[-]
[+]
|
Changed |
mod_security-ix.changes
|
|
[-]
[+]
|
Changed |
mod_security-ix.spec
^
|
|
[-]
[+]
|
Added |
CVE-2013-2765.patch
^
|
@@ -0,0 +1,10 @@
+--- modsecurity-apache_2.6.8/apache2/msc_reqbody.c.orig 2013-06-29 18:56:31.446864803 +0200
++++ modsecurity-apache_2.6.8/apache2/msc_reqbody.c 2013-06-29 18:56:45.354863561 +0200
+@@ -170,6 +170,7 @@
+
+ /* Would storing this chunk mean going over the limit? */
+ if ((msr->msc_reqbody_spilltodisk)
++ && (msr->txcfg->reqbody_buffering != REQUEST_BODY_FORCEBUF_ON)
+ && (msr->msc_reqbody_length + length > (apr_size_t)msr->txcfg->reqbody_inmemory_limit))
+ {
+ msc_data_chunk **chunks;
|
[-]
[+]
|
Changed |
modsec-clean_var-asl-data-audit
^
|
@@ -1,4 +1,5 @@
#!/bin/bash
-nice -n 19 find /var/asl/data/audit -type d -cmin +30 -print0 | xargs -r -0 rm -rf
+nice -n 19 find /var/asl/data/audit -type d -mindepth 1 -cmin +30 -print0 | xargs -r -0 rm -rf
mkdir -p /var/asl/data/audit
+chown -R %APAUSR%:%APAGRP% /var/asl/data/audit
[ -x /usr/local/bin/modsec-permissions ] && /usr/local/bin/modsec-permissions || :
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/CHANGES
^
|
@@ -1,3 +1,32 @@
+10 May 2013 - 2.7.4
+-------------------
+Improvements:
+
+ * Added Libinjection project http://www.client9.com/projects/libinjection/ as a new operator @detectSQLi. (Thanks Nick Galbreath).
+
+ * Added new variable SDBM_DELETE_ERROR that will be set to 1 when sdbm engine fails to delete entries.
+
+ * NGINX is now set to STABLE. Thanks chaizhenhua and all the people in community who help the project testing, sending feedback and patches.
+
+Bug Fixes:
+
+ * Fixed SecRulePerfTime storing unnecessary rules performance times.
+
+ * Fixed Possible SDBM deadlock condition.
+
+ * Fixed Possible @rsub memory leak.
+
+ * Fixed REMOTE_ADDR content will receive the client ip address when mod_remoteip.c is present.
+
+ * Fixed NGINX Audit engine in Concurrent mode was overwriting existing alert files because a issue with UNIQUE_ID.
+
+ * Fixed CPU 100% issue in NGINX port. This is also related to an memory leak when loading response body.
+
+Security Issues:
+
+ * Fixed Remote Null Pointer DeReference (CVE-2013-2765). When forceRequestBodyVariable action is triggered and a unknown Content-Type is used,
+ mod_security will crash trying to manipulate msr->msc_reqbody_chunks->elts however msr->msc_reqbody_chunks is NULL. (Thanks Younes JAAIDI).
+
28 Mar 2013 - 2.7.3
-------------------
@@ -32,7 +61,7 @@
* SECURITY: Added SecXmlExternalEntity (On|Off - default it Off) that will disable
by default the external entity load task executed by LibXml2. This is a security issue
- reported by Timur Yunusov, Alexey Osipov (Positive Technologies).
+ [CVE-2013-1915] reported by Timur Yunusov, Alexey Osipov (Positive Technologies).
21 Jan 2013 - 2.7.2
-------------------
@@ -130,7 +159,7 @@
support Include directive like Apache2.
* Added MULTIPART_INVALID_PART flag. Also used in rule id 200002 for multipart strict
- validation.
+ validation. https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20121017-0_mod_security_ruleset_bypass.txt).
* Updated Reference Manual.
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/Makefile.in
^
|
@@ -118,13 +118,17 @@
APR_CFLAGS = @APR_CFLAGS@
APR_CONFIG = @APR_CONFIG@
APR_CPPFLAGS = @APR_CPPFLAGS@
+APR_INCLUDEDIR = @APR_INCLUDEDIR@
APR_LDADD = @APR_LDADD@
APR_LDFLAGS = @APR_LDFLAGS@
+APR_LINKLD = @APR_LINKLD@
APR_VERSION = @APR_VERSION@
APU_CFLAGS = @APU_CFLAGS@
APU_CONFIG = @APU_CONFIG@
+APU_INCLUDEDIR = @APU_INCLUDEDIR@
APU_LDADD = @APU_LDADD@
APU_LDFLAGS = @APU_LDFLAGS@
+APU_LINKLD = @APU_LINKLD@
APU_VERSION = @APU_VERSION@
APXS = @APXS@
APXS_BINDIR = @APXS_BINDIR@
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/NOTICE
^
|
@@ -1,5 +1,5 @@
ModSecurity (www.modsecurity.org)
- Copyright [2004-2011] Trustwave Holdings, Inc
+ Copyright [2004-2013] Trustwave Holdings, Inc
This product includes software developed at
Trustwave Holdings, Inc (http://www.trustwave.com/).
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/README.TXT
^
|
@@ -1,5 +1,5 @@
ModSecurity for Apache 2.x, http://www.modsecurity.org/
-Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
You may not use this file except in compliance with
the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/alp2/Makefile.in
^
|
@@ -108,13 +108,17 @@
APR_CFLAGS = @APR_CFLAGS@
APR_CONFIG = @APR_CONFIG@
APR_CPPFLAGS = @APR_CPPFLAGS@
+APR_INCLUDEDIR = @APR_INCLUDEDIR@
APR_LDADD = @APR_LDADD@
APR_LDFLAGS = @APR_LDFLAGS@
+APR_LINKLD = @APR_LINKLD@
APR_VERSION = @APR_VERSION@
APU_CFLAGS = @APU_CFLAGS@
APU_CONFIG = @APU_CONFIG@
+APU_INCLUDEDIR = @APU_INCLUDEDIR@
APU_LDADD = @APU_LDADD@
APU_LDFLAGS = @APU_LDFLAGS@
+APU_LINKLD = @APU_LINKLD@
APU_VERSION = @APU_VERSION@
APXS = @APXS@
APXS_BINDIR = @APXS_BINDIR@
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/alp2/alp2.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/alp2/alp2.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/alp2/alp2_pp.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/alp2/alp2_pp.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/Makefile.am
^
|
@@ -11,7 +11,7 @@
re_variables.c msc_logging.c msc_xml.c \
msc_multipart.c modsecurity.c msc_parsers.c \
msc_util.c msc_pcre.c persist_dbm.c msc_reqbody.c \
- msc_geo.c msc_gsb.c msc_crypt.c msc_tree.c msc_unicode.c acmp.c msc_lua.c msc_release.c
+ msc_geo.c msc_gsb.c msc_crypt.c msc_tree.c msc_unicode.c acmp.c msc_lua.c msc_release.c libinjection/sqlparse.c
mod_security2_la_CFLAGS = @APXS_CFLAGS@ @APR_CFLAGS@ @APU_CFLAGS@ \
@PCRE_CFLAGS@ @LIBXML2_CFLAGS@ @LUA_CFLAGS@ @MODSEC_EXTRA_CFLAGS@ @CURL_CFLAGS@
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/Makefile.in
^
|
@@ -93,7 +93,7 @@
mod_security2_la-msc_gsb.lo mod_security2_la-msc_crypt.lo \
mod_security2_la-msc_tree.lo mod_security2_la-msc_unicode.lo \
mod_security2_la-acmp.lo mod_security2_la-msc_lua.lo \
- mod_security2_la-msc_release.lo
+ mod_security2_la-msc_release.lo mod_security2_la-sqlparse.lo
mod_security2_la_OBJECTS = $(am_mod_security2_la_OBJECTS)
mod_security2_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(mod_security2_la_CFLAGS) \
@@ -122,13 +122,17 @@
APR_CFLAGS = @APR_CFLAGS@
APR_CONFIG = @APR_CONFIG@
APR_CPPFLAGS = @APR_CPPFLAGS@
+APR_INCLUDEDIR = @APR_INCLUDEDIR@
APR_LDADD = @APR_LDADD@
APR_LDFLAGS = @APR_LDFLAGS@
+APR_LINKLD = @APR_LINKLD@
APR_VERSION = @APR_VERSION@
APU_CFLAGS = @APU_CFLAGS@
APU_CONFIG = @APU_CONFIG@
+APU_INCLUDEDIR = @APU_INCLUDEDIR@
APU_LDADD = @APU_LDADD@
APU_LDFLAGS = @APU_LDFLAGS@
+APU_LINKLD = @APU_LINKLD@
APU_VERSION = @APU_VERSION@
APXS = @APXS@
APXS_BINDIR = @APXS_BINDIR@
@@ -305,7 +309,7 @@
re_variables.c msc_logging.c msc_xml.c \
msc_multipart.c modsecurity.c msc_parsers.c \
msc_util.c msc_pcre.c persist_dbm.c msc_reqbody.c \
- msc_geo.c msc_gsb.c msc_crypt.c msc_tree.c msc_unicode.c acmp.c msc_lua.c msc_release.c
+ msc_geo.c msc_gsb.c msc_crypt.c msc_tree.c msc_unicode.c acmp.c msc_lua.c msc_release.c libinjection/sqlparse.c
mod_security2_la_CFLAGS = @APXS_CFLAGS@ @APR_CFLAGS@ @APU_CFLAGS@ \
@PCRE_CFLAGS@ @LIBXML2_CFLAGS@ @LUA_CFLAGS@ @MODSEC_EXTRA_CFLAGS@ @CURL_CFLAGS@
@@ -462,6 +466,7 @@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-re_operators.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-re_tfns.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-re_variables.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-sqlparse.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -666,6 +671,13 @@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_security2_la_CPPFLAGS) $(CPPFLAGS) $(mod_security2_la_CFLAGS) $(CFLAGS) -c -o mod_security2_la-msc_release.lo `test -f 'msc_release.c' || echo '$(srcdir)/'`msc_release.c
+mod_security2_la-sqlparse.lo: libinjection/sqlparse.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_security2_la_CPPFLAGS) $(CPPFLAGS) $(mod_security2_la_CFLAGS) $(CFLAGS) -MT mod_security2_la-sqlparse.lo -MD -MP -MF $(DEPDIR)/mod_security2_la-sqlparse.Tpo -c -o mod_security2_la-sqlparse.lo `test -f 'libinjection/sqlparse.c' || echo '$(srcdir)/'`libinjection/sqlparse.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mod_security2_la-sqlparse.Tpo $(DEPDIR)/mod_security2_la-sqlparse.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='libinjection/sqlparse.c' object='mod_security2_la-sqlparse.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_security2_la_CPPFLAGS) $(CPPFLAGS) $(mod_security2_la_CFLAGS) $(CFLAGS) -c -o mod_security2_la-sqlparse.lo `test -f 'libinjection/sqlparse.c' || echo '$(srcdir)/'`libinjection/sqlparse.c
+
mostlyclean-libtool:
-rm -f *.lo
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/Makefile.win
^
|
@@ -46,7 +46,7 @@
msc_logging.obj msc_xml.obj msc_multipart.obj modsecurity.obj \
msc_parsers.obj msc_util.obj msc_pcre.obj persist_dbm.obj \
msc_reqbody.obj msc_geo.obj msc_gsb.obj msc_crypt.obj msc_tree.obj msc_unicode.obj acmp.obj msc_lua.obj \
- msc_release.obj
+ msc_release.obj libinjection\sqlparse.obj
all: $(DLL)
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/acmp.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/acmp.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/apache2.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/apache2_config.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -2346,7 +2346,7 @@
dcfg->hash_is_enabled = HASH_DISABLED;
dcfg->hash_enforcement = HASH_DISABLED;
}
- else return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SexHashEngine: %s", p1);
+ else return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecHashEngine: %s", p1);
return NULL;
}
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/apache2_io.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/apache2_util.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -198,6 +198,10 @@
apr_size_t nbytes, nbytes_written;
apr_file_t *debuglog_fd = NULL;
int filter_debug_level = 0;
+ char *remote = NULL;
+ char *parse_remote = NULL;
+ char *saved = NULL;
+ char *str = NULL;
char str1[1024] = "";
char str2[1256] = "";
@@ -269,8 +273,8 @@
hostname, log_escape(msr->mp, r->uri), unique_id);
#else
ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, 0, r->server,
- "[client %s] ModSecurity: %s%s [uri \"%s\"]%s", r->connection->remote_ip, str1,
- hostname, log_escape(msr->mp, r->uri), unique_id);
+ "[client %s] ModSecurity: %s%s [uri \"%s\"]%s", msr->remote_addr ? msr->remote_addr : r->connection->remote_ip, str1,
+ hostname, log_escape(msr->mp, r->uri), unique_id);
#endif
/* Add this message to the list. */
|
[-]
[+]
|
Added |
modsecurity-apache_2.7.4.tar.bz2/apache2/libinjection
^
|
+(directory)
|
[-]
[+]
|
Added |
modsecurity-apache_2.7.4.tar.bz2/apache2/libinjection/COPYING.txt
^
|
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2012, 2013
+ * Nick Galbreath -- nickg [at] client9 [dot] com
+ * http://www.client9.com/projects/libinjection/
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of libinjection nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * This is the standard "new" BSD license:
+ * http://www.opensource.org/licenses/bsd-license.php
+ */
|
[-]
[+]
|
Added |
modsecurity-apache_2.7.4.tar.bz2/apache2/libinjection/sqli_fingerprints.h
^
|
@@ -0,0 +1,2327 @@
+#ifndef _SQLPARSE_FINGERPRINTS_H
+#define _SQLPARSE_FINGERPRINTS_H
+
+static const char* patmap[] = {
+ "&1o1U",
+ "&1osU",
+ "&1ovU",
+ "&f()o",
+ "&f(1)",
+ "&f(1o",
+ "&f(s)",
+ "&f(v)",
+ "&f(vo",
+ "&so1U",
+ "&sosU",
+ "&sovU",
+ "&vo1U",
+ "&vosU",
+ "&vovU",
+ "1&((f",
+ "1&((k",
+ "1&(1)",
+ "1&(1,",
+ "1&(1o",
+ "1&(f(",
+ "1&(k(",
+ "1&(k1",
+ "1&(kf",
+ "1&(kk",
+ "1&(kn",
+ "1&(ko",
+ "1&(ks",
+ "1&(kv",
+ "1&(s)",
+ "1&(s,",
+ "1&(so",
+ "1&(v)",
+ "1&(v,",
+ "1&(vo",
+ "1&1",
+ "1&1Bf",
+ "1&1Uk",
+ "1&1c",
+ "1&1f(",
+ "1&1o(",
+ "1&1o1",
+ "1&1of",
+ "1&1ok",
+ "1&1on",
+ "1&1oo",
+ "1&1os",
+ "1&1ov",
+ "1&f((",
+ "1&f()",
+ "1&f(1",
+ "1&f(f",
+ "1&f(k",
+ "1&f(n",
+ "1&f(s",
+ "1&f(v",
+ "1&k(1",
+ "1&k(f",
+ "1&k(s",
+ "1&k(v",
+ "1&k1k",
+ "1&kUk",
+ "1&kk1",
+ "1&kks",
+ "1&kkv",
+ "1&ksk",
+ "1&kvk",
+ "1&n()",
+ "1&no1",
+ "1&nos",
+ "1&nov",
+ "1&o(1",
+ "1&o(s",
+ "1&o(v",
+ "1&o1o",
+ "1&oso",
+ "1&ovo",
+ "1&sBf",
+ "1&sU(",
+ "1&sUk",
+ "1&sf(",
+ "1&so(",
+ "1&so1",
+ "1&sof",
+ "1&sok",
+ "1&son",
+ "1&soo",
+ "1&sos",
+ "1&sov",
+ "1&v",
+ "1&vBf",
+ "1&vU(",
+ "1&vUk",
+ "1&vc",
+ "1&vf(",
+ "1&vo(",
+ "1&vo1",
+ "1&vof",
+ "1&vok",
+ "1&von",
+ "1&voo",
+ "1&vos",
+ "1&vov",
+ "1)&(1",
+ "1)&(f",
+ "1)&(k",
+ "1)&(n",
+ "1)&(s",
+ "1)&(v",
+ "1)&1B",
+ "1)&1U",
+ "1)&1f",
+ "1)&1o",
+ "1)&f(",
+ "1)&o(",
+ "1)&sB",
+ "1)&sU",
+ "1)&sf",
+ "1)&so",
+ "1)&vB",
+ "1)&vU",
+ "1)&vf",
+ "1)&vo",
+ "1)()s",
+ "1)()v",
+ "1))&(",
+ "1))&1",
+ "1))&f",
+ "1))&o",
+ "1))&s",
+ "1))&v",
+ "1)))&",
+ "1))))",
+ "1)));",
+ "1)))B",
+ "1)))U",
+ "1)))c",
+ "1)))k",
+ "1)))o",
+ "1));c",
+ "1));k",
+ "1))B1",
+ "1))Bs",
+ "1))Bv",
+ "1))Uk",
+ "1))Un",
+ "1))c",
+ "1))k1",
+ "1))kk",
+ "1))ks",
+ "1))kv",
+ "1))o(",
+ "1))o1",
+ "1))of",
+ "1))ok",
+ "1))on",
+ "1))os",
+ "1))ov",
+ "1),(1",
+ "1),(s",
+ "1),(v",
+ "1);c",
+ "1);k&",
+ "1);k(",
+ "1);kf",
+ "1);kk",
+ "1);kn",
+ "1);ko",
+ "1)B1",
+ "1)B1&",
+ "1)B1c",
+ "1)B1o",
+ "1)Bs",
+ "1)Bs&",
+ "1)Bsc",
+ "1)Bso",
+ "1)Bv",
+ "1)Bv&",
+ "1)Bvc",
+ "1)Bvo",
+ "1)U(k",
+ "1)Uk(",
+ "1)Uk1",
+ "1)Ukf",
+ "1)Ukk",
+ "1)Ukn",
+ "1)Uko",
+ "1)Uks",
+ "1)Ukv",
+ "1)Unk",
+ "1)c",
+ "1)k1",
+ "1)k1c",
+ "1)k1o",
+ "1)kks",
+ "1)kkv",
+ "1)knk",
+ "1)ks",
+ "1)ksc",
+ "1)kso",
+ "1)kv",
+ "1)kvc",
+ "1)kvo",
+ "1)o(1",
+ "1)o(k",
+ "1)o(n",
+ "1)o(s",
+ "1)o(v",
+ "1)o1)",
+ "1)o1B",
+ "1)o1U",
+ "1)o1f",
+ "1)o1k",
+ "1)o1o",
+ "1)of(",
+ "1)ok(",
+ "1)ok1",
+ "1)oks",
+ "1)okv",
+ "1)on&",
+ "1)os)",
+ "1)osB",
+ "1)osU",
+ "1)osf",
+ "1)osk",
+ "1)oso",
+ "1)ov)",
+ "1)ovB",
+ "1)ovU",
+ "1)ovf",
+ "1)ovk",
+ "1)ovo",
+ "1,(f(",
+ "1,(k(",
+ "1,(k1",
+ "1,(kf",
+ "1,(ks",
+ "1,(kv",
+ "1,1),",
+ "1,1)o",
+ "1,1B1",
+ "1,1Bs",
+ "1,1Bv",
+ "1,1Uk",
+ "1,f(1",
+ "1,f(s",
+ "1,f(v",
+ "1,s),",
+ "1,s)o",
+ "1,sB1",
+ "1,sBs",
+ "1,sBv",
+ "1,sUk",
+ "1,v),",
+ "1,v)o",
+ "1,vB1",
+ "1,vBs",
+ "1,vBv",
+ "1,vUk",
+ "1;c",
+ "1;k&k",
+ "1;k((",
+ "1;k(1",
+ "1;k(o",
+ "1;k(s",
+ "1;k(v",
+ "1;k1,",
+ "1;kf(",
+ "1;kks",
+ "1;kkv",
+ "1;kn(",
+ "1;kn,",
+ "1;knc",
+ "1;ko(",
+ "1;kok",
+ "1;ks,",
+ "1;kv,",
+ "1B1",
+ "1B1,1",
+ "1B1,n",
+ "1B1,s",
+ "1B1,v",
+ "1B1Uk",
+ "1B1c",
+ "1B1k1",
+ "1B1ks",
+ "1B1kv",
+ "1Bf(1",
+ "1Bf(f",
+ "1Bf(s",
+ "1Bf(v",
+ "1Bk(1",
+ "1Bk(s",
+ "1Bk(v",
+ "1Bn,n",
+ "1Bnk1",
+ "1Bnks",
+ "1Bnkv",
+ "1Bs",
+ "1Bs,1",
+ "1Bs,n",
+ "1Bs,s",
+ "1Bs,v",
+ "1BsUk",
+ "1Bsc",
+ "1Bsk1",
+ "1Bsks",
+ "1Bskv",
+ "1Bv",
+ "1Bv,1",
+ "1Bv,n",
+ "1Bv,s",
+ "1Bv,v",
+ "1BvUk",
+ "1Bvc",
+ "1Bvk1",
+ "1Bvks",
+ "1Bvkv",
+ "1U",
+ "1U((k",
+ "1U(k1",
+ "1U(kf",
+ "1U(kn",
+ "1U(ks",
+ "1U(kv",
+ "1U1,1",
+ "1U1,s",
+ "1U1,v",
+ "1Uc",
+ "1Uk",
+ "1Uk(1",
+ "1Uk(k",
+ "1Uk(n",
+ "1Uk(s",
+ "1Uk(v",
+ "1Uk1",
+ "1Uk1,",
+ "1Uk1c",
+ "1Uk1f",
+ "1Uk1k",
+ "1Uk1n",
+ "1Uk1o",
+ "1Ukf",
+ "1Ukf(",
+ "1Ukf,",
+ "1Ukk(",
+ "1Ukk,",
+ "1Ukk1",
+ "1Ukkk",
+ "1Ukkn",
+ "1Ukks",
+ "1Ukkv",
+ "1Ukn&",
+ "1Ukn(",
+ "1Ukn,",
+ "1Ukn1",
+ "1Uknc",
+ "1Uknk",
+ "1Ukno",
+ "1Ukns",
+ "1Uknv",
+ "1Uko1",
+ "1Ukok",
+ "1Ukos",
+ "1Ukov",
+ "1Uks",
+ "1Uks,",
+ "1Uksc",
+ "1Uksf",
+ "1Uksk",
+ "1Uksn",
+ "1Ukso",
+ "1Ukv",
+ "1Ukv,",
+ "1Ukvc",
+ "1Ukvf",
+ "1Ukvk",
+ "1Ukvn",
+ "1Ukvo",
+ "1Un,1",
+ "1Un,s",
+ "1Un,v",
+ "1Un1,",
+ "1Unk(",
+ "1Unk1",
+ "1Unkf",
+ "1Unks",
+ "1Unkv",
+ "1Uns,",
+ "1Unv,",
+ "1Uon1",
+ "1Uons",
+ "1Uonv",
+ "1Us,1",
+ "1Us,s",
+ "1Us,v",
+ "1Uv,1",
+ "1Uv,s",
+ "1Uv,v",
+ "1c",
+ "1f()k",
+ "1k1U(",
+ "1k1Uk",
+ "1k1c",
+ "1k1o1",
+ "1k1ov",
+ "1kU1,",
+ "1kUs,",
+ "1kUv,",
+ "1kf(1",
+ "1kf(s",
+ "1kf(v",
+ "1kk(1",
+ "1kk(s",
+ "1kk(v",
+ "1kksc",
+ "1kkvc",
+ "1knkn",
+ "1kno1",
+ "1knov",
+ "1kokn",
+ "1ksU(",
+ "1ksUk",
+ "1ksc",
+ "1kvU(",
+ "1kvUk",
+ "1kvc",
+ "1kvo1",
+ "1kvov",
+ "1n&f(",
+ "1n)Uk",
+ "1nUk1",
+ "1nUkn",
+ "1nUks",
+ "1nUkv",
+ "1nk1c",
+ "1nkf(",
+ "1nksc",
+ "1nkvc",
+ "1o(((",
+ "1o((1",
+ "1o((f",
+ "1o((s",
+ "1o((v",
+ "1o(1)",
+ "1o(1o",
+ "1o(f(",
+ "1o(k(",
+ "1o(k1",
+ "1o(kf",
+ "1o(kn",
+ "1o(ks",
+ "1o(kv",
+ "1o(n)",
+ "1o(o1",
+ "1o(os",
+ "1o(ov",
+ "1o(s)",
+ "1o(so",
+ "1o(v)",
+ "1o(vo",
+ "1o1)&",
+ "1o1)o",
+ "1o1Bf",
+ "1o1Uk",
+ "1o1f(",
+ "1o1kf",
+ "1o1o(",
+ "1o1o1",
+ "1o1of",
+ "1o1oo",
+ "1o1os",
+ "1o1ov",
+ "1of()",
+ "1of(1",
+ "1of(f",
+ "1of(n",
+ "1of(s",
+ "1of(v",
+ "1ok(1",
+ "1ok(k",
+ "1ok(s",
+ "1ok(v",
+ "1ok)U",
+ "1ok)o",
+ "1ok1",
+ "1ok1,",
+ "1ok1c",
+ "1ok1k",
+ "1okUk",
+ "1okf(",
+ "1oks",
+ "1oks,",
+ "1oksc",
+ "1oksk",
+ "1okv",
+ "1okv,",
+ "1okvc",
+ "1okvk",
+ "1onos",
+ "1onov",
+ "1os)&",
+ "1os)U",
+ "1os)o",
+ "1osBf",
+ "1osUk",
+ "1osf(",
+ "1oskf",
+ "1oso(",
+ "1oso1",
+ "1osof",
+ "1osoo",
+ "1osos",
+ "1osov",
+ "1ov)&",
+ "1ov)U",
+ "1ov)o",
+ "1ovBf",
+ "1ovUk",
+ "1ovf(",
+ "1ovkf",
+ "1ovo(",
+ "1ovo1",
+ "1ovof",
+ "1ovoo",
+ "1ovos",
+ "1ovov",
+ ";kknc",
+ "Uk1,1",
+ "Uk1,f",
+ "Uk1,n",
+ "Uk1,s",
+ "Uk1,v",
+ "Ukkkn",
+ "Uks,1",
+ "Uks,f",
+ "Uks,n",
+ "Uks,s",
+ "Uks,v",
+ "Ukv,1",
+ "Ukv,f",
+ "Ukv,n",
+ "Ukv,s",
+ "Ukv,v",
+ "f((f(",
+ "f((k(",
+ "f((kf",
+ "f()&f",
+ "f()of",
+ "f(1)&",
+ "f(1)U",
+ "f(1)o",
+ "f(1,1",
+ "f(1,f",
+ "f(1,s",
+ "f(1,v",
+ "f(1o1",
+ "f(1os",
+ "f(1ov",
+ "f(f()",
+ "f(f(1",
+ "f(f(f",
+ "f(f(s",
+ "f(f(v",
+ "f(k()",
+ "f(k,(",
+ "f(k,f",
+ "f(k,n",
+ "f(n()",
+ "f(s)&",
+ "f(s)U",
+ "f(s)o",
+ "f(s,1",
+ "f(s,f",
+ "f(s,s",
+ "f(s,v",
+ "f(so1",
+ "f(sos",
+ "f(sov",
+ "f(v)&",
+ "f(v)U",
+ "f(v)o",
+ "f(v,1",
+ "f(v,f",
+ "f(v,s",
+ "f(v,v",
+ "f(vo1",
+ "f(vos",
+ "f(vov",
+ "k()ok",
+ "k(1)U",
+ "k(f(1",
+ "k(f(v",
+ "k(ok(",
+ "k(s)U",
+ "k(sv)",
+ "k(v)U",
+ "k(vs)",
+ "k(vv)",
+ "k1,1,",
+ "k1,1c",
+ "k1,1k",
+ "k1,f(",
+ "k1,n,",
+ "k1,s,",
+ "k1,sc",
+ "k1,sk",
+ "k1,v,",
+ "k1,vc",
+ "k1,vk",
+ "k1k(k",
+ "k1kf(",
+ "k1o(s",
+ "k1o(v",
+ "k;non",
+ "kc",
+ "kf((f",
+ "kf(1)",
+ "kf(1,",
+ "kf(f(",
+ "kf(n,",
+ "kf(o)",
+ "kf(s)",
+ "kf(s,",
+ "kf(s:",
+ "kf(v)",
+ "kf(v,",
+ "kf(v:",
+ "kk(f(",
+ "kk1f(",
+ "kk1fn",
+ "kk1kk",
+ "kk1nk",
+ "kk1sf",
+ "kk1sk",
+ "kk1sn",
+ "kk1vf",
+ "kk1vk",
+ "kk1vn",
+ "kksf(",
+ "kksfn",
+ "kkskk",
+ "kksnk",
+ "kksvk",
+ "kksvn",
+ "kkvf(",
+ "kkvfn",
+ "kkvkk",
+ "kkvnk",
+ "kkvsf",
+ "kkvsk",
+ "kkvsn",
+ "kkvvf",
+ "kkvvk",
+ "kkvvn",
+ "kn1kk",
+ "kn1sk",
+ "kn1sn",
+ "kn1vk",
+ "kn1vn",
+ "knk(k",
+ "knskk",
+ "knsvk",
+ "knsvn",
+ "knvkk",
+ "knvsk",
+ "knvsn",
+ "knvvk",
+ "knvvn",
+ "ko(k(",
+ "ko(kf",
+ "ko(n,",
+ "ko(s,",
+ "ko(v,",
+ "kok(k",
+ "ks&(k",
+ "ks&(o",
+ "ks)",
+ "ks,1,",
+ "ks,1c",
+ "ks,1k",
+ "ks,f(",
+ "ks,s,",
+ "ks,sc",
+ "ks,sk",
+ "ks,v,",
+ "ks,vc",
+ "ks,vk",
+ "ksf(1",
+ "ksf(s",
