github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-01 14:15:46 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,187 Commits 55 Branches 109 Tags
f3d8198b8494608f5ce90c20f05cdef7e3e69650
Commit Graph

189 Commits

Author SHA1 Message Date
Brandon Payton
f3d8198b84 Respond to code review feedback 2023-04-11 13:47:02 -04:00
Brandon Payton
0c42ee229e Switch to simpler PCRE error flags 2023-04-11 13:44:07 -04:00
Brandon Payton
8c269d31c5 Update Regex util to support match limits 
If the rx or rxGlobal operator encounters a regex error,
the RX_ERROR and RX_ERROR_RULE_ID variables are set.
RX_ERROR contains a simple error code which can be either
OTHER or MATCH_LIMIT. RX_ERROR_RULE_ID unsurprisingly
contains the ID of the rule associated with the error.
More than one rule may encounter regex errors,
but only the first error is reflected in these variables.
 2023-04-11 13:40:40 -04:00
Martin Vierula
5dfc0a256a minor refactoring and CHANGES update 2022-12-19 03:13:41 -08:00
wfjsw
54ff1ea530 init m_pcje in the constructor of verify_cc.cc 2022-12-10 11:42:51 +08:00
Jabasukuriputo Wang
1550e3017e add fallback for JIT_STACKLIMIT 2022-11-30 23:13:29 +08:00
Jabasukuriputo Wang
6518973464 remove jit stack 2022-09-05 17:00:14 +08:00
wfjsw
0d81b636be feat: PCRE2 JIT 2022-08-25 02:38:05 +08:00
Martin Vierula
0362af4db4 Move PCRE2 match block from member variable 2022-05-20 06:58:31 -07:00
Martin Vierula
606f5721c2 Change some parms to const reference (satisfies cppcheck) 2022-04-27 08:57:09 -07:00
Martin Vierula
1aa7616c18 Add DebugLog message for bad pattern in rx operator 2022-04-21 11:16:01 -07:00
Martin Vierula
f84614fe06 Support PCRE2 2022-04-13 10:44:56 -07:00
Felipe Zimmerle
4cdcc15334 Revert "Adds suppor for HyperScan in the bulid system" 
This reverts commit 912704b6d4.
 2021-02-26 11:33:12 -03:00
Felipe Zimmerle
912704b6d4 Adds suppor for HyperScan in the bulid system 2021-02-26 11:15:02 -03:00
martinhsv
6ca028b6f5 Fix memory leak in rx operator when pattern includes macro 2021-01-25 19:39:10 -03:00
Felipe Zimmerle
3748d62f19 Changes copyright dates on the code 2021-01-19 09:24:37 -03:00
Felipe Zimmerle
9b40a045bb Cosmetics: fix some cppcheck complains to please QA 2021-01-13 13:30:04 -03:00
martinhsv
2672db103e Add support for new operator rxGlobal 2020-10-26 08:55:07 -03:00
Felipe Zimmerle
ae3ad5eaa7 cosmetics: Address some cppcheck complains 2020-08-06 19:02:00 -03:00
martinhsv
b9620c26a0 rx:exit after full match; fix TX population after unused group 2020-06-29 06:13:45 -07:00
Felipe Zimmerle
7a48245aed Creates RuleUnconditional 
Makes RuleScript child of RuleWithActions instead of Operator
 2020-03-31 14:44:19 -03:00
Felipe Zimmerle
59d4268882 Refactoring: renames Rule to RuleWithOperator 2020-03-31 10:00:08 -03:00
Felipe Zimmerle
fda03c0016 Yet another refactoring in Rule 2020-03-30 15:38:51 -03:00
Felipe Zimmerle
6a742cdf76 Refactoring: Renames RulesProperties to RulesSetProperties 2020-02-17 13:17:03 -03:00
Felipe Zimmerle
7495675d54 Refactoring: Renames Rules to RulesSet 
RulesSet does not only contain rules but alse properties
 2020-02-11 14:26:47 -03:00
Felipe Zimmerle
357c140003 Changens copyright year 2020-01-31 10:32:37 -03:00
Felipe Zimmerle
fe98ce4c7d Cosmetics: address cppcheck warnings 2020-01-30 18:19:34 -03:00
