github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,210 Commits 55 Branches 109 Tags
Commit Graph

537 Commits

Author SHA1 Message Date
martinhsv
4050c840f5
Merge pull request #2868 from grnet/v3/fix-multimatch-chain 
Fix meta-actions not being applied if multiMatch is enabled in the chain starter rule
 2023-04-27 14:13:28 -07:00
Marios Levogiannis
12add9aef0
Fix meta-actions not being applied if multiMatch is enabled in the chain starter rule 
Meta-actions can only be used in non-chained rules or in the chain starter
rule of a rule chain. The m_chainedRuleParent member of the RuleWithActions
class is NULL only if the rule is not chained or if it is the chain starter
rule of a rule chain.

Fixes #2867.
 2023-04-27 19:43:01 +03:00
Martin Vierula
808148ce02
CHANGES entry and cppcheck suppression adjustment for prev PR 2023-04-25 15:17:13 -07:00
martinhsv
5b709d9da7
Merge pull request #2866 from grnet/v3/fix-multimatch-tags 
Fix tags not being populated in audit log when multiMatch is enabled
 2023-04-25 07:45:41 -07:00
Ervin Hegedüs
6fbdee9ff0 Merge branch 'v3/master' of https://github.com/SpiderLabs/ModSecurity into v3/multipartpartheaderfix 2023-04-23 17:17:29 +02:00
martinhsv
5365a17c5e
Merge pull request #2846 from tomsommer/patch-1 
Also test empty lines
 2023-04-18 06:14:10 -07:00
Martin Vierula
f8db5fc85e
Remove no-longer-needed cppcheck suppressions 2023-04-17 19:56:00 -07:00
Martin Vierula
9ea50a4973 Change arg from pass-by-value (satisify cppcheck) 2023-04-17 07:43:38 -07:00
Ervin Hegedüs
18adbb6fd3 Merge branch 'v3/master' of https://github.com/SpiderLabs/ModSecurity into v3/multipartpartheaderfix 2023-02-18 15:24:11 +01:00
Martin Vierula
55d6aa94e1 Resolve memory leak (bison-generated position.filename) 2023-02-17 09:59:34 -08:00
Ervin Hegedüs
0a296af375 Add regression test case 2023-01-28 21:50:00 +01:00
Marios Levogiannis
d3a6b6a6fd
Fix tags not being populated in audit log when multiMatch is enabled 
Fixes #2754.
 2023-01-20 13:15:28 +02:00
Martin Vierula
ec1232a69b
Support equals sign in XPath expressions 2023-01-19 08:37:38 -08:00
Martin Vierula
62ec4edc42
Regression tests: remove dependency on modsecurity.org 2023-01-17 09:04:46 -08:00
Tom Sommer
3caac9942c
Also test empty lines 2022-12-19 10:23:40 +01:00
Martin Vierula
af860e2eef
Support comments in ipMatchFromFile file via '#' token 2022-12-01 11:19:26 -08:00
Ervin Hegedüs
aa44c7b726 Fix FILES_TMP_CONTENT collection key naming mechanism 2022-11-14 17:03:50 +01:00
Martin Vierula
82f75dc0ce
Remove now-unneeded cppcheck suppression 2022-09-20 14:23:20 -07:00
Martin Vierula
47fe75de32
Fix tests to match previous typo fix 2022-09-18 11:28:58 -07:00
Martin Vierula
e9a7ba4a60 Fix two rule-reload memory leak issues 2022-09-15 16:27:25 -07:00
Martin Vierula
622eb9e6c8
Adjust parser activation rules in modsecurity.conf-recommended 2022-09-07 08:49:56 -07:00
Martin Vierula
fa6e41857d
Multipart parsing fixes and new MULTIPART_PART_HEADERS collection 2022-09-07 06:29:20 -07:00
Martin Vierula
648cad380e
Address some cppcheck complaints 2022-08-31 13:19:45 -07:00
Martin Vierula
c3b7a7f4f0
Change some args from pass-by-value (satisfies cppcheck) 2022-06-15 07:20:28 -07:00
