faml 0.3.1 → 0.3.2

data/vendor/houdini/buffer.h

@@ -0,0 +1,113 @@
+/*
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+#ifndef INCLUDE_buffer_h__
+#define INCLUDE_buffer_h__
+
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdarg.h>
+#include <sys/types.h>
+#include <stdint.h>
+
+typedef struct {
+	char *ptr;
+	size_t asize, size;
+} gh_buf;
+
+extern char gh_buf__initbuf[];
+extern char gh_buf__oom[];
+
+#define GH_BUF_INIT { gh_buf__initbuf, 0, 0 }
+
+/**
+ * Initialize a gh_buf structure.
+ *
+ * For the cases where GH_BUF_INIT cannot be used to do static
+ * initialization.
+ */
+extern void gh_buf_init(gh_buf *buf, size_t initial_size);
+
+/**
+ * Attempt to grow the buffer to hold at least `target_size` bytes.
+ *
+ * If the allocation fails, this will return an error.  If mark_oom is true,
+ * this will mark the buffer as invalid for future operations; if false,
+ * existing buffer content will be preserved, but calling code must handle
+ * that buffer was not expanded.
+ */
+extern int gh_buf_try_grow(gh_buf *buf, size_t target_size, bool mark_oom);
+
+/**
+ * Grow the buffer to hold at least `target_size` bytes.
+ *
+ * If the allocation fails, this will return an error and the buffer will be
+ * marked as invalid for future operations, invaliding contents.
+ *
+ * @return 0 on success or -1 on failure
+ */
+static inline int gh_buf_grow(gh_buf *buf, size_t target_size)
+{
+	return gh_buf_try_grow(buf, target_size, true);
+}
+
+extern void gh_buf_free(gh_buf *buf);
+extern void gh_buf_swap(gh_buf *buf_a, gh_buf *buf_b);
+
+/**
+ * Test if there have been any reallocation failures with this gh_buf.
+ *
+ * Any function that writes to a gh_buf can fail due to memory allocation
+ * issues.  If one fails, the gh_buf will be marked with an OOM error and
+ * further calls to modify the buffer will fail.  Check gh_buf_oom() at the
+ * end of your sequence and it will be true if you ran out of memory at any
+ * point with that buffer.
+ *
+ * @return false if no error, true if allocation error
+ */
+static inline bool gh_buf_oom(const gh_buf *buf)
+{
+	return (buf->ptr == gh_buf__oom);
+}
+
+
+static inline size_t gh_buf_len(const gh_buf *buf)
+{
+	return buf->size;
+}
+
+extern int gh_buf_cmp(const gh_buf *a, const gh_buf *b);
+
+extern void gh_buf_attach(gh_buf *buf, char *ptr, size_t asize);
+extern char *gh_buf_detach(gh_buf *buf);
+extern void gh_buf_copy_cstr(char *data, size_t datasize, const gh_buf *buf);
+
+static inline const char *gh_buf_cstr(const gh_buf *buf)
+{
+	return buf->ptr;
+}
+
+/*
+ * Functions below that return int value error codes will return 0 on
+ * success or -1 on failure (which generally means an allocation failed).
+ * Using a gh_buf where the allocation has failed with result in -1 from
+ * all further calls using that buffer.  As a result, you can ignore the
+ * return code of these functions and call them in a series then just call
+ * gh_buf_oom at the end.
+ */
+extern int gh_buf_set(gh_buf *buf, const char *data, size_t len);
+extern int gh_buf_sets(gh_buf *buf, const char *string);
+extern int gh_buf_putc(gh_buf *buf, char c);
+extern int gh_buf_put(gh_buf *buf, const void *data, size_t len);
+extern int gh_buf_puts(gh_buf *buf, const char *string);
+extern int gh_buf_printf(gh_buf *buf, const char *format, ...)
+	__attribute__((format (printf, 2, 3)));
+extern int gh_buf_vprintf(gh_buf *buf, const char *format, va_list ap);
+extern void gh_buf_clear(gh_buf *buf);
+
+#define gh_buf_PUTS(buf, str) gh_buf_put(buf, str, sizeof(str) - 1)
+
+#endif

