github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,226 Commits 55 Branches 109 Tags
Commit Graph

1089 Commits

Author SHA1 Message Date
=
228218ae6e Fix the mismatch between comments and code in the msc_transaction_cleanup function 2022-08-20 08:28:04 +08:00
Martin Vierula
b41139acd6
Fix: MULTIPART_INVALID_PART connected to wrong internal variable 2022-08-17 16:15:06 -07:00
Martin Vierula
c3b7a7f4f0
Change some args from pass-by-value (satisfies cppcheck) 2022-06-15 07:20:28 -07:00
Danila Vershinin
204908cf50 Prevent segfault for #2755 
Make transactions no-op if the file handle is invalid
 2022-06-09 18:10:26 +03:00
Martin Vierula
14c94e2eb2
Restore Unique_id to include random portion after timestamp 2022-06-03 10:32:53 -07:00
Martin Vierula
0362af4db4
Move PCRE2 match block from member variable 2022-05-20 06:58:31 -07:00
martinhsv
844e1bf6eb
Merge pull request #2727 from liudongmiao/patch-1 
fix memory leak when concurrent log includes REMOTE_USER
 2022-05-05 18:24:02 -04:00
martinhsv
83c302e6ab
Merge pull request #2688 from ziollek/lmdb_single_env 
LMDB - fix integration, restoring ability of use lmdb with nginx-modsecurity
 2022-04-29 13:08:39 -04:00
tomasz.ziolkowski
82326ffe2b shift lmdb initialization to provider constructor which is called only once 2022-04-29 08:06:23 +02:00
tomasz.ziolkowski
00483e4009 swtich singleton to thread safe version 2022-04-28 10:58:27 +02:00
Martin Vierula
606f5721c2
Change some parms to const reference (satisfies cppcheck) 2022-04-27 08:57:09 -07:00
Martin Vierula
f7f8a9827f
Fix initcol error message wording 2022-04-26 16:40:03 -07:00
Martin Vierula
6e56950cdf
Tolerate other parameters after boundary in multipart C-T 2022-04-26 11:17:46 -07:00
Liu DongMiao
6b7f2b0d63
fix memory in transaction.cc when log REMOTE_USER 2022-04-24 17:06:30 +08:00
Martin Vierula
1aa7616c18
Add DebugLog message for bad pattern in rx operator 2022-04-21 11:16:01 -07:00
Martin Vierula
f84614fe06 Support PCRE2 2022-04-13 10:44:56 -07:00
tomasz.ziolkowski
3b50b2634b remove destructor, close environment only once 2022-03-08 12:27:08 +01:00
tomasz.ziolkowski
1fa95ec2e8 set initialized flag, remove unnecessary semicolon 2022-03-08 11:21:43 +01:00
tomasz.ziolkowski
46f40899e7 Fix parallel lmdb readonly transactions 2022-03-06 15:19:59 +01:00
Martin Vierula
4c526fc218
Support SecRequestBodyNoFilesLimit 2022-02-15 14:53:34 -08:00
Martin Vierula
5106307cc6
Change one parm from pass-by-value to reference-to-const 2022-02-09 13:02:06 -08:00
martinhsv
d0813fec45
Merge pull request #2602 from LMDB/issue2601 
Fix #2601 misuses of LMDB API
 2022-02-09 10:46:15 -05:00
martinhsv
b89c737ad3
Merge pull request #2677 from gleydsonsoares/loadFromUri_zap_duplicate_words 
tweak loadFromUri: zap duplicate words in comment
 2022-01-26 20:13:50 -05:00
martinhsv
2cde1933a7
Merge pull request #2680 from SpiderLabs/v3/dev/issue_2606_a 
Add ctl:auditengine action support
 2022-01-26 15:53:53 -05:00
Martin Vierula
2d51efae49 Add ctl:auditengine action support 2022-01-20 14:04:30 -08:00
Gleydson Soares
b052adf0b8 tweak loadFromUri: zap duplicate words in comment 2022-01-20 10:47:21 -03:00
Martin Vierula
3ee6e108d6
Fix multiMatch msg, etc, population in audit log 2022-01-14 09:25:07 -08:00
Martin Vierula
cb80837e6a
