github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-15 17:12:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 59254fe3bd Simplifiy configuration to build libModSecurity with std C++17 - Leveraged autoconf again to check whether the C++ compiler supports the required standard version and build using it. - Replaced the outdaded ax_cxx_compile_stdcxx_11.m4 macro with the latest version of ax_cxx_compile_stdcxx which supports C++17. - https://www.gnu.org/software/autoconf-archive/ax_cxx_compile_stdcxx.html - https://raw.githubusercontent.com/autoconf-archive/autoconf-archive/e4e5269db2764b9f53d759c24750ac6ca38e02ea/m4/ax_cxx_compile_stdcxx.m4 - This should also streamline updating to C++20 in the future. Eduardo Arias 2024-05-24 10:08:53 -03:00
  • 546ec8fe9a Added PR #3217 Ervin Hegedus 2024-08-08 17:56:14 +02:00
  • a519c65902 Merge pull request #3217 from gberkes/v3/sonarcloud_Replace_this_declaration_by_a_structured_binding_declaration Ervin Hegedus 2024-08-08 17:55:09 +02:00
  • 13cce62b0b Added PR #3212 Ervin Hegedus 2024-08-08 17:52:14 +02:00
  • 1d6e72e8e2 Merge pull request #3212 from eduar-hte/defensive-intervention Ervin Hegedus 2024-08-08 17:45:34 +02:00
  • cf643d6072 Avoid duplicate definition of --enable-assertions=yes configure flag on Unix builds - This configuration flag was introduced in commit d47185d in the context of PR #3207. - Moved to the configure step's 'run' command in order to be shared across configurations. - For the sake of reference, matrix.platform.configure should be used for configuration flags that are needed for a specific platform/architecture (which was the reason it was introduced in commit d9255d8, PR #3144). Eduardo Arias 2024-08-08 08:16:14 -07:00
  • d704af657c Define _FORTIFY_SOURCE=3 & _GLIBCXX_ASSERTIONS that add glibc/libstdc++ assertions. See https://www.gnu.org/software/libc/manual/html_node/Source-Fortification.html & https://gcc.gnu.org/wiki/LibstdcxxDebugMode Marc Stern 2024-08-08 16:16:14 +02:00
  • c50a397a87 Suppress cppcheck false positive unassignedVariable warning. gberkes 2024-08-07 21:05:47 +02:00
  • 35e825d643 Refactor: replaced 3 declarations with 3 structured binding declarations. gberkes 2024-08-07 17:55:30 +02:00
  • 7126574bb2 Merge branch 'v2/pr/errorlog' of https://github.com/marcstern/ModSecurity into v2/pr/errorlog Marc Stern 2024-08-07 17:01:32 +02:00
  • 686a74173f # Send some requests & check log format Marc Stern 2024-08-07 17:01:20 +02:00
  • 5403b3d01c Update CHANGES; added newest PR's Ervin Hegedus 2024-08-07 14:40:56 +02:00
  • e8db92ebb0 Merge pull request #3214 from gberkes/v3/Use_the_init-statement_to_declare_pos_inside_the_if_statement Ervin Hegedus 2024-08-07 14:33:02 +02:00
  • a3ffc5a0d2 Merge pull request #3213 from gberkes/v3/sonar_move_these_3_includes_to_the_top_of_the_file Ervin Hegedus 2024-08-07 14:29:34 +02:00
  • 692710cab7 Replaced 0 by '\0' for char Marc Stern 2024-08-07 13:45:09 +02:00
  • ab78d4af79 Refactor: used the init-statement to declare "pos" inside the if statement. gberkes 2024-08-07 13:05:02 +02:00
  • c46f470d6b Refactor: moved 3 #include directives to the top of the file. gberkes 2024-08-07 10:39:06 +02:00
  • 0feaeacce5 Merge pull request #3211 from eduar-hte/secremoterules-regression Ervin Hegedus 2024-08-07 09:56:08 +02:00
  • 8dd5d5f46b re_operators.c: removed invalid check (done correctly on line 1067) copy_rules(): only one return code => void Marc Stern 2024-08-07 09:42:40 +02:00
  • c802b46b7e Simplify parser error detection in testcase - After the GitHub macOS runner images were upgraded to macOS 14.6 (Sonoma), the test 'Include remote rules - failed download (Abort)' started failing because the error message reported by curl/OS is no longer 'HTTP response code said error'. Eduardo Arias 2024-08-06 14:29:17 -07:00
  • 0b5493d4e7 Minor performance improvements setting up intervention's log - Initialize log temporary value on construction instead of doing default initialization and then calling append. - Leverage std::string_view to replace const std::string& parameters in utils::string::replaceAll to avoid creating a std::string object (and associated allocation and copy) for the string literal%d Eduardo Arias 2024-08-06 06:32:52 -07:00
