github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 19:47:47 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,534 Commits 55 Branches 109 Tags
e0c58233ad2747959407a1741c05742dafc4e1f5
Commit Graph

1223 Commits

Author SHA1 Message Date
Felipe Zimmerle
18cdffdbca Encapsulates int[N] in a class to avoid compilation issues 
Depending on the compiler, there may be a compilation issue with the
usage of std::unique_ptr<int[]>. Therefore encapsulating it inside a
regular class.
 2018-11-01 11:50:15 -03:00
Victor Hora
e3b9f7c913 Fix SecUnicodeMapFile support 
Makes SecUnicodeMapFile read the file and adjust transformation to use the
right variable.
 2018-10-31 22:57:39 -03:00
Felipe Zimmerle
e1e8a01ed2 Override the default status code if not suitable to redirect action 
Issue #1850
 2018-10-30 18:20:23 -03:00
Felipe Zimmerle
bfe917b6b1 parser: Fix the support for CRLF configuration files 2018-10-30 17:16:44 -03:00
Felipe Zimmerle
3f0ea90970 Test case skeleton for #1941 2018-10-29 11:14:31 -03:00
Felipe Zimmerle
91daeee9f6 Only calling server log if the message is not disruptive 
The disruptive message is already part of the interception object
 2018-10-25 18:04:27 -03:00
Felipe Zimmerle
448897d297 Marking message as disruptive before generate log msg 2018-10-25 18:04:07 -03:00
Felipe Zimmerle
973c1f1028 Fix rule line number 
Issue #1844
 2018-10-24 21:02:35 -03:00
Felipe Zimmerle
fa5f3784f2 Using shared_ptr instead of unique_ptr on rules exceptions 2018-10-23 17:03:18 -03:00
Felipe Zimmerle
ef7f65db90 Changes debuglogs schema to avoid unecessary str allocation 2018-10-23 17:00:16 -03:00
Felipe Zimmerle
23e0d35d2d Fix the SecUnicodeMapFile and SecUnicodeCodePage 2018-10-23 17:00:11 -03:00
Felipe Zimmerle
69cd61439d Changes the timing to save the rule message 2018-10-23 16:58:42 -03:00
Victor Hora
8088d6af71 Fix crash in msc_rules_add_file() when using disruptive action in child rule inside of chain 2018-10-23 16:39:21 -03:00
Wenfeng Liu
ec1112c648 Fix memory leak in AuditLog::init() 2018-10-23 16:39:15 -03:00
Felipe Zimmerle
8bda7c0a45 Fix RULE lookup in chained rules. 2018-10-23 16:37:54 -03:00
Felipe Zimmerle
120108fd33 Adds support for /32 in @ipMatch cidr notation. 
/32 is the representation of the ip itself. Not sure if it is needed,
but there is a complaint for that: #849
 2018-10-23 16:37:53 -03:00
Felipe Zimmerle
a5a40a71a9 Makes matchedvars inline 2018-10-23 16:37:49 -03:00
Felipe Zimmerle
b58018e778 Fix multimatch behavior to match what we have on v2 2018-10-23 16:37:42 -03:00
Felipe Zimmerle
dba73f5367 Using values after transformation at MATCHED_VARS 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
85ecd190d9 Adds full support to UpdateActionById. 
Issue #1800
 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
3e8e28da48 Refactoring on the RULE variable 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
554251bade Refactoring on the Rule class 2018-10-23 16:26:10 -03:00
Felipe Zimmerle
74841779f8 Adds partial support to UpdateActionById 2018-10-23 16:26:10 -03:00
Victor Hora
20ef01d75c Allow LuaJIT 2.1 to be used 2018-10-12 17:32:10 -04:00
Victor Hora
28f6f2201f Match m_id JSON log with RuleMessage and v2 format 2018-10-12 13:10:11 -04:00
Felipe Zimmerle
bc3d3f1915 Adds support to setenv action 
Issue #1044
 2018-09-25 10:19:52 -03:00
Felipe Zimmerle
4dd2812757 Adds new transaction constructor that accepts the transaction id as parameter. 2018-09-24 21:36:06 -03:00
Felipe Zimmerle
c721e101c0 Adds request IDs and URIs to the debug log 2018-09-24 21:07:11 -03:00
Felipe Zimmerle
98b9ae659d Having a better organization for Variables:: 2018-09-24 16:39:48 -03:00
Felipe Zimmerle
ee50fea266 Handling key exceptions on the variable itself 
This is the first step towords to solve #1697
 2018-09-24 16:16:30 -03:00
Victor Hora
6f458b5203 Fix on top of jmx's m.setvar commit for USER collection in Lua scripts 2018-09-19 19:41:49 -04:00
jxm
45cdb0ed90 fix: function m.setvar not work in lua script 2018-09-19 19:34:13 -04:00
Felipe Zimmerle
c2bc695265 parser: Fix typo on SanitiseArgs 
Related to: #715 and #1889
 2018-09-12 09:37:34 -03:00
Felipe Zimmerle
9c73c09abd parser: Updates the generated parser file 2018-09-11 21:01:13 -03:00
Victor Hora
a719871458 Fix matching condition and adjust test case 2018-09-11 20:53:17 -03:00
Victor Hora
379f370095 Fix SecResponseBodyAccess and ctl:requestBodyAccess directives 2018-09-11 20:52:30 -03:00
Victor Hora
0c0b09ec52 Use glob.h when using OpenBSD 2018-09-11 20:45:58 -03:00
Victor Hora
d97688804e Fix parser to support GeoLookup with MaxMind 2018-09-11 20:40:28 -03:00
Felipe Zimmerle
764a2e43ff parser: Fix simple quote setvar in the end of the line. 
Fix #1831
 2018-09-11 15:35:26 -03:00
Felipe Zimmerle
d7b9726357 good practices: Initialize variables before use it 
Original author: Marc Stern (#1889)
 2018-09-05 23:35:24 -03:00
Felipe Zimmerle
a85ca00a55 Fix utf-8 character encoding conversion 
Reported on: #1794
 2018-09-04 21:01:11 -03:00
Victor Hora
aa158ceef3 Set the correct variable (m_requestBodyType) and add test case 2018-08-22 22:46:37 -03:00
Victor Hora
f999f54eda Adds support for ctl:requestBodyProcessor=URLENCODED 2018-08-22 22:07:04 -03:00
Robert Paprocki
dee9898449 Implement support for Lua 5.1 2018-07-27 15:43:12 -04:00
michaelgranzow-avi
d810de9166 #1818: Variable names must match fully, not partially; also revert to hash table lookup instead of linear search; add test case 2018-06-26 10:47:03 -03:00
Victor Hora
fd8e72fd97 Allow empty strings to be evaluated by regex::searchAll 2018-06-18 22:11:48 -03:00
Felipe Zimmerle
e51297b436 Improvements on top of #1787 2018-06-12 15:43:08 -03:00
Ervin Hegedus
edb5993d5f Fixed LMDB collection errors 2018-06-12 14:47:44 -03:00
Ervin Hegedus
4d0ca94490 Modified the false pos. UNMATCHED_BOUNDARY error flag 2018-06-12 01:09:36 -03:00
Ervin Hegedus
af4afd348c Fixed false positive MULTIPART_UNMATCHED_BOUNDARY errors 2018-06-12 01:09:36 -03:00