Remove old commented-out re: audit log, relevant 2022-01-08 09:08:25 -08:00
martinhsv
2de14cb000
Merge pull request #2635 from Mesar-Ali/patch-1 
Adjust confusing variable name in setRequestBody method
 2021-12-30 11:29:37 -05:00
Mesar ali
f82b98c04d
Confusing variable name in setRequestBody method 2021-12-30 08:55:51 +05:30
Martin Vierula
f34b49f666
Multipart names may include single quote if double-quote enclosed 2021-12-23 08:02:43 -08:00
Martin Vierula
19d50f4da4
Add a const to satisfy cppcheck 2021-12-20 09:41:38 -08:00
Martin Vierula
ac79c1c29b
Support configurable limit on depth of JSON parsing 2021-11-15 18:51:25 -08:00
Mesar ali
5aec781d39
Confusing variable name in setRequestBody method 2021-11-02 12:35:29 +05:30
Howard Chu
a6e1074844 Fix #2601 misuses of LMDB API 
Only open DBI once, doesn't need closing.
Never reuse a txn handle after commit.
Use MDB_RDONLY for txns that aren't doing any writes
 2021-08-09 14:28:54 +01:00
martinhsv
cd5fba8974 Handle URI received with uri-fragment 2021-07-05 14:51:21 -03:00
martinhsv
65e7e474b1
fix missing parentheses in filename* parsing 2021-05-11 13:46:50 -07:00
Felipe Zimmerle
7fccb0d225 Cosmetic: pleasing cppcheck 2021-05-11 10:27:58 -03:00
Felipe Zimmerle
6fdba42c02 Cosmetics: Having cppcheck pleased 
(...) remove_comments.cc,62,style,knownConditionTrueFalse,Condition 'incomment==0' is always true
(...) remove_comments.cc,66,style,knownConditionTrueFalse,Condition 'incomment==0' is always true
(...) remove_comments.cc,69,style,knownConditionTrueFalse,Condition 'incomment==0' is always true
 2021-05-10 12:32:09 -03:00
Felipe Zimmerle
66ba7b065a Cosmetic: fix static warning 2021-05-04 21:04:21 -03:00
Felipe Zimmerle
4cdcc15334
Revert "Adds suppor for HyperScan in the bulid system" 
This reverts commit 912704b6d4e45aa601b87c5a4cf4b6061d1bbccb.
 2021-02-26 11:33:12 -03:00
Felipe Zimmerle
912704b6d4
Adds suppor for HyperScan in the bulid system 2021-02-26 11:15:02 -03:00
Felipe Zimmerle
2e69ce6ccf
build: Fix curl include path 
Issue #2519
 2021-02-24 13:20:24 -03:00
Felipe Zimmerle
50fc347ed4
Fix rules dump 
The unique pointer for file name was being used multiple times
on SecMarker.
 2021-02-04 11:07:22 -03:00
martinhsv
6ca028b6f5
Fix memory leak in rx operator when pattern includes macro 2021-01-25 19:39:10 -03:00
martinhsv
fbea73120c
Fix: FILES variable does not use multipart part name for key 2021-01-24 15:06:30 -03:00
Felipe Zimmerle
f1f2527c03
Using setenv instead of putenv on SetEnv action 2021-01-24 14:59:59 -03:00
Felipe Zimmerle
e8bd2151f2
Having _NAMES, variables proxied 
Some variables share content with others; that is the case
for ARGS and ARGS_NAMES. Those are different in value, as
ARGS_NAMES holds the key name as value.

Instead of duplicating the strings for the different
collections, this patch unifies the collection in radix,
avoiding memory fragmentation. It is currently doing some
fragmentation while resolving the variable, but to be
mitigated by shared_ptr is VariableValues, a different
change.

TODO: place others variables such as COOKIE*NAMES to use
the same proxy.
 2021-01-24 11:30:22 -03:00
Felipe Zimmerle
3748d62f19
Changes copyright dates on the code 2021-01-19 09:24:37 -03:00
Felipe Zimmerle
9b40a045bb
Cosmetics: fix some cppcheck complains to please QA 2021-01-13 13:30:04 -03:00