Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View


Categories: Apache Doxygen IIS Nginx (Mainline) Nginx (Stable)
Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

Apache Doxygen IIS Nginx (Mainline) Nginx (Stable)
Ramandeep
Allow non-zero Content-Length for HEAD requests
Ramandeep Singh
Passthrough the saved Response headers in the response

Tickets: https://github.com/SpiderLabs/ModSecurity/issues/735
  • Linux32 - Apache: regression [8082] failed -  stdio
  • freebsd10 - Apache: regression [8100] failed -  stdio
Felipe Zimmerle
nginx: fixing fuzzyHash test case for nginx

POST was happening on a file that was not allowed by nginx to receive a POST.
Nginx was returning 405 instead of 200 making the test to fail. Fixed by
change the URL to one that is allowed to receive POST.
Andrei Belov
Obtain port from r->connection->local_sockaddr.

This eliminates segfaults caused by unset (NULL) r->port_start
and non-NULL r->port_end. In fact, r->port_start is always NULL,
so it is useless to rely on this pointer.
Andrei Belov
Removed unneeded and invalid initialization.
paulyang
Bugfix: add -P option in test script

Otherwise nginx's installation directory could not be specified.

Signed-off-by: paulyang <paulyang.inf@gmail.com>
Felipe Zimmerle
niginx: cosmetics: Changes CRLF to LF
Felipe Zimmerle
nginx: cosmetics: Removes trailing whitespace
Felipe Zimmerle
nginx: cosmetics: Splits lines longer than 80 characters
Felipe Zimmerle
nginx: copies the req body chain to be processed instead of move

Add a check for the definition MOVE_REQUEST_CHAIN_TO_MODSEC, whenever it is
set the chain will be moved into the brigade. If it was not set the chain
will be only copied. Moving was causing segfaults on the following
regression tests:

#15 - SecRequestBodyInMemoryLimit
#16 - SecRequestBodyInMemoryLimit (greater)
#19 - SecRequestBodyLimitAction ProcessPartial (multipart/greater - chunked)
(from: regression/config/10-request-directives.t)
Felipe Zimmerle
nginx: better dealing with chunked request body
Felipe Zimmerle
nginx: looking for segfaults on the regression test.

If nginx segfaults it will return, warning that the test failed.
Felipe Zimmerle
nginx refactoring

Refactoring on the nginx module, including:
- Better handling larger posts;
- Now using nginx echo module during the regression tests.
- Better interacting with neginx chain rules
- Separation of the request handling and content filters.
- Better handling nginx sessions and resource counts to allow a
  more efficient garbage collector.
- Handling both http/1.0 and 1.1, including keep-alive.
- Tests are now capable to test nginx as a proxy or end-server.
- Tested agains nginx 1.6 and 1.7.
Felipe Zimmerle
nginx: fixing fuzzyHash test case for nginx

POST was happening on a file that was not allowed by nginx to receive a POST.
Nginx was returning 405 instead of 200 making the test to fail. Fixed by
change the URL to one that is allowed to receive POST.
  • Linux32 - Apache: regression [8082] failed -  stdio
  • Linux64 - Apache: regression [8085] failed -  stdio
  • freebsd10 - Apache: regression [8100] failed -  stdio
Andrei Belov
Obtain port from r->connection->local_sockaddr.

This eliminates segfaults caused by unset (NULL) r->port_start
and non-NULL r->port_end. In fact, r->port_start is always NULL,
so it is useless to rely on this pointer.
  • Linux32 - Apache: regression [8082] failed -  stdio
  • Linux64 - Apache: regression [8085] failed -  stdio
  • freebsd10 - Apache: regression [8100] failed -  stdio
Andrei Belov
Removed unneeded and invalid initialization.
  • Linux32 - Apache: regression [8082] failed -  stdio
  • Linux64 - Apache: regression [8085] failed -  stdio
  • freebsd10 - Apache: regression [8100] failed -  stdio
paulyang
Bugfix: add -P option in test script

Otherwise nginx's installation directory could not be specified.