+ "ksf(v",
+ "ksk(1",
+ "ksk(k",
+ "ksk(s",
+ "ksk(v",
+ "kso(s",
+ "kso(v",
+ "kv&(k",
+ "kv&(o",
+ "kv)",
+ "kv,1,",
+ "kv,1c",
+ "kv,1k",
+ "kv,f(",
+ "kv,n,",
+ "kv,s,",
+ "kv,sc",
+ "kv,sk",
+ "kv,v,",
+ "kv,vc",
+ "kv,vk",
+ "kvf(1",
+ "kvf(s",
+ "kvf(v",
+ "kvk(1",
+ "kvk(k",
+ "kvk(s",
+ "kvk(v",
+ "kvkf(",
+ "kvo(s",
+ "kvo(v",
+ "n&(1)",
+ "n&(1,",
+ "n&(k1",
+ "n&(ks",
+ "n&(kv",
+ "n&(o1",
+ "n&(os",
+ "n&(ov",
+ "n&(s)",
+ "n&(s,",
+ "n&(v)",
+ "n&(v,",
+ "n&1Bf",
+ "n&1f(",
+ "n&1o(",
+ "n&1o1",
+ "n&1of",
+ "n&1oo",
+ "n&1os",
+ "n&1ov",
+ "n&f(1",
+ "n&f(f",
+ "n&f(s",
+ "n&f(v",
+ "n&k(1",
+ "n&k(s",
+ "n&k(v",
+ "n&o1o",
+ "n&oso",
+ "n&ovo",
+ "n&sf(",
+ "n&so(",
+ "n&so1",
+ "n&sof",
+ "n&soo",
+ "n&sos",
+ "n&sov",
+ "n&vBf",
+ "n&vf(",
+ "n&vo(",
+ "n&vo1",
+ "n&vof",
+ "n&voo",
+ "n&vos",
+ "n&vov",
+ "n)&(k",
+ "n)&1f",
+ "n)&1o",
+ "n)&f(",
+ "n)&sf",
+ "n)&so",
+ "n)&vf",
+ "n)&vo",
+ "n))&(",
+ "n))&1",
+ "n))&f",
+ "n))&s",
+ "n))&v",
+ "n)))&",
+ "n)));",
+ "n)))B",
+ "n)))U",
+ "n)))c",
+ "n)))k",
+ "n)))o",
+ "n));c",
+ "n));k",
+ "n))B1",
+ "n))Bv",
+ "n))Uk",
+ "n))c",
+ "n))kk",
+ "n))o(",
+ "n))o1",
+ "n))of",
+ "n))ok",
+ "n))os",
+ "n))ov",
+ "n);c",
+ "n);k&",
+ "n);k(",
+ "n);kf",
+ "n);kk",
+ "n);kn",
+ "n);ko",
+ "n)B1c",
+ "n)Bvc",
+ "n)Uk1",
+ "n)Ukv",
+ "n)c",
+ "n)k1o",
+ "n)kks",
+ "n)kkv",
+ "n)kso",
+ "n)kvo",
+ "n)o(k",
+ "n)o1&",
+ "n)o1f",
+ "n)o1o",
+ "n)of(",
+ "n)ok(",
+ "n)os&",
+ "n)osf",
+ "n)oso",
+ "n)ov&",
+ "n)ovf",
+ "n)ovo",
+ "n,(f(",
+ "n,(k(",
+ "n,(k1",
+ "n,(kf",
+ "n,(ks",
+ "n,(kv",
+ "n,f(1",
+ "n,f(s",
+ "n,f(v",
+ "n:o1U",
+ "n:osU",
+ "n:ovU",
+ "n;c",
+ "n;k&k",
+ "n;k((",
+ "n;k(1",
+ "n;k(s",
+ "n;k(v",
+ "n;kf(",
+ "n;kks",
+ "n;kkv",
+ "n;kn(",
+ "n;ko(",
+ "n;kok",
+ "nB1c",
+ "nBvc",
+ "nUk(k",
+ "nUk1,",
+ "nUk1c",
+ "nUkf(",
+ "nUkn,",
+ "nUks,",
+ "nUkv,",
+ "nUkvc",
+ "nUnk(",
+ "nc",
+ "nk1Uk",
+ "nk1o1",
+ "nk1ov",
+ "nkf(1",
+ "nkf(s",
+ "nkf(v",
+ "nkksc",
+ "nkkvc",
+ "nksUk",
+ "nkvUk",
+ "nkvo1",
+ "nkvov",
+ "nnn)U",
+ "nno1U",
+ "nnosU",
+ "nnovU",
+ "no(k1",
+ "no(ks",
+ "no(kv",
+ "no(o1",
+ "no(os",
+ "no(ov",
+ "no1&1",
+ "no1&s",
+ "no1&v",
+ "no1Uk",
+ "no1f(",
+ "no1o(",
+ "no1of",
+ "no1oo",
+ "no1os",
+ "no1ov",
+ "nof(1",
+ "nof(s",
+ "nof(v",
+ "nok(1",
+ "nok(f",
+ "nok(k",
+ "nok(s",
+ "nok(v",
+ "nono1",
+ "nonov",
+ "nos&1",
+ "nos&s",
+ "nos&v",
+ "nosUk",
+ "nosf(",
+ "noso(",
+ "noso1",
+ "nosof",
+ "nosoo",
+ "nosos",
+ "nosov",
+ "nov&1",
+ "nov&s",
+ "nov&v",
+ "novUk",
+ "novf(",
+ "novo(",
+ "novo1",
+ "novof",
+ "novoo",
+ "novos",
+ "novov",
+ "o1kf(",
+ "oUk1,",
+ "oUks,",
+ "oUkv,",
+ "oc",
+ "of()o",
+ "of(1)",
+ "of(s)",
+ "of(v)",
+ "ok1o1",
+ "ok1os",
+ "ok1ov",
+ "okkkn",
+ "okso1",
+ "oksos",
+ "oksov",
+ "okvo1",
+ "okvos",
+ "okvov",
+ "ook1,",
+ "ooks,",
+ "ookv,",
+ "oskf(",
+ "ovkf(",
+ "s&((f",
+ "s&((k",
+ "s&(1)",
+ "s&(1,",
+ "s&(1o",
+ "s&(f(",
+ "s&(k(",
+ "s&(k)",
+ "s&(k1",
+ "s&(kc",
+ "s&(kf",
+ "s&(kk",
+ "s&(kn",
+ "s&(ko",
+ "s&(ks",
+ "s&(kv",
+ "s&(s)",
+ "s&(s,",
+ "s&(so",
+ "s&(v)",
+ "s&(v,",
+ "s&(vo",
+ "s&1",
+ "s&1Bf",
+ "s&1Uk",
+ "s&1c",
+ "s&1f(",
+ "s&1o(",
+ "s&1o1",
+ "s&1of",
+ "s&1ok",
+ "s&1on",
+ "s&1oo",
+ "s&1os",
+ "s&1ov",
+ "s&f((",
+ "s&f()",
+ "s&f(1",
+ "s&f(f",
+ "s&f(k",
+ "s&f(n",
+ "s&f(s",
+ "s&f(v",
+ "s&k&s",
+ "s&k&v",
+ "s&k(1",
+ "s&k(f",
+ "s&k(o",
+ "s&k(s",
+ "s&k(v",
+ "s&k1k",
+ "s&k1o",
+ "s&kUk",
+ "s&kc",
+ "s&kk1",
+ "s&kks",
+ "s&kkv",
+ "s&knk",
+ "s&ko(",
+ "s&ko1",
+ "s&kok",
+ "s&kos",
+ "s&kov",
+ "s&ksk",
+ "s&kso",
+ "s&kvk",
+ "s&kvo",
+ "s&n&s",
+ "s&n&v",
+ "s&n()",
+ "s&no1",
+ "s&nos",
+ "s&nov",
+ "s&o(1",
+ "s&o(k",
+ "s&o(s",
+ "s&o(v",
+ "s&o1o",
+ "s&okc",
+ "s&oko",
+ "s&os",
+ "s&oso",
+ "s&ov",
+ "s&ovo",
+ "s&s",
+ "s&s:o",
+ "s&sBf",
+ "s&sU(",
+ "s&sUk",
+ "s&sc",
+ "s&sf(",
+ "s&so(",
+ "s&so1",
+ "s&sof",
+ "s&sok",
+ "s&son",
+ "s&soo",
+ "s&sos",
+ "s&sov",
+ "s&svo",
+ "s&v",
+ "s&v:o",
+ "s&vBf",
+ "s&vU(",
+ "s&vUk",
+ "s&vc",
+ "s&vf(",
+ "s&vo(",
+ "s&vo1",
+ "s&vof",
+ "s&vok",
+ "s&von",
+ "s&voo",
+ "s&vos",
+ "s&vov",
+ "s&vso",
+ "s&vvo",
+ "s(c",
+ "s)&(1",
+ "s)&(f",
+ "s)&(k",
+ "s)&(n",
+ "s)&(s",
+ "s)&(v",
+ "s)&1B",
+ "s)&1U",
+ "s)&1f",
+ "s)&1o",
+ "s)&f(",
+ "s)&o(",
+ "s)&sB",
+ "s)&sU",
+ "s)&sf",
+ "s)&so",
+ "s)&vB",
+ "s)&vU",
+ "s)&vf",
+ "s)&vo",
+ "s)()s",
+ "s)()v",
+ "s))&(",
+ "s))&1",
+ "s))&f",
+ "s))&n",
+ "s))&o",
+ "s))&s",
+ "s))&v",
+ "s)))&",
+ "s))))",
+ "s)));",
+ "s)))B",
+ "s)))U",
+ "s)))c",
+ "s)))k",
+ "s)))o",
+ "s));c",
+ "s));k",
+ "s))B1",
+ "s))Bs",
+ "s))Bv",
+ "s))Uk",
+ "s))Un",
+ "s))c",
+ "s))k1",
+ "s))kk",
+ "s))ks",
+ "s))kv",
+ "s))o(",
+ "s))o1",
+ "s))of",
+ "s))ok",
+ "s))on",
+ "s))os",
+ "s))ov",
+ "s),(1",
+ "s),(s",
+ "s),(v",
+ "s);c",
+ "s);k&",
+ "s);k(",
+ "s);kf",
+ "s);kk",
+ "s);kn",
+ "s);ko",
+ "s)B1",
+ "s)B1&",
+ "s)B1c",
+ "s)B1o",
+ "s)Bs",
+ "s)Bs&",
+ "s)Bsc",
+ "s)Bso",
+ "s)Bv",
+ "s)Bv&",
+ "s)Bvc",
+ "s)Bvo",
+ "s)U(k",
+ "s)Uk(",
+ "s)Uk1",
+ "s)Ukf",
+ "s)Ukk",
+ "s)Ukn",
+ "s)Uko",
+ "s)Uks",
+ "s)Ukv",
+ "s)Unk",
+ "s)c",
+ "s)k1",
+ "s)k1c",
+ "s)k1o",
+ "s)kks",
+ "s)kkv",
+ "s)ks",
+ "s)ksc",
+ "s)kso",
+ "s)kv",
+ "s)kvc",
+ "s)kvo",
+ "s)o(1",
+ "s)o(k",
+ "s)o(n",
+ "s)o(s",
+ "s)o(v",
+ "s)o1B",
+ "s)o1U",
+ "s)o1f",
+ "s)o1k",
+ "s)o1o",
+ "s)of(",
+ "s)ok(",
+ "s)ok1",
+ "s)oks",
+ "s)okv",
+ "s)on&",
+ "s)os)",
+ "s)osB",
+ "s)osU",
+ "s)osf",
+ "s)osk",
+ "s)oso",
+ "s)ov)",
+ "s)ovB",
+ "s)ovU",
+ "s)ovf",
+ "s)ovk",
+ "s)ovo",
+ "s,(f(",
+ "s,(k(",
+ "s,(k1",
+ "s,(kf",
+ "s,(ks",
+ "s,(kv",
+ "s,1),",
+ "s,1)o",
+ "s,1B1",
+ "s,1Bs",
+ "s,1Bv",
+ "s,1Uk",
+ "s,f(1",
+ "s,f(s",
+ "s,f(v",
+ "s,s),",
+ "s,s)o",
+ "s,sB1",
+ "s,sBs",
+ "s,sBv",
+ "s,sUk",
+ "s,v),",
+ "s,v)o",
+ "s,vB1",
+ "s,vBs",
+ "s,vBv",
+ "s,vUk",
+ "s:o1)",
+ "s:os)",
+ "s:ov)",
+ "s;c",
+ "s;k&k",
+ "s;k((",
+ "s;k(1",
+ "s;k(o",
+ "s;k(s",
+ "s;k(v",
+ "s;k1,",
+ "s;k1o",
+ "s;k;",
+ "s;k[k",
+ "s;k[n",
+ "s;kf(",
+ "s;kkn",
+ "s;kks",
+ "s;kkv",
+ "s;kn(",
+ "s;kn,",
+ "s;knc",
+ "s;knk",
+ "s;knn",
+ "s;ko(",
+ "s;kok",
+ "s;ks,",
+ "s;ksc",
+ "s;ksk",
+ "s;kso",
+ "s;kv,",
+ "s;kvc",
+ "s;kvk",
+ "s;kvo",
+ "s;n:k",
+ "sB1",
+ "sB1&s",
+ "sB1&v",
+ "sB1,1",
+ "sB1,n",
+ "sB1,s",
+ "sB1,v",
+ "sB1Uk",
+ "sB1c",
+ "sB1k1",
+ "sB1ks",
+ "sB1kv",
+ "sB1os",
+ "sB1ov",
+ "sBf(1",
+ "sBf(f",
+ "sBf(s",
+ "sBf(v",
+ "sBk(1",
+ "sBk(s",
+ "sBk(v",
+ "sBn,n",
+ "sBnk1",
+ "sBnks",
+ "sBnkv",
+ "sBs",
+ "sBs&s",
+ "sBs&v",
+ "sBs,1",
+ "sBs,n",
+ "sBs,s",
+ "sBs,v",
+ "sBsUk",
+ "sBsc",
+ "sBsk1",
+ "sBsks",
+ "sBskv",
+ "sBsos",
+ "sBsov",
+ "sBv",
+ "sBv&s",
+ "sBv&v",
+ "sBv,1",
+ "sBv,n",
+ "sBv,s",
+ "sBv,v",
+ "sBvUk",
+ "sBvc",
+ "sBvk1",
+ "sBvks",
+ "sBvkv",
+ "sBvos",
+ "sBvov",
+ "sU((k",
+ "sU(k(",
+ "sU(k1",
+ "sU(kf",
+ "sU(kk",
+ "sU(kn",
+ "sU(ks",
+ "sU(kv",
+ "sU1,1",
+ "sU1,s",
+ "sU1,v",
+ "sUc",
+ "sUk",
+ "sUk(1",
+ "sUk(k",
+ "sUk(n",
+ "sUk(s",
+ "sUk(v",
+ "sUk1",
+ "sUk1&",
+ "sUk1,",
+ "sUk1c",
+ "sUk1f",
+ "sUk1k",
+ "sUk1n",
+ "sUk1o",
+ "sUkf",
+ "sUkf(",
+ "sUkf,",
+ "sUkk(",
+ "sUkk,",
+ "sUkk1",
+ "sUkkk",
+ "sUkkn",
+ "sUkks",
+ "sUkkv",
+ "sUkn&",
+ "sUkn(",
+ "sUkn,",
+ "sUkn1",
+ "sUknc",
+ "sUknk",
+ "sUkno",
+ "sUkns",
+ "sUknv",
+ "sUko1",
+ "sUkok",
+ "sUkos",
+ "sUkov",
+ "sUks",
+ "sUks&",
+ "sUks,",
+ "sUksc",
+ "sUksf",
+ "sUksk",
+ "sUksn",
+ "sUkso",
+ "sUkv",
+ "sUkv&",
+ "sUkv,",
+ "sUkvc",
+ "sUkvf",
+ "sUkvk",
+ "sUkvn",
+ "sUkvo",
+ "sUn(k",
+ "sUn,1",
+ "sUn,s",
+ "sUn,v",
+ "sUn1,",
+ "sUnk(",
+ "sUnk1",
+ "sUnkf",
+ "sUnks",
+ "sUnkv",
+ "sUno1",
+ "sUnos",
+ "sUnov",
+ "sUns,",
+ "sUnv,",
+ "sUon1",
+ "sUons",
+ "sUonv",
+ "sUs,1",
+ "sUs,s",
+ "sUs,v",
+ "sUv,1",
+ "sUv,s",
+ "sUv,v",
+ "sc",
+ "sf()k",
+ "sf(1)",
+ "sf(n,",
+ "sf(s)",
+ "sf(v)",
+ "sk)&(",
+ "sk)&1",
+ "sk)&f",
+ "sk)&s",
+ "sk)&v",
+ "sk);k",
+ "sk)B1",
+ "sk)Bs",
+ "sk)Bv",
+ "sk)Uk",
+ "sk)Un",
+ "sk)k1",
+ "sk)kk",
+ "sk)ks",
+ "sk)kv",
+ "sk)o(",
+ "sk)o1",
+ "sk)of",
+ "sk)ok",
+ "sk)os",
+ "sk)ov",
+ "sk1&1",
+ "sk1&s",
+ "sk1&v",
+ "sk1U(",
+ "sk1Uk",
+ "sk1c",
+ "sk1o1",
+ "sk1os",
+ "sk1ov",
+ "skU1,",
+ "skUs,",
+ "skUv,",
+ "skf(1",
+ "skf(s",
+ "skf(v",
+ "skk(1",
+ "skk(s",
+ "skk(v",
+ "skks",
+ "skksc",
+ "skkv",
+ "skkvc",
+ "sknkn",
+ "sks&1",
+ "sks&s",
+ "sks&v",
+ "sksU(",
+ "sksUk",
+ "sksc",
+ "skso1",
+ "sksos",
+ "sksov",
+ "skv&1",
+ "skv&s",
+ "skv&v",
+ "skvU(",
+ "skvUk",
+ "skvc",
+ "skvo1",
+ "skvos",
+ "skvov",
+ "sn&f(",
+ "sn,f(",
+ "snUk1",
+ "snUkn",
+ "snUks",
+ "snUkv",
+ "snk1c",
+ "snkf(",
+ "snksc",
+ "snkvc",
+ "sno(s",
+ "sno(v",
+ "sno1U",
+ "snosU",
+ "snovU",
+ "so(((",
+ "so((1",
+ "so((f",
+ "so((k",
+ "so((s",
+ "so((v",
+ "so(1)",
+ "so(1o",
+ "so(f(",
+ "so(k(",
+ "so(k)",
+ "so(k1",
+ "so(kc",
+ "so(kf",
+ "so(kk",
+ "so(kn",
+ "so(ko",
+ "so(ks",
+ "so(kv",
+ "so(n)",
+ "so(o1",
+ "so(os",
+ "so(ov",
+ "so(s)",
+ "so(so",
+ "so(v)",
+ "so(vo",
+ "so1&1",
+ "so1&o",
+ "so1&s",
+ "so1&v",
+ "so1)&",
+ "so1)o",
+ "so1Bf",
+ "so1Uk",
+ "so1c",
+ "so1f(",
+ "so1kf",
+ "so1o(",
+ "so1o1",
+ "so1of",
+ "so1ok",
+ "so1oo",
+ "so1os",
+ "so1ov",
+ "sof()",
+ "sof(1",
+ "sof(f",
+ "sof(k",
+ "sof(n",
+ "sof(s",
+ "sof(v",
+ "sok&s",
+ "sok&v",
+ "sok(1",
+ "sok(k",
+ "sok(o",
+ "sok(s",
+ "sok(v",
+ "sok1",
+ "sok1,",
+ "sok1c",
+ "sok1k",
+ "sok1o",
+ "sokUk",
+ "sokc",
+ "sokf(",
+ "sokn,",
+ "soknk",
+ "soko(",
+ "soko1",
+ "sokok",
+ "sokos",
+ "sokov",
+ "soks",
+ "soks,",
+ "soksc",
+ "soksk",
+ "sokso",
+ "sokv",
+ "sokv,",
+ "sokvc",
+ "sokvk",
+ "sokvo",
+ "sonk1",
+ "sonks",
+ "sonkv",
+ "sonos",
+ "sonov",
+ "sos",
+ "sos&(",
+ "sos&1",
+ "sos&o",
+ "sos&s",
+ "sos&v",
+ "sos)&",
+ "sos)o",
+ "sos:o",
+ "sosBf",
+ "sosUk",
+ "sosc",
+ "sosf(",
+ "soskf",
+ "soso(",
+ "soso1",
+ "sosof",
+ "sosok",
+ "sosoo",
+ "sosos",
+ "sosov",
+ "sosvo",
+ "sov",
+ "sov&(",
+ "sov&1",
+ "sov&o",
+ "sov&s",
+ "sov&v",
+ "sov)&",
+ "sov)o",
+ "sov:o",
+ "sovBf",
+ "sovUk",
+ "sovc",
+ "sovf(",
+ "sovkf",
+ "sovo(",
+ "sovo1",
+ "sovof",
+ "sovok",
+ "sovoo",
+ "sovos",
+ "sovov",
+ "sovso",
+ "sovvo",
+ "v&((f",
+ "v&((k",
+ "v&(1)",
+ "v&(1,",
+ "v&(1o",
+ "v&(f(",
+ "v&(k(",
+ "v&(k)",
+ "v&(k1",
+ "v&(kc",
+ "v&(kf",
+ "v&(kk",
+ "v&(kn",
+ "v&(ko",
+ "v&(ks",
+ "v&(kv",
+ "v&(s)",
+ "v&(s,",
+ "v&(so",
+ "v&(v)",
+ "v&(v,",
+ "v&(vo",
+ "v&1",
+ "v&1Bf",
+ "v&1Uk",
+ "v&1c",
+ "v&1f(",
+ "v&1o(",
+ "v&1o1",
+ "v&1of",
+ "v&1ok",
+ "v&1on",
+ "v&1oo",
+ "v&1os",
+ "v&1ov",
+ "v&f((",
+ "v&f()",
+ "v&f(1",
+ "v&f(f",
+ "v&f(k",
+ "v&f(n",
+ "v&f(s",
+ "v&f(v",
+ "v&k&s",
+ "v&k&v",
+ "v&k(1",
+ "v&k(f",
+ "v&k(o",
+ "v&k(s",
+ "v&k(v",
+ "v&k1k",
+ "v&k1o",
+ "v&kUk",
+ "v&kc",
+ "v&kk1",
+ "v&kks",
+ "v&kkv",
+ "v&knk",
+ "v&ko(",
+ "v&ko1",
+ "v&kok",
+ "v&kos",
+ "v&kov",
+ "v&ksk",
+ "v&kso",
+ "v&kvk",
+ "v&kvo",
+ "v&n&s",
+ "v&n&v",
+ "v&n()",
+ "v&no1",
+ "v&nos",
+ "v&nov",
+ "v&o(1",
+ "v&o(k",
+ "v&o(s",
+ "v&o(v",
+ "v&o1o",
+ "v&okc",
+ "v&oko",
+ "v&os",
+ "v&oso",
+ "v&ov",
+ "v&ovo",
+ "v&s",
+ "v&s:o",
+ "v&sBf",
+ "v&sU(",
+ "v&sUk",
+ "v&sc",
+ "v&sf(",
+ "v&so(",
+ "v&so1",
+ "v&sof",
+ "v&sok",
+ "v&son",
+ "v&soo",
+ "v&sos",
+ "v&sov",
+ "v&svo",
+ "v&v",
+ "v&v:o",
+ "v&vBf",
+ "v&vU(",
+ "v&vUk",
+ "v&vc",
+ "v&vf(",
+ "v&vo(",
+ "v&vo1",
+ "v&vof",
+ "v&vok",
+ "v&von",
+ "v&voo",
+ "v&vos",
+ "v&vov",
+ "v&vso",
+ "v&vvo",
+ "v(c",
+ "v)&(1",
+ "v)&(f",
+ "v)&(k",
+ "v)&(n",
+ "v)&(s",
+ "v)&(v",
+ "v)&1B",
+ "v)&1U",
+ "v)&1f",
+ "v)&1o",
+ "v)&f(",
+ "v)&o(",
+ "v)&sB",
+ "v)&sU",
+ "v)&sf",
+ "v)&so",
+ "v)&vB",
+ "v)&vU",
+ "v)&vf",
+ "v)&vo",
+ "v)()s",
+ "v)()v",
+ "v))&(",
+ "v))&1",
+ "v))&f",
+ "v))&n",
+ "v))&o",
+ "v))&s",
+ "v))&v",
+ "v)))&",
+ "v))))",
+ "v)));",
+ "v)))B",
+ "v)))U",
+ "v)))c",
+ "v)))k",
+ "v)))o",
+ "v));c",
+ "v));k",
+ "v))B1",
+ "v))Bs",
+ "v))Bv",
+ "v))Uk",
+ "v))Un",
+ "v))c",
+ "v))k1",
+ "v))kk",
+ "v))ks",
+ "v))kv",
+ "v))o(",
+ "v))o1",
+ "v))of",
+ "v))ok",
+ "v))on",
+ "v))os",
+ "v))ov",
+ "v),(1",
+ "v),(s",
+ "v),(v",
+ "v);c",
+ "v);k&",
+ "v);k(",
+ "v);kf",
+ "v);kk",
+ "v);kn",
+ "v);ko",
+ "v)B1",
+ "v)B1&",
+ "v)B1c",
+ "v)B1o",
+ "v)Bs",
+ "v)Bs&",
+ "v)Bsc",
+ "v)Bso",
+ "v)Bv",
+ "v)Bv&",
+ "v)Bvc",
+ "v)Bvo",
+ "v)U(k",
+ "v)Uk(",
+ "v)Uk1",
+ "v)Ukf",
+ "v)Ukk",
+ "v)Ukn",
+ "v)Uko",
+ "v)Uks",
+ "v)Ukv",
+ "v)Unk",
+ "v)c",
+ "v)k1",
+ "v)k1c",
+ "v)k1o",
+ "v)kks",
+ "v)kkv",
+ "v)knk",
+ "v)ks",
+ "v)ksc",
+ "v)kso",
+ "v)kv",
+ "v)kvc",
+ "v)kvo",
+ "v)o(1",
+ "v)o(k",
+ "v)o(n",
+ "v)o(s",
+ "v)o(v",
+ "v)o1)",
+ "v)o1B",
+ "v)o1U",
+ "v)o1f",
+ "v)o1k",
+ "v)o1o",
+ "v)of(",
+ "v)ok(",
+ "v)ok1",
+ "v)oks",
+ "v)okv",
+ "v)on&",
+ "v)os)",
+ "v)osB",
+ "v)osU",
+ "v)osf",
+ "v)osk",
+ "v)oso",
+ "v)ov)",
+ "v)ovB",
+ "v)ovU",
+ "v)ovf",
+ "v)ovk",
+ "v)ovo",
+ "v,(f(",
+ "v,(k(",
+ "v,(k1",
+ "v,(kf",
+ "v,(ks",
+ "v,(kv",
+ "v,1),",
+ "v,1)o",
+ "v,1B1",
+ "v,1Bs",
+ "v,1Bv",
+ "v,1Uk",
+ "v,f(1",
+ "v,f(s",
+ "v,f(v",
+ "v,s),",
+ "v,s)o",
+ "v,sB1",
+ "v,sBs",
+ "v,sBv",
+ "v,sUk",
+ "v,v),",
+ "v,v)o",
+ "v,vB1",
+ "v,vBs",
+ "v,vBv",
+ "v,vUk",
+ "v:o1)",
+ "v:os)",
+ "v:ov)",
+ "v;c",
+ "v;k&k",
+ "v;k((",
+ "v;k(1",
+ "v;k(o",
+ "v;k(s",
+ "v;k(v",
+ "v;k1,",
+ "v;k1o",
+ "v;k;",
+ "v;k[k",
+ "v;k[n",
+ "v;kf(",
+ "v;kkn",
+ "v;kks",
+ "v;kkv",
+ "v;kn(",
+ "v;kn,",
+ "v;knc",
+ "v;knk",
+ "v;knn",
+ "v;ko(",
+ "v;kok",
+ "v;ks,",
+ "v;ksc",
+ "v;ksk",
+ "v;kso",
+ "v;kv,",
+ "v;kvc",
+ "v;kvk",
+ "v;kvo",
+ "v;n:k",
+ "vB1",
+ "vB1&s",
+ "vB1&v",
+ "vB1,1",
+ "vB1,n",
+ "vB1,s",
+ "vB1,v",
+ "vB1Uk",
+ "vB1c",
+ "vB1k1",
+ "vB1ks",
+ "vB1kv",
+ "vB1os",
+ "vB1ov",
+ "vBf(1",
+ "vBf(f",
+ "vBf(s",
+ "vBf(v",
+ "vBk(1",
+ "vBk(s",
+ "vBk(v",
+ "vBn,n",
+ "vBnk1",
+ "vBnks",
+ "vBnkv",
+ "vBs",
+ "vBs&s",
+ "vBs&v",
+ "vBs,1",
+ "vBs,n",
+ "vBs,s",
+ "vBs,v",
+ "vBsUk",
+ "vBsc",
+ "vBsk1",
+ "vBsks",
+ "vBskv",
+ "vBsos",
+ "vBsov",
+ "vBv",
+ "vBv&s",
+ "vBv&v",
+ "vBv,1",
+ "vBv,n",
+ "vBv,s",
+ "vBv,v",
+ "vBvUk",
+ "vBvc",
+ "vBvk1",
+ "vBvks",
+ "vBvkv",
+ "vBvos",
+ "vBvov",
+ "vU",
+ "vU((k",
+ "vU(k(",
+ "vU(k1",
+ "vU(kf",
+ "vU(kk",
+ "vU(kn",
+ "vU(ks",
+ "vU(kv",
+ "vU1,1",
+ "vU1,s",
+ "vU1,v",
+ "vUc",
+ "vUk",
+ "vUk(1",
+ "vUk(k",
+ "vUk(n",
+ "vUk(s",
+ "vUk(v",
+ "vUk1",
+ "vUk1&",
+ "vUk1,",
+ "vUk1c",
+ "vUk1f",
+ "vUk1k",
+ "vUk1n",
+ "vUk1o",
+ "vUkf",
+ "vUkf(",
+ "vUkf,",
+ "vUkk(",
+ "vUkk,",
+ "vUkk1",
+ "vUkkk",
+ "vUkkn",
+ "vUkks",
+ "vUkkv",
+ "vUkn&",
+ "vUkn(",
+ "vUkn,",
+ "vUkn1",
+ "vUknc",
+ "vUknk",
+ "vUkno",
+ "vUkns",
+ "vUknv",
+ "vUko1",
+ "vUkok",
+ "vUkos",
+ "vUkov",
+ "vUks",
+ "vUks&",
+ "vUks,",
+ "vUksc",
+ "vUksf",
+ "vUksk",
+ "vUksn",
+ "vUkso",
+ "vUkv",
+ "vUkv&",
+ "vUkv,",
+ "vUkvc",
+ "vUkvf",
+ "vUkvk",
+ "vUkvn",
+ "vUkvo",
+ "vUn(k",
+ "vUn,1",
+ "vUn,s",
+ "vUn,v",
+ "vUn1,",
+ "vUnk(",
+ "vUnk1",
+ "vUnkf",
+ "vUnks",
+ "vUnkv",
+ "vUno1",
+ "vUnos",
+ "vUnov",
+ "vUns,",
+ "vUnv,",
+ "vUon1",
+ "vUons",
+ "vUonv",
+ "vUs,1",
+ "vUs,s",
+ "vUs,v",
+ "vUv,1",
+ "vUv,s",
+ "vUv,v",
+ "vc",
+ "vf()k",
+ "vf(1)",
+ "vf(n,",
+ "vf(s)",
+ "vf(v)",
+ "vk)&(",
+ "vk)&1",
+ "vk)&f",
+ "vk)&s",
+ "vk)&v",
+ "vk);k",
+ "vk)B1",
+ "vk)Bs",
+ "vk)Bv",
+ "vk)Uk",
+ "vk)Un",
+ "vk)k1",
+ "vk)kk",
+ "vk)ks",
+ "vk)kv",
+ "vk)o(",
+ "vk)o1",
+ "vk)of",
+ "vk)ok",
+ "vk)os",
+ "vk)ov",
+ "vk1&1",
+ "vk1&s",
+ "vk1&v",
+ "vk1U(",
+ "vk1Uk",
+ "vk1c",
+ "vk1o1",
+ "vk1os",
+ "vk1ov",
+ "vkU1,",
+ "vkUs,",
+ "vkUv,",
+ "vkf(1",
+ "vkf(s",
+ "vkf(v",
+ "vkk(1",
+ "vkk(s",
+ "vkk(v",
+ "vkks",
+ "vkksc",
+ "vkkv",
+ "vkkvc",
+ "vknkn",
+ "vkno1",
+ "vknov",
+ "vkokn",
+ "vks&1",
+ "vks&s",
+ "vks&v",
+ "vksU(",
+ "vksUk",
+ "vksc",
+ "vkso1",
+ "vksos",
+ "vksov",
+ "vkv&1",
+ "vkv&s",
+ "vkv&v",
+ "vkvU(",
+ "vkvUk",
+ "vkvc",
+ "vkvo1",
+ "vkvos",
+ "vkvov",
+ "vn&f(",
+ "vn)Uk",
+ "vn,f(",
+ "vnUk1",
+ "vnUkn",
+ "vnUks",
+ "vnUkv",
+ "vnk1c",
+ "vnkf(",
+ "vnksc",
+ "vnkvc",
+ "vno(s",
+ "vno(v",
+ "vno1U",
+ "vnosU",
+ "vnovU",
+ "vo(((",
+ "vo((1",
+ "vo((f",
+ "vo((k",
+ "vo((s",
+ "vo((v",
+ "vo(1)",
+ "vo(1o",
+ "vo(f(",
+ "vo(k(",
+ "vo(k)",
+ "vo(k1",
+ "vo(kc",
+ "vo(kf",
+ "vo(kk",
+ "vo(kn",
+ "vo(ko",
+ "vo(ks",
+ "vo(kv",
+ "vo(n)",
+ "vo(o1",
+ "vo(os",
+ "vo(ov",
+ "vo(s)",
+ "vo(so",
+ "vo(v)",
+ "vo(vo",
+ "vo1&1",
+ "vo1&o",
+ "vo1&s",
+ "vo1&v",
+ "vo1)&",
+ "vo1)o",
+ "vo1Bf",
+ "vo1Uk",
+ "vo1c",
+ "vo1f(",
+ "vo1kf",
+ "vo1o(",
+ "vo1o1",
+ "vo1of",
+ "vo1ok",
+ "vo1oo",
+ "vo1os",
+ "vo1ov",
+ "vof()",
+ "vof(1",
+ "vof(f",
+ "vof(k",
+ "vof(n",
+ "vof(s",
+ "vof(v",
+ "vok&s",
+ "vok&v",
+ "vok(1",
+ "vok(k",
+ "vok(o",
+ "vok(s",
+ "vok(v",
+ "vok)U",
+ "vok)o",
+ "vok1",
+ "vok1,",
+ "vok1c",
+ "vok1k",
+ "vok1o",
+ "vokUk",
+ "vokc",
+ "vokf(",
+ "vokn,",
+ "voknk",
+ "voko(",
+ "voko1",
+ "vokok",
+ "vokos",
+ "vokov",
+ "voks",
+ "voks,",
+ "voksc",
+ "voksk",
+ "vokso",
+ "vokv",
+ "vokv,",
+ "vokvc",
+ "vokvk",
+ "vokvo",
+ "vonk1",
+ "vonks",
+ "vonkv",
+ "vono1",
+ "vonos",
+ "vonov",
+ "vos",
+ "vos&(",
+ "vos&1",
+ "vos&o",
+ "vos&s",
+ "vos&v",
+ "vos)&",
+ "vos)U",
+ "vos)o",
+ "vos:o",
+ "vosBf",
+ "vosUk",
+ "vosc",
+ "vosf(",
+ "voskf",
+ "voso(",
+ "voso1",
+ "vosof",
+ "vosok",
+ "vosoo",
+ "vosos",
+ "vosov",
+ "vosvo",
+ "vov",
+ "vov&(",
+ "vov&1",
+ "vov&o",
+ "vov&s",
+ "vov&v",
+ "vov)&",
+ "vov)U",
+ "vov)o",
+ "vov:o",
+ "vovBf",
+ "vovUk",
+ "vovc",
+ "vovf(",
+ "vovkf",
+ "vovo(",
+ "vovo1",
+ "vovof",
+ "vovok",
+ "vovoo",
+ "vovos",
+ "vovov",
+ "vovso",
+ "vovvo",
+};
+static const size_t patmap_sz = 2298;
+
+
+/* Simple binary search */
+int is_sqli_pattern(const char *key)
+{
+ int left = 0;
+ int right = (int)patmap_sz - 1;
+
+ while (left <= right) {
+ int pos = (left + right) / 2;
+ int cmp = strcmp(patmap[pos], key);
+ if (cmp == 0) {
+ return 1; /* TRUE */
+ } else if (cmp < 0) {
+ left = pos + 1;
+ } else {
+ right = pos - 1;
+ }
+ }
+ return 0; /* FALSE */
+}
+
+#endif
|
[-]
[+]
|
Added |
modsecurity-apache_2.7.4.tar.bz2/apache2/libinjection/sqlparse.c
^
|
@@ -0,0 +1,1340 @@
+/**
+ * Copyright 2012,2013 Nick Galbreath
+ * nickg@client9.com
+ * BSD License -- see COPYING.txt for details
+ *
+ * (setq-default indent-tabs-mode nil)
+ * (setq c-default-style "k&r"
+ * c-basic-offset 4)
+ * indent -kr -nut
+ */
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <assert.h>
+
+#ifndef TRUE
+#define TRUE 1
+#endif
+#ifndef FALSE
+#define FALSE 0
+#endif
+
+#if 0
+#define FOLD_DEBUG printf("%d: Fold state = %d, current=%c, last=%c\n", __LINE__, sf->fold_state, current->type, last->type == CHAR_NULL ? '~': last->type)
+#else
+#define FOLD_DEBUG
+#endif
+
+/* order is important here */
+#include "sqlparse_private.h"
+#include "sqlparse_data.h"
+
+/* memchr2 finds a string of 2 characters inside another string
+ * This a specialized version of "memmem" or "memchr".
