Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit74ec784

Browse files
client9Felipe Zimmerle
authored and
Felipe Zimmerle
committed
libinjection sync
1 parent227de9f commit74ec784

File tree

5 files changed

+459
-1040
lines changed

5 files changed

+459
-1040
lines changed

‎apache2/libinjection/libinjection.h‎

Lines changed: 11 additions & 279 deletions
Original file line numberDiff line numberDiff line change
@@ -14,187 +14,10 @@
1414
extern"C" {
1515
#endif
1616

17-
/**
18-
* Libinjection's sqli module makes a "normalized"
19-
* value of the token. This is the maximum size
20-
* Token with values larger than this will be truncated
21-
*/
22-
#ifndefLIBINJECTION_SQLI_TOKEN_SIZE
23-
#defineLIBINJECTION_SQLI_TOKEN_SIZE 32
24-
#endif
25-
26-
/**
27-
* Number of tokens used to create a fingerprint
28-
*/
29-
#ifndefLIBINJECTION_SQLI_MAX_TOKENS
30-
#defineLIBINJECTION_SQLI_MAX_TOKENS 5
31-
#endif
32-
33-
#ifLIBINJECTION_SQLI_MAX_TOKENS >=8
34-
#defineLIBINJECTION_SQLI_BUFFER_SZ (LIBINJECTION_SQLI_MAX_TOKENS + 1)
35-
#else
36-
#defineLIBINJECTION_SQLI_BUFFER_SZ 8
37-
#endif
38-
39-
40-
enumlookup_type {
41-
FLAG_NONE=0,
42-
FLAG_QUOTE_NONE=1 <<1,
43-
FLAG_QUOTE_SINGLE=1 <<2,
44-
FLAG_QUOTE_DOUBLE=1 <<3,
45-
46-
FLAG_SQL_ANSI=1 <<4,
47-
FLAG_SQL_MYSQL=1 <<5,
48-
49-
LOOKUP_WORD,
50-
LOOKUP_TYPE,
51-
LOOKUP_OPERATOR,
52-
LOOKUP_FINGERPRINT
53-
};
54-
55-
structlibinjection_sqli_token {
56-
#ifdefSWIG
57-
%immutable;
58-
#endif
59-
chartype;
60-
charstr_open;
61-
charstr_close;
62-
63-
/*
64-
* position and length of token
65-
* in original string
66-
*/
67-
size_tpos;
68-
size_tlen;
69-
70-
/* count:
71-
* in type 'v', used for number of opening '@'
72-
* but maybe unsed in other contexts
73-
*/
74-
intcount;
75-
76-
charval[LIBINJECTION_SQLI_TOKEN_SIZE];
77-
};
78-
79-
typedefstructlibinjection_sqli_tokenstoken_t;
80-
81-
/**
82-
* Pointer to function, takes cstr input,
83-
* returns '\0' for no match, else a char
17+
/*
18+
* Pull in size_t
8419
*/
85-
structlibinjection_sqli_state;
86-
typedefchar (*ptr_lookup_fn)(structlibinjection_sqli_state*,intlookuptype,constchar*word,size_tlen);
87-
88-
structlibinjection_sqli_state {
89-
#ifdefSWIG
90-
%immutable;
91-
#endif
92-
93-
/*
94-
* input, does not need to be null terminated.
95-
* it is also not modified.
96-
*/
97-
constchar*s;
98-
99-
/*
100-
* input length
101-
*/
102-
size_tslen;
103-
104-
/*
105-
* How to lookup a word or fingerprint
106-
*/
107-
ptr_lookup_fnlookup;
108-
void*userdata;
109-
110-
/*
111-
*
112-
*/
113-
intflags;
114-
115-
/*
116-
* pos is index in string we are at when tokenizing
117-
*/
118-
size_tpos;
119-
120-
#ifndefSWIG
121-
/* for SWIG.. don't use this.. use functional API instead */
122-
123-
/* MAX TOKENS + 1 since we use one extra token
124-
* to determine the type of the previous token
125-
*/
126-
structlibinjection_sqli_tokentokenvec[LIBINJECTION_SQLI_BUFFER_SZ];
127-
#endif
128-
129-
/*
130-
* Pointer to token position in tokenvec, above
131-
*/
132-
structlibinjection_sqli_token*current;
133-
134-
/*
135-
* fingerprint pattern c-string
136-
* +1 for ending null
137-
* Mimimum of 8 bytes to add gcc's -fstack-protector to work
138-
*/
139-
charfingerprint[LIBINJECTION_SQLI_BUFFER_SZ];
140-
141-
/*
142-
* Line number of code that said decided if the input was SQLi or
143-
* not. Most of the time it's line that said "it's not a matching
144-
* fingerprint" but there is other logic that sometimes approves
145-
* an input. This is only useful for debugging.
146-
*
147-
*/
148-
intreason;
149-
150-
/* Number of ddw (dash-dash-white) comments
151-
* These comments are in the form of
152-
* '--[whitespace]' or '--[EOF]'
153-
*
154-
* All databases treat this as a comment.
155-
*/
156-
intstats_comment_ddw;
157-
158-
/* Number of ddx (dash-dash-[notwhite]) comments
159-
*
160-
* ANSI SQL treats these are comments, MySQL treats this as
161-
* two unary operators '-' '-'
162-
*
163-
* If you are parsing result returns FALSE and
164-
* stats_comment_dd > 0, you should reparse with
165-
* COMMENT_MYSQL
166-
*
167-
*/
168-
intstats_comment_ddx;
169-
170-
/*
171-
* c-style comments found /x .. x/
172-
*/
173-
intstats_comment_c;
174-
175-
/* '#' operators or mysql EOL comments found
176-
*
177-
*/
178-
intstats_comment_hash;
179-
180-
/*
181-
* number of tokens folded away
182-
*/
183-
intstats_folds;
184-
185-
/*
186-
* total tokens processed
187-
*/
188-
intstats_tokens;
189-
190-
};
191-
192-
structlibinjection_sqli_token*libinjection_sqli_get_token(
193-
structlibinjection_sqli_state*sqlistate,inti);
194-
195-
196-
typedefstructlibinjection_sqli_statesfilter;
197-
20+
#include<string.h>
19821

