First release of open-appsec source code

external/yajl/example/CMakeLists.txt

@@ -0,0 +1,23 @@
+# Copyright (c) 2007-2014, Lloyd Hilaiel <me@lloyd.io>
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+SET (SRCS parse_config.c)
+
+# use the library we build, duh.
+INCLUDE_DIRECTORIES(${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/include)
+LINK_DIRECTORIES(${CMAKE_CURRENT_BINARY_DIR}/../${YAJL_DIST_NAME}/lib)
+
+ADD_EXECUTABLE(parse_config ${SRCS})
+
+TARGET_LINK_LIBRARIES(parse_config yajl_s)

external/yajl/example/README.md

@@ -0,0 +1,7 @@
+This directory holds an example of how one might use yajl in the
+simplest possible way, to do something like parse and extract values
+from a configuration file.
+
+Note that use of the yajl_tree.h utility is completely optional, and
+yajl_parse.h offers a lower level stream parsing API that is more
+efficient and flexible at the cost of some complexity.

external/yajl/example/parse_config.c

@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2007-2014, Lloyd Hilaiel <me@lloyd.io>
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "yajl/yajl_tree.h"
+
+static unsigned char fileData[65536];
+
+int
+main(void)
+{
+    size_t rd;
+    yajl_val node;
+    char errbuf[1024];
+
+    /* null plug buffers */
+    fileData[0] = errbuf[0] = 0;
+
+    /* read the entire config file */
+    rd = fread((void *) fileData, 1, sizeof(fileData) - 1, stdin);
+
+    /* file read error handling */
+    if (rd == 0 && !feof(stdin)) {
+        fprintf(stderr, "error encountered on file read\n");
+        return 1;
+    } else if (rd >= sizeof(fileData) - 1) {
+        fprintf(stderr, "config file too big\n");
+        return 1;
+    }
+
+    /* we have the whole config file in memory.  let's parse it ... */
+    node = yajl_tree_parse((const char *) fileData, errbuf, sizeof(errbuf));
+
+    /* parse error handling */
+    if (node == NULL) {
+        fprintf(stderr, "parse_error: ");
+        if (strlen(errbuf)) fprintf(stderr, " %s", errbuf);
+        else fprintf(stderr, "unknown error");
+        fprintf(stderr, "\n");
+        return 1;
+    }
+
+    /* ... and extract a nested value from the config file */
+    {
+        const char * path[] = { "Logging", "timeFormat", (const char *) 0 };
+        yajl_val v = yajl_tree_get(node, path, yajl_t_string);
+        if (v) printf("%s/%s: %s\n", path[0], path[1], YAJL_GET_STRING(v));
+        else   printf("no such node: %s/%s\n", path[0], path[1]);
+    }
+
+    yajl_tree_free(node);
+
+    return 0;
+}

external/yajl/example/sample.config

@@ -0,0 +1,101 @@
+/*
+ * The configuration file for Yahoo! BrowserPlus, included in the YAJL
+ * tree as a sample configuration file for parsing.
+ *
+ * This is the configuration file for BrowserPlus
+ */
+
+{
+    // The type of build this is, which is accessible to JavaScript via
+    // BrowserPlus.getPlatformInfo(); 
+    // Different build types should only differ in signatures accepted
+    // (BrowserPlus.crt) and configured distribution servers.
+    "BuildType": "ephemeral",
+
+    // the base url for the "primary" distribution server.  This server will
+    // be the single source of truth for Permissions, and will used to 
+    // attain services
+    "DistServer": "http://browserplus.yahoo.com",
+
+    // An array of "secondary" distribution servers, which will be checked
+    // in order for services if the primary server has no components
+    // available which match an issued require statement.
+    "SecondaryDistServers": [
+      "http://first.fictional.server",
+      "http://second.fictional.server"
+    ],
+
+    // Logging Setup
+    "Logging" :
+    {
+        // Log level.  Values: "debug"|"info"|"warn"|"error"|"fatal"|"off"
+        "level": "BP_LOG_LEVEL",
+
+        // Destination.  Values: "file"|"console"|"win32"
+        "dest": "BP_LOG_DEST",
+
+        // Log message layout.  Values: "standard"|"source"|"raw"
+        "layout": "standard",
+
+        // Time format.  Values: "utc"|"local"|"msec"
+        "timeFormat": "utc",
+
+        // File size in KB which will trigger a rollover
+        "fileRolloverKB": 2048,
+
+        // Whether to send file logging from each service to a distinct file.
+        // Values: "combined"|"separate"
+        "serviceLogMode": "combined"
+    },
+
+    // Daemon setup
+    // Syntax: "Options": "option1 option2 etc"
+    // -fg        run in foreground, log to console
+    "Options":"",
+
+    // Auto-shutdown daemon if idle for this time.  Use 0 for no auto-shutdown.
+    "MaxIdleSecs": 5,
+
+    // At the end of each BrowserPlus session a small web request is made
+    // to yahoo to indicate that BrowserPlus was used.  This report includes
+    // * information about the browser being used
+    // * an "installation id", which is a unique token that's generated
+    //   the first time BrowserPlus runs.
+    //
+    // By design, there is *no information* in this request that gives
+    // Yahoo! information about:
+    //   a) the site that the user is visiting (see, "url": false)
+    //   b) who the user is (the installation token cannot be tracked to a
+    //      specific user).
+    //
+    // This information is primarily captured to help Yahoo! understand
+    // adoption and usage of the BrowserPlus platform.
+    "UsageReporting":
+    {
+       "enabled": true,
+       "url": false,
+       "id": true
+    },
+
+    // "Breakpoints" is an array of strings holding named breakpoints.
+    // Platform code checks for specific entries at certain key points, and if 
+    // a matching entry is found here a DebugBreak will be performed.
+    // For developers with Visual Studio installed, the DebugBreak will cause an
+    // opportunity to perform just-in-time attachment of an existing or new 
+    // debugger instance.
+    // The currently-defined breakpoints are listed below:
+    //      runServiceProcess - A DebugBreak is performed in the service 
+    //                          "harness" just prior to service load.
+    //      ax.FinalConstruct - A DebugBreak is performed at entry to 
+    //                          FinalConstruct of the ActiveX plugin.
+    //      PluginInit -        Very early in the NPAPI plugin initialization.
+    //                          A wonderful spot to stop and set more
+    //                          breakpoints.
+    //"Breakpoints": ["runServiceProcess"],
+
+    // How often we check for service updates.  We guarantee at least this
+	// much time will pass between checks, though the true time may be
+	// much more if sites which use browserplus are not visited.
+	// The time is in seconds.
+    "ServiceUpdatePollPeriod": 86400
+}