  • c947f5e40d Do not assume ModSecurityIntervention argument to transaction::intervention has been initialized/cleaned - Keep m_it->disruptive value and use it as return value to guarantee that the value is correct. - If m_it->disruptive is false and the 'it' argument has not been initialized/cleaned, the function may incorrectly return a non-zero value. - When a disruptive intervention is being reported by the function, defensively initialize log & url to NULL if there's no such data to provide to the caller. - If the caller has not initialized/cleaned those fields in the 'it' argument, after returning from transaction::intervention, the user can safely read the log & url fields and in all scenarios they'll have valid values. Eduardo Arias 2024-08-05 11:18:35 -07:00
  • 80dd45703b Update CHANGES - added PR 3210 Ervin Hegedus 2024-08-06 17:37:52 +02:00
  • 68d551c5f9 Merge pull request #3210 from eduar-hte/shared-files-deadlock Ervin Hegedus 2024-08-06 17:35:41 +02:00
  • ff303c761f Add newest changes Ervin Hegedus 2024-08-06 15:43:39 +02:00
  • 630751eee6 Merge pull request #3209 from eduar-hte/cleanup_api Ervin Hegedus 2024-08-06 15:40:48 +02:00
  • 8ec69bedd0 Merge pull request #3208 from eduar-hte/macos-apple-silicon Ervin Hegedus 2024-08-06 14:40:34 +02:00
  • 4b5f719906 Fixed shared files deadlock in a multi-threaded Windows application - The shared files Windows implementation introduced in PR #3132 works in multi-process single-threaded contexts but it doesn't work correctly in single-process multi-threaded contexts. - The issue is that the LockFileEx Win32 function works on a per-handle basis. - In a multi-process context, each process will have called SharedFiles::add_new_handler when initializing the SharedFile and obtained a handle, and thus locking will work. - When running ModSecurity in a single process using multiple threads, the initialization of the SharedFile will happen once and the handle will be shared by all threads. Then, if two threads try to write to the same shared file concurrently, they may deadlock as one of them will lock the file (by calling LockFileEx) and then proceed to write to the file. If before writing to the file and unlocking it, another thread calls LockFileEx on the same handle, the attempt to write to the file will lock generating a deadlock. - The new implementation replaces usage of LockFileEx/UnlockFileEx with a named mutex to lock access to the shared file. - A named mutex is used to support multi-process scenarios. - The mutex name is generated using the filename to support multiple shared files (such as that for the debug and audit logs). - This assumes that both process will initialize the SharedFile instance using the same filename (which is expected as they'd be using the same configuration file) Eduardo Arias 2024-08-05 08:49:06 -07:00
  • 0dce46062b Fixed potential memory leak when there is an intervention and log or url is set. Eduardo Arias 2024-08-05 10:39:40 -07:00
  • dab9bb6a11 Added methods to free buffers allocated by ModSecurity APIs - The following methods are introduced to allow clients of libModSecurity that are not able to link and call the C/C++ standard library to be able to free the buffers allocated by libModSecurity. - msc_intervention_cleanup: Frees the buffers in a ModSecurityIntervention structure that have been allocated by calls to msc_intervention. - msc_rules_error_cleanup: Frees an error message buffer allocated by the msc_rules_xxx functions to detail the condition that triggered the error. Eduardo Arias 2024-05-03 14:33:02 -03:00
  • e31ff7e60b Build on macOS 14 arm64 Eduardo Arias 2024-05-20 21:41:12 +00:00
  • 6cffa8f904 Add _putenv() in case of WIN32 port instead of setenv() Ervin Hegedus 2024-08-05 14:30:26 +02:00
  • 82801752d4 Merge branch 'v3/master' into v3/sonarmemleakfix Ervin Hegedus 2024-08-05 14:04:04 +02:00