Martin Vierula
97550881fe
Add cppcheck suppressions 2022-05-30 11:03:39 -07:00
Martin Vierula
606f5721c2
Change some parms to const reference (satisfies cppcheck) 2022-04-27 08:57:09 -07:00
Martin Vierula
6e56950cdf
Tolerate other parameters after boundary in multipart C-T 2022-04-26 11:17:46 -07:00
Martin Vierula
1aa7616c18
Add DebugLog message for bad pattern in rx operator 2022-04-21 11:16:01 -07:00
Martin Vierula
f84614fe06 Support PCRE2 2022-04-13 10:44:56 -07:00
Martin Vierula
4c526fc218
Support SecRequestBodyNoFilesLimit 2022-02-15 14:53:34 -08:00
Martin Vierula
6bd1c7764e
Add exclusions due to newer cppcheck version 2022-02-09 13:58:24 -08:00
martinhsv
2cde1933a7
Merge pull request #2680 from SpiderLabs/v3/dev/issue_2606_a 
Add ctl:auditengine action support
 2022-01-26 15:53:53 -05:00
Martin Vierula
2d51efae49 Add ctl:auditengine action support 2022-01-20 14:04:30 -08:00
Martin Vierula
3ee6e108d6
Fix multiMatch msg, etc, population in audit log 2022-01-14 09:25:07 -08:00
Martin Vierula
1a965a49ad
Fix some name handling for ARGS_*NAMES: regex SecRuleUpdateTargetById, etc. 2022-01-04 11:47:18 -08:00
Martin Vierula
f34b49f666
Multipart names may include single quote if double-quote enclosed 2021-12-23 08:02:43 -08:00
Martin Vierula
19d50f4da4
Add a const to satisfy cppcheck 2021-12-20 09:41:38 -08:00
Martin Vierula
d16c3250a9
Add a few cppcheck suppressions 2021-11-16 11:26:16 -08:00
Martin Vierula
ac79c1c29b
Support configurable limit on depth of JSON parsing 2021-11-15 18:51:25 -08:00
martinhsv
cd5fba8974 Handle URI received with uri-fragment 2021-07-05 14:51:21 -03:00
martinhsv
65e7e474b1
fix missing parentheses in filename* parsing 2021-05-11 13:46:50 -07:00
Felipe Zimmerle
1e2ccc1578 test: Fix optimization test 2021-05-04 12:57:09 -03:00
Felipe Zimmerle
4cdcc15334
Revert "Adds suppor for HyperScan in the bulid system" 
This reverts commit 912704b6d4e45aa601b87c5a4cf4b6061d1bbccb.
 2021-02-26 11:33:12 -03:00
Felipe Zimmerle
912704b6d4
Adds suppor for HyperScan in the bulid system 2021-02-26 11:15:02 -03:00
Felipe Zimmerle
2e69ce6ccf
build: Fix curl include path 
Issue #2519
 2021-02-24 13:20:24 -03:00
martinhsv
fbea73120c
Fix: FILES variable does not use multipart part name for key 2021-01-24 15:06:30 -03:00
Felipe Zimmerle
f1f2527c03
Using setenv instead of putenv on SetEnv action 2021-01-24 14:59:59 -03:00
Felipe Zimmerle
03b3e472d4
cosmetics: Please static check 2021-01-24 11:53:52 -03:00
Felipe Zimmerle
e8bd2151f2
Having _NAMES, variables proxied 
Some variables share content with others; that is the case
for ARGS and ARGS_NAMES. Those are different in value, as
ARGS_NAMES holds the key name as value.

Instead of duplicating the strings for the different
collections, this patch unifies the collection in radix,
avoiding memory fragmentation. It is currently doing some
fragmentation while resolving the variable, but to be
mitigated by shared_ptr is VariableValues, a different
change.

TODO: place others variables such as COOKIE*NAMES to use
the same proxy.
 2021-01-24 11:30:22 -03:00
Felipe Zimmerle
3748d62f19
Changes copyright dates on the code 2021-01-19 09:24:37 -03:00