github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,791 Commits 55 Branches 109 Tags
Commit Graph

231 Commits

Author SHA1 Message Date
Felipe Zimmerle
3ee7b24928
Adds refCounter to actions 2016-11-08 18:14:34 -03:00
Felipe Zimmerle
768cc74f0e
Moves RuleMessage to its own file 2016-11-04 11:58:57 -03:00
Felipe Zimmerle
4711644600
dds support to CtlRequestBodyAccess 2016-10-28 09:48:10 -03:00
Felipe Zimmerle
fead971558
Cosmetics: Fix typo. Remove not Remote 2016-10-26 11:12:05 -03:00
Felipe Zimmerle
1c21d1aeba
Adds support to action CtlRuleRemoveById 2016-10-26 11:00:18 -03:00
Felipe Zimmerle
161cc36acf
Adds support to action CtlRuleRemoteTargetById 2016-10-26 10:58:42 -03:00
Felipe Zimmerle
9245369a54
Adds support to action CtlRuleRemoteTargetByTag 2016-10-25 15:43:50 -03:00
Felipe Zimmerle
678a97d0f7
Refectoring on the DebugLog mechanism 
The DebugLog implementation was modified to use shared memory
to keep the information about the opened files and file handles.
The modification was necessary to avoid race-conditions. This
commit also closes the issue SpiderLabs/ModSecurity-nginx#17
 2016-10-18 18:43:51 -03:00
Felipe Zimmerle
b48e4b3a37
refactoring: Moves Phases enum to outside ModSecurity class 2016-10-07 19:05:50 -03:00
Felipe Zimmerle
c680ddf2cd
Refactoring on rulesProperties class 
Among of other things the merge process was improved to detect if
certain properties were set on the origin rule set.
 2016-10-05 12:01:15 -03:00
Felipe Zimmerle
0a22f880dd
Adds support to custom operator's message in case of a match 2016-09-12 15:49:20 -03:00
Felipe Zimmerle
c3378ec528
Fix the size of the rules and actions vectors 2016-09-01 00:39:54 -03:00
Felipe Zimmerle
5514b66145
Adds missing file: rules_exceptions.h 2016-07-19 13:45:02 -03:00
Felipe Zimmerle
37079ef668
Adds support to SecRuleRemoveById 2016-07-18 15:02:38 -03:00
Felipe Zimmerle
d781b00f70
Fix the `log' action and the webserver error callback 2016-07-16 15:20:31 -03:00
Felipe Zimmerle
4cf6c714ac
Cosmetics: Fix coding style 2016-07-12 21:59:17 -03:00
Felipe Zimmerle
833089eb70
Adds method resolveFirstCopy to collections 
Using the copy whenever it is necessary to avoid memory leak.
 2016-07-08 10:22:37 -03:00
Felipe Zimmerle
7bcc9cf0d9
Bug fix: variable resolution inside global collections 
Collections were being resolved as transient variables.
 2016-07-07 10:32:48 -03:00
Felipe Zimmerle
e231503bc9
Simplifies the collection interface 2016-07-05 09:48:58 -03:00
Felipe Zimmerle
f72bd587ec
Adds support to the allow action 2016-06-30 20:44:51 -03:00
Felipe Zimmerle
b0f69b1262
Adds support to the `skip' action 2016-06-30 10:35:42 -03:00
Felipe Zimmerle
90adb53935
Adds support to JSON request body parser 2016-06-29 21:55:41 -03:00
Felipe Zimmerle
2477470607
Adds support to the resource collection 2016-06-24 15:17:29 -03:00
Felipe Zimmerle
e5583c24bb
Removed parserError from the rules class 
The Rules class inherits parserError from Rules Properties class
overwrite this variable suppress the error message from the parser
aconsumer.
 2016-06-23 10:47:52 -03:00
Felipe Zimmerle
b8bd0c5960
API CHANGE: response status is now set on processResponseHeaders 
That change was needed to move the variable attribution to earliest
as possible. We also have a new field for HTTP_PROTOCOL version used
on the response.
 2016-06-21 09:24:46 -03:00
Felipe Zimmerle
dbaf79fb8e
Adds extractArguments facilitator method 
Little refactoring to use this method instead of doing it
manually in different parts of the code.
 2016-06-17 15:15:44 -03:00
Felipe Zimmerle
5c088c8be4
Adds addArgument method to transaction class 
There was a bit of refactoring to use the addArgument function, instead
of adding the items manually.
 2016-06-17 14:34:22 -03:00
Felipe Zimmerle
9919026620
Fixes regarding memory management 
Fixes assorted issues identified by valgrind.
 2016-06-16 00:03:57 -03:00
Felipe Zimmerle
2e3da7ea24 Better support for multipart 
ModSecurity v2.x parser was ported into 3.x branch.

