github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,396 Commits 55 Branches 109 Tags
Commit Graph

2396 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
d3a4ec760c
Removes slash from REQUEST_BASENAME 2016-11-22 15:33:32 -03:00
Felipe Zimmerle
293a849668
Adds m_uri_no_query_string_decoded to transaction 2016-11-22 15:23:47 -03:00
Felipe Zimmerle
ab88083159
parser: Fix the expanded list inclusion 2016-11-16 15:47:21 -03:00
Felipe Zimmerle
c98be42f8f
Limits the transformation output to 80 chars in the debug logs 2016-11-16 15:37:52 -03:00
David Testé
f5898e94c7
Fix documentation typos 2016-11-14 10:23:51 -03:00
David Testé
85edff522d
Fix return value of msc_rules_merge() 
Regarding to the documentation msc_rules_merge() should
return the number of merged rules instead of 0 in all cases.
 2016-11-14 10:23:51 -03:00
Felipe Zimmerle
4643501507
parser: Improves the include error when the file does not exist 2016-11-14 10:23:00 -03:00
Felipe Zimmerle
8b4f1bc46c
Fix rule file inclusion path 
The inclusion was not taking `*' into consideration, leading the
relative configuration inclusion to fail. That was very annoying.
 2016-11-11 15:15:51 -03:00
Felipe Zimmerle
361ec8340f
benchmark: Removes the \n\r on the user agent 2016-11-11 13:53:56 -03:00
Felipe Zimmerle
8ceaf99d5d
Updates the CRS script to target the recent v3.0.0 release 2016-11-11 13:53:24 -03:00
Felipe Zimmerle
3ab5c8057d
Updates the fuzzer sub-project 2016-11-11 13:05:40 -03:00
Felipe Zimmerle
ee996a8373
Adds configure option to [disa|ena]ble the library examples 2016-11-11 09:39:26 -03:00
dkamen
936ec0b479
~Rule will delete chainedRule 
Came across this memory leak when reloading nginx with hundreds of rule chains
 2016-11-10 01:00:44 -03:00
Andrei Belov
1b28776814
Fixed install and dist targets after 3ee7b24 2016-11-09 09:38:47 -03:00
Felipe Zimmerle
3ee7b24928
Adds refCounter to actions 2016-11-08 18:14:34 -03:00
Felipe Zimmerle
ad05c74c3f
Moves mbedtls to others and renames msc_string.h to string.h 2016-11-07 09:52:08 -03:00
Felipe Zimmerle
2244e874e2
Moves static methods from class String to the namespace string 2016-11-04 16:00:44 -03:00
Felipe Zimmerle
62a0cb468b
Renames utils/msc_string.[h|cc] to utils/string.[h|cc] 2016-11-04 16:00:42 -03:00
Felipe Zimmerle
424418f54b
Renames msc_system.[h|cc] to system.[h|cc] 2016-11-04 16:00:36 -03:00
Felipe Zimmerle
4ced1d18e0
Using full path in the header inclusion 2016-11-04 14:45:01 -03:00
Felipe Zimmerle
768cc74f0e
Moves RuleMessage to its own file 2016-11-04 11:58:57 -03:00
Felipe Zimmerle
ac4cb53d09
parser: Better understands escaped quotes in operator parameters 2016-11-04 01:55:47 -03:00
Felipe Zimmerle
1bf53c0576
Deletes ruleMessage by the end of the rule execution 2016-11-04 01:08:41 -03:00
Felipe Zimmerle
5fa02f17ce
Fix Utils::hexdigest 2016-11-03 22:59:57 -03:00
Felipe Zimmerle
507ec44cc2
Refactoring on `utils.cc' and adjacents 
Completely removed the `utils.cc' by moving residual functions into
sub-classes of `utils/'
 2016-11-03 20:26:27 -03:00
Felipe Zimmerle
b48dccff70
Removes unused `urldecode_uni_nonstrict_inplace_ex' 2016-11-03 11:01:14 -03:00
Felipe Zimmerle
78d6d20982
Moves phase' related functions from utils' to `utils/phase' 2016-11-03 10:48:27 -03:00
Felipe Zimmerle
f1e742c159
Moves system related functions from utils' to utils/system' 2016-11-03 10:48:10 -03:00
Felipe Zimmerle
73c4d69174
Moves string related functions from utils' to utils/string' 2016-11-03 10:47:22 -03:00
Felipe Zimmerle
9733cacd4d
Refactoring: moves ctl_ actions into ctl namespace 2016-11-01 14:58:51 -03:00
Felipe Zimmerle
2bb9d7988f
Cosmetics: huge refactoring in the parser 
The parser is now more elegant and resilient.
 2016-10-31 17:33:24 -03:00
Felipe Zimmerle
d3de1c743a
Adds missing action-ctl_rule_remove_by_id.json 2016-10-31 13:19:34 -03:00
Felipe Zimmerle
721983a05a
Adds missing ctl_request_body.* 2016-10-31 13:16:34 -03:00
Felipe Zimmerle
75a5000b16
Cosmetics: coding style 2016-10-28 09:57:59 -03:00
Felipe Zimmerle
4711644600
dds support to CtlRequestBodyAccess 2016-10-28 09:48:10 -03:00
Felipe Zimmerle
10d263cd36
parser: Relax the characters accepted by ctl:ruleRemoveByX 2016-10-26 16:21:07 -03:00
Felipe Zimmerle
fead971558
Cosmetics: Fix typo. Remove not Remote 2016-10-26 11:12:05 -03:00
Felipe Zimmerle
1c21d1aeba
Adds support to action CtlRuleRemoveById 2016-10-26 11:00:18 -03:00
Felipe Zimmerle
161cc36acf
Adds support to action CtlRuleRemoteTargetById 2016-10-26 10:58:42 -03:00
Felipe Zimmerle
9245369a54
Adds support to action CtlRuleRemoteTargetByTag 2016-10-25 15:43:50 -03:00
Felipe Zimmerle
730d7dbd28
Cosmetic: Coding style fixes. 2016-10-24 10:07:01 -03:00
Felipe Zimmerle
8757840bc3
Refactoring on the operators: negation is now being handled globally 
Other minors changes were also made, including adding the prefix `m_'
to all the members of the class.
 2016-10-19 10:30:26 -03:00
Abhi Joglekar
28a44b966a
SecLang uses RESPONSE_STATUS as variable, not STATUS 
Seclang uses RESPONSE_STATUS as variable to encode the status code for the
request.
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#RESPONSE_STATUS