+ * 'memmem' doesn't exist on all platforms
+ *
+ * Porting notes: this is just a special version of
+ * astring.find("AB")
+ *
+ */
+const char *
+memchr2(const char *haystack, size_t haystack_len, char c0, char c1)
+{
+ const char *cur = haystack;
+ const char *last = haystack + haystack_len - 1;
+
+ if (haystack_len < 2) {
+ return NULL;
+ }
+ if (c0 == c1) {
+ return NULL;
+ }
+
+ while (cur < last) {
+ if (cur[0] == c0) {
+ if (cur[1] == c1) {
+ return cur;
+ } else {
+ cur += 2;
+ }
+ } else {
+ cur += 1;
+ }
+ }
+
+ return NULL;
+}
+
+/** Find largest string containing certain characters.
+ *
+ * C Standard library 'strspn' only works for 'c-strings' (null terminated)
+ * This works on arbitrary length.
+ *
+ * Porting notes:
+ * if accept is 'ABC', then this function would be similar to
+ * a_regexp.match(a_str, '[ABC]*'),
+ */
+size_t strlenspn(const char *s, size_t len, const char *accept)
+{
+ size_t i;
+ for (i = 0; i < len; ++i) {
+ /* likely we can do better by inlining this function
+ * but this works for now
+ */
+ if (strchr(accept, s[i]) == NULL) {
+ return i;
+ }
+ }
+ return len;
+}
+
+/*
+ * ASCII case insenstive compare only!
+ */
+int cstrcasecmp(const char *a, const char *b)
+{
+ int ca, cb;
+
+ do {
+ ca = *a++ & 0xff;
+ cb = *b++ & 0xff;
+ if (ca >= 'a' && ca <= 'z')
+ ca -= 0x20;
+ if (cb >= 'a' && cb <= 'z')
+ cb -= 0x20;
+ } while (ca == cb && ca != '\0');
+
+ return ca - cb;
+}
+
+/**
+ * Case insentive string compare.
+ * Here only to make code more readable
+ */
+int streq(const char *a, const char *b)
+{
+ return cstrcasecmp(a, b) == 0;
+}
+
+/*
+ * Case-sensitive binary search.
+ *
+ */
+int bsearch_cstr(const char *key, const char *base[], size_t nmemb)
+{
+ int left = 0;
+ int right = (int) nmemb - 1;
+
+ while (left <= right) {
+ int pos = (left + right) / 2;
+ int cmp = strcmp(base[pos], key);
+ if (cmp == 0) {
+ return TRUE;
+ } else if (cmp < 0) {
+ left = pos + 1;
+ } else {
+ right = pos - 1;
+ }
+ }
+ return FALSE;
+}
+
+/*
+ * Case-insensitive binary search
+ */
+int bsearch_cstrcase(const char *key, const char *base[], size_t nmemb)
+{
+ int left = 0;
+ int right = (int) nmemb - 1;
+
+ while (left <= right) {
+ int pos = (left + right) / 2;
+ int cmp = cstrcasecmp(base[pos], key);
+ if (cmp == 0) {
+ return TRUE;
+ } else if (cmp < 0) {
+ left = pos + 1;
+ } else {
+ right = pos - 1;
+ }
+ }
+ return FALSE;
+}
+
+/**
+ *
+ *
+ *
+ * Porting Notes:
+ * given a mapping/hash of string to char
+ * this is just
+ * mapping[key.upper()]
+ */
+char bsearch_keyword_type(const char *key, const keyword_t * keywords,
+ size_t numb)
+{
+ int left = 0;
+ int right = (int) numb - 1;
+
+ while (left <= right) {
+ int pos = (left + right) / 2;
+ int cmp = cstrcasecmp(keywords[pos].word, key);
+ if (cmp == 0) {
+ return keywords[pos].type;
+ } else if (cmp < 0) {
+ left = pos + 1;
+ } else {
+ right = pos - 1;
+ }
+ }
+ return CHAR_NULL;
+}
+
+/* st_token methods
+ *
+ * The folow just manipulates the stoken_t type
+ *
+ *
+ */
+
+void st_clear(stoken_t * st)
+{
+ st->type = CHAR_NULL;
+ st->str_open = CHAR_NULL;
+ st->str_close = CHAR_NULL;
+ st->val[0] = CHAR_NULL;
+}
+
+int st_is_empty(const stoken_t * st)
+{
+ return st->type == CHAR_NULL;
+}
+
+void st_assign_char(stoken_t * st, const char stype, const char value)
+{
+ st->type = stype;
+ st->val[0] = value;
+ st->val[1] = CHAR_NULL;
+}
+
+void st_assign(stoken_t * st, const char stype, const char *value,
+ size_t len)
+{
+ size_t last = len < ST_MAX_SIZE ? len : (ST_MAX_SIZE - 1);
+ st->type = stype;
+ memcpy(st->val, value, last);
+ st->val[last] = CHAR_NULL;
+}
+
+void st_copy(stoken_t * dest, const stoken_t * src)
+{
+ memcpy(dest, src, sizeof(stoken_t));
+}
+
+int st_is_multiword_start(const stoken_t * st)
+{
+ return bsearch_cstrcase(st->val,
+ multikeywords_start,
+ multikeywords_start_sz);
+}
+
+int st_is_unary_op(const stoken_t * st)
+{
+ return (st->type == 'o' && !(strcmp(st->val, "+") &&
+ strcmp(st->val, "-") &&
+ strcmp(st->val, "!") &&
+ strcmp(st->val, "!!") &&
+ cstrcasecmp(st->val, "NOT") &&
+ strcmp(st->val, "~")));
+}
+
+int st_is_arith_op(const stoken_t * st)
+{
+ return (st->type == 'o' && !(strcmp(st->val, "-") &&
+ strcmp(st->val, "+") &&
+ strcmp(st->val, "~") &&
+ strcmp(st->val, "!") &&
+ strcmp(st->val, "/") &&
+ strcmp(st->val, "%") &&
+ strcmp(st->val, "*") &&
+ strcmp(st->val, "|") &&
+ strcmp(st->val, "&") &&
+ cstrcasecmp(st->val, "MOD") &&
+ cstrcasecmp(st->val, "DIV")));
+}
+
+/* Parsers
+ *
+ *
+ */
+
+
+size_t parse_white(sfilter * sf)
+{
+ return sf->pos + 1;
+}
+
+size_t parse_operator1(sfilter * sf)
+{
+ stoken_t *current = &sf->syntax_current;
+ const char *cs = sf->s;
+ size_t pos = sf->pos;
+
+ st_assign_char(current, 'o', cs[pos]);
+ return pos + 1;
+}
+
+size_t parse_other(sfilter * sf)
+{
+ stoken_t *current = &sf->syntax_current;
+ const char *cs = sf->s;
+ size_t pos = sf->pos;
+
+ st_assign_char(current, '?', cs[pos]);
+ return pos + 1;
+}
+
+size_t parse_char(sfilter * sf)
+{
+ stoken_t *current = &sf->syntax_current;
+ const char *cs = sf->s;
+ size_t pos = sf->pos;
+
+ st_assign_char(current, cs[pos], cs[pos]);
+ return pos + 1;
+}
+
+size_t parse_eol_comment(sfilter * sf)
+{
+ stoken_t *current = &sf->syntax_current;
+ const char *cs = sf->s;
+ const size_t slen = sf->slen;
+ size_t pos = sf->pos;
+
+ const char *endpos =
+ (const char *) memchr((const void *) (cs + pos), '\n', slen - pos);
+ if (endpos == NULL) {
+ st_assign(current, 'c', cs + pos, slen - pos);
+ return slen;
+ } else {
+ st_assign(current, 'c', cs + pos, endpos - cs - pos);
+ return (endpos - cs) + 1;
+ }
+}
+
+size_t parse_dash(sfilter * sf)
+{
+ stoken_t *current = &sf->syntax_current;
+ const char *cs = sf->s;
+ const size_t slen = sf->slen;
+ size_t pos = sf->pos;
+
+
+ size_t pos1 = pos + 1;
+ if (pos1 < slen && cs[pos1] == '-') {
+ return parse_eol_comment(sf);
+ } else {
+ st_assign_char(current, 'o', '-');
+ return pos1;
+ }
+}
+
+size_t is_mysql_comment(const char *cs, const size_t len, size_t pos)
+{
+ size_t i;
+
+ if (pos + 2 >= len) {
+ return 0;
+ }
+ if (cs[pos + 2] != '!') {
+ return 0;
+ }
+ /*
+ * this is a mysql comment
+ * got "/x!"
+ */
+ if (pos + 3 >= len) {
+ return 3;
+ }
+
+ if (!isdigit(cs[pos + 3])) {
+ return 3;
+ }
+ /*
+ * handle odd case of /x!0SELECT
+ */
+ if (!isdigit(cs[pos + 4])) {
+ return 4;
+ }
+
+ if (pos + 7 >= len) {
+ return 4;
+ }
+
+ for (i = pos + 5; i <= pos + 7; ++i) {
+ if (!isdigit(cs[i])) {
+ return 3;
+ }
+ }
+ return 8;
+}
+
+size_t parse_slash(sfilter * sf)
+{
+ stoken_t *current = &sf->syntax_current;
+ const char *cs = sf->s;
+ const size_t slen = sf->slen;
+ size_t pos = sf->pos;
+ const char* cur = cs + pos;
+ size_t inc;
+
+ size_t pos1 = pos + 1;
+ if (pos1 == slen || cs[pos1] != '*') {
+ return parse_operator1(sf);
+ }
+
+ inc = is_mysql_comment(cs, slen, pos);
+ if (inc == 0) {
+
+ /*
+ * skip over initial '/x'
+ */
+ const char *ptr = memchr2(cur + 2, slen - (pos + 2), '*', '/');
+ if (ptr == NULL) {
+ /*
+ * unterminated comment
+ */
+ st_assign(current, 'c', cs + pos, slen - pos);
+ return slen;
+ } else {
+ /*
+ * postgresql allows nested comments which makes
+ * this is incompatible with parsing so
+ * if we find a '/x' inside the coment, then
+ * make a new token.
+ */
+ char ctype = 'c';
+ const size_t clen = (ptr + 2) - (cur);
+ if (memchr2(cur + 2, ptr - (cur + 1), '/', '*') != NULL) {
+ ctype = 'X';
+ }
+ st_assign(current, ctype, cs + pos, clen);
+
+ return pos + clen;
+ }
+ } else {
+ /*
+ * MySQL Comment
+ */
+ sf->in_comment = TRUE;
+ st_clear(current);
+ return pos + inc;
+ }
+}
+
+size_t parse_backslash(sfilter * sf)
+{
+ stoken_t *current = &sf->syntax_current;
+ const char *cs = sf->s;
+ const size_t slen = sf->slen;
+ size_t pos = sf->pos;
+
+ /*
+ * Weird MySQL alias for NULL, "\N" (capital N only)
+ */
+ if (pos + 1 < slen && cs[pos + 1] == 'N') {
+ st_assign(current, '1', "NULL", 4);
+ return pos + 2;
+ } else {
+ return parse_other(sf);
+ }
+}
+
+/** Is input a 2-char operator?
+ *
+ */
+int is_operator2(const char *key)
+{
+ return bsearch_cstr(key, operators2, operators2_sz);
+}
+
+size_t parse_operator2(sfilter * sf)
+{
+ stoken_t *current = &sf->syntax_current;
+ const char *cs = sf->s;
+ const size_t slen = sf->slen;
+ size_t pos = sf->pos;
+ char op2[3];
+
+ if (pos + 1 >= slen) {
+ return parse_operator1(sf);
+ }
+
+ op2[0] = cs[pos];
+ op2[1] = cs[pos + 1];
+ op2[2] = CHAR_NULL;
+
+ /*
+ * Special Hack for MYSQL style comments
+ * instead of turning:
+ * /x! FOO x/ into FOO by rewriting the string, we
+ * turn it into FOO x/ and ignore the ending comment
+ */
+ if (sf->in_comment && op2[0] == '*' && op2[1] == '/') {
+ sf->in_comment = FALSE;
+ st_clear(current);
+ return pos + 2;
+ } else if (pos + 2 < slen && op2[0] == '<' && op2[1] == '='
+ && cs[pos + 2] == '>') {
+ /*
+ * special 3-char operator
+ */
+ st_assign(current, 'o', "<=>", 3);
+ return pos + 3;
+ } else if (is_operator2(op2)) {
+ if (streq(op2, "&&") || streq(op2, "||")) {
+ st_assign(current, '&', op2, 2);
+ } else {
+ /*
+ * normal 2 char operator
+ */
+ st_assign(current, 'o', op2, 2);
+ }
+ return pos + 2;
+ } else {
+ /*
+ * must be a single char operator
+ */
+ return parse_operator1(sf);
+ }
+}
+
+size_t parse_string_core(const char *cs, const size_t len, size_t pos,
+ stoken_t * st, char delim, size_t offset)
+{
+ /*
+ * offset is to skip the perhaps first quote char
+ */
+ const char *qpos =
+ (const char *) memchr((const void *) (cs + pos + offset), delim,
+ len - pos - offset);
+
+ /*
+ * then keep string open/close info
+ */
+ if (offset == 1) {
+ /*
+ * this is real quote
+ */
+ st->str_open = delim;
+ } else {
+ /*
+ * this was a simulated quote
+ */
+ st->str_open = CHAR_NULL;
+ }
+
+ while (TRUE) {
+ if (qpos == NULL) {
+ /*
+ * string ended with no trailing quote
+ * assign what we have
+ */
+ st_assign(st, 's', cs + pos + offset, len - pos - offset);
+ st->str_close = CHAR_NULL;
+ return len;
+ } else if (*(qpos - 1) != '\\') {
+ /*
+ * ending quote is not escaped.. copy and end
+ */
+ st_assign(st, 's', cs + pos + offset,
+ qpos - (cs + pos + offset));
+ st->str_close = delim;
+ return qpos - cs + 1;
+ } else {
+ qpos =
+ (const char *) memchr((const void *) (qpos + 1), delim,
+ (cs + len) - (qpos + 1));
+ }
+ }
+}
+
+/**
+ * Used when first char is a ' or "
+ */
+size_t parse_string(sfilter * sf)
+{
+ stoken_t *current = &sf->syntax_current;
+ const char *cs = sf->s;
+ const size_t slen = sf->slen;
+ size_t pos = sf->pos;
+
+ /*
+ * assert cs[pos] == single or double quote
+ */
+ return parse_string_core(cs, slen, pos, current, cs[pos], 1);
+}
+
+size_t parse_word(sfilter * sf)
+{
+ stoken_t *current = &sf->syntax_current;
+ const char *cs = sf->s;
+ size_t pos = sf->pos;
+ char *dot;
+ char ch;
+ size_t slen =
+ strlenspn(cs + pos, sf->slen - pos,
+ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_$.");
+
+ st_assign(current, 'n', cs + pos, slen);
+
+ dot = strchr(current->val, '.');
+ if (dot != NULL) {
+ *dot = '\0';
+
+ ch = bsearch_keyword_type(current->val, sql_keywords,
+ sql_keywords_sz);
+ if (ch == 'k' || ch == 'o') {
+ /*
+ * we got something like "SELECT.1"
+ */
+ current->type = ch;
+ return pos + strlen(current->val);
+ } else {
+ /*
+ * something else, put back dot
+ */
+ *dot = '.';
+ }
+ }
+
+ /*
+ * do normal lookup with word including '.'
+ */
+ if (slen < ST_MAX_SIZE) {
+ ch = bsearch_keyword_type(current->val, sql_keywords,
+ sql_keywords_sz);
+ if (ch == CHAR_NULL) {
+ ch = 'n';
+ }
+ current->type = ch;
+ }
+ return pos + slen;
+}
+
+size_t parse_var(sfilter * sf)
+{
+ stoken_t *current = &sf->syntax_current;
+ const char *cs = sf->s;
+ const size_t slen = sf->slen;
+ size_t pos = sf->pos;
+ size_t pos1 = pos + 1;
+ size_t xlen;
+
+ /*
+ * move past optional other '@'
+ */
+ if (pos1 < slen && cs[pos1] == '@') {
+ pos1 += 1;
+ }
+
+ xlen = strlenspn(cs + pos1, slen - pos1,
+ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_.$");
+ if (xlen == 0) {
+ st_assign(current, 'v', cs + pos, (pos1 - pos));
+ return pos1;
+ } else {
+ st_assign(current, 'v', cs + pos, xlen + (pos1 - pos));
+ return pos1 + xlen;
+ }
+}
+
+size_t parse_money(sfilter *sf)
+{
+ stoken_t *current = &sf->syntax_current;
+ const char *cs = sf->s;
+ const size_t slen = sf->slen;
+ size_t pos = sf->pos;
+ size_t xlen;
+
+ /*
+ * $1,000.00 or $1.000,00 ok!
+ * This also parses $....,,,111 but that's ok
+ */
+ xlen = strlenspn(cs + pos + 1, slen - pos - 1, "0123456789.,");
+ if (xlen == 0) {
+ /*
+ * just ignore '$'
+ */
+ return pos + 1;
+ } else {
+ st_assign(current, '1', cs + pos, 1 + xlen);
+ return pos + 1 + xlen;
+ }
+}
+
+size_t parse_number(sfilter * sf)
+{
+ stoken_t *current = &sf->syntax_current;
+ const char *cs = sf->s;
+ const size_t slen = sf->slen;
+ size_t pos = sf->pos;
+ size_t xlen;
+ size_t start;
+
+ if (pos + 1 < slen && cs[pos] == '0' && (cs[pos + 1] == 'X' || cs[pos + 1] == 'x')) {
+ /*
+ * TBD compare if isxdigit
+ */
+ xlen =
+ strlenspn(cs + pos + 2, slen - pos - 2, "0123456789ABCDEFabcdef");
+ if (xlen == 0) {
+ st_assign(current, 'n', "0X", 2);
+ return pos + 2;
+ } else {
+ st_assign(current, '1', cs + pos, 2 + xlen);
+ return pos + 2 + xlen;
+ }
+ }
+
+ start = pos;
+ while (pos < slen && isdigit(cs[pos])) {
+ pos += 1;
+ }
+ if (pos < slen && cs[pos] == '.') {
+ pos += 1;
+ while (pos < slen && isdigit(cs[pos])) {
+ pos += 1;
+ }
+ if (pos - start == 1) {
+ st_assign_char(current, 'n', '.');
+ return pos;
+ }
+ }
+
+ if (pos < slen) {
+ if (cs[pos] == 'E' || cs[pos] == 'e') {
+ pos += 1;
+ if (pos < slen && (cs[pos] == '+' || cs[pos] == '-')) {
+ pos += 1;
+ }
+ while (pos < slen && isdigit(cs[pos])) {
+ pos += 1;
+ }
+ } else if (isalpha(cs[pos])) {
+ /*
+ * oh no, we have something like '6FOO'
+ * use microsoft style parsing and take just
+ * the number part and leave the rest to be
+ * parsed later
+ */
+ st_assign(current, '1', cs + start, pos - start);
+ return pos;
+ }
+ }
+
+ st_assign(current, '1', cs + start, pos - start);
+ return pos;
+}
+
+int parse_token(sfilter * sf)
+{
+ stoken_t *current = &sf->syntax_current;
+ const char *s = sf->s;
+ const size_t slen = sf->slen;
+ size_t *pos = &sf->pos;
+ pt2Function fnptr;
+
+ st_clear(current);
+
+ /*
+ * if we are at beginning of string
+ * and in single-quote or double quote mode
+ * then pretend the input starts with a quote
+ */
+ if (*pos == 0 && sf->delim != CHAR_NULL) {
+ *pos = parse_string_core(s, slen, 0, current, sf->delim, 0);
+ return TRUE;
+ }
+
+ while (*pos < slen) {
+ /*
+ * get current character
+ */
+ const int ch = (int) (s[*pos]);
+
+ /*
+ * if not ascii, then continue...
+ * actually probably need to just assuming
+ * it's a string
+ */
+ if (ch < 0 || ch > 127) {
+ *pos += 1;
+ continue;
+ }
+
+ /*
+ * look up the parser, and call it
+ *
+ * Porting Note: this is mapping of char to function
+ * charparsers[ch]()
+ */
+ fnptr = char_parse_map[ch];
+ *pos = (*fnptr) (sf);
+
+ /*
+ *
+ */
+ if (current->type != CHAR_NULL) {
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
+
+void sfilter_reset(sfilter * sf, const char *s, size_t len)
+{
+ memset(sf, 0, sizeof(sfilter));
+ sf->s = s;
+ sf->slen = len;
+}
+
+int syntax_merge_words(stoken_t * a, stoken_t * b)
+{
+ size_t sz1;
+ size_t sz2;
+ size_t sz3;
+ char tmp[ST_MAX_SIZE];
+ char ch;
+
+ if (!
+ (a->type == 'k' || a->type == 'n' || a->type == 'o'
+ || a->type == 'U')) {
+ return FALSE;
+ }
+
+ sz1 = strlen(a->val);
+ sz2 = strlen(b->val);
+ sz3 = sz1 + sz2 + 1;
+ if (sz3 >= ST_MAX_SIZE) {
+ return FALSE;
+ }
+ /*
+ * oddly annoying last.val + ' ' + current.val
+ */
+ memcpy(tmp, a->val, sz1);
+ tmp[sz1] = ' ';
+ memcpy(tmp + sz1 + 1, b->val, sz2);
+ tmp[sz3] = CHAR_NULL;
+
+ ch = bsearch_keyword_type(tmp, multikeywords, multikeywords_sz);
+ if (ch != CHAR_NULL) {
+ /*
+ * -1, don't copy the null byte
+ */
+ st_assign(a, ch, tmp, sz3);
+ return TRUE;
+ } else {
+ return FALSE;
+ }
+}
+
+/* This does some simple syntax cleanup based on the token
+ *
+ *
+ */
+int sqli_tokenize(sfilter * sf, stoken_t * sout)
+{
+ stoken_t *last = &sf->syntax_last;
+ stoken_t *current = &sf->syntax_current;
+
+ while (parse_token(sf)) {
+ char ttype = current->type;
+
+ /*
+ * TBD: hmm forgot logic here.
+ */
+ if (ttype == 'c') {
+ st_copy(&sf->syntax_comment, current);
+ continue;
+ }
+ st_clear(&sf->syntax_comment);
+
+ /*
+ * If we don't have a saved token, and we have
+ * a string: save it. if the next token is also a string
+ * then merge them. e.g. "A" "B" in SQL is actually "AB"
+ * a n/k/U/o type: save since next token my be merged together
+ * for example: "LEFT" + "JOIN" = "LEFT JOIN"
+ * a o/& type: TBD need to review.
+ *
+ */
+ if (last->type == CHAR_NULL) {
+ switch (ttype) {
+
+ /*
+ * items that have special needs
+ */
+ case 's':
+ st_copy(last, current);
+ continue;
+ case 'n':
+ case 'k':
+ case 'U':
+ case '&':
+ case 'o':
+ if (st_is_multiword_start(current)) {
+ st_copy(last, current);
+ continue;
+ } else if (current->type == 'o' || current->type == '&') {
+ /* } else if (st_is_unary_op(current)) { */
+ st_copy(last, current);
+ continue;
+ } else {
+ /*
+ * copy to out
+ */
+ st_copy(sout, current);
+ return TRUE;
+ }
+ default:
+ /*
+ * copy to out
+ */
+ st_copy(sout, current);
+ return TRUE;
+ }
+ }
+ /*
+ * We have a saved token
+ */
+
+ switch (ttype) {
+ case 's':
+ if (last->type == 's') {
+ /*
+ * "FOO" "BAR" == "FOO" (skip second string)
+ */
+ continue;
+ } else {
+ st_copy(sout, last);
+ st_copy(last, current);
+ return TRUE;
+ }
+ break;
+
+ case 'o':
+ /*
+ * first case to handle "IS" + "NOT"
+ */
+ if (syntax_merge_words(last, current)) {
+ continue;
+ } else if (st_is_unary_op(current)
+ && (last->type == 'o' || last->type == '&'
+ || last->type == 'U')) {
+ /*
+ * if an operator is followed by a unary operator, skip it.
