mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-15 23:55:03 +03:00
libinjection sync
This commit is contained in:
Nick Galbreath
parent
11217207e8
commit
f52242a013
@ -19,7 +19,7 @@ extern "C" {
|
|||||||
* See python's normalized version
|
* See python's normalized version
|
||||||
* http://www.python.org/dev/peps/pep-0386/#normalizedversion
|
* http://www.python.org/dev/peps/pep-0386/#normalizedversion
|
||||||
*/
|
*/
|
||||||
#define LIBINJECTION_VERSION "3.6.0"
|
#define LIBINJECTION_VERSION "3.7.0"
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Libinjection's sqli module makes a "normalized"
|
* Libinjection's sqli module makes a "normalized"
|
||||||
|
|||||||
@ -120,6 +120,23 @@ memchr2(const char *haystack, size_t haystack_len, char c0, char c1)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* memchr might not exist on some systems
|
||||||
|
*/
|
||||||
|
static const char*
|
||||||
|
my_memchr(const char* haystack, size_t hlen, int needle)
|
||||||
|
{
|
||||||
|
const char* cur;
|
||||||
|
const char* last = haystack + hlen;
|
||||||
|
for (cur = haystack; cur < last; ++cur) {
|
||||||
|
if (cur[0] == needle) {
|
||||||
|
return cur;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* memmem might not exist on some systems
|
||||||
*/
|
*/
|
||||||
static const char *
|
static const char *
|
||||||
my_memmem(const char* haystack, size_t hlen, const char* needle, size_t nlen)
|
my_memmem(const char* haystack, size_t hlen, const char* needle, size_t nlen)
|
||||||
@ -285,9 +302,11 @@ static void st_clear(stoken_t * st)
|
|||||||
static void st_assign_char(stoken_t * st, const char stype, size_t pos, size_t len,
|
static void st_assign_char(stoken_t * st, const char stype, size_t pos, size_t len,
|
||||||
const char value)
|
const char value)
|
||||||
{
|
{
|
||||||
|
/* done to elimiate unused warning */
|
||||||
|
(void)len;
|
||||||
st->type = (char) stype;
|
st->type = (char) stype;
|
||||||
st->pos = pos;
|
st->pos = pos;
|
||||||
st->len = len;
|
st->len = 1;
|
||||||
st->val[0] = value;
|
st->val[0] = value;
|
||||||
st->val[1] = CHAR_NULL;
|
st->val[1] = CHAR_NULL;
|
||||||
}
|
}
|
||||||
@ -299,7 +318,7 @@ static void st_assign(stoken_t * st, const char stype,
|
|||||||
size_t last = len < MSIZE ? len : (MSIZE - 1);
|
size_t last = len < MSIZE ? len : (MSIZE - 1);
|
||||||
st->type = (char) stype;
|
st->type = (char) stype;
|
||||||
st->pos = pos;
|
st->pos = pos;
|
||||||
st->len = len;
|
st->len = last;
|
||||||
memcpy(st->val, value, last);
|
memcpy(st->val, value, last);
|
||||||
st->val[last] = CHAR_NULL;
|
st->val[last] = CHAR_NULL;
|
||||||
}
|
}
|
||||||
@ -857,6 +876,25 @@ static size_t parse_xstring(struct libinjection_sqli_state *sf)
|
|||||||
return pos + 2 + wlen + 1;
|
return pos + 2 + wlen + 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This handles MS SQLSERVER bracket words
|
||||||
|
* http://stackoverflow.com/questions/3551284/sql-serverwhat-do-brackets-mean-around-column-name
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
static size_t parse_bword(struct libinjection_sqli_state * sf)
|
||||||
|
{
|
||||||
|
const char *cs = sf->s;
|
||||||
|
size_t pos = sf->pos;
|
||||||
|
const char* endptr = my_memchr(cs + pos, sf->slen - pos, ']');
|
||||||
|
if (endptr == NULL) {
