github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-15 09:02:15 +03:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • c0681b6239 Update README.md Elevations 2024-12-11 19:29:32 +13:00
  • 7b4c3a2c0f Update Dockerfile Elevations 2024-12-11 19:06:59 +13:00
  • 17700eca5b Update README.md Elevations 2024-12-11 17:45:37 +13:00
  • a07d0c7d34 Fix missing libpcre2 dependency on macOS GitHub runner Gabor Berkes 2024-12-10 21:40:09 +00:00
  • 106ed22b6d Fix typo in pcre.m4: corrected PCRE_CFLAGS assignment Gabor Berkes 2024-12-10 10:58:20 +00:00
  • c6433df7b2 Refactor build system to use libpcre2 as the default Gabor Berkes 2024-12-10 10:16:14 +00:00
  • 4fb22466a0 Cleanup: Remove useless/nonfunctional AM_CONDITIONAL macros Gabor Berkes 2024-12-10 07:32:13 +00:00
  • d9101a4fe1 Merge pull request #3306 from airween/v3/time_mon_fix Ervin Hegedus 2024-11-24 16:28:47 +00:00
  • daf550ef5f Fix regex for test Ervin Hegedus 2024-11-24 14:06:50 +01:00
  • db7e4cb67b Align TIME_MON variable's behavior Ervin Hegedus 2024-11-22 10:40:50 +01:00
  • fd4564131f Merge pull request #3307 from gberkes/v3/cppcheck_v2_16_upgrade Ervin Hegedus 2024-11-23 09:28:08 +00:00
  • 530919439b Fix: Add false positive cppcheck-suppress for compatibility with updated cppcheck version Gabor Berkes 2024-11-22 23:36:40 +00:00
  • 41fd21b0fb Merge pull request #3298 from airween/v3/sethostnamefix Ervin Hegedus 2024-11-19 20:49:00 +00:00
  • fa621f81e9 Merge pull request #3284 from marcstern/v2/pr/utf8toUnicodeVsMultibyte Marc Stern 2024-11-12 17:34:05 +01:00
  • d422b36966 Add condition before set hostname; move setRequestHostName() before processConnection() Ervin Hegedus 2024-11-12 16:55:02 +01:00
  • 4a720004dd Merge pull request #3287 from hnakamur/fix_modsecurity-regression-test-secremoterules.txt_url_in_example Ervin Hegedus 2024-11-06 10:20:58 +00:00
  • 42a401892b Fix modsecurity-regression-test-secremoterules.txt URL in example Hiroaki Nakamura 2024-10-24 11:52:59 +09:00
  • 5bec188146 Merge pull request #3291 from hnakamur/add_test_regression_rules Ervin Hegedus 2024-11-05 11:03:04 +00:00
  • 87dbae9bb2 assert(input != NULL); Marc Stern 2024-11-04 13:53:28 +01:00
  • 742f97ccc0 Add regression rules for test Hiroaki Nakamura 2024-11-01 17:53:24 +09:00
  • 907d61ad6d Incorrect utf8toUnicode transformation for 00xx Fix issue and restructure handling Marc Stern 2024-10-22 15:51:55 +02:00
  • 29a86b17df Merge pull request #3283 from eduar-hte/cppcheck2142 Ervin Hegedus 2024-10-22 13:54:52 +02:00
  • aca93f568e Remove no longer needed cppcheck inline suppressions. Eduardo Arias 2024-10-21 16:04:14 -03:00
  • 7ec50eb53f Make GeoLookup::debug function static (and non-member), as suggested by cppcheck. Eduardo Arias 2024-10-21 16:02:27 -03:00
  • 4e68edf0e5 Replace usage of sscanf with strtol to remove cppcheck inline suppression Eduardo Arias 2024-10-21 15:52:14 -03:00
  • cdaf32f521 Remove cppcheck suppression by replacing use of local variable to alias this->m_variables - The name of the local variable would clash with the namespace of the same name, which may have lead cppcheck to think the variable was not used. Eduardo Arias 2024-10-21 15:30:23 -03:00
