github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 07:56:12 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,283 Commits 55 Branches 109 Tags
Commit Graph

569 Commits

Author SHA1 Message Date
Felipe Zimmerle
8416eca98b
Initializes m_maturity in the rule class 
m_maturity was not initialized in one of the constructors of Rule
 2016-07-18 16:19:53 -03:00
Felipe Zimmerle
37079ef668
Adds support to SecRuleRemoveById 2016-07-18 15:02:38 -03:00
Felipe Zimmerle
d781b00f70
Fix the `log' action and the webserver error callback 2016-07-16 15:20:31 -03:00
Felipe Zimmerle
c0ebd45a68
Reduces bison required version to test it over the buildbots 2016-07-14 00:20:01 -03:00
Felipe Zimmerle
4cf6c714ac
Cosmetics: Fix coding style 2016-07-12 21:59:17 -03:00
Felipe Zimmerle
4078677b7f
Cosmetic changes: applies changes suggested by static analysis 2016-07-12 00:46:12 -03:00
Felipe Zimmerle
3f38b56682
Renames testdb' to modsec-shared-collections' 2016-07-11 14:00:33 -03:00
Andrei Belov
063850a4cb
exclude build-time required headers from install target 2016-07-11 11:08:41 -03:00
Andrei Belov
649365481f
automake: include all needed files into "make dist" target. 2016-07-11 11:08:41 -03:00
Felipe Zimmerle
ad481be09e
lmdb backend: Adds support to select variables using regex 2016-07-11 11:00:06 -03:00
Felipe Zimmerle
de8245d8f9
in-memory backend: Adds support to select variables using regex 2016-07-11 10:59:43 -03:00
Felipe Zimmerle
833089eb70
Adds method resolveFirstCopy to collections 
Using the copy whenever it is necessary to avoid memory leak.
 2016-07-08 10:22:37 -03:00
Felipe Zimmerle
6e4226ee4d
Adds support to global collections shared among different process 
There is a memory leak in the variable resolution that should be
contained by an internal change in the way that the variables
are resolved.
 2016-07-07 23:03:47 -03:00
Felipe Zimmerle
7bcc9cf0d9
Bug fix: variable resolution inside global collections 
Collections were being resolved as transient variables.
 2016-07-07 10:32:48 -03:00
Felipe Zimmerle
5daf4873b5
build: Searching for LMDB during the configuration phase 2016-07-05 11:56:19 -03:00
Alexey Zelkin
afd7a21d11
Correctly handle return values from pcre_study(3) 
If both function's return value and errptr are NULLs, it means
that pcre_study() does not make sense, so can be ignored.
 2016-07-05 11:48:52 -03:00
Felipe Zimmerle
e231503bc9
Simplifies the collection interface 2016-07-05 09:48:58 -03:00
Alexey Zelkin
f43704dbef
Add explicit 'return true;' for Transaction::extractArguments() 
Unbreaks runtime for FreeBSD 10 (clang generated code)
 2016-07-04 22:42:36 -03:00
Alexey Zelkin
45850d17da
Fix typo (= vs ==) 2016-07-04 22:42:00 -03:00
Felipe Zimmerle
71acdaf8c5
Accept new line + caridge return in the rules parser 2016-07-01 16:06:34 -03:00
Felipe Zimmerle
578dabea8b
Informs the https client a key if any is given 2016-07-01 15:04:17 -03:00
Felipe Zimmerle
3d1d0514fd
Fix pass action behaviour: now only ingore actions within the same rule 
More details on issue #1152
 2016-07-01 11:01:51 -03:00
Felipe Zimmerle
f72bd587ec
Adds support to the allow action 2016-06-30 20:44:51 -03:00
Felipe Zimmerle
e77e4c4c14
Adds missing test case to Makefile.am and initializes the skip var 2016-06-30 13:46:15 -03:00
Felipe Zimmerle
b0f69b1262
Adds support to the `skip' action 2016-06-30 10:35:42 -03:00
Alexey Zelkin
f00e625c8e
Unbreak build with custom location of libyajl.so 2016-06-30 09:41:26 -03:00
Felipe Zimmerle
90adb53935
Adds support to JSON request body parser 2016-06-29 21:55:41 -03:00
Felipe Zimmerle
2477470607
Adds support to the resource collection 2016-06-24 15:17:29 -03:00
Felipe Zimmerle
bad3e13612
parser: Fix commented SecRule parser 
No longer treat the next line as comment. Instead changes the
parser state to comment and figure out what to do.
