|
|
| version 1.115.2.12.2.22, 2003/04/08 08:10:26 | version 1.171, 2016/10/26 16:40:50 |
|---|---|
| Line 1 | Line 1 |
| /** @file | /** @file |
| Parser: String class part: untaint mechanizm. | Parser: String class part: untaint mechanizm. |
| Copyright(c) 2001-2003 ArtLebedev Group (http://www.artlebedev.com) | Copyright (c) 2001-2015 Art. Lebedev Studio (http://www.artlebedev.com) |
| Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru) | Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru) |
| */ | */ |
| static const char* IDENT_UNTAINT_C="$Date$"; | volatile const char * IDENT_UNTAINT_C="$Id$"; |
| #include "pa_string.h" | #include "pa_string.h" |
| Line 23 extern "C" { // author forgot to do that | Line 23 extern "C" { // author forgot to do that |
| #include "ec.h" | #include "ec.h" |
| } | } |
| #define PA_SQL | |
| #ifdef PA_SQL | |
| #include "pa_sql_connection.h" | #include "pa_sql_connection.h" |
| #endif | |
| // defines | // defines |
| #undef CORD_ec_append | #undef CORD_ec_append |
| // redefining to intercept flushes and implement whitespace optimization | // redefining to intercept flushes and implement whitespace optimization |
| // of all consequent white space chars leaving only first one | // of all consequent white space chars leaving only first one |
| Line 39 extern "C" { // author forgot to do that | Line 34 extern "C" { // author forgot to do that |
| { \ | { \ |
| bool skip=false; \ | bool skip=false; \ |
| if(optimize) switch(c) { \ | if(optimize) switch(c) { \ |
| case ' ': case '\r': case '\n': case '\t': \ | case ' ': case '\n': case '\t': \ |
| if(whitespace) \ | if(whitespace) \ |
| skip=true; /*skipping subsequent*/ \ | skip=true; /*skipping subsequent*/ \ |
| else \ | else \ |
| Line 57 extern "C" { // author forgot to do that | Line 52 extern "C" { // author forgot to do that |
| } \ | } \ |
| } | } |
| #define escape_fragment(action) \ | |
| #define escape(action) \ | for(; fragment_length--; CORD_next(info->pos)) { \ |
| for(; fragment_length--; CORD_next(pos)) { \ | char c=CORD_pos_fetch(info->pos); \ |
| char c=CORD_pos_fetch(pos); \ | |
| action \ | action \ |
| } | } |
| #define _default default: CORD_ec_append(result, c); break | |
| #define encode(need_encode_func, prefix, otherwise) \ | #define encode(need_encode_func, prefix, otherwise) \ |
| if(need_encode_func(c)) { \ | if(need_encode_func(c)) { \ |
| static const char* hex="0123456789ABCDEF"; \ | CORD_ec_append(info->result, prefix); \ |
| CORD_ec_append(result, prefix); \ | to_hex(c); \ |
| CORD_ec_append(result, hex[((unsigned char)c)/0x10]); \ | |
| CORD_ec_append(result, hex[((unsigned char)c)%0x10]); \ | |
| } else \ | } else \ |
| CORD_ec_append(result, otherwise); | CORD_ec_append(info->result, otherwise); |
| #define to_char(c) CORD_ec_append(result, c) | |
| #define to_string(s) CORD_ec_append_cord(result, s) | #define to_hex(c) \ |
| { \ | |
| CORD_ec_append(info->result, hex_digits[((unsigned char)c) >> 4]); \ | |
| CORD_ec_append(info->result, hex_digits[((unsigned char)c) & 0x0F]); \ | |
| } | |
| #define to_char(c) { CORD_ec_append(info->result, c); whitespace=false; } | |
| #define to_string(s) { CORD_ec_append_cord(info->result, (CORD)(s)); whitespace=false; } | |
| #define _default CORD_ec_append(info->result, c) | |
| inline bool need_file_encode(unsigned char c){ | inline bool need_file_encode(unsigned char c){ |
| // russian letters and space ENABLED | // russian letters and space ENABLED |
| // encoding only these... | // encoding only these... |
| return strchr( | return strchr( |
| "*?'\"<>|" | "*?\"<>|" |
| #ifndef WIN32 | #ifndef WIN32 |
| ":\\~" | ":\\" |
| #endif | #endif |
| , c)!=0; | , c)!=0; |
| } | } |
| inline bool need_uri_encode(unsigned char c){ | inline bool need_uri_encode(unsigned char c){ |
