Update libinjection to version 1.1.0

2025-09-30 03:34:29 +03:00 · 2013-05-04 12:41:22 +09:00
parent 3ca159e7be
commit ebcfe2c187
6 changed files with 562 additions and 95 deletions
--- a/apache2/libinjection/sqlparse.h
+++ b/apache2/libinjection/sqlparse.h
@@ -1,5 +1,5 @@
 /**
- * Copyright 2012, Nick Galbreath
+ * Copyright 2012, 2013 Nick Galbreath
 * nickg@client9.com
 * BSD License -- see COPYING.txt for details
 *
@@ -7,11 +7,15 @@
 * HOW TO USE:
 *
 *   // Normalize query or postvar value
- *   // ATTENTION: this modifies user_string... make copy if that is not ok
- *   size_t new_len = qs_normalize(user_string, user_string_len);
+ *   // If it comes in urlencoded, then it's up to you
+ *   // to urldecode it.  If it's in correct form already
+ *   // then nothing to do!
 *
 *   sfilter s;
- *   bool sqli = is_sqli(&s, user_string, new_len);
+ *   int sqli = is_sqli(&s, user_string, new_len);
+ *
+ *   // 0 = not sqli
+ *   // 1 = is sqli
 *
 *   // That's it!  sfilter s has some data on how it matched or not
 *   // details to come!
@@ -25,9 +29,20 @@
 extern "C" {
 #endif

+/*
+ * Version info.
+ * See python's normalized version
+ * http://www.python.org/dev/peps/pep-0386/#normalizedversion
+ */
+#define LIBINJECTION_VERSION "1.1.0"
+
 #define ST_MAX_SIZE 32
 #define MAX_TOKENS 5

+#define CHAR_NULL '\0'
+#define CHAR_SINGLE '\''
+#define CHAR_DOUBLE '"'
+
 typedef struct {
    char type;
    char str_open;
@@ -57,7 +72,7 @@ typedef struct {
    /* final sqli data */
    stoken_t tokenvec[MAX_TOKENS];

-    /*  +1 for possible ending null */
+    /*  +1 for ending null */
    char pat[MAX_TOKENS + 1];
    char delim;
    int reason;
@@ -69,12 +84,27 @@ typedef struct {
 typedef int (*ptr_fingerprints_fn)(const char*);

 /**
+ * Main API: tests for SQLi in three possible contexts, no quotes,
+ * single quote and double quote
 *
- *
- * \return TRUE if SQLi, FALSE is benign
+ * \return 1 (true) if SQLi, 0 (false) if benign
 */
 int is_sqli(sfilter * sql_state, const char *s, size_t slen,
-             ptr_fingerprints_fn fn);
+            ptr_fingerprints_fn fn);
+
+/**
+ * This detects SQLi in a single context, mostly useful for custom
+ * logic and debugging.
+ *
+ * \param delim must be "NULL" (no context), single quote or double quote.
+ *        Other values will likely be ignored.
+ *
+ * \return 1 (true) if SQLi, 0 (false) if not SQLi **in this context**
+ *
+ */
+int is_string_sqli(sfilter * sql_state, const char *s, size_t slen,
+                   const char delim,
+                   ptr_fingerprints_fn fn);

 #ifdef __cplusplus
 }