github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,083 Commits 55 Branches 109 Tags
Commit Graph

103 Commits

Author SHA1 Message Date
Felipe Zimmerle
1065e297b2 Fix several minor issues on the seclang grammar 2015-08-22 11:06:28 -03:00
Felipe Zimmerle
0b225f0239 Parser: adds support to SecRequestBodyInMemoryLimit 2015-08-19 22:42:46 -03:00
Felipe Zimmerle
2d56aa521b Cosmetics: fix actions on yy file 
- added action for:
  ctl:requestBodyProcessor=XML
  ctl:requestBodyProcessor=JSON
- added CONFIG_DIR_REQ_BODY_NO_FILES_LIMIT
 2015-08-19 22:36:31 -03:00
Felipe Zimmerle
d5fe21ce3c Code cosmetics: reduce the amount of cppcheck warnings 2015-08-12 22:40:26 -03:00
Felipe Zimmerle
fb161a69a9 Removes some warnings by adding missing returns 2015-08-11 13:13:16 -03:00
Felipe Zimmerle
ce0d81c0da Adds sanity check for inputs 2015-08-10 00:08:02 -03:00
Felipe Zimmerle
ad9393a8c2 Adds support for the tag action 2015-08-07 14:27:43 -03:00
Felipe Zimmerle
f519717bdf Adds support to the msg action 2015-08-07 14:27:43 -03:00
Felipe Zimmerle
e12d95b10d Adds support to the TX collection and setvar action 2015-08-07 14:27:43 -03:00
Felipe Zimmerle
522f195aa0 Adds support to urlDecodeUni transformation 2015-08-05 22:54:48 -03:00
Felipe Zimmerle
a4cf218a3e Removes chrono references to make it compile with gcc 4.8.x 2015-08-02 22:14:32 -03:00
Felipe Zimmerle
6beca48c54 Fix C api signatures 2015-07-27 00:41:56 -03:00
Felipe Zimmerle
e016b72a8e Handles better the memory utilization 
- Added reference counts to Rule and AuditLog;
- Some memory leaks were removed, including GeoLookup;
- Deal better with parser errors;
- Overriding the AutlogLogWritter destructor.
 2015-07-26 22:51:57 -03:00
Felipe Zimmerle
b8f7fb441d Adds support to SecRemoteRules and Include directives 
This commit includes a refactoring on important pieces of the parser
to allow it work in a stack fashion. Driver and Rules classes were
simplified and the RulesProperties class was created.
 2015-07-24 22:57:29 -03:00
Felipe Zimmerle
76b34af357 Adds support to load remote rules 2015-07-23 14:40:56 -03:00
Felipe Zimmerle
b5ca607e76 Places class Driver under the Parser namespace 2015-07-23 01:37:15 -03:00
Felipe Zimmerle
d3eb0fd913 Driver class is extending the Rules class instead of duplicate elements 2015-07-23 00:10:32 -03:00
Felipe Zimmerle
dc0b13ad74 Cosmetic: fix copyright header 2015-07-22 23:03:09 -03:00
Felipe Zimmerle
261ee9f115 Adds support to BodyLimitAction and support for parser errors 2015-07-22 21:31:58 -03:00
Felipe Zimmerle
cb722c74b9 Adds support to REQUEST_HEADERS{_NAMES} and RESPONSE_HEADERS{_NAMES} vars 2015-07-22 21:22:32 -03:00
Felipe Zimmerle
62fece7823 Adds support to SecResponseBodyLimit directive and OUTBOUND_DATA_ERROR var 2015-07-21 19:46:15 -03:00
Felipe Zimmerle
09867791c7 Adds support to MATCHED_VARS variable 2015-07-21 14:21:49 -03:00
Felipe Zimmerle
9d69501961 Adds support to MATCHED_VAR variable 2015-07-21 12:02:14 -03:00
Felipe Zimmerle
9c066e3198 Adds support to the INBOUND_DATA_ERROR variable and SecRequestBodyLimit direc. 2015-07-21 10:02:33 -03:00
Felipe Zimmerle
95c2fed89c Adds support to severity action and HIGHEST_SEVERITY variable 2015-07-21 01:09:13 -03:00
Felipe Zimmerle
41bf1490b7 Adds MODSEC_BUILD variable 2015-07-20 20:43:07 -03:00
Felipe Zimmerle
5d5e10bfde Adds support for basic Multipart process 
Adjustments will be needed, for instance: the logging support is still missing
 2015-07-17 15:12:15 -03:00
Felipe Zimmerle
33dff0f1bf Refactoring on the variables resoluvtion method 2015-07-15 12:34:06 -03:00
Felipe Zimmerle
f0624bb089 Adds support to ARGS_GET_NAMES variable 2015-07-14 16:41:55 -03:00
Felipe Zimmerle
e7ec09623d Adds support to ARGS_POST_NAMES variable 2015-07-14 16:41:36 -03:00
Felipe Zimmerle
bc0553e726 Adds support to the variable ARGS_NAMES 2015-07-14 15:22:42 -03:00
Felipe Zimmerle
228a5ce7cc Adds support to ARGS_COMBINED_SIZE variable 2015-07-14 14:17:12 -03:00
Felipe Zimmerle
76b769cc84 Decodes the url content before assing values to varibles 2015-07-14 13:54:56 -03:00
Felipe Zimmerle
80f13437e3 Refactoring on the variable read/store methods 
Now it is ready to received two (or more) variables with same key.
 2015-07-14 00:33:57 -03:00
Felipe Zimmerle
f13a1bd880 Adds support the Parallel audit log index creation 
The index is now being generated.
 2015-07-14 00:33:57 -03:00
Felipe Zimmerle
96a777a5cf Adds initial serial audit logging support 
Serial logging following the format used on ModSecurity 2.9.
 2015-07-14 00:33:50 -03:00
Felipe Zimmerle
001d5ebf7f Properly deal with classes destructors 
There are some classes such as AuditLog that demands a reference count. That is
needed because this class can be used by different instances of the Rules
classes.
 2015-07-13 14:16:48 -03:00
Felipe Zimmerle
c9620ac50f Writes audit log in parallel mode 
First version still missing the index among other things
 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
1ddb36a781 Adds SecComponentSignature configuration directive 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
75a9cfa273 Uses an enumeration to determine the state of the SecRuleEngine 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
cb8d6249a8 Adds connector information to the audit logs 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
2138dd1369 Adds method setConnectorInformation to ModSecurity class 
For the purpose of log it is necessary for modsecurity to understand which
'connector' is consuming the API.
 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
8dab5ac30c Adds whoAmI method to ModSecurity class 
The method returns information about the ModSecurity's version and the platform
that it was compiled. Further it will be used by the audit logs and by the
connectors. msc_who_am_i was added accordingly, to the C api.
 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
aa8dc9115b Adds first version of Assay's materialization in a JSON format 
That format will be used by the audit logs.
 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
888b9622c7 Adds random id to each assay 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
3112794025 Adds a time stamp to assay class 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
278b513933 Adds protocol and http version to processUri method's signature 
Protocol and http version will be further used to fill some variables
and the audit log.
 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
2109910848 Adds support to the server ID generation 
The server ID is a sha-1 identifier generated from the mac address of the first
ethernet device plus the server name. The process is the same used by
ModSecurity 2.9
 2015-07-10 18:37:48 -03:00
Felipe Zimmerle
0beae17b4f Adds 'http_returned_code' property to Assay class 
To be used by the auditlogs
 2015-07-08 18:28:05 -03:00
Felipe Zimmerle
e44d6e280d Adds actions 'auditlog' and 'noauditlog' 2015-07-08 18:06:46 -03:00