| if((c>='0') &&(c<='9') ||(c>='A') &&(c<='Z') ||(c>='a') &&(c<='z')) | return !(pa_isalnum(c) || strchr("_-./*", c)); |
| return false; | } |
| return !strchr("_-./", c); | inline bool need_regex_escape(unsigned char c){ |
| return strchr("\\^$.[]|()?*+{}-", c)!=0; | |
| } | } |
| inline bool need_http_header_encode(unsigned char c){ | |
| if(strchr(" , :", c)) | |
| return false; | |
| return need_uri_encode(c); | |
| } | |
| // | |
| static const char* String_Untaint_lang_name[]={ | |
| "U", ///< zero value handy for hash lookup @see untaint_lang_name2enum | |
| "C", ///< clean | |
| "T", ///< tainted, untaint language as assigned later | |
| // untaint languages. assigned by ^untaint[lang]{...} | |
| "P", | |
| /**< | |
| leave language built into string being appended. | |
| just a flag, that value not stored | |
| */ | |
| "A", ///< leave all characters intact | |
| "F", ///< file specification | |
| "H", ///< ext in HTTP response header | |
| "M", ///< text in mail header | |
| "URI", ///< text in uri | |
| "T", ///< ^table:set body | |
| "SQL", ///< ^table:sql body | |
| "JS", ///< JavaScript code | |
| "XML", ///< ^dom:set xml | |
| "HTML" ///< HTML code (for editing) | |
| }; | |
| inline bool need_parser_code_escape(unsigned char c){ | |
| return strchr("^$;@()[]{}:#\"", c)!=0; | |
| } | |
| // String | // String |
| /* | /* |
| HTTP-header = field-name ":" [ field-value ] CRLF | HTTP-header = field-name ":" [ field-value ] CRLF |
| field-name = token | field-name = token |
| field-value = *( field-content | LWS ) | field-value = *( field-content | LWS ) |
| field-content = <the OCTETs making up the field-value | field-content = <the OCTETs making up the field-value |
| and consisting of either *TEXT or combinations | and consisting of either *TEXT or combinations |
| of token, tspecials, and quoted-string> | of token, tspecials, and quoted-string> |
| word = token | quoted-string | |
| token = 1*<any CHAR except CTLs or tspecials> | token = 1*<any CHAR except CTLs or tspecials> |
| word = token | quoted-string | |
| quoted-string = ( <"> *(qdtext | quoted-pair ) <"> ) | |
| qdtext = <any TEXT except <">> | |
| quoted-pair = "\" CHAR | |
| OCTET = <any 8-bit sequence of data> | |
| CHAR = <any US-ASCII character (octets 0 - 127)> | |
| tspecials = "(" | ")" | "<" | ">" | "@" | tspecials = "(" | ")" | "<" | ">" | "@" |
| | "," | ";" | ":" | "\" | <"> | | "," | ";" | ":" | "\" | <"> |
| | "/" | "[" | "]" | "?" | "=" | | "/" | "[" | "]" | "?" | "=" |
| | "{" | "}" | SP | HT | | "{" | "}" | SP | HT |
| SP = <US-ASCII SP, space (32)> | SP = <US-ASCII SP, space (32)> |
| HT = <US-ASCII HT, horizontal-tab (9)> | HT = <US-ASCII HT, horizontal-tab (9)> |
| LWS = [CRLF] 1*( SP | HT ) | LWS = [CRLF] 1*( SP | HT ) |
| TEXT = <any OCTET except CTLs, | TEXT = <any OCTET except CTLs, but including LWS> |
| but including LWS> | CTL = <any US-ASCII control character (octets 0 - 31) and DEL (127)> |
| quoted-pair = "\" CHAR | |
| if(strchr("()<>@,;:\\\"/[]?={} \t", *ptr)) | if(strchr("()<>@,;:\\\"/[]?={} \t", *ptr)) |
| */ | */ |
| Line 167 inline bool need_quote_http_header(const | Line 142 inline bool need_quote_http_header(const |
| return false; | return false; |
| } | } |
| #ifndef DOXYGEN | |
| struct Append_fragment_info { | |
| String::Language lang; | |
| String::Languages* dest_languages; | |
| size_t dest_body_plan_length; | |
| }; | |
| #endif | |
| int append_fragment_optimizing(char alang, size_t asize, Append_fragment_info* info) { | |
| const String::Language lang=(String::Language)(unsigned char)alang; | |
| // main idea here: | |
| // tainted piece would get OPTIMIZED bit from 'lang' | |
| // clean piece would be marked OPTIMIZED manually | |
| // pieces with determined languages [not tainted|clean] would retain theirs langs | |
