github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 16:06:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

libinjection sync

Browse Source
This commit is contained in:
Nick Galbreath 2013-10-18 14:18:55 +09:00
parent fcb6dc13ed
commit a5f175d79f
2 changed files with 44 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
apache2/libinjection/libinjection.h
View File

@ -14,13 +14,6 @@
extern "C" { extern "C" {
#endif #endif
/*
* Version info.
* See python's normalized version
* http://www.python.org/dev/peps/pep-0386/#normalizedversion
*/
#define LIBINJECTION_VERSION "3.7.1"
/** /**
* Libinjection's sqli module makes a "normalized" * Libinjection's sqli module makes a "normalized"
* value of the token. This is the maximum size * value of the token. This is the maximum size
@ -202,6 +195,20 @@ struct libinjection_sqli_token* libinjection_sqli_get_token(
typedef struct libinjection_sqli_state sfilter; typedef struct libinjection_sqli_state sfilter;
/*
* Version info.
*
* This is moved into a function to allow SWIG and other auto-generated
* binding to not be modified during minor release changes. We change
* change the version number in the c source file, and not regenerated
* the binding
*
* See python's normalized version
* http://www.python.org/dev/peps/pep-0386/#normalizedversion
*/
const char* libinjection_version();
/** /**
* *
*/ */

27
apache2/libinjection/libinjection_sqli.c
View File

@ -14,6 +14,8 @@
#include <assert.h> #include <assert.h>
#include <stddef.h> #include <stddef.h>
#define LIBINJECTION_VERSION "3.8.0"
#ifndef TRUE #ifndef TRUE
#define TRUE 1 #define TRUE 1
#endif #endif
@ -887,7 +889,7 @@ static size_t parse_word(struct libinjection_sqli_state * sf)
const char *cs = sf->s; const char *cs = sf->s;
size_t pos = sf->pos; size_t pos = sf->pos;
size_t wlen = strlencspn(cs + pos, sf->slen - pos, size_t wlen = strlencspn(cs + pos, sf->slen - pos,
" []{}<>:\\?=@!#~+-*/&|^%(),';\t\n\v\f\r\"\000"); " []{}<>:\\?=@!#~+-*/&|^%(),';\t\n\v\f\r\"\240\000");
st_assign(sf->current, TYPE_BAREWORD, pos, wlen, cs + pos); st_assign(sf->current, TYPE_BAREWORD, pos, wlen, cs + pos);
@ -1187,6 +1189,16 @@ static size_t parse_number(struct libinjection_sqli_state * sf)
return pos; return pos;
} }
/*
* API to return version. This allows us to increment the version
* without having to regenerated the SWIG (or other binding) in minor
* releases.
*/
const char* libinjection_version()
{
return LIBINJECTION_VERSION;
}
int libinjection_sqli_tokenize(struct libinjection_sqli_state * sf) int libinjection_sqli_tokenize(struct libinjection_sqli_state * sf)
{ {
pt2Function fnptr; pt2Function fnptr;
@ -1218,7 +1230,7 @@ int libinjection_sqli_tokenize(struct libinjection_sqli_state * sf)
/* /*
* get current character * get current character
*/ */
const unsigned ch = (unsigned int) (s[*pos]); const unsigned char ch = (unsigned int) (s[*pos]);
/* /*
* if not ascii, then continue... * if not ascii, then continue...
@ -1226,9 +1238,16 @@ int libinjection_sqli_tokenize(struct libinjection_sqli_state * sf)
* it's a string * it's a string
*/ */
if (ch > 127) { if (ch > 127) {
fnptr = parse_word;
} else {
/* 160 or 0xA0 or octal 240 is "latin1 non-breaking space"
* but is treated as a space in mysql.
*/
if (ch == 160) {
fnptr = parse_white;
} else {
fnptr = parse_word;
}
} else {
/* /*
* look up the parser, and call it * look up the parser, and call it
* *