github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,066 Commits 55 Branches 109 Tags
Commit Graph

2066 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felipe Zimmerle
e48f468cbc Adds support to base64 decode transformation 2016-05-24 10:04:06 -03:00
Felipe Zimmerle
348cf3bfab Adds support to the REMOTE_USER variable 2016-05-23 18:32:53 -03:00
Felipe Zimmerle
a3ae686f25 Adds base64 support via mbedtls 
This is inspered in the work done at: #1123
 2016-05-23 18:27:28 -03:00
Felipe Zimmerle
4b9cff3ec7 Partially adds the REMOTE_USER variable support 2016-05-23 11:04:19 -03:00
Felipe Zimmerle
f989ecd5cb Adds support to SecXMLExternalEntity 2016-05-18 17:02:15 -03:00
Felipe Zimmerle
6a7b970fe3 Adds support to ctl:requestBodyProcessor=XML 2016-05-18 10:30:25 -03:00
Manish Malik
9202ffb17d Replacing include subdirectory name, transaction --> collection 2016-05-18 09:53:14 -03:00
Felipe Zimmerle
1f45d6cea8 Adds full support to the libxml action 
Issue #1148
 2016-05-18 09:47:30 -03:00
Felipe Zimmerle
a9e6716c6a Variables are now receiving the rule instance as parameter 2016-05-17 15:47:50 -03:00
Felipe Zimmerle
8c714af8e1 Actions refactoring: now there is a clear definiation on the action name 2016-05-17 14:36:59 -03:00
Felipe Zimmerle
1b88947d9b Adds support 'xmlns' action to the libmodsec parser 2016-05-16 18:24:54 -03:00
Felipe Zimmerle
3e8defb853 Adds support to the operator @validateDTD 
Further info #1003
 2016-05-13 09:20:10 -03:00
Felipe Zimmerle
6a40752500 Adds XML variable, xml body request processor and @validateSchema 2016-05-12 11:11:40 -03:00
Felipe Zimmerle
35636674e3 Adds the missing regression tests for USERID 2016-05-11 20:36:47 -03:00
Felipe Zimmerle
758ecb5d6d Adds support to USER collection, setuid action and USERID variable 
More details on: #1026, #1024, #1048
 2016-05-09 20:27:08 -03:00
Felipe Zimmerle
ff9aa5c7cf Adds support to the variable SESSIONID 2016-05-06 14:38:38 -03:00
Felipe Zimmerle
a2a47798e9 Adds support to the collection SESSION and setsid action 2016-05-06 14:38:04 -03:00
Felipe Zimmerle
33a704e918 Fix macro expansion: no more % abandoned by the end of variable 2016-05-06 14:16:37 -03:00
Manish Malik
5728110272 Declaring variable outside the for loop 2016-05-05 15:54:01 -03:00
Felipe Zimmerle
c85529158e Adds support to the cmd_line transformation 
Details on #965
 2016-05-05 15:47:21 -03:00
Felipe Zimmerle
d0e0002283 Fix the regression tests as reported on #1142 2016-05-05 11:29:55 -03:00
Felipe Zimmerle
3062ff2aa5 Using Collection instead of GlobalCollection 
Both has the same methods and characteristics except for the fact that
one is global and the other not. That can be handled by the backend.
 2016-05-04 22:42:24 -03:00
Felipe Zimmerle
64c4f23a4e Collection class was changed to be a simple interface 
InMomoryPerProcess class was added to be used where the old Collection
was used.
 2016-05-04 22:42:17 -03:00
Felipe Zimmerle
bc887cdcf2 Fix Valgrind regression test script 
Calling the right binary name
 2016-05-03 17:40:11 -03:00
Felipe Zimmerle
5643d2fa28 Warming up to the remote collections support 
Huge refactoring to have the code in shape to later support the
remote collections with different backends.
