github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-03 07:04:53 +03:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 25e5543c7f Allow empty arrays in JSON parser Felipe Zimmerle 2018-11-23 22:33:01 -03:00
  • 7af8363fd4 Less strict multipart parsing Allan Boll 2017-06-16 17:42:24 -07:00
  • cbf2fe9703 Adjust boundary test cases for the less strict parsing Victor Hora 2018-11-14 16:06:43 -05:00
  • b638e523af Make the boundary check less strict as per RFC2046 Victor Hora 2018-11-14 15:25:27 -05:00
  • ecad8c6c7e Fix buffer size for utf8toUnicode transformation Victor Hora 2018-11-13 20:14:18 -05:00
  • b600669d02 Fix buffer size for utf8toUnicode transformation Victor Hora 2018-11-13 20:03:41 -05:00
  • 454669ffed CHANGES: Preparing to 3.0.4 email@example.com 2018-11-13 09:29:44 -03:00
  • d8c711257b CHANGES: Adds info about: #1714 Victor Hora 2018-11-12 19:54:18 -05:00
  • 1adea9f1e8 Merge pull request #1714 from p0pr0ck5/sanitize-json Victor Hora 2018-11-12 19:45:38 -05:00
  • a21f97066b Fix modsecurity.conf for IIS update CHANGES file Victor Hora 2018-11-12 15:54:36 -05:00
  • f35075b2a7 IIS: Update Wix installer to bundle a supported CRS version (3.0) Victor Hora 2018-11-12 15:45:47 -05:00
  • 63cbd91723 IIS: Update dependencies for Windows build Victor Hora 2018-11-11 15:33:29 -05:00
  • b7e82aae0e CHANGES: Adds info about: #788 and #1299 Victor Hora 2018-11-09 18:10:59 -05:00
  • 45337265f1 Set SecStreamInBodyInspection by default on IIS builds (#1299) Victor Hora 2018-11-09 18:06:56 -05:00
  • 22322ce355 Update modsecurity.conf file for IIS build Victor Hora 2018-11-09 17:57:31 -05:00
  • 9be0a407eb Add sanity check for a couple malloc() and make code more resilient Victor Hora 2018-11-04 22:04:34 -05:00
  • b3fa87dc7c Fix NetBSD build by renaming the hmac function to avoid conflicts Victor Hora 2018-11-04 21:20:10 -05:00
  • 96e21b0f3e CHANGES: Adds info about: #1612 Victor Hora 2018-11-04 13:06:37 -05:00
  • e97799c9bc Windows build, fixed duplicate YAJL dir in script Allan Boll 2017-11-03 16:04:00 -07:00
  • 1843b79adb IIS: Make failed MSI installer messages more helpful Victor Hora 2018-11-02 19:01:36 -04:00
  • 4e6e4243a8 Change release version to v3.0.3 v3.0.3 Felipe Zimmerle 2018-11-01 21:08:58 -03:00
  • e4d6d61cf4 Adds Victor to the AUTHORS file Felipe Zimmerle 2018-11-01 22:19:16 -03:00
  • 6cbcdd024f Fix libInjection version on configure summary Felipe Zimmerle 2018-11-01 22:15:23 -03:00
  • 9ada0a28c8 Changes the default configuration to mimic v2 behavior on multipart Felipe Zimmerle 2018-11-01 18:00:12 -03:00
  • 31c8d4c520 CHANGES: Adds info about #1943 Felipe Zimmerle 2018-11-01 16:00:25 -03:00
  • 9d80983e55 Fix on top of #1943 + adding test cases Felipe Zimmerle 2018-11-01 15:57:11 -03:00
  • 39f4a5d7d2 Fix double macros bug supplient 2018-10-26 10:09:29 +08:00
  • 18cdffdbca Encapsulates int[N] in a class to avoid compilation issues Felipe Zimmerle 2018-11-01 10:21:41 -03:00
  • e3b9f7c913 Fix SecUnicodeMapFile support Victor Hora 2018-10-30 18:11:01 -04:00
  • 84ece3edcb Add test case for SecUnicodeMap Victor Hora 2018-10-29 15:47:58 -04:00
  • 065c2e67b6 Adds test case for #1850 Felipe Zimmerle 2018-10-30 18:22:52 -03:00
  • e1e8a01ed2 Override the default status code if not suitable to redirect action Felipe Zimmerle 2018-10-30 18:18:05 -03:00
  • bfe917b6b1 parser: Fix the support for CRLF configuration files Felipe Zimmerle 2018-10-30 16:40:43 -03:00