Felipe Zimmerle
ff590174da Cosmetics: address cppcheck warnings on src/operators 2020-01-23 08:10:05 -03:00
Felipe Zimmerle
4f13fecbaf cppcheck: make static analysis more pedantic 2020-01-22 09:16:10 -03:00
Felipe Zimmerle
86a5f471a9 Cosmetics: fixed static analysis issues. 2020-01-15 20:35:59 -03:00
root
6624a18a4e Fixed inspectFile operator does not pass FILES_TMPNAMES 
pass FILES_TMPNAMES variable to lua engine Fixed Lua engine
should also be aware of the variable and pass it to the target
lua script main function
 2019-11-26 08:40:53 -03:00
toubley
7b1b00b5e1 filter comment or blank line for pmFromFile operator 2019-11-22 14:49:41 -03:00
Andrei Belov
5929277938 Avoid using NULL string (match) in Pm::evaluate 
Closes #2178.
 2019-10-07 08:37:05 -03:00
Felipe Zimmerle
beedddd6c6 Fix @pm lookup for possible matches on offset zero 2019-10-02 08:05:14 -07:00
marduone
96d36afeca Add Missing throw in Operator::instantiate 2019-06-17 14:56:03 -03:00
Rufus125
86ce479b59 Adds new operator to check for data leakage of Austrian social security number 2019-05-29 20:57:08 -03:00
Tim Herren
75a5c8d334 correct typo validade in log output 2019-05-27 17:13:29 -03:00
Ervin Hegedus
4b3e6328e3 Fixed validateByteRange parsing method 2019-02-12 09:10:36 -03:00
WGH
ad28de4f14 Refactor regex code 
This commit fixes quite a few odd things in regex code:
 * Lack of encapsulation.
 * Non-method functions for matching without retrieving all groups.
 * Regex class being copyable without proper copy-constructor (potential UAF
   and double free due to pointer members m_pc and m_pce).
 * Redundant SMatch::m_length, which always equals to match.size() anyway.
 * Weird SMatch::size_ member which is initialized only by one of the three matching
   functions, and equals to the return value of that function anyways.
 * Several places in code having std::string value instead of reference.
 2019-01-18 10:34:01 -03:00
Felipe Zimmerle
ef7f65db90 Changes debuglogs schema to avoid unecessary str allocation 2018-10-23 17:00:16 -03:00
Felipe Zimmerle
554251bade Refactoring on the Rule class 2018-10-23 16:26:10 -03:00
Felipe Zimmerle
74841779f8 Adds partial support to UpdateActionById 2018-10-23 16:26:10 -03:00
Felipe Zimmerle
ee50fea266 Handling key exceptions on the variable itself 
This is the first step towords to solve #1697
 2018-09-24 16:16:30 -03:00
Felipe Zimmerle
a85ca00a55 Fix utf-8 character encoding conversion 
Reported on: #1794
 2018-09-04 21:01:11 -03:00
Ervin Hegedus
e7ea5433d5 Initialize m_dtd member in ValidateDTD class as NULL 2018-04-23 22:43:36 -03:00
Andrei Belov
138e301695 Reverse logic of checking output in @inspectFile 
This change makes @inspectFile in ModSecurity 3.x to operate in exact
the same way as it operates in ModSecurity 2.x, so existing helper scripts
like runav.pl [1] will work without any changes.

[1] https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0/master/util/av-scanning/runav.pl
 2018-03-22 23:06:30 -03:00
Felipe Zimmerle
df169ea108 Adds support for libMaxMind 2018-03-22 19:11:42 -03:00
Victor Hora
22334c9bb6 Adds capture action to detectXSS 2018-03-12 22:10:56 -03:00
Felipe Zimmerle
70ace0faa4 Adds capture action to detectSQLi 2018-03-09 12:58:00 -03:00
Felipe Zimmerle
0f361b7065 Adds capture action to RBL 2018-03-09 12:49:12 -03:00