  • ce9a3167fa Use initialization list to initialize m_service - This is correct because base class is initialized before members are initialized. - Removes cppcheck suppression by addressing reported issue. - Leverage C++11's 'default member initializer' to initialize m_provider & m_demandsPassword and address Sonarcloud issue. Eduardo Arias 2024-10-21 15:28:21 -03:00
  • b0497d9cb9 Avoid this unnecessary copy by using a "const" reference. - Reported by Sonarcloud Eduardo Arias 2024-10-19 13:13:38 -03:00
  • d1e7e7b4f2 Refactor to remove duplicate code in ValidateSchema & ValidateDTD - Reported by Sonarcloud Eduardo Arias 2024-10-19 12:45:50 -03:00
  • 2fb446ab2d Address cppcheck warnings generated after addressing Sonarcloud suggestions - The following two warnings were generated after introducing the change to instantiate the DigestImpl template with the address of mbedtls_md5 or mbedtls_sha1: - warning: src/utils/sha1.h,62,error,danglingTemporaryLifetime,Using pointer that is a temporary. - warning: src/utils/sha1.h,60,style,constVariablePointer,Variable 'ret' can be declared as pointer to const - See https://github.com/owasp-modsecurity/ModSecurity/pull/3231#issuecomment-2312511500 Eduardo Arias 2024-08-28 12:19:58 -03:00
  • bbef22b3b5 Added const reported by cppcheck 2.14 Eduardo Arias 2024-04-28 21:23:43 -03:00
  • d053ec6de6 Add cppcheck suppressions for false positives Eduardo Arias 2024-08-21 08:32:28 -07:00
  • c2b86ddc49 Suppress warnings on seclang-parser.hh warning: seclang-parser.hh,2116,warning,duplInheritedMember,The struct 'basic_symbol < by_kind >' defines member function with name 'clear' also defined in its parent struct 'by_kind'. warning: seclang-parser.hh,2376,warning,duplInheritedMember,The struct 'basic_symbol < by_kind >' defines member function with name 'type_get' also defined in its parent struct 'by_kind'. warning: seclang-parser.hh,2116,warning,duplInheritedMember,The struct 'basic_symbol < by_state >' defines member function with name 'clear' also defined in its parent struct 'by_state'. warning: seclang-parser.hh,2120,style,constVariableReference,Variable 'yysym' can be declared as reference to const Eduardo Arias 2024-04-29 00:37:36 -03:00
  • 7d9c80dede Address cppcheck warnings: uselessOverride (The function '...' overrides a function in a base class but is identical to the overridden function) Eduardo Arias 2024-04-28 23:40:50 -03:00
  • da38f20e19 Added missing override keyword as reported by cppcheck 2.14 Eduardo Arias 2024-04-28 22:25:17 -03:00
  • 1eed8b9288 Ignore cppcheck warnings: normalCheckLevelMaxBranches (Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.) Eduardo Arias 2024-04-28 22:19:43 -03:00
  • 193a0002e4 Updated cppcheck config - Do not scan third-party libraries (others dir) - Use standard C++17 for checks (defaults to C++20) Eduardo Arias 2024-08-20 15:10:19 -07:00
  • e0c58233ad Use latest version of cppcheck (2.14.2) - Run cppcheck on MacOS to use a newer version of cppcheck Eduardo Arias 2024-04-28 17:45:54 -03:00
  • ec506daaef Merge pull request #3280 from eduar-hte/range-checked-at Ervin Hegedus 2024-10-19 11:06:37 +02:00
  • dfcf31a41f Merge pull request #3279 from marcstern/v2/PR/PCRE2_error_msg Ervin Hegedus 2024-10-19 10:47:39 +02:00
  • ecab91a74e Add problematic pattern when DEBUG_CONF is defined Marc Stern 2024-10-17 14:43:03 +02:00
  • 89ff91dae3 Fixed PCRE2 error message Marc Stern 2024-10-17 14:10:56 +02:00
  • 0613ceeb75 Replace usage of range-checked 'at' method when vector/string has already been size checked Eduardo Arias 2024-06-02 20:07:19 +00:00