  • 3f0ea90970 Test case skeleton for #1941 Felipe Zimmerle 2018-10-27 01:29:03 -03:00
  • 662fe63a47 Add unicode.mapping file to v3/master branch Victor Hora 2018-10-26 03:01:03 -04:00
  • b05901e8ae Changes the regression test client to read the interception msg Felipe Zimmerle 2018-10-25 21:51:23 -03:00
  • 1e5df5312b CHANGES: Adds info on 0xb7c36 and 0x5ac20 Felipe Zimmerle 2018-10-25 18:07:29 -03:00
  • 91daeee9f6 Only calling server log if the message is not disruptive Felipe Zimmerle 2018-10-25 18:04:27 -03:00
  • 448897d297 Marking message as disruptive before generate log msg Felipe Zimmerle 2018-10-25 18:02:41 -03:00
  • 973c1f1028 Fix rule line number Felipe Zimmerle 2018-10-24 20:51:22 -03:00
  • fa5f3784f2 Using shared_ptr instead of unique_ptr on rules exceptions Felipe Zimmerle 2018-10-19 23:26:18 -03:00
  • e63344c3dc CHANGES: Adds info on 0xb2840 and 0x3094d Felipe Zimmerle 2018-10-19 16:57:55 -03:00
  • ef7f65db90 Changes debuglogs schema to avoid unecessary str allocation Felipe Zimmerle 2018-10-19 16:56:33 -03:00
  • 23e0d35d2d Fix the SecUnicodeMapFile and SecUnicodeCodePage Felipe Zimmerle 2018-10-19 11:00:50 -03:00
  • 3d83ed257f CHANGES: Adds info on 0xca270 Felipe Zimmerle 2018-10-17 22:48:55 -03:00
  • 69cd61439d Changes the timing to save the rule message Felipe Zimmerle 2018-10-17 22:46:48 -03:00
  • 8088d6af71 Fix crash in msc_rules_add_file() when using disruptive action in child rule inside of chain Victor Hora 2018-10-17 14:22:44 -04:00
  • 466a427ab4 CHANGES: Adds info on #1897 Felipe Zimmerle 2018-10-16 12:26:58 -03:00
  • ec1112c648 Fix memory leak in AuditLog::init() Wenfeng Liu 2018-09-12 03:50:33 +00:00
  • 8c549c65c4 CHANGES: Adds info on #1901 Felipe Zimmerle 2018-10-15 16:57:26 -03:00
  • b12a8f5c6f Fix RulesProperties::appendRules() Steven 2018-09-15 16:32:20 -04:00
  • f1da6dd29b CHANGES: Adds info on 0x3077c Felipe Zimmerle 2018-10-15 16:55:14 -03:00
  • 8bda7c0a45 Fix RULE lookup in chained rules. Felipe Zimmerle 2018-10-15 16:42:36 -03:00
  • 120108fd33 Adds support for /32 in @ipMatch cidr notation. Felipe Zimmerle 2018-10-15 09:58:19 -03:00
  • a5a40a71a9 Makes matchedvars inline Felipe Zimmerle 2018-10-10 23:49:26 -03:00
  • b58018e778 Fix multimatch behavior to match what we have on v2 Felipe Zimmerle 2018-10-10 18:01:48 -03:00
  • a47738ab04 CHANGES: Adds info about: 0x14316 Felipe Zimmerle 2018-10-09 22:06:41 -03:00
  • dba73f5367 Using values after transformation at MATCHED_VARS Felipe Zimmerle 2018-10-09 22:04:20 -03:00
  • 7c50fa7c00 Small fix on @detectXSS test case Felipe Zimmerle 2018-10-04 15:02:38 -03:00
  • 85ecd190d9 Adds full support to UpdateActionById. Felipe Zimmerle 2018-10-04 01:06:28 -03:00
  • 3e8e28da48 Refactoring on the RULE variable Felipe Zimmerle 2018-09-28 22:38:40 -03:00
  • 554251bade Refactoring on the Rule class Felipe Zimmerle 2018-09-28 10:28:02 -03:00
  • 74841779f8 Adds partial support to UpdateActionById Felipe Zimmerle 2018-09-26 15:57:02 -03:00
  • 49495f1925 CHANGES: Adds info about: #1917 Victor Hora 2018-10-19 19:50:05 -04:00
  • a55a9481b3 IIS: Remove body prebuffering again. Unneeded due to no lock on modsecProcessRequest. Allan Boll 2018-09-26 17:23:17 -07:00
  • f93709b66c Update issue templates Felipe Zimmerle 2018-10-17 09:21:02 -03:00
  • 68398a51f3 CHANGES: adds info on #1922 Victor Hora 2018-10-13 19:27:08 -04:00
  • 004047ef6c Add correct C function prototypes for msc_init and msc_create_rule_set Steven 2018-10-10 14:55:46 -04:00