+ * 1, + ==> "+" is not unary, it's arithmetic
+ * AND, + ==> "+" is unary
+ */
+ continue;
+ } else {
+ /*
+ * no match
+ */
+ st_copy(sout, last);
+ st_copy(last, current);
+ return TRUE;
+ }
+ break;
+
+ case 'n':
+ case 'k':
+ if (syntax_merge_words(last, current)) {
+ continue;
+ } else {
+ /*
+ * total no match
+ */
+ st_copy(sout, last);
+ st_copy(last, current);
+ return TRUE;
+ }
+ break;
+
+ default:
+ /*
+ * fix up for ambigous "IN"
+ * handle case where IN is typically a function
+ * but used in compound "IN BOOLEAN MODE" jive
+ */
+ if (last->type == 'n' && !cstrcasecmp(last->val, "IN")) {
+ st_copy(last, current);
+ st_assign(sout, 'f', "IN", 2);
+ return TRUE;
+ } else {
+ /*
+ * no match at all
+ */
+ st_copy(sout, last);
+ st_copy(last, current);
+ return TRUE;
+ }
+ break;
+ }
+ }
+
+ /*
+ * final cleanup
+ */
+ if (last->type) {
+ st_copy(sout, last);
+ st_clear(last);
+ return TRUE;
+ } else if (sf->syntax_comment.type) {
+ /*
+ * TBD
+ */
+ st_copy(sout, &sf->syntax_comment);
+ st_clear(&sf->syntax_comment);
+ return TRUE;
+ } else {
+ return FALSE;
+ }
+}
+
+/*
+ * My apologies, this code is a mess
+ */
+int filter_fold(sfilter * sf, stoken_t * sout)
+{
+ stoken_t *last = &sf->fold_last;
+ stoken_t *current = &sf->fold_current;
+
+ if (sf->fold_state == 4 && !st_is_empty(last)) {
+ st_copy(sout, last);
+ sf->fold_state = 2;
+ st_clear(last);
+ return FALSE;
+ }
+
+ while (sqli_tokenize(sf, current)) {
+ /*
+ * 0 = start of statement
+ * skip ( and unary ops
+ */
+ if (sf->fold_state == 0) {
+ if (current->type == '(') {
+ continue;
+ }
+ if (st_is_unary_op(current)) {
+ continue;
+ }
+ sf->fold_state = 1;
+ }
+
+ if (st_is_empty(last)) {
+ FOLD_DEBUG;
+ if (current->type == '1' || current->type == 'n'
+ || current->type == '(') {
+ sf->fold_state = 2;
+ st_copy(last, current);
+ }
+ st_copy(sout, current);
+ return FALSE;
+ } else if (last->type == '(' && st_is_unary_op(current)) {
+ /*
+ * similar to beginning of statement
+ * an opening '(' resets state, and we should skip all
+ * unary operators
+ */
+ continue;
+ } else if (last->type == '(' && current->type == '(') {
+ /* if we get another '(' after another
+ * emit 1, but keep state
+ */
+ st_copy(sout, current);
+ return FALSE;
+ } else if ((last->type == '1' || last->type == 'n')
+ && st_is_arith_op(current)) {
+ FOLD_DEBUG;
+ st_copy(last, current);
+ } else if (last->type == 'o'
+ && (current->type == '1' || current->type == 'n')) {
+ FOLD_DEBUG;
+ st_copy(last, current);
+ } else {
+ if (sf->fold_state == 2) {
+ if (last->type != '1' && last->type != '('
+ && last->type != 'n') {
+ FOLD_DEBUG;
+ st_copy(sout, last);
+ st_copy(last, current);
+ sf->fold_state = 4;
+ } else {
+ FOLD_DEBUG;
+ st_copy(sout, current);
+ st_clear(last);
+ }
+ return FALSE;
+ } else {
+ if (last->type == 'o') {
+ st_copy(sout, last);
+ st_copy(last, current);
+ sf->fold_state = 4;
+ } else {
+ sf->fold_state = 2;
+ st_copy(sout, current);
+ st_clear(last);
+ }
+ return FALSE;
+ }
+ }
+ }
+
+ if (!st_is_empty(last)) {
+ if (st_is_arith_op(last)) {
+ st_copy(sout, last);
+ st_clear(last);
+ return FALSE;
+ } else {
+ st_clear(last);
+ }
+ }
+
+ /*
+ * all done: nothing more to parse
+ */
+ return TRUE;
+}
+
+/* secondary api: detects SQLi in a string, GIVEN a context.
+ *
+ * A context can be:
+ * * CHAR_NULL (\0), process as is
+ * * CHAR_SINGLE ('), process pretending input started with a
+ * single quote.
+ * * CHAR_DOUBLE ("), process pretending input started with a
+ * double quote.
+ *
+ */
+int is_string_sqli(sfilter * sql_state, const char *s, size_t slen,
+ const char delim, ptr_fingerprints_fn fn)
+{
+ int tlen = 0;
+ char ch;
+ int patmatch;
+ int all_done;
+
+ sfilter_reset(sql_state, s, slen);
+ sql_state->delim = delim;
+
+ while (tlen < MAX_TOKENS) {
+ all_done = filter_fold(sql_state, &(sql_state->tokenvec[tlen]));
+ if (all_done) {
+ break;
+ }
+
+ sql_state->pat[tlen] = sql_state->tokenvec[tlen].type;
+ tlen += 1;
+ }
+
+ /*
+ * make the fingerprint pattern a c-string (null delimited)
+ */
+ sql_state->pat[tlen] = CHAR_NULL;
+
+ /*
+ * check for 'X' in pattern
+ * this means parsing could not be done
+ * accurately due to pgsql's double comments
+ * or other syntax that isn't consistent
+ * should be very rare false positive
+ */
+ if (strchr(sql_state->pat, 'X')) {
+ return TRUE;
+ }
+
+ patmatch = fn(sql_state->pat);
+
+ /*
+ * No match.
+ *
+ * Set sql_state->reason to current line number
+ * only for debugging purposes.
+ */
+ if (!patmatch) {
+ sql_state->reason = __LINE__;
+ return FALSE;
+ }
+
+ /*
+ * We got a SQLi match
+ * This next part just helps reduce false positives.
+ *
+ */
+ switch (tlen) {
+ case 2:{
+ /*
+ * if 'comment' is '#' ignore.. too many FP
+ */
+ if (sql_state->tokenvec[1].val[0] == '#') {
+ sql_state->reason = __LINE__;
+ return FALSE;
+ }
+
+ /*
+ * for fingerprint like 'nc', only comments of /x are treated
+ * as SQL... ending comments of "--" and "#" are not sqli
+ */
+ if (sql_state->tokenvec[0].type == 'n' &&
+ sql_state->tokenvec[1].type == 'c' &&
+ sql_state->tokenvec[1].val[0] != '/') {
+ sql_state->reason = __LINE__;
+ return FALSE;
+ }
+
+ /**
+ * there are some odd base64-looking query string values
+ * 1234-ABCDEFEhfhihwuefi--
+ * which evaluate to "1c"... these are not SQLi
+ * but 1234-- probably is.
+ * Make sure the "1" in "1c" is actually a true decimal number
+ *
+ * Need to check -original- string since the folding step
+ * may have merged tokens, e.g. "1+FOO" is folded into "1"
+ */
+ if (sql_state->tokenvec[0].type == '1'&& sql_state->tokenvec[1].type == 'c') {
+ /*
+ * we check that next character after the number is either whitespace,
+ * or '/' or a '-' ==> sqli.
+ */
+ ch = sql_state->s[strlen(sql_state->tokenvec[0].val)];
+ if ( ch <= 32 ) {
+ /* next char was whitespace,e.g. "1234 --"
+ * this isn't exactly correct.. ideally we should skip over all whitespace
+ * but this seems to be ok for now
+ */
+ return TRUE;
+ }
+ if (ch == '/' && sql_state->s[strlen(sql_state->tokenvec[0].val) + 1] == '*') {
+ return TRUE;
+ }
+ if (ch == '-' && sql_state->s[strlen(sql_state->tokenvec[0].val) + 1] == '-') {
+ return TRUE;
+ }
+
+ sql_state->reason = __LINE__;
+ return FALSE;
+ }
+
+ /*
+ * detect obvious sqli scans.. many people put '--' in plain text
+ * so only detect if input ends with '--', e.g. 1-- but not 1-- foo
+ */
+ if ((strlen(sql_state->tokenvec[1].val) > 2)
+ && sql_state->tokenvec[1].val[0] == '-') {
+ sql_state->reason = __LINE__;
+ return FALSE;
+ }
+
+ break;
+ } /* case 2 */
+ case 3:{
+ /*
+ * ...foo' + 'bar...
+ * no opening quote, no closing quote
+ * and each string has data
+ */
+ if (streq(sql_state->pat, "sos")
+ || streq(sql_state->pat, "s&s")) {
+ if ((sql_state->tokenvec[0].str_open == CHAR_NULL)
+ && (sql_state->tokenvec[2].str_close == CHAR_NULL)) {
+ /*
+ * if ....foo" + "bar....
+ */
+ return TRUE;
+ } else {
+ /*
+ * not sqli
+ */
+ sql_state->reason = __LINE__;
+ return FALSE;
+ }
+ break;
+ }
+ } /* case 3 */
+ case 5: {
+ if (streq(sql_state->pat, "sosos")) {
+ if (sql_state->tokenvec[0].str_open == CHAR_NULL) {
+ /*
+ * if ....foo" + "bar....
+ */
+ return TRUE;
+ } else {
+ /*
+ * not sqli
+ */
+ sql_state->reason = __LINE__;
+ return FALSE;
+ }
+ break;
+ }
+ } /* case 5 */
+ } /* end switch */
+
+ return TRUE;
+}
+
+/** Main API, detects SQLi in an input.
+ *
+ *
+ */
+int is_sqli(sfilter * sql_state, const char *s, size_t slen,
+ ptr_fingerprints_fn fn)
+{
+
+ /*
+ * no input? not sqli
+ */
+ if (slen == 0) {
+ return FALSE;
+ }
+
+ /*
+ * test input "as-is"
+ */
+ if (is_string_sqli(sql_state, s, slen, CHAR_NULL, fn)) {
+ return TRUE;
+ }
+
+ /*
+ * if input has a single_quote, then
+ * test as if input was actually '
+ * example: if input if "1' = 1", then pretend it's
+ * "'1' = 1"
+ * Porting Notes: example the same as doing
+ * is_string_sqli(sql_state, "'" + s, slen+1, NULL, fn)
+ *
+ */
+ if (memchr(s, CHAR_SINGLE, slen)
+ && is_string_sqli(sql_state, s, slen, CHAR_SINGLE, fn)) {
+ return TRUE;
+ }
+
+ /*
+ * same as above but with a double-quote "
+ */
+ if (memchr(s, CHAR_DOUBLE, slen)
+ && is_string_sqli(sql_state, s, slen, CHAR_DOUBLE, fn)) {
+ return TRUE;
+ }
+
+ /*
+ * Hurray, input is not SQLi
+ */
+ return FALSE;
+}
|
[-]
[+]
|
Added |
modsecurity-apache_2.7.4.tar.bz2/apache2/libinjection/sqlparse.h
^
|
@@ -0,0 +1,113 @@
+/**
+ * Copyright 2012, 2013 Nick Galbreath
+ * nickg@client9.com
+ * BSD License -- see COPYING.txt for details
+ *
+ *
+ * HOW TO USE:
+ *
+ * // Normalize query or postvar value
+ * // If it comes in urlencoded, then it's up to you
+ * // to urldecode it. If it's in correct form already
+ * // then nothing to do!
+ *
+ * sfilter s;
+ * int sqli = is_sqli(&s, user_string, new_len);
+ *
+ * // 0 = not sqli
+ * // 1 = is sqli
+ *
+ * // That's it! sfilter s has some data on how it matched or not
+ * // details to come!
+ *
+ */
+
+#ifndef _SQLPARSE_H
+#define _SQLPARSE_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Version info.
+ * See python's normalized version
+ * http://www.python.org/dev/peps/pep-0386/#normalizedversion
+ */
+#define LIBINJECTION_VERSION "1.2.0"
+
+#define ST_MAX_SIZE 32
+#define MAX_TOKENS 5
+
+#define CHAR_NULL '\0'
+#define CHAR_SINGLE '\''
+#define CHAR_DOUBLE '"'
+
+typedef struct {
+ char type;
+ char str_open;
+ char str_close;
+ char val[ST_MAX_SIZE];
+} stoken_t;
+
+typedef struct {
+ /* input */
+ const char *s;
+ size_t slen;
+
+ /* current tokenize state */
+ size_t pos;
+ int in_comment;
+
+ /* syntax fixups state */
+ stoken_t syntax_current;
+ stoken_t syntax_last;
+ stoken_t syntax_comment;
+
+ /* constant folding state */
+ stoken_t fold_current;
+ stoken_t fold_last;
+ int fold_state;
+
+ /* final sqli data */
+ stoken_t tokenvec[MAX_TOKENS];
+
+ /* +1 for ending null */
+ char pat[MAX_TOKENS + 1];
+ char delim;
+ int reason;
+} sfilter;
+
+/**
+ * Pointer to function, takes cstr input, return true/false
+ */
+typedef int (*ptr_fingerprints_fn)(const char*);
+
+/**
+ * Main API: tests for SQLi in three possible contexts, no quotes,
+ * single quote and double quote
+ *
+ * \return 1 (true) if SQLi, 0 (false) if benign
+ */
+int is_sqli(sfilter * sql_state, const char *s, size_t slen,
+ ptr_fingerprints_fn fn);
+
+/**
+ * This detects SQLi in a single context, mostly useful for custom
+ * logic and debugging.
+ *
+ * \param delim must be "NULL" (no context), single quote or double quote.
+ * Other values will likely be ignored.
+ *
+ * \return 1 (true) if SQLi, 0 (false) if not SQLi **in this context**
+ *
+ */
+int is_string_sqli(sfilter * sql_state, const char *s, size_t slen,
+ const char delim,
+ ptr_fingerprints_fn fn);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _SQLPARSE_H */
|
[-]
[+]
|
Added |
modsecurity-apache_2.7.4.tar.bz2/apache2/libinjection/sqlparse_data.h
^
|
@@ -0,0 +1,983 @@
+#ifndef _SQLPARSE_DATA_H
+#define _SQLPARSE_DATA_H
+#include "sqlparse.h"
+
+static const char* operators2[] = {
+ "!!",
+ "!<",
+ "!=",
+ "!>",
+ "!~",
+ "%=",
+ "&&",
+ "&=",
+ "*=",
+ "+=",
+ "-=",
+ "/=",
+ ":=",
+ "<<",
+ "<=",
+ "<>",
+ "<@",
+ ">=",
+ ">>",
+ "@>",
+ "^=",
+ "|/",
+ "|=",
+ "||",
+ "~*",
+};
+static const size_t operators2_sz = 25;
+
+static const keyword_t sql_keywords[] = {
+ {"ABS", 'f'},
+ {"ACCESSIBLE", 'k'},
+ {"ACOS", 'f'},
+ {"ADD", 'k'},
+ {"ADDDATE", 'f'},
+ {"ADDTIME", 'f'},
+ {"AES_DECRYPT", 'f'},
+ {"AES_ENCRYPT", 'f'},
+ {"AGAINST", 'k'},
+ {"AGE", 'f'},
+ {"ALL_USERS", 'k'},
+ {"ALTER", 'k'},
+ {"ANALYZE", 'k'},
+ {"AND", '&'},
+ {"APPLOCK_MODE", 'f'},
+ {"APPLOCK_TEST", 'f'},
+ {"APP_NAME", 'f'},
+ {"ARRAY_AGG", 'f'},
+ {"ARRAY_CAT", 'f'},
+ {"ARRAY_DIM", 'f'},
+ {"ARRAY_FILL", 'f'},
+ {"ARRAY_LENGTH", 'f'},
+ {"ARRAY_LOWER", 'f'},
+ {"ARRAY_NDIMS", 'f'},
+ {"ARRAY_PREPEND", 'f'},
+ {"ARRAY_TO_JSON", 'f'},
+ {"ARRAY_TO_STRING", 'f'},
+ {"ARRAY_UPPER", 'f'},
+ {"AS", 'k'},
+ {"ASC", 'k'},
+ {"ASCII", 'f'},
+ {"ASENSITIVE", 'k'},
+ {"ASIN", 'f'},
+ {"ASSEMBLYPROPERTY", 'f'},
+ {"ASYMKEY_ID", 'f'},
+ {"ATAN", 'f'},
+ {"ATAN2", 'f'},
+ {"AVG", 'f'},
+ {"BEFORE", 'k'},
+ {"BEGIN", 'k'},
+ {"BENCHMARK", 'f'},
+ {"BETWEEN", 'k'},
+ {"BIGINT", 'k'},
+ {"BIN", 'f'},
+ {"BINARY", 'k'},
+ {"BINARY_DOUBLE_INFINITY", '1'},
+ {"BINARY_DOUBLE_NAN", '1'},
+ {"BINARY_FLOAT_INFINITY", '1'},
+ {"BINARY_FLOAT_NAN", '1'},
+ {"BINBINARY", 'f'},
+ {"BIT_AND", 'f'},
+ {"BIT_COUNT", 'f'},
+ {"BIT_LENGTH", 'f'},
+ {"BIT_OR", 'f'},
+ {"BIT_XOR", 'f'},
+ {"BLOB", 'k'},
+ {"BOOLEAN", 'k'},
+ {"BOOL_AND", 'f'},
+ {"BOOL_OR", 'f'},
+ {"BOTH", 'k'},
+ {"BTRIM", 'f'},
+ {"BY", 'n'},
+ {"CALL", 'k'},
+ {"CASCADE", 'k'},
+ {"CASE", 'o'},
+ {"CAST", 'f'},
+ {"CBOOL", 'f'},
+ {"CBRT", 'f'},
+ {"CBYTE", 'f'},
+ {"CCUR", 'f'},
+ {"CDATE", 'f'},
+ {"CDBL", 'f'},
+ {"CEIL", 'f'},
+ {"CEILING", 'f'},
+ {"CERTENCODED", 'f'},
+ {"CERTPRIVATEKEY", 'f'},
+ {"CERT_ID", 'f'},
+ {"CERT_PROPERTY", 'f'},
+ {"CHANGE", 'k'},
+ {"CHAR", 'f'},
+ {"CHARACTER", 'k'},
+ {"CHARACTER_LENGTH", 'f'},
+ {"CHARINDEX", 'f'},
+ {"CHARSET", 'f'},
+ {"CHAR_LENGTH", 'f'},
+ {"CHDIR", 'f'},
+ {"CHDRIVE", 'f'},
+ {"CHECK", 'k'},
+ {"CHECKSUM_AGG", 'f'},
+ {"CHOOSE", 'f'},
+ {"CHR", 'f'},
+ {"CINT", 'f'},
+ {"CLNG", 'f'},
+ {"CLOCK_TIMESTAMP", 'f'},
+ {"COALESCE", 'k'},
+ {"COERCIBILITY", 'f'},
+ {"COLLATE", 'k'},
+ {"COLLATION", 'f'},
+ {"COLLATIONPROPERTY", 'f'},
+ {"COLUMN", 'k'},
+ {"COLUMNPROPERTY", 'f'},
+ {"COLUMNS_UPDATED", 'f'},
+ {"COL_LENGTH", 'f'},
+ {"COL_NAME", 'f'},
+ {"COMPRESS", 'f'},
+ {"CONCAT", 'f'},
+ {"CONCAT_WS", 'f'},
+ {"CONDITION", 'k'},
+ {"CONNECTION_ID", 'f'},
+ {"CONSTRAINT", 'k'},
+ {"CONTINUE", 'k'},
+ {"CONV", 'f'},
+ {"CONVERT", 'f'},
+ {"CONVERT_FROM", 'f'},
+ {"CONVERT_TO", 'f'},
+ {"CONVERT_TZ", 'f'},
+ {"COS", 'f'},
+ {"COT", 'f'},
+ {"COUNT", 'f'},
+ {"COUNT_BIG", 'k'},
+ {"CRC32", 'f'},
+ {"CREATE", 'k'},
+ {"CSNG", 'f'},
+ {"CTXSYS.DRITHSX.SN", 'f'},
+ {"CUME_DIST", 'f'},
+ {"CURDATE", 'f'},
+ {"CURDIR", 'f'},
+ {"CURRENTUSER", 'f'},
+ {"CURRENT_DATABASE", 'f'},
+ {"CURRENT_DATE", 'k'},
+ {"CURRENT_QUERY", 'f'},
+ {"CURRENT_SCHEMA", 'f'},
+ {"CURRENT_SCHEMAS", 'f'},
+ {"CURRENT_SETTING", 'p'},
+ {"CURRENT_TIME", 'k'},
+ {"CURRENT_TIMESTAMP", 'k'},
+ {"CURRENT_USER", 'k'},
+ {"CURRVAL", 'f'},
+ {"CURSOR", 'k'},
+ {"CURSOR_STATUS", 'f'},
+ {"CURTIME", 'f'},
+ {"CVAR", 'f'},
+ {"DATABASE", 'k'},
+ {"DATABASEPROPERTYEX", 'f'},
+ {"DATABASES", 'k'},
+ {"DATABASE_PRINCIPAL_ID", 'f'},
+ {"DATALENGTH", 'f'},
+ {"DATE", 'f'},
+ {"DATEADD", 'f'},
+ {"DATEDIFF", 'f'},
+ {"DATEFROMPARTS", 'f'},
+ {"DATENAME", 'f'},
+ {"DATEPART", 'f'},
+ {"DATESERIAL", 'f'},
+ {"DATETIME2FROMPARTS", 'f'},
+ {"DATETIMEFROMPARTS", 'f'},
+ {"DATETIMEOFFSETFROMPARTS", 'f'},
+ {"DATEVALUE", 'f'},
+ {"DATE_ADD", 'f'},
+ {"DATE_FORMAT", 'f'},
+ {"DATE_PART", 'f'},
+ {"DATE_SUB", 'f'},
+ {"DATE_TRUNC", 'f'},
+ {"DAVG", 'f'},
+ {"DAY", 'f'},
+ {"DAYNAME", 'f'},
+ {"DAYOFMONTH", 'f'},
+ {"DAYOFWEEK", 'f'},
+ {"DAYOFYEAR", 'f'},
+ {"DAY_HOUR", 'k'},
+ {"DAY_MICROSECOND", 'k'},
+ {"DAY_MINUTE", 'k'},
+ {"DAY_SECOND", 'k'},
+ {"DBMS_PIPE.RECEIVE_MESSAGE", 'f'},
+ {"DB_ID", 'f'},
+ {"DB_NAME", 'f'},
+ {"DCOUNT", 'f'},
+ {"DEC", 'k'},
+ {"DECIMAL", 'k'},
+ {"DECLARE", 'k'},
+ {"DECODE", 'f'},
+ {"DECRYPTBYASMKEY", 'f'},
+ {"DECRYPTBYCERT", 'f'},
+ {"DECRYPTBYKEY", 'f'},
+ {"DECRYPTBYKEYAUTOCERT", 'f'},
+ {"DECRYPTBYPASSPHRASE", 'f'},
+ {"DEFAULT", 'k'},
+ {"DEGREES", 'f'},
+ {"DELAY", 'k'},
+ {"DELAYED", 'k'},
+ {"DELETE", 'k'},
+ {"DENSE_RANK", 'f'},
+ {"DESC", 'k'},
+ {"DESCRIBE", 'k'},
+ {"DES_DECRYPT", 'f'},
+ {"DES_ENCRYPT", 'f'},
+ {"DETERMINISTIC", 'k'},
+ {"DFIRST", 'f'},
+ {"DIFFERENCE", 'f'},
+ {"DISTINCROW", 'k'},
+ {"DISTINCT", 'k'},
+ {"DIV", 'o'},
+ {"DLAST", 'f'},
+ {"DLOOKUP", 'f'},
+ {"DMAX", 'f'},
+ {"DMIN", 'f'},
+ {"DROP", 'k'},
+ {"DSUM", 'f'},
+ {"DUAL", 'k'},
+ {"EACH", 'k'},
+ {"ELSE", 'k'},
+ {"ELSEIF", 'k'},
+ {"ELT", 'f'},
+ {"ENCLOSED", 'k'},
+ {"ENCODE", 'f'},
+ {"ENCRYPT", 'f'},
+ {"ENCRYPTBYASMKEY", 'f'},
+ {"ENCRYPTBYCERT", 'f'},
+ {"ENCRYPTBYKEY", 'f'},
+ {"ENCRYPTBYPASSPHRASE", 'f'},
+ {"ENUM_FIRST", 'f'},
+ {"ENUM_LAST", 'f'},
+ {"ENUM_RANGE", 'f'},
+ {"EOMONTH", 'f'},
+ {"ESCAPED", 'k'},
+ {"EVENTDATA", 'f'},
+ {"EXEC", 'k'},
+ {"EXECUTE", 'k'},
+ {"EXISTS", 'k'},
+ {"EXIT", 'k'},
+ {"EXP", 'f'},
+ {"EXPLAIN", 'k'},
+ {"EXPORT_SET", 'f'},
+ {"EXTRACT", 'f'},
+ {"EXTRACTVALUE", 'f'},
+ {"EXTRACT_VALUE", 'f'},
+ {"FALSE", '1'},
+ {"FETCH", 'k'},
+ {"FIELD", 'f'},
+ {"FILEDATETIME", 'f'},
+ {"FILEGROUPPROPERTY", 'f'},
+ {"FILEGROUP_ID", 'f'},
+ {"FILEGROUP_NAME", 'f'},
+ {"FILELEN", 'f'},
+ {"FILEPROPERTY", 'f'},
+ {"FILE_ID", 'f'},
+ {"FILE_IDEX", 'f'},
+ {"FILE_NAME", 'f'},
+ {"FIND_IN_SET", 'f'},
+ {"FIRST_VALUE", 'f'},
+ {"FLOOR", 'f'},
+ {"FN_VIRTUALFILESTATS", 'f'},
+ {"FOR", 'n'},
+ {"FORCE", 'k'},
+ {"FOREIGN", 'k'},
+ {"FORMAT", 'f'},
+ {"FOUND_ROWS", 'f'},
+ {"FROM", 'k'},
+ {"FROM_DAYS", 'f'},
+ {"FROM_UNIXTIME", 'f'},
+ {"FULLTEXT", 'k'},
+ {"FULLTEXTCATALOGPROPERTY", 'f'},
+ {"FULLTEXTSERVICEPROPERTY", 'f'},
+ {"GENERATE_SERIES", 'f'},
+ {"GENERATE_SUBSCRIPTS", 'f'},
+ {"GETATTR", 'f'},
+ {"GETDATE", 'f'},
+ {"GETUTCDATE", 'f'},
+ {"GET_BIT", 'f'},
+ {"GET_BYTE", 'f'},
+ {"GET_FORMAT", 'f'},
+ {"GET_LOCK", 'f'},
+ {"GOTO", 'k'},
+ {"GRANT", 'k'},
+ {"GREATEST", 'f'},
+ {"GROUP", 'n'},
+ {"GROUPING", 'f'},
+ {"GROUPING_ID", 'f'},
+ {"GROUP_CONCAT", 'f'},
+ {"HASHBYTES", 'f'},
+ {"HAS_PERMS_BY_NAME", 'f'},
+ {"HAVING", 'k'},
+ {"HEX", 'f'},
+ {"HIGH_PRIORITY", 'k'},
+ {"HOST_NAME", 'f'},
+ {"HOUR", 'f'},
+ {"HOUR_MICROSECOND", 'k'},
+ {"HOUR_MINUTE", 'k'},
+ {"HOUR_SECOND", 'k'},
+ {"IDENTIFY", 'f'},
+ {"IDENT_CURRENT", 'f'},
+ {"IDENT_INCR", 'f'},
+ {"IDENT_SEED", 'f'},
+ {"IF", 'k'},
+ {"IFF", 'f'},
+ {"IFNULL", 'f'},
+ {"IGNORE", 'k'},
+ {"IIF", 'f'},
+ {"IN", 'n'},
+ {"INDEX", 'k'},
+ {"INDEXKEY_PROPERTY", 'f'},
+ {"INDEXPROPERTY", 'f'},
+ {"INDEX_COL", 'f'},
+ {"INET_ATON", 'f'},
+ {"INET_NTOA", 'f'},
+ {"INFILE", 'k'},
+ {"INITCAP", 'f'},
+ {"INNER", 'k'},
+ {"INOUT", 'k'},
+ {"INSENSITIVE", 'k'},
+ {"INSERT", 'k'},
+ {"INSTR", 'f'},
+ {"INSTRREV", 'f'},
+ {"INT", 'k'},
+ {"INT1", 'k'},
+ {"INT2", 'k'},
+ {"INT3", 'k'},
+ {"INT4", 'k'},
+ {"INT8", 'k'},
+ {"INTEGER", 'k'},
+ {"INTERVAL", 'k'},
+ {"INTO", 'k'},
+ {"IS", 'o'},
+ {"ISDATE", 'f'},
+ {"ISEMPTY", 'f'},
+ {"ISFINITE", 'f'},
+ {"ISNULL", 'f'},
+ {"ISNUMERIC", 'f'},
+ {"IS_FREE_LOCK", 'f'},
+ {"IS_MEMBER", 'f'},
+ {"IS_OBJECTSIGNED", 'f'},
+ {"IS_ROLEMEMBER", 'f'},
+ {"IS_SRVROLEMEMBER", 'f'},
+ {"IS_USED_LOCK", 'f'},
+ {"ITERATE", 'k'},
+ {"JOIN", 'k'},
+ {"JUSTIFY_DAYS", 'f'},
+ {"JUSTIFY_HOURS", 'f'},
+ {"JUSTIFY_INTERVAL", 'f'},
+ {"KEYS", 'k'},
+ {"KEY_GUID", 'f'},
+ {"KEY_ID", 'f'},
+ {"KILL", 'k'},
+ {"LAG", 'f'},
+ {"LASTVAL", 'f'},
+ {"LAST_INSERT_ID", 'f'},
+ {"LAST_VALUE", 'f'},
+ {"LCASE", 'f'},
+ {"LEAD", 'f'},
+ {"LEADING", 'k'},
+ {"LEAST", 'f'},
+ {"LEAVE", 'k'},
+ {"LEFT", 'n'},
+ {"LENGTH", 'f'},
+ {"LIKE", 'o'},
+ {"LIMIT", 'k'},
+ {"LINEAR", 'k'},
+ {"LINES", 'k'},
+ {"LN", 'f'},
+ {"LOAD", 'k'},
+ {"LOAD_FILE", 'f'},
+ {"LOCALTIME", 'k'},
+ {"LOCALTIMESTAMP", 'k'},
+ {"LOCATE", 'f'},
+ {"LOCK", 'n'},
+ {"LOG", 'f'},
+ {"LOG10", 'f'},
+ {"LOG2", 'f'},
+ {"LONGBLOB", 'k'},
+ {"LONGTEXT", 'k'},
+ {"LOOP", 'k'},
+ {"LOWER", 'f'},
+ {"LOWER_INC", 'f'},
+ {"LOWER_INF", 'f'},
+ {"LOW_PRIORITY", 'k'},
+ {"LPAD", 'f'},
+ {"LTRIM", 'f'},
+ {"MAKEDATE", 'f'},
+ {"MAKE_SET", 'f'},
+ {"MASKLEN", 'f'},
+ {"MASTER_BIND", 'k'},
+ {"MASTER_POS_WAIT", 'f'},
+ {"MASTER_SSL_VERIFY_SERVER_CERT", 'k'},
+ {"MATCH", 'k'},
+ {"MAX", 'f'},
+ {"MAXVALUE", 'k'},
+ {"MD5", 'f'},
+ {"MEDIUMBLOB", 'k'},
+ {"MEDIUMINT", 'k'},
+ {"MEDIUMTEXT", 'k'},
+ {"MERGE", 'k'},
+ {"MICROSECOND", 'f'},
+ {"MID", 'f'},
+ {"MIDDLEINT", 'k'},
+ {"MIN", 'f'},
+ {"MINUTE", 'f'},
+ {"MINUTE_MICROSECOND", 'k'},
+ {"MINUTE_SECOND", 'k'},
+ {"MKDIR", 'f'},
+ {"MOD", 'o'},
+ {"MODE", 'n'},
+ {"MODIFIES", 'k'},
+ {"MONTH", 'f'},
+ {"MONTHNAME", 'f'},
+ {"NAME_CONST", 'f'},
+ {"NETMASK", 'f'},
+ {"NEXTVAL", 'f'},
+ {"NOT", 'o'},
+ {"NOW", 'f'},
+ {"NO_WRITE_TO_BINLOG", 'k'},
+ {"NTH_VALUE", 'f'},
+ {"NTILE", 'f'},
+ {"NULL", '1'},
+ {"NULLIF", 'f'},
+ {"NUMERIC", 'k'},
+ {"NZ", 'f'},
+ {"OBJECTPROPERTY", 'f'},
+ {"OBJECTPROPERTYEX", 'f'},
+ {"OBJECT_DEFINITION", 'f'},
+ {"OBJECT_ID", 'f'},
+ {"OBJECT_NAME", 'f'},
+ {"OBJECT_SCHEMA_NAME", 'f'},
+ {"OCT", 'f'},
+ {"OCTET_LENGTH", 'f'},
+ {"OFFSET", 'k'},
+ {"OLD_PASSWORD", 'f'},
+ {"ONE_SHOT", 'k'},
+ {"OPEN", 'k'},
+ {"OPENDATASOURCE", 'f'},
+ {"OPENQUERY", 'f'},
+ {"OPENROWSET", 'f'},
+ {"OPENXML", 'f'},
+ {"OPTIMIZE", 'k'},
+ {"OPTION", 'k'},
+ {"OPTIONALLY", 'k'},
+ {"OR", '&'},
+ {"ORD", 'f'},
+ {"ORDER", 'n'},
+ {"ORIGINAL_DB_NAME", 'f'},
+ {"ORIGINAL_LOGIN", 'f'},
+ {"OUT", 'k'},
+ {"OUTFILE", 'k'},
+ {"OVERLAPS", 'f'},
+ {"OVERLAY", 'f'},
+ {"OWN3D", 'k'},
+ {"PARSENAME", 'f'},
+ {"PARTITION", 'k'},
+ {"PASSWORD", 'k'},
+ {"PATHINDEX", 'f'},
+ {"PATINDEX", 'f'},
+ {"PERCENTILE_COUNT", 'f'},
+ {"PERCENTILE_DISC", 'f'},