  • 99ce9779e6 Merge pull request #3253 from eduar-hte/rule-message Ervin Hegedus 2024-10-15 18:13:31 +02:00
  • 75d31a4d1e Simplified lifetime management of tests - Addresses Sonarcloud issues: - Rewrite the code so that you no longer need this "delete". - Make the type of this variable a reference-to-const. Eduardo Arias 2024-09-10 14:32:38 -03:00
  • b7b2d9a40d Minor codebase improvements suggested by Sonarcloud - src/modsecurity.cc - Replace the redundant type with "auto". - src/transaction.cc - Avoid this unnecessary copy by using a "const" reference. - test/common/custom_debug_log.cc - Use "=default" instead of the default implementation of this special member functions. - Removed the unnecessary destructor override instead. - Annotate this function with "override" or "final". - Removed the unnecessary destructor override instead. - Remove this "const" qualifier from the return type in all declarations. - test/common/modsecurity_test_context.h - Replace the redundant type with "auto". - test/regression/regression.cc - Use the "nullptr" literal. - Replace this declaration by a structured binding declaration. - Replace "reinterpret_cast" with a safer operation. Eduardo Arias 2024-09-10 14:47:00 -03:00
  • 4df297b596 Avoid passing RuleMessage by std::shared_ptr and use a reference instead. - Avoids copying std::shared_ptr when lifetime of the RuleMessage is controlled by the caller. - The RuleMessage instance is created in RuleWithActions::evaluate and then used to call the overloaded version of this method that is specialized by subclasses. - Once the call to the overloaded method returns, the std::shared_ptr is destroyed as it's not stored by any of the callers, so it can be replaced with a stack variable and avoid paying the cost of copying the std::shared_ptr (and its control block that is guaranteed to be thread-safe and thus is not a straightforward pointer copy) - Introduced RuleMessage::reset because this is required by RuleWithActions::performLogging when it's not the 'last log', the rule has multimatch and it's to be logged. - The current version is creating allocating another instance of RuleMessage on the heap to copy the Rule & Transaction related state while all the other members in the RuleMessage are set to their default values. - The new version leverages the existent, unused and incomplete function 'clean' (renamed as 'reset') to do this on the current instance. - Notice that the current code preserves the value of m_saveMessage, so 'reset' provides an argument for the caller to control whether this member should be reinitialized. eduar-hte 2024-05-06 01:24:52 +00:00
  • e313ac7de7 Introduce ModSecurityTestContext to encapsulate setup of objects required to execute transactions - Simplifies memory management on error conditions - Context will be used in unit tests too, in order to provide Transaction related instances. eduar-hte 2024-05-07 01:29:16 +00:00
  • d7f2be60ce Merge pull request #3270 from Marcool04/v2/master Marc Stern 2024-10-04 16:30:29 +02:00
  • 4919814a5c make rootpath and incpath consts so apr_filepath_root doesn't cause incompatible pointer type Mark t480 2024-10-04 15:48:12 +02:00
  • 1121ef0bed Merge pull request #3269 from marcstern/v2/pr/apr_mutex_create Ervin Hegedus 2024-10-03 13:44:34 +02:00
  • 36a4194f46 CHANGES Marc Stern 2024-10-03 12:59:48 +02:00