  • 2048730012 Update CHANGES Ervin Hegedus 2024-08-05 09:32:40 +02:00
  • f04dcc0262 Merge pull request #3207 from gberkes/v3/remove_this_throw_call_transaction_h_mk2 Ervin Hegedus 2024-08-05 09:30:08 +02:00
  • b4cb24327c Fixed extra whitespace. gberkes 2024-08-04 23:00:39 +02:00
  • dc3f80a155 Fixed missing whitespace. gberkes 2024-08-04 22:55:42 +02:00
  • d47185d771 Build System: Introduce Configurable Assertion Handling gberkes 2024-08-04 22:47:15 +02:00
  • 053e3b5266 Document the usage and the importance of assertions. gberkes 2024-08-04 22:13:58 +02:00
  • b4659959cd Refactor: Ensure safe error handling by removing isolated throw; statements. gberkes 2024-08-04 22:04:07 +02:00
  • 5fa470189b Add PR's to CHANGES Ervin Hegedus 2024-08-03 16:23:26 +02:00
  • ccebb58c94 Add PR's to CHANGES Ervin Hegedus 2024-08-03 16:22:45 +02:00
  • cb11716af7 Merge branch 'v2/master' of https://github.com/marcstern/ModSecurity into v2/pr/assert Marc Stern 2024-08-02 17:52:01 +02:00
  • b6d218f72d Merge pull request #3116 from gberkes/v3/remove_this_conditional_structure Ervin Hegedus 2024-08-02 16:33:07 +02:00
  • 5de53cc728 handles the case grep doesn't match, otherwise the script exits with 1 (error) Marc Stern 2024-08-02 12:11:16 +02:00
  • f5bbb0b851 Fixed exit code in case of success Marc Stern 2024-08-02 11:43:09 +02:00
  • 4399ee9ba9 Fixed quotes Marc Stern 2024-08-02 11:28:07 +02:00
  • 8723294cd1 Search for errors/warnings in error log and stop if found Marc Stern 2024-08-02 11:19:34 +02:00
  • 97c3d15f31 Merge pull request #3203 from airween/v3/sethostname Ervin Hegedus 2024-08-02 09:44:13 +02:00
  • c7efeb6d06 Merge branch 'owasp-modsecurity:v3/master' into v3/sethostname Ervin Hegedus 2024-08-01 22:35:44 +02:00
  • e4245986bf Merge pull request #3198 from marcstern/v2/pr/collection_store_log Ervin Hegedus 2024-07-31 18:20:46 +02:00
  • a14cdc4ff5 Merge pull request #3182 from airween/v3/readmeupdate Ervin Hegedus 2024-07-31 16:41:55 +02:00
  • 4b38435a6e Merge pull request #3117 from airween/v3/eualrangebyfind Ervin Hegedus 2024-07-31 15:46:54 +02:00
  • 6449310831 Fix typos Ervin Hegedus 2024-07-31 14:23:52 +02:00
  • 7c379c8d59 Fixed assert() usage: - added some missing - removed some invalid - removed some that were not relevant in the context of the current function, when done in a called function Marc Stern 2024-07-31 11:17:36 +02:00
  • 0be1f1566a Remove redundant entry Marc Stern 2024-07-31 09:38:20 +02:00
  • df79bf6843 Merge pull request #3187 from marcstern/v2/pr/logidptr Ervin Hegedus 2024-07-30 16:25:54 +02:00
  • 937fc5ae59 Provide a function to set 'hostname' field in log Ervin Hegedus 2024-07-29 22:07:26 +02:00
  • 36601843b2 Merge pull request #3199 from airween/v2/xmlfreefix Ervin Hegedus 2024-07-26 09:14:04 +02:00
  • 223ce91aee Move xmlFree() call to the right place Ervin Hegedus 2024-07-25 20:52:55 +02:00
  • adba86e2bd Merge pull request #3185 from eduar-hte/git-describe Ervin Hegedus 2024-07-25 18:10:52 +02:00
  • de8646e383 Merge pull request #3189 from bitbehz/fix/typo-build-win32-dockerfile Ervin Hegedus 2024-07-25 18:08:08 +02:00
  • 824e523a48 Merge pull request #3188 from marcstern/v2/pr/acquire_global_lock Ervin Hegedus 2024-07-25 14:20:00 +02:00
  • f143663cf0 Add collection in log in case of writing error Marc Stern 2024-07-25 09:30:48 +02:00
  • 73a79af593 Fixed duplicate log entry use ap_log_error() if msr is NULL Fixed indentation Marc Stern 2024-07-25 08:55:26 +02:00
  • b53c2277d7 removed duplicate log entry Marc Stern 2024-07-25 08:39:44 +02:00
  • 9b987cc3f9 Return of msc_regexec() compared with PCRE_ERROR_NOMATCH (!=) to check if match. Other errors may happen that would return -2, -3, ... Matching would be incorrectly set in this case. We must check if >= 0 Marc Stern 2024-07-22 17:08:16 +02:00
  • cd65a44d64 Removed useless code Marc Stern 2024-07-22 16:53:58 +02:00
  • f32be70793 Use standard httpd logging format in error log Marc Stern 2024-07-22 16:24:56 +02:00
