github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Updates the libinjection

Browse Source
This commit is contained in:
Felipe Zimmerle
2017-04-27 18:40:50 -03:00
parent 2c07a17fa3
commit a4724dfdab
7 changed files with 1155 additions and 699 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
apache2/libinjection/libinjection_sqli.h
View File

@@ -1,14 +1,14 @@
/**
* Copyright 2012, 2013 Nick Galbreath
* Copyright 2012-2016 Nick Galbreath
* nickg@client9.com
* BSD License -- see COPYING.txt for details
* BSD License -- see `COPYING.txt` for details
*
* https://libinjection.client9.com/
*
*/
#ifndef _LIBINJECTION_SQLI_H
#define _LIBINJECTION_SQLI_H
#ifndef LIBINJECTION_SQLI_H
#define LIBINJECTION_SQLI_H
#ifdef __cplusplus
extern "C" {
@@ -53,7 +53,7 @@ struct libinjection_sqli_token {
/* count:
* in type 'v', used for number of opening '@'
* but maybe unsed in other contexts
* but maybe used in other contexts
*/
int count;
@@ -63,7 +63,7 @@ struct libinjection_sqli_token {
typedef struct libinjection_sqli_token stoken_t;
/**
* Pointer to function, takes cstr input,
* Pointer to function, takes c-string input,
* returns '\0' for no match, else a char
*/
struct libinjection_sqli_state;
@@ -97,7 +97,7 @@ struct libinjection_sqli_state {
int flags;
/*
* pos is index in string we are at when tokenizing
* pos is the index in the string during tokenization
*/
size_t pos;
@@ -118,7 +118,7 @@ struct libinjection_sqli_state {
/*
* fingerprint pattern c-string
* +1 for ending null
* Mimimum of 8 bytes to add gcc's -fstack-protector to work
* Minimum of 8 bytes to add gcc's -fstack-protector to work
*/
char fingerprint[8];
@@ -156,7 +156,7 @@ struct libinjection_sqli_state {
*/
int stats_comment_c;
/* '#' operators or mysql EOL comments found
/* '#' operators or MySQL EOL comments found
*
*/
int stats_comment_hash;
@@ -208,8 +208,8 @@ void libinjection_sqli_init(struct libinjection_sqli_state* sql_state,
*/
int libinjection_is_sqli(struct libinjection_sqli_state* sql_state);
/* FOR H@CKERS ONLY
*
/* FOR HACKERS ONLY
* provides deep hooks into the decision making process
*/
void libinjection_sqli_callback(struct libinjection_sqli_state* sql_state,
ptr_lookup_fn fn,
@@ -269,7 +269,7 @@ int libinjection_sqli_fold(struct libinjection_sqli_state * sql_state);
* two functions. With this, you over-ride one part or the other.
*
* return libinjection_sqli_blacklist(sql_state) &&
* libinject_sqli_not_whitelist(sql_state);
* libinjection_sqli_not_whitelist(sql_state);
*
* \param sql_state should be filled out after libinjection_sqli_fingerprint is called
*/
@@ -284,7 +284,7 @@ int libinjection_sqli_blacklist(struct libinjection_sqli_state* sql_state);
/* Given a positive match for a pattern (i.e. pattern is SQLi), this function
* does additional analysis to reduce false positives.
*
* \return TRUE if sqli, false otherwise
* \return TRUE if SQLi, false otherwise
*/
int libinjection_sqli_not_whitelist(struct libinjection_sqli_state * sql_state);
@@ -292,4 +292,4 @@ int libinjection_sqli_not_whitelist(struct libinjection_sqli_state * sql_state);
}
#endif
#endif /* _LIBINJECTION_SQLI_H */
#endif /* LIBINJECTION_SQLI_H */