  • 23e3cb491a Fix for #3255 We don't have to generate a temp name ourselves, it'll be done in apr_global_mutex_create(). We don't have to provide a filename, apr_global_mutex_create() generates one automatically. Moreover, under Unix & Windows, the preferred mechanism won't use a file at all. apr_file_mktemp() cannot be used as it creates the file (at least on FreeBSD). Discussion in Apache mailing list: https://lists.apache.org/thread/ykb26kg4lgcqnldvxwd9p6hv16fy4z9l Marc Stern 2024-10-03 12:42:23 +02:00
  • 9666663867 Merge pull request #3267 from airween/v2/modsecdefconf Ervin Hegedus 2024-10-03 09:59:55 +02:00
  • 9a1155ca26 Merge pull request #3254 from eduar-hte/make_shared Ervin Hegedus 2024-10-02 17:23:48 +02:00
  • 63d5d92565 chore: add 'log' action to rule 200005 Ervin Hegedus 2024-10-02 17:11:01 +02:00
  • 090e4d3baa Merge pull request #3257 from marcstern/v2/pr/msr_global_mutex_lock Marc Stern 2024-10-02 17:09:51 +02:00
  • 373ddb8925 Merge pull request #3266 from airween/v3/modsecdefconf Ervin Hegedus 2024-10-02 17:09:31 +02:00
  • 63201ae39f chore: add 'log' action to rule 200005 Ervin Hegedus 2024-10-02 16:33:56 +02:00
  • d6f1ebb4a3 Merge pull request #3265 from rainerjung/v2/move-id_log-to-msc_util Marc Stern 2024-10-02 13:00:00 +02:00
  • 7737594edf Merge pull request #3264 from xuruidong/logo2 Ervin Hegedus 2024-10-02 09:08:58 +02:00
  • 149376377e Move id_log() to msc_util to fix unit tests; it is declared on msc_util.h already Rainer Jung 2024-10-01 13:58:22 +02:00
  • c99d931f3c Initialize filename to NULL Marc Stern 2024-09-30 13:53:31 +02:00
  • 7a1480a506 Merge branch 'v2/pr/msr_global_mutex_lock' of https://github.com/marcstern/ModSecurity into v2/pr/msr_global_mutex_lock Marc Stern 2024-09-30 13:17:04 +02:00
  • b8e8e30730 Fixed parameters/functions names Marc Stern 2024-09-30 13:12:38 +02:00
  • 9238b0ced0 docs: add a logo picture for github dark theme xuruidong 2024-09-29 19:42:58 +08:00
  • 95dc5944d4 Updated log message Marc Stern 2024-09-27 09:27:29 +02:00
  • 339d6df2a5 Updated comment Marc Stern 2024-09-27 09:26:58 +02:00
  • 02ca247283 Merge pull request #3262 from marcstern/v2/pr/time.h Ervin Hegedus 2024-09-25 20:50:30 +02:00
  • 9ba1caa2fa Missing #include <time.h> Marc Stern 2024-09-25 13:57:05 +02:00
  • bd54f01cd3 Added CHANGES Marc Stern 2024-09-20 12:51:03 +02:00
  • b850c74b12 We should have get the warning at lock time, so ignore it at unlock time Marc Stern 2024-09-12 14:07:55 +02:00
  • 449c080e63 Same for global_mutex_unlock Marc Stern 2024-09-12 13:01:44 +02:00
  • b52201010d msr_global_mutex_lock: Handle errors from apr_global_mutex_lock Marc Stern 2024-09-12 12:18:25 +02:00
  • c6c06c4f33 leverage std::make_unique & std::make_shared - Simpler code & more efficient because control block can be allocated with object. Eduardo Arias 2024-05-05 13:06:50 -03:00
  • 9e02b3cf01 Merge pull request #3248 from eduar-hte/simplified-constructors Ervin Hegedus 2024-09-09 16:14:09 +02:00
  • 6ecfee7ab7 Simplify and reduce code duplication in Transaction constructors - Leverage delegating constructor to avoid code duplication between the two available Transaction constructors. - The constructor without 'id' argument delegates to the one that receives it by providing nullptr as a value, which is used to flag that an id needs to be generated. - Simplified constructor by removing member initialization where the default constructor will be invoked. Eduardo Arias 2024-09-03 17:43:48 -03:00
