github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-17 01:46:08 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,061 Commits 55 Branches 109 Tags
Commit Graph

1010 Commits

Author SHA1 Message Date
Victor Hora
5e40850697
Fix setvar parsing of quoted data 2018-05-03 14:40:48 -03:00
Robert Paprocki
cd1a058c33
Code cosmetics: Clean up MD5 hexdigest 
The null terminator is not necessary when using this form of the
std::string constructor, and its use was confusing given the extra
indent.
 2018-05-03 13:41:49 -03:00
Felipe Zimmerle
d0b423fdd7
Adds time stamp back to the audit logs 
Fix issue #1762
 2018-05-03 13:37:01 -03:00
Felipe Zimmerle
6f92c8914a
Disables skip counter if debug log is disabled 2018-04-24 14:17:01 -03:00
Victor Hora
bb2ecdf4db
Add missing escapeSeqDecode, urlEncode and trimLeft/Right tfns to parser 2018-04-24 09:26:30 -03:00
Felipe Zimmerle
6d5bb42bd8
Normalizes Bison version 2018-04-24 09:15:39 -03:00
Victor Hora
2037a08b34
Fix STATUS var parsing and accept STATUS_LINE var for v2 backward compatibility 2018-04-24 09:06:39 -03:00
Andrei Belov
268f34bbcc
Fix memory leak in modsecurity::utils::expandEnv() 
Found by ASAN.
 2018-04-23 22:54:13 -03:00
Ervin Hegedus
e7ea5433d5
Initialize m_dtd member in ValidateDTD class as NULL 2018-04-23 22:43:36 -03:00
Andrei Belov
5e65d560f8
Fix utils::string::ssplit() to handle delimiter in the end of string 
This closes #1743.
 2018-04-22 11:37:30 -03:00
Victor Hora
5018358371
Fix variable FILES_TMPNAMES 2018-04-22 11:11:46 -03:00
Andrei Belov
8285a97460
Fix memory leak in Collections 
This closes #1729.
 2018-04-05 09:48:51 -03:00
Felipe Zimmerle
0ca5994744
Adds support for ctl:ruleRemoveByTag action 2018-03-26 17:01:53 -03:00
Andrei Belov
138e301695
Reverse logic of checking output in @inspectFile 
This change makes @inspectFile in ModSecurity 3.x to operate in exact
the same way as it operates in ModSecurity 2.x, so existing helper scripts
like runav.pl [1] will work without any changes.

[1] https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0/master/util/av-scanning/runav.pl
 2018-03-22 23:06:30 -03:00
Felipe Zimmerle
df169ea108
Adds support for libMaxMind 2018-03-22 19:11:42 -03:00
Felipe Zimmerle
7bff76d794
Parser: Updates the generated parser files 2018-03-21 18:18:58 -03:00
Victor Hora
480a2f89d7
Disable SecCollectionTimeout parser error 2018-03-12 22:28:07 -03:00
Victor Hora
22334c9bb6
Adds capture action to detectXSS 2018-03-12 22:10:56 -03:00
Victor Hora
e50c317b7a
Temporarily accept invalid MULTIPART_SEMICOLON_MISSING operator 2018-03-12 20:09:17 -03:00
Felipe Zimmerle
70ace0faa4
Adds capture action to detectSQLi 2018-03-09 12:58:00 -03:00
Felipe Zimmerle
0f361b7065
Adds capture action to RBL 2018-03-09 12:49:12 -03:00
Felipe Zimmerle
df25c48f53
Adds capture action to verifyCC 2018-03-09 11:26:24 -03:00
Felipe Zimmerle
77a885da5f
Adds capture action to verifySSN 2018-03-09 09:42:05 -03:00
Felipe Zimmerle
60b2469097
Updates bison parser 2018-03-08 19:05:53 -03:00
Felipe Zimmerle
0b494c4cdc
Adds capture action to verifyCPF 2018-03-08 19:05:31 -03:00
Victor Hora
64ce41280d
Prettier error messages for unsupported configurations (UX) 2018-03-07 17:58:29 -03:00
Victor Hora
a66acebc05
Add missing verify*** transformation statements to parser 2018-03-05 17:50:14 -03:00
Felipe Zimmerle
8bb64c3ee3
Code cosmetics: removes an unused piece of code 2018-03-01 11:52:01 -03:00
Felipe Zimmerle
450c966da0
Fix a set of compilation warnings 2018-03-01 11:36:31 -03:00
Felipe Zimmerle
c8666fae31
Check for disruptive action on SecDefaultAction 2018-02-28 14:02:47 -03:00
Felipe Zimmerle
6842d4bba8
Fix block-block infinite loop. 
Issue #1614
 2018-02-28 12:05:28 -03:00
Felipe Zimmerle
4ac14a2622
Cosmetics on top of: #1636 2018-02-28 11:03:19 -03:00
Minasu
a0bea7356d
Correction remove_by_tag and remove_by_msg 2018-02-28 10:31:45 -03:00
Hegedüs Ervin
8d61a3df90
Fix LMDB compile error 2018-02-28 08:52:40 -03:00
Felipe Zimmerle
dca642369e
Fix on top of #1677 2018-02-26 17:53:18 -03:00
Andrei Belov
ebc068b8ce
Fix msc_who_am_i() to return pointer to a valid C string 
Previously this function was unusable as it returned pointer
to some garbage data.
 2018-02-23 18:42:33 -03:00
Andrei Belov
b50658d1e3
Fix "make dist" target to include necessary headers for Lua 2018-02-23 14:10:39 -03:00
Andrei Belov
ccc1f2031a
Fix "include /foo/*.conf" for single matched object in directory 2018-02-23 14:01:41 -03:00
Victor Hora
ab78b0cfb1
Add missing Base64 transformation statements to parser 2018-02-23 10:34:32 -03:00
Felipe Zimmerle
e3b6b4ccff
Fix resource load on ip match from file 2018-02-22 21:23:20 -03:00
Felipe Zimmerle
ac100785d1
Fix compilation issue while xml is disabled 2018-02-21 16:15:05 -03:00
Felipe Zimmerle
ff782ddfa4
Having LDADD and LDFLAGS organized on Makefile.am 2018-02-21 14:26:47 -03:00
Felipe Zimmerle
2b052b0edb
Checking std::deque size before use it 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
eeec7efb68
Renames collection::Variable to VariableValue 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
de7c5c89bb
Using shared var for variables names 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
6f7fdd9493
Using direct variable access instead m_collections 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
43bba3f942
Removes the depricated MacroExpansion class 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
f17af95728
Using RunTimeString on setvar action 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
a6830c76f2
parser refactoring: ops no longer carry a payload 2018-02-20 13:40:00 -03:00
Felipe Zimmerle
a299997e02
Using run time string on the operators 2018-02-20 13:40:00 -03:00