rack-libinjection 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.github/workflows/ci.yml +55 -0
- data/CHANGELOG.md +112 -0
- data/GET_STARTED.md +418 -0
- data/LICENSE-libinjection.txt +33 -0
- data/LICENSE.txt +21 -0
- data/README.md +68 -0
- data/SECURITY.md +65 -0
- data/ext/libinjection/extconf.rb +113 -0
- data/ext/libinjection/libinjection_ext.c +1132 -0
- data/ext/libinjection/vendor/libinjection/.vendored +5 -0
- data/ext/libinjection/vendor/libinjection/COPYING +33 -0
- data/ext/libinjection/vendor/libinjection/MIGRATION.md +393 -0
- data/ext/libinjection/vendor/libinjection/README.md +251 -0
- data/ext/libinjection/vendor/libinjection/src/libinjection.h +70 -0
- data/ext/libinjection/vendor/libinjection/src/libinjection_error.h +26 -0
- data/ext/libinjection/vendor/libinjection/src/libinjection_html5.c +830 -0
- data/ext/libinjection/vendor/libinjection/src/libinjection_html5.h +56 -0
- data/ext/libinjection/vendor/libinjection/src/libinjection_sqli.c +2342 -0
- data/ext/libinjection/vendor/libinjection/src/libinjection_sqli.h +297 -0
- data/ext/libinjection/vendor/libinjection/src/libinjection_sqli_data.h +9651 -0
- data/ext/libinjection/vendor/libinjection/src/libinjection_xss.c +1203 -0
- data/ext/libinjection/vendor/libinjection/src/libinjection_xss.h +23 -0
- data/lib/libinjection/version.rb +6 -0
- data/lib/libinjection.rb +31 -0
- data/lib/rack/libinjection.rb +586 -0
- data/lib/rack-libinjection.rb +3 -0
- data/samples/README.md +67 -0
- data/samples/libinjection_detect_raw_hot_path.rb +161 -0
- data/samples/rack_all_surfaces_hot_path.rb +198 -0
- data/samples/rack_params_hot_path.rb +166 -0
- data/samples/rack_query_hot_path.rb +176 -0
- data/samples/results/.gitkeep +0 -0
- data/script/fuzz_smoke.rb +39 -0
- data/script/vendor_libs.rb +227 -0
- data/test/test_helper.rb +7 -0
- data/test/test_libinjection.rb +223 -0
- data/test/test_middleware.rb +404 -0
- metadata +148 -0
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
#ifndef LIBINJECTION_HTML5
|
|
2
|
+
#define LIBINJECTION_HTML5
|
|
3
|
+
|
|
4
|
+
#ifdef __cplusplus
|
|
5
|
+
extern "C" {
|
|
6
|
+
#endif
|
|
7
|
+
|
|
8
|
+
/* pull in size_t */
|
|
9
|
+
|
|
10
|
+
#include <stddef.h>
|
|
11
|
+
|
|
12
|
+
#include "libinjection_error.h"
|
|
13
|
+
|
|
14
|
+
enum html5_type {
|
|
15
|
+
DATA_TEXT,
|
|
16
|
+
TAG_NAME_OPEN,
|
|
17
|
+
TAG_NAME_CLOSE,
|
|
18
|
+
TAG_NAME_SELFCLOSE,
|
|
19
|
+
TAG_DATA,
|
|
20
|
+
TAG_CLOSE,
|
|
21
|
+
ATTR_NAME,
|
|
22
|
+
ATTR_VALUE,
|
|
23
|
+
TAG_COMMENT,
|
|
24
|
+
DOCTYPE
|
|
25
|
+
};
|
|
26
|
+
|
|
27
|
+
enum html5_flags {
|
|
28
|
+
DATA_STATE,
|
|
29
|
+
VALUE_NO_QUOTE,
|
|
30
|
+
VALUE_SINGLE_QUOTE,
|
|
31
|
+
VALUE_DOUBLE_QUOTE,
|
|
32
|
+
VALUE_BACK_QUOTE
|
|
33
|
+
};
|
|
34
|
+
|
|
35
|
+
struct h5_state;
|
|
36
|
+
typedef int (*ptr_html5_state)(struct h5_state *);
|
|
37
|
+
|
|
38
|
+
typedef struct h5_state {
|
|
39
|
+
const char *s;
|
|
40
|
+
size_t len;
|
|
41
|
+
size_t pos;
|
|
42
|
+
int is_close;
|
|
43
|
+
ptr_html5_state state;
|
|
44
|
+
const char *token_start;
|
|
45
|
+
size_t token_len;
|
|
46
|
+
enum html5_type token_type;
|
|
47
|
+
} h5_state_t;
|
|
48
|
+
|
|
49
|
+
void libinjection_h5_init(h5_state_t *hs, const char *s, size_t len,
|
|
50
|
+
enum html5_flags);
|
|
51
|
+
injection_result_t libinjection_h5_next(h5_state_t *hs);
|
|
52
|
+
|
|
53
|
+
#ifdef __cplusplus
|
|
54
|
+
}
|
|
55
|
+
#endif
|
|
56
|
+
#endif
|