  • a32b512a7f Systematically log problems in update_rule_target_ex(). Fix some memory leaks in update_rule_target_ex(). Marc Stern 2024-07-22 15:59:28 +02:00
  • 243d9c978a Log audit lock name in case of problem Marc Stern 2024-07-22 15:57:15 +02:00
  • ee9a2353a5 create audit log Marc Stern 2024-07-22 15:29:45 +02:00
  • 9808ce47c5 CI improvement: First check syntax & always display error/audit logs Marc Stern 2024-07-22 15:23:51 +02:00
  • 4fce2e3c1d Fixing typo in Dockerfile Behzad Eslami Tehrani 2024-07-22 10:09:27 +03:30
  • ca593a4a40 Passing address of lock instead of lock in acquire_global_lock() Marc Stern 2024-07-20 18:53:30 +02:00
  • 9fb773c1ce Invalid pointer access in case rule id == NOT_SET_P Marc Stern 2024-07-20 18:45:14 +02:00
  • f4d35383e9 fixed typo Eduardo Arias 2024-07-17 23:22:09 +00:00
  • 5fe777aeb8 simplify submodules checkout (but fetch tags for git describe to work) Eduardo Arias 2024-07-17 23:19:10 +00:00
  • 3dda900ee9 Merge pull request #3164 from eduar-hte/variable-origin Ervin Hegedus 2024-07-17 23:08:30 +02:00
  • eb62cac7fa Add script to download OWASP CRS v4 to run benchmark - Simplified clone & checkout of CRS repository - Removed no longer maintained OWASP Core Ruleset v2 Eduardo Arias 2024-06-01 23:11:47 +00:00
  • 6faf6d7ec0 Removed unnecessary usage of heap-allocated VariableValue (m_var) - Removed unused methods Eduardo Arias 2024-06-01 18:37:37 +00:00
  • dc0a06fc70 Improve performance of VariableOrigin instances - The previous approach would create a std::unique_ptr and store it in a std::list in VariableValue (Origins) - The new approach now stores Origins in a std::vector and constructs VariableOrigin elements in-place on insertion. - Instead of having two heap-allocations for every added VariableOrigin instance, this performs only one. - If multiple origins are added, std::vector's growth strategy may even prevent a heap-allocation. There's a cost on growing the size of the vector, because a copy of current elements will be necessary. - Introduced reserveOrigin method to notify that multiple insertions will be made, so that we can use std::vector's reserve and do a single allocation (and copy of previous elements), and then just initialize the new elements in-place. Eduardo Arias 2024-06-01 14:54:49 +00:00
  • 8d06e4c47b Typo fixes Ervin Hegedus 2024-07-12 18:09:33 +02:00
  • baa7e694f9 Typo fixes Ervin Hegedus 2024-07-12 11:28:52 +02:00
  • 714e531134 Content improve Ervin Hegedus 2024-07-12 09:15:19 +02:00
  • 30ddc32c6f Update README.md: use submodule and use benchmark tool Ervin Hegedus 2024-07-11 22:07:16 +02:00
  • 7c174e95fa Merge pull request #3161 from eduar-hte/others-update Ervin Hegedus 2024-07-10 16:35:40 +02:00
  • 28b6e1d7d0 Merge pull request #3171 from marcstern/v2/ci_errorlog Ervin Hegedus 2024-06-12 15:08:47 +02:00
  • bcd50bec84 Show error.log after httpd start Marc Stern 2024-06-12 14:51:51 +02:00
  • b89c447782 Merge pull request #3149 from fzipi/fix-tmpnam Marc Stern 2024-05-31 10:07:47 +02:00
  • a3f40ef03c Replace Mbed TLS source code in repository with a submodule - Updated to latest Mbed TLS version (v3.6.0) Eduardo Arias 2024-05-24 01:53:24 +00:00
  • 7732b5e8f3 Update libinjection to version v3.9.2-92-gb9fcaaf Eduardo Arias 2024-05-24 10:46:11 -03:00
  • 3f4c02fdb3 Merge pull request #3154 from marcstern/v2/pcre Ervin Hegedus 2024-05-31 00:14:07 +02:00
  • dc8af8f23d Merge pull request #3160 from fzipi/v3/add-pull-request-template Ervin Hegedus 2024-05-30 15:36:53 +02:00
  • 98c672ddb4 chore: add PR template Felipe Zipitria 2024-05-30 09:45:02 -03:00
  • e7a6420fca Merge pull request #3159 from fzipi/add-pull-request-template Ervin Hegedus 2024-05-30 14:49:16 +02:00
  • bf6bf64cf3 chore: add PR template Felipe Zipitria 2024-05-30 09:45:02 -03:00
  • 93aa06bc1f feat: consolidate into acquire_global_lock and export prototype Felipe Zipitria 2024-05-30 09:32:50 -03:00
  • 54f531efd7 fix: add error logging Felipe Zipitria 2024-05-29 14:18:55 -03:00
  • e9d0150102 refactor: add acquire mutex function Felipe Zipitria 2024-05-29 09:07:14 -03:00