| info->dest_languages->append(info->dest_body_plan_length, | |
| lang==String::L_TAINTED? | |
| info->lang | |
| :lang==String::L_CLEAN? | |
| (String::Language)(String::L_CLEAN|String::L_OPTIMIZE_BIT) // ORing with OPTIMIZED flag | |
| :lang, | |
| asize); | |
| info->dest_body_plan_length+=asize; | |
| return 0; // 0=continue | |
| } | |
| int append_fragment_nonoptimizing(char alang, size_t asize, Append_fragment_info* info) { | |
| const String::Language lang=(String::Language)(unsigned char)alang; | |
| // The core idea: tainted pieces got marked with context's lang | |
| info->dest_languages->append(info->dest_body_plan_length, | |
| lang==String::L_TAINTED? | |
| info->lang | |
| :lang, | |
| asize); | |
| info->dest_body_plan_length+=asize; | |
| return 0; // 0=continue | |
| } | |
| /** | |
| appends to other String without language change | |
| */ | |
| String& String::append_to(String& dest) const { | |
| if(is_empty()) | |
| return dest; | |
| // first: fragment infos | |
| dest.langs.appendHelper(dest.body, langs, body); | |
| // next: letters | |
| dest.body<<body; | |
| ASSERT_STRING_INVARIANT(dest); | |
| return dest; | |
| } | |
| /** | /** |
| appends to other String, | appends to other String, |
| Line 174 inline bool need_quote_http_header(const | Line 204 inline bool need_quote_http_header(const |
| or marking ALL pieces of it with a @a lang when @a forced to, | or marking ALL pieces of it with a @a lang when @a forced to, |
| and propagating OPTIMIZE language bit. | and propagating OPTIMIZE language bit. |
| */ | */ |
| String& String::append_to(String& dest, Language lang, bool forced) const { | String& String::append_to(String& dest, Language ilang, bool forced) const { |
| if(is_empty()) | if(is_empty()) |
| return dest; | return dest; |
| // first: letters | // first: fragment infos |
| dest.body<<body; | |
| // next: fragment infos | |
| if(lang==L_PASS_APPENDED) // without language-chage string? | if(forced) //forcing passed lang? |
| dest.fragments.append(fragments); | dest.langs.appendHelper(dest.body, ilang, body); |
| else if(forced) //forcing passed lang? | else { |
| dest.fragments+=Fragment(lang, length()); | if(langs.opt.is_not_just_lang){ |
| else if(lang&L_OPTIMIZE_BIT) { | Append_fragment_info info={ilang, &dest.langs, dest.body.length()}; |
| Array_iterator<ArrayFragment::element_type> i(fragments); | langs.for_each(body, ilang&L_OPTIMIZE_BIT? |
| while(i.has_next()) { | append_fragment_optimizing |
| const Fragment fragment=i.next(); | :append_fragment_nonoptimizing, &info); |
| // main idea here: | } else { |
| // tainted piece would get OPTIMIZED bit from 'lang' | Language lang=langs.opt.lang; |
| // clean piece would be marked OPTIMIZED manually | // see append_fragment_* for explanation |
| // pieces with determined languages [not tainted|clean] would retain theirs langs | if(ilang&L_OPTIMIZE_BIT){ |
| dest.fragments+=Fragment(static_cast<Language>( | dest.langs.appendHelper(dest.body, |
| fragment.lang==L_TAINTED?lang:( | lang==String::L_TAINTED? |
| fragment.lang==L_CLEAN?L_CLEAN|L_OPTIMIZE_BIT: // ORing with OPTIMIZED flag | ilang |
| fragment.lang)), | :lang==String::L_CLEAN? |
| fragment.length); | (String::Language)(String::L_CLEAN|String::L_OPTIMIZE_BIT) |
| } | :lang, |
| } else { // The core idea: tainted pieces got marked with context's lang | body); |
| Array_iterator<ArrayFragment::element_type> i(fragments); | } else { |
| while(i.has_next()) { | dest.langs.appendHelper(dest.body, lang==String::L_TAINTED ? ilang:lang, body); |
| const Fragment fragment=i.next(); | } |
| dest.fragments+=Fragment( | |
| fragment.lang==L_TAINTED?lang:fragment.lang, | |
| fragment.length); | |
| } | } |
| } | } |
| // next: letters | |
| dest.body<<body; | |
