--- parser3/src/main/untaint.C 2009/09/10 12:31:43 1.154 +++ parser3/src/main/untaint.C 2010/10/28 21:49:46 1.158 @@ -5,7 +5,7 @@ Author: Alexandr Petrosian (http://paf.design.ru) */ -static const char * const IDENT_UNTAINT_C="$Date: 2009/09/10 12:31:43 $"; +static const char * const IDENT_UNTAINT_C="$Date: 2010/10/28 21:49:46 $"; #include "pa_string.h" @@ -85,14 +85,7 @@ inline bool need_uri_encode(unsigned cha if((c>='0') && (c<='9') || (c>='A') && (c<='Z') || (c>='a') && (c<='z')) return false; - return !strchr("_-./", c); -} - -inline bool need_http_header_encode(unsigned char c){ - if(strchr(" , :", c)) - return false; - - return need_uri_encode(c); + return !strchr("_-./*", c); } inline bool need_regex_escape(unsigned char c){ @@ -354,16 +347,23 @@ int cstr_to_string_body_block(String::La ); } break; - case String::L_FILE_POST: - { - escape_fragment(switch(c) { - case '\0': to_string("\\0"); break; - case '\\': to_string("\\\\"); break; - default: _default; break; - }); + case String::L_URI: + // tainted, untaint language: uri + { + const char *fragment_str=info->body->mid(info->fragment_begin, fragment_length).cstr(); + // skip source [we use recoded version] + pa_CORD_pos_advance(info->pos, fragment_length); + String::C output(fragment_str, fragment_length); + if(info->charsets) + output=Charset::transcode(output, + info->charsets->source(), + info->charsets->client()); + + char c; + for(const char* src=output.str; (c=*src++); ) + encode(need_uri_encode, '%', c); } break; - case String::L_URI: case String::L_HTTP_HEADER: // tainted, untaint language: http-field-content-text escape_fragment( @@ -493,6 +493,34 @@ int cstr_to_string_body_block(String::La _default; ); break; + case String::L_JSON: + // tainted, untaint language: json + // escape '"' '\' '/' '\n' '\t' '\r' '\b' '\f' chars and escape chars as \uXXXX if output charset != UTF-8 + { + if(info->charsets->client().isUTF8()){ + // escaping to \uXXXX is not needed + escape_fragment(switch(c) { + case '\n': to_string("\\n"); break; + case '"' : to_string("\\\""); break; + case '\\': to_string("\\\\"); break; + case '/' : to_string("\\/"); break; + case '\t': to_string("\\t"); break; + case '\r': to_string("\\r"); break; + case '\b': to_string("\\b"); break; + case '\f': to_string("\\f"); break; + default : _default; break; + }); + } else { + const char *fragment_str=info->body->mid(info->fragment_begin, fragment_length).cstr(); + // skip source [we use recoded version] + pa_CORD_pos_advance(info->pos, fragment_length); + String::C output(fragment_str, fragment_length); + + output=Charset::escape_JSON(output, info->charsets->source()); + to_string(output); + } + } + break; case String::L_HTTP_COOKIE: // tainted, untaint language: cookie (3.3.0 and higher: %uXXXX in UTF-8) { @@ -501,7 +529,7 @@ int cstr_to_string_body_block(String::La pa_CORD_pos_advance(info->pos, fragment_length); String::C output(fragment_str, fragment_length); - output=Charset::escape(output, info->charsets->client()); + output=Charset::escape(output, info->charsets->source()); //throw Exception(0, 0, output); to_string(output); @@ -552,7 +580,7 @@ String::Body String::cstr_to_string_body 0, info.exception); - return String::Body(CORD_ec_to_cord(info.result)); + return String::Body(CORD_ec_to_cord(info.result), info.fragment_begin); } int cstr_to_string_body_block_untaint(char alang, size_t fragment_length, Cstr_to_string_body_block_info* info){ @@ -595,64 +623,13 @@ String::Body String::cstr_to_string_body 0, info.exception); - return String::Body(CORD_ec_to_cord(info.result)); + return String::Body(CORD_ec_to_cord(info.result), info.fragment_begin); } -const char* String::transcode_and_untaint_cstr(Language lang, const Request_charsets *charsets) const { +const char* String::untaint_and_transcode_cstr(Language lang, const Request_charsets *charsets) const { if(charsets && &charsets->source() != &charsets->client()){ - return cstr_to_string_body_transcode_and_untaint(lang, charsets).cstr(); - } else { + // Note: L_URI is allready transcoded during untaint, but transcode does not affect %XX + return Charset::transcode(cstr_to_string_body_untaint(lang, 0, charsets), charsets->source(), charsets->client()).cstr(); + } else return cstr_to_string_body_untaint(lang, 0, charsets).cstr(); - } -} - -int cstr_to_string_body_block_transcode_and_untaint(char alang, size_t fragment_length, Cstr_to_string_body_block_info* info){ - String::C output_c=Charset::transcode( - String::C(info->body->mid(info->fragment_begin, fragment_length).cstr(), fragment_length), - info->charsets->source(), - info->charsets->client() - ); - String::Body output_body=String::Body(output_c); - - size_t fragment_end=info->fragment_begin+fragment_length; - const String::Body* info_body=info->body; - - info->fragment_begin=0; - info->body=&output_body; - info->body->set_pos(info->pos, 0); - - int result=cstr_to_string_body_block_untaint(alang, output_c.length, info); - - info->fragment_begin=fragment_end; - info->body=info_body; - - return result; -} - -String::Body String::cstr_to_string_body_transcode_and_untaint(Language lang, const Request_charsets *charsets) const { - if(is_empty()) - return String::Body(); - - Cstr_to_string_body_block_info info; - // input - info.lang=lang; - info.connection=0; - info.charsets=charsets; - info.body=&body; - // output - CORD_ec_init(info.result); - // private - body.set_pos(info.pos, 0); - info.fragment_begin=0; - info.exception=0; - info.whitespace=true; - - langs.for_each(body, cstr_to_string_body_block_transcode_and_untaint, &info); - - if(info.exception) - throw Exception(0, - 0, - info.exception); - - return String::Body(CORD_ec_to_cord(info.result)); }