github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-09 17:54:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 3860a702ab Added support for unit testing operators. Only verifyCC tests written. brectanus 2007-12-20 01:40:29 +00:00
  • 3a8e0a4dfd Some more reorg of tests. brectanus 2007-12-19 23:43:51 +00:00
  • a04e03b2c7 Some reorg of tests. brectanus 2007-12-19 23:41:49 +00:00
  • 61e4623bae Move around some code to make unit tests easier to build. brectanus 2007-12-19 20:44:56 +00:00
  • 2103fb560b Rename msc-test to msc_test. brectanus 2007-12-19 20:40:33 +00:00
  • 4e7c243c39 Make libxml2 *required*. brectanus 2007-12-19 18:13:41 +00:00
  • 6974a1c781 Fixed l_log to prevent percentage characters from Lua interfering with formatting. ivanr 2007-12-19 17:47:08 +00:00
  • a0198a9e6c Polish up docs for md5/sha1. brectanus 2007-12-19 17:20:23 +00:00
  • f3fae3155d Adjust Lua debugging levels to 8, to avoid logging at level 9 from skewing the results. ivanr 2007-12-19 17:13:02 +00:00
  • 80aa065d23 Document the Lua functionality added so far. ivanr 2007-12-19 17:07:24 +00:00
  • e834a860dd Avoid double close of DBM on error. brectanus 2007-12-19 16:43:27 +00:00
  • a96cbc0f69 Merge in Lua to test framework. brectanus 2007-12-19 16:11:42 +00:00
  • e357bb55af Add quoting to unparsed rule generation. ivanr 2007-12-19 16:11:32 +00:00
  • cdcb3bdb14 Lua: Added support for retrieving parametarised parameters (e.g. ARGS:p). ivanr 2007-12-19 15:46:45 +00:00
  • 4414cb8527 Lua: Support retrieval of individual variables from scripts. ivanr 2007-12-19 14:35:20 +00:00
  • aef5a460b6 Fix Lua support. Enable logging from Lua scripts (using m.log()). ivanr 2007-12-19 12:50:21 +00:00
  • e0c444953c Update Makefile to compile with Lua support ivanr 2007-12-19 11:26:55 +00:00
  • afd3cbf14f Implemented SecRuleScript LUA_SCRIPT [ACTIONS]. ivanr 2007-12-19 11:22:52 +00:00
  • 6f6934e9d3 Code polish. ivanr 2007-12-19 09:22:58 +00:00
  • d2dee97a31 Fix jsDecode \xHH to verify HH is there and valid hex. See #439. brectanus 2007-12-19 00:31:08 +00:00
  • 5da9a05d1c Remove the callback from the verifyCC regex (not used anymore). brectanus 2007-12-19 00:26:19 +00:00
  • 499c3f3167 Add initial unit testing framework. See #438. brectanus 2007-12-19 00:09:30 +00:00
  • 2657154eaa Update docs for t:md5 and t:sha1 to note that they are in binary form and should be hex encoded to be human readable. brectanus 2007-12-18 22:50:01 +00:00
  • 2f447fcd72 Use use new msr->rule_was_intercepted flag. See #425. brectanus 2007-12-17 19:58:35 +00:00
  • 8360aacc22 Use use new msr->rule_was_intercepted flag. See #425. brectanus 2007-12-17 19:58:35 +00:00
  • a99357ad5b Add ability to use <IfDefine MODSEC_2.5>. See #436. brectanus 2007-12-17 19:06:08 +00:00
  • a703c9c626 Minor allow bug fix. ivanr 2007-12-17 15:11:18 +00:00
  • dc081c5df1 Removed some code that implemented SecRequestEncoding. Left the directive in, as well as the structure member as they are harmless. ivanr 2007-12-17 15:09:59 +00:00
  • b9a28882b2 Enhanced allow. ivanr 2007-12-17 11:22:47 +00:00
  • 9b0ce5ae67 Move an extraneous debug log line from level 4 to level 9. brectanus 2007-12-17 05:43:49 +00:00
  • 8a1687bf36 Make phase 5 more strict and catch an inherited disruptive action. See #429. brectanus 2007-12-17 05:13:49 +00:00
  • d6f492064a Allow all phase 5 rules to run. See %425. brectanus 2007-12-15 00:58:13 +00:00
  • 5bd9e0640f Add CHANGES entry. See #425. brectanus 2007-12-15 00:57:21 +00:00
