Adds support 'xmlns' action to the libmodsec parser 2016-05-16 18:24:54 -03:00
Felipe Zimmerle
6a40752500 Adds XML variable, xml body request processor and @validateSchema 2016-05-12 11:11:40 -03:00
Felipe Zimmerle
758ecb5d6d Adds support to USER collection, setuid action and USERID variable
More details on: #1026, #1024, #1048
2016-05-09 20:27:08 -03:00
Felipe Zimmerle
a2a47798e9 Adds support to the collection SESSION and setsid action 2016-05-06 14:38:04 -03:00
Felipe Zimmerle
3062ff2aa5 Using Collection instead of GlobalCollection
Both has the same methods and characteristics except for the fact that
one is global and the other not. That can be handled by the backend.
2016-05-04 22:42:24 -03:00
Felipe Zimmerle
64c4f23a4e Collection class was changed to be a simple interface
InMomoryPerProcess class was added to be used where the old Collection
was used.
2016-05-04 22:42:17 -03:00
Felipe Zimmerle
5643d2fa28 Warming up to the remote collections support
Huge refactoring to have the code in shape to later support the
remote collections with different backends.
2016-05-03 17:39:49 -03:00
Felipe Zimmerle
8d052853a8 Adds support to https audit log output
This functionality was built for test only.
2016-04-04 13:29:15 -03:00
Felipe Zimmerle
e5acc95de8 First version of global' and ip' collections 2016-03-30 18:22:00 -03:00
Felipe Zimmerle
e3dd2937e6 Installs the library file in the right path [lib|lib64]
Fixed the issue reported on #1083:
 - The option --libdir will be respected whenever it is used.
 - The library will be installed at ??/lib64 when needed.
2016-03-18 16:01:02 -03:00
Felipe Zimmerle
8143f8ea89 Adds support to the action `maturity' 2016-02-10 13:55:12 -03:00
Felipe Zimmerle
714df8db20 Adds support to the action `accuracy' 2016-02-10 13:35:02 -03:00
Felipe Zimmerle
5a2a81a568 Adds support to the action `ver' 2016-02-10 12:53:22 -03:00
Felipe Zimmerle
36dfe81da0 Adds YAJL_CFLAGS to the project core 2016-01-15 08:12:40 -03:00
Felipe Zimmerle
b06eaadac7 Places the classes related to audit log into a separate namespace 2016-01-14 14:29:36 -03:00
Felipe Zimmerle
a51e707517 Renames class Assay to Transaction 2016-01-13 15:57:00 -03:00
Felipe Zimmerle
c2d9a153cb Adds support to afl fuzzer in the build system 2015-12-23 00:27:30 -03:00
Felipe Zimmerle
913e22a77d Adds initial support to initcol action 2015-12-22 12:10:15 -03:00
Felipe Zimmerle
fb3696ac04 Fix a few things to provide an easy interface for script bindings 2015-12-22 11:53:36 -03:00
Felipe Zimmerle
80b82d3707 Adds the Global LDADD option and fed according to the platform 2015-12-01 17:34:18 -03:00
Felipe Zimmerle
854ca4c1cd Removes libinjection sources from the main project and add it as subfolder
That way we can control the CFLAGS that will be sent to libinjection.
Avoiding, for instance, the utilization of c++11 on libinjection c code.
2015-12-01 11:21:28 -03:00
Ivan Prokhorov
7a300eb945 Fix pcre cflags variable and adds LDFLAGS for dependencies 2015-11-16 09:15:38 -08:00
Felipe Zimmerle
4a771f8c2c Fix pkginclude_HEADERS 2015-10-30 18:59:14 -03:00
Felipe Zimmerle
b6ae0585cd Refactoring: Place m_variables inside Collections 2015-10-29 13:46:45 -03:00
Felipe Zimmerle
787be98122 Refactoring: Pass all the control over the variables to the Variables class 2015-10-28 20:53:19 -03:00
Felipe Zimmerle
b0089cfde9 Adds MODSEC_NO_LOGS option to be part of the configure 2015-10-15 15:47:52 -03:00
Felipe Zimmerle
f93c0de940 Disable NO_LOGS by default 2015-09-24 11:55:14 -07:00
Felipe Zimmerle
076a02951c Huge performance improvement: passing variables as pointers avoiding copies 2015-09-18 20:21:12 -03:00
Felipe Zimmerle
5228b685bf Fix disruptive actions execution 2015-09-16 19:43:31 -03:00
Felipe Zimmerle
5c3a4b608d Adds support to SecMarker and skipAfter 2015-09-08 10:06:37 -03:00
Felipe Zimmerle
fa4f72d90d Adds support to ctl:auditLogParts variation 2015-09-02 10:55:29 -03:00
Felipe Zimmerle
24b7d72666 DebugLogs are now being redirected to the correct files 2015-08-27 15:36:56 -03:00
Felipe Zimmerle
e94226f1d8 Fix some build issues
Optional dependencies were temporarily marked as mandatory, in order
to sort any build problem, later it will be marked as optional again.
2015-08-25 00:25:33 -03:00
Felipe Zimmerle
1065e297b2 Fix several minor issues on the seclang grammar 2015-08-22 11:06:28 -03:00
Felipe Zimmerle
1de6d07dfd Adds support to the @detectSQLi operator 2015-08-14 00:30:28 -03:00
Felipe Zimmerle
4baee88eb3 Adds support to the @detectXSS operator 2015-08-13 23:38:57 -03:00
Felipe Zimmerle
ad65a1abea Adds @noMatch operator 2015-08-13 23:38:50 -03:00