|
|
| version 1.10, 2001/03/20 06:45:19 | version 1.67, 2001/10/08 14:09:18 |
|---|---|
| Line 1 | Line 1 |
| /** @file | /** @file |
| Parser: String class part: untaint mechanizm. | Parser: String class part: untaint mechanizm. |
| Copyright (c) 2001 ArtLebedev Group (http://www.artlebedev.com) | Copyright(c) 2001 ArtLebedev Group(http://www.artlebedev.com) |
| Author: Alexander Petrosyan <paf@design.ru>(http://design.ru/paf) | |
| Author: Alexander Petrosyan <paf@design.ru> (http://design.ru/paf) | |
| $Id$ | $Id$ |
| */ | */ |
| #include <string.h> | |
| #include "pa_pool.h" | #include "pa_pool.h" |
| #include "pa_string.h" | #include "pa_string.h" |
| #include "pa_hash.h" | #include "pa_hash.h" |
| #include "pa_exception.h" | #include "pa_exception.h" |
| #include "pa_table.h" | |
| #include "pa_globals.h" | |
| #include "pa_sql_connection.h" | |
| #include "pa_dictionary.h" | |
| #include "pa_common.h" | |
| #define escape(cases) \ | #define escape(action) \ |
| { \ | { \ |
| const char *ptr=row->item.ptr; \ | const char *src=row->item.ptr; \ |
| for (int size=row->item.size; size--; ptr++) \ | for(int size=row->item.size; size--; src++) \ |
| switch(*ptr) { \ | action \ |
| cases \ | |
| } \ | |
| } | } |
| #define escape_value(a, c) case a: *copy_here++=c; break | #define _default default: *dest++=*src; break |
| #define escape_default default: *copy_here++=*ptr; break | #define encode(need_encode_func, prefix) \ |
| #define escape_subst(a, b, bsize) \ | |
| case a: \ | |
| strncpy(copy_here, b, bsize); \ | |
| copy_here+=bsize; \ | |
| break | |
| #define escape_encode(need_encode_func, prefix) \ | |
| default: \ | default: \ |
| if(need_encode_func(*ptr)) { \ | if(need_encode_func(*src)) { \ |
| static const char *hex="0123456789ABCDEF"; \ | static const char *hex="0123456789ABCDEF"; \ |
| char chunk[3]={prefix}; \ | char chunk[3]={prefix}; \ |
| chunk[1]=hex[((unsigned char)*ptr)/0x10]; \ | chunk[1]=hex[((unsigned char)*src)/0x10]; \ |
| chunk[2]=hex[((unsigned char)*ptr)%0x10]; \ | chunk[2]=hex[((unsigned char)*src)%0x10]; \ |
| strncpy(copy_here, chunk, 3); copy_here+=3; \ | memcpy(dest, chunk, 3); dest+=3; \ |
| } else \ | } else \ |
| *copy_here++=*ptr; \ | *dest++=*src; \ |
| break | break |
| #define to_char(c) *dest++=c | |
| #define to_string(b, bsize) \ | |
| memcpy(dest, b, bsize); \ | |
| dest+=bsize; \ | |
| inline bool need_file_encode(unsigned char c){ | inline bool need_file_encode(unsigned char c){ |
| if ((c>='0') && (c<='9') || (c>='A') && (c<='Z') || (c>='a') && (c<='z')) | if((c>='0') &&(c<='9') ||(c>='A') &&(c<='Z') ||(c>='a') &&(c<='z')) |
| return false; | return false; |
| return !strchr("./\\", c); | return !strchr( |
| #ifdef WIN32 | |
| ":\\~" | |
| #endif | |
| "./()_-", c); | |
| } | } |
| inline bool need_uri_encode(unsigned char c){ | inline bool need_uri_encode(unsigned char c){ |
| if ((c>='0') && (c<='9') || (c>='A') && (c<='Z') || (c>='a') && (c<='z')) | if((c>='0') &&(c<='9') ||(c>='A') &&(c<='Z') ||(c>='a') &&(c<='z')) |
| return false; | return false; |
| return !strchr("_-./", c); | return !strchr("_-./", c); |
| } | } |
| inline bool need_header_encode(unsigned char c){ | inline bool need_http_header_encode(unsigned char c){ |
| if(strchr(" ,:", c)) | if(strchr(" , :", c)) |
| return false; | return false; |
| return need_uri_encode(c); | return need_uri_encode(c); |
| } | } |
| // | |
| static const char * String_Untaint_lang_name[]={ | |
| "U", ///< zero value handy for hash lookup @see untaint_lang_name2enum | |
| "C", ///< clean | |
| "T", ///< tainted, untaint language as assigned later | |
| // untaint languages. assigned by ^untaint[lang]{...} | |
| "P", | |
| /**< | |
| leave language built into string being appended. | |
| just a flag, that value not stored | |
| */ | |