data/vendor/houdini/houdini.h

@@ -0,0 +1,46 @@
+#ifndef __HOUDINI_H__
+#define __HOUDINI_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdint.h>
+#include "buffer.h"
+
+#define likely(x)       __builtin_expect((x),1)
+#define unlikely(x)     __builtin_expect((x),0)
+
+#ifdef HOUDINI_USE_LOCALE
+#	define _isxdigit(c) isxdigit(c)
+#	define _isdigit(c) isdigit(c)
+#else
+/*
+ * Helper _isdigit methods -- do not trust the current locale
+ * */
+#	define _isxdigit(c) (strchr("0123456789ABCDEFabcdef", (c)) != NULL)
+#	define _isdigit(c) ((c) >= '0' && (c) <= '9')
+#endif
+
+#define HOUDINI_ESCAPED_SIZE(x) (((x) * 12) / 10)
+#define HOUDINI_UNESCAPED_SIZE(x) (x)
+
+extern int houdini_escape_html(gh_buf *ob, const uint8_t *src, size_t size);
+extern int houdini_escape_html0(gh_buf *ob, const uint8_t *src, size_t size, int secure);
+extern int houdini_unescape_html(gh_buf *ob, const uint8_t *src, size_t size);
+extern int houdini_escape_xml(gh_buf *ob, const uint8_t *src, size_t size);
+extern int houdini_escape_uri(gh_buf *ob, const uint8_t *src, size_t size);
+extern int houdini_escape_uri_component(gh_buf *ob, const uint8_t *src, size_t size);
+extern int houdini_escape_url(gh_buf *ob, const uint8_t *src, size_t size);
+extern int houdini_escape_href(gh_buf *ob, const uint8_t *src, size_t size);
+extern int houdini_unescape_uri(gh_buf *ob, const uint8_t *src, size_t size);
+extern int houdini_unescape_uri_component(gh_buf *ob, const uint8_t *src, size_t size);
+extern int houdini_unescape_url(gh_buf *ob, const uint8_t *src, size_t size);
+extern int houdini_escape_js(gh_buf *ob, const uint8_t *src, size_t size);
+extern int houdini_unescape_js(gh_buf *ob, const uint8_t *src, size_t size);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif

data/vendor/houdini/houdini_href_e.c

@@ -0,0 +1,115 @@
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "houdini.h"
+
+/*
+ * The following characters will not be escaped:
+ *
+ *		-_.+!*'(),%#@?=;:/,+&$ alphanum
+ *
+ * Note that this character set is the addition of:
+ *
+ *	- The characters which are safe to be in an URL
+ *	- The characters which are *not* safe to be in
+ *	an URL because they are RESERVED characters.
+ *
+ * We asume (lazily) that any RESERVED char that
+ * appears inside an URL is actually meant to
+ * have its native function (i.e. as an URL 
+ * component/separator) and hence needs no escaping.
+ *
+ * There are two exceptions: the chacters & (amp)
+ * and ' (single quote) do not appear in the table.
+ * They are meant to appear in the URL as components,
+ * yet they require special HTML-entity escaping
+ * to generate valid HTML markup.
+ *
+ * All other characters will be escaped to %XX.
+ *
+ */
+static const char HREF_SAFE[] = {
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 
+	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 
+	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 
+	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 
+	0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 
+	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+};
+
+int
+houdini_escape_href(gh_buf *ob, const uint8_t *src, size_t size)
+{
+	static const uint8_t hex_chars[] = "0123456789ABCDEF";
+	size_t  i = 0, org;
+	uint8_t hex_str[3];
+
+	hex_str[0] = '%';
+
+	while (i < size) {
+		org = i;
+		while (i < size && HREF_SAFE[src[i]] != 0)
+			i++;
+
+		if (likely(i > org)) {
+			if (unlikely(org == 0)) {
+				if (i >= size)
+					return 0;
+
+				gh_buf_grow(ob, HOUDINI_ESCAPED_SIZE(size));
+			}
+
+			gh_buf_put(ob, src + org, i - org);
+		}
+
+		/* escaping */
+		if (i >= size)
+			break;
+
+		switch (src[i]) {
+		/* amp appears all the time in URLs, but needs
+		 * HTML-entity escaping to be inside an href */
+		case '&': 
+			gh_buf_PUTS(ob, "&amp;");
+			break;
+
+		/* the single quote is a valid URL character
+		 * according to the standard; it needs HTML
+		 * entity escaping too */
+		case '\'':
+			gh_buf_PUTS(ob, "&#x27;");
+			break;
+		
+		/* the space can be escaped to %20 or a plus
+		 * sign. we're going with the generic escape
+		 * for now. the plus thing is more commonly seen
+		 * when building GET strings */
+#if 0
+		case ' ':
+			gh_buf_putc(ob, '+');
+			break;
+#endif
+
+		/* every other character goes with a %XX escaping */
+		default:
+			hex_str[1] = hex_chars[(src[i] >> 4) & 0xF];
+			hex_str[2] = hex_chars[src[i] & 0xF];
+			gh_buf_put(ob, hex_str, 3);
+		}
+
+		i++;
+	}
+
+	return 1;
+}

