github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,173 Commits 55 Branches 109 Tags
Commit Graph

341 Commits

Author SHA1 Message Date
Felipe Zimmerle
1b8d69da02
Fix dict element regular expression selection on SecRuleUpdateTargetByTag 2019-05-31 01:42:51 -03:00
Felipe Zimmerle
5472362313
Fix SecRuleUpdateTargetByTag with regular expressions 2019-05-31 01:42:47 -03:00
Ervin Hegedus
7a93bea8f7 Added some test cases related to #2099 2019-05-30 09:52:27 -03:00
Rufus125
86ce479b59
Adds new operator to check for data leakage of Austrian social security number 2019-05-29 20:57:08 -03:00
Felipe Zimmerle
b574418386
regression: Using github instead of modsecurity.org for SecRemoteRules 2019-04-05 12:59:34 -03:00
Ervin Hegedus
a6e6bc2b5f
Allow empty anchored variable to use 2019-02-12 09:31:19 -03:00
Ervin Hegedus
2d3fbbc56a
Modified affected test cases, which checked wrong variables 2019-02-12 09:16:07 -03:00
Ervin Hegedus
17d79ed7ba
Fixed data collecting in multipart parsing 2019-02-12 09:16:07 -03:00
Ervin Hegedus
4b3e6328e3
Fixed validateByteRange parsing method 2019-02-12 09:10:36 -03:00
Felipe Zimmerle
145f2f35b7
tests: Updates secrules-language-tests 2019-02-05 11:26:03 -03:00
Felipe Zimmerle
d00ea5111d
Adds initial support to drop action 2018-12-24 16:35:41 -03:00
Felipe Zimmerle
25bb1f1bcc
Changes ENV test case to read the default MODSECURTIY env var 2018-11-29 15:21:28 -03:00
Felipe Zimmerle
d2b14de268
Allow 0 length JSON requests 
As discussed at: #1822
 2018-11-29 10:39:46 -03:00
Felipe Zimmerle
ce3abf2626
Adds support to multiple ranges in ctl:ruleRemoveById 
Issue #1956
 2018-11-26 20:48:18 -03:00
Victor Hora
cbf2fe9703
Adjust boundary test cases for the less strict parsing 2018-11-20 22:17:53 -03:00
Victor Hora
b638e523af
Make the boundary check less strict as per RFC2046 2018-11-20 22:17:22 -03:00
Felipe Zimmerle
9d80983e55
Fix on top of #1943 + adding test cases 2018-11-01 16:11:39 -03:00
Victor Hora
e3b9f7c913
Fix SecUnicodeMapFile support 
Makes SecUnicodeMapFile read the file and adjust transformation to use the
right variable.
 2018-10-31 22:57:39 -03:00
Victor Hora
84ece3edcb
Add test case for SecUnicodeMap 2018-10-31 22:19:27 -03:00
Felipe Zimmerle
065c2e67b6
Adds test case for #1850 2018-10-30 18:25:46 -03:00
Felipe Zimmerle
e1e8a01ed2
Override the default status code if not suitable to redirect action 
Issue #1850
 2018-10-30 18:20:23 -03:00
Felipe Zimmerle
3f0ea90970
Test case skeleton for #1941 2018-10-29 11:14:31 -03:00
Felipe Zimmerle
973c1f1028
Fix rule line number 
Issue #1844
 2018-10-24 21:02:35 -03:00
Felipe Zimmerle
ef7f65db90
Changes debuglogs schema to avoid unecessary str allocation 2018-10-23 17:00:16 -03:00
Felipe Zimmerle
69cd61439d
Changes the timing to save the rule message 2018-10-23 16:58:42 -03:00
Felipe Zimmerle
120108fd33
Adds support for /32 in @ipMatch cidr notation. 
/32 is the representation of the ip itself. Not sure if it is needed,
but there is a complaint for that: #849
 2018-10-23 16:37:53 -03:00
Felipe Zimmerle
7c50fa7c00
Small fix on @detectXSS test case 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
85ecd190d9
Adds full support to UpdateActionById. 
Issue #1800
 2018-10-23 16:26:11 -03:00
Felipe Zimmerle
554251bade
Refactoring on the Rule class 2018-10-23 16:26:10 -03:00
Felipe Zimmerle
bc3d3f1915
Adds support to setenv action 
Issue #1044
 2018-09-25 10:19:52 -03:00
Felipe Zimmerle
cdf2da1a09
Adds test case related to issue #1725 2018-09-24 16:39:57 -03:00
Felipe Zimmerle
ee50fea266
Handling key exceptions on the variable itself 
This is the first step towords to solve #1697
 2018-09-24 16:16:30 -03:00
Victor Hora
5aa79c17f2 Add test cases for m.setvar in Lua scripts 2018-09-19 19:47:05 -04:00
Victor Hora
a719871458
Fix matching condition and adjust test case 2018-09-11 20:53:17 -03:00
Felipe Zimmerle
dfbff090be
test case: Adds test case related to #1831 2018-09-11 15:40:41 -03:00
Felipe Zimmerle
d302b99ec5
Adds test case for: #1812 2018-09-05 16:00:42 -03:00
Felipe Zimmerle
4585216ae6
Adds more tests to REQUEST_BASENAME 
Meant to test #1795
 2018-09-04 22:02:56 -03:00
Victor Hora
aa158ceef3
Set the correct variable (m_requestBodyType) and add test case 2018-08-22 22:46:37 -03:00
michaelgranzow-avi
d810de9166
#1818: Variable names must match fully, not partially; also revert to hash table lookup instead of linear search; add test case 2018-06-26 10:47:03 -03:00
Victor Hora
fd8e72fd97
Allow empty strings to be evaluated by regex::searchAll 2018-06-18 22:11:48 -03:00
Ervin Hegedus
76887b8b22
Added new tests, aligned to new UNMATCHED_BOUNDARY flag value 2018-06-12 01:09:37 -03:00
Ervin Hegedus
af4afd348c
Fixed false positive MULTIPART_UNMATCHED_BOUNDARY errors 2018-06-12 01:09:36 -03:00
Felipe Zimmerle
202a15bea8
Changes the behavior of the default sec actions 
Fix #1629
 2018-05-31 14:52:53 -03:00
Felipe Zimmerle
42a472adbd
Check if response body inspection is enabled before process it 2018-05-08 10:59:30 -03:00
Robert Paprocki
d0a63aac03
Define m_secmarker_skipped as an integer type 
There's no reason to treat this this as a double, since it
represents a human-readable data value that is only meaningful
as an integer. In doing so we write cleaner audit logs and save
a small amount of space.
 2018-04-24 11:49:13 -03:00
Robert Paprocki
f7beb17570
Fix broken @detectxss operator regression test 2018-04-23 22:11:00 -03:00
Andrei Belov
3d06e1b8b6
Fix github_issue reference in regression test 2018-04-23 22:09:03 -03:00
Andrei Belov
5e65d560f8
Fix utils::string::ssplit() to handle delimiter in the end of string 
This closes #1743.
 2018-04-22 11:37:30 -03:00
Felipe Zimmerle
ff0d451a5c
Fix maxmind test case 2018-03-29 17:24:32 -03:00
Felipe Zimmerle
0ca5994744
Adds support for ctl:ruleRemoveByTag action 2018-03-26 17:01:53 -03:00