Changes - j0ke.net Open Build Service

@@ -1,3 +1,32 @@ +10 May 2013 - 2.7.4 +------------------- +Improvements: + + * Added Libinjection project http://www.client9.com/projects/libinjection/ as a new operator @detectSQLi. (Thanks Nick Galbreath). + + * Added new variable SDBM_DELETE_ERROR that will be set to 1 when sdbm engine fails to delete entries. + + * NGINX is now set to STABLE. Thanks chaizhenhua and all the people in community who help the project testing, sending feedback and patches. + +Bug Fixes: + + * Fixed SecRulePerfTime storing unnecessary rules performance times. + + * Fixed Possible SDBM deadlock condition. + + * Fixed Possible @rsub memory leak. + + * Fixed REMOTE_ADDR content will receive the client ip address when mod_remoteip.c is present. + + * Fixed NGINX Audit engine in Concurrent mode was overwriting existing alert files because a issue with UNIQUE_ID. + + * Fixed CPU 100% issue in NGINX port. This is also related to an memory leak when loading response body. + +Security Issues: + + * Fixed Remote Null Pointer DeReference (CVE-2013-2765). When forceRequestBodyVariable action is triggered and a unknown Content-Type is used, + mod_security will crash trying to manipulate msr->msc_reqbody_chunks->elts however msr->msc_reqbody_chunks is NULL. (Thanks Younes JAAIDI). + 28 Mar 2013 - 2.7.3 ------------------- @@ -32,7 +61,7 @@ * SECURITY: Added SecXmlExternalEntity (On|Off - default it Off) that will disable by default the external entity load task executed by LibXml2. This is a security issue - reported by Timur Yunusov, Alexey Osipov (Positive Technologies). + [CVE-2013-1915] reported by Timur Yunusov, Alexey Osipov (Positive Technologies). 21 Jan 2013 - 2.7.2 ------------------- @@ -130,7 +159,7 @@ support Include directive like Apache2. * Added MULTIPART_INVALID_PART flag. Also used in rule id 200002 for multipart strict - validation. + validation. https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20121017-0_mod_security_ruleset_bypass.txt). * Updated Reference Manual.

@@ -118,13 +118,17 @@ APR_CFLAGS = @APR_CFLAGS@ APR_CONFIG = @APR_CONFIG@ APR_CPPFLAGS = @APR_CPPFLAGS@ +APR_INCLUDEDIR = @APR_INCLUDEDIR@ APR_LDADD = @APR_LDADD@ APR_LDFLAGS = @APR_LDFLAGS@ +APR_LINKLD = @APR_LINKLD@ APR_VERSION = @APR_VERSION@ APU_CFLAGS = @APU_CFLAGS@ APU_CONFIG = @APU_CONFIG@ +APU_INCLUDEDIR = @APU_