github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-15 17:12:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • d4d71b4f28 fix: remove unsafe tmpnam usage Felipe Zipitria 2024-05-23 10:40:46 -03:00
  • 6e82895afc Merge pull request #3158 from fzipi/add-gitignore Ervin Hegedus 2024-05-29 20:15:22 +02:00
  • 7f40b4071b chore: add gitignore file Felipe Zipitria 2024-05-29 14:26:27 -03:00
  • bc682d5b4a Revert pcre_study() creating the extra data, as it's done afterwards anyway. Marc Stern 2024-05-29 11:38:10 +02:00
  • 8a3b62021e Merge pull request #3153 from marcstern/v2/LARGE_STREAM_INPUT_nullend Ervin Hegedus 2024-05-28 22:33:26 +02:00
  • 719744efdd Merge pull request #3155 from marcstern/v2/tx_cleanup_null Ervin Hegedus 2024-05-28 22:05:23 +02:00
  • f08897003b msr->msc_full_request_buffer is freed but not assigned to NULL. It could be freed again later Marc Stern 2024-05-28 16:25:26 +02:00
  • 84ad094ff6 Use PCRE_STUDY_EXTRA_NEEDED flag Marc Stern 2024-05-28 16:19:29 +02:00
  • 4a992b5a16 Replace a memset to 0 by a single assignment and fixing the 0 byte missing at the end when MSC_LARGE_STREAM_INPUT is not defined Marc Stern 2024-05-28 15:41:38 +02:00
  • e803cdd802 Merge branch 'v2/master' of https://github.com/marcstern/ModSecurity into v2/master Marc Stern 2024-05-24 10:13:00 +02:00
  • 2fd45f870b Merge pull request #3146 from eduar-hte/seclang-scanner-nounistd Ervin Hegedus 2024-05-23 14:56:26 +02:00
  • 37776fd262 Merge pull request #3144 from eduar-hte/gh-workflow-updates Ervin Hegedus 2024-05-23 14:53:09 +02:00
  • 30c909c9d2 Merge pull request #3148 from fzipi/update-copyright Ervin Hegedus 2024-05-23 14:49:24 +02:00
  • 98dba00231 docs: update README Felipe Zipitria 2024-05-23 09:40:09 -03:00
  • d9255d85ca Updated GH Unix build configurations - Added support to build 32-bit versions of libModSecurity on Linux - Added support to build libModSecurity using clang on Linux (both 64-bit and 32-bit versions) - Fixed macOS dependencies to include yajl, not only because it is a required dependency, but because tests were not being run on macOS builds without it. - Added build 'without libxml' to Linux & macOS configurations. - Added build 'without ssdeep' to Linux configurations (already in macOS configuration) - Added build 'with lmdb' to Linux & macOS configurations, replacing the existing one 'without lmdb' because by default LMDB is disabled if not explicitly turn on in configure. - Removed 'without yajl' build because it's a required 3rd party dependency. - Added bison & flex dependencies to enable parser generation. Eduardo Arias 2024-05-15 06:39:14 -07:00
  • 5a543d9c0b Updated .gitignore to ignore files generated in builds - build/win32/* files from Windows builds, other files from Unix builds Eduardo Arias 2024-05-23 01:38:15 +00:00
  • 9e44964dc7 Use SRC_DIR argument Eduardo Arias 2024-05-19 21:12:34 +00:00
  • fbaf052a0a Update Windows build information after PR #3132 Eduardo Arias 2024-05-19 21:10:25 +00:00
  • d0108efbc3 Update actions/checkout version to avoid deprecation warnings on GH workflow Eduardo Arias 2024-05-15 06:54:13 -07:00
  • 636cf43d5e Separate workflow to run check-static (cppcheck) build step Eduardo Arias 2024-05-05 13:25:46 -03:00
  • 7267c1dc21 Added support to run regression tests without libxml2 - Annotated regression tests that depend on libxml2 support - Added Windows build without libxml2 Eduardo Arias 2024-05-15 06:34:34 -07:00
  • 2c488386c4 Add options nounistd & never-interactive to seclang-scanner.ll - The parser is not used interactively so we can avoid including unistd.h, which is not available on Windows MSVC C++ compiler. - The #ifdef WIN32 introduced in PR #3132 would probably be overwritten when the parser is updated. Eduardo Arias 2024-05-19 16:38:03 +00:00
  • 2b3d092a29 Merge pull request #3139 from marcstern/v2/mst/SecArgumentsLimit_log Ervin Hegedus 2024-05-16 21:02:19 +02:00
  • c7c7881c22 space Marc Stern 2024-05-16 16:56:46 +02:00
  • d45c4baa83 spaces Marc Stern 2024-05-16 16:55:31 +02:00
  • ca7b4b49bf Merge branch 'v2/master' of https://github.com/marcstern/ModSecurity into v2/master Marc Stern 2024-05-16 16:51:48 +02:00
  • 746f57f963 Changed indentation Marc Stern 2024-05-16 15:52:31 +02:00
