@@ -19,7 +19,7 @@ extern "C" {
1919 * See python's normalized version
2020 * http://www.python.org/dev/peps/pep-0386/#normalizedversion
2121 */
22- #define LIBINJECTION_VERSION "3.5.3 "
22+ #define LIBINJECTION_VERSION "3.6.0 "
2323
2424/**
2525 * Libinjection's sqli module makes a "normalized"
@@ -59,7 +59,7 @@ enum lookup_type {
5959LOOKUP_FINGERPRINT
6060};
6161
62- typedef struct {
62+ struct libinjection_sqli_token {
6363#ifdef SWIG
6464%immutable ;
6565#endif
@@ -81,8 +81,9 @@ typedef struct {
8181int count ;
8282
8383char val [LIBINJECTION_SQLI_TOKEN_SIZE ];
84- }stoken_t ;
84+ };
8585
86+ typedef struct libinjection_sqli_token stoken_t ;
8687
8788/**
8889 * Pointer to function, takes cstr input,
@@ -91,7 +92,7 @@ typedef struct {
9192struct libinjection_sqli_state ;
9293typedef char (* ptr_lookup_fn )(struct libinjection_sqli_state * ,int lookuptype ,const char * word ,size_t len );
9394
94- typedef struct libinjection_sqli_state {
95+ struct libinjection_sqli_state {
9596#ifdef SWIG
9697%immutable ;
9798#endif
@@ -123,15 +124,19 @@ typedef struct libinjection_sqli_state {
123124 */
124125size_t pos ;
125126
127+ #ifndef SWIG
128+ /* for SWIG.. don't use this.. use functional API instead */
129+
126130/* MAX TOKENS + 1 since we use one extra token
127131 * to determine the type of the previous token
128132 */
129- stoken_t tokenvec [LIBINJECTION_SQLI_BUFFER_SZ ];
133+ struct libinjection_sqli_token tokenvec [LIBINJECTION_SQLI_BUFFER_SZ ];
134+ #endif
130135
131136/*
132137 * Pointer to token position in tokenvec, above
133138 */
134- stoken_t * current ;
139+ struct libinjection_sqli_token * current ;
135140
136141/*
137142 * fingerprint pattern c-string
@@ -189,12 +194,18 @@ typedef struct libinjection_sqli_state {
189194 */
190195int stats_tokens ;
191196
192- }sfilter ;
197+ };
198+
199+ struct libinjection_sqli_token * libinjection_sqli_get_token (
200+ struct libinjection_sqli_state * sqlistate ,int i );
201+
202+
203+ typedef struct libinjection_sqli_state sfilter ;
193204
194205/**
195206 *
196207 */
197- void libinjection_sqli_init (sfilter * sql_state ,
208+ void libinjection_sqli_init (struct libinjection_sqli_state * sql_state ,
198209const char * s ,size_t slen ,
199210int flags );
200211
@@ -212,18 +223,21 @@ void libinjection_sqli_init(sfilter* sql_state,
212223 *
213224 * \return 1 (true) if SQLi, 0 (false) if benign
214225 */
215- int libinjection_is_sqli (sfilter * sql_state );
226+ int libinjection_is_sqli (struct libinjection_sqli_state * sql_state );
216227
217228/* FOR H@CKERS ONLY
218229 *
219230 */
220- void libinjection_sqli_callback (sfilter * sql_state ,ptr_lookup_fn fn ,void * userdata );
231+ void libinjection_sqli_callback (struct libinjection_sqli_state * sql_state ,
232+ ptr_lookup_fn fn ,
233+ void * userdata );
221234
222235
223236/*
224237 * Resets state, but keeps initial string and callbacks
225238 */
226- void libinjection_sqli_reset (sfilter * sql_state ,int flags );
239+ void libinjection_sqli_reset (struct libinjection_sqli_state * sql_state ,
240+ int flags );
227241
228242/**
229243 *
@@ -239,14 +253,17 @@ void libinjection_sqli_reset(sfilter* sql_state, int flags);
239253 * do not free!
240254 *
241255 */
242- const char * libinjection_sqli_fingerprint (sfilter * sql_state ,int flags );
256+ const char * libinjection_sqli_fingerprint (struct libinjection_sqli_state * sql_state ,
257+ int flags );
243258
244259/**
245260 * The default "word" to token-type or fingerprint function. This
246261 * uses a ASCII case-insensitive binary tree.
247262 */
248- char libinjection_sqli_lookup_word (sfilter * sql_state ,int lookup_type ,
249- const char * s ,size_t slen );
263+ char libinjection_sqli_lookup_word (struct libinjection_sqli_state * sql_state ,
264+ int lookup_type ,
265+ const char * s ,
266+ size_t slen );
250267
251268/* Streaming tokenization interface.
252269 *
@@ -255,13 +272,13 @@ char libinjection_sqli_lookup_word(sfilter *sql_state, int lookup_type,
255272 * \returns 1, has a token, keep going, or 0 no tokens
256273 *
257274 */
258- int libinjection_sqli_tokenize (sfilter * sql_state );
275+ int libinjection_sqli_tokenize (struct libinjection_sqli_state * sql_state );
259276
260277/**
261278 * parses and folds input, up to 5 tokens
262279 *
263280 */
264- int libinjection_sqli_fold (sfilter * sql_state );
281+ int libinjection_sqli_fold (struct libinjection_sqli_state * sql_state );
265282
266283/** The built-in default function to match fingerprints
267284 * and do false negative/positive analysis. This calls the following
@@ -272,20 +289,20 @@ int libinjection_sqli_fold(sfilter * sql_state);
272289 *
273290 * \param sql_state should be filled out after libinjection_sqli_fingerprint is called
274291 */
275- int libinjection_sqli_check_fingerprint (sfilter * sql_state );
292+ int libinjection_sqli_check_fingerprint (struct libinjection_sqli_state * sql_state );
276293
277294/* Given a pattern determine if it's a SQLi pattern.
278295 *
279296 * \return TRUE if sqli, false otherwise
280297 */
281- int libinjection_sqli_blacklist (sfilter * sql_state );
298+ int libinjection_sqli_blacklist (struct libinjection_sqli_state * sql_state );
282299
283300/* Given a positive match for a pattern (i.e. pattern is SQLi), this function
284301 * does additional analysis to reduce false positives.
285302 *
286303 * \return TRUE if sqli, false otherwise
287304 */
288- int libinjection_sqli_not_whitelist (sfilter * sql_state );
305+ int libinjection_sqli_not_whitelist (struct libinjection_sqli_state * sql_state );
289306
290307#ifdef __cplusplus
291308}