| "A", ///< leave all characters intact | |
| "F", ///< filename | |
| "H", ///< text in HTTP response header | |
| "M", ///< text in mail header | |
| "URI", ///< text in uri | |
| "T", ///< ^table:set body | |
| "SQL", ///< ^table:sql body | |
| "JS", ///< JavaScript code | |
| "HTML", ///< HTML code (for editing) | |
| "UHTML", ///< HTML code with USER chars | |
| }; | |
| // String | // String |
| /// @todo optimize whitespaces for all but 'html' | static bool typo_present(Array::Item *value, const void *info) { |
| char *String::cstr() const { | Array *row=static_cast<Array *>(value); |
| char *result=(char *)malloc(size()*UNTAINT_TIMES_BIGGER+1); | const char *src=static_cast<const char *>(info); |
| int partial; | |
| row->get_string(0)->cmp(partial, src); | |
| return | |
| partial==0 || // full match | |
| partial==1; // typo left column starts 'src' | |
| } | |
| /* | |
| HTTP-header = field-name ":" [ field-value ] CRLF | |
| field-name = token | |
| field-value = *( field-content | LWS ) | |
| field-content = <the OCTETs making up the field-value | |
| and consisting of either *TEXT or combinations | |
| of token, tspecials, and quoted-string> | |
| char *copy_here=result; | |
| word = token | quoted-string | |
| token = 1*<any CHAR except CTLs or tspecials> | |
| tspecials = "(" | ")" | "<" | ">" | "@" | |
| | "," | ";" | ":" | "\" | <"> | |
| | "/" | "[" | "]" | "?" | "=" | |
| | "{" | "}" | SP | HT | |
| SP = <US-ASCII SP, space (32)> | |
| HT = <US-ASCII HT, horizontal-tab (9)> | |
| LWS = [CRLF] 1*( SP | HT ) | |
| TEXT = <any OCTET except CTLs, | |
| but including LWS> | |
| quoted-pair = "\" CHAR | |
| if(strchr("()<>@,;:\\\"/[]?={} \t", *ptr)) | |
| */ | |
| inline bool need_quote_http_header(const char *ptr, size_t size) { | |
| for(; size--; ptr++) | |
| if(strchr(";\\\"= \t" /* excluded ()<>@, :/ ? []{} */, *ptr)) | |
| return true; | |
| return false; | |
| } | |
| /** @todo maybe additional check "are all pieces are clean?" would be profitable? | |
| @todo fix potential forigins_mode buf overrun | |
| */ | |
| size_t String::cstr_bufsize(Untaint_lang lang) const { | |
| return (lang==UL_AS_IS?size():size()*UNTAINT_TIMES_BIGGER*(forigins_mode?10:1)) +1; | |
| } | |
| /** @todo fix theoretical \n mem overrun in TYPO replacements | |
| */ | |
| char *String::store_to(char *dest, Untaint_lang lang, | |
| SQL_Connection *connection, | |
| const char *charset) const { | |
| // $MAIN:html-typo table | |
| Dictionary *user_typo_dict=static_cast<Dictionary *>(pool().tag()); | |
| Dictionary *typo_dict=user_typo_dict?user_typo_dict:default_typo_dict; | |
| bool whitespace=true; | |
| const Chunk *chunk=&head; | const Chunk *chunk=&head; |
| do { | do { |
| const Chunk::Row *row=chunk->rows; | const Chunk::Row *row=chunk->rows; |
| for(int i=0; i<chunk->count; i++) { | for(size_t i=0; i<chunk->count; i++, row++) { |
| if(row==append_here) | if(row==append_here) |
| goto break2; | goto break2; |
| Untaint_lang to_lang=lang==UL_UNSPECIFIED?row->item.lang:lang; | |
| char *dest_before_origins=dest; | |
| if(forigins_mode) { | |
| #ifndef NO_STRING_ORIGIN | |
| if(row->item.origin.file) | |
| dest+=sprintf(dest, "%s(%d)", | |
| row->item.origin.file, | |
| 1+row->item.origin.line); | |
| else | |
| dest+=sprintf(dest, "unknown"); | |
| #endif | |
| dest+=sprintf(dest, "#%s: ", | |
| String_Untaint_lang_name[to_lang]); | |
| } | |
| char *dest_after_origins=dest; | |
| // WARNING: | // WARNING: |
| // string can grow only UNTAINT_TIMES_BIGGER | // string can grow only UNTAINT_TIMES_BIGGER |
| switch(row->item.lang) { | switch(to_lang) { |
| case NO: | case UL_CLEAN: |
| // clean piece | // clean piece |
| case YES: | { // optimizing whitespace |
| const char *src=row->item.ptr; | |
| for(int size=row->item.size; size--; src++) | |
| switch(*src) { | |