data/vendor/houdini/houdini_html_e.c

@@ -0,0 +1,90 @@
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "houdini.h"
+
+/**
+ * According to the OWASP rules:
+ *
+ * & --> &amp;
+ * < --> &lt;
+ * > --> &gt;
+ * " --> &quot;
+ * ' --> &#x27;     &apos; is not recommended
+ * / --> &#x2F;     forward slash is included as it helps end an HTML entity
+ *
+ */
+static const char HTML_ESCAPE_TABLE[] = {
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 0, 1, 0, 0, 0, 2, 3, 0, 0, 0, 0, 0, 0, 0, 4, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0, 6, 0, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+};
+
+static const char *HTML_ESCAPES[] = {
+        "",
+        "&quot;",
+        "&amp;",
+        "&#39;",
+        "&#47;",
+        "&lt;",
+        "&gt;"
+};
+
+int
+houdini_escape_html0(gh_buf *ob, const uint8_t *src, size_t size, int secure)
+{
+	size_t  i = 0, org, esc = 0;
+
+	while (i < size) {
+		org = i;
+		while (i < size && (esc = HTML_ESCAPE_TABLE[src[i]]) == 0)
+			i++;
+
+		if (i > org) {
+			if (unlikely(org == 0)) {
+				if (i >= size)
+					return 0;
+
+				gh_buf_grow(ob, HOUDINI_ESCAPED_SIZE(size));
+			}
+
+			gh_buf_put(ob, src + org, i - org);
+		}
+
+		/* escaping */
+		if (unlikely(i >= size))
+			break;
+
+		/* The forward slash is only escaped in secure mode */
+		if (src[i] == '/' && !secure) {
+			gh_buf_putc(ob, '/');
+		} else {
+			gh_buf_puts(ob, HTML_ESCAPES[esc]);
+		}
+
+		i++;
+	}
+
+	return 1;
+}
+
+int
+houdini_escape_html(gh_buf *ob, const uint8_t *src, size_t size)
+{
+	return houdini_escape_html0(ob, src, size, 1);
+}
+

data/vendor/houdini/houdini_html_u.c

@@ -0,0 +1,122 @@
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "houdini.h"
+#include "html_unescape.h"
+
+static inline void
+gh_buf_put_utf8(gh_buf *ob, int c)
+{
+	unsigned char unichar[4];
+
+	if (c < 0x80) {
+		gh_buf_putc(ob, c);
+	}
+	else if (c < 0x800) {
+		unichar[0] = 192 + (c / 64);
+		unichar[1] = 128 + (c % 64);
+		gh_buf_put(ob, unichar, 2);
+	}
+	else if (c - 0xd800u < 0x800) {
+		gh_buf_putc(ob, '?');
+	}
+	else if (c < 0x10000) {
+		unichar[0] = 224 + (c / 4096);
+		unichar[1] = 128 + (c / 64) % 64;
+		unichar[2] = 128 + (c % 64);
+		gh_buf_put(ob, unichar, 3);
+	}
+	else if (c < 0x110000) {
+		unichar[0] = 240 + (c / 262144);
+		unichar[1] = 128 + (c / 4096) % 64;
+		unichar[2] = 128 + (c / 64) % 64;
+		unichar[3] = 128 + (c % 64);
+		gh_buf_put(ob, unichar, 4);
+	}
+	else {
+		gh_buf_putc(ob, '?');
+	}
+}
+
+static size_t
+unescape_ent(gh_buf *ob, const uint8_t *src, size_t size)
+{
+	size_t i = 0;
+
+	if (size > 3 && src[0] == '#') {
+		int codepoint = 0;
+
+		if (_isdigit(src[1])) {
+			for (i = 1; i < size && _isdigit(src[i]); ++i)
+				codepoint = (codepoint * 10) + (src[i] - '0');
+		}
+
+		else if (src[1] == 'x' || src[1] == 'X') {
+			for (i = 2; i < size && _isxdigit(src[i]); ++i)
+				codepoint = (codepoint * 16) + ((src[i] | 32) % 39 - 9);
+		}
+
+		if (i < size && src[i] == ';' && codepoint) {
+			gh_buf_put_utf8(ob, codepoint);
+			return i + 1;
+		}
+	}
+
+	else {
+		if (size > MAX_WORD_LENGTH)
+			size = MAX_WORD_LENGTH;
+
+		for (i = MIN_WORD_LENGTH; i < size; ++i) {
+			if (src[i] == ' ')
+				break;
+
+			if (src[i] == ';') {
+				const struct html_ent *entity = find_entity((char *)src, i);
+
+				if (entity != NULL) {
+					gh_buf_put(ob, entity->utf8, entity->utf8_len);
+					return i + 1;
+				}
+
+				break;
+			}
+		}
+	}
+
+	gh_buf_putc(ob, '&');
+	return 0;
+}
+
+int
+houdini_unescape_html(gh_buf *ob, const uint8_t *src, size_t size)
+{
+	size_t  i = 0, org;
+
+	while (i < size) {
+		org = i;
+		while (i < size && src[i] != '&')
+			i++;
+
+		if (likely(i > org)) {
+			if (unlikely(org == 0)) {
+				if (i >= size)
+					return 0;
+
+				gh_buf_grow(ob, HOUDINI_UNESCAPED_SIZE(size));
+			}
+
+			gh_buf_put(ob, src + org, i - org);
+		}
+
+		/* escaping */
+		if (i >= size)
+			break;
+
+		i++;
+		i += unescape_ent(ob, src + i, size - i);
+	}
+
+	return 1;
+}
+