github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

v3.1.0

Browse Source
This commit is contained in:
Nick Galbreath 2013-07-02 10:06:50 +09:00
parent 83fdf34dde
commit 9eca8b5ca1
3 changed files with 34 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
apache2/libinjection/libinjection.h
View File

@ -19,7 +19,7 @@ extern "C" {
* See python's normalized version * See python's normalized version
* http://www.python.org/dev/peps/pep-0386/#normalizedversion * http://www.python.org/dev/peps/pep-0386/#normalizedversion
*/ */
#define LIBINJECTION_VERSION "3.0.0" #define LIBINJECTION_VERSION "3.1.0"
/** /**
* Libinjection's sqli module makes a "normalized" * Libinjection's sqli module makes a "normalized"
@ -227,21 +227,31 @@ void libinjection_sqli_reset(sfilter* sql_state, int flags);
* *
* \param sql_state * \param sql_state
* *
* \return pointer to sfilter.pat as convience. * \returns a pointer to sfilter.fingerprint as convenience
* do not free! * do not free!
* *
*/ */
const char* libinjection_sqli_fingerprint(sfilter * sql_state, int flags); const char* libinjection_sqli_fingerprint(sfilter * sql_state, int flags);
/**
* The default "word" to token-type or fingerprint function. This
* uses a ASCII case-insensitive binary tree.
*/
char libinjection_sqli_lookup_word(sfilter *sql_state, int lookup_type, char libinjection_sqli_lookup_word(sfilter *sql_state, int lookup_type,
const char* s, size_t slen); const char* s, size_t slen);
/* Streaming tokenization interface.
*
* sql_state->current is updated with the current token.
*
* \returns 1, has a token, keep going, or 0 no tokens
*
*/
int libinjection_sqli_tokenize(sfilter * sql_state); int libinjection_sqli_tokenize(sfilter * sql_state);
/** The built-in default function to match fingerprints /** The built-in default function to match fingerprints
* and do false negative/positive analysis. This calls the following * and do false negative/positive analysis. This calls the following
* two functions. With this, you other-ride one part or the other. * two functions. With this, you over-ride one part or the other.
* *
* return libinjection_sqli_blacklist(sql_state) && * return libinjection_sqli_blacklist(sql_state) &&
* libinject_sqli_not_whitelist(sql_state); * libinject_sqli_not_whitelist(sql_state);

14
apache2/libinjection/libinjection_sqli.c
View File

@ -181,9 +181,10 @@ static int char_is_white(char ch) {
'\v' 0x0b \013 verical tab '\v' 0x0b \013 verical tab
'\f' 0x0c \014 new page '\f' 0x0c \014 new page
'\r' 0x0d \015 carriage return '\r' 0x0d \015 carriage return
0x00 \000 null (oracle)
0xa0 \240 is latin1 0xa0 \240 is latin1
*/ */
return strchr(" \t\n\v\f\r\240", ch) != NULL; return strchr(" \t\n\v\f\r\240\000", ch) != NULL;
} }
/* DANGER DANGER /* DANGER DANGER
@ -872,7 +873,7 @@ static size_t parse_word(sfilter * sf)
const char *cs = sf->s; const char *cs = sf->s;
size_t pos = sf->pos; size_t pos = sf->pos;
size_t wlen = strlencspn(cs + pos, sf->slen - pos, size_t wlen = strlencspn(cs + pos, sf->slen - pos,
" <>:\\?=@!#~+-*/&|^%(),';\t\n\v\f\r\""); " <>:\\?=@!#~+-*/&|^%(),';\t\n\v\f\r\"\000");
st_assign(sf->current, TYPE_BAREWORD, pos, wlen, cs + pos); st_assign(sf->current, TYPE_BAREWORD, pos, wlen, cs + pos);
@ -1125,6 +1126,15 @@ static size_t parse_number(sfilter * sf)
} }
} }
/* oracle's ending float or double suffix
* http://docs.oracle.com/cd/B19306_01/server.102/b14200/sql_elements003.htm#i139891
*/
if (pos < slen) {
if (cs[pos] == 'd' || cs[pos] == 'D' || cs[pos] == 'f' || cs[pos] == 'F') {
pos += 1;
}
}
st_assign(sf->current, TYPE_NUMBER, start, pos - start, cs + start); st_assign(sf->current, TYPE_NUMBER, start, pos - start, cs + start);
return pos; return pos;
} }