  • 1a28de9cef CHANGES: Adds info about: #712 Victor Hora 2018-10-12 21:27:50 -04:00
  • a3dc602128 ju5t patch to fix mpm-itk mod_ruid2 compatibility Victor Hora 2018-09-22 18:33:12 -04:00
  • c1925a4677 CHANGES: adds info on #1909 and #1185 Victor Hora 2018-10-12 17:36:28 -04:00
  • 20ef01d75c Allow LuaJIT 2.1 to be used Victor Hora 2018-10-12 17:31:09 -04:00
  • 28f6f2201f Match m_id JSON log with RuleMessage and v2 format Victor Hora 2018-10-12 13:10:11 -04:00
  • 5ed5377432 Using VariableValue instead of Variable v3/twaf/3.0.2+315f98b Felipe Zimmerle 2018-10-11 10:01:32 -03:00
  • 2d87fc5184 highlight: Fix JSON structure Felipe Zimmerle 2018-10-11 10:01:28 -03:00
  • 7fb937eabe Fix on the m_buf generation: avoid padding before request body Felipe Zimmerle 2018-10-11 10:01:22 -03:00
  • 628c7d1697 Adds request_headers_names.conf to reading_logs_via_rule_message example Felipe Zimmerle 2018-10-11 10:01:18 -03:00
  • 665b54f5c4 Having a better error handler for the highlight feature Felipe Zimmerle 2018-10-11 10:01:13 -03:00
  • a586809db5 Changes the line terminator to fixed value: \n Felipe Zimmerle 2018-10-11 10:01:09 -03:00
  • 2ddb8eb512 Adjusts the line terminator in the RuleMessage::m_buf variable Felipe Zimmerle 2018-10-11 10:01:04 -03:00
  • e83f66ee49 Adds support to m_highlightJSON in RuleMessage class Felipe Zimmerle 2018-10-11 10:00:59 -03:00
  • eec95cfe17 First version of the inline highlight calculation Felipe Zimmerle 2018-10-11 10:00:54 -03:00
  • aa8fb3434f Makes matchedvars inline Felipe Zimmerle 2018-10-10 23:49:26 -03:00
  • 918f0bb82c Merge branch 'v2/dev/itk-ruid' of https://github.com/victorhora/ModSecurity into v2/dev/itk-ruid-test v2/dev/itk-ruid-test Victor Hora 2018-10-10 17:23:08 -04:00
  • 4b40e6a7e1 Fixing XML testcases v2/dev/fix-pcre-study-leak-610 Victor Hora 2018-10-10 17:04:59 -04:00
  • 0961760c71 Fix multimatch behavior to match what we have on v2 Felipe Zimmerle 2018-10-10 18:01:48 -03:00
  • b960fea4dc Experimenting with testcases Victor Hora 2018-10-10 00:51:28 -04:00
  • 11ebd17b9d CHANGES: Adds info about: 0x70e32 Felipe Zimmerle 2018-10-09 22:06:41 -03:00
  • 8c6a2ee11a Using values after transformation at MATCHED_VARS Felipe Zimmerle 2018-10-09 22:04:20 -03:00
  • 2d7f1d6418 Negligible change to force triggering v2 buildbots Victor Hora 2018-10-09 14:46:36 -04:00
  • 0af0d3bb97 Small fix on @detectXSS test case Felipe Zimmerle 2018-10-04 15:02:38 -03:00
  • 3691186b75 Adds full support to UpdateActionById. Felipe Zimmerle 2018-10-04 01:06:28 -03:00
  • df7335b35a Use pcre_free_study() while freeing if using PCRE_study Victor Hora 2018-10-03 23:39:53 -04:00
  • 15e717afe7 Merge branch 'v2/yajlpathfix-cherry' of https://github.com/Microsoft/ModSecurity into v2/dev/test-yajlpathfix Victor Hora 2018-10-01 14:24:47 -04:00
  • 3e9ca37480 Refactoring on the RULE variable Felipe Zimmerle 2018-09-28 22:38:40 -03:00
  • 7110f97941 Refactoring on the Rule class Felipe Zimmerle 2018-09-28 10:28:02 -03:00
  • 5cf477ad48 Adds partial support to UpdateActionById Felipe Zimmerle 2018-09-26 15:57:02 -03:00
  • bc3d3f1915 Adds support to setenv action Felipe Zimmerle 2018-09-25 10:18:43 -03:00
  • 4dd2812757 Adds new transaction constructor that accepts the transaction id as parameter. Felipe Zimmerle 2018-09-24 21:36:06 -03:00
  • c721e101c0 Adds request IDs and URIs to the debug log Felipe Zimmerle 2018-09-24 21:07:11 -03:00