Signed-off-by: paulyang <paulyang.inf@gmail.com>
  • Linux32 - Apache: regression [8082] failed -  stdio
  • Linux64 - Apache: regression [8085] failed -  stdio
  • freebsd10 - Apache: regression [8100] failed -  stdio
Felipe Zimmerle
niginx: cosmetics: Changes CRLF to LF
  • Linux32 - Apache: regression [8082] failed -  stdio
  • Linux64 - Apache: regression [8085] failed -  stdio
  • freebsd10 - Apache: regression [8100] failed -  stdio
Felipe Zimmerle
nginx: cosmetics: Removes trailing whitespace
  • Linux32 - Apache: regression [8082] failed -  stdio
  • Linux64 - Apache: regression [8085] failed -  stdio
  • freebsd10 - Apache: regression [8100] failed -  stdio
Felipe Zimmerle
nginx: cosmetics: Splits lines longer than 80 characters
  • Linux32 - Apache: regression [8082] failed -  stdio
  • Linux64 - Apache: regression [8085] failed -  stdio
  • freebsd10 - Apache: regression [8100] failed -  stdio
Felipe Zimmerle
nginx: copies the req body chain to be processed instead of move

Add a check for the definition MOVE_REQUEST_CHAIN_TO_MODSEC, whenever it is
set the chain will be moved into the brigade. If it was not set the chain
will be only copied. Moving was causing segfaults on the following
regression tests:

#15 - SecRequestBodyInMemoryLimit
#16 - SecRequestBodyInMemoryLimit (greater)
#19 - SecRequestBodyLimitAction ProcessPartial (multipart/greater - chunked)
(from: regression/config/10-request-directives.t)
  • Linux32 - Apache: regression [8082] failed -  stdio
  • Linux64 - Apache: regression [8085] failed -  stdio
  • freebsd10 - Apache: regression [8100] failed -  stdio
Felipe Zimmerle
nginx: better dealing with chunked request body
  • Linux32 - Apache: regression [8082] failed -  stdio
  • Linux64 - Apache: regression [8085] failed -  stdio
  • freebsd10 - Apache: regression [8100] failed -  stdio
Felipe Zimmerle
nginx: looking for segfaults on the regression test.

If nginx segfaults it will return, warning that the test failed.
  • Linux32 - Apache: regression [8082] failed -  stdio
  • Linux64 - Apache: regression [8085] failed -  stdio
  • freebsd10 - Apache: regression [8100] failed -  stdio
Felipe Zimmerle
nginx refactoring

Refactoring on the nginx module, including:
- Better handling larger posts;
- Now using nginx echo module during the regression tests.
- Better interacting with neginx chain rules
- Separation of the request handling and content filters.
- Better handling nginx sessions and resource counts to allow a
  more efficient garbage collector.
- Handling both http/1.0 and 1.1, including keep-alive.
- Tests are now capable to test nginx as a proxy or end-server.
- Tested agains nginx 1.6 and 1.7.
  • Linux32 - Apache: regression [8082] failed -  stdio
  • Linux64 - Apache: regression [8085] failed -  stdio
  • freebsd10 - Apache: regression [8100] failed -  stdio
Chaim Sanders
Fixed comment incorrect comment
Felipe Zimmerle
Version 2.9.0-RC2

Increasing version to 2.9.0-RC2.
  • Linux64-no-curl - Nginx (Mainline): regression [8089] failed -  stdio
Felipe Zimmerle
Closes a file handle that was left opened on fuzzy hash

Fuzzy hash implementation was lefting a file handle behind whenever the results
matched.
  • Linux32 - Nginx (Mainline): regression [8083] failed -  stdio
Felipe Zimmerle
IIS: Creates IIS_VERSION definition

This definition is currently used in two different circumstances: Report with
accuracy that the server is an IIS  (status call), and also show the amount of
loaded remote rules on the windows logs. Different from Apache which loads the
rules twice, IIS just do it once.
  • Linux64-no-curl - Apache: regression [8088] failed -  stdio
  • Linux64 - Nginx (Mainline): regression [8086] failed -  stdio
Felipe Zimmerle
IIS: Changes Curl version and removes OpenSSL dependency

