Introduce a blacklisting feature.

Do not send certain queries to the database. Modify the query to be invalid instead.
hanshasselberg · Aug 27, 2013 · e911be8 · RumataEstor · Jan 28, 2020 · RumataEstor
1 parent 2c1cb7f
commit e911be8
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 0 deletions.
diff --git a/Makefile b/Makefile
@@ -42,6 +42,7 @@ libusual_a_SOURCES = usual/config.h.in \
 	usual/heap.h usual/heap.c \
 	usual/list.h usual/list.c \
 	usual/logging.h usual/logging.c \
+	usual/blacklisting.h usual/blacklisting.c \
 	usual/mbuf.h usual/mbuf.c \
 	usual/mdict.h usual/mdict.c \
 	usual/mempool.h usual/mempool.c \

diff --git a/usual/blacklisting.c b/usual/blacklisting.c
@@ -0,0 +1,8 @@
+#include <usual/blacklisting.h>
+
+int cf_blacklist = 0;
+
+int blacklisting(void)
+{
+  return cf_blacklist;
+}
diff --git a/usual/blacklisting.h b/usual/blacklisting.h
@@ -0,0 +1,10 @@
+#ifndef _USUAL_BLACKLISTING_H_
+#define _USUAL_BLACKLISTING_H_
+
+#include <usual/base.h>
+
+extern int cf_blacklist;
+
+int blacklisting(void);
+
+#endif
diff --git a/usual/safeio.c b/usual/safeio.c
@@ -25,6 +25,7 @@
 
 #include <usual/socket.h>
 #include <usual/logging.h>
+#include <usual/blacklisting.h>
 #include <usual/string.h>
 #include <usual/time.h>
 
@@ -69,6 +70,13 @@ int safe_send(int fd, const void *buf, int len, int flags)
 	int res;
 	char ebuf[128];
 loop:
+  if (blacklisting()) {
+    if (memcmp(((char *)buf) + 5, "SELECT COUNT(*) FROM", 20) == 0) {
+      log_info("Canceling query: '%s'", ((char *)buf) + 5);
+      memcpy(((char *)buf) + 5, "SELECT 1 FROM 1337;--", 21);
+    }
+  }
+
 	res = send(fd, buf, len, flags);
 	if (res < 0 && errno == EINTR)
 		goto loop;