 2016-06-24 13:51:54 -03:00
Felipe Zimmerle
7d06c32b0d
Adds error messages while failed to init a collection 2016-06-24 13:48:57 -03:00
Felipe Zimmerle
0c0a9b3083
Accepts component signature between brackets 2016-06-23 23:14:01 -03:00
Felipe Zimmerle
74a34261ab
Adds function removeBracketsIfNeeded to utils 2016-06-23 23:11:49 -03:00
Felipe Zimmerle
7317079945
parser: Reporting the right column position in case of error 2016-06-23 16:02:09 -03:00
Felipe Zimmerle
37c18326c6
parser: Avoid to duplicate the invalid character 2016-06-23 16:01:05 -03:00
Felipe Zimmerle
0fdde52532
Fix setvar action to accept equals nothing 2016-06-23 15:48:23 -03:00
Felipe Zimmerle
cf2ffe7e11
Fix the line counter while showing an parser error 2016-06-23 15:40:19 -03:00
Felipe Zimmerle
02909f7cd8
parser: arbitraty text can be used instead of operator 
The usage of an arbitrary text instead operator was expecting that the
arbitrary text start by something different from "@" or "!", now it can
start with anything, including "@", and/or "!". Notice however that
there aren't such thing as a bad  operator. Bad operator will be used as
input of @rx. Issue #1136.
 2016-06-22 16:59:50 -03:00
Felipe Zimmerle
0d53dda1a1
Adds support to @unconditionalMatch 
Issue #1002
 2016-06-21 13:46:55 -03:00
Felipe Zimmerle
60be385ebe
Adds support to the SERVER_NAME variable 2016-06-21 10:53:11 -03:00
Felipe Zimmerle
df1f7c5e08
Adds support to the RESPONSE_PROTOCOL variable 2016-06-21 10:52:18 -03:00
Felipe Zimmerle
b8bd0c5960
API CHANGE: response status is now set on processResponseHeaders 
That change was needed to move the variable attribution to earliest
as possible. We also have a new field for HTTP_PROTOCOL version used
on the response.
 2016-06-21 09:24:46 -03:00
Felipe Zimmerle
a36b2da86a
Adds support to the STATUS variable 2016-06-20 20:34:39 -03:00
Felipe Zimmerle
56d084a7f4
Adds support the variable rule 
Issue #1016
 2016-06-20 14:03:45 -03:00
Felipe Zimmerle
6052d2628b
Adds support to URLENCODED_ERROR variable 2016-06-20 11:34:43 -03:00
Felipe Zimmerle
c5262d54f2
Fix argument uri decode order 
The uri decode happens after the string is splitted, not before.
 2016-06-17 15:34:06 -03:00
Felipe Zimmerle
dbaf79fb8e
Adds extractArguments facilitator method 
Little refactoring to use this method instead of doing it
manually in different parts of the code.
 2016-06-17 15:15:44 -03:00
Felipe Zimmerle
5c088c8be4
Adds addArgument method to transaction class 
There was a bit of refactoring to use the addArgument function, instead
of adding the items manually.
 2016-06-17 14:34:22 -03:00
Felipe Zimmerle
ebe8424758
Adds support to REQBODY_ERROR_MSG and REQBODY_ERROR 
Support to REQBODY_PROCESSOR_ERROR and REQBODY_PROCESSOR_ERROR_MSG
were also added.
 2016-06-16 23:14:15 -03:00
Felipe Zimmerle
7bd6e9a2bd
Makes XML request body processor to be selected only by ctl:equestBodyProcessor 2016-06-16 17:20:47 -03:00
Felipe Zimmerle
7cb27eb9fc
Implements the support to fill the REQBODY_PROCESSOR variable 2016-06-16 15:47:40 -03:00