  • 2c613fb77c Simplify initialization of fileName member of Rule instances Eduardo Arias 2024-05-06 01:39:55 -03:00
  • 2ad87f640f Reference RuleWithActions & Transaction object instead of copying values in RuleMessage - Because the lifetime of the RuleMessage instances do not extend beyond the lifetime of the enclosing RuleWithActions & Transaction, RuleMessage can just reference it and simplify its definition. - Additionally, make the references const to show that it doesn't modify it. - Replace RuleMessage copy constructor with default implementations. - Removed unused RuleMessage assignment operator (which cannot be implemented now that it has reference members). - Removed constructor from RuleMessage pointer. - Addressed Sonarcloud suggestions: Do not use the constructor's initializer list for data member "xxx". Use the in-class initializer instead. Eduardo Arias 2024-05-05 15:15:47 -03:00
  • 2ec640fd76 Delete unused copy constructor & assignment operator in Rule, RuleMarker & Action - Declare other unsupported copy constructor & assignment operators as deleted too (RuleWithActions, RuleUnconditional & RuleScript) Eduardo Arias 2024-06-02 02:03:34 +00:00
  • 0e6fc62548 Merge pull request #3250 from airween/v2/literalbuildfix Ervin Hegedus 2024-09-04 10:55:02 +02:00
  • 38e812d197 Add -Werror=format-security CFLAG for all build case Ervin Hegedus 2024-09-03 21:50:22 +02:00
  • cddd9a7eb5 Fix build error if -Werror=format-security is presented Ervin Hegedus 2024-09-03 21:49:43 +02:00
  • 580fe192df Merge pull request #3247 from airween/v3/master v3.0.13 Ervin Hegedus 2024-09-03 15:44:47 +02:00
  • 24dbcfe637 Change release version to v3.0.13 Ervin Hegedus 2024-09-03 15:24:29 +02:00
  • 1a8c96a1cd Merge pull request #3206 from airween/v3/release2408 Ervin Hegedus 2024-09-03 15:20:34 +02:00
  • b5179a110a Merge pull request #3245 from airween/v2/release2409 Ervin Hegedus 2024-09-03 14:49:58 +02:00
  • ad0161118d Change release version to v2.9.8 v2.9.8 Ervin Hegedus 2024-09-03 14:40:55 +02:00
  • bf1a3be793 Merge pull request #3205 from airween/v2/release2408 Ervin Hegedus 2024-09-03 14:37:48 +02:00
  • b489fd3562 Format fix Ervin Hegedus 2024-09-03 07:45:09 +02:00
  • c9fe84ea2c Typo fixes Ervin Hegedus 2024-09-03 07:42:20 +02:00
  • 2ab970be2e Finalize CHANGES Ervin Hegedus 2024-09-02 22:23:19 +02:00
  • 25d73b71c8 Finalize CHANGES Ervin Hegedus 2024-09-02 22:21:08 +02:00
  • 865b75b8fa Merge branch 'owasp-modsecurity:v3/master' into v3/release2408 Ervin Hegedus 2024-08-28 16:37:12 +02:00
  • 542a5ea35c Added PR #3243 Ervin Hegedus 2024-08-28 16:08:23 +02:00
  • f180e647a1 Merge pull request #3243 from eduar-hte/valid-hex-fix Ervin Hegedus 2024-08-28 16:07:44 +02:00
  • a4604b66f7 Added new tests to op @pm Ervin Hegedus 2024-08-28 15:17:38 +02:00
  • 27cc8edbfe Adjust reference to modsecurity::utils::string::VALID_HEX - This function (previously a #define) was previously in the global namespace and was moved into modsecurity::utils::string in commit a6d64bf. Eduardo Arias 2024-08-28 10:13:12 -03:00
  • 358618951a Added PR #3240 Ervin Hegedus 2024-08-28 14:37:56 +02:00
  • 9403cf6f5d Merge pull request #3240 from frozenice/patch-1 Ervin Hegedus 2024-08-28 14:36:36 +02:00