All the multipart related variables should be workbale.
 2016-06-10 09:40:08 -03:00
Felipe Zimmerle
9e5cf2de8e Adds Upload configuration paramters to the libmodsec parser 2016-06-07 14:23:56 -03:00
Felipe Zimmerle
f989ecd5cb Adds support to SecXMLExternalEntity 2016-05-18 17:02:15 -03:00
Felipe Zimmerle
6a7b970fe3 Adds support to ctl:requestBodyProcessor=XML 2016-05-18 10:30:25 -03:00
Felipe Zimmerle
1f45d6cea8 Adds full support to the libxml action 
Issue #1148
 2016-05-18 09:47:30 -03:00
Felipe Zimmerle
6a40752500 Adds XML variable, xml body request processor and @validateSchema 2016-05-12 11:11:40 -03:00
Felipe Zimmerle
758ecb5d6d Adds support to USER collection, setuid action and USERID variable 
More details on: #1026, #1024, #1048
 2016-05-09 20:27:08 -03:00
Felipe Zimmerle
a2a47798e9 Adds support to the collection SESSION and setsid action 2016-05-06 14:38:04 -03:00
Felipe Zimmerle
3062ff2aa5 Using Collection instead of GlobalCollection 
Both has the same methods and characteristics except for the fact that
one is global and the other not. That can be handled by the backend.
 2016-05-04 22:42:24 -03:00
Felipe Zimmerle
64c4f23a4e Collection class was changed to be a simple interface 
InMomoryPerProcess class was added to be used where the old Collection
was used.
 2016-05-04 22:42:17 -03:00
Felipe Zimmerle
5643d2fa28 Warming up to the remote collections support 
Huge refactoring to have the code in shape to later support the
remote collections with different backends.
 2016-05-03 17:39:49 -03:00
Felipe Zimmerle
e5acc95de8 First version of global' and ip' collections 2016-03-30 18:22:00 -03:00
Felipe Zimmerle
214cc15785 Cosmetics: Reduce the coding style warnings 2016-03-21 17:59:31 -03:00
Felipe Zimmerle
c43391072c Fix some issues reported by the static analysis 2016-03-18 19:37:51 -03:00
Felipe Zimmerle
778db259cf Treats the keys of the sec language variables as case-insensitive 2016-02-18 19:58:14 -03:00
Felipe Zimmerle
ed8b0c85d7 Fix `capture' memory management 
The capture action was implemented before the transaction concept.
While partially ported to use the transaction, some of the elements
were not freed correctly. Now it is fully ported to use the class
Transaction.
 2016-02-16 23:24:15 -03:00
Felipe Zimmerle
e346454374 Fix memory leaks on the collections/variables management 2016-02-16 23:04:11 -03:00
Felipe Zimmerle
a2ffb36159 Adds "matched" line to the audit logs 2016-02-12 13:28:43 -03:00
Felipe Zimmerle
049e4eb69d Adds support to the @rbl operator 2016-02-11 14:25:58 -03:00
Felipe Zimmerle
8143f8ea89 Adds support to the action `maturity' 2016-02-10 13:55:12 -03:00
Felipe Zimmerle
714df8db20 Adds support to the action `accuracy' 2016-02-10 13:35:02 -03:00
Felipe Zimmerle
77900ed4e2 Fix rules `messages' on the auditlog 2016-02-10 12:03:52 -03:00