As the this new Curl version supports well the Windows certificate storage,
removing the dependency on the OpenSSL. Also changing the build scripts to work
accordingly. As the cmake build of Curl is said to broken abandoning it in
favor of the nmake files. Thanks to Gregg Smith and Steffen.
  • Linux64-no-curl - Apache: regression [8088] failed -  stdio
  • Linux64 - Nginx (Mainline): regression [8086] failed -  stdio
Felipe Zimmerle
Disables mlogc compilation with Curl was not found

This commit automatic disables Curl compilation if Curl development files were
not found on build machine.
  • Linux64-no-curl - Apache: regression [8088] failed -  stdio
  • Linux64 - Nginx (Mainline): regression [8086] failed -  stdio
Felipe Zimmerle
IIS: Creates IIS_VERSION definition

This definition is currently used in two different circumstances: Report with
accuracy that the server is an IIS  (status call), and also show the amount of
loaded remote rules on the windows logs. Different from Apache which loads the
rules twice, IIS just do it once.
  • MacOSLeopard - Nginx (Mainline): regression [8095] failed -  stdio
Felipe Zimmerle
IIS: Changes Curl version and removes OpenSSL dependency

As the this new Curl version supports well the Windows certificate storage,
removing the dependency on the OpenSSL. Also changing the build scripts to work
accordingly. As the cmake build of Curl is said to broken abandoning it in
favor of the nmake files. Thanks to Gregg Smith and Steffen.
  • MacOSLeopard - Nginx (Mainline): regression [8095] failed -  stdio
Felipe Zimmerle
Disables mlogc compilation with Curl was not found

This commit automatic disables Curl compilation if Curl development files were
not found on build machine.
  • MacOSLeopard - Nginx (Mainline): regression [8095] failed -  stdio
Felipe Zimmerle
Reducing the amount of compilation warnings
  • MacOSLeopard - Nginx (Mainline): regression [8095] failed -  stdio
Felipe Zimmerle
Fix typo on fuzzy hash match message

Replaced "Socore" with Score.
  • MacOSLeopard - Nginx (Mainline): regression [8095] failed -  stdio
Felipe Zimmerle
Informs problems and successfully loaded external resources during reload

Resources load mechanism as the SecRemoteRuels were not showing information
about the loaded rules while Apache was reloaded. This patch add such
information to reload in the same way that it was showing on restart.
  • MacOSLeopard - Nginx (Mainline): regression [8095] failed -  stdio
Felipe Zimmerle
Adds missing 'ModSecurity:' prefix to log messages

As reported by Walter Hop, the status call functionality was printing a message
in the console without the expected 'ModSecurity:' prefix. SecServerSignature
was also printing messages without the expected prefix. Both are fixed by this
commit.
  • MacOSLeopard - Nginx (Mainline): regression [8095] failed -  stdio
Felipe Zimmerle
Refactoring external resources download warn messages

Holding the message to be displayed when Apache is ready to write on the
error_log instead of the default output. Regression tests were added.
  • MacOSLeopard - Nginx (Mainline): regression [8095] failed -  stdio
Felipe Zimmerle
Checks HTTP code after performing a resource download

As reported by Walter Hop on our dev- mailing list, remote resource download
was not validating the HTTP code, parsing errors pages as resources. This
commit fix  this issue, from now one HTTP error codes will be verified and
treated as errors. Operators are now dealing well with empty values that may
be produced in consequence of a download error.
  • MacOSLeopard - Nginx (Mainline): regression [8095] failed -  stdio
Felipe Zimmerle
Fix remote resources download while hosting SSL site on Apache

As reported by Christian Folin and Walter Hop on our dev mailing list, Apache
mod_ssl was failing if a remote resource was utilized. That was happening
because Curl clean up was also cleaning up the OpenSSL data used by mod_ssl.
This patch moves Curl initialization to happens while ModSecurity is
initialized.
  • MacOSLeopard - Nginx (Mainline): regression [8095] failed -  stdio