8
apache2/libinjection/libinjection_sqli_data.h
View File

@ -9686,6 +9686,7 @@ static const keyword_t sql_keywords[] = {
{"FROM_DAYS", 'f'}, {"FROM_DAYS", 'f'},
{"FROM_UNIXTIME", 'f'}, {"FROM_UNIXTIME", 'f'},
{"FULL OUTER", 'k'}, {"FULL OUTER", 'k'},
{"FULL OUTER JOIN", 'k'},
{"FULLTEXT", 'k'}, {"FULLTEXT", 'k'},
{"FULLTEXTCATALOGPROPERTY", 'f'}, {"FULLTEXTCATALOGPROPERTY", 'f'},
{"FULLTEXTSERVICEPROPERTY", 'f'}, {"FULLTEXTSERVICEPROPERTY", 'f'},
@ -9741,6 +9742,7 @@ static const keyword_t sql_keywords[] = {
{"INFILE", 'k'}, {"INFILE", 'k'},
{"INITCAP", 'f'}, {"INITCAP", 'f'},
{"INNER", 'k'}, {"INNER", 'k'},
{"INNER JOIN", 'k'},
{"INOUT", 'k'}, {"INOUT", 'k'},
{"INSENSITIVE", 'k'}, {"INSENSITIVE", 'k'},
{"INSERT", 'E'}, {"INSERT", 'E'},
@ -9808,6 +9810,7 @@ static const keyword_t sql_keywords[] = {
{"LEFT", 'n'}, {"LEFT", 'n'},
{"LEFT JOIN", 'k'}, {"LEFT JOIN", 'k'},
{"LEFT OUTER", 'k'}, {"LEFT OUTER", 'k'},
{"LEFT OUTER JOIN", 'k'},
{"LENGTH", 'f'}, {"LENGTH", 'f'},
{"LIKE", 'o'}, {"LIKE", 'o'},
{"LIMIT", 'B'}, {"LIMIT", 'B'},
@ -9874,6 +9877,8 @@ static const keyword_t sql_keywords[] = {
{"NATURAL INNER", 'k'}, {"NATURAL INNER", 'k'},
{"NATURAL JOIN", 'k'}, {"NATURAL JOIN", 'k'},
{"NATURAL LEFT", 'k'}, {"NATURAL LEFT", 'k'},
{"NATURAL LEFT OUTER", 'k'},
{"NATURAL LEFT OUTER JOIN", 'k'},
{"NATURAL OUTER", 'k'}, {"NATURAL OUTER", 'k'},
{"NATURAL RIGHT", 'k'}, {"NATURAL RIGHT", 'k'},
{"NETMASK", 'f'}, {"NETMASK", 'f'},
@ -10029,6 +10034,7 @@ static const keyword_t sql_keywords[] = {
{"RIGHT", 'n'}, {"RIGHT", 'n'},
{"RIGHT JOIN", 'k'}, {"RIGHT JOIN", 'k'},
{"RIGHT OUTER", 'k'}, {"RIGHT OUTER", 'k'},
{"RIGHT OUTER JOIN", 'k'},
{"RLIKE", 'o'}, {"RLIKE", 'o'},
{"ROUND", 'f'}, {"ROUND", 'f'},
{"ROW", 'f'}, {"ROW", 'f'},
@ -10317,5 +10323,5 @@ static const keyword_t sql_keywords[] = {
{"||", '&'}, {"||", '&'},
{"~*", 'o'}, {"~*", 'o'},
}; };
static const size_t sql_keywords_sz = 10150; static const size_t sql_keywords_sz = 10156;
#endif #endif