-
Notifications
You must be signed in to change notification settings - Fork 13
Documentation mod_csrfprotector
typedef enum {
CSRFP_TRUE,
CSRFP_FALSE // Added CSRFP_ prefix to preven enum redeclaration error in OS X
} Flagenumerator for storing TRUE FALSE values for CSRFP
typedef enum {
forbidden,
strip,
redirect,
message,
internal_server_error
} csrfp_actions;enumerator lists the actions to be taken in case of failed validation
enumerator lists the state through which the output filter goes
typedef enum {
nmodified, // States Cookie Length not modified
modified // States Cookie Length modified
} Filter_Cookie_Length_State;enumerator lists the state of token cookie
structure structure of the csrfp configuration
structure structure of the csrfp output filter configuration
typedef struct getRuleNode {
ap_regex_t *pattern;
const char *patternString;
struct getRuleNode *next;
}structure linked list node for storing the GET rules
static const char *csrfp_strncasestr( const char * s1,
const char * s2,
int len )Similar to standard strstr() but case insensitive and lenght limitation (char which is not 0 terminated).
s1 - String to search in
s2 - Pattern to ind
len - Length of s1
char* pointer to the beginning of the substring s2 within s1, or NULL if the substring is not found
static char* getCurrentUrl( request_rec * r )Function to retrun current url
r - request_rec object
current url (char *)
static char* generateToken( request_rec * r,
int length )Function to generate a pseudo random no to function as CSRFP_TOKEN
r - request_rec object
length length of token to generate
token csrftoken ,string
static void setTokenCookie( request_rec * r,
sqlite3 * db )Function to append new CSRFP_TOKEN to output header
r - request_rec object
void
static char* getCookieToken( request_rec * r,
char * key )Function to return the token value from cookie
r - request_rec
CSRFP_TOKEN if exist in cookie, else null
static int validateToken( request_rec * r,
sqlite3 * db )Function to validate GET token, csrfp_token in GET query parameter
r - request_rec pointer
int, 0 for failed validation, 1 - for passed
static const char *getOutputContentType( request_rec * r )Returns content type of output generated by content generator
r - request_rec object
content type string
static csrfp_opf_ctx *csrfp_get_rctx( request_rec * r )Get or create (and init) the pre request context used by the output filter
r - request_rec object
context object for output filter ( csrfp_opf_ctx* )
static apr_bucket *csrfp_inject( request_rec * r,
apr_bucket_brigade * bb,
apr_bucket * b,
csrfp_opf_ctx * rctx,
const char * buf,
apr_size_t sz,
int flag )Injects a new bucket containing a reference to the javascript.
r - request_rec object
bb - bucket_brigade object b Bucket to split and insert date new bucket at the postion of the marker
rctx - Request context containing the state of the parser
buf - String representation of the bucket
sz - Position to split the bucket and insert the new content
flag - 0 - for <noscript> insertion, 1 for <script> insertion
Bucket to continue searching (at the marker)
static void logCSRFAttack( request_rec * r )Function to log an attack
r - request_rec object
void
static int failedValidationAction( request_rec * r )Returns appropriate status code, as per configuration For failed validation action
r - request_rec object
int status code for action
static int needvalidation( request_rec * r )Function to decide weather to validate current request Depending upon requested file, matched against ignore pattern
r - request_rec object
int, 1 if validation needed, 0 otherwise
static sqlite3 *csrfp_sql_init( request_rec * r )Function to initiate the sql process for code validation
r request_rec object
db, SQLITE database object on success
static int csrfp_sql_update_counter( request_rec * r,
sqlite3 * db )Function to add / Update counter value for reseeding
r - request_rec object
db - sqlite database object
integer, current counter
static int csrfp_sql_addn( request_rec * r,
sqlite3 * db,
const char * sessid,
const char * value )Function to add / Update token value in the db
r - request_rec object
db - sqlite database object
sessid - session id for this user value- value of the token
integer, SQLITE_OK on success
static void csrfp_sql_table_clean( request_rec * r,
sqlite3 * db )Function to clear expired tokens from db
r - request_rec object
db - sqlite database object
void
static int csrfp_header_parser( request_rec * r )Callback function for header parser by Hook Registering function
r - request_rec object
status code, int
static apr_status_t csrfp_out_filter( ap_filter_t * f,
apr_bucket_brigade * bb )Filters output generated by content generator and modify content
f - apache filter object
bb - apache brigade object
apr_status_t code
static void csrfp_insert_filter( request_rec * r )Registers in filter -- csrfp_in_filter
r - request_rec object
void