| ASSERT_STRING_INVARIANT(dest); | |
| return dest; | return dest; |
| } | } |
| Line 242 RFC | Line 270 RFC |
| and without "_", or in would mean 0x20 | and without "_", or in would mean 0x20 |
| */ | */ |
| inline bool mail_header_char_valid_within_Qencoded(char c) { | inline bool mail_header_char_valid_within_Qencoded(char c) { |
| return c>='A' && c<='Z' | return (pa_isalnum((unsigned char)c) || strchr("!*+-/", c)); |
| || c>='a' && c<='Z' | } |
| || c>='0' && c<='9' | inline bool addr_spec_soon(const char *src) { |
| || strchr("!*+-/", c); | for(char c; (c=*src); src++) |
| if(c=='<') | |
| return true; | |
| else if(!(c==' ' || c=='\t')) | |
| return false; | |
| return false; | |
| } | } |
| /** | /** |
| RFC | RFC |
| Line 256 inline bool mail_header_char_valid_withi | Line 289 inline bool mail_header_char_valid_withi |
| inline bool mail_header_nonspace_char(char c) { | inline bool mail_header_nonspace_char(char c) { |
| return c != 0x20; | return c != 0x20; |
| } | } |
| inline void ec_append(CORD_ec& result, bool& optimize, bool& whitespace, CORD_pos pos, size_t size) { | inline void ec_append(CORD_ec& result, bool& optimize, bool& whitespace, CORD_pos pos, size_t size) { |
| while(size--) { | while(size--) { |
| CORD_ec_append(result, CORD_pos_fetch(pos)); | CORD_ec_append(result, CORD_pos_fetch(pos)); |
| CORD_next(pos); | CORD_next(pos); |
| } | } |
| } | } |
| inline void pa_CORD_pos_advance(CORD_pos pos, size_t size) { | inline void pa_CORD_pos_advance(CORD_pos pos, size_t n) { |
| while(true) { | while(true) { |
| size_t avail=CORD_pos_chars_left(pos); | long avail=CORD_pos_chars_left(pos); |
| if(avail==0) { | if(avail<=0) { |
| CORD_next(pos); | CORD_next(pos); |
| if(!--size) | if(!--n) |
| break; | break; |
| } else if(avail<size) { | } else if((size_t)avail<n) { |
| CORD_pos_advance(pos, avail); | CORD_pos_advance(pos, avail); |
| size-=avail; | n-=avail; |
| } else { // avail>=size | } else { // avail>=n |
| CORD_pos_advance(pos, size); | CORD_pos_advance(pos, n); |
| break; | break; |
| } | } |
| } | } |
| } | } |
| StringBody String::cstr_to_string_body(Language lang, | |
| SQL_Connection* connection, | |
| const Request_charsets *charsets) const { | |
| CORD_ec result; CORD_ec_init(result); | |
| CORD_pos pos; body.set_pos(pos, 0); | |
| bool whitespace=true; | |
| size_t fragment_begin=0; | |
| size_t fragment_end; | |
| for(Array_iterator<Fragment> i(fragments); i.has_next(); fragment_begin=fragment_end) { | |
| const Fragment fragment=i.next(); | |
| size_t fragment_length=fragment.length; | |
| fragment_end=fragment_begin+fragment_length; | |
| //fprintf(stderr, "%d, %d\n", fragment.lang, fragment.length); | |
| Language to_lang=lang==L_UNSPECIFIED?fragment.lang:lang; | |
| bool optimize=(to_lang & L_OPTIMIZE_BIT)!=0; | |
| if(!optimize) | |
| whitespace=false; | |
| switch(to_lang & ~L_OPTIMIZE_BIT) { | |
| case L_CLEAN: | |
| case L_TAINTED: | |
| case L_AS_IS: | |
| // clean piece | |
| // tainted piece, but undefined untaint language | |
| // for VString.as_double of tainted values | |
| // for ^process{body} evaluation | |
| // tainted, untaint language: as-is | #ifndef DOXYGEN |
| ec_append(result, optimize, whitespace, pos, fragment_length); | struct Cstr_to_string_body_block_info { |
| break; | // input |
| case L_FILE_SPEC: | String::Language lang; |
| // tainted, untaint language: file [name] | SQL_Connection* connection; |
| escape( | const Request_charsets* charsets; |
| // Macintosh has problems with small Russian letter 'r' | const String::Body* body; |
| if( c=='\xF0' && charsets && charsets->source().name()=="windows-1251" ) { | |
| // fixing that letter for most common charset | // output |
| to_char('p'); | CORD_ec result; |
| } else // fallback to default | |
| encode(need_file_encode, '_', c); | // private |
| ); | CORD_pos pos; |
| break; | size_t fragment_begin; |
| case L_URI: | bool whitespace; |
| // tainted, untaint language: uri | const char* exception; |
| { | }; |
| const char *fragment_str=body.mid(fragment_begin, fragment_length).cstr(); | #endif |
| // skip source [we use recoded version] | |
| pa_CORD_pos_advance(pos, fragment_length); | |
| const void *client_ptr; | |
| size_t client_size; | |
| if(charsets) | |
| Charset::transcode( | |
| charsets->source(), fragment_str, fragment_length, | |
| charsets->client(), client_ptr, client_size); | |
| else { | |
| client_ptr=fragment_str; | |
| client_size=fragment_length; | |
| } | |
| char c; | // @todo: replace info->body->mid with something that uses info->pos |
| for(const char* src=(const char* )client_ptr; c=*src++; ) | int cstr_to_string_body_block(String::Language to_lang, size_t fragment_length, Cstr_to_string_body_block_info* info) { |
| encode(need_uri_encode, '%', c); | bool& whitespace=info->whitespace; |
| } | size_t fragment_end=info->fragment_begin+fragment_length; |
| break; | //fprintf(stderr, "%d, %d =%s=\n", to_lang, fragment_length, info->body->cstr()); |
| case L_HTTP_HEADER: | |
| // tainted, untaint language: http-field-content-text | bool optimize=(to_lang & String::L_OPTIMIZE_BIT)!=0; |
| escape( | if(!optimize) |
| encode(need_uri_encode, '%', c); | whitespace=false; |
| switch(to_lang & ~String::L_OPTIMIZE_BIT) { | |
| case String::L_CLEAN: | |
| case String::L_TAINTED: | |
| case String::L_AS_IS: | |
| // clean piece | |
| // tainted piece, but undefined untaint language | |
| // for VString.as_double of tainted values | |
| // for ^process{body} evaluation | |
| // tainted, untaint language: as-is | |
| ec_append(info->result, optimize, whitespace, info->pos, fragment_length); | |
| break; | |
| case String::L_FILE_SPEC: | |
| // tainted, untaint language: file [name] | |
| { | |
| escape_fragment( | |
| encode(need_file_encode, '_', c); | |
| ); | ); |
| break; | } |
| case L_MAIL_HEADER: | break; |
| // tainted, untaint language: mail-header | case String::L_URI: |
| // http://www.ietf.org/rfc/rfc2047.txt | // tainted, untaint language: uri |
| if(charsets) { | { |
| size_t mail_size; | const char *fragment_str=info->body->mid(info->fragment_begin, fragment_length).cstr(); |
| const char *mail_ptr= | // skip source [we use recoded version] |
| body.mid(fragment_begin, mail_size=fragment_length).cstr(); | pa_CORD_pos_advance(info->pos, fragment_length); |
| // skip source [we use recoded version] | String::C output(fragment_str, fragment_length); |
| pa_CORD_pos_advance(pos, mail_size); | if(info->charsets) |
| output=Charset::transcode(output, info->charsets->source(), info->charsets->client()); | |
| const char* charset_name=charsets->mail().name().cstr(); | |
| // Subject: Re: parser3: =?koi8-r?Q?=D3=C5=CD=C9=CE=C1=D2?= | |
| bool to_quoted_printable=false; | |
| bool email=false; | char c; |
| uchar c; | for(const char* src=output.str; (c=*src++); ) |
| for(const char* src=mail_ptr; c=(uchar)*src++; ) { | encode(need_uri_encode, '%', c); |
| //RFC + An 'encoded-word' MUST NOT appear in any portion of an 'addr-spec'. | } |
| if(to_quoted_printable && (c==',' || c=='<')) { | break; |
| email=c=='<'; | case String::L_HTTP_HEADER: |
| to_string("?="); | // tainted, untaint language: http-field-content-text |
| to_quoted_printable=false; | escape_fragment(switch(c) { |
| case '\n': | |
| case '\r': to_string(" "); break; | |
| default: _default; break; | |
| }); | |
| break; | |
| case String::L_MAIL_HEADER: | |
| // tainted, untaint language: mail-header | |
| // http://www.ietf.org/rfc/rfc2047.txt | |
| if(info->charsets) { | |
| size_t mail_size; | |
| const char *mail_ptr= | |
| info->body->mid(info->fragment_begin, mail_size=fragment_length).cstr(); | |
| // skip source [we use recoded version] | |
| pa_CORD_pos_advance(info->pos, mail_size); | |
| const char* charset_name=info->charsets->mail().NAME().cstr(); | |
| // Subject: Re: parser3: =?koi8-r?Q?=D3=C5=CD=C9=CE=C1=D2?= | |
| bool to_quoted_printable=false; | |
| bool email=false; | |
| uchar c; | |
| for(const char* src=mail_ptr; (c=(uchar)*src++); ) { | |
| if(c=='\r' || c=='\n') | |
| c=' '; | |
| if(to_quoted_printable && (c==',' || c == '"' || addr_spec_soon(src-1/*position to 'c'*/))) { | |
| email=c=='<'; | |
| to_string("?="); | |
| to_quoted_printable=false; | |
| } | |
| //RFC + An 'encoded-word' MUST NOT appear in any portion of an 'addr-spec'. | |
| if(!email && ( | |
| ( !to_quoted_printable && (c & 0x80) ) // starting quote-printable-encoding on first 8bit char | |
| || ( to_quoted_printable && !mail_header_char_valid_within_Qencoded(c) ) | |
| )) { | |
| if(!to_quoted_printable) { | |
| to_string("=?"); | |
| to_string(charset_name); | |
| to_string("?Q?"); | |
| to_quoted_printable=true; | |
| } | } |
| if(!email && ( | encode(mail_header_nonspace_char, '=', '_'); |
| !to_quoted_printable && (c & 0x80) // starting quote-printable-encoding on first 8bit char | } else |
| || to_quoted_printable && !mail_header_char_valid_within_Qencoded(c) | to_char(c); |
| )) { | if(c=='>') |
| if(!to_quoted_printable) { | email=false; |
| to_string("=?"); | } |
| to_string(charset_name); | if(to_quoted_printable) // close |
| to_string("?Q?"); | to_string("?="); |
| to_quoted_printable=true; | |
| } | } else |
| encode(mail_header_nonspace_char, '=', '_'); | ec_append(info->result, optimize, whitespace, info->pos, fragment_length); |
| } else | break; |
| to_char(c); | case String::L_SQL: |
| if(c=='>') | // tainted, untaint language: sql |
| email=false; | if(info->connection) { |
| const char *fragment_str=info->body->mid(info->fragment_begin, fragment_length).cstr(); | |
| // skip source [we use recoded version] | |
| pa_CORD_pos_advance(info->pos, fragment_length); | |
| to_string(info->connection->quote(fragment_str, fragment_length)); | |
| } else { | |
| info->exception="untaint in SQL language failed - no connection specified"; | |
| info->fragment_begin=fragment_end; | |
| return 1; // stop processing. can't throw exception here | |
| } | |
| break; | |
| case String::L_JS: | |
| escape_fragment(switch(c) { | |
| case '\n': to_string("\\n"); break; | |
| case '"': to_string("\\\""); break; | |
| case '\'': to_string("\\'"); break; | |
| case '\\': to_string("\\\\"); break; | |
| case '\xFF': to_string("\\\xFF"); break; | |
| case '\r': to_string("\\r"); break; | |
| default: _default; break; | |
| }); | |
| break; | |
| case String::L_XML: | |
| // [2] Char ::= #x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF] | |
| escape_fragment(switch(c) { | |
| case '\x20': | |
| case '\x9': | |
| case '\xA': | |
| case '\xD': // this is usually removed on input | |
| _default; | |
| break; | |
| case '&': to_string("&"); break; | |
| case '>': to_string(">"); break; | |
| case '<': to_string("<"); break; | |
| case '"': to_string("""); break; | |
| case '\'': to_string("'"); break; | |
| default: | |
| if(((unsigned char)c)<0x20) { | |
| // fixing it, so that libxml would not result | |
| // in fatal error parsing text | |
| // though it really violates standard. | |
| // to indicate there were an error | |
| // replace bad char not to it's code, | |
| // which we can do, | |
| // but rather to '!' to show that input were actually | |
| // invalid. | |
| // life: shows that MSIE can somehow garble form values | |
| // so that they contain these chars. | |
| to_char('!'); | |
| } else { | |
| _default; | |
| } | } |
| if(to_quoted_printable) // close | break; |
| to_string("?="); | }); |
| break; | |
| } else | case String::L_HTML: |
| ec_append(result, optimize, whitespace, pos, fragment_length); | escape_fragment(switch(c) { |
| break; | case '&': to_string("&"); break; |
| case L_TABLE: | case '>': to_string(">"); break; |
| // tainted, untaint language: table | case '<': to_string("<"); break; |
| escape(switch(c) { | case '"': to_string("""); break; |
| case '\t': to_char(' '); break; | default: _default; break; |
| case '\n': to_char(' '); break; | }); |
| _default; | break; |
| }); | case String::L_REGEX: |
| break; | // tainted, untaint language: regex |
| #ifdef PA_SQL | escape_fragment( |
| case L_SQL: | if(need_regex_escape(c)) |
| // tainted, untaint language: sql | to_char('\\') |
| if(connection) { | _default; |
| const char *fragment_str=body.mid(fragment_begin, fragment_length).cstr(); | ); |
| break; | |
| case String::L_JSON: | |
| // tainted, untaint language: json <http://json.org/> | |
| // escape '"' '\' '/' '\n' '\t' '\r' '\b' '\f' chars and escape chars as \uXXXX if output charset != UTF-8 | |
| { | |
| if(info->charsets==NULL || info->charsets->client().isUTF8()){ | |
| // escaping to \uXXXX is not needed | |
| escape_fragment(switch((unsigned char)c) { | |
| case '\n': to_string("\\n"); break; | |
| case '"' : to_string("\\\""); break; | |
| case '\\': to_string("\\\\"); break; | |
| case '/' : to_string("\\/"); break; | |
| case '\t': to_string("\\t"); break; | |
| case '\r': to_string("\\r"); break; | |
| case '\b': to_string("\\b"); break; | |
| case '\f': to_string("\\f"); break; | |
| case 0xE2: // \u2028 and \u2029 (line/paragraph separators), check bug #1023 | |
| if(info->charsets && info->charsets->source().isUTF8() && fragment_length>=2){ | |
| CORD_next(info->pos); | |
| char c1=CORD_pos_fetch(info->pos); | |
| CORD_next(info->pos); | |
| char c2=CORD_pos_fetch(info->pos); | |
| if((unsigned char)c1 == 0x80 && ((unsigned char)c2 >= 0xA8 && (unsigned char)c2 <= 0xAF)){ | |
| to_string("\\u20"); | |
| to_hex(((unsigned char)c2-0x80)); | |
| } else { | |
| CORD_ec_append(info->result, c); | |
| CORD_ec_append(info->result, c1); | |
| CORD_ec_append(info->result, c2); | |
| } | |
| fragment_length-=2; | |
| } else { | |
| _default; | |
| } | |
| break; | |
| default: | |
| if((unsigned char)c < 0x20){ | |
| to_string("\\u00"); | |
| to_hex(c); | |
| } else { | |
| _default; | |
| } | |
| break; | |
| }); | |
| } else { | |
| const char *fragment_str=info->body->mid(info->fragment_begin, fragment_length).cstr(); | |
| // skip source [we use recoded version] | // skip source [we use recoded version] |
| pa_CORD_pos_advance(pos, fragment_length); | pa_CORD_pos_advance(info->pos, fragment_length); |
| to_string(Charset::escape_JSON(String::C(fragment_str, fragment_length), info->charsets->source()).str); | |
| to_string(connection->quote(fragment_str, fragment_length)); | } |
| } else | |
| throw Exception(0, | |
| 0, | |
| "untaint in SQL language failed - no connection specified"); | |
| break; | |
| #endif | |
| case L_JS: | |
| escape(switch(c) { | |
| case '"': to_string("\\\""); break; | |
| case '\'': to_string("\\'"); break; | |
| case '\n': to_string("\\n"); break; | |
| case '\\': to_string("\\\\"); break; | |
| case '\xFF': to_string("\\\xFF"); break; | |
| _default; | |
| }); | |
| break; | |
| case L_XML: | |
| escape(switch(c) { | |
| case '&': to_string("&"); break; | |
| case '>': to_string(">"); break; | |
| case '<': to_string("<"); break; | |
| case '"': to_string("""); break; | |
| case '\'': to_string("'"); break; | |
| _default; | |
| }); | |
| break; | |
| case L_HTML: | |
| escape(switch(c) { | |
| case '&': to_string("&"); break; | |
| case '>': to_string(">"); break; | |
| case '<': to_string("<"); break; | |
| case '"': to_string("""); break; | |
| _default; | |
