Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support callback data for fingerprints function. #33

Closed
wants to merge 1 commit into from
Closed

support callback data for fingerprints function. #33

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
39 changes: 33 additions & 6 deletions c/sqlparse.c
View file
Open in desktop
Expand Up @@ -1166,6 +1166,13 @@ int filter_fold(sfilter * sf, stoken_t * sout)
return TRUE;
}

/** Trampoline to convert one argument function to two argument function.
*/
static int one_two_trampoline(const char *s, void *cbdata)
{
return ((ptr_fingerprints_fn)cbdata)(s);
}

/* secondary api: detects SQLi in a string, GIVEN a context.
*
* A context can be:
Expand All @@ -1177,7 +1184,17 @@ int filter_fold(sfilter * sf, stoken_t * sout)
*
*/
int is_string_sqli(sfilter * sql_state, const char *s, size_t slen,
const char delim, ptr_fingerprints_fn fn)
const char delim, ptr_fingerprints_fn fn)
{
return is_string_sqli2(
sql_state, s, slen,
delim,
&one_two_trampoline, fn
);
}

int is_string_sqli2(sfilter * sql_state, const char *s, size_t slen,
const char delim, ptr_fingerprints2_fn fn, void *cbdata)
{
int tlen = 0;
char ch;
Expand Down Expand Up @@ -1213,7 +1230,7 @@ int is_string_sqli(sfilter * sql_state, const char *s, size_t slen,
return TRUE;
}

patmatch = fn(sql_state->pat);
patmatch = fn(sql_state->pat, cbdata);

/*
* No match.
Expand Down Expand Up @@ -1380,7 +1397,16 @@ int is_string_sqli(sfilter * sql_state, const char *s, size_t slen,
int is_sqli(sfilter * sql_state, const char *s, size_t slen,
ptr_fingerprints_fn fn)
{
if (fn == NULL) {
fn = is_sqli_pattern;
}

return is_sqli2(sql_state, s, slen, &one_two_trampoline, fn);
}

int is_sqli2(sfilter * sql_state, const char *s, size_t slen,
ptr_fingerprints2_fn fn, void *cbdata)
{
/*
* no input? not sqli
*/
Expand All @@ -1389,13 +1415,14 @@ int is_sqli(sfilter * sql_state, const char *s, size_t slen,
}

if (fn == NULL) {
fn = is_sqli_pattern;
fn = &one_two_trampoline;
cbdata = is_sqli_pattern;
}

/*
* test input "as-is"
*/
if (is_string_sqli(sql_state, s, slen, CHAR_NULL, fn)) {
if (is_string_sqli2(sql_state, s, slen, CHAR_NULL, fn, cbdata)) {
return TRUE;
}

Expand All @@ -1409,15 +1436,15 @@ int is_sqli(sfilter * sql_state, const char *s, size_t slen,
*
*/
if (memchr(s, CHAR_SINGLE, slen)
&& is_string_sqli(sql_state, s, slen, CHAR_SINGLE, fn)) {
&& is_string_sqli2(sql_state, s, slen, CHAR_SINGLE, fn, cbdata)) {
return TRUE;
}

/*
* same as above but with a double-quote "
*/
if (memchr(s, CHAR_DOUBLE, slen)
&& is_string_sqli(sql_state, s, slen, CHAR_DOUBLE, fn)) {
&& is_string_sqli2(sql_state, s, slen, CHAR_DOUBLE, fn, cbdata)) {
return TRUE;
}

Expand Down
18 changes: 18 additions & 0 deletions c/sqlparse.h
View file
Open in desktop
Expand Up @@ -85,6 +85,11 @@ typedef struct {
*/
typedef int (*ptr_fingerprints_fn)(const char*);

/**
* Pointer to function, takes cstr input and callback data, return true/false
*/
typedef int (*ptr_fingerprints2_fn)(const char*, void *);

/**
* Main API: tests for SQLi in three possible contexts, no quotes,
* single quote and double quote
Expand All @@ -102,6 +107,12 @@ typedef int (*ptr_fingerprints_fn)(const char*);
int is_sqli(sfilter * sql_state, const char *s, size_t slen,
ptr_fingerprints_fn fn);

/**
* As is_sqli() but for two argument callback function.
**/
int is_sqli2(sfilter * sql_state, const char *s, size_t slen,
ptr_fingerprints2_fn fn, void *cbdata);

/**
* This detects SQLi in a single context, mostly useful for custom
* logic and debugging.
Expand All @@ -125,6 +136,13 @@ int is_string_sqli(sfilter * sql_state, const char *s, size_t slen,
const char delim,
ptr_fingerprints_fn fn);

/**
* As is_string_sqli2() but for two argument callback function.
**/
int is_string_sqli2(sfilter * sql_state, const char *s, size_t slen,
const char delim,
ptr_fingerprints2_fn fn, void *cbdata);

/**
* DEPRECATED -- HERE FOR BACKWARDS COMPATIBILITY
* This is the default lookup of a fingerprint
Expand Down