+ {"PERCENTILE_RANK", 'f'},
+ {"PERCENT_RANK", 'f'},
+ {"PERIOD_ADD", 'f'},
+ {"PERIOD_DIFF", 'f'},
+ {"PERMISSIONS", 'f'},
+ {"PG_ADVISORY_LOCK", 'f'},
+ {"PG_BACKEND_PID", 'f'},
+ {"PG_CANCEL_BACKEND", 'f'},
+ {"PG_CLIENT_ENCODING", 'f'},
+ {"PG_CONF_LOAD_TIME", 'f'},
+ {"PG_CREATE_RESTORE_POINT", 'f'},
+ {"PG_HAS_ROLE", 'f'},
+ {"PG_IS_IN_RECOVERY", 'f'},
+ {"PG_IS_OTHER_TEMP_SCHEMA", 'f'},
+ {"PG_LISTENING_CHANNELS", 'f'},
+ {"PG_LS_DIR", 'f'},
+ {"PG_MY_TEMP_SCHEMA", 'f'},
+ {"PG_POSTMASTER_START_TIME", 'f'},
+ {"PG_READ_BINARY_FILE", 'f'},
+ {"PG_READ_FILE", 'f'},
+ {"PG_RELOAD_CONF", 'f'},
+ {"PG_ROTATE_LOGFILE", 'f'},
+ {"PG_SLEEP", 'f'},
+ {"PG_START_BACKUP", 'f'},
+ {"PG_STAT_FILE", 'f'},
+ {"PG_STOP_BACKUP", 'f'},
+ {"PG_SWITCH_XLOG", 'f'},
+ {"PG_TERMINATE_BACKEND", 'f'},
+ {"PG_TRIGGER_DEPTH", 'f'},
+ {"PI", 'f'},
+ {"POSITION", 'f'},
+ {"POW", 'f'},
+ {"POWER", 'f'},
+ {"PRECISION", 'k'},
+ {"PRIMARY", 'k'},
+ {"PROCEDURE", 'k'},
+ {"PUBLISHINGSERVERNAME", 'f'},
+ {"PURGE", 'k'},
+ {"PWDCOMPARE", 'f'},
+ {"PWDENCRYPT", 'f'},
+ {"QUARTER", 'f'},
+ {"QUOTE", 'f'},
+ {"QUOTENAME", 'f'},
+ {"QUOTE_IDENT", 'f'},
+ {"QUOTE_LITERAL", 'f'},
+ {"QUOTE_NULLABLE", 'f'},
+ {"RADIANS", 'f'},
+ {"RAND", 'f'},
+ {"RANDOM", 'f'},
+ {"RANDOMBLOB", 'f'},
+ {"RANGE", 'k'},
+ {"RANK", 'f'},
+ {"READ", 'k'},
+ {"READS", 'k'},
+ {"READ_WRITE", 'k'},
+ {"REAL", 'n'},
+ {"REFERENCES", 'k'},
+ {"REGEXP", 'o'},
+ {"REGEXP_MATCHES", 'f'},
+ {"REGEXP_REPLACE", 'f'},
+ {"REGEXP_SPLIT_TO_ARRAY", 'f'},
+ {"REGEXP_SPLIT_TO_TABLE", 'f'},
+ {"RELEASE", 'k'},
+ {"RELEASE_LOCK", 'f'},
+ {"RENAME", 'k'},
+ {"REPEAT", 'k'},
+ {"REPLACE", 'k'},
+ {"REPLICATE", 'f'},
+ {"REQUIRE", 'k'},
+ {"RESIGNAL", 'k'},
+ {"RESTRICT", 'k'},
+ {"RETURN", 'k'},
+ {"REVERSE", 'f'},
+ {"REVOKE", 'k'},
+ {"RIGHT", 'n'},
+ {"RLIKE", 'o'},
+ {"ROUND", 'f'},
+ {"ROW", 'f'},
+ {"ROW_COUNT", 'f'},
+ {"ROW_NUMBER", 'f'},
+ {"ROW_TO_JSON", 'f'},
+ {"RPAD", 'f'},
+ {"RTRIM", 'f'},
+ {"SCHAMA_NAME", 'f'},
+ {"SCHEMA", 'k'},
+ {"SCHEMAS", 'k'},
+ {"SCHEMA_ID", 'f'},
+ {"SCOPE_IDENTITY", 'f'},
+ {"SECOND_MICROSECOND", 'k'},
+ {"SEC_TO_TIME", 'f'},
+ {"SELECT", 'k'},
+ {"SENSITIVE", 'k'},
+ {"SEPARATOR", 'k'},
+ {"SESSION_USER", 'f'},
+ {"SET", 'k'},
+ {"SETATTR", 'f'},
+ {"SETSEED", 'f'},
+ {"SETVAL", 'f'},
+ {"SET_BIT", 'f'},
+ {"SET_BYTE", 'f'},
+ {"SET_CONFIG", 'f'},
+ {"SET_MASKLEN", 'f'},
+ {"SHA", 'f'},
+ {"SHA1", 'f'},
+ {"SHA2", 'f'},
+ {"SHOW", 'n'},
+ {"SHUTDOWN", 'k'},
+ {"SIGN", 'f'},
+ {"SIGNAL", 'k'},
+ {"SIGNBYASMKEY", 'f'},
+ {"SIGNBYCERT", 'f'},
+ {"SIMILAR", 'k'},
+ {"SIN", 'f'},
+ {"SLEEP", 'f'},
+ {"SMALLDATETIMEFROMPARTS", 'f'},
+ {"SMALLINT", 'k'},
+ {"SOUNDEX", 'f'},
+ {"SOUNDS", 'o'},
+ {"SPACE", 'f'},
+ {"SPATIAL", 'k'},
+ {"SPECIFIC", 'k'},
+ {"SPLIT_PART", 'f'},
+ {"SQL", 'k'},
+ {"SQLEXCEPTION", 'k'},
+ {"SQLSTATE", 'k'},
+ {"SQLWARNING", 'k'},
+ {"SQL_BIG_RESULT", 'k'},
+ {"SQL_CALC_FOUND_ROWS", 'k'},
+ {"SQL_SMALL_RESULT", 'k'},
+ {"SQL_VARIANT_PROPERTY", 'f'},
+ {"SQRT", 'f'},
+ {"SSL", 'k'},
+ {"STARTING", 'k'},
+ {"STATEMENT_TIMESTAMP", 'f'},
+ {"STATS_DATE", 'f'},
+ {"STDDEV", 'p'},
+ {"STDDEV_POP", 'f'},
+ {"STDDEV_SAMP", 'f'},
+ {"STRAIGHT_JOIN", 'k'},
+ {"STRCMP", 'f'},
+ {"STRCONV", 'f'},
+ {"STRING_AGG", 'f'},
+ {"STRING_TO_ARRAY", 'f'},
+ {"STRPOS", 'f'},
+ {"STR_TO_DATE", 'f'},
+ {"STUFF", 'f'},
+ {"SUBDATE", 'f'},
+ {"SUBSTR", 'f'},
+ {"SUBSTRING", 'f'},
+ {"SUBSTRING_INDEX", 'f'},
+ {"SUBTIME", 'f'},
+ {"SUM", 'f'},
+ {"SUSER_ID", 'f'},
+ {"SUSER_NAME", 'f'},
+ {"SUSER_SID", 'f'},
+ {"SUSER_SNAME", 'f'},
+ {"SWITCHOFFET", 'f'},
+ {"SYS.FN_BUILTIN_PERMISSIONS", 'f'},
+ {"SYS.FN_GET_AUDIT_FILE", 'f'},
+ {"SYS.FN_MY_PERMISSIONS", 'f'},
+ {"SYS.STRAGG", 'f'},
+ {"SYSCOLUMNS", 'k'},
+ {"SYSDATE", 'f'},
+ {"SYSDATETIME", 'f'},
+ {"SYSDATETIMEOFFSET", 'f'},
+ {"SYSOBJECTS", 'k'},
+ {"SYSTEM_USER", 'f'},
+ {"SYSUSERS", 'k'},
+ {"SYSUTCDATETME", 'f'},
+ {"TABLE", 'k'},
+ {"TAN", 'f'},
+ {"TERMINATED", 'k'},
+ {"TERTIARY_WEIGHTS", 'f'},
+ {"TEXTPTR", 'f'},
+ {"TEXTVALID", 'f'},
+ {"THEN", 'k'},
+ {"TIME", 'k'},
+ {"TIMEDIFF", 'f'},
+ {"TIMEFROMPARTS", 'f'},
+ {"TIMEOFDAY", 'f'},
+ {"TIMESERIAL", 'f'},
+ {"TIMESTAMP", 'f'},
+ {"TIMESTAMPADD", 'f'},
+ {"TIMEVALUE", 'f'},
+ {"TIME_FORMAT", 'f'},
+ {"TIME_TO_SEC", 'f'},
+ {"TINYBLOB", 'k'},
+ {"TINYINT", 'k'},
+ {"TINYTEXT", 'k'},
+ {"TODATETIMEOFFSET", 'f'},
+ {"TOP", 'k'},
+ {"TO_ASCII", 'f'},
+ {"TO_CHAR", 'f'},
+ {"TO_DATE", 'f'},
+ {"TO_DAYS", 'f'},
+ {"TO_HEX", 'f'},
+ {"TO_NUMBER", 'f'},
+ {"TO_SECONDS", 'f'},
+ {"TO_TIMESTAMP", 'f'},
+ {"TRAILING", 'n'},
+ {"TRANSACTION_TIMESTAMP", 'f'},
+ {"TRANSLATE", 'f'},
+ {"TRIGGER", 'k'},
+ {"TRIGGER_NESTLEVEL", 'f'},
+ {"TRIM", 'f'},
+ {"TRUE", '1'},
+ {"TRUNC", 'f'},
+ {"TRUNCATE", 'f'},
+ {"TRY_CAST", 'f'},
+ {"TRY_CONVERT", 'f'},
+ {"TRY_PARSE", 'f'},
+ {"TYPEPROPERTY", 'f'},
+ {"TYPE_ID", 'f'},
+ {"TYPE_NAME", 'f'},
+ {"UCASE", 'f'},
+ {"UNCOMPRESS", 'f'},
+ {"UNCOMPRESS_LENGTH", 'f'},
+ {"UNDO", 'k'},
+ {"UNHEX", 'f'},
+ {"UNION", 'U'},
+ {"UNIQUE", 'n'},
+ {"UNIX_TIMESTAMP", 'f'},
+ {"UNI_ON", 'U'},
+ {"UNKNOWN", 'k'},
+ {"UNLOCK", 'k'},
+ {"UNNEST", 'f'},
+ {"UNSIGNED", 'k'},
+ {"UPDATE", 'k'},
+ {"UPDATEXML", 'f'},
+ {"UPPER", 'f'},
+ {"UPPER_INC", 'f'},
+ {"UPPER_INF", 'f'},
+ {"USAGE", 'k'},
+ {"USE", 'k'},
+ {"USER_ID", 'n'},
+ {"USER_NAME", 'f'},
+ {"USING", 'f'},
+ {"UTC_DATE", 'k'},
+ {"UTC_TIME", 'k'},
+ {"UTC_TIMESTAMP", 'k'},
+ {"UTL_INADDR.GET_HOST_ADDRESS", 'f'},
+ {"UUID", 'f'},
+ {"UUID_SHORT", 'f'},
+ {"VALUES", 'k'},
+ {"VAR", 'f'},
+ {"VARBINARY", 'k'},
+ {"VARCHAR", 'k'},
+ {"VARCHARACTER", 'k'},
+ {"VARIANCE", 'f'},
+ {"VARP", 'f'},
+ {"VARYING", 'k'},
+ {"VAR_POP", 'f'},
+ {"VAR_SAMP", 'f'},
+ {"VERIFYSIGNEDBYASMKEY", 'f'},
+ {"VERIFYSIGNEDBYCERT", 'f'},
+ {"VERSION", 'f'},
+ {"WAITFOR", 'k'},
+ {"WEEK", 'f'},
+ {"WEEKDAY", 'f'},
+ {"WEEKDAYNAME", 'f'},
+ {"WEEKOFYEAR", 'f'},
+ {"WHEN", 'k'},
+ {"WHERE", 'k'},
+ {"WHILE", 'k'},
+ {"WIDTH_BUCKET", 'f'},
+ {"WITH", 'k'},
+ {"XMLAGG", 'f'},
+ {"XMLCOMMENT", 'f'},
+ {"XMLCONCAT", 'f'},
+ {"XMLELEMENT", 'f'},
+ {"XMLEXISTS", 'f'},
+ {"XMLFOREST", 'f'},
+ {"XMLFORMAT", 'f'},
+ {"XMLPI", 'f'},
+ {"XMLROOT", 'f'},
+ {"XMLTYPE", 'f'},
+ {"XML_IS_WELL_FORMED", 'f'},
+ {"XOR", 'o'},
+ {"XPATH", 'f'},
+ {"XPATH_EXISTS", 'f'},
+ {"XP_EXECRESULTSET", 'k'},
+ {"YEAR", 'f'},
+ {"YEARWEEK", 'f'},
+ {"YEAR_MONTH", 'k'},
+ {"ZEROFILL", 'k'},
+};
+static const size_t sql_keywords_sz = 737;
+static const char* multikeywords_start[] = {
+ "ALTER",
+ "AT",
+ "AT TIME",
+ "CROSS",
+ "FULL",
+ "GROUP",
+ "IN",
+ "IN BOOLEAN",
+ "INTERSECT",
+ "IS",
+ "IS DISTINCT",
+ "IS NOT",
+ "LEFT",
+ "LOCK",
+ "NATURAL",
+ "NEXT",
+ "NEXT VALUE",
+ "NOT",
+ "NOT SIMILAR",
+ "ORDER",
+ "OWN3D",
+ "READ",
+ "RIGHT",
+ "SELECT",
+ "SIMILAR",
+ "SOUNDS",
+ "UNION",
+};
+static const size_t multikeywords_start_sz = 27;
+static const keyword_t multikeywords[] = {
+ {"ALTER DOMAIN", 'k'},
+ {"ALTER TABLE", 'k'},
+ {"AT TIME", 'n'},
+ {"AT TIME ZONE", 'k'},
+ {"CROSS JOIN", 'k'},
+ {"FULL OUTER", 'k'},
+ {"GROUP BY", 'B'},
+ {"IN BOOLEAN", 'n'},
+ {"IN BOOLEAN MODE", 'k'},
+ {"INTERSECT ALL", 'o'},
+ {"IS DISTINCT", 'n'},
+ {"IS DISTINCT FROM", 'k'},
+ {"IS NOT", 'o'},
+ {"IS NOT DISTINCT", 'n'},
+ {"IS NOT DISTINCT FROM", 'k'},
+ {"LEFT JOIN", 'k'},
+ {"LEFT OUTER", 'k'},
+ {"LOCK TABLE", 'k'},
+ {"LOCK TABLES", 'k'},
+ {"NATURAL FULL", 'k'},
+ {"NATURAL INNER", 'k'},
+ {"NATURAL JOIN", 'k'},
+ {"NATURAL LEFT", 'k'},
+ {"NATURAL OUTER", 'k'},
+ {"NATURAL RIGHT", 'k'},
+ {"NEXT VALUE", 'n'},
+ {"NEXT VALUE FOR", 'k'},
+ {"NOT BETWEEN", 'o'},
+ {"NOT IN", 'o'},
+ {"NOT LIKE", 'o'},
+ {"NOT REGEXP", 'o'},
+ {"NOT RLIKE", 'o'},
+ {"NOT SIMILAR", 'o'},
+ {"NOT SIMILAR TO", 'o'},
+ {"ORDER BY", 'B'},
+ {"OWN3D BY", 'B'},
+ {"READ WRITE", 'k'},
+ {"RIGHT JOIN", 'k'},
+ {"RIGHT OUTER", 'k'},
+ {"SELECT ALL", 'k'},
+ {"SIMILAR TO", 'o'},
+ {"SOUNDS LIKE", 'o'},
+ {"UNION ALL", 'U'},
+};
+static const size_t multikeywords_sz = 43;
+
+typedef size_t (*pt2Function)(sfilter *sf);
+static const pt2Function char_parse_map[] = {
+ &parse_white, /* 0 */
+ &parse_white, /* 1 */
+ &parse_white, /* 2 */
+ &parse_white, /* 3 */
+ &parse_white, /* 4 */
+ &parse_white, /* 5 */
+ &parse_white, /* 6 */
+ &parse_white, /* 7 */
+ &parse_white, /* 8 */
+ &parse_white, /* 9 */
+ &parse_white, /* 10 */
+ &parse_white, /* 11 */
+ &parse_white, /* 12 */
+ &parse_white, /* 13 */
+ &parse_white, /* 14 */
+ &parse_white, /* 15 */
+ &parse_white, /* 16 */
+ &parse_white, /* 17 */
+ &parse_white, /* 18 */
+ &parse_white, /* 19 */
+ &parse_white, /* 20 */
+ &parse_white, /* 21 */
+ &parse_white, /* 22 */
+ &parse_white, /* 23 */
+ &parse_white, /* 24 */
+ &parse_white, /* 25 */
+ &parse_white, /* 26 */
+ &parse_white, /* 27 */
+ &parse_white, /* 28 */
+ &parse_white, /* 29 */
+ &parse_white, /* 30 */
+ &parse_white, /* 31 */
+ &parse_white, /* 32 */
+ &parse_operator2, /* 33 */
+ &parse_string, /* 34 */
+ &parse_eol_comment, /* 35 */
+ &parse_money, /* 36 */
+ &parse_operator1, /* 37 */
+ &parse_operator2, /* 38 */
+ &parse_string, /* 39 */
+ &parse_char, /* 40 */
+ &parse_char, /* 41 */
+ &parse_operator2, /* 42 */
+ &parse_operator1, /* 43 */
+ &parse_char, /* 44 */
+ &parse_dash, /* 45 */
+ &parse_number, /* 46 */
+ &parse_slash, /* 47 */
+ &parse_number, /* 48 */
+ &parse_number, /* 49 */
+ &parse_number, /* 50 */
+ &parse_number, /* 51 */
+ &parse_number, /* 52 */
+ &parse_number, /* 53 */
+ &parse_number, /* 54 */
+ &parse_number, /* 55 */
+ &parse_number, /* 56 */
+ &parse_number, /* 57 */
+ &parse_char, /* 58 */
+ &parse_char, /* 59 */
+ &parse_operator2, /* 60 */
+ &parse_operator2, /* 61 */
+ &parse_operator2, /* 62 */
+ &parse_other, /* 63 */
+ &parse_var, /* 64 */
+ &parse_word, /* 65 */
+ &parse_word, /* 66 */
+ &parse_word, /* 67 */
+ &parse_word, /* 68 */
+ &parse_word, /* 69 */
+ &parse_word, /* 70 */
+ &parse_word, /* 71 */
+ &parse_word, /* 72 */
+ &parse_word, /* 73 */
+ &parse_word, /* 74 */
+ &parse_word, /* 75 */
+ &parse_word, /* 76 */
+ &parse_word, /* 77 */
+ &parse_word, /* 78 */
+ &parse_word, /* 79 */
+ &parse_word, /* 80 */
+ &parse_word, /* 81 */
+ &parse_word, /* 82 */
+ &parse_word, /* 83 */
+ &parse_word, /* 84 */
+ &parse_word, /* 85 */
+ &parse_word, /* 86 */
+ &parse_word, /* 87 */
+ &parse_word, /* 88 */
+ &parse_word, /* 89 */
+ &parse_word, /* 90 */
+ &parse_other, /* 91 */
+ &parse_backslash, /* 92 */
+ &parse_other, /* 93 */
+ &parse_operator1, /* 94 */
+ &parse_word, /* 95 */
+ &parse_word, /* 96 */
+ &parse_word, /* 97 */
+ &parse_word, /* 98 */
+ &parse_word, /* 99 */
+ &parse_word, /* 100 */
+ &parse_word, /* 101 */
+ &parse_word, /* 102 */
+ &parse_word, /* 103 */
+ &parse_word, /* 104 */
+ &parse_word, /* 105 */
+ &parse_word, /* 106 */
+ &parse_word, /* 107 */
+ &parse_word, /* 108 */
+ &parse_word, /* 109 */
+ &parse_word, /* 110 */
+ &parse_word, /* 111 */
+ &parse_word, /* 112 */
+ &parse_word, /* 113 */
+ &parse_word, /* 114 */
+ &parse_word, /* 115 */
+ &parse_word, /* 116 */
+ &parse_word, /* 117 */
+ &parse_word, /* 118 */
+ &parse_word, /* 119 */
+ &parse_word, /* 120 */
+ &parse_word, /* 121 */
+ &parse_word, /* 122 */
+ &parse_other, /* 123 */
+ &parse_operator2, /* 124 */
+ &parse_other, /* 125 */
+ &parse_operator1, /* 126 */
+ &parse_white, /* 127 */
+};
+
+#endif
|
[-]
[+]
|
Added |
modsecurity-apache_2.7.4.tar.bz2/apache2/libinjection/sqlparse_private.h
^
|
@@ -0,0 +1,70 @@
+/**
+ * Copyright 2012, Nick Galbreath
+ * nickg@client9.com
+ * BSD License - see COPYING.txt for details
+ *
+ * (setq-default indent-tabs-mode nil)
+ * (setq c-default-style "k&r"
+ * c-basic-offset 4)
+ * indent -kr -nut
+ */
+#ifndef _SQLPARSE_PRIVATE_H
+#define _SQLPARSE_PRIVATE_H
+
+#include "sqlparse.h"
+
+typedef struct {
+ const char *word;
+ char type;
+} keyword_t;
+
+char bsearch_keyword_type(const char *key, const keyword_t keywords[],
+ size_t len);
+
+int is_operator2(const char *key);
+
+int is_sqli_pattern(const char *key);
+
+size_t parse_none(sfilter * sf);
+size_t parse_money(sfilter * sf);
+size_t parse_other(sfilter * sf);
+size_t parse_white(sfilter * sf);
+size_t parse_operator1(sfilter *sf);
+size_t parse_char(sfilter *sf);
+size_t parse_eol_comment(sfilter *sf);
+size_t parse_dash(sfilter *sf);
+size_t is_mysql_comment(const char *cs, const size_t len, size_t pos);
+size_t parse_slash(sfilter *sf);
+size_t parse_backslash(sfilter * sf);
+size_t parse_operator2(sfilter *sf);
+size_t parse_string_core(const char *cs, const size_t len, size_t pos,
+ stoken_t * st, char delim, size_t offset);
+size_t parse_string(sfilter *sf);
+size_t parse_word(sfilter * sf);
+size_t parse_var(sfilter * sf);
+
+size_t parse_number(sfilter * sf);
+
+int parse_token(sfilter * sf);
+
+/**
+ * Looks at syntax_last and syntax_current to see
+ * if they can be merged into a multi-keyword
+ */
+int syntax_merge_words(stoken_t * a, stoken_t * b);
+
+void sfilter_reset(sfilter * sf, const char *s, size_t slen);
+
+/**
+ * Takes a raw stream of SQL tokens and does the following:
+ * * Merge mutliple strings into one "foo", "bar" --> "foo bar"
+ * * Remove comments except last one 1, +, -- foo, 1 ->> 1,+,1
+ * * Merge multi-word keywords and operators into one
+ * e.g. "UNION", "ALL" --> "UNION ALL"
+ */
+int sqli_tokenize(sfilter * sf, stoken_t * sout);
+
+int filter_fold(sfilter * sf, stoken_t * sout);
+
+
+#endif /* _SQLPARSE_PRIVATE_H */
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/mod_security2.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/modsecurity.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -391,11 +391,9 @@
if (msr->matched_vars == NULL) return -1;
apr_table_clear(msr->matched_vars);
- if(msr->txcfg->max_rule_time > 0) {
- msr->perf_rules = apr_table_make(msr->mp, 8);
- if (msr->perf_rules == NULL) return -1;
- apr_table_clear(msr->perf_rules);
- }
+ msr->perf_rules = apr_table_make(msr->mp, 8);
+ if (msr->perf_rules == NULL) return -1;
+ apr_table_clear(msr->perf_rules);
/* Locate the cookie headers and parse them */
arr = apr_table_elts(msr->request_headers);
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/modsecurity.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -442,6 +442,8 @@
lua_State *L;
#endif
#endif
+
+ int msc_sdbm_delete_error;
};
struct directory_config {
@@ -579,7 +581,7 @@
/* Hash */
apr_array_header_t *hash_method;
- const char *crypto_key;
+ const char *crypto_key;
int crypto_key_len;
const char *crypto_param_name;
int hash_is_enabled;
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_crypt.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_crypt.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_geo.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_geo.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_gsb.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_gsb.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_logging.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_logging.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_lua.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_lua.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_multipart.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_multipart.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_parsers.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_parsers.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_pcre.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_pcre.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_release.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_release.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -38,7 +38,7 @@
#define MODSEC_VERSION_MAJOR "2"
#define MODSEC_VERSION_MINOR "7"
-#define MODSEC_VERSION_MAINT "3"
+#define MODSEC_VERSION_MAINT "4"
#define MODSEC_VERSION_TYPE ""
#define MODSEC_VERSION_RELEASE ""
@@ -53,10 +53,10 @@
#define MODSEC_MODULE_NAME "ModSecurity for IIS (STABLE)"
#else
#ifdef VERSION_NGINX
-#define MODSEC_MODULE_NAME "ModSecurity for nginx (RC)"
+#define MODSEC_MODULE_NAME "ModSecurity for nginx (STABLE)"
#else
#ifdef VERSION_STANDALONE
-#define MODSEC_MODULE_NAME "ModSecurity Standalone (RC)"
+#define MODSEC_MODULE_NAME "ModSecurity Standalone (STABLE)"
#else
#define MODSEC_MODULE_NAME "ModSecurity for Apache"
#endif
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_reqbody.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -170,6 +170,7 @@
/* Would storing this chunk mean going over the limit? */
if ((msr->msc_reqbody_spilltodisk)
+ && (msr->txcfg->reqbody_buffering != REQUEST_BODY_FORCEBUF_ON)
&& (msr->msc_reqbody_length + length > (apr_size_t)msr->txcfg->reqbody_inmemory_limit))
{
msc_data_chunk **chunks;
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_tree.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_tree.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_unicode.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_unicode.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_util.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_util.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_xml.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/msc_xml.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/persist_dbm.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -220,6 +220,7 @@
msr_log(msr, 1, "collection_retrieve_ex: Failed deleting collection (name \"%s\", "
"key \"%s\"): %s", log_escape(msr->mp, col_name),
log_escape_ex(msr->mp, col_key, col_key_len), get_apr_error(msr->mp, rc));
+ msr->msc_sdbm_delete_error = 1;
goto cleanup;
}
@@ -467,7 +468,7 @@
var->value = apr_psprintf(msr->mp, "%d", newval);
var->value_len = strlen(var->value);
-
+
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "collection_store: Delta applied for %s.%s %d->%d (%d): %d + (%d) = %d [%s,%d]",
log_escape_ex(msr->mp, var_name->value, var_name->value_len),
@@ -490,7 +491,12 @@
/* Now generate the binary object. */
blob = apr_pcalloc(msr->mp, blob_size);
if (blob == NULL) {
- goto error;
+ if (dbm != NULL) {
+ apr_sdbm_unlock(dbm);
+ apr_sdbm_close(dbm);
+ }
+
+ return -1;
}
blob[0] = 0x49;
@@ -542,10 +548,16 @@
rc = apr_sdbm_store(dbm, key, value, APR_SDBM_REPLACE);
if (rc != APR_SUCCESS) {
msr_log(msr, 1, "collection_store: Failed to write to DBM file \"%s\": %s", dbm_filename,
- get_apr_error(msr->mp, rc));
- goto error;
+ get_apr_error(msr->mp, rc));
+ if (dbm != NULL) {
+ apr_sdbm_unlock(dbm);
+ apr_sdbm_close(dbm);
+ }
+
+ return -1;
}
+ apr_sdbm_unlock(dbm);
apr_sdbm_close(dbm);
if (msr->txcfg->debuglog_level >= 4) {
@@ -557,11 +569,6 @@
return 0;
error:
-
- if (dbm) {
- apr_sdbm_close(dbm);
- }
-
return -1;
}
@@ -672,9 +679,10 @@
msr_log(msr, 1, "collections_remove_stale: Failed deleting collection (name \"%s\", "
"key \"%s\"): %s", log_escape(msr->mp, col_name),
log_escape_ex(msr->mp, key.dptr, key.dsize - 1), get_apr_error(msr->mp, rc));
+ msr->msc_sdbm_delete_error = 1;
goto error;
}
-
+
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "collections_remove_stale: Removed stale collection (name \"%s\", "
"key \"%s\").", log_escape(msr->mp, col_name),
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/persist_dbm.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/re.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -2604,12 +2604,16 @@
rt_time = apr_table_get(msr->perf_rules, rule->actionset->id);
if(rt_time == NULL) {
rt_time = apr_psprintf(msr->mp, "%" APR_TIME_T_FMT, (t1 - time_before_op));
- apr_table_setn(msr->perf_rules, rule->actionset->id, rt_time);
+ rule_time = (apr_time_t)atoi(rt_time);
+ if(rule_time >= msr->txcfg->max_rule_time)
+ apr_table_setn(msr->perf_rules, rule->actionset->id, rt_time);
} else {
rule_time = (apr_time_t)atoi(rt_time);
rule_time += (t1 - time_before_op);
- rt_time = apr_psprintf(msr->mp, "%" APR_TIME_T_FMT, rule_time);
- apr_table_setn(msr->perf_rules, rule->actionset->id, rt_time);
+ if(rule_time >= msr->txcfg->max_rule_time) {
+ rt_time = apr_psprintf(msr->mp, "%" APR_TIME_T_FMT, rule_time);
+ apr_table_setn(msr->perf_rules, rule->actionset->id, rt_time);
+ }
}
}
}
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/re.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/re_actions.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/re_operators.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -27,6 +27,9 @@
#include <arpa/inet.h>
#endif
+#include "libinjection/sqlparse.h"
+#include "libinjection/sqli_fingerprints.h"
+
/**
*
*/
@@ -369,7 +372,7 @@
/* rsub */
static char *param_remove_escape(msre_rule *rule, char *str, int len) {
- char *parm = apr_palloc(rule->ruleset->mp, len);
+ char *parm = apr_pcalloc(rule->ruleset->mp, len);
char *ret = parm;
for(;*str!='\0';str++) {
@@ -2129,6 +2132,42 @@
return 0;
}
+/** libinjection detectSQLi
+* links against files in libinjection directory
+ * See www.client9.com/libinjection for details
+ * `is_sqli_pattern` right now is a hardwired set of sqli fingerprints.
+ * In future, change to read from file.
+*/
+static int msre_op_detectSQLi_execute(modsec_rec *msr, msre_rule *rule, msre_var *var,
+ char **error_msg) {
+ sfilter sf;
+ int issqli = is_sqli(&sf, var->value, var->value_len, is_sqli_pattern);
+ int capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;
+
+ if (error_msg == NULL) return -1;
+ *error_msg = NULL;
+
+ if (issqli) {
+ set_match_to_tx(msr, capture, sf.pat, 0);
+
+ *error_msg = apr_psprintf(msr->mp, "detected SQLi using libinjection fingerprint '%s' at %s",
+ sf.pat, var->name);
+
+ if (msr->txcfg->debuglog_level >= 9) {
+ msr_log(msr, 9, "detectSQLi: libinjection fingerprint '%s' matched input '%s'",
+ sf.pat,
+ log_escape_ex(msr->mp, var->value, var->value_len));
+ }
+ } else {
+ if (msr->txcfg->debuglog_level >= 9) {
+ msr_log(msr, 9, "detectSQLi: no sql, libinjection no match input '%s' at '%s'",
+ log_escape_ex(msr->mp, var->value, var->value_len), var->name);
+ }
+ }
+
+ return issqli;
+}
+
/* containsWord */
static int msre_op_containsWord_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg) {
@@ -4502,7 +4541,14 @@
msre_op_containsWord_execute
);
- /* is */
+ /* detectSQLi */
+ msre_engine_op_register(engine,
+ "detectSQLi",
+ NULL,
+ msre_op_detectSQLi_execute
+ );
+
+ /* streq */
msre_engine_op_register(engine,
"streq",
NULL, /* ENH init function to flag var substitution */
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/re_tfns.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/re_variables.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -511,6 +511,19 @@
return 1;
}
+/* SDBM_DELETE_ERROR */
+static int var_sdbm_delete_error_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
+ apr_table_t *vartab, apr_pool_t *mptmp)
+{
+ msre_var *rvar = apr_pmemdup(mptmp, var, sizeof(msre_var));
+
+ rvar->value = apr_psprintf(mptmp, "%d", msr->msc_sdbm_delete_error);
+ rvar->value_len = strlen(rvar->value);
+ apr_table_addn(vartab, rvar->name, (void *)rvar);
+
+ return 1;
+}
+
/* REQBODY_ERROR */
static int var_reqbody_processor_error_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
@@ -700,13 +713,20 @@
static int var_remote_addr_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
apr_table_t *vartab, apr_pool_t *mptmp)
{
+#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 3
+ if (ap_find_linked_module("mod_remoteip.c") != NULL) {
+ if(msr->r->useragent_ip != NULL) msr->remote_addr = apr_pstrdup(msr->mp, msr->r->useragent_ip);
+ return var_simple_generate(var, vartab, mptmp, msr->remote_addr);
+ }
+#endif
+
return var_simple_generate(var, vartab, mptmp, msr->remote_addr);
}
/* REMOTE_HOST */
static int var_remote_host_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
- apr_table_t *vartab, apr_pool_t *mptmp)
+ apr_table_t *vartab, apr_pool_t *mptmp)
{
const char *value1 = ap_get_remote_host(msr->r->connection, msr->r->per_dir_config,
REMOTE_NAME, NULL);
@@ -3117,6 +3137,16 @@
PHASE_REQUEST_HEADERS
);
+ msre_engine_variable_register(engine,
+ "SDBM_DELETE_ERROR",
+ VAR_SIMPLE,
+ 0, 0,
+ NULL,
+ var_sdbm_delete_error_generate,
+ VAR_DONT_CACHE, /* dynamic */
+ PHASE_REQUEST_BODY
+ );
+
/* REQBODY_PROCESSOR_ERROR - Deprecated */
msre_engine_variable_register(engine,
"REQBODY_PROCESSOR_ERROR",
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/apache2/utf8tables.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/build/find_apr.m4
^
|
@@ -11,7 +11,8 @@
APR_CPPFLAGS=""
APR_LDFLAGS=""
APR_LDADD=""
-
+APR_INCLUDEDIR=""
+APR_LINKLD=""
AC_DEFUN([CHECK_APR],
[dnl
@@ -63,6 +64,10 @@
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apr LDFLAGS: $APR_LDFLAGS); fi
APR_LDADD="`${APR_CONFIG} --link-libtool`"
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apr LDADD: $APR_LDADD); fi
+ APR_INCLUDEDIR="`${APR_CONFIG} --includedir`"
+ if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apr INCLUDEDIR: $APR_INCLUDEDIR); fi
+ APR_LINKLD="`${APR_CONFIG} --link-ld`"
+ if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apr LINKLD: $APR_LINKLD); fi
else
AC_MSG_RESULT([no])
fi
@@ -73,6 +78,8 @@
AC_SUBST(APR_CPPFLAGS)
AC_SUBST(APR_LDFLAGS)
AC_SUBST(APR_LDADD)
+AC_SUBST(APR_INCLUDEDIR)
+AC_SUBST(APR_LINKLD)
if test -z "${APR_VERSION}"; then
AC_MSG_NOTICE([*** apr library not found.])
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/build/find_apu.m4
^
|
@@ -10,6 +10,8 @@
APU_CFLAGS=""
APU_LDFLAGS=""
APU_LDADD=""
+APU_INCLUDEDIR=""
+APU_LINKLD=""
AC_DEFUN([CHECK_APU],
[dnl
@@ -18,7 +20,7 @@
apu,
[AC_HELP_STRING([--with-apu=PATH],[Path to apu prefix or config script])],
[test_paths="${with_apu}"],
- [test_paths="/usr/local/libapr-util /usr/local/apr-util /usr/local/libapu /usr/local/apu /usr/local /opt/libapr-util /opt/apr-util /opt/libapu /opt/apu /opt /usr"])
+ [test_paths="/usr/local/libapr-util /usr/local/apr-util /usr/local/libapu /usr/local/apu /usr/local/apr /usr/local /opt/libapr-util /opt/apr-util /opt/libapu /opt/apu /opt /usr"])
AC_MSG_CHECKING([for libapu config script])
@@ -60,6 +62,10 @@
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LDFLAGS: $APU_LDFLAGS); fi
APU_LDADD="`${APU_CONFIG} --link-libtool`"
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LDADD: $APU_LDADD); fi
+ APU_INCLUDEDIR="`${APU_CONFIG} --includedir`"
+ if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu INCLUDEDIR: $APU_INCLUDEDIR); fi
+ APU_LINKLD="`${APU_CONFIG} --link-ld`"
+ if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LINKLD: $APU_LINKLD); fi
else
AC_MSG_RESULT([no])
fi
@@ -69,6 +75,8 @@
AC_SUBST(APU_CFLAGS)
AC_SUBST(APU_LDFLAGS)
AC_SUBST(APU_LDADD)
+AC_SUBST(APU_INCLUDEDIR)
+AC_SUBST(APU_LINKLD)
if test -z "${APU_VERSION}"; then
AC_MSG_NOTICE([*** apu library not found.])
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/configure
^
|
@@ -764,11 +764,15 @@
LIBXML2_CFLAGS
LIBXML2_VERSION
LIBXML2_CONFIG
+APU_LINKLD
+APU_INCLUDEDIR
APU_LDADD
APU_LDFLAGS
APU_CFLAGS
APU_VERSION
APU_CONFIG
+APR_LINKLD
+APR_INCLUDEDIR
APR_LDADD
APR_LDFLAGS
APR_CPPFLAGS
@@ -1644,7 +1648,8 @@
--enable-htaccess-config
Enable some mod_security directives into htaccess
files.
- --enable-request-early Place phase1 into post_read_request hook.
+ --enable-request-early Place phase1 into post_read_request hook. default is
+ hook_request_early
--disable-errors Disable errors during configure.
--enable-verbose-output Enable more verbose configure output.
--enable-strict-compile Enable strict compilation (warnings are errors).
@@ -4746,13 +4751,13 @@
else
lt_cv_nm_interface="BSD nm"
echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:4749: $ac_compile\"" >&5)
+ (eval echo "\"\$as_me:4754: $ac_compile\"" >&5)
(eval "$ac_compile" 2>conftest.err)
cat conftest.err >&5
- (eval echo "\"\$as_me:4752: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+ (eval echo "\"\$as_me:4757: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
(eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
cat conftest.err >&5
- (eval echo "\"\$as_me:4755: output\"" >&5)
+ (eval echo "\"\$as_me:4760: output\"" >&5)
cat conftest.out >&5
if $GREP 'External.*some_variable' conftest.out > /dev/null; then
lt_cv_nm_interface="MS dumpbin"
@@ -5958,7 +5963,7 @@
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 5961 "configure"' > conftest.$ac_ext
+ echo '#line 5966 "configure"' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -7487,11 +7492,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7490: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:7495: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:7494: \$? = $ac_status" >&5
+ echo "$as_me:7499: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -7826,11 +7831,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7829: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:7834: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:7833: \$? = $ac_status" >&5
+ echo "$as_me:7838: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -7931,11 +7936,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7934: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:7939: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:7938: \$? = $ac_status" >&5
+ echo "$as_me:7943: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -7986,11 +7991,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7989: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:7994: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:7993: \$? = $ac_status" >&5
+ echo "$as_me:7998: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -10370,7 +10375,7 @@
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 10373 "configure"
+#line 10378 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -10466,7 +10471,7 @@
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 10469 "configure"
+#line 10474 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -13209,6 +13214,12 @@
APR_LDADD="`${APR_CONFIG} --link-libtool`"
if test "$verbose_output" -eq 1; then { $as_echo "$as_me:${as_lineno-$LINENO}: apr LDADD: $APR_LDADD" >&5
$as_echo "$as_me: apr LDADD: $APR_LDADD" >&6;}; fi
+ APR_INCLUDEDIR="`${APR_CONFIG} --includedir`"
+ if test "$verbose_output" -eq 1; then { $as_echo "$as_me:${as_lineno-$LINENO}: apr INCLUDEDIR: $APR_INCLUDEDIR" >&5
+$as_echo "$as_me: apr INCLUDEDIR: $APR_INCLUDEDIR" >&6;}; fi
+ APR_LINKLD="`${APR_CONFIG} --link-ld`"
+ if test "$verbose_output" -eq 1; then { $as_echo "$as_me:${as_lineno-$LINENO}: apr LINKLD: $APR_LINKLD" >&5
+$as_echo "$as_me: apr LINKLD: $APR_LINKLD" >&6;}; fi
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
@@ -13221,6 +13232,8 @@
+
+
if test -z "${APR_VERSION}"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: *** apr library not found." >&5
$as_echo "$as_me: *** apr library not found." >&6;}
@@ -13237,7 +13250,7 @@
if test "${with_apu+set}" = set; then :
withval=$with_apu; test_paths="${with_apu}"
else
- test_paths="/usr/local/libapr-util /usr/local/apr-util /usr/local/libapu /usr/local/apu /usr/local /opt/libapr-util /opt/apr-util /opt/libapu /opt/apu /opt /usr"
+ test_paths="/usr/local/libapr-util /usr/local/apr-util /usr/local/libapu /usr/local/apu /usr/local/apr /usr/local /opt/libapr-util /opt/apr-util /opt/libapu /opt/apu /opt /usr"
fi
@@ -13285,6 +13298,12 @@
APU_LDADD="`${APU_CONFIG} --link-libtool`"
if test "$verbose_output" -eq 1; then { $as_echo "$as_me:${as_lineno-$LINENO}: apu LDADD: $APU_LDADD" >&5
$as_echo "$as_me: apu LDADD: $APU_LDADD" >&6;}; fi
+ APU_INCLUDEDIR="`${APU_CONFIG} --includedir`"
+ if test "$verbose_output" -eq 1; then { $as_echo "$as_me:${as_lineno-$LINENO}: apu INCLUDEDIR: $APU_INCLUDEDIR" >&5
+$as_echo "$as_me: apu INCLUDEDIR: $APU_INCLUDEDIR" >&6;}; fi
+ APU_LINKLD="`${APU_CONFIG} --link-ld`"
+ if test "$verbose_output" -eq 1; then { $as_echo "$as_me:${as_lineno-$LINENO}: apu LINKLD: $APU_LINKLD" >&5
+$as_echo "$as_me: apu LINKLD: $APU_LINKLD" >&6;}; fi
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
@@ -13292,6 +13311,8 @@
+
+
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/configure.ac
^
|
@@ -374,7 +374,7 @@
# Enable phase-1 in post_read_request
AC_ARG_ENABLE(request-early,
AS_HELP_STRING([--enable-request-early],
- [Place phase1 into post_read_request hook.]),
+ [Place phase1 into post_read_request hook. default is hook_request_early]),
[
if test "$enableval" != "no"; then
request_early="-DREQUEST_EARLY"
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/ext/Makefile.in
^
|
@@ -136,13 +136,17 @@
APR_CFLAGS = @APR_CFLAGS@
APR_CONFIG = @APR_CONFIG@
APR_CPPFLAGS = @APR_CPPFLAGS@
+APR_INCLUDEDIR = @APR_INCLUDEDIR@
APR_LDADD = @APR_LDADD@
APR_LDFLAGS = @APR_LDFLAGS@
+APR_LINKLD = @APR_LINKLD@
APR_VERSION = @APR_VERSION@
APU_CFLAGS = @APU_CFLAGS@
APU_CONFIG = @APU_CONFIG@
+APU_INCLUDEDIR = @APU_INCLUDEDIR@
APU_LDADD = @APU_LDADD@
APU_LDFLAGS = @APU_LDFLAGS@
+APU_LINKLD = @APU_LINKLD@
APU_VERSION = @APU_VERSION@
APXS = @APXS@
APXS_BINDIR = @APXS_BINDIR@
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/ext/mod_op_strstr.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/ext/mod_reqbody_example.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/ext/mod_tfn_reverse.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/ext/mod_var_remote_addr_port.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/iis/Makefile.win
^
|
@@ -52,6 +52,7 @@
msc_release.obj msc_crypt.obj msc_tree.obj
OBJS2 = api.obj buckets.obj config.obj filters.obj hooks.obj regex.obj server.obj
OBJS3 = main.obj moduleconfig.obj mymodule.obj
+OBJS4 = sqlparse.obj
all: $(DLL)
@@ -60,14 +61,17 @@
$(OBJS1): ..\apache2\$*.c
$(CC) $(CFLAGS) -c ..\apache2\$*.c -Fo$@
+$(OBJS4): ..\apache2\libinjection\$*.c
+ $(CC) $(CFLAGS) -c ..\apache2\libinjection\$*.c -Fo$@
+
$(OBJS2): ..\standalone\$*.c
$(CC) $(CFLAGS) -c ..\standalone\$*.c -Fo$@
.cpp.obj:
$(CC) $(CFLAGS) -c $< -Fo$@
-$(DLL): $(OBJS1) $(OBJS2) $(OBJS3)
- $(LINK) $(LDFLAGS) $(OBJS1) $(OBJS2) $(OBJS3) $(LIBS)
+$(DLL): $(OBJS1) $(OBJS2) $(OBJS3) $(OBJS4)
+ $(LINK) $(LDFLAGS) $(OBJS1) $(OBJS2) $(OBJS3) $(OBJS4) $(LIBS)
IF EXIST $(DLL).manifest $(MT) -manifest $(DLL).manifest -outputresource:$(DLL);#1
clean:
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/iis/main.cpp
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/iis/moduleconfig.cpp
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/iis/moduleconfig.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/iis/mymodule.cpp
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/iis/mymodule.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/iis/mymodulefactory.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/mlogc/Makefile.in
^
|
@@ -109,13 +109,17 @@
APR_CFLAGS = @APR_CFLAGS@
APR_CONFIG = @APR_CONFIG@
APR_CPPFLAGS = @APR_CPPFLAGS@
+APR_INCLUDEDIR = @APR_INCLUDEDIR@
APR_LDADD = @APR_LDADD@
APR_LDFLAGS = @APR_LDFLAGS@
+APR_LINKLD = @APR_LINKLD@
APR_VERSION = @APR_VERSION@
APU_CFLAGS = @APU_CFLAGS@
APU_CONFIG = @APU_CONFIG@
+APU_INCLUDEDIR = @APU_INCLUDEDIR@
APU_LDADD = @APU_LDADD@
APU_LDFLAGS = @APU_LDFLAGS@
+APU_LINKLD = @APU_LINKLD@
APU_VERSION = @APU_VERSION@
APXS = @APXS@
APXS_BINDIR = @APXS_BINDIR@
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/mlogc/mlogc-batch-load.pl.in
^
|
@@ -1,7 +1,7 @@
#!@PERL@
#
# ModSecurity for Apache 2.x, http://www.modsecurity.org/
-# Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+# Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
#
# You may not use this file except in compliance with
# the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/mlogc/mlogc.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/modsecurity.conf-recommended
^
|
@@ -77,7 +77,7 @@
# Did we see anything that might be a boundary?
#
SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
-"id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
+"id:'200003',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
# PCRE Tuning
# We want to avoid a potential RegEx DoS condition
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/nginx/modsecurity/apr_bucket_nginx.c
^
|
@@ -204,6 +204,17 @@
if (APR_BUCKET_IS_EOS(e)) {
if (cl == NULL) {
+ cl = ngx_alloc_chain_link(pool);
+ if (cl == NULL) {
+ break;
+ }
+
+ cl->buf = ngx_calloc_buf(pool);
+ if (cl->buf == NULL) {
+ break;
+ }
+
+ cl->buf->last_buf = 1;
*ll = cl;
} else {
cl->buf->last_buf = 1;
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/nginx/modsecurity/config
^
|
@@ -3,5 +3,5 @@
HTTP_AUX_FILTER_MODULES="ngx_http_modsecurity $HTTP_AUX_FILTER_MODULES"
NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_modsecurity.c $ngx_addon_dir/apr_bucket_nginx.c $ngx_addon_dir/ngx_pool_context.c"
NGX_ADDON_DEPS="$NGX_ADDON_DEPS $ngx_addon_dir/apr_bucket_nginx.h $ngx_addon_dir/ngx_pool_context.h"
-CORE_LIBS="$CORE_LIBS $ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm "
-CORE_INCS="$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 /usr/include/httpd /usr/include/apr-1 $ngx_addon_dir $ngx_addon_dir/../../standalone $ngx_addon_dir/../../apache2 /usr/include/libxml2 "
+CORE_LIBS="$CORE_LIBS $ngx_addon_dir/../../standalone/.libs/standalone.a -L/usr/local/apr/lib -lapr-1 -L/usr/local/apr/lib -laprutil-1 -lpcre -lxml2 -lz -lm -ldl "
+CORE_INCS="$CORE_INCS $ngx_addon_dir $ngx_addon_dir/../../standalone $ngx_addon_dir/../../apache2 /usr/include/libxml2 /usr/local/apache2/include /usr/local/apr/include/apr-1 /usr/local/apr/include/apr-1"
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/nginx/modsecurity/ngx_http_modsecurity.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -16,6 +16,8 @@
#include <apr_bucket_nginx.h>
#include <ngx_pool_context.h>
+#include <apr_base64.h>
+
#undef CR
#undef LF
#undef CRLF
@@ -52,7 +54,6 @@
static ngx_int_t ngx_http_modsecurity_preconfiguration(ngx_conf_t *cf);
static ngx_int_t ngx_http_modsecurity_init(ngx_conf_t *cf);
static ngx_int_t ngx_http_modsecurity_init_process(ngx_cycle_t *cycle);
-static void ngx_http_modsecurity_exit_process(ngx_cycle_t *cycle);
static void *ngx_http_modsecurity_create_loc_conf(ngx_conf_t *cf);
static char *ngx_http_modsecurity_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child);
static char *ngx_http_modsecurity_config(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
@@ -60,6 +61,7 @@
static ngx_http_modsecurity_ctx_t * ngx_http_modsecurity_create_ctx(ngx_http_request_t *r);
static int ngx_http_modsecurity_drop_action(request_rec *r);
+static void ngx_http_modsecurity_finalize(void *data);
static void ngx_http_modsecurity_cleanup(void *data);
static int ngx_http_modsecurity_save_headers_in_visitor(void *data, const char *key, const char *value);
@@ -113,8 +115,8 @@
ngx_http_modsecurity_init_process, /* init process */
NULL, /* init thread */
NULL, /* exit thread */
- ngx_http_modsecurity_exit_process, /* exit process */
- ngx_http_modsecurity_exit_process, /* exit master */
+ NULL, /* exit process */
+ NULL, /* exit master */
NGX_MODULE_V1_PADDING
};
@@ -156,7 +158,8 @@
}
-static inline int ngx_http_modsecurity_method_number(unsigned int nginx)
+static inline int
+ngx_http_modsecurity_method_number(unsigned int nginx)
{
/*
* http://graphics.stanford.edu/~seander/bithacks.html#ZerosOnRightMultLookup
@@ -246,7 +249,7 @@
}
#endif
- req->parsed_uri.path = req->path_info;
+ req->parsed_uri.path = (char *)ngx_pstrdup0(r->pool, &r->uri);
req->parsed_uri.is_initialized = 1;
str.data = r->port_start;
@@ -254,7 +257,7 @@
req->parsed_uri.port = ngx_atoi(str.data, str.len);
req->parsed_uri.port_str = (char *)ngx_pstrdup0(r->pool, &str);
- req->parsed_uri.query = req->args;
+ req->parsed_uri.query = r->args.len ? req->args : NULL;
req->parsed_uri.dns_looked_up = 0;
req->parsed_uri.dns_resolved = 0;
@@ -786,6 +789,29 @@
return 1;
}
+
+static ngx_inline ngx_int_t
+ngx_http_modsecurity_status(ngx_http_request_t *r, int status)
+{
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSecurity: status %d", status);
+
+ if (status == DECLINED || status == APR_SUCCESS) {
+ return NGX_DECLINED;
+ }
+
+ /* nginx known status */
+ if ( (status >= 300 && status < 308) /* 3XX */
+ || (status >= 400 && status < 417) /* 4XX */
+ || (status >= 500 && status < 508) /* 5XX */
+ || (status == NGX_HTTP_CREATED || status == NGX_HTTP_NO_CONTENT) ) {
+
+ return status;
+ }
+
+ return NGX_HTTP_INTERNAL_SERVER_ERROR;
+}
+
+
/* create loc conf struct */
static void *
ngx_http_modsecurity_create_loc_conf(ngx_conf_t *cf)
@@ -858,7 +884,8 @@
static ngx_int_t
ngx_http_modsecurity_preconfiguration(ngx_conf_t *cf)
{
- server_rec *s;
+ server_rec *s;
+ ngx_pool_cleanup_t *cln;
/* XXX: temporary hack, nginx uses pcre as well and hijacks these two */
pcre_malloc = modsec_pcre_malloc;
@@ -873,6 +900,12 @@
return NGX_ERROR;
}
+ cln = ngx_pool_cleanup_add(cf->pool, 0);
+ if (cln == NULL) {
+ return NGX_ERROR;
+ }
+ cln->handler = ngx_http_modsecurity_finalize;
+
/* set host name */
s->server_hostname = ngx_palloc(cf->pool, ngx_cycle->hostname.len + 1);
if (s->server_hostname == NULL) {
@@ -886,6 +919,12 @@
}
+static void
+ngx_http_modsecurity_finalize(void *data)
+{
+ modsecTerminate();
+}
+
static ngx_int_t
ngx_http_modsecurity_init(ngx_conf_t *cf)
@@ -896,9 +935,6 @@
modsecFinalizeConfig();
cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
- if (cmcf == NULL) {
- return NGX_ERROR;
- }
h = ngx_array_push(&cmcf->phases[NGX_HTTP_PREACCESS_PHASE].handlers);
if (h == NULL) {
@@ -921,17 +957,12 @@
static ngx_int_t
ngx_http_modsecurity_init_process(ngx_cycle_t *cycle)
{
+ /* must set log hook here cf->log maybe changed */
modsecSetLogHook(cycle->log, modsecLog);
modsecInitProcess();
return NGX_OK;
}
-static void
-ngx_http_modsecurity_exit_process(ngx_cycle_t *cycle)
-{
- modsecTerminate();
-}
-
/*
** [ENTRY POINT] does : this function called by nginx from the request handler
@@ -952,18 +983,18 @@
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: handler");
+ /* create / retrive request ctx */
if (r->internal) {
- /* we have already processed the request headers with previous loc conf */
-
- /* TODO: do we need update ctx and process headers again? */
+
ctx = ngx_http_get_module_pool_ctx(r, ngx_http_modsecurity);
if (ctx) {
+ /* we have already processed the request headers */
ngx_http_set_ctx(r, ctx, ngx_http_modsecurity);
return NGX_DECLINED;
}
- ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: get internel request ctx failed");
+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: request pool ctx empty");
}
ctx = ngx_http_modsecurity_create_ctx(r);
@@ -978,52 +1009,34 @@
return NGX_ERROR;
}
- ngx_http_modsecurity_load_request(r);
-
- if (ngx_http_modsecurity_load_headers_in(r) != NGX_OK) {
+ /* load request to request rec */
+ if (ngx_http_modsecurity_load_request(r) != NGX_OK
+ || ngx_http_modsecurity_load_headers_in(r) != NGX_OK) {
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
/* processing request headers */
- rc = modsecProcessRequestHeaders(ctx->req);
- ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSecurity: modsecProcessRequestHeaders %d", rc);
-
- if (rc == DECLINED) {
-
- if (modsecIsRequestBodyAccessEnabled(ctx->req)
- && r->method == NGX_HTTP_POST) {
-
- /* Processing POST request body, should we process PUT? */
- rc = ngx_http_read_client_request_body(r, ngx_http_modsecurity_body_handler);
- if (rc >= NGX_HTTP_SPECIAL_RESPONSE) {
- return rc;
- }
+ rc = ngx_http_modsecurity_status(r, modsecProcessRequestHeaders(ctx->req));
- return NGX_DONE;
- }
- /* other method */
- rc = modsecProcessRequestBody(ctx->req);
- ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSecurity: modsecProcessRequestBody %d", rc);
+ if (rc != NGX_DECLINED) {
+ return rc;
}
- if (rc != DECLINED) {
+ if (r->method == NGX_HTTP_POST
+ && modsecIsRequestBodyAccessEnabled(ctx->req) ) {
- /* Nginx and Apache share same response code */
- if (rc < NGX_HTTP_SPECIAL_RESPONSE || rc >= 600) {
- return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ /* read POST request body, should we process PUT? */
+ rc = ngx_http_read_client_request_body(r, ngx_http_modsecurity_body_handler);
+ if (rc >= NGX_HTTP_SPECIAL_RESPONSE) {
+ return rc;
}
- return rc;
- }
-
- /*
- if (ngx_http_modsecurity_save_headers_in(r) != NGX_OK) {
- return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ return NGX_DONE;
}
- */
-
- return NGX_DECLINED;
+
+ /* other method */
+ return ngx_http_modsecurity_status(r, modsecProcessRequestBody(ctx->req));
}
@@ -1038,19 +1051,12 @@
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity);
if (ngx_http_modsecurity_load_request_body(r) != NGX_OK) {
-
return ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
}
- rc = modsecProcessRequestBody(ctx->req);
-
- ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSecurity: modsecProcessRequestBody %d", rc);
+ rc = ngx_http_modsecurity_status(r, modsecProcessRequestBody(ctx->req));
- if (rc != DECLINED) {
- /* Nginx and Apache share same response code */
- if (rc < NGX_HTTP_SPECIAL_RESPONSE || rc >= 600) {
- rc = NGX_HTTP_INTERNAL_SERVER_ERROR;
- }
+ if (rc != NGX_DECLINED) {
return ngx_http_finalize_request(r, rc);
}
@@ -1070,18 +1076,48 @@
ngx_http_modsecurity_header_filter(ngx_http_request_t *r) {
ngx_http_modsecurity_loc_conf_t *cf;
ngx_http_modsecurity_ctx_t *ctx;
+ const char *location;
+ ngx_table_elt_t *h;
ngx_int_t rc;
+
cf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity);
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity);
- if (r != r->main || !cf->enable || ctx->complete) {
+ /* already processed, checking redirect action. */
+ if (ctx && ctx->complete
+ && r->err_status >= NGX_HTTP_MOVED_PERMANENTLY
+ && r->err_status < 308) {
+
+ /* 3XX load redirect location header so that we can do redirect in phase 3,4 */
+ location = apr_table_get(ctx->req->headers_out, "Location");
+
+ if (location == NULL) {
+ return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+ h = ngx_list_push(&r->headers_out.headers);
+ if (h == NULL) {
+ return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+ h->hash = 1;
+ h->key.data = (u_char *)"Location";
+ h->key.len = ngx_strlen("Location");
+ h->value.data = (u_char *)location;
+ h->value.len = ngx_strlen(location);
+
+ return ngx_http_next_header_filter(r);
+ }
+
+ if (r != r->main || !cf->enable || ctx == NULL ||ctx->complete) {
return ngx_http_next_header_filter(r);
}
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: header filter");
- if (r->method == NGX_HTTP_HEAD || r->header_only) {
+ /* header only or SecResponseBodyAccess off */
+ if (r->header_only || (!modsecIsResponseBodyAccessEnabled(ctx->req)) ) {
ctx->complete = 1;
@@ -1091,26 +1127,26 @@
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
- rc = modsecProcessResponse(ctx->req);
- ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSecurity: modsecProcessResponse %d", rc);
-
- if (rc == DECLINED || rc == APR_SUCCESS) {
-
- if (ngx_http_modsecurity_save_headers_in(r) != NGX_OK
- || ngx_http_modsecurity_save_headers_out(r) != NGX_OK) {
- return NGX_HTTP_INTERNAL_SERVER_ERROR;
- }
+ rc = ngx_http_modsecurity_status(r, modsecProcessResponse(ctx->req));
- return ngx_http_next_header_filter(r);
+ if (rc != NGX_DECLINED) {
+ return ngx_http_filter_finalize_request(r, &ngx_http_modsecurity, rc);
}
- if (rc < NGX_HTTP_SPECIAL_RESPONSE || rc >= 600) {
- rc = NGX_HTTP_INTERNAL_SERVER_ERROR;
+ if (ngx_http_modsecurity_save_headers_in(r) != NGX_OK
+ || ngx_http_modsecurity_save_headers_out(r) != NGX_OK) {
+ return ngx_http_filter_finalize_request(r, &ngx_http_modsecurity, NGX_HTTP_INTERNAL_SERVER_ERROR);
}
- return rc;
+ return ngx_http_next_header_filter(r);
}
+ /* SecResponseBodyAccess on, process rules in body filter */
+
+ /* pretend we are ngx_http_header_filter */
+ r->header_sent = 1;
+
+ r->filter_need_in_memory = 1;
return NGX_OK;
}
@@ -1122,80 +1158,105 @@
ngx_http_modsecurity_ctx_t *ctx;
ngx_int_t rc;
apr_off_t content_length;
+ ngx_chain_t *cl, *out;
+ ngx_int_t last_buf = 0;
cf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity);
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity);
- if (r != r->main || !cf->enable || ctx->complete) {
+ if (r != r->main || !cf->enable || ctx == NULL || ctx->complete) {
return ngx_http_next_body_filter(r, in);
}
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: body filter");
- if (in == NULL) {
- return NGX_AGAIN;
+ for (cl = in; cl; cl = cl->next) {
+ apr_bucket *e;
+ ngx_buf_t *buf = cl->buf;
+ apr_bucket_brigade *bb = ctx->brigade;
+ off_t size = ngx_buf_size(buf);
+ if (size) {
+ char *data = apr_pmemdup(bb->p, buf->pos, size);
+ if (data == NULL) {
+ return ngx_http_filter_finalize_request(r,
+ &ngx_http_modsecurity, NGX_HTTP_INTERNAL_SERVER_ERROR);
+ }
+ e = apr_bucket_pool_create(data , size, bb->p, bb->bucket_alloc);
+ if (e == NULL) {
+ return ngx_http_filter_finalize_request(r,
+ &ngx_http_modsecurity, NGX_HTTP_INTERNAL_SERVER_ERROR);
+ }
+ APR_BRIGADE_INSERT_TAIL(bb, e);
+ }
+
+ if (buf->last_buf) {
+ last_buf = 1;
+ buf->last_buf = 0;
+ e = apr_bucket_eos_create(bb->bucket_alloc);
+ if (e == NULL) {
+ return ngx_http_filter_finalize_request(r,
+ &ngx_http_modsecurity, NGX_HTTP_INTERNAL_SERVER_ERROR);
+ }
+ APR_BRIGADE_INSERT_TAIL(bb, e);
+ break;
+ }
+
+ buf->pos = buf->last;
}
- rc = move_chain_to_brigade(in, ctx->brigade, r->pool, 0);
- if (rc != NGX_OK) {
- return rc;
+ if (!last_buf) {
+ return NGX_AGAIN;
}
/* last buf has been saved */
-
ctx->complete = 1;
modsecSetResponseBrigade(ctx->req, ctx->brigade);
- // TODO: do we need reload headers_in ?
