github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-17 14:46:13 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,560 Commits 55 Branches 109 Tags
Commit Graph

282 Commits

Author SHA1 Message Date
Victor Hora
9d70345d3d
Add missing hexDecode transformation to seclang parser 2017-05-29 22:48:23 -03:00
Felipe Zimmerle
0e05b7bb8a
Avoids to load a directory structure as a rules file 2017-05-02 16:42:22 -03:00
Felipe Zimmerle
c97db2f361
Adds verbose message when a resource is not found. 
Fix #1309
 2017-05-02 13:39:37 -03:00
Felipe Zimmerle
6421ff087a
Forces disruptive to be first-rule-only 
ModSecurity version 3 is capable to handle disruptive actions in different
rules from the chain. However, lets get it working in the same fashion that
we have in version 2.
 2017-04-24 21:06:35 -03:00
Felipe Zimmerle
b3c8e97ff7
Parse fix: accepting variables in between quotes 2017-03-30 10:02:36 -03:00
Felipe Zimmerle
e2bd87d07d
Fix minor parser errors 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
d6363607aa
Accept quoted regexp in the collection selection 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
f9552ede2b
Adds missing file 2017-03-06 15:02:01 -03:00
Felipe Zimmerle
e95efa05cc
Fix assorted memory and static analysis errors 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
f2d149fc5f
Extends the direct access model to other collections 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
ca24b6bb06
PoC: Adds support to direct access on ARGS collection 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
c1f11ab4e5
Cosmetics: assorted fixes on the coding style 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
ff65d618e4
Adds missing Makefile.am file 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
ba6b972ca8
Makes global collection allowed to be set by setVar 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
b516cc6de1
Adds operation unset to setVar action 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
e95555132e
Contionuation of 1 time variable patch 
Now we have almost 100% of the transaction variables hosted on the
new schema. Variable modifcators (count and exclusion) are not yet
supported on the new schema. Notice that setvar is now using the
parser.
 2017-03-06 15:01:58 -03:00
Felipe Zimmerle
703da3c4f0
Adds PoC about 1-time variable resolution and draft for offset 
There is no need for the variable purely associated with the
transaction (transient) be part of collection that demands
lookups. Also, those variables will held the concept of offset:
The offset from the first byte of the request till the start of
the variable.
 2017-03-06 15:01:52 -03:00
Felipe Zimmerle
3eccfaf1f6
Disables parser generation on all builds 
The parser generation is now an configure option
 2017-03-06 15:01:52 -03:00
Felipe Zimmerle
03d0570e99
Deletes the Rule object in case of a parser failure 2017-03-06 15:01:52 -03:00
Felipe Zimmerle
1aa2a9c01b
Avoids memory leak by cleaning loc stack on Driver's destructor 2017-03-06 15:01:52 -03:00
Felipe Zimmerle
839ac62585
Fix memory leaks in parser failures 2017-03-06 15:01:51 -03:00
Felipe Zimmerle
a6f07f621d
Makes the lexical errors a little bit more verbose 2017-03-06 15:01:51 -03:00
Felipe Zimmerle
5880524db6
cosmetics: Improves the tokens organization 2017-03-06 15:01:51 -03:00
Felipe Zimmerle
808fd23358
Avoids a second initialization of the Audit Log class 2017-03-06 15:01:51 -03:00
Felipe Zimmerle
60402d8b80
Renames defaultActions to m_defaultActions in RulesProperties 2017-03-06 15:01:50 -03:00
Felipe Zimmerle
7927ddda91
Renames rules to m_rules in RulesProperties 2017-03-06 15:01:50 -03:00
Felipe Zimmerle
5086fef492
Fix parser while continuation line is used between var and op 2017-03-06 15:01:50 -03:00
Felipe Zimmerle
59114dd598
Refactoring on the operators parsers (2/2) 
This is the first step towards remove the memory leaks in the parser
 2017-03-06 15:01:50 -03:00
Felipe Zimmerle
9cda4c0be0
cosmetics: Having the parser in a better shape regarding operators 1/2 2017-03-06 15:01:50 -03:00
Felipe Zimmerle
15b81d09e7
Refactoring on the transformation classes 2016-12-28 19:53:37 -03:00
Felipe Zimmerle
88fb456a16
Cosmetics: Reduces the static analysis warnings 2016-12-28 17:46:47 -03:00
Felipe Zimmerle
9c7416da97
Refactoring the actions classes 2016-12-28 15:20:06 -03:00
Felipe Zimmerle
2e9a35c358
Refactoring on the audit logs implementation 
Among of other things, it is now supporting shared file locks between
different process.
 2016-12-14 23:17:28 -03:00
Felipe Zimmerle
bfc30dad34
Refactoring: how to report to error logs 2016-12-01 01:05:29 -03:00
Felipe Zimmerle
a776cce6d7
Changes RULE variable group to be save at transient collection 2016-11-28 13:00:04 -03:00
Felipe Zimmerle
ab88083159
parser: Fix the expanded list inclusion 2016-11-16 15:47:21 -03:00
Felipe Zimmerle
4643501507
parser: Improves the include error when the file does not exist 2016-11-14 10:23:00 -03:00
Felipe Zimmerle
8b4f1bc46c
Fix rule file inclusion path 
The inclusion was not taking `*' into consideration, leading the
relative configuration inclusion to fail. That was very annoying.
 2016-11-11 15:15:51 -03:00
Felipe Zimmerle
3ee7b24928
Adds refCounter to actions 2016-11-08 18:14:34 -03:00
Felipe Zimmerle
2244e874e2
Moves static methods from class String to the namespace string 2016-11-04 16:00:44 -03:00
Felipe Zimmerle
62a0cb468b
Renames utils/msc_string.[h|cc] to utils/string.[h|cc] 2016-11-04 16:00:42 -03:00
Felipe Zimmerle
424418f54b
Renames msc_system.[h|cc] to system.[h|cc] 2016-11-04 16:00:36 -03:00
Felipe Zimmerle
4ced1d18e0
Using full path in the header inclusion 2016-11-04 14:45:01 -03:00
Felipe Zimmerle
ac4cb53d09
parser: Better understands escaped quotes in operator parameters 2016-11-04 01:55:47 -03:00
Felipe Zimmerle
507ec44cc2
Refactoring on `utils.cc' and adjacents 
Completely removed the `utils.cc' by moving residual functions into
sub-classes of `utils/'
 2016-11-03 20:26:27 -03:00
Felipe Zimmerle
f1e742c159
Moves system related functions from utils' to utils/system' 2016-11-03 10:48:10 -03:00
Felipe Zimmerle
73c4d69174
Moves string related functions from utils' to utils/string' 2016-11-03 10:47:22 -03:00
Felipe Zimmerle
9733cacd4d
Refactoring: moves ctl_ actions into ctl namespace 2016-11-01 14:58:51 -03:00
Felipe Zimmerle
2bb9d7988f
Cosmetics: huge refactoring in the parser 
The parser is now more elegant and resilient.
 2016-10-31 17:33:24 -03:00
Felipe Zimmerle
4711644600
dds support to CtlRequestBodyAccess 2016-10-28 09:48:10 -03:00