| case ' ': case '\n': case '\t': | |
| if(!whitespace) { | |
| *dest++=*src; | |
| whitespace=true; | |
| } | |
| break; | |
| default: | |
| whitespace=false; | |
| *dest++=*src; | |
| break; | |
| } | |
| } | |
| break; | |
| case UL_TAINTED: | |
| // tainted piece, but undefined untaint language | // tainted piece, but undefined untaint language |
| // for VString.get_double of tainted values | // for VString.as_double of tainted values |
| // for ^process{body} evaluation | // for ^process{body} evaluation |
| case AS_IS: | case UL_AS_IS: |
| // tainted, untaint language: as-is | // tainted, untaint language: as-is |
| memcpy(copy_here, row->item.ptr, row->item.size); | memcpy(dest, row->item.ptr, row->item.size); |
| copy_here+=row->item.size; | dest+=row->item.size; |
| break; | break; |
| case FILE_NAME: | case UL_FILE_SPEC: |
| // tainted, untaint language: file [name] | // tainted, untaint language: file [name] |
| escape( | escape(switch(*src) { |
| escape_value(' ', '_'); | case ' ': to_char('_'); break; |
| escape_encode(need_file_encode, '-'); | encode(need_file_encode, '+'); |
| ); | }); |
| break; | break; |
| case URI: | case UL_URI: |
| // tainted, untaint language: uri | // tainted, untaint language: uri |
| escape( | escape(switch(*src) { |
| escape_value(' ', '+'); | case ' ': to_char('+'); break; |
| escape_encode(need_uri_encode, '%'); | encode(need_uri_encode, '%'); |
| ); | }); |
| break; | |
| case HEADER: | |
| // tainted, untaint language: header | |
| escape( | |
| escape_encode(need_header_encode, '%'); | |
| ); | |
| break; | |
| case TABLE: | |
| escape( | |
| escape_value('\t', ' '); | |
| escape_value('\n', ' '); | |
| escape_default; | |
| ); | |
| break; | break; |
| case SQL: | case UL_HTTP_HEADER: |
| // tainted, untaint language: http-field-content-text | |
| escape(switch(*src) { | |
| case ' ': to_char('+'); break; | |
| encode(need_uri_encode, '%'); | |
| }); | |
| break; | |
| case UL_MAIL_HEADER: | |
| // tainted, untaint language: mail-header | |
| if(charset) { | |
| // Subject: Re: parser3: =?koi8-r?Q?=D3=C5=CD=C9=CE=C1=D2?= | |
| const char *src=row->item.ptr; | |
| bool to_quoted_printable=false; | |
| for(int size=row->item.size; size--; src++) { | |
| if(*src & 0x80) { | |
| if(!to_quoted_printable) { | |
| dest+=sprintf(dest, "=?%.15s?Q?", charset); | |
| to_quoted_printable=true; | |
| } | |
| dest+=sprintf(dest, "=%02X", *src & 0xFF); | |
| } else { | |
| *dest++=*src; | |
| } | |
| } | |
| if(to_quoted_printable) // close | |
| dest+=sprintf(dest, "?="); | |
| } else { | |
| memcpy(dest, row->item.ptr, row->item.size); | |
| dest+=row->item.size; | |
| } | |
| break; | |
| case UL_TABLE: | |
| // tainted, untaint language: table | |
| escape(switch(*src) { | |
| case '\t': to_char(' '); break; | |
| case '\n': to_char(' '); break; | |
| _default; | |
| }); | |
| break; | |
| case UL_SQL: | |
| // tainted, untaint language: sql | // tainted, untaint language: sql |
| // TODO: зависимость от sql сервера | if(connection) |
| memset(copy_here, '?', row->item.size); | dest+=connection->quote(dest, row->item.ptr, row->item.size); |
| copy_here+=row->item.size; | else |
| break; | THROW(0, 0, |
| case JS: | this, |
| escape( | "untaint in SQL language failed - no connection specified"); |
| escape_subst('"', "\\\"", 2); | break; |
| escape_subst('\'', "\\'", 2); | case UL_JS: |
| escape_subst('\n', "\\n", 2); | escape(switch(*src) { |
| escape_subst('\r', "\\r", 2); | case '"': to_string("\\\"", 2); break; |
| escape_subst('\\', "\\\\", 2); | case '\'': to_string("\\'", 2); break; |
| escape_subst('я', "\\я", 2); | case '\n': to_string("\\n", 2); break; |
| escape_default; | case '\\': to_string("\\\\", 2); break; |
| ); | case '\xFF': to_string("\\\xFF", 2); break; |
| break; | _default; |
