github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-10-01 03:57:47 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,161 Commits 55 Branches 109 Tags
fb01ad94efdd992422408bd2a25fb2149b622b9f
Commit Graph

339 Commits

Author SHA1 Message Date
Felipe Zimmerle
2e3da7ea24 Better support for multipart 
ModSecurity v2.x parser was ported into 3.x branch.

All the multipart related variables should be workbale.
 2016-06-10 09:40:08 -03:00
Felipe Zimmerle
967c8c90f2 Fixed minor behavior on the trasnformations and added sha1-mbedtls 2016-05-30 16:54:13 -03:00
Felipe Zimmerle
f35d28b8d3 Loads the transformations test cases during the unit test 
Related to: #1156
 2016-05-27 11:03:46 -03:00
Felipe Zimmerle
1fe0e34201 Adds support to sqlHexDecode transformation 
Issue #973
 2016-05-25 20:19:54 -03:00
Felipe Zimmerle
2b056485d0 Adds support to Utf8ToUnicode transformation 
Issue #974
 2016-05-25 18:21:26 -03:00
Felipe Zimmerle
348cf3bfab Adds support to the REMOTE_USER variable 2016-05-23 18:32:53 -03:00
Felipe Zimmerle
f989ecd5cb Adds support to SecXMLExternalEntity 2016-05-18 17:02:15 -03:00
Felipe Zimmerle
6a7b970fe3 Adds support to ctl:requestBodyProcessor=XML 2016-05-18 10:30:25 -03:00
Felipe Zimmerle
1f45d6cea8 Adds full support to the libxml action 
Issue #1148
 2016-05-18 09:47:30 -03:00
Felipe Zimmerle
8c714af8e1 Actions refactoring: now there is a clear definiation on the action name 2016-05-17 14:36:59 -03:00
Felipe Zimmerle
1b88947d9b Adds support 'xmlns' action to the libmodsec parser 2016-05-16 18:24:54 -03:00
Felipe Zimmerle
3e8defb853 Adds support to the operator @validateDTD 
Further info #1003
 2016-05-13 09:20:10 -03:00
Felipe Zimmerle
6a40752500 Adds XML variable, xml body request processor and @validateSchema 2016-05-12 11:11:40 -03:00
Felipe Zimmerle
35636674e3 Adds the missing regression tests for USERID 2016-05-11 20:36:47 -03:00
Felipe Zimmerle
ff9aa5c7cf Adds support to the variable SESSIONID 2016-05-06 14:38:38 -03:00
Felipe Zimmerle
a2a47798e9 Adds support to the collection SESSION and setsid action 2016-05-06 14:38:04 -03:00
Felipe Zimmerle
5643d2fa28 Warming up to the remote collections support 
Huge refactoring to have the code in shape to later support the
remote collections with different backends.
 2016-05-03 17:39:49 -03:00
Felipe Zimmerle
19137452c4 Updates `secrules-language-tests' reference. 
SpiderLabs/ModSecurity#1098
 2016-04-04 15:22:24 -03:00
Felipe Zimmerle
e5acc95de8 First version of global' and ip' collections 2016-03-30 18:22:00 -03:00
Felipe Zimmerle
e0926fee37 Fix parser error while dealing with operator negation 
This patch closes the issue #960
 2016-03-17 18:06:46 -03:00
Felipe Zimmerle
a102b5ce2c Improves the method fill the ARGS collection 2016-01-15 10:35:24 -03:00
Felipe Zimmerle
2830525f89 Adds missing file: script.lua 2016-01-14 12:07:59 -03:00
Felipe Zimmerle
a225f8b5b7 Fix SecResponseBodyMimeType test case 2016-01-06 17:00:43 -03:00
Felipe Zimmerle
decf04d264 Adds support to SecResponseBodyMimeType 2015-12-24 11:55:24 -03:00
Felipe Zimmerle
913e22a77d Adds initial support to initcol action 2015-12-22 12:10:15 -03:00
Felipe Zimmerle
2a950a435b Fix various minor bugs in the regression test suite 
Now if a test fails it keep testing the others tests from the same
family. The output was also improved.
 2015-12-10 18:36:20 -03:00
ajrpayne
45711b5224 Update issue-960.json with 3rd test. 2015-11-23 10:08:21 -03:00
Felipe Zimmerle
d8361d57c6 Adds a regression test for issue #960 2015-11-20 15:24:09 -03:00
Felipe Zimmerle
18c862a84a Adds the concept of `resources' to the regression test utility 
If a given resource is not available the test is skipped. Useful
to test operators that depends on 3rd party libraries that may
not be available, for instance: GeoIP.
 2015-11-20 13:39:57 -03:00
Felipe Zimmerle
3c45a57130 Fix regression tests structure : using method instead of protocol 2015-11-18 11:14:49 -03:00
Felipe Zimmerle
48704c27a9 Removes some memory leaks 2015-10-30 18:59:08 -03:00
Felipe Zimmerle
2a062b7fe2 Not using pcrecpp on verifycc anymore 2015-10-27 08:55:04 -03:00
Felipe Zimmerle
1716add77b Adds support to replaceNulls transformation 2015-10-23 14:05:42 -03:00
Felipe Zimmerle
9932478705 Adds support to hexDecode transformation 2015-10-23 14:01:12 -03:00
Felipe Zimmerle
0ae09201f5 Adds support to replaceComments transformation 2015-10-23 13:05:08 -03:00
Felipe Zimmerle
7e826633f1 Adds support to the transformation normalisePath and normalisePathWin 2015-10-23 11:23:53 -03:00
Felipe Zimmerle
e3e8bac138 Adds support to URL decode transformation 2015-10-22 17:20:31 -03:00
Felipe Zimmerle
17faef565e Adds support for trim, left and right trim 2015-10-21 14:07:20 -03:00
Felipe Zimmerle
4a5e6b3e57 Fixed bad test cases 2015-10-19 23:05:44 -03:00
Felipe Zimmerle
c1e3eac09d Fix variable exclusion regression test (label only) 2015-10-19 19:38:44 -03:00
Felipe Zimmerle
0087a602f1 Fix phases execution 2015-09-30 18:48:38 -03:00
Felipe Zimmerle
3e067e7409 Core is now ready to deal with SecRulesEngine set to Off 2015-09-17 10:59:56 -03:00
Felipe Zimmerle
11e1a67d58 Fix disruptive action flow while RuleEngine is in DetectionOnly 2015-09-17 10:51:44 -03:00
Felipe Zimmerle
5228b685bf Fix disruptive actions execution 2015-09-16 19:43:31 -03:00
Felipe Zimmerle
081fe235ad Cosmetic: fix variable-REQUEST_BODY.json format 2015-09-16 18:11:43 -03:00
Felipe Zimmerle
a52a3a71ed Fix some regression tests to fit the most recent changes 2015-09-16 15:17:11 -03:00
Felipe Zimmerle
5c3a4b608d Adds support to SecMarker and skipAfter 2015-09-08 10:06:37 -03:00
Felipe Zimmerle
b048794f4e Adds support to unconditional rules 2015-09-04 15:55:53 -03:00
Felipe Zimmerle
010c18f63f Adds support to SecDefaultAction configuration directive 2015-09-04 10:56:04 -03:00
Felipe Zimmerle
f2ed890ea6 Now accept SecRules regardless of the letter case 2015-09-03 11:09:40 -03:00