The CRS v3.0.0-dev rules, for instance, uses the RESPONSE_STATUS variable.
https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0.0-dev/rules/RESPONSE-50-DATA-LEAKAGES-IIS.conf

When processing response headers, the variable was named STATUS when creating/storing
it in the collection. Fix it, and update regression testcases.
 2016-10-18 21:30:06 -03:00
Felipe Zimmerle
678a97d0f7
Refectoring on the DebugLog mechanism 
The DebugLog implementation was modified to use shared memory
to keep the information about the opened files and file handles.
The modification was necessary to avoid race-conditions. This
commit also closes the issue SpiderLabs/ModSecurity-nginx#17
 2016-10-18 18:43:51 -03:00
Felipe Zimmerle
f3bbcfc7ef
Removes SecDebugLog directive from the test cases 2016-10-18 18:23:35 -03:00
Felipe Zimmerle
8ac15e2915
Removes wrong test case: there is not transformation ge 2016-10-18 18:16:02 -03:00
Alexey Zelkin
4e3a599f68
Add hack to fix MacOS X build 2016-10-17 10:39:44 -03:00
Robert Paprocki
049f1abb62
Fix compilation error 
lmdb.cc fails to compile following commit c680ddf.
 2016-10-07 19:07:14 -03:00
Felipe Zimmerle
b48e4b3a37
refactoring: Moves Phases enum to outside ModSecurity class 2016-10-07 19:05:50 -03:00
Felipe Zimmerle
c680ddf2cd
Refactoring on rulesProperties class 
Among of other things the merge process was improved to detect if
certain properties were set on the origin rule set.
 2016-10-05 12:01:15 -03:00