Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
initial version
  • Loading branch information
laruence committed Feb 13, 2012
1 parent 48a0b30 commit 27fa0d2
Show file tree
Hide file tree
Showing 8 changed files with 654 additions and 0 deletions.
1 change: 1 addition & 0 deletions CREDITS
@@ -0,0 +1 @@
taint
1 change: 1 addition & 0 deletions EXPERIMENTAL
@@ -0,0 +1 @@
Please do not enable this extension in product env.
1 change: 1 addition & 0 deletions README
@@ -0,0 +1 @@
TAINT is a php-ext used to detect XXS codes
8 changes: 8 additions & 0 deletions config.m4
@@ -0,0 +1,8 @@
dnl $Id$

PHP_ARG_ENABLE(taint, whether to enable taint support,
[ --enable-taint Enable taint support])

if test "$PHP_TAINT" != "no"; then
PHP_NEW_EXTENSION(taint, taint.c, $ext_shared)
fi
9 changes: 9 additions & 0 deletions config.w32
@@ -0,0 +1,9 @@
// $Id$
// vim:ft=javascript

ARG_ENABLE("taint", "enable taint support", "no");

if (PHP_TAINT != "no") {
EXTENSION("taint", "taint.c");
}

83 changes: 83 additions & 0 deletions php_taint.h
@@ -0,0 +1,83 @@
/*
+----------------------------------------------------------------------+
| PHP Version 5 |
+----------------------------------------------------------------------+
| Copyright (c) 1997-2010 The PHP Group |
+----------------------------------------------------------------------+
| This source file is subject to version 3.01 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is |
| available through the world-wide-web at the following url: |
| http://www.php.net/license/3_01.txt |
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world-wide-web, please send a note to |
| license@php.net so we can mail you a copy immediately. |
+----------------------------------------------------------------------+
| Author: Xinchen Hui <laruence@php.net> |
+----------------------------------------------------------------------+
*/

/* $Id: header 297205 2010-03-30 21:09:07Z johannes $ */

#ifndef PHP_TAINT_H
#define PHP_TAINT_H

extern zend_module_entry taint_module_entry;
#define phpext_taint_ptr &taint_module_entry

#ifdef PHP_WIN32
#define PHP_TAINT_API __declspec(dllexport)
#else
#define PHP_TAINT_API
#endif

#ifdef ZTS
#include "TSRM.h"
#endif

#define PHP_TAINT_MAGIC_LENGTH sizeof(unsigned)
#define PHP_TAINT_MAGIC_NONE 0x00000000
#define PHP_TAINT_MAGIC_POSSIBLE 0x2A8FCC84
#define PHP_TAINT_MAGIC_UNTAINT 0x6C5E8F2D

#define TAINT_T(offset) (*(temp_variable *)((char *) execute_data->Ts + offset))
#define TAINT_CV(i) (EG(current_execute_data)->CVs[i])
#define TAINT_PZVAL_UNLOCK(z, f) taint_pzval_unlock_func(z, f, 1)
#define TAINT_PZVAL_UNLOCK_FREE(z) taint_pzval_unlock_free_func(z)
#define TAINT_CV_OF(i) (EG(current_execute_data)->CVs[i])
#define TAINT_CV_DEF_OF(i) (EG(active_op_array)->vars[i])

#define PHP_TAINT_MARK(zv, mark) *((unsigned *)(Z_STRVAL_P(zv) + Z_STRLEN_P(zv) + 1)) = (mark)
#define PHP_TAINT_POSSIBLE(zv) (*(unsigned *)(Z_STRVAL_P(zv) + Z_STRLEN_P(zv) + 1) == PHP_TAINT_MAGIC_POSSIBLE)
#define PHP_TAINT_UNTAINT(zv) (*(unsigned *)(Z_STRVAL_P(zv) + Z_STRLEN_P(zv) + 1) == PHP_TAINT_MAGIC_UNTAINT)

PHP_MINIT_FUNCTION(taint);
PHP_MSHUTDOWN_FUNCTION(taint);
PHP_RINIT_FUNCTION(taint);
PHP_RSHUTDOWN_FUNCTION(taint);
PHP_MINFO_FUNCTION(taint);

PHP_FUNCTION(untaint);
PHP_FUNCTION(is_taint);

ZEND_BEGIN_MODULE_GLOBALS(taint)
zend_bool enable;
int error_level;
ZEND_END_MODULE_GLOBALS(taint)

#ifdef ZTS
#define TAINT_G(v) TSRMG(taint_globals_id, zend_taint_globals *, v)
#else
#define TAINT_G(v) (taint_globals.v)
#endif

#endif /* PHP_TAINT_H */


/*
* Local variables:
* tab-width: 4
* c-basic-offset: 4
* End:
* vim600: noet sw=4 ts=4 fdm=marker
* vim<600: noet sw=4 ts=4
*/

0 comments on commit 27fa0d2

Please sign in to comment.