  • 124a434439 Merge pull request #3141 from rkrishn7/v3/master Ervin Hegedus 2024-05-15 15:22:15 +02:00
  • 71a786b1e5 Merge pull request #3132 from eduar-hte/windows-port Ervin Hegedus 2024-05-15 15:00:16 +02:00
  • 1b2de5a5d3 Add support to turn 3rd party dependencies off - By default, all the 3rd party dependencies are enabled. - A dependency can be turned off by adding the "-DWITHOUT_xxx=ON" to the call of vcbuild.bat - List of 3rd party dependencies and associated option to turn them off: - LMDB: WITHOUT_LMDB - LUA: WITHOUT_LUA - LibXML2: WITHOUT_LIBXML2 - MaxMind: WITHOUT_MAXMIND - cURL: WITHOUT_CURL Eduardo Arias 2024-05-14 13:42:20 -07:00
  • 6bf78f2560 Added GitHub workflow to build libModSecurity on Windows. Eduardo Arias 2024-05-13 13:37:24 -07:00
  • e6e2989bd5 Configure test fixture using CTest for Windows build - Added new test/test_suite.in with list of regression and unit tests previously in Makefile.am, to be shared between Unix and Windows builds. - Updated regression.cc & unit.cc to return the number of failed tests to indicate to CTest that the test failed. Similarly, a crash or unhandled exception terminates the process with a non-zero exit code. - This change doesn't affect running the tests with autotest in Unix builds because this processes test output from custom-test-driver & test-suite.sh, and ignores the exit code of the test runner. - Removed comment in test/test-cases/regression-offset-variable.json as this is not supported by JSON and prevents strict parsers to read and process the file. - Minor change in regression.cc's clearAuditLog to replace std::ifstream with std::ofstream as the mode to open the flag applies to an output stream. - Minor change in unit.cc to simplify code that deletes tests. - Minor changes to test/custom-test-driver to correct usage information. Eduardo Arias 2024-05-11 14:52:32 +00:00
  • 4b8c3679b9 Add link to Rust bindings in README (#1) Rohan Krishnaswamy 2024-05-12 18:49:02 -07:00
  • a61820fe2c Enhanced logging [Issue #3107] Marc Stern 2024-05-10 17:26:23 +02:00
  • a8e132f3a1 Replaced the use of "new" in find_resource - Addresses SonarCloud issue cpp:S5025 (Memory should not be managed manually) - This function was not changed for the Windows port, but a similar change to the one suggested was done in expandEnv in the same file. - The first stream is not destructed at the exact same point it was in the previous code (but rather when the second stream replaces it on assignment to the same variable). An arbitrary scope could have been introduced to destruct the object at the same place, but it doesn't seem to be necessary and would make the code a bit strange. Eduardo Arias 2024-04-26 10:50:24 -03:00
  • b69405a372 Use default keyword to implement constructor/destructor - Addresses SonarCloud cpp:S3490 issue (Special member function should not be defined unless a non standard behavior is required) Eduardo Arias 2024-04-26 10:35:01 -03:00
  • 411bbb2d36 Updated case of winsock header files - Address SonarCloud cpp:S3806 issues ("#include" paths should be portable) - This is not an actual issue in this case, because WinSock2.h and WS2tcpip.h are Windows only. Eduardo Arias 2024-04-26 10:28:39 -03:00
  • faae58eed7 Added Windows build scripts using Build Tools for Visual Studio 2022 (MSVC compiler & CMake) and Conan package manager - Included Dockerfile to automate the setup process of prerequisites and build of libModSecurity binaries. Eduardo Arias 2024-04-24 10:51:07 -03:00
  • d7c49ed590 Added support to lock files on Windows and major rewrite to reintroduce reference counting and remove unused code. - In Windows build, replaced usage of fcntl with cmd F_SETLKW with Win32 APIs to do file locking (LockFileEx & UnlockFileEx). - Reintroduced the reference counting initially present in the class which is necessary to correctly handle merging of rules. This allows for correctly closing the file and removing the associated entry from m_handlers when the file is no longer used. - The need for reference counting can be seen in the example simple_example_using_c, where rules are initially loaded locally and then further rules are loaded remotely. This will initially open a shared file for a log, then in order to merge rules, the shared file is opened again for the new configuration. Then, the