- //
if (ngx_http_modsecurity_load_headers_in(r) != NGX_OK
|| ngx_http_modsecurity_load_headers_out(r) != NGX_OK) {
- return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ return ngx_http_filter_finalize_request(r,
+ &ngx_http_modsecurity, NGX_HTTP_INTERNAL_SERVER_ERROR);
}
- rc = modsecProcessResponse(ctx->req);
- ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSecurity: modsecProcessResponse %d", rc);
+ rc = ngx_http_modsecurity_status(r, modsecProcessResponse(ctx->req));
- if (rc == DECLINED || rc == APR_SUCCESS) {
-
- in = NULL;
-
- apr_brigade_length(ctx->brigade, 0, &content_length);
-
- rc = move_brigade_to_chain(ctx->brigade, &in, r->pool);
- if (rc == NGX_ERROR) {
- return NGX_ERROR;
- }
-
- if (ngx_http_modsecurity_save_headers_in(r) != NGX_OK
- ||ngx_http_modsecurity_save_headers_out(r) != NGX_OK) {
+ if (rc != NGX_DECLINED) {
+ return ngx_http_filter_finalize_request(r, &ngx_http_modsecurity, rc);
+ }
- return ngx_http_filter_finalize_request(r, &ngx_http_modsecurity, NGX_HTTP_INTERNAL_SERVER_ERROR);
- }
+ apr_brigade_length(ctx->brigade, 0, &content_length);
- if (r->headers_out.content_length_n != -1) {
+ rc = move_brigade_to_chain(ctx->brigade, &out, r->pool);
+ if (rc == NGX_ERROR) {
+ return ngx_http_filter_finalize_request(r,
+ &ngx_http_modsecurity, NGX_HTTP_INTERNAL_SERVER_ERROR);
+ }
- r->headers_out.content_length_n = content_length;
- r->headers_out.content_length = NULL; /* header filter will set this */
- }
+ if (ngx_http_modsecurity_save_headers_in(r) != NGX_OK
+ ||ngx_http_modsecurity_save_headers_out(r) != NGX_OK) {
- rc = ngx_http_next_header_filter(r);
+ return ngx_http_filter_finalize_request(r,
+ &ngx_http_modsecurity, NGX_HTTP_INTERNAL_SERVER_ERROR);
+ }
- if (rc == NGX_ERROR || rc > NGX_OK) {
- return ngx_http_filter_finalize_request(r, &ngx_http_modsecurity, rc);
- }
+ if (r->headers_out.content_length_n != -1) {
- return ngx_http_next_body_filter(r, in);
+ r->headers_out.content_length_n = content_length;
+ r->headers_out.content_length = NULL; /* header filter will set this */
}
- if (rc < NGX_HTTP_SPECIAL_RESPONSE || rc >= 600) {
- rc = NGX_HTTP_INTERNAL_SERVER_ERROR;
+ r->header_sent = 0;
+ rc = ngx_http_next_header_filter(r);
+
+ if (rc == NGX_ERROR || rc > NGX_OK) {
+ return ngx_http_filter_finalize_request(r, &ngx_http_modsecurity, rc);
}
- return ngx_http_filter_finalize_request(r, &ngx_http_modsecurity, rc);
+ return ngx_http_next_body_filter(r, out);
}
+#define TXID_SIZE 25
static ngx_http_modsecurity_ctx_t *
ngx_http_modsecurity_create_ctx(ngx_http_request_t *r)
@@ -1205,6 +1266,9 @@
ngx_http_modsecurity_ctx_t *ctx;
apr_sockaddr_t *asa;
struct sockaddr_in *sin;
+ char *txid;
+ unsigned char salt[TXID_SIZE];
+ int i;
#if (NGX_HAVE_INET6)
struct sockaddr_in6 *sin6;
#endif
@@ -1278,7 +1342,26 @@
ctx->req = modsecNewRequest(ctx->connection, cf->config);
apr_table_setn(ctx->req->notes, NOTE_NGINX_REQUEST_CTX, (const char *) ctx);
- apr_table_setn(ctx->req->subprocess_env, "UNIQUE_ID", "12345");
+ apr_generate_random_bytes(salt, TXID_SIZE);
+
+ txid = apr_pcalloc (ctx->req->pool, TXID_SIZE);
+ apr_base64_encode (txid, (const char*)salt, TXID_SIZE);
+
+ for(i=0;i<TXID_SIZE;i++) {
+ if((salt[i] >= 0x30) && (salt[i] <= 0x39)) {}
+ else if((salt[i] >= 0x40) && (salt[i] <= 0x5A)) {}
+ else if((salt[i] >= 0x61) && (salt[i] <= 0x7A)) {}
+ else {
+ if((i%2)==0)
+ salt[i] = 0x41;
+ else
+ salt[i] = 0x63;
+ }
+ }
+
+ salt[i] = '\0';
+
+ apr_table_setn(ctx->req->subprocess_env, "UNIQUE_ID", apr_psprintf(ctx->req->pool, "%s", salt));
ctx->brigade = apr_brigade_create(ctx->req->pool, ctx->req->connection->bucket_alloc);
@@ -1289,7 +1372,7 @@
return ctx;
}
-static void
+ static void
ngx_http_modsecurity_cleanup(void *data)
{
ngx_http_modsecurity_ctx_t *ctx = data;
@@ -1299,7 +1382,7 @@
}
}
-static char *
+ static char *
ngx_http_modsecurity_config(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_http_modsecurity_loc_conf_t *mscf = conf;
@@ -1325,7 +1408,7 @@
msg = modsecProcessConfig(mscf->config, (const char *)value[1].data, NULL);
if (msg != NULL) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0, "ModSecurityConfig in %s:%ui: %s",
- cf->conf_file->file.name.data, cf->conf_file->line, msg);
+ cf->conf_file->file.name.data, cf->conf_file->line, msg);
return NGX_CONF_ERROR;
}
@@ -1333,7 +1416,7 @@
}
-static char *
+ static char *
ngx_http_modsecurity_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_http_modsecurity_loc_conf_t *mscf = conf;
@@ -1351,7 +1434,7 @@
}
-static int
+ static int
ngx_http_modsecurity_drop_action(request_rec *r)
{
ngx_http_modsecurity_ctx_t *ctx;
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/nginx/modsecurity/ngx_pool_context.c
^
|
@@ -196,7 +196,7 @@
{
ngx_pool_context_conf_t *pcf = conf;
- ngx_conf_init_uint_value(pcf->size, NGX_POOL_CTX_SIZE);
+ ngx_conf_init_uint_value(pcf->size, cycle->connection_n);
ngx_pool_context_hash_size = pcf->size;
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/standalone/Makefile.am
^
|
@@ -13,7 +13,7 @@
../apache2/msc_util.c ../apache2/msc_pcre.c ../apache2/persist_dbm.c ../apache2/msc_reqbody.c \
../apache2/msc_geo.c ../apache2/msc_gsb.c ../apache2/msc_unicode.c \
../apache2/acmp.c ../apache2/msc_lua.c ../apache2/msc_release.c \
- ../apache2/msc_crypt.c ../apache2/msc_tree.c \
+ ../apache2/msc_crypt.c ../apache2/msc_tree.c ../apache2/libinjection/sqlparse.c \
api.c buckets.c \
config.c filters.c \
hooks.c \
@@ -72,6 +72,10 @@
@PCRE_LDFLAGS@ @LIBXML2_LDFLAGS@ @LUA_LDFLAGS@
endif
+standalone_INCS = `echo "@LIBXML2_CFLAGS@ @LUA_CFLAGS@" | sed -n 's/ *-I *\([^ ]*\) /\1 /gp'` \
+ @APXS_INCLUDEDIR@ @APR_INCLUDEDIR@ @APU_INCLUDEDIR@
+standalone_LIBS = @APR_LINKLD@ @APU_LINKLD@ @APXS_LDFLAGS@ \
+ @PCRE_LDADD@ @LIBXML2_LDADD@ @LUA_LDADD@
install-exec-hook: $(pkglib_LTLIBRARIES)
@echo "Creating Nginx config file..."; \
rm -f ../nginx/modsecurity/config; \
@@ -79,9 +83,9 @@
echo "CORE_MODULES=\"\$$CORE_MODULES ngx_pool_context_module\"" >> ../nginx/modsecurity/config; \
echo "HTTP_AUX_FILTER_MODULES=\"ngx_http_modsecurity \$$HTTP_AUX_FILTER_MODULES\"" >> ../nginx/modsecurity/config; \
echo "NGX_ADDON_SRCS=\"\$$NGX_ADDON_SRCS \$$ngx_addon_dir/ngx_http_modsecurity.c \$$ngx_addon_dir/apr_bucket_nginx.c \$$ngx_addon_dir/ngx_pool_context.c\"" >> ../nginx/modsecurity/config;\
- echo "NGX_ADDON_DEPS=\"\$$NGX_ADDON_DEPS \$$ngx_addon_dir/apr_bucket_nginx.h \$$ngx_addon_dir/ngx_pool_context.h\"" >> ../nginx/modsecurity/config; \
- echo "CORE_LIBS=\"\$$CORE_LIBS \$$ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm @LUA_LDADD@\"" >> ../nginx/modsecurity/config; \
- echo "CORE_INCS=\"\$$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 /usr/include/httpd /usr/include/apr-1 \$$ngx_addon_dir \$$ngx_addon_dir/../../standalone \$$ngx_addon_dir/../../apache2 /usr/include/libxml2 `echo @LUA_CFLAGS@ | cut -d "I" -f3`\"" >> ../nginx/modsecurity/config; \
+ echo "NGX_ADDON_DEPS=\"\$$NGX_ADDON_DEPS \$$ngx_addon_dir/apr_bucket_nginx.h \$$ngx_addon_dir/ngx_pool_context.h \$$ngx_addon_dir/ngx_http_modsecurity.c \$$ngx_addon_dir/apr_bucket_nginx.c \$$ngx_addon_dir/ngx_pool_context.c\"" >> ../nginx/modsecurity/config; \
+ echo "CORE_LIBS=\"\$$CORE_LIBS \$$ngx_addon_dir/../../standalone/.libs/standalone.a $(standalone_LIBS) \"" >> ../nginx/modsecurity/config; \
+ echo "CORE_INCS=\"\$$CORE_INCS \$$ngx_addon_dir \$$ngx_addon_dir/../../standalone \$$ngx_addon_dir/../../apache2 $(standalone_INCS)\"" >> ../nginx/modsecurity/config; \
echo "Removing unused static libraries..."; \
for m in $(pkglib_LTLIBRARIES); do \
base=`echo $$m | sed 's/\..*//'`; \
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/standalone/Makefile.in
^
|
@@ -89,10 +89,11 @@
standalone_la-msc_gsb.lo standalone_la-msc_unicode.lo \
standalone_la-acmp.lo standalone_la-msc_lua.lo \
standalone_la-msc_release.lo standalone_la-msc_crypt.lo \
- standalone_la-msc_tree.lo standalone_la-api.lo \
- standalone_la-buckets.lo standalone_la-config.lo \
- standalone_la-filters.lo standalone_la-hooks.lo \
- standalone_la-regex.lo standalone_la-server.lo
+ standalone_la-msc_tree.lo standalone_la-sqlparse.lo \
+ standalone_la-api.lo standalone_la-buckets.lo \
+ standalone_la-config.lo standalone_la-filters.lo \
+ standalone_la-hooks.lo standalone_la-regex.lo \
+ standalone_la-server.lo
standalone_la_OBJECTS = $(am_standalone_la_OBJECTS)
standalone_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(standalone_la_CFLAGS) \
@@ -121,13 +122,17 @@
APR_CFLAGS = @APR_CFLAGS@
APR_CONFIG = @APR_CONFIG@
APR_CPPFLAGS = @APR_CPPFLAGS@
+APR_INCLUDEDIR = @APR_INCLUDEDIR@
APR_LDADD = @APR_LDADD@
APR_LDFLAGS = @APR_LDFLAGS@
+APR_LINKLD = @APR_LINKLD@
APR_VERSION = @APR_VERSION@
APU_CFLAGS = @APU_CFLAGS@
APU_CONFIG = @APU_CONFIG@
+APU_INCLUDEDIR = @APU_INCLUDEDIR@
APU_LDADD = @APU_LDADD@
APU_LDFLAGS = @APU_LDFLAGS@
+APU_LINKLD = @APU_LINKLD@
APU_VERSION = @APU_VERSION@
APXS = @APXS@
APXS_BINDIR = @APXS_BINDIR@
@@ -306,7 +311,7 @@
../apache2/msc_util.c ../apache2/msc_pcre.c ../apache2/persist_dbm.c ../apache2/msc_reqbody.c \
../apache2/msc_geo.c ../apache2/msc_gsb.c ../apache2/msc_unicode.c \
../apache2/acmp.c ../apache2/msc_lua.c ../apache2/msc_release.c \
- ../apache2/msc_crypt.c ../apache2/msc_tree.c \
+ ../apache2/msc_crypt.c ../apache2/msc_tree.c ../apache2/libinjection/sqlparse.c \
api.c buckets.c \
config.c filters.c \
hooks.c \
@@ -349,6 +354,12 @@
@SOLARIS_TRUE@ @APR_LDFLAGS@ @APU_LDFLAGS@ @APXS_LDFLAGS@ \
@SOLARIS_TRUE@ @PCRE_LDFLAGS@ @LIBXML2_LDFLAGS@ @LUA_LDFLAGS@
+standalone_INCS = `echo "@LIBXML2_CFLAGS@ @LUA_CFLAGS@" | sed -n 's/ *-I *\([^ ]*\) /\1 /gp'` \
+ @APXS_INCLUDEDIR@ @APR_INCLUDEDIR@ @APU_INCLUDEDIR@
+
+standalone_LIBS = @APR_LINKLD@ @APU_LINKLD@ @APXS_LDFLAGS@ \
+ @PCRE_LDADD@ @LIBXML2_LDADD@ @LUA_LDADD@
+
all: all-am
.SUFFIXES:
@@ -456,6 +467,7 @@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/standalone_la-re_variables.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/standalone_la-regex.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/standalone_la-server.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/standalone_la-sqlparse.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -660,6 +672,13 @@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(standalone_la_CPPFLAGS) $(CPPFLAGS) $(standalone_la_CFLAGS) $(CFLAGS) -c -o standalone_la-msc_tree.lo `test -f '../apache2/msc_tree.c' || echo '$(srcdir)/'`../apache2/msc_tree.c
+standalone_la-sqlparse.lo: ../apache2/libinjection/sqlparse.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(standalone_la_CPPFLAGS) $(CPPFLAGS) $(standalone_la_CFLAGS) $(CFLAGS) -MT standalone_la-sqlparse.lo -MD -MP -MF $(DEPDIR)/standalone_la-sqlparse.Tpo -c -o standalone_la-sqlparse.lo `test -f '../apache2/libinjection/sqlparse.c' || echo '$(srcdir)/'`../apache2/libinjection/sqlparse.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/standalone_la-sqlparse.Tpo $(DEPDIR)/standalone_la-sqlparse.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='../apache2/libinjection/sqlparse.c' object='standalone_la-sqlparse.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(standalone_la_CPPFLAGS) $(CPPFLAGS) $(standalone_la_CFLAGS) $(CFLAGS) -c -o standalone_la-sqlparse.lo `test -f '../apache2/libinjection/sqlparse.c' || echo '$(srcdir)/'`../apache2/libinjection/sqlparse.c
+
standalone_la-api.lo: api.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(standalone_la_CPPFLAGS) $(CPPFLAGS) $(standalone_la_CFLAGS) $(CFLAGS) -MT standalone_la-api.lo -MD -MP -MF $(DEPDIR)/standalone_la-api.Tpo -c -o standalone_la-api.lo `test -f 'api.c' || echo '$(srcdir)/'`api.c
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/standalone_la-api.Tpo $(DEPDIR)/standalone_la-api.Plo
@@ -918,7 +937,6 @@
pdf pdf-am ps ps-am tags uninstall uninstall-am \
uninstall-pkglibLTLIBRARIES
-
install-exec-hook: $(pkglib_LTLIBRARIES)
@echo "Creating Nginx config file..."; \
rm -f ../nginx/modsecurity/config; \
@@ -926,9 +944,9 @@
echo "CORE_MODULES=\"\$$CORE_MODULES ngx_pool_context_module\"" >> ../nginx/modsecurity/config; \
echo "HTTP_AUX_FILTER_MODULES=\"ngx_http_modsecurity \$$HTTP_AUX_FILTER_MODULES\"" >> ../nginx/modsecurity/config; \
echo "NGX_ADDON_SRCS=\"\$$NGX_ADDON_SRCS \$$ngx_addon_dir/ngx_http_modsecurity.c \$$ngx_addon_dir/apr_bucket_nginx.c \$$ngx_addon_dir/ngx_pool_context.c\"" >> ../nginx/modsecurity/config;\
- echo "NGX_ADDON_DEPS=\"\$$NGX_ADDON_DEPS \$$ngx_addon_dir/apr_bucket_nginx.h \$$ngx_addon_dir/ngx_pool_context.h\"" >> ../nginx/modsecurity/config; \
- echo "CORE_LIBS=\"\$$CORE_LIBS \$$ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm @LUA_LDADD@\"" >> ../nginx/modsecurity/config; \
- echo "CORE_INCS=\"\$$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 /usr/include/httpd /usr/include/apr-1 \$$ngx_addon_dir \$$ngx_addon_dir/../../standalone \$$ngx_addon_dir/../../apache2 /usr/include/libxml2 `echo @LUA_CFLAGS@ | cut -d "I" -f3`\"" >> ../nginx/modsecurity/config; \
+ echo "NGX_ADDON_DEPS=\"\$$NGX_ADDON_DEPS \$$ngx_addon_dir/apr_bucket_nginx.h \$$ngx_addon_dir/ngx_pool_context.h \$$ngx_addon_dir/ngx_http_modsecurity.c \$$ngx_addon_dir/apr_bucket_nginx.c \$$ngx_addon_dir/ngx_pool_context.c\"" >> ../nginx/modsecurity/config; \
+ echo "CORE_LIBS=\"\$$CORE_LIBS \$$ngx_addon_dir/../../standalone/.libs/standalone.a $(standalone_LIBS) \"" >> ../nginx/modsecurity/config; \
+ echo "CORE_INCS=\"\$$CORE_INCS \$$ngx_addon_dir \$$ngx_addon_dir/../../standalone \$$ngx_addon_dir/../../apache2 $(standalone_INCS)\"" >> ../nginx/modsecurity/config; \
echo "Removing unused static libraries..."; \
for m in $(pkglib_LTLIBRARIES); do \
base=`echo $$m | sed 's/\..*//'`; \
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/standalone/api.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -223,40 +223,10 @@
}
apr_status_t ap_http_out_filter(ap_filter_t *f, apr_bucket_brigade *b) {
- modsec_rec *msr = (modsec_rec *)f->ctx;
apr_status_t rc;
- apr_bucket_brigade *bb_out;
-
- bb_out = modsecGetResponseBrigade(f->r);
-
-
- if (bb_out) {
- APR_BRIGADE_CONCAT(bb_out, b);
- return APR_SUCCESS;
- }
-
- // is there a way to tell whether the response body was modified or not?
- //
- if((msr->txcfg->content_injection_enabled || msr->content_prepend_len != 0 || msr->content_append_len != 0)
- && msr->txcfg->resbody_access) {
-
- if (modsecWriteResponse != NULL) {
- char *data = NULL;
- apr_size_t length;
-
- rc = apr_brigade_pflatten(msr->of_brigade, &data, &length, msr->mp);
-
- if (rc != APR_SUCCESS) {
- msr_log(msr, 1, "Output filter: Failed to flatten brigade (%d): %s", rc,
- get_apr_error(msr->mp, rc));
- return -1;
- }
-
- /* TODO: return ?*/
- modsecWriteResponse(msr->r, data, msr->stream_output_length);
- }
- }
+ apr_bucket_brigade *bb_out = (apr_bucket_brigade *)f->ctx;
+ APR_BRIGADE_CONCAT(bb_out, b);
return APR_SUCCESS;
}
@@ -551,74 +521,117 @@
}
int modsecProcessResponse(request_rec *r) {
- int status = DECLINED;
+ int status;
+ modsec_rec *msr;
+ apr_bucket *e;
+ ap_filter_t *f;
+ apr_bucket_brigade *bb_in, *bb_out, *bb;
- if(r->output_filters != NULL) {
- modsec_rec *msr = (modsec_rec *)r->output_filters->ctx;
- char buf[8192];
- char *tmp = NULL;
- apr_bucket *e = NULL;
+ if(r->output_filters == NULL) {
+ return DECLINED;
+ }
+
+ msr = (modsec_rec *)r->output_filters->ctx;
+ if (msr == NULL) {
+ ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, 0, r->server,
+ "ModSecurity: Internal Error: msr is null in output filter.");
+ ap_remove_output_filter(r->output_filters);
+ return APR_EGENERAL;
+ }
+
+ msr->r = r;
+
+ /* create input response brigade */
+ bb_in = apr_brigade_create(msr->mp, r->connection->bucket_alloc);
+
+ if (bb_in == NULL) {
+ msr_log(msr, 1, "Process response: Failed to create brigade.");
+ return APR_EGENERAL;
+ }
+
+ /* get input response brigade */
+ bb = modsecGetResponseBrigade(r);
+ if (bb != NULL) {
+ APR_BRIGADE_CONCAT(bb_in, bb);
+ if (!APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(bb_in))) {
+ e = apr_bucket_eos_create(bb_in->bucket_alloc);
+ APR_BRIGADE_INSERT_TAIL(bb_in, e);
+ }
+ } else if (modsecReadResponse != NULL) {
unsigned int readcnt = 0;
int is_eos = 0;
- ap_filter_t *f = NULL;
- apr_bucket_brigade *bb_in, *bb = NULL;
+ char buf[8192];
+ while(!is_eos) {
+ modsecReadResponse(r, buf, 8192, &readcnt, &is_eos);
- if (msr == NULL) {
- ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, 0, r->server,
- "ModSecurity: Internal Error: msr is null in output filter.");
- ap_remove_output_filter(r->output_filters);
- return send_error_bucket(msr, r->output_filters, HTTP_INTERNAL_SERVER_ERROR);
+ if(readcnt > 0) {
+ char *tmp = (char *)apr_palloc(r->pool, readcnt);
+ memcpy(tmp, buf, readcnt);
+ e = apr_bucket_pool_create(tmp, readcnt, r->pool, r->connection->bucket_alloc);
+ APR_BRIGADE_INSERT_TAIL(bb_in, e);
+ }
}
- bb = apr_brigade_create(msr->mp, r->connection->bucket_alloc);
+ e = apr_bucket_eos_create(r->connection->bucket_alloc);
+ APR_BRIGADE_INSERT_TAIL(bb_in, e);
+ } else {
+ /* cannot read response body process header only */
- if (bb == NULL) {
- msr_log(msr, 1, "Process response: Failed to create brigade.");
- return APR_EGENERAL;
- }
+ e = apr_bucket_eos_create(r->connection->bucket_alloc);
+ APR_BRIGADE_INSERT_TAIL(bb_in, e);
+ }
- msr->r = r;
-
- bb_in = modsecGetResponseBrigade(r);
+ bb_out = bb ? bb : apr_brigade_create(msr->mp, r->connection->bucket_alloc);
- if (bb_in != NULL) {
- APR_BRIGADE_CONCAT(bb, bb_in);
- if (!APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(bb))) {
- e = apr_bucket_eos_create(bb->bucket_alloc);
- APR_BRIGADE_INSERT_TAIL(bb, e);
- }
- } else if (modsecReadResponse != NULL) {
- while(!is_eos) {
- modsecReadResponse(r, buf, 8192, &readcnt, &is_eos);
-
- if(readcnt > 0) {
- tmp = (char *)apr_palloc(r->pool, readcnt);
- memcpy(tmp, buf, readcnt);
- e = apr_bucket_pool_create(tmp, readcnt, r->pool, r->connection->bucket_alloc);
- APR_BRIGADE_INSERT_TAIL(bb, e);
- }
+ if (bb_out == NULL) {
+ msr_log(msr, 1, "Process response: Failed to create brigade.");
+ return APR_EGENERAL;
+ }
+
+ /* concat output bucket to bb_out */
+ f = ap_add_output_filter("HTTP_OUT", bb_out, r, r->connection);
+ status = ap_pass_brigade(r->output_filters, bb_in);
+ ap_remove_output_filter(f);
+
+ if (status == APR_EGENERAL) {
+ /* retrive response status from bb_out */
+ for(e = APR_BRIGADE_FIRST(bb_out);
+ e != APR_BRIGADE_SENTINEL(bb_out);
+ e = APR_BUCKET_NEXT(e)) {
+ if (AP_BUCKET_IS_ERROR(e)) {
+ return ((ap_bucket_error*) e->data)->status;
}
+ }
+ return APR_EGENERAL;
+ }
- e = apr_bucket_eos_create(r->connection->bucket_alloc);
- APR_BRIGADE_INSERT_TAIL(bb, e);
- } else {
- /* cannot read response body process header only */
+ if (status != DECLINED) {
+ return status;
+ }
- e = apr_bucket_eos_create(r->connection->bucket_alloc);
- APR_BRIGADE_INSERT_TAIL(bb, e);
+ /* copy bb_out */
+ // is there a way to tell whether the response body was modified or not?
+ if (modsecWriteResponse != NULL
+ && (msr->txcfg->content_injection_enabled || msr->content_prepend_len != 0 || msr->content_append_len != 0)
+ && msr->txcfg->resbody_access) {
+
+ char *data = NULL;
+ apr_size_t length;
+
+ status = apr_brigade_pflatten(msr->of_brigade, &data, &length, msr->mp);
+
+ if (status != APR_SUCCESS) {
+ msr_log(msr, 1, "Output filter: Failed to flatten brigade (%d): %s", status,
+ get_apr_error(msr->mp, status));
+ return APR_EGENERAL;
}
-
- f = ap_add_output_filter("HTTP_OUT", msr, r, r->connection);
- status = ap_pass_brigade(r->output_filters, bb);
- ap_remove_output_filter(f);
- if(status > 0
- && msr->intercept_actionset->intercept_status != 0) {
- status = msr->intercept_actionset->intercept_status;
+
+ if ( modsecWriteResponse(msr->r, data, msr->stream_output_length) != APR_SUCCESS) {
+ return APR_EGENERAL;
}
- return status;
}
-
- return status;
+
+ return DECLINED;
}
int modsecFinishRequest(request_rec *r) {
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/standalone/api.h
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/standalone/buckets.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/standalone/config.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/standalone/filters.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/standalone/hooks.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/standalone/main.cpp
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/standalone/regex.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/standalone/server.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/tests/Makefile.am
^
|
@@ -21,7 +21,8 @@
$(top_srcdir)/apache2/msc_gsb.c \
$(top_srcdir)/apache2/acmp.c \
$(top_srcdir)/apache2/msc_lua.c \
- $(top_srcdir)/apache2/msc_release.c
+ $(top_srcdir)/apache2/msc_release.c \
+ $(top_srcdir)/apache2/libinjection/sqlparse.c
msc_test_CFLAGS = @APXS_CFLAGS@ @APR_CFLAGS@ @APU_CFLAGS@ \
@PCRE_CFLAGS@ @LIBXML2_CFLAGS@ @MODSEC_EXTRA_CFLAGS@ @LUA_CFLAGS@
msc_test_CPPFLAGS = -I$(top_srcdir)/apache2 \
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/tests/Makefile.in
^
|
@@ -68,7 +68,8 @@
msc_test-msc_reqbody.$(OBJEXT) msc_test-msc_crypt.$(OBJEXT) \
msc_test-msc_tree.$(OBJEXT) msc_test-msc_geo.$(OBJEXT) \
msc_test-msc_gsb.$(OBJEXT) msc_test-acmp.$(OBJEXT) \
- msc_test-msc_lua.$(OBJEXT) msc_test-msc_release.$(OBJEXT)
+ msc_test-msc_lua.$(OBJEXT) msc_test-msc_release.$(OBJEXT) \
+ msc_test-sqlparse.$(OBJEXT)
msc_test_OBJECTS = $(am_msc_test_OBJECTS)
msc_test_DEPENDENCIES =
msc_test_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
@@ -99,13 +100,17 @@
APR_CFLAGS = @APR_CFLAGS@
APR_CONFIG = @APR_CONFIG@
APR_CPPFLAGS = @APR_CPPFLAGS@
+APR_INCLUDEDIR = @APR_INCLUDEDIR@
APR_LDADD = @APR_LDADD@
APR_LDFLAGS = @APR_LDFLAGS@
+APR_LINKLD = @APR_LINKLD@
APR_VERSION = @APR_VERSION@
APU_CFLAGS = @APU_CFLAGS@
APU_CONFIG = @APU_CONFIG@
+APU_INCLUDEDIR = @APU_INCLUDEDIR@
APU_LDADD = @APU_LDADD@
APU_LDFLAGS = @APU_LDFLAGS@
+APU_LINKLD = @APU_LINKLD@
APU_VERSION = @APU_VERSION@
APXS = @APXS@
APXS_BINDIR = @APXS_BINDIR@
@@ -293,7 +298,8 @@
$(top_srcdir)/apache2/msc_gsb.c \
$(top_srcdir)/apache2/acmp.c \
$(top_srcdir)/apache2/msc_lua.c \
- $(top_srcdir)/apache2/msc_release.c
+ $(top_srcdir)/apache2/msc_release.c \
+ $(top_srcdir)/apache2/libinjection/sqlparse.c
msc_test_CFLAGS = @APXS_CFLAGS@ @APR_CFLAGS@ @APU_CFLAGS@ \
@PCRE_CFLAGS@ @LIBXML2_CFLAGS@ @MODSEC_EXTRA_CFLAGS@ @LUA_CFLAGS@
@@ -394,6 +400,7 @@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/msc_test-re_operators.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/msc_test-re_tfns.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/msc_test-re_variables.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/msc_test-sqlparse.Po@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -738,6 +745,20 @@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(msc_test_CPPFLAGS) $(CPPFLAGS) $(msc_test_CFLAGS) $(CFLAGS) -c -o msc_test-msc_release.obj `if test -f '$(top_srcdir)/apache2/msc_release.c'; then $(CYGPATH_W) '$(top_srcdir)/apache2/msc_release.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/apache2/msc_release.c'; fi`
+msc_test-sqlparse.o: $(top_srcdir)/apache2/libinjection/sqlparse.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(msc_test_CPPFLAGS) $(CPPFLAGS) $(msc_test_CFLAGS) $(CFLAGS) -MT msc_test-sqlparse.o -MD -MP -MF $(DEPDIR)/msc_test-sqlparse.Tpo -c -o msc_test-sqlparse.o `test -f '$(top_srcdir)/apache2/libinjection/sqlparse.c' || echo '$(srcdir)/'`$(top_srcdir)/apache2/libinjection/sqlparse.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/msc_test-sqlparse.Tpo $(DEPDIR)/msc_test-sqlparse.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$(top_srcdir)/apache2/libinjection/sqlparse.c' object='msc_test-sqlparse.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(msc_test_CPPFLAGS) $(CPPFLAGS) $(msc_test_CFLAGS) $(CFLAGS) -c -o msc_test-sqlparse.o `test -f '$(top_srcdir)/apache2/libinjection/sqlparse.c' || echo '$(srcdir)/'`$(top_srcdir)/apache2/libinjection/sqlparse.c
+
+msc_test-sqlparse.obj: $(top_srcdir)/apache2/libinjection/sqlparse.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(msc_test_CPPFLAGS) $(CPPFLAGS) $(msc_test_CFLAGS) $(CFLAGS) -MT msc_test-sqlparse.obj -MD -MP -MF $(DEPDIR)/msc_test-sqlparse.Tpo -c -o msc_test-sqlparse.obj `if test -f '$(top_srcdir)/apache2/libinjection/sqlparse.c'; then $(CYGPATH_W) '$(top_srcdir)/apache2/libinjection/sqlparse.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/apache2/libinjection/sqlparse.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/msc_test-sqlparse.Tpo $(DEPDIR)/msc_test-sqlparse.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$(top_srcdir)/apache2/libinjection/sqlparse.c' object='msc_test-sqlparse.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(msc_test_CPPFLAGS) $(CPPFLAGS) $(msc_test_CFLAGS) $(CFLAGS) -c -o msc_test-sqlparse.obj `if test -f '$(top_srcdir)/apache2/libinjection/sqlparse.c'; then $(CYGPATH_W) '$(top_srcdir)/apache2/libinjection/sqlparse.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/apache2/libinjection/sqlparse.c'; fi`
+
mostlyclean-libtool:
-rm -f *.lo
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/tests/msc_test.c
^
|
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
-* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
|
[-]
[+]
|
Added |
modsecurity-apache_2.7.4.tar.bz2/tests/op/detectSQLi.t
^
|
@@ -0,0 +1,18 @@
+{
+ type => "op",
+ name => "detectSQLi",
+ input => "",
+ ret => 0
+},
+{
+ type => "op",
+ name => "detectSQLi",
+ input => "this is not isqli",
+ ret => 0
+},
+{
+ type => "op",
+ name => "detectSQLi",
+ input => "ascii(substring(version() from 1 for 1))",
+ ret => 1
+}
|
[-]
[+]
|
Added |
modsecurity-apache_2.7.4.tar.bz2/tests/regression/nginx
^
|
+(directory)
|
[-]
[+]
|
Added |
modsecurity-apache_2.7.4.tar.bz2/tests/regression/nginx/conf
^
|
+(directory)
|
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/tests/regression/nginx/conf/empty.conf
^
|
[-]
[+]
|
Added |
modsecurity-apache_2.7.4.tar.bz2/tests/regression/nginx/conf/nginx.conf.template
^
|
@@ -0,0 +1,22 @@
+
+user root;
+worker_processes 1;
+daemon on;
+error_log logs/error.log debug;
+events {
+ worker_connections 1024;
+}
+
+http {
+ ModSecurityEnabled [% enable %];
+ ModSecurityConfig [% config %];
+ server {
+
+ listen [% listen %];
+ server_name localhost;
+ location / {
+ }
+ }
+}
+
+
|
[-]
[+]
|
Added |
modsecurity-apache_2.7.4.tar.bz2/tests/run-regression-tests-nginx.pl
^
|
@@ -0,0 +1,736 @@
+#!/usr/bin/perl
+#
+# Run regression tests.
+#
+# Syntax: run-regression-tests.pl [options] [file [N]]
+#
+# All: run-regression-tests.pl
+# All in file: run-regression-tests.pl file
+# Nth in file: run-regression-tests.pl file N
+#
+use strict;
+use Time::HiRes qw(gettimeofday sleep);
+use POSIX qw(WIFEXITED WEXITSTATUS WIFSIGNALED WTERMSIG);
+use File::Spec qw(rel2abs);
+use File::Basename qw(basename dirname);
+use File::Path qw(make_path);
+use FileHandle;
+use IPC::Open2 qw(open2);
+use IPC::Open3 qw(open3);
+use Getopt::Std;
+use Data::Dumper;
+use IO::Socket;
+use LWP::UserAgent;
+use Cwd 'abs_path';
+use Template;
+use File::Copy::Recursive qw(dircopy);
+
+my @TYPES = qw(action config misc rule target);
+my $SCRIPT = basename($0);
+my $SCRIPT_DIR = File::Spec->rel2abs(dirname($0));
+my $REG_DIR = "$SCRIPT_DIR/regression";
+my $NGINX_DIR = "$REG_DIR/nginx";
+my $NGINX_CONF_TEMP = "$REG_DIR/nginx/conf/nginx.conf.template";
+my $NGINX = q(/usr/local/nginx/sbin/nginx);
+
+my $PASSED = 0;
+my $TOTAL = 0;
+my $BUFSIZ = 32768;
+my %C = ();
+my %FILE = ();
+my $UA_NAME = "ModSecurity Regression Tests/1.2.3";
+my $UA = LWP::UserAgent->new;
+$UA->agent($UA_NAME);
+
+$SIG{TERM} = $SIG{INT} = \&handle_interrupt;
+
+my %opt;
+getopts('A:E:D:C:T:H:a:p:dvh', \%opt);
+
+if ($opt{d}) {
+ $Data::Dumper::Indent = 1;
+ $Data::Dumper::Terse = 1;
+ $Data::Dumper::Pad = "";
+ $Data::Dumper::Quotekeys = 0;
+}
+
+sub usage {
+ print stderr <<"EOT";
+@_
+ Usage: $SCRIPT [options] [file [N]]
+
+ Options:
+ -P path Specify nginx prefix path (default: $NGINX_DIR)
+ -a file Specify nginx binary (default: $NGINX)
+ -p port Specify nginx port (default: 8088)
+ -v Enable verbose output (details on failure).
+ -d Enable debugging output.
+ -h This help.
+EOT
+
+ exit(1);
+}
+
+usage() if ($opt{h});
+
+### Check nginx binary
+if (defined $opt{a}) {
+ $NGINX = $opt{a};
+}
+else {
+ $opt{a} = $NGINX;
+}
+usage("Invalid Apache startup script: $NGINX\n") unless (-e $NGINX);
+
+
+### Defaults
+$opt{P} = "$NGINX_DIR" unless (defined $opt{P});
+
+my $CONF_DIR = "$opt{P}/conf";
+my $FILES_DIR = "$opt{P}/logs";
+my $PID_FILE = "$FILES_DIR/nginx.pid";
+
+$opt{A} = "$FILES_DIR/modsec_audit.log";
+$opt{D} = "$FILES_DIR/modsec_debug.log";
+$opt{E} = "$FILES_DIR/error.log";
+$opt{C} = "$CONF_DIR/nginx.conf";
+$opt{p} = 8088 unless (defined $opt{p});
+$opt{v} = 1 if ($opt{d});
+
+if ( !-d "$opt{P}" ) {
+ make_path($opt{P}) or die $!;
+}
+
+if ( !-d "$opt{P}/logs" ) {
+ make_path("$opt{P}/logs") or die $!;
+}
+
+if ( !-d "$opt{P}/html" ) {
+ make_path("$opt{P}/html") or die $!;
+}
+
+dircopy("$REG_DIR/server_root/htdocs","$opt{P}/html") or die $!;
+
+%ENV = (
+ %ENV,
+ $NGINX_DIR => $opt{P},
+ SERVER_PORT => $opt{p},
+ SERVER_NAME => "localhost",
+# TEST_NGX_PREFIX => $NGINX_DIR,
+# DATA_DIR => $DATA_DIR,
+# TEMP_DIR => $TEMP_DIR,
+# UPLOAD_DIR => $UPLOAD_DIR,
+ CONF_DIR => $CONF_DIR,
+# MODULES_DIR => $MODULES_DIR,
+ LOGS_DIR => $FILES_DIR,
+ SCRIPT_DIR => $SCRIPT_DIR,
+ REGRESSION_DIR => $REG_DIR,
+ DIST_ROOT => File::Spec->rel2abs(dirname("$SCRIPT_DIR/../../..")),
+ AUDIT_LOG => $opt{A},
+ DEBUG_LOG => $opt{D},
+ ERROR_LOG => $opt{E},
+ NGINX_CONF => $opt{C},
+# HTDOCS => $opt{H},
+ USER_AGENT => $UA_NAME,
+ );
+
+#dbg("OPTIONS: ", \%opt);
+
+if (-e "$PID_FILE") {
+ msg("Shutting down previous instance: $PID_FILE");
+ nginx_stop();
+}
+
+if (defined $ARGV[0]) {
+ runfile(dirname($ARGV[0]), basename($ARGV[0]), $ARGV[1]);
+ done();
+}
+
+for my $type (@TYPES) {
+ my $dir = "$SCRIPT_DIR/regression/$type";
+ my @cfg = ();
+
+# Get test names
+ opendir(DIR, "$dir") or quit(1, "Failed to open \"$dir\": $!");
+ @cfg = grep { /\.t$/ && -f "$dir/$_" } readdir(DIR);
+ closedir(DIR);
+
+ for my $cfg (sort @cfg) {
+ runfile($dir, $cfg);
+ }
+}
+done();
+
+
+sub runfile {
+ my($dir, $cfg, $testnum) = @_;
+ my $fn = "$dir/$cfg";
+ my @data = ();
+ my $edata;
+ my @C = ();
+ my @test = ();
+ my $teststr;
+ my $n = 0;
+ my $pass = 0;
+
+ open(CFG, "<$fn") or quit(1, "Failed to open \"$fn\": $!");
+ @data = <CFG>;
+
+ $edata = q/@C = (/ . join("", @data) . q/)/;
+ eval $edata;
+ quit(1, "Failed to read test data \"$cfg\": $@") if ($@);
+
+ unless (@C) {
+ msg("\nNo tests defined for $fn");
+ return;
+ }
+
+ msg("\nLoaded ".@C." tests from $fn");
+ for my $t (@C) {
+ $n++;
+ next if (defined $testnum and $n != $testnum);
+
+ my $nginx_up = 0;
+ my %t = %{$t || {}};
+ my $id = sprintf("%3d", $n);
+ my $out = "";
+ my $rc = 0;
+ my $conf_fn;
+
+# Startup nginx with optionally included conf.
+ if (exists $t{conf} and defined $t{conf}) {
+ $conf_fn = sprintf "%s/%s_%s_%06d.conf",
+ $CONF_DIR, $t{type}, $cfg, $n;
+#dbg("Writing test config to: $conf_fn");
+ open(CONF, ">$conf_fn") or die "Failed to open conf \"$conf_fn\": $!\n";
+ print CONF (ref $t{conf} eq "CODE" ? eval { &{$t{conf}} } : $t{conf});
+ msg("$@") if ($@);
+ close CONF;
+ my %conf=(config => $conf_fn, enable => "on");
+ $nginx_up = nginx_start($t, \%conf) ? 0 : 1;
+ }
+ else {
+ $nginx_up = nginx_start($t) ? 0 : 1;
+ }
+
+# Run any prerun setup
+ if ($rc == 0 and exists $t{prerun} and defined $t{prerun}) {
+ vrb("Executing perl prerun...");
+ $rc = &{$t{prerun}};
+ vrb("Perl prerun returned: $rc");
+ }
+
+ if ($nginx_up) {
+# Perform the request and check response
+ if (exists $t{request}) {
+ my $resp = do_request($t{request});
+ if (!$resp) {
+ msg("invalid response");
+ vrb("RESPONSE: ", $resp);
+ $rc = 1;
+ }
+ else {
+ for my $key (keys %{ $t{match_response} || {}}) {
+ my($neg,$mtype) = ($key =~ m/^(-?)(.*)$/);
+ my $m = $t{match_response}{$key};
+ my $match = match_response($mtype, $resp, $m);
+ if ($neg and defined $match) {
+ $rc = 1;
+ msg("response $mtype matched: $m");
+ vrb($resp);
+ last;
+ }
+ elsif (!$neg and !defined $match) {
+ $rc = 1;
+ msg("response $mtype failed to match: $m");
+ vrb($resp);
+ last;
+ }
+ }
+ }
+ }
+
+# Run any arbitrary perl tests
+ if ($rc == 0 and exists $t{test} and defined $t{test}) {
+ dbg("Executing perl test(s)...");
+ $rc = eval { &{$t{test}} };
+ if (! defined $rc) {
+ msg("Error running test: $@");
+ $rc = -1;
+ }
+ dbg("Perl tests returned: $rc");
+ }
+
+# Search for all log matches
+ if ($rc == 0 and exists $t{match_log} and defined $t{match_log}) {
+ for my $key (keys %{ $t{match_log} || {}}) {
+ my($neg,$mtype) = ($key =~ m/^(-?)(.*)$/);
+ my $m = $t{match_log}{$key};
+ my $match = match_log($mtype, @{$m || []});
+ if ($neg and defined $match) {
+ $rc = 1;
+ msg("$mtype log matched: $m->[0]");
+ last;
+ }
+ elsif (!$neg and !defined $match) {
+ $rc = 1;
+ msg("$mtype log failed to match: $m->[0]");
+ last;
+ }
+ }
+ }
+
+# Search for all file matches
+ if ($rc == 0 and exists $t{match_file} and defined $t{match_file}) {
+ sleep 1; # Make sure the file exists
+ for my $key (keys %{ $t{match_file} || {}}) {
+ my($neg,$fn) = ($key =~ m/^(-?)(.*)$/);
+ my $m = $t{match_file}{$key};
+ my $match = match_file($fn, $m);
+ if ($neg and defined $match) {
+ $rc = 1;
+ msg("$fn file matched: $m");
+ last;
+ }
+ elsif (!$neg and !defined $match) {
+ $rc = 1;
+ msg("$fn file failed match: $m");
+ last;
+ }
+ }
+ }
+ }
+ else {
+ msg("Failed to start nginx.");
+ $rc = 1;
+ }
+
+ if ($rc == 0) {
+ $pass++;
+ }
+ else {
+ vrb("Test Config: $conf_fn");
+ vrb("Debug Log: $FILE{debug}{fn}");
+ dbg(escape("$FILE{debug}{buf}"));
+ vrb("Error Log: $FILE{error}{fn}");
+ dbg(escape("$FILE{error}{buf}"));
+ }
+
+ msg(sprintf("%s) %s%s: %s%s", $id, $t{type}, (exists($t{comment}) ? " - $t{comment}" : ""), ($rc ? "failed" : "passed"), ((defined($out) && $out ne "")? " ($out)" : "")));
+
+ if ($nginx_up) {
+ $nginx_up = nginx_stop(\%t) ? 0 : 1;
+ }
+
+ }
+
+ $TOTAL += $testnum ? 1 : $n;
+ $PASSED += $pass;
+
+ msg(sprintf("Passed: %2d; Failed: %2d", $pass, $testnum ? (1 - $pass) : ($n - $pass)));
+}
+
+# Take out any indenting and translate LF -> CRLF
+sub normalize_raw_request_data {
+ my $r = $_[0];
+
+# Allow for indenting in test file
+ $r =~ s/^[ \t]*\x0d?\x0a//s;
+ my($indention) = ($r =~ m/^([ \t]*)/s); # indention taken from first line
+ $r =~ s/^$indention//mg;
+ $r =~ s/(\x0d?\x0a)[ \t]+$/$1/s;
+
+# Translate LF to CRLF
+ $r =~ s/^\x0a/\x0d\x0a/mg;
+ $r =~ s/([^\x0d])\x0a/$1\x0d\x0a/mg;
+
+ return $r;
+}
+
+sub do_raw_request {
+ my $sock = new IO::Socket::INET(
+ Proto => "tcp",
+ PeerAddr => "localhost",
+ PeerPort => $opt{p},
+ ) or msg("Failed to connect to localhost:$opt{p}: $@");
+ return unless ($sock);
+
+# Join togeather the request
+ my $r = join("", @_);
+ dbg($r);
+
+# Write to socket
+ print $sock "$r";
+ $sock->shutdown(1);
+
+# Read from socket
+ my @resp = <$sock>;
+ $sock->close();
+
+ return HTTP::Response->parse(join("", @resp));
+}
+
+sub do_request {
+ my $r = $_[0];
+
+# Allow test to execute code
+ if (ref $r eq "CODE") {
+ $r = eval { &$r };
+ msg("$@") unless (defined $r);
+ }
+
+ if (ref $r eq "HTTP::Request") {
+ my $resp = $UA->request($r);
+ dbg($resp->request()->as_string()) if ($opt{d});
+ return $resp
+ }
+ else {
+ return do_raw_request($r);
+ }
+
+ return;
+}
+
+
+sub match_response {
+ my($name, $resp, $re) = @_;
+
+ msg("Warning: Empty regular expression.") if (!defined $re or $re eq "");
+
+ if ($name eq "status") {
+ return $& if ($resp->code =~ m/$re/);
+ }
+ elsif ($name eq "content") {
+ return $& if ($resp->content =~ m/$re/m);
+ }
+ elsif ($name eq "raw") {
+ return $& if ($resp->as_string =~ m/$re/m);
+ }
+
+ return;
+}
+
+sub read_log {
+ my($name, $timeout, $graph) = @_;
+ return match_log($name, undef, $timeout, $graph);
+}
+
+sub match_log {
+ my($name, $re, $timeout, $graph) = @_;
+ my $t0 = gettimeofday;
+ my($fh,$rbuf) = ($FILE{$name}{fd}, \$FILE{$name}{buf});
+ my $n = length($$rbuf);
+ my $rc = undef;
+
+ unless (defined $fh) {
+ msg("Error: File \"$name\" is not opened for matching.");
+ return;
+ }
+
+ $timeout = 0 unless (defined $timeout);
+
+ my $i = 0;
+ my $graphed = 0;
+READ: {
+ do {
+ my $nbytes = $fh->sysread($$rbuf, $BUFSIZ, $n);
+ if (!defined($nbytes)) {
+ msg("Error: Could not read \"$name\" log: $!");
+ last;
+ }
+ elsif (!defined($re) and $nbytes == 0) {
+ last;
+ }
+
+# Remove APR pool debugging
+ $$rbuf =~ s/POOL DEBUG:[^\n]+PALLOC[^\n]+\n//sg;
+
+ $n = length($$rbuf);
+
+#dbg("Match \"$re\" in $name \"$$rbuf\" ($n)");
+ if ($$rbuf =~ m/$re/m) {
+ $rc = $&;
+ last;
+ }
+# TODO: Use select()/poll()
+ sleep 0.1 unless ($nbytes == $BUFSIZ);
+ if ($graph and $opt{d}) {
+ $i++;
+ if ($i == 10) {
+ $graphed++;
+ $i=0;
+ print STDERR $graph if ($graphed == 1);
+ print STDERR "."
+ }
+ }
+ } while (gettimeofday - $t0 < $timeout);
+ }
+ print STDERR "\n" if ($graphed);
+
+ return $rc;
+}
+
+sub match_file {
+ my($neg,$fn) = ($_[0] =~ m/^(-?)(.*)$/);
+ unless (exists $FILE{$fn}) {
+ eval {
+ $FILE{$fn}{fn} = $fn;
+ $FILE{$fn}{fd} = new FileHandle($fn, O_RDONLY) or die "$!\n";
+ $FILE{$fn}{fd}->blocking(0);
+ $FILE{$fn}{buf} = "";
+ };
+ if ($@) {
+ msg("Warning: Failed to open file \"$fn\": $@");
+ return;
+ }
+ }
+ return match_log($_[0], $_[1]); # timeout makes no sense
+}
+
+sub quote_shell {
+ my($s) = @_;
+ return $s unless ($s =~ m|[^\w!%+,\-./:@^]|);
+ $s =~ s/(['\\])/\\$1/g;
+ return "'$s'";
+}
+
+sub escape {
+ my @new = ();
+ for my $c (split(//, $_[0])) {
+ my $oc = ord($c);
+ push @new, ((($oc >= 0x20 and $oc <= 0x7e) or $oc == 0x0a or $oc == 0x0d) ? $c : sprintf("\\x%02x", ord($c)));
+}
+join('', @new);
+}
+
+sub dbg {
+ return unless(@_ and $opt{d});
+ my $out = join "", map {
+ (ref $_ ne "" ? Dumper($_) : $_)
+ } @_;
+ $out =~ s/^/DBG: /mg;
+ print STDOUT "$out\n";
+}
+
+sub vrb {
+ return unless(@_ and $opt{v});
+ msg(@_);
+}
+
+sub msg {
+ return unless(@_);
+ my $out = join "", map {
+ (ref $_ ne "" ? Dumper($_) : $_)
+ } @_;
+ print STDOUT "$out\n";
+}
+
+sub handle_interrupt {
+ $SIG{TERM} = $SIG{INT} = \&handle_interrupt;
+
+ msg("Interrupted via SIG$_[0]. Shutting down tests...");
+ nginx_stop();
+
+ quit(1);
+}
+
+sub quit {
+ my($ec,$msg) = @_;
+ $ec = 0 unless (defined $_[0]);
+
+ msg("$msg") if (defined $msg);
+
+ exit $ec;
+}
+
+sub done {
+ if ($PASSED != $TOTAL) {
+ quit(1, "\n$PASSED/$TOTAL tests passed.");
+ }
+
+ quit(0, "\nAll tests passed ($TOTAL).");
+}
+
+sub nginx_stop {
+ my $t = shift;
+ my @p = (
+ $NGINX,
+ -p => $opt{P},
+ -s => "quit",
+ );
+
+ my $nginx_out;
+ my $nginx_pid = open3(undef, $nginx_out, undef, @p) or quit(1);
+ my $out = join("\\n", grep(!/POOL DEBUG/, (<$nginx_out>)));
+ close $nginx_out;
+ waitpid($nginx_pid, 0);
+
+ my $rc = $?;
+ if ( WIFEXITED($rc) ) {
+ $rc = WEXITSTATUS($rc);
+ vrb("Nginx stop returned with $rc.") if ($rc);
+ }
+ elsif( WIFSIGNALED($rc) ) {
+ msg("Nginx stop failed with signal " . WTERMSIG($rc) . ".");
+ $rc = -1;
+ }
+ else {
+ msg("Nginx stop failed with unknown error.");
+ $rc = -1;
+ }
+
+ sleep 0.5;
+ if (-e $PID_FILE) {
+ msg("Nginx stop failed: $PID_FILE still exists");
+ }
+
+ return $rc;
+}
+
+
+sub nginx_reset_fd {
+ my($t) = @_;
+
+# Cleanup
+ for my $key (keys %FILE) {
+ if (exists $FILE{$key}{fd} and defined $FILE{$key}{fd}) {
+ $FILE{$key}{fd}->close();
+ }
+ delete $FILE{$key};
+ }
+
+# Error
+ eval {
+ $FILE{error}{fn} = $opt{E};
+ $FILE{error}{fd} = new FileHandle($opt{E}, O_RDWR|O_CREAT) or die "$!\n";
+ $FILE{error}{fd}->blocking(0);
+ $FILE{error}{fd}->sysseek(0, 2);
+ $FILE{error}{buf} = "";
+ };
+ if ($@) {
+ msg("Warning: Failed to open file \"$opt{E}\": $@");
+ return undef;
+ }
+
+# Audit
+ eval {
+ $FILE{audit}{fn} = $opt{A};
+ $FILE{audit}{fd} = new FileHandle($opt{A}, O_RDWR|O_CREAT) or die "$!\n";
+ $FILE{audit}{fd}->blocking(0);
+ $FILE{audit}{fd}->sysseek(0, 2);
+ $FILE{audit}{buf} = "";
+ };
+ if ($@) {
+ msg("Warning: Failed to open file \"$opt{A}\": $@");
+ return undef;
+ }
+
+# Debug
+ eval {
+ $FILE{debug}{fn} = $opt{D};
+ $FILE{debug}{fd} = new FileHandle($opt{D}, O_RDWR|O_CREAT) or die "$!\n";
+ $FILE{debug}{fd}->blocking(0);
+ $FILE{debug}{fd}->sysseek(0, 2);
+ $FILE{debug}{buf} = "";
+ };
+ if ($@) {
+ msg("Warning: Failed to open file \"$opt{D}\": $@");
+ return undef;
+ }
+
+# Any extras listed in "match_log"
+ if ($t and exists $t->{match_log}) {
+ for my $k (keys %{ $t->{match_log} || {} }) {
+ my($neg,$fn) = ($k =~ m/^(-?)(.*)$/);
+ next if (!$fn or exists $FILE{$fn});
+ eval {
+ $FILE{$fn}{fn} = $fn;
+ $FILE{$fn}{fd} = new FileHandle($fn, O_RDWR|O_CREAT) or die "$!\n";
+ $FILE{$fn}{fd}->blocking(0);
+ $FILE{$fn}{fd}->sysseek(0, 2);
+ $FILE{$fn}{buf} = "";
+ };
+ if ($@) {
+ msg("Warning: Failed to open file \"$fn\": $@");
+ return undef;
+ }
+ }
+ }
+}
+
+sub encode_chunked {
+ my($data, $size) = @_;
+ $size = 128 unless ($size);
+ my $chunked = "";
+
+ my $n = 0;
+ my $bytes = length($data);
+ while ($bytes >= $size) {
+ $chunked .= sprintf "%x\x0d\x0a%s\x0d\x0a", $size, substr($data, $n, $size);
+ $n += $size;
+ $bytes -= $size;
+ }
+ if ($bytes) {
+ $chunked .= sprintf "%x\x0d\x0a%s\x0d\x0a", $bytes, substr($data, $n, $bytes);
+ }
+ $chunked .= "0\x0d\x0a\x0d\x0a"
+}
+
+sub nginx_start {
+ my ($t) = shift;
+ my($C) = shift;
+
+ my %conf = (
+ listen => "$opt{p}",
+ config => "$REG_DIR/nginx/conf/empty.conf",
+ enable => "off",
+ );
+
+ while(my($k,$v)= each %$C){
+ $conf{$k}=$v;
+ }
+
+ my ($tt) = Template->new(INCLUDE_PATH => "$REG_DIR/nginx/conf/");
+ my ($output);
+ $tt->process("nginx.conf.template", \%conf, \$output) || die $tt->error;
+
+ open (OUTFILE, ">$opt{C}");
+ print OUTFILE "$output";
+ close(OUTFILE);
+
+ nginx_reset_fd($t);
+
+ my @p = ($NGINX, -p => $opt{P});
+
+ my $nginx_out;
+ my $nginx_pid = open3(undef, $nginx_out, undef, @p) or quit(1);
+ my $out = join("\\n", grep(!/POOL DEBUG/, (<$nginx_out>)));
+ close $nginx_out;
+ waitpid($nginx_pid, 0);
+
+ my $rc = $?;
+ if ( WIFEXITED($rc) ) {
+ $rc = WEXITSTATUS($rc);
+ vrb("Nginx start returned with $rc.") if ($rc);
+ }
+ elsif( WIFSIGNALED($rc) ) {
+ msg("Nginx start failed with signal " . WTERMSIG($rc) . ".");
+ $rc = -1;
+ }
+ else {
+ msg("Nginx start failed with unknown error.");
+ $rc = -1;
+ }
+
+# Look for startup msg
+# unless (defined match_log("error", qr/start worker process/, 60, "Waiting on nginx to start: ")) {
+# vrb(join(" ", map { quote_shell($_) } @p));
+# vrb(match_log("error", qr/(^.*ModSecurity: .*)/sm, 10));
+# msg("Nginx server failed to start.");
+# nginx_stop();
+# return -1;
+# }
+
+ return $rc;
+}
+
|
[-]
[+]
|
Changed |
modsecurity-apache_2.7.4.tar.bz2/tools/Makefile.in
^
|
@@ -85,13 +85,17 @@
APR_CFLAGS = @APR_CFLAGS@
APR_CONFIG = @APR_CONFIG@
APR_CPPFLAGS = @APR_CPPFLAGS@
+APR_INCLUDEDIR = @APR_INCLUDEDIR@
APR_LDADD = @APR_LDADD@
APR_LDFLAGS = @APR_LDFLAGS@
+APR_LINKLD = @APR_LINKLD@
APR_VERSION = @APR_VERSION@
APU_CFLAGS = @APU_CFLAGS@
APU_CONFIG = @APU_CONFIG@
+APU_INCLUDEDIR = @APU_INCLUDEDIR@
APU_LDADD = @APU_LDADD@
APU_LDFLAGS = @APU_LDFLAGS@
+APU_LINKLD = @APU_LINKLD@
APU_VERSION = @APU_VERSION@
APXS = @APXS@
APXS_BINDIR = @APXS_BINDIR@
|