### modsecurity.h
* Standardize body parser return codes
### msc_json.c, msc_xml.c
* Return special error code on body parsing failure
### msc_reqbody.c, apache2_io.c, mod_security2.c
* Change body parsing error codes to refer to constants
defined in header.
This commit adds a github action to try to run make on every PR for CI purposes. It is meant to replace the travis-ci setup.
### new file: .github/workflows/main.yml
* Triggers set to pushes and pull_requests for waf_nginx branch
* Logs into Azure Container Registry to fetch build environment container image
* Runs make commands inside the docker-compose generated environment
### new file: .github/workflows/tests.yml
* Triggers set to pushes and pull requests for waf_nginx branch
* Starts IIS and publishes modsec package to IIS
* Runs ftw tests on IIS with modsec.
* Set ftw version to v1.1.7 specifically in the buildscript
### modified: iis/build_dependencies.bat
* Remove hardcoded path for 7-zip.
7zip is dynamically managed by the build.
### modified: iis/build_release_amd64.bat
* Change vcvars path for VS 2019 compatibility.
Older versions aren't available on Github Actions.
### deleted: appveyor.yml, .travis.yml
* Delete files. The contents have been translated to github actions.
* fix specific pcre log error message
* Use Modsec cmd SecComponentSignature
* move from global to per licaton config
* add error code to avoid string match
* fix build
* fix build
* fix build issue with nginx module
* fix specific pcre log error message
* Use Modsec cmd SecComponentSignature
* move from global to per licaton config
* add error code to avoid string match
* fix build
* fix build
Instead of rejecting the request when unable to post it to the thread
pool for offloaded processing, process it in place.
Signed-off-by: Vladimir Krivopalov <vlkrivop@microsoft.com>
Before this fix, the parsing code did not expect any attributes other
than 'boundary' to appear in a Content-Type header of
multipart/form-data kind.
This would result in validation failure of requests that have, e.g., a
'charset' attribute set.
Signed-off-by: Vladimir Krivopalov <vlkrivop@microsoft.com>
It is currently possible that the XML parsing context is not properly
cleaned up if a parsed XML document is malformed.
This fix makes sure that the context is taken care of.
Signed-off-by: Vladimir Krivopalov <vlkrivop@microsoft.com>
ModSecurity uses a dynamically allocated error message when JSON parsing
fails but never releases it properly.
Signed-off-by: Vladimir Krivopalov <vlkrivop@microsoft.com>
The transaction context needs to be initialized before predicates like
modsecIsRequestBodyAccessEnabled() can be run on a request.
Typically, it is created during request headers processing but for
detection mode when we defer all processing we may need it sooner.
Signed-off-by: Vladimir Krivopalov <vlkrivop@microsoft.com>
Anurag Kishore
tejasshah7
karanbazaz
Karan Bazaz
Venkata Krishnan
Yanshu
Alex Z. Yang
Vladimir Krivopalov
Vladimir Krivopalov