previous configuration closes the shared file on destruction. That is, two consecutive opens are done on a shared file, which is followed by a close. If the shared file is not reference counted, the shared file will be closed while there is still a reference active. The current version works because closing of the file has been disabled after reference counting was removed. - Replaced std::vector data structure with std::unordered_map to improve lookup/update times, and simplify code. - Removed unused code - Shared memory to store msc_file_handler structure - Initially SharedFiles used shared memory to store information about each shared file, including its file pointer and a mutex to synchronize access to the file on write. See code at commit 01c13da, in particular, usage of lock & fp fields in the msc_file_handler_t structure. - At that time, msc_file_handler_t included reference counting too with the using_it field, which was incremented when a file was opened and decremented on close. If the reference count reached zero, the shared file would be closed, the lock destroyed and the file handler entry removed from m_handlers. - Reference counting was removed in commit 7f9cd76, which introduced the following issues in SharedFiles::close: - No longer closes the file pointer. - The file pointer appears to be reset when a.second = 0, but this is a local copy of the data pair obtained from m_handlers, so this is essentially a nop (updating a local variable that is not referenced later in the function). - NOTE: The file pointer was moved out of the shared memory in this commit too, and stored alongside the msc_file_handler_t instance in the m_handlers entry associated to the shared file. - The lock is no longer destroyed. - The shared memory is marked to be destroyed in the call to: shmctl(a.first->shm_id_structure, IPC_RMID, NULL); - The shared file entry is not removed from m_handlers, so: - the file pointer is still valid, which is how writing to the file continues to work, - the reference to the shared memory is also present and will be marked to be destroyed whenever close is called again on the shared file. - File locking using the mutex in msc_file_handler_t was replaced in commit 3d20304 with usage of fcntl with cmd F_SETLKW. - At this time, it appears that the shared memory is no longer used, as the file pointer and locking no longer depend on it. - MODSEC_USE_GENERAL_LOCK - This code is introduced commit 7f9cd76 and is enabled if MODSEC_USE_GENERAL_LOCK` is defined. - The define is commented out in the source code since the original commit and is not present in the build configuration either. - In commit ff9152e, in the SharedFiles constructor, the initialization of the local variable toBeCreated is removed. This means that in this version, if MODSEC_USE_GENERAL_LOCK is enabled, execution of the code that checks on toBeCreated is undefined. - Then, in commit 9b40a04, the variable toBeCreated is initialized again, but is now set to false, which means that if MODSEC_USE_GENERAL_LOCK is enabled, the shared memory and lock it uses will *not* be initialized and thus doesn't work (execution of the current version will result in trying to acquire a lock that will be null). - I conclude that the feature is not used and can be removed. - Additionally, if it were working, I think the lock should be used in SharedFiles::write as well, which is a reader of the underlying data structures protected by this lock when they're modified in SharedFiles::open & SharedFiles::close. Eduardo Arias 2024-04-23 17:52:25 -03:00
  • 50e78331b1 Updated Env::evaluate to support case-insensitive environment variable names in Windows - Env::evaluate - Environment variable names in Windows are case-insensitive, so in the Windows build we use strcasecmp to ignore case when matching variables in transaction->m_variableEnvs. - If the variable is found, we use the expected variable name to create the VariableValue instance, as further rule processing will look for the variable using case-sensitive comparisons. - This code is not limited to Windows to avoid another #ifdef block because for other platforms, because the env variable names are case-sensitive the value from either x.first and m_name will be the same. - In Windows build, avoid redefining environ, already defined by including stdlib.h. Eduardo Arias 2024-04-23 17:40:24 -03:00
  • 50c35345ed Fixed use after free in ModSecurity::processContentOffset - Use after free issue detected with Address Sanitizer while running the reading_logs_with_offset example. - Keeps reference to last element in vars vector with vars.back(). Then it removes the element from vars calling vars.pop_back() which invalidates the reference, but it's accessed later in the function. Eduardo Arias 2024-04-23 17:10:47 -03:00
  • d9016e21f2 Merge pull request #3120 from marcstern/v2/mst/nullcheck2 Ervin Hegedus 2024-05-06 22:21:36 +02:00
  • 7bff2f77aa Updated references to coreruleset repository - For OWASP v2 rules, switch to a v2 tag for the paths referenced in the rest of the script to apply. Eduardo Arias 2024-04-23 16:35:37 -03:00
  • fef419f986 Minor changes related to std::shared_ptr usage in RuleWithActions - RuleWithActions::evaluate(Transaction *transaction) - Removed temporary rm local variable used to immediately create std::shared_ptr<RuleMessage>. - Leverage std::make_shared & auto to simplify code. Eduardo Arias 2024-04-23 16:22:58 -03:00
  • 10c6ee726f Added support for expandEnv, createDir & cpu_seconds on Windows - expandEnv on Windows uses POCO C++ Libraries implementation of Glob - Paths of matched files are adjusted to preserve UNIX path separators for consistency with the rest of the code. - Minor change to code shared with other platforms that removes allocation of std::ifstream on the heap to check whether the file can be opened, which can be done with local stack variable that closes the file when out of scope. - createDir uses _mkdir on Windows, which doesn't support configuring the new directory's mode. - added public domain implementation of clock_gettime for clock_id CLOCK_PROCESS_CPUTIME_ID from mingw-w64's winpthreads to support cpu_seconds on Windows. - Updated included headers to support compilation on Windows (using Visual C++) Eduardo Arias 2024-04-23 14:55:39 -03:00
  • ebf1f8fd28 On Windows use the operating system's native CA store for certificate verification of https requests. - Updated included headers to support compilation on Windows (using Visual C++) Eduardo Arias 2024-04-23 13:00:19 -03:00
  • 91a736692a Minor changes to debug_log_writer - Removed unused m_first data member. - Explicitly delete copy constructor and assignment operator. - Removed unused included headers. Eduardo Arias 2024-04-23 12:57:28 -03:00
  • 373633ffe2 mkstemp is not available in Windows build, replaced with _mktemp_s plus _open. - Updated included headers to support compilation on Windows (using Visual C++) - Minor change to use C++ default (zero) initialization instead of calling memset. Eduardo Arias 2024-04-24 11:01:32 -03:00
  • 35949179a4 setenv is not available in Windows build, replaced with _putenv_s Eduardo Arias 2024-04-23 12:43:22 -03:00
  • abbd7b2f42 Replaced usage of apr_snprintf with snprintf (already in Windows exclusive code block) - updated included headers to support compilation on Windows (using Visual C++) Eduardo Arias 2024-04-23 12:40:47 -03:00
  • 942c8ba606 Replaced usage of usleep (not available in Visual C++) with C++11's std::this_thread::sleep_for & std::chrono::microseconds. - disabled build error from warning C4716 because process_request does not return a value and Visual C++ doesn't support [[noreturn]] Eduardo Arias 2024-04-23 12:23:53 -03:00
  • a48856822c Updated included headers to support compilation on Windows (using Visual C++) - most of posix related functions and constants in unistd.h can be found in io.h in Visual C++ - introduced src/compat/msvc.h to adjust for compiler differences (and avoid updating code with #ifdef blocks for Windows support) - removed some included headers that are not needed (both on Unix and Windows builds) Eduardo Arias 2024-04-23 11:46:29 -03:00
  • c8056483f7 Merge pull request #3134 from eduar-hte/inline-cppcheck-suppressions Ervin Hegedus 2024-05-03 14:43:51 +02:00
  • 1f419bba8f Implement sonarcloud suggestions Eduardo Arias 2024-04-28 18:12:49 -03:00
  • 9f5dc200ba Replace final three suppressions entries with line numbers - These were initially not included in these changes, as they were other PRs (#3104 & #3132) that address them. Eduardo Arias 2024-04-29 22:28:42 -03:00