 2016-05-03 17:39:49 -03:00
Felipe Zimmerle
ff165a4035 Adds support to the multithread example 2016-04-26 17:55:05 -03:00
Felipe Zimmerle
1539a8c3ef Fix the coding style of the pull request #1115 2016-04-05 09:56:08 -03:00
bjh7242
8b3b014062 updated transformation file to include removeWhitespace transformation 2016-04-05 09:04:54 -03:00
bjh7242
883b804d90 adding removeWhitespace transformation 2016-04-05 09:04:49 -03:00
Felipe Zimmerle
0a60924c8f Reduces the amount of warnings 
Trimming the pull request #1098
 2016-04-04 15:31:19 -03:00
Felipe Zimmerle
6f93563fc2 Fix in parser: now understanding the removeCommentsChar transformation 
SpiderLabs/ModSecurity#1098
 2016-04-04 15:25:34 -03:00
Felipe Zimmerle
19137452c4 Updates `secrules-language-tests' reference. 
SpiderLabs/ModSecurity#1098
 2016-04-04 15:22:24 -03:00
bjh7242
a5a21ea192 added remove_comments_char to address issue #971 2016-04-04 13:45:08 -03:00
Felipe Zimmerle
8da49842d8 Fix typo on the audit logs. 
It is not _serverity_. Renamed to severity. Details on issue: #1114
 2016-04-04 13:38:23 -03:00
Felipe Zimmerle
85d8b8e9b7 Fixed typo error in the HTTPS client implementation 
It is ModSecurity not _modesecurity_. Details in issue #1113
 2016-04-04 13:35:19 -03:00
Felipe Zimmerle
8d052853a8 Adds support to https audit log output 
This functionality was built for test only.
 2016-04-04 13:29:15 -03:00
Felipe Zimmerle
e5acc95de8 First version of global' and ip' collections 2016-03-30 18:22:00 -03:00
Felipe Zimmerle
214cc15785 Cosmetics: Reduce the coding style warnings 2016-03-21 17:59:31 -03:00
Felipe Zimmerle
c43391072c Fix some issues reported by the static analysis 2016-03-18 19:37:51 -03:00
Felipe Zimmerle
28008be616 Build: Adds /usr/lib64 as possible path for YAJL 
Reported by @LinuxJedi at #1077
 2016-03-18 16:42:15 -03:00
Felipe Zimmerle
d528b8ea6d Build: Looking for YAJL's LD flags instead of CFLAGS 
Original author: @LinuxJedi. Reported at #1077.
 2016-03-18 16:41:22 -03:00
Felipe Zimmerle
e3dd2937e6 Installs the library file in the right path [lib|lib64] 
Fixed the issue reported on #1083:
 - The option --libdir will be respected whenever it is used.
 - The library will be installed at ??/lib64 when needed.
 2016-03-18 16:01:02 -03:00
Felipe Zimmerle
88ca736543 Avoids the installation of test utilities during `make install' 
Those utilities are not interesting for the general usage, most
likekly it will be used by very retrict number of people whom are
likely to compile ModSecurity by their selfs.

This issue was reported on #1083
 2016-03-18 14:26:41 -03:00
Felipe Zimmerle
e0926fee37 Fix parser error while dealing with operator negation 
This patch closes the issue #960
 2016-03-17 18:06:46 -03:00
Felipe Zimmerle
47a62b98bb Saves `MATCHED_VAR' and related before execute the actions 
Actions should have access to the MATCHED_VAR.
 2016-02-18 20:02:28 -03:00
Felipe Zimmerle
778db259cf Treats the keys of the sec language variables as case-insensitive 2016-02-18 19:58:14 -03:00
Felipe Zimmerle
30d9ade192 Fix macro expansion: Now support } and/or }% to close a variable 2016-02-18 19:39:43 -03:00
Felipe Zimmerle
f44143436b Fix parser error on free text operator 2016-02-18 10:11:54 -03:00
Felipe Zimmerle
1f68075a28 Process the logging phase on the benchmark utility 2016-02-17 14:39:10 -03:00
Felipe Zimmerle
1e3cafb734 Fix memory management on the rules' messages (try 2) 2016-02-17 13:32:31 -03:00