19922
/*
20023
* Version info.
@@ -207,109 +30,18 @@ typedef struct libinjection_sqli_state sfilter;
20730
* See python's normalized version
20831
* http://www.python.org/dev/peps/pep-0386/#normalizedversion
20932
*/
210-
constchar*libinjection_version();
211-
212-
/**
213-
*
214-
*/
215-
voidlibinjection_sqli_init(structlibinjection_sqli_state*sql_state,
216-
constchar*s,size_tslen,
217-
intflags);
33+
constchar*libinjection_version(void);
21834

21935
/**
220-
* Main API: tests for SQLi in three possible contexts, no quotes,
221-
* single quote and double quote
222-
*
223-
* \param sql_state
224-
* \param s
225-
* \param slen
226-
* \param fn a pointer to a function that determines if a fingerprint
227-
* is a match or not. If NULL, then a hardwired list is
228-
* used. Useful for loading fingerprints data from custom
229-
* sources.
230-
*
231-
* \return 1 (true) if SQLi, 0 (false) if benign
232-
*/
233-
intlibinjection_is_sqli(structlibinjection_sqli_state*sql_state);
234-
235-
/* FOR H@CKERS ONLY
236-
*
237-
*/
238-
voidlibinjection_sqli_callback(structlibinjection_sqli_state*sql_state,
239-
ptr_lookup_fnfn,
240-
void*userdata);
241-
242-
243-
/*
244-
* Resets state, but keeps initial string and callbacks
245-
*/
246-
voidlibinjection_sqli_reset(structlibinjection_sqli_state*sql_state,
247-
intflags);
248-
249-
/**
250-
*
251-
*/
252-
253-
/**
254-
* This detects SQLi in a single context, mostly useful for custom
255-
* logic and debugging.
256-
*
257-
* \param sql_state
258-
*
259-
* \returns a pointer to sfilter.fingerprint as convenience
260-
* do not free!
261-
*
262-
*/
263-
constchar*libinjection_sqli_fingerprint(structlibinjection_sqli_state*sql_state,
264-
intflags);
265-
266-
/**
267-
* The default "word" to token-type or fingerprint function. This
268-
* uses a ASCII case-insensitive binary tree.
269-
*/
270-
charlibinjection_sqli_lookup_word(structlibinjection_sqli_state*sql_state,
271-
intlookup_type,
272-
constchar*s,
273-
size_tslen);
274-
275-
/* Streaming tokenization interface.
276-
*
277-
* sql_state->current is updated with the current token.
278-
*
279-
* \returns 1, has a token, keep going, or 0 no tokens
280-
*
281-
*/
282-
intlibinjection_sqli_tokenize(structlibinjection_sqli_state*sql_state);
283-
284-
/**
285-
* parses and folds input, up to 5 tokens
286-
*
287-
*/
288-
intlibinjection_sqli_fold(structlibinjection_sqli_state*sql_state);
289-
290-
/** The built-in default function to match fingerprints
291-
* and do false negative/positive analysis. This calls the following
292-
* two functions. With this, you over-ride one part or the other.
293-
*
294-
* return libinjection_sqli_blacklist(sql_state) &&
295-
* libinject_sqli_not_whitelist(sql_state);
296-
*
297-
* \param sql_state should be filled out after libinjection_sqli_fingerprint is called
298-
*/
299-
intlibinjection_sqli_check_fingerprint(structlibinjection_sqli_state*sql_state);
300-
301-
/* Given a pattern determine if it's a SQLi pattern.
302-
*
303-
* \return TRUE if sqli, false otherwise
304-
*/
305-
intlibinjection_sqli_blacklist(structlibinjection_sqli_state*sql_state);
306-
307-
/* Given a positive match for a pattern (i.e. pattern is SQLi), this function
308-
* does additional analysis to reduce false positives.
36+
* Simple API for SQLi detection - returns a SQLi fingerprint or NULL
37+
* is benign input
30938
*
310-
* \return TRUE if sqli, false otherwise
39+
* \param[in] s input string, may contain nulls, does not need to be null-terminated
40+
* \param[in] slen input string length
41+
* \param[out] fingerprint buffer of 8+ characters. c-string,
42+
* \return 1 if SQLi, 0 if benign. fingerprint will be set or set to empty string.
31143
*/
312-
intlibinjection_sqli_not_whitelist(structlibinjection_sqli_state*sql_state);
44+
intlibinjection_sqli(constchar*s,size_tslen,charfingerprint[]);
31345

31446
#ifdef__cplusplus
31547
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp