--- parser3/src/main/untaint.C 2001/03/19 17:42:16 1.8 +++ parser3/src/main/untaint.C 2003/03/20 11:11:56 1.115.2.12.2.5 @@ -1,160 +1,429 @@ /** @file Parser: String class part: untaint mechanizm. - Copyright (c) 2001 ArtLebedev Group (http://www.artlebedev.com) - - Author: Alexander Petrosyan (http://design.ru/paf) - - $Id: untaint.C,v 1.8 2001/03/19 17:42:16 paf Exp $ + Copyright(c) 2001-2003 ArtLebedev Group (http://www.artlebedev.com) + Author: Alexandr Petrosian (http://paf.design.ru) */ -#include +static const char* IDENT_UNTAINT_C="$Date: 2003/03/20 11:11:56 $"; + -#include "pa_pool.h" #include "pa_string.h" #include "pa_hash.h" #include "pa_exception.h" +#include "pa_table.h" +#include "pa_globals.h" +#include "pa_dictionary.h" +#include "pa_common.h" +#include "pa_charset.h" +#include "pa_request_charsets.h" -#define escape(cases) \ - { \ - const char *ptr=row->item.ptr; \ - for (int size=row->item.size; size--; ptr++) \ - switch(*ptr) { \ - cases \ - } \ - } -#define escape_value(a, c) case a: *copy_here++=c; break -#define escape_default default: *copy_here++=*ptr; break -#define escape_subst(a, b, bsize) \ - case a: \ - strncpy(copy_here, b, bsize); \ - copy_here+=bsize; \ - break -#define escape_encode(need_encode_func) \ - default: \ - if(need_encode_func(*ptr)) { \ - static const char *hex="0123456789ABCDEF"; \ - char chunk[3]={'%'}; \ - chunk[1]=hex[((unsigned char)*ptr)/0x10]; \ - chunk[2]=hex[((unsigned char)*ptr)%0x10]; \ - strncpy(copy_here, chunk, 3); copy_here+=3; \ - } else \ - *copy_here++=*ptr; \ - break +extern "C" { // author forgot to do that +#include "ec.h" +} + +//#define PA_SQL +#ifdef PA_SQL +#include "pa_sql_connection.h" +#endif + +#define escape(action) \ + for(; fragment_size--; CORD_next(pos)) { \ + char c=CORD_pos_fetch(pos); \ + action \ + } +#define _default default: CORD_ec_append(result, c); break +#define encode(need_encode_func, prefix) \ + if(need_encode_func(c)) { \ + static const char* hex="0123456789ABCDEF"; \ + CORD_ec_append(result, prefix); \ + CORD_ec_append(result, hex[((unsigned char)c)/0x10]); \ + CORD_ec_append(result, hex[((unsigned char)c)%0x10]); \ + } else \ + CORD_ec_append(result, c); +#define to_char(c) CORD_ec_append(result, c) +#define to_string(s) CORD_ec_append_cord(result, s) + +inline bool need_file_encode(unsigned char c){ + // russian letters and space ENABLED + // encoding only these... + return strchr( + "*?'\"<>|" +#ifndef WIN32 + ":\\~" +#endif + , c)!=0; +} inline bool need_uri_encode(unsigned char c){ - if ((c>='0') && (c<='9') || (c>='A') && (c<='Z') || (c>='a') && (c<='z')) + if((c>='0') &&(c<='9') ||(c>='A') &&(c<='Z') ||(c>='a') &&(c<='z')) return false; return !strchr("_-./", c); } -inline bool need_header_encode(unsigned char c){ - if(strchr(" ,:", c)) +inline bool need_http_header_encode(unsigned char c){ + if(strchr(" , :", c)) return false; return need_uri_encode(c); } +// + +static const char* String_Untaint_lang_name[]={ + "U", ///< zero value handy for hash lookup @see untaint_lang_name2enum + "C", ///< clean + "T", ///< tainted, untaint language as assigned later + // untaint languages. assigned by ^untaint[lang]{...