  • 95ce3a7db4 Removed unused suppressions Eduardo Arias 2024-04-28 14:37:56 -03:00
  • 7a9c0ab15f Removed unused suppresion and avoid copy of logPath Eduardo Arias 2024-04-28 14:36:18 -03:00
  • 4aad8e0d06 Inline cppcheck suppressions Eduardo Arias 2024-04-28 11:34:37 -03:00
  • 0c38023b21 Removed unmatchedSuppression entries Eduardo Arias 2024-04-28 13:08:39 -03:00
  • cd2dded659 Removed unnecessary break after return Eduardo Arias 2024-04-28 12:50:58 -03:00
  • 0cd2f459f3 Address cppcheck suppressions in lmdb Eduardo Arias 2024-04-28 12:43:02 -03:00
  • 94b68b2514 Minor updates to simplify code and remove cppcheck suppressions Eduardo Arias 2024-04-28 12:01:20 -03:00
  • fde9d279b0 Removed unnecessary cppcheck suppression and r-value reference as copy should be avoidded by RVO Eduardo Arias 2024-04-27 18:00:28 -03:00
  • b872f11f68 Fixed memory leak in examples/reading_logs_via_rule_message Eduardo Arias 2024-04-28 11:42:05 -03:00
  • 4288f5a009 Enable inline suppressions in cppcheck Eduardo Arias 2024-04-27 23:25:53 -03:00
  • dd400f7fa3 Added --enable-assertions in CI Removed useless line Marc Stern 2024-04-26 17:22:16 +02:00
  • 07e5a7058b Merge pull request #3128 from fzipi/update-submodules Ervin Hegedus 2024-04-23 10:54:30 +02:00
  • 7e085ffb6e fix: update submodule url Felipe Zipitria 2024-04-22 15:56:40 -03:00
  • 6217b4ec1e Merge pull request #3127 from fzipi/fix-rbl-check Ervin Hegedus 2024-04-22 15:56:25 +02:00
  • 30fe6f935b fix(rbl): typo in rbl check selector Felipe Zipitria 2024-04-22 10:23:28 -03:00
  • 4961f46a6f (re)fixed const type Marc Stern 2024-04-16 18:09:00 +02:00
  • 243ac0563a Merge branch 'v2/mst/nullcheck2' of https://github.com/marcstern/ModSecurity into v2/mst/nullcheck2 Marc Stern 2024-04-16 18:02:16 +02:00
  • d35018ef3f another null check Marc Stern 2024-04-16 18:02:06 +02:00
  • 62302c2474 Update apache2/apache2_io.c Marc Stern 2024-04-16 17:59:43 +02:00
  • 5122f89005 defined id_log() only once Marc Stern 2024-04-16 13:28:37 +02:00
  • 556835c6fe Fixed corrupted character Marc Stern 2024-04-12 18:04:16 +02:00
  • 38d4b5c898 typo Marc Stern 2024-04-12 16:28:45 +02:00
  • 931c081ba6 Enforcing -DNDEBUG (default normally) Marc Stern 2024-04-11 13:42:37 +02:00
  • bd435277a9 Added --enable-assertions configure flag Marc Stern 2024-04-10 17:10:03 +02:00
  • a01b9b527e minor fixes Marc Stern 2024-04-10 14:04:34 +02:00
  • 5f938536a0 fixed a NULL check Marc Stern 2024-04-08 11:01:29 +02:00
  • c8e1904da8 Missing function Marc Stern 2024-04-05 18:21:02 +02:00
  • 1014e479b7 Added missing prototype Marc Stern 2024-04-05 18:17:25 +02:00
  • 649aea7288 Merge branch 'v2/master' into v2/mst/nullcheck2 Marc Stern 2024-04-04 16:08:59 +02:00
  • 518b8ba6ab more null pointer checks Marc Stern 2024-04-04 16:01:51 +02:00
  • 538ffa6baa Added some null pointer checks. Added a design doc. Marc Stern 2024-04-04 15:45:55 +02:00
  • 16d0df0ff9 Optimized variable handling Ervin Hegedus 2024-03-31 14:14:45 +02:00
  • 7c4dcdfa4b Changed 'euqal_range()' + loop by 'find()' in resolveFirst() methods Ervin Hegedus 2024-03-29 16:32:34 +01:00
  • 5802626437 Deleted redundant code in 'ModSecurity::serverLog(...)'. gberkes 2024-03-28 20:12:30 +01:00
  • cdb6b839e1 Replaced variable type to 'auto' Ervin Hegedus 2024-03-27 16:39:32 +01:00
  • 1b6b631617 Use make_unique to create unique ptr Ervin Hegedus 2024-03-27 16:33:05 +01:00
  • ca7c0ae0b9 Code refactorization Ervin Hegedus 2024-03-27 16:19:38 +01:00
  • 4085ff5536 Replace putenv by setenv Ervin Hegedus 2024-03-27 13:14:11 +01:00
  • 5b2404e44d Fix memleak in rules-check.cc Ervin Hegedus 2024-03-27 11:45:36 +01:00
  • 39848e5564 Fix memleak in regression.cc Ervin Hegedus 2024-03-27 11:45:05 +01:00
  • 625f9a5300 Merge pull request #2898 from brandonpayton/add-editorconfig Ervin Hegedus 2024-03-05 16:13:07 +01:00
  • 6d719bee5b Merge pull request #3016 from M4tteoP/uri_decode_invalid Ervin Hegedus 2024-03-05 16:11:01 +01:00
  • 788c36d343 Merge pull request #3099 from twouters/bugfix/3082 Ervin Hegedus 2024-03-03 19:10:19 +01:00
  • 31bf935f74 Update CHANGES Marc Stern 2024-03-03 16:20:07 +01:00
  • 5a6a53859a Merge pull request #3101 from airween/v3/updatechanges Christian Folini 2024-03-02 10:41:37 +01:00