github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,676 Commits 55 Branches 109 Tags
Commit Graph

627 Commits

Author SHA1 Message Date
Ervin Hegedus
4b3e6328e3
Fixed validateByteRange parsing method 2019-02-12 09:10:36 -03:00
Felipe Zimmerle
3dda0ea2c6
Adds a regression test strdup to valgrind suppressions list 2019-02-11 10:22:28 -03:00
Felipe Zimmerle
145f2f35b7
tests: Updates secrules-language-tests 2019-02-05 11:26:03 -03:00
WGH
bd6a02d69b
Fix test issue-1831.json on LMDB 
When LMDB is enabled, ModSecurity stores its persistent variables in
"./modsec-shared-collections" file. Since this file wasn't cleared between
tests, tests behaved differently on "in-memory per-process" and LMDB backend.

This test never worked in LMDB configuration. It hasn't been discovered
until now because Travis CI didn't test LMDB configuration when test was
introduced.
 2019-01-28 16:20:02 -03:00
WGH
ad28de4f14 Refactor regex code 
This commit fixes quite a few odd things in regex code:
 * Lack of encapsulation.
 * Non-method functions for matching without retrieving all groups.
 * Regex class being copyable without proper copy-constructor (potential UAF
   and double free due to pointer members m_pc and m_pce).
 * Redundant SMatch::m_length, which always equals to match.size() anyway.
 * Weird SMatch::size_ member which is initialized only by one of the three matching
   functions, and equals to the return value of that function anyways.
 * Several places in code having std::string value instead of reference.
 2019-01-18 10:34:01 -03:00
Felipe Zimmerle
d00ea5111d
Adds initial support to drop action 2018-12-24 16:35:41 -03:00
Andrei Belov
0a85b599b6
Fix tests on FreeBSD 
FreeBSD has different prefix for bash (which is non-standard shell there),
thus "make check-TESTS" actually was doing nothing:

$ gmake check-TESTS
(   0/  0/   0): test/test-cases/regression/issue-1591.json
(   0/  0/   0): test/test-cases/regression/issue-1785.json
(   0/  0/   0): test/test-cases/regression/issue-1812.json
(   0/  0/   0): test/test-cases/regression/issue-1831.json
(   0/  0/   0): test/test-cases/regression/issue-1844.json
(   0/  0/   0): test/test-cases/regression/issue-1850.json
[..]
Testsuite summary for modsecurity 3.0
 2018-12-04 10:49:25 -03:00
Felipe Zimmerle
25bb1f1bcc
Changes ENV test case to read the default MODSECURTIY env var 2018-11-29 15:21:28 -03:00
Felipe Zimmerle
b736f0292d
Regression: Sets MODSECURITY env var during the tests execution 2018-11-29 15:19:58 -03:00
Felipe Zimmerle
d2b14de268
Allow 0 length JSON requests 
As discussed at: #1822
 2018-11-29 10:39:46 -03:00
Felipe Zimmerle
ce3abf2626
Adds support to multiple ranges in ctl:ruleRemoveById 
Issue #1956
 2018-11-26 20:48:18 -03:00
Victor Hora
cbf2fe9703
Adjust boundary test cases for the less strict parsing 2018-11-20 22:17:53 -03:00
Victor Hora
b638e523af
Make the boundary check less strict as per RFC2046 2018-11-20 22:17:22 -03:00
Felipe Zimmerle
9d80983e55
Fix on top of #1943 + adding test cases 2018-11-01 16:11:39 -03:00
Victor Hora
e3b9f7c913
Fix SecUnicodeMapFile support 
Makes SecUnicodeMapFile read the file and adjust transformation to use the
right variable.
 2018-10-31 22:57:39 -03:00
Victor Hora
84ece3edcb
Add test case for SecUnicodeMap 2018-10-31 22:19:27 -03:00
Felipe Zimmerle
065c2e67b6
Adds test case for #1850 2018-10-30 18:25:46 -03:00
Felipe Zimmerle
e1e8a01ed2
Override the default status code if not suitable to redirect action 
Issue #1850
 2018-10-30 18:20:23 -03:00
Felipe Zimmerle
3f0ea90970
Test case skeleton for #1941 2018-10-29 11:14:31 -03:00
Felipe Zimmerle
b05901e8ae
Changes the regression test client to read the interception msg 2018-10-25 21:51:23 -03:00
Felipe Zimmerle
973c1f1028
Fix rule line number 
Issue #1844
 2018-10-24 21:02:35 -03:00
Felipe Zimmerle
ef7f65db90
Changes debuglogs schema to avoid unecessary str allocation 2018-10-23 17:00:16 -03:00
Felipe Zimmerle
69cd61439d
Changes the timing to save the rule message 2018-10-23 16:58:42 -03:00
Felipe Zimmerle
120108fd33
Adds support for /32 in @ipMatch cidr notation. 
/32 is the representation of the ip itself. Not sure if it is needed,
but there is a complaint for that: #849
 2018-10-23 16:37:53 -03:00
Felipe Zimmerle
7c50fa7c00
Small fix on @detectXSS test case 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
85ecd190d9
Adds full support to UpdateActionById. 
Issue #1800
 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
554251bade
Refactoring on the Rule class 2018-10-23 16:26:10 -03:00
Felipe Zimmerle
bc3d3f1915
Adds support to setenv action 
Issue #1044
 2018-09-25 10:19:52 -03:00
Felipe Zimmerle
c721e101c0
Adds request IDs and URIs to the debug log 2018-09-24 21:07:11 -03:00
Felipe Zimmerle
cdf2da1a09
Adds test case related to issue #1725 2018-09-24 16:39:57 -03:00
Felipe Zimmerle
98b9ae659d
Having a better organization for Variables:: 2018-09-24 16:39:48 -03:00
Felipe Zimmerle
ee50fea266
Handling key exceptions on the variable itself 
This is the first step towords to solve #1697
 2018-09-24 16:16:30 -03:00
Victor Hora
5aa79c17f2 Add test cases for m.setvar in Lua scripts 2018-09-19 19:47:05 -04:00
Victor Hora
a719871458
Fix matching condition and adjust test case 2018-09-11 20:53:17 -03:00
Felipe Zimmerle
dfbff090be
test case: Adds test case related to #1831 2018-09-11 15:40:41 -03:00
Felipe Zimmerle
d302b99ec5
Adds test case for: #1812 2018-09-05 16:00:42 -03:00
Felipe Zimmerle
4585216ae6
Adds more tests to REQUEST_BASENAME 
Meant to test #1795
 2018-09-04 22:02:56 -03:00
Victor Hora
aa158ceef3
Set the correct variable (m_requestBodyType) and add test case 2018-08-22 22:46:37 -03:00
michaelgranzow-avi
d810de9166
#1818: Variable names must match fully, not partially; also revert to hash table lookup instead of linear search; add test case 2018-06-26 10:47:03 -03:00
Victor Hora
fd8e72fd97
Allow empty strings to be evaluated by regex::searchAll 2018-06-18 22:11:48 -03:00
Ervin Hegedus
76887b8b22
Added new tests, aligned to new UNMATCHED_BOUNDARY flag value 2018-06-12 01:09:37 -03:00
Ervin Hegedus
af4afd348c
Fixed false positive MULTIPART_UNMATCHED_BOUNDARY errors 2018-06-12 01:09:36 -03:00
Felipe Zimmerle
202a15bea8
Changes the behavior of the default sec actions 
Fix #1629
 2018-05-31 14:52:53 -03:00
Felipe Zimmerle
42a472adbd
Check if response body inspection is enabled before process it 2018-05-08 10:59:30 -03:00
Scott Leggett
98b4e75465
Fix LDFLAGS for unit tests. 2018-05-03 13:44:59 -03:00
Robert Paprocki
d0a63aac03
Define m_secmarker_skipped as an integer type 
There's no reason to treat this this as a double, since it
represents a human-readable data value that is only meaningful
as an integer. In doing so we write cleaner audit logs and save
a small amount of space.
 2018-04-24 11:49:13 -03:00
Robert Paprocki
f7beb17570
Fix broken @detectxss operator regression test 2018-04-23 22:11:00 -03:00
Andrei Belov
3d06e1b8b6
Fix github_issue reference in regression test 2018-04-23 22:09:03 -03:00
Andrei Belov
5e65d560f8
Fix utils::string::ssplit() to handle delimiter in the end of string 
This closes #1743.
 2018-04-22 11:37:30 -03:00
Felipe Zimmerle
ff0d451a5c
Fix maxmind test case 2018-03-29 17:24:32 -03:00