} + "P", + /**< + leave language built into string being appended. + just a flag, that value not stored + */ + "A", ///< leave all characters intact + "F", ///< file specification + "H", ///< ext in HTTP response header + "M", ///< text in mail header + "URI", ///< text in uri + "T", ///< ^table:set body + "SQL", ///< ^table:sql body + "JS", ///< JavaScript code + "XML", ///< ^dom:set xml + "HTML" ///< HTML code (for editing) +}; + + // String -/// \todo optimize whitespaces for all but 'html' -char *String::cstr() const { - char *result=(char *)malloc(size()*UNTAINT_TIMES_BIGGER+1); - - char *copy_here=result; - const Chunk *chunk=&head; - do { - const Chunk::Row *row=chunk->rows; - for(int i=0; icount; i++) { - if(row==append_here) - goto break2; - - // WARNING: - // string can grow only UNTAINT_TIMES_BIGGER - switch(row->item.lang) { - case NO: - // clean piece - case YES: - // tainted piece, but undefined untaint language - // for VString.get_double of tainted values - // for ^process{body} evaluation - case AS_IS: - // tainted, untaint language: as-is - memcpy(copy_here, row->item.ptr, row->item.size); - copy_here+=row->item.size; - break; - case URI: - // tainted, untaint language: uri - escape( - escape_value(' ', '+'); - escape_encode(need_uri_encode); - ); - break; - case HEADER: - // tainted, untaint language: header - escape( - escape_encode(need_header_encode); - ); - break; - case TABLE: - escape( - escape_value('\t', ' '); - escape_value('\n', ' '); - escape_default; - ); - break; - case SQL: - // tainted, untaint language: sql - // TODO: зависимость от sql сервера - memset(copy_here, '?', row->item.size); - copy_here+=row->item.size; - break; - case JS: - escape( - escape_subst('"', "\\\"", 2); - escape_subst('\'', "\\'", 2); - escape_subst('\n', "\\n", 2); - escape_subst('\r', "\\r", 2); - escape_subst('\\', "\\\\", 2); - escape_subst('я', "\\я", 2); - escape_default; - ); - break; - case HTML: - escape( - escape_subst('&', "&", 5); // BEFORE consequent relpaces yelding '&' - escape_subst('>', ">", 4); - escape_subst('<', "<",4); - escape_subst('"', """,6); - escape_value('\t', ' '); - //TODO: XSLT escape_subst('\'', "'", 6) - escape_default; - ); - break; - case HTML_TYPO: - // tainted, untaint language: html-typo - escape( - escape_subst('&', "&", 5); // BEFORE consequent relpaces yelding '&' - escape_subst('>', ">", 4); - escape_subst('<', "<",4); - escape_subst('"', """,6); - escape_value('\t', ' '); - //TODO: $MAIN:html-type table replace, max length(b)==UNTAINT_TIMES_BIGGER*length(a) - escape_default; - ); - break; - default: - THROW(0,0, - this, - "unknown untaint language #%d of %d piece", - static_cast(row->item.lang), - i); +/* + +HTTP-header = field-name ":" [ field-value ] CRLF + + field-name = token + field-value = *( field-content | LWS ) + + field-content = + + + +word = token | quoted-string + +token = 1* + + + +tspecials = "(" | ")" | "<" | ">" | "@" + | "," | ";" | ":" | "\" | <"> + | "/" | "[" | "]" | "?" | "=" + | "{" | "}" | SP | HT + +SP = +HT = + +LWS = [CRLF] 1*( SP | HT ) +TEXT = + +quoted-pair = "\" CHAR + + if(strchr("()<>@,;:\\\"/[]?={} \t", *ptr)) +*/ +inline bool need_quote_http_header(const char* ptr, size_t size) { + for(; size--; ptr++) + if(strchr(";\\\"= \t" /* excluded ()<>@, :/ ? []{} */, *ptr)) + return true; + return false; +} + + +/** + appends to other String, + marking all tainted pieces of it with @a lang. + or marking ALL pieces of it with a @a lang when @a forced to, + and propagating OPTIMIZE language bit. +*/ +String& String::append_to(String& dest, Untaint_lang lang, bool forced) const { + if(!*this) + return dest; + + // first: letters + dest.body=CORD_cat(dest.body, body); + + // next: fragment infos + + if(lang==UL_PASS_APPENDED) // without language-chage string? + dest.fragments.append(fragments, 0, fragments.count()); + else if(forced) //forcing passed lang? + dest.fragments+=Fragment(lang, size()); + else if(lang&UL_OPTIMIZE_BIT) { + Array_iterator i(fragments); + while(i.has_next()) { + const Fragment& fragment=i.next(); + // main idea here: + // tainted piece would get OPTIMIZED bit from 'lang' + // clean piece would be marked OPTIMIZED manually + // pieces with determined languages [not tainted|clean] would retain theirs langs + dest.fragments+=Fragment(static_cast( + fragment.lang==UL_TAINTED?lang:( + fragment.lang==UL_CLEAN?UL_CLEAN|UL_OPTIMIZE_BIT: // ORing with OPTIMIZED flag + fragment.lang)), + fragment.size); + } + } else { // The core idea: tainted pieces got marked with context's lang + Array_iterator i(fragments); + while(i.has_next()) { + const Fragment& fragment=i.next(); + dest.fragments+=Fragment( + fragment.lang==UL_TAINTED?lang:fragment.lang, + fragment.size); + } + } + + return dest; +} + +/** http://www.ietf.org/rfc/rfc2047.txt +RFC +(3) As a replacement for a 'word' entity within a 'phrase', for example, + one that precedes an address in a From, To, or Cc header. The ABNF + definition for 'phrase' from RFC 822 thus becomes: + + phrase = 1*( encoded-word / word ) + + In this case the set of characters that may be used in a "Q"-encoded + 'encoded-word' is restricted to: . An 'encoded-word' that appears within a + 'phrase' MUST be separated from any adjacent 'word', 'text' or + 'special' by 'linear-white-space'. +... + (2) The 8-bit hexadecimal value 20 (e.g., ISO-8859-1 SPACE) may be + represented as "_" (underscore, ASCII 95.). (This character may + not pass through some internetwork mail gateways, but its use + will greatly enhance readability of "Q" encoded data with mail + readers that do not support this encoding.) Note that the "_" + always represents hexadecimal 20, even if the SPACE character + occupies a different code position in the character set in use. + + paf: obviously, + without "=", or one could not differ "=E0" and "russian letter a" + and without "_", or in would mean 0x20 +*/ +inline bool mail_header_char_valid_within_Qencoded(char c) { + return c>='A' && c<='Z' + || c>='a' && c<='Z' + || c>='0' && c<='9' + || strchr("!*+-/", c); +} +inline void ec_append(CORD_ec result, CORD_pos& pos, size_t size) { + while(size--) { + CORD_ec_append(result, CORD_pos_fetch(pos)); + CORD_next(pos); + } +} +CORD String::cstr_to_cord(Untaint_lang lang, + SQL_Connection *connection, + const Request_charsets *charsets) const { + CORD_ec result; CORD_ec_init(result); + CORD_pos pos; CORD_set_pos(pos, body, 0); + + bool whitespace=true; + + size_t fragment_start=0; + size_t fragment_end; + for(Array_iterator i(fragments); i.has_next(); fragment_start=fragment_end) { + const Fragment& fragment=i.next(); + size_t fragment_size=fragment.size; + fragment_end=fragment_start+fragment_size; + + Untaint_lang to_lang=lang==UL_UNSPECIFIED?fragment.lang:lang; + + switch(to_lang & ~UL_OPTIMIZE_BIT) { + case UL_CLEAN: + case UL_TAINTED: + case UL_AS_IS: + // clean piece + + // tainted piece, but undefined untaint language + // for VString.as_double of tainted values + // for ^process{body} evaluation + + // tainted, untaint language: as-is + ec_append(result, pos, fragment_size); + break; + case UL_FILE_SPEC: + // tainted, untaint language: file [name] + escape( + // Macintosh has problems with small Russian letter 'r' + if( c=='\xF0' && charsets && charsets->source().name()=="windows-1251" ) { + // fixing that letter for most common charset + to_char('p'); + } else // fallback to default + encode(need_file_encode, '_'); + ); + break; +#ifdef LATER + case UL_URI: + // tainted, untaint language: uri + { + const char *substr= + CORD_to_const_char_star( + CORD_substr(body, fragment_start, fragment_size)); + const void *client_ptr; + size_t client_size; + if(charsets) + Charset::transcode( + charsets->source(), substr, fragment_size, + charsets->client(), client_ptr, client_size); + else { + client_ptr=substr; + client_size=fragment_size; + } + + char c; + for(const char* src=(const char* )client_ptr; c=*src++; ) + encode(need_uri_encode, '%'); + } + break; +#endif + case UL_HTTP_HEADER: + // tainted, untaint language: http-field-content-text + escape( + encode(need_uri_encode, '%'); + ); + break; +#ifdef LATER + case UL_MAIL_HEADER: + // tainted, untaint language: mail-header + // http://www.ietf.org/rfc/rfc2047.txt + if(charsets) { + const void *mail_ptr=fragment.ptr; + size_t mail_size=fragment_size; + const char* charset_name=charsets->mail().name()->cstr(); + + // Subject: Re: parser3: =?koi8-r?Q?=D3=C5=CD=C9=CE=C1=D2?= + const char* src=(const char* )mail_ptr; + bool to_quoted_printable=false; + + bool email=false; + for(const char* end=src+mail_size; src') + email=false; + } + if(to_quoted_printable) // close + dest+=sprintf(dest, "?="); + + } else { + memcpy(dest, fragment.ptr, fragment_size); + dest+=fragment_size; } - row++; + break; +#endif + case UL_TABLE: + // tainted, untaint language: table + escape(switch(c) { + case '\t': to_char(' '); break; + case '\n': to_char(' '); break; + _default; + }); + break; +#ifdef PA_SQL + case UL_SQL: + // tainted, untaint language: sql + if(connection) { + dest+=connection->quote(0, + CORD_substr(body, fragment_start, fragment_size), + fragment_size); +...^^^ + + dest+=connection->quote(dest, fragment.ptr, fragment_size); + else + throw Exception(0, + 0, + "untaint in SQL language failed - no connection specified"); + break; +#endif + case UL_JS: + escape(switch(c) { + case '"': to_string("\\\""); break; + case '\'': to_string("\\'"); break; + case '\n': to_string("\\n"); break; + case '\\': to_string("\\\\"); break; + case '\xFF': to_string("\\\xFF"); break; + _default; + }); + break; + case UL_XML: + escape(switch(c) { + case '&': to_string("&"); break; + case '>': to_string(">"); break; + case '<': to_string("<"); break; + case '"': to_string("""); break; + case '\'': to_string("'"); break; + _default; + }); + break; + case UL_HTML: + escape(switch(c) { + case '&': to_string("&"); break; + case '>': to_string(">"); break; + case '<': to_string("<"); break; + case '"': to_string("""); break; + _default; + }); + break; + default: + throw Exception(0, + 0, + "unknown untaint language #%d", + static_cast(to_lang)); // should never + break; // never } - chunk=row->link; - } while(chunk); -break2: - *copy_here=0; - return result; +#ifdef LATER + if(to_lang & UL_OPTIMIZE_BIT) { + // optimizing whitespace + char *stop=dest; dest=start; + for(char c=start; src