  • d06aec8361 Backport fixes for #66 to 2.1.x. See #431. brectanus 2007-12-15 00:51:19 +00:00
  • 021191368f Backport octal ansi escape fix for #423. See $435. brectanus 2007-12-15 00:50:11 +00:00
  • 32100608e5 Handle actionset being NULL. See #66 and #429. brectanus 2007-12-15 00:42:39 +00:00
  • 05c8ccd07e Moved modsecurity_crs_55_marketing.conf. brectanus 2007-12-14 23:31:33 +00:00
  • d6beae556b Should have moved this not added. brectanus 2007-12-14 23:30:27 +00:00
  • f12cc94f90 Update props for rules. brectanus 2007-12-14 23:28:29 +00:00
  • 3c4eacf6f1 Update Core Rules to those in 2.1.4. brectanus 2007-12-14 23:23:46 +00:00
  • 4602f7d908 Remove tabs from CHANGES. brectanus 2007-12-14 22:52:29 +00:00
  • 9136d391d3 Forgoten CHANGES entry for last commit. brectanus 2007-12-14 22:50:01 +00:00
  • 476684e6ec Stricter configuration parsing. See #66 and #429. brectanus 2007-12-14 22:45:01 +00:00
  • cd51a10046 Allow all rules to run in phase 5. See #425. brectanus 2007-12-14 22:34:16 +00:00
  • 515290434c Add 2.1.4 changes to trunk CHANGES. brectanus 2007-12-14 20:22:54 +00:00
  • f68f0156c3 Cleanup CHANGES. brectanus 2007-12-14 20:20:18 +00:00
  • 5065852dfe More efficient collection persistance and deletion on retrieval. See #345 and #426. brectanus 2007-12-14 19:53:23 +00:00
  • 4c11791a94 Escape cache value in log. brectanus 2007-12-14 00:42:04 +00:00
  • aa68fff104 Fixed decoding \9 with t:escapeSeqDecode. See #423. brectanus 2007-12-14 00:30:25 +00:00
  • 8aa31fd099 Change jsDecodeuni to jsDecode which also decodes all the other JS escapes. See #193. brectanus 2007-12-14 00:19:46 +00:00
  • b0de659133 Added t:jsDecodeUni handling unicode similar to t:urlDecodeUni. See #193. brectanus 2007-12-13 00:58:02 +00:00
  • cbf79d43ba Update version to ready for 2.5.0-rc1. brectanus 2007-12-12 23:08:14 +00:00
  • 54cac6461b Add IS_NEW and IS_EXPIRED collection variables. See #345. brectanus 2007-12-12 22:52:08 +00:00
  • 2203428507 Prefer "offset" to "pos". brectanus 2007-12-12 18:43:40 +00:00
  • e7e9756966 Add var name to validateUtf8Encoding message. See #408. brectanus 2007-12-12 18:40:35 +00:00
  • 3c1d5a0210 More efficient multimatch support and cleaned up debugging and messages. See #69. brectanus 2007-12-12 17:56:25 +00:00
  • 2dff0fb9f5 Speed up luhn algorithm and add multimatching capabilities to verifyCC. See #69. brectanus 2007-12-12 01:30:58 +00:00
  • 423fd0eea2 Update skipAfter docs to mention markers. See #416. brectanus 2007-12-11 18:03:37 +00:00
  • 715a8eae58 Implement SecMarker. See #416. brectanus 2007-12-11 17:53:50 +00:00
  • 37f5231ccd Minor code fixes. ivanr 2007-12-03 21:13:37 +00:00
  • bbcf1d08fc Added an APR-Util variant of character encoding conversion. ivanr 2007-12-03 14:46:00 +00:00
  • c25071b832 Initial experimental implementation of SecRequestEncoding. See #390 for more details. ivanr 2007-12-03 14:04:53 +00:00
  • 22873995f7 Rename placeholder type from RULE_PH_TARGET to RULE_PH_SKIPAFTER. brectanus 2007-12-02 16:26:05 +00:00
  • 2bf4556cd0 Checkin fix to rule removal code to avoid placeholders. brectanus 2007-12-02 15:35:09 +00:00
  • 9e9bb318b3 Rewrite the luhn algorithm to be faster and easier to read. See #69. brectanus 2007-12-01 00:42:28 +00:00
  • 13e209909f Add in verifyCC operator from mod_security2_op_verifyCC.c. See #69. This still needs to be fixed. brectanus 2007-11-30 23:26:06 +00:00
  • a6c2d867f4 Improvements to audit logging matching rules. See #93. brectanus 2007-11-30 21:31:12 +00:00
  • dcdce0cbc5 Added matching rules to audit log data. See #93. brectanus 2007-11-30 00:52:21 +00:00