| }); | |
| break; | |
| default: | |
| SAPI::die("unknown untaint language #%d", | |
| static_cast<int>(to_lang)); // should never | |
| break; // never | |
| } | } |
| break; | |
| case String::L_HTTP_COOKIE: | |
| // tainted, untaint language: cookie (3.3.0 and higher: %uXXXX in UTF-8) | |
| if(info->charsets) { | |
| const char *fragment_str=info->body->mid(info->fragment_begin, fragment_length).cstr(); | |
| // skip source [we use recoded version] | |
| pa_CORD_pos_advance(info->pos, fragment_length); | |
| to_string(Charset::escape(String::C(fragment_str, fragment_length), info->charsets->source()).str); | |
| } else | |
| ec_append(info->result, optimize, whitespace, info->pos, fragment_length); | |
| break; | |
| case String::L_PARSER_CODE: | |
| // for auto-untaint in process | |
| escape_fragment( | |
| if(need_parser_code_escape(c)) | |
| to_char('^'); | |
| _default; | |
| ); | |
| break; | |
| default: | |
| SAPI::abort("unknown untaint language #%d", | |
| static_cast<int>(to_lang)); // should never | |
| break; // never | |
| } | } |
| return StringBody(CORD_ec_to_cord(result)); | info->fragment_begin=fragment_end; |
| return 0; // 0=continue | |
| } | |
| String::Body String::cstr_to_string_body_taint(Language lang, SQL_Connection* connection, const Request_charsets *charsets) const { | |
| if(is_empty()) | |
| return String::Body(); | |
| Cstr_to_string_body_block_info info; | |
| // input | |
| info.lang=lang; | |
| info.connection=connection; | |
| info.charsets=charsets; | |
| info.body=&body; | |
| // output | |
| CORD_ec_init(info.result); | |
| // private | |
| body.set_pos(info.pos, 0); | |
| info.fragment_begin=0; | |
| info.exception=0; | |
| info.whitespace=true; | |
| cstr_to_string_body_block(lang, length(), &info); | |
| if(info.exception) | |
| throw Exception(0, | |
| 0, | |
| info.exception); | |
| return String::Body(CORD_ec_to_cord(info.result)); | |
| } | |
| int cstr_to_string_body_block_untaint(char alang, size_t fragment_length, Cstr_to_string_body_block_info* info){ | |
| const String::Language lang=(String::Language)(unsigned char)alang; | |
| // see append_fragment_* for explanation | |
| if(info->lang&String::L_OPTIMIZE_BIT) | |
| return cstr_to_string_body_block( | |
| lang==String::L_TAINTED? | |
| info->lang | |
| :lang==String::L_CLEAN? | |
| (String::Language)(String::L_CLEAN|String::L_OPTIMIZE_BIT) | |
| :lang, | |
| fragment_length, info); | |
| else | |
| return cstr_to_string_body_block(lang==String::L_TAINTED ? info->lang:lang, fragment_length, info); | |
| } | |
| String::Body String::cstr_to_string_body_untaint(Language lang, SQL_Connection* connection, const Request_charsets *charsets) const { | |
| if(is_empty()) | |
| return String::Body(); | |
| Cstr_to_string_body_block_info info; | |
| // input | |
| info.lang=lang; | |
| info.connection=connection; | |
| info.charsets=charsets; | |
| info.body=&body; | |
| // output | |
| CORD_ec_init(info.result); | |
| // private | |
| body.set_pos(info.pos, 0); | |
| info.fragment_begin=0; | |
| info.exception=0; | |
| info.whitespace=true; | |
| langs.for_each(body, cstr_to_string_body_block_untaint, &info); | |
| if(info.exception) | |
| throw Exception(0, | |
| 0, | |
| info.exception); | |
| return String::Body(CORD_ec_to_cord(info.result)); | |
| } | |
| const char* String::untaint_and_transcode_cstr(Language lang, const Request_charsets *charsets) const { | |
| if(charsets && &charsets->source() != &charsets->client()){ | |
| // Note: L_URI is allready transcoded during untaint, but transcode does not affect %XX | |
| return Charset::transcode(cstr_to_string_body_untaint(lang, 0, charsets), charsets->source(), charsets->client()).cstr(); | |
| } else | |
| return cstr_to_string_body_untaint(lang, 0, charsets).cstr(); | |
| } | } |