rack-libinjection 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.github/workflows/ci.yml +55 -0
- data/CHANGELOG.md +112 -0
- data/GET_STARTED.md +418 -0
- data/LICENSE-libinjection.txt +33 -0
- data/LICENSE.txt +21 -0
- data/README.md +68 -0
- data/SECURITY.md +65 -0
- data/ext/libinjection/extconf.rb +113 -0
- data/ext/libinjection/libinjection_ext.c +1132 -0
- data/ext/libinjection/vendor/libinjection/.vendored +5 -0
- data/ext/libinjection/vendor/libinjection/COPYING +33 -0
- data/ext/libinjection/vendor/libinjection/MIGRATION.md +393 -0
- data/ext/libinjection/vendor/libinjection/README.md +251 -0
- data/ext/libinjection/vendor/libinjection/src/libinjection.h +70 -0
- data/ext/libinjection/vendor/libinjection/src/libinjection_error.h +26 -0
- data/ext/libinjection/vendor/libinjection/src/libinjection_html5.c +830 -0
- data/ext/libinjection/vendor/libinjection/src/libinjection_html5.h +56 -0
- data/ext/libinjection/vendor/libinjection/src/libinjection_sqli.c +2342 -0
- data/ext/libinjection/vendor/libinjection/src/libinjection_sqli.h +297 -0
- data/ext/libinjection/vendor/libinjection/src/libinjection_sqli_data.h +9651 -0
- data/ext/libinjection/vendor/libinjection/src/libinjection_xss.c +1203 -0
- data/ext/libinjection/vendor/libinjection/src/libinjection_xss.h +23 -0
- data/lib/libinjection/version.rb +6 -0
- data/lib/libinjection.rb +31 -0
- data/lib/rack/libinjection.rb +586 -0
- data/lib/rack-libinjection.rb +3 -0
- data/samples/README.md +67 -0
- data/samples/libinjection_detect_raw_hot_path.rb +161 -0
- data/samples/rack_all_surfaces_hot_path.rb +198 -0
- data/samples/rack_params_hot_path.rb +166 -0
- data/samples/rack_query_hot_path.rb +176 -0
- data/samples/results/.gitkeep +0 -0
- data/script/fuzz_smoke.rb +39 -0
- data/script/vendor_libs.rb +227 -0
- data/test/test_helper.rb +7 -0
- data/test/test_libinjection.rb +223 -0
- data/test/test_middleware.rb +404 -0
- metadata +148 -0
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Copyright 2012-2016 Nick Galbreath
|
|
3
|
+
* nickg@client9.com
|
|
4
|
+
* BSD License -- see COPYING.txt for details
|
|
5
|
+
*
|
|
6
|
+
* https://libinjection.client9.com/
|
|
7
|
+
*
|
|
8
|
+
*/
|
|
9
|
+
|
|
10
|
+
#ifndef LIBINJECTION_H
|
|
11
|
+
#define LIBINJECTION_H
|
|
12
|
+
|
|
13
|
+
#ifdef __cplusplus
|
|
14
|
+
#define LIBINJECTION_BEGIN_DECLS extern "C" {
|
|
15
|
+
#define LIBINJECTION_END_DECLS }
|
|
16
|
+
#else
|
|
17
|
+
#define LIBINJECTION_BEGIN_DECLS
|
|
18
|
+
#define LIBINJECTION_END_DECLS
|
|
19
|
+
#endif
|
|
20
|
+
|
|
21
|
+
LIBINJECTION_BEGIN_DECLS
|
|
22
|
+
|
|
23
|
+
/*
|
|
24
|
+
* Pull in size_t
|
|
25
|
+
*/
|
|
26
|
+
#include <string.h>
|
|
27
|
+
|
|
28
|
+
/*
|
|
29
|
+
* Pull in injection_result_t
|
|
30
|
+
*/
|
|
31
|
+
#include "libinjection_error.h"
|
|
32
|
+
/*
|
|
33
|
+
* Version info.
|
|
34
|
+
*
|
|
35
|
+
* This is moved into a function to allow SWIG and other auto-generated
|
|
36
|
+
* binding to not be modified during minor release changes. We change
|
|
37
|
+
* change the version number in the c source file, and not regenerated
|
|
38
|
+
* the binding
|
|
39
|
+
*
|
|
40
|
+
* See python's normalized version
|
|
41
|
+
* http://www.python.org/dev/peps/pep-0386/#normalizedversion
|
|
42
|
+
*/
|
|
43
|
+
const char *libinjection_version(void);
|
|
44
|
+
|
|
45
|
+
/**
|
|
46
|
+
* Simple API for SQLi detection - returns a SQLi fingerprint or NULL
|
|
47
|
+
* is benign input
|
|
48
|
+
*
|
|
49
|
+
* \param[in] s input string, may contain nulls, does not need to be
|
|
50
|
+
* null-terminated \param[in] slen input string length \param[out] fingerprint
|
|
51
|
+
* buffer of 8+ characters. c-string, \return 1 if SQLi, 0 if benign.
|
|
52
|
+
* fingerprint will be set or set to empty string.
|
|
53
|
+
*/
|
|
54
|
+
injection_result_t libinjection_sqli(const char *s, size_t slen,
|
|
55
|
+
char fingerprint[]);
|
|
56
|
+
|
|
57
|
+
/** ALPHA version of xss detector.
|
|
58
|
+
*
|
|
59
|
+
* NOT DONE.
|
|
60
|
+
*
|
|
61
|
+
* \param[in] s input string, may contain nulls, does not need to be
|
|
62
|
+
* null-terminated \param[in] slen input string length \return 1 if XSS found, 0
|
|
63
|
+
* if benign
|
|
64
|
+
*
|
|
65
|
+
*/
|
|
66
|
+
injection_result_t libinjection_xss(const char *s, size_t slen);
|
|
67
|
+
|
|
68
|
+
LIBINJECTION_END_DECLS
|
|
69
|
+
|
|
70
|
+
#endif /* LIBINJECTION_H */
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* LibInjection Project
|
|
3
|
+
* BSD License -- see `COPYING.txt` for details
|
|
4
|
+
*
|
|
5
|
+
* https://github.com/libinjection/libinjection/
|
|
6
|
+
*
|
|
7
|
+
*/
|
|
8
|
+
|
|
9
|
+
#ifndef LIBINJECTION_ERROR_H
|
|
10
|
+
#define LIBINJECTION_ERROR_H
|
|
11
|
+
|
|
12
|
+
#ifdef __cplusplus
|
|
13
|
+
extern "C" {
|
|
14
|
+
#endif
|
|
15
|
+
|
|
16
|
+
typedef enum injection_result_t {
|
|
17
|
+
LIBINJECTION_RESULT_FALSE = 0,
|
|
18
|
+
LIBINJECTION_RESULT_TRUE = 1,
|
|
19
|
+
LIBINJECTION_RESULT_ERROR = -1
|
|
20
|
+
} injection_result_t;
|
|
21
|
+
|
|
22
|
+
#ifdef __cplusplus
|
|
23
|
+
}
|
|
24
|
+
#endif
|
|
25
|
+
|
|
26
|
+
#endif // LIBINJECTION_ERROR_H
|