  • 85053718d9 Cleanup log output for skipAfter. See #258. brectanus 2007-11-29 23:14:02 +00:00
  • ff12e6f1c0 Remove comment that is not needed. ivanr 2007-11-29 18:10:54 +00:00
  • 526bcc0b5a More informative change log message for fixing utf-8 validation. ivanr 2007-11-29 14:50:54 +00:00
  • c5c759d6f0 Forgot to update CHANGES. ivanr 2007-11-29 14:03:05 +00:00
  • d3a0a2887a Fix utf-8 validation (again\!\!\!). ivanr 2007-11-29 13:30:39 +00:00
  • 575e86388a Implemented SecRequestBodyNoFilesLimit (#103). ivanr 2007-11-29 11:41:48 +00:00
  • fd5e4fb32c Fix bugs introduced by the recent change to audit logging. ivanr 2007-11-29 11:09:38 +00:00
  • ab6a81fe7a Remove unused reqbody_status from modsec_rec. ivanr 2007-11-29 10:46:12 +00:00
  • 1cfc906fac Fixed apr_size_t formatting warnings by using portable %APR_SIZE_T_FMT instead of %lu. brectanus 2007-11-28 01:09:15 +00:00
  • 8cec4dd251 Some more debugging and fixes for skipAfter. See #258. brectanus 2007-11-28 01:04:26 +00:00
  • ded7e3d5da Tag 2.1.4. v2.1.4 brectanus 2007-11-27 21:05:27 +00:00
  • 7866e76277 More installation doc cleanups. brectanus 2007-11-27 20:36:22 +00:00
  • f2b238a608 Cleanup doc install section a bit. brectanus 2007-11-27 20:15:26 +00:00
  • 8c57a46351 Update SVN eol properties to 'native'. brectanus 2007-11-27 18:37:37 +00:00
  • 03248504e9 Remove DOS line endings and replace tabs with spaces. brectanus 2007-11-27 18:26:30 +00:00
  • 8e86cefdfd Update core rules to version 1.5. brectanus 2007-11-27 18:12:46 +00:00
  • 4a08d7e6bf Handle out-of-disk-space conditions gracefully when writing to audit log. ivanr 2007-11-27 10:52:14 +00:00
  • 800cfc2cc2 Added missing #else block for printf attributes. brectanus 2007-11-27 00:17:50 +00:00
  • e47fdeb420 Changed %p formatter to APRs %pp (wish that was documented). Marked msr_log() as a printf style function so GNU compiler can check formatting types. Fixed a few other warnings with msr_log() formatters. brectanus 2007-11-26 22:53:51 +00:00
  • 9447ae67b8 Added placeholder support for skipAfter so that it works with removed rules. See #258. brectanus 2007-11-26 22:27:15 +00:00
  • 1860e2a35e Renamed SecGeoLookupsDb to SecGeoLookupDB. brectanus 2007-11-26 17:04:42 +00:00
  • 6ca5b831fb Document SecComponentSignature. Update CHANGES. ivanr 2007-11-26 16:22:33 +00:00
  • b163864ba7 Implemented SecComponentSignature. ivanr 2007-11-26 16:05:56 +00:00
  • e467d3cac0 Unified messages in the error log and in the audit log. ivanr 2007-11-26 15:39:37 +00:00
  • f0be2ff6b0 Added warning message when XML request body parser fails. ivanr 2007-11-26 15:05:48 +00:00
  • e8b4549b4a Fix quotes in an example. brectanus 2007-11-19 17:19:13 +00:00
  • 2cefbda2e3 Fix quotes in an example. brectanus 2007-11-19 17:19:13 +00:00
  • 40c5b2004f Remove extraneous 'void *' cast. brectanus 2007-11-15 19:11:59 +00:00
  • aff6900539 Initial full pass through code to fix issues with 64-bit/mismatch sign/mismatch size printf style formatters. Still need to look more into how we are handling time and convert to apr_time_t (or time_t) where appropriate. Still need to look into our use of 'long' as windows is LLP64 where 'long' is still 32-bit. brectanus 2007-11-15 19:09:14 +00:00
  • df387bd22b Tag 2.1.4-rc4. v2.1.4-rc4 brectanus 2007-11-09 19:30:52 +00:00
  • fda760ecb7 Update versions and CHANGES for 2.1.4-rc4. brectanus 2007-11-09 19:30:21 +00:00
  • b9defc0adb Warn in the debug log when request body processing fails. ivanr 2007-11-08 18:20:24 +00:00