| case HTML: | }); |
| escape( | break; |
| escape_subst('&', "&", 5); // BEFORE consequent relpaces yelding '&' | case UL_XML: |
| escape_subst('>', ">", 4); | escape(switch(*src) { |
| escape_subst('<', "<",4); | case '&': to_string("&", 5); break; |
| escape_subst('"', """,6); | case '>': to_string(">", 4); break; |
| escape_value('\t', ' '); | case '<': to_string("<", 4); break; |
| //TODO: XSLT escape_subst('\'', "'", 6) | case '"': to_string(""", 6); break; |
| escape_default; | case '\'': to_string("'", 6); break; |
| ); | _default; |
| }); | |
| break; | break; |
| case HTML_TYPO: | case UL_HTML: |
| escape(switch(*src) { | |
| case '&': to_string("&", 5); break; | |
| case '>': to_string(">", 4); break; | |
| case '<': to_string("<", 4); break; | |
| case '"': to_string(""", 6); break; | |
| _default; | |
| }); | |
| break; | |
| case UL_USER_HTML: { | |
| // tainted, untaint language: html-typo | // tainted, untaint language: html-typo |
| escape( | if(!typo_dict) // never, always has default |
| escape_subst('&', "&", 5); // BEFORE consequent relpaces yelding '&' | THROW(0, 0, |
| escape_subst('>', ">", 4); | this, |
| escape_subst('<', "<",4); | "untaint to user-html lang failed, no typo table"); |
| escape_subst('"', """,6); | |
| escape_value('\t', ' '); | char *html_for_typo= |
| //TODO: $MAIN:html-type table replace, max length(b)==UNTAINT_TIMES_BIGGER*length(a) | (char *)malloc(row->item.size*2/* '\n' -> '\' 'n' */+1); |
| escape_default; | // note: |
| ); | // there still is a possibility that user |
| // would not replace \n as she supposed to | |
| // and rather replace \ and n into huge strings | |
| // thus causing memory overrun | |
| // this can be dealed by allocating *2 memory, but that's too expensive | |
| size_t html_for_typo_size; | |
| { // local dest | |
| char *dest=html_for_typo; | |
| escape(switch(*src) { | |
| // convinient name for typo match "\n" | |
| case '\n': | |
| to_string("\\n", 2); | |
| break; | |
| _default; | |
| }); | |
| *dest=0; | |
| html_for_typo_size=dest-html_for_typo; | |
| } | |
| // typo table replacements | |
| const char *src=html_for_typo; | |
| do { | |
| // there is a row where first column starts 'src' | |
| if(Table::Item *item=typo_dict->first_that_starts(src)) { | |
| // get a=>b values | |
| const String& a=*static_cast<Array *>(item)->get_string(0); | |
| const String& b=*static_cast<Array *>(item)->get_string(1); | |
| // overflow check: | |
| // b allowed to be max UNTAINT_TIMES_BIGGER then a | |
| if(b.size()>UNTAINT_TIMES_BIGGER*a.size()) { | |
| pool().set_tag(0); // avoid recursion | |
| THROW(0, 0, | |
| &b, | |
| "is %g times longer then '%s', " | |
| "while maximum, handled by Parser, is %d", | |
| ((double)b.size())/a.size(), | |
| a.cstr(), | |
| UNTAINT_TIMES_BIGGER); | |
| } | |
| // skip 'a' in 'src' | |
| src+=a.size(); | |
| // write 'b' to 'dest' | |
| b.store_to(dest); | |
| // skip 'b' in 'dest' | |
| dest+=b.size(); | |
| } else | |
| *dest++=*src++; | |
| } while(*src); | |
| break; | break; |
| } | |
| default: | default: |
| THROW(0,0, | THROW(0, 0, |
| this, | this, |
| "unknown untaint language #%d of %d piece", | "unknown untaint language #%d of %d piece", |
| static_cast<int>(row->item.lang), | static_cast<int>(row->item.lang), |
| i); | i); // never |
| break; // never | |
| } | } |
| row++; | |
| if((lang==UL_UNSPECIFIED?row->item.lang:lang)!=UL_CLEAN) | |
| whitespace=false; | |
| if(forigins_mode) | |
| if(dest==dest_after_origins) // never moved==optimized space | |
| dest=dest_before_origins; | |
| else { | |
| remove_crlf(dest_after_origins, dest); | |
| to_char('\n'); | |
| } | |
| } | } |
| chunk=row->link; | chunk=row->link; |
| } while(chunk); | } while(chunk); |
| break2: | break2: |
| *copy_here=0; | return dest; |
| return result; | |
| } | } |