|
||||||
|
st_assign(sf->current, TYPE_BAREWORD, pos, sf->slen - pos, cs + pos);
|
||||||
|
return sf->slen;
|
||||||
|
} else {
|
||||||
|
st_assign(sf->current, TYPE_BAREWORD, pos, (endptr - cs) - pos + 1, cs + pos);
|
||||||
|
return (endptr - cs) + 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
static size_t parse_word(struct libinjection_sqli_state * sf)
|
static size_t parse_word(struct libinjection_sqli_state * sf)
|
||||||
{
|
{
|
||||||
char ch;
|
char ch;
|
||||||
@ -865,7 +903,7 @@ static size_t parse_word(struct libinjection_sqli_state * sf)
|
|||||||
const char *cs = sf->s;
|
const char *cs = sf->s;
|
||||||
size_t pos = sf->pos;
|
size_t pos = sf->pos;
|
||||||
size_t wlen = strlencspn(cs + pos, sf->slen - pos,
|
size_t wlen = strlencspn(cs + pos, sf->slen - pos,
|
||||||
" {}<>:\\?=@!#~+-*/&|^%(),';\t\n\v\f\r\"\000");
|
" []{}<>:\\?=@!#~+-*/&|^%(),';\t\n\v\f\r\"\000");
|
||||||
|
|
||||||
st_assign(sf->current, TYPE_BAREWORD, pos, wlen, cs + pos);
|
st_assign(sf->current, TYPE_BAREWORD, pos, wlen, cs + pos);
|
||||||
|
|
||||||
@ -1720,8 +1758,7 @@ int libinjection_sqli_fold(struct libinjection_sqli_state * sf)
|
|||||||
(sf->tokenvec[left+2].type == TYPE_NUMBER ||
|
(sf->tokenvec[left+2].type == TYPE_NUMBER ||
|
||||||
sf->tokenvec[left+2].type == TYPE_BAREWORD ||
|
sf->tokenvec[left+2].type == TYPE_BAREWORD ||
|
||||||
sf->tokenvec[left+2].type == TYPE_VARIABLE ||
|
sf->tokenvec[left+2].type == TYPE_VARIABLE ||
|
||||||
sf->tokenvec[left+2].type == TYPE_STRING ||
|
sf->tokenvec[left+2].type == TYPE_STRING)) {
|
||||||
sf->tokenvec[left+2].type == TYPE_FUNCTION )) {
|
|
||||||
/*
|
/*
|
||||||
* interesting case turn ", -1" ->> ",1" PLUS we need to back up
|
* interesting case turn ", -1" ->> ",1" PLUS we need to back up
|
||||||
* one token if possible to see if more folding can be done
|
* one token if possible to see if more folding can be done
|
||||||
@ -1735,6 +1772,19 @@ int libinjection_sqli_fold(struct libinjection_sqli_state * sf)
|
|||||||
assert(pos >= 3);
|
assert(pos >= 3);
|
||||||
pos -= 3;
|
pos -= 3;
|
||||||
continue;
|
continue;
|
||||||
|
} else if (sf->tokenvec[left].type == TYPE_COMMA &&
|
||||||
|
st_is_unary_op(&sf->tokenvec[left+1]) &&
|
||||||
|
sf->tokenvec[left+2].type == TYPE_FUNCTION) {
|
||||||
|
|
||||||
|
/* Seperate case from above since you end up with
|
||||||
|
* 1,-sin(1) --> 1 (1)
|
||||||
|
* Here, just do
|
||||||
|
* 1,-sin(1) --> 1,sin(1)
|
||||||
|
* just remove unary opartor
|
||||||
|
*/
|
||||||
|
st_copy(&sf->tokenvec[left+1], &sf->tokenvec[left+2]);
|
||||||
|
pos -= 1;
|
||||||
|
continue;
|
||||||
} else if ((sf->tokenvec[left].type == TYPE_BAREWORD) &&
|
} else if ((sf->tokenvec[left].type == TYPE_BAREWORD) &&
|
||||||
(sf->tokenvec[left+1].type == TYPE_DOT) &&
|
(sf->tokenvec[left+1].type == TYPE_DOT) &&
|
||||||
(sf->tokenvec[left+2].type == TYPE_BAREWORD)) {
|
(sf->tokenvec[left+2].type == TYPE_BAREWORD)) {
|
||||||
@ -2132,10 +2182,10 @@ static int reparse_as_mysql(struct libinjection_sqli_state * sql_state)
|
|||||||
/*
|
/*
|
||||||
* This function is mostly use with SWIG
|
* This function is mostly use with SWIG
|
||||||
*/
|
*/
|
||||||
struct libinjection_sqli_token* libinjection_sqli_get_token(struct libinjection_sqli_state * sql_state,
|
struct libinjection_sqli_token*
|
||||||
int i)
|
libinjection_sqli_get_token(struct libinjection_sqli_state * sql_state, int i)
|
||||||
{
|
{
|
||||||
if (i < 0 || i > (int) strlen(sql_state->fingerprint)) {
|
if (i < 0 || i > LIBINJECTION_SQLI_MAX_TOKENS) {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
return &(sql_state->tokenvec[i]);
|
return &(sql_state->tokenvec[i]);
|
||||||
|
|||||||
@ -30,6 +30,7 @@ static size_t parse_nqstring(sfilter * sf);
|
|||||||
static size_t parse_xstring(sfilter * sf);
|
static size_t parse_xstring(sfilter * sf);
|
||||||
static size_t parse_bstring(sfilter * sf);
|
static size_t parse_bstring(sfilter * sf);
|
||||||
static size_t parse_estring(sfilter * sf);
|
static size_t parse_estring(sfilter * sf);
|
||||||
|
static size_t parse_bword(sfilter * sf);
|
||||||
|
|
||||||
|
|
||||||
typedef size_t (*pt2Function)(sfilter *sf);
|
typedef size_t (*pt2Function)(sfilter *sf);
|
||||||
@ -125,7 +126,7 @@ static const pt2Function char_parse_map[] = {
|
|||||||
&parse_xstring, /* 88 */
|
&parse_xstring, /* 88 */
|
||||||
&parse_word, /* 89 */
|
&parse_word, /* 89 */
|
||||||
&parse_word, /* 90 */
|
&parse_word, /* 90 */
|
||||||
&parse_other, /* 91 */
|
&parse_bword, /* 91 */
|
||||||
&parse_backslash, /* 92 */
|
&parse_backslash, /* 92 */
|
||||||
&parse_other, /* 93 */
|
&parse_other, /* 93 */
|
||||||
&parse_operator1, /* 94 */
|
&parse_operator1, /* 94 */
|
||||||
@ -618,6 +619,8 @@ static const keyword_t sql_keywords[] = {
|
|||||||
{"01&VU;", 'F'},
|
{"01&VU;", 'F'},
|
||||||
{"01&VUC", 'F'},
|
{"01&VUC", 'F'},
|
||||||
{"01&VUE", 'F'},
|
{"01&VUE", 'F'},
|
||||||
|
{"01(EF(", 'F'},
|
||||||
|
{"01(EKF", 'F'},
|
||||||
{"01(EKN", 'F'},
|
{"01(EKN", 'F'},
|
||||||
{"01(ENK", 'F'},
|
{"01(ENK", 'F'},
|
||||||
{"01(U(E", 'F'},
|
{"01(U(E", 'F'},
|
||||||
@ -3833,6 +3836,7 @@ static const keyword_t sql_keywords[] = {
|
|||||||
{"0N(1OF", 'F'},
|
{"0N(1OF", 'F'},
|
||||||
{"0N(1OS", 'F'},
|
{"0N(1OS", 'F'},
|
||||||
{"0N(1OV", 'F'},
|
{"0N(1OV", 'F'},
|
||||||
|
{"0N(EF(", 'F'},
|
||||||
{"0N(EKN", 'F'},
|
{"0N(EKN", 'F'},
|
||||||
{"0N(ENK", 'F'},
|
{"0N(ENK", 'F'},
|
||||||
{"0N(F()", 'F'},
|
{"0N(F()", 'F'},
|
||||||
@ -5525,6 +5529,8 @@ static const keyword_t sql_keywords[] = {
|
|||||||
{"0S&VU;", 'F'},
|
{"0S&VU;", 'F'},
|
||||||
{"0S&VUC", 'F'},
|
{"0S&VUC", 'F'},
|
||||||
{"0S&VUE", 'F'},
|
{"0S&VUE", 'F'},
|
||||||
|
{"0S(EF(", 'F'},
|
||||||
|
{"0S(EKF", 'F'},
|
||||||
{"0S(EKN", 'F'},
|
{"0S(EKN", 'F'},
|
||||||
{"0S(ENK", 'F'},
|
{"0S(ENK", 'F'},
|
||||||
{"0S(U(E", 'F'},
|
{"0S(U(E", 'F'},
|
||||||
@ -7713,6 +7719,8 @@ static const keyword_t sql_keywords[] = {
|
|||||||
{"0V&VU;", 'F'},
|
{"0V&VU;", 'F'},
|
||||||
{"0V&VUC", 'F'},
|
{"0V&VUC", 'F'},
|
||||||
{"0V&VUE", 'F'},
|
{"0V&VUE", 'F'},
|
||||||
|
{"0V(EF(", 'F'},
|
||||||
|
{"0V(EKF", 'F'},
|
||||||
{"0V(EKN", 'F'},
|
{"0V(EKN", 'F'},
|
||||||
{"0V(ENK", 'F'},
|
{"0V(ENK", 'F'},
|
||||||
{"0V(U(E", 'F'},
|
{"0V(U(E", 'F'},
|
||||||
@ -9871,5 +9879,5 @@ static const keyword_t sql_keywords[] = {
|
|||||||
{"||", '&'},
|
{"||", '&'},
|
||||||
{"~*", 'o'},
|
{"~*", 'o'},
|
||||||
};
|
};
|
||||||
static const size_t sql_keywords_sz = 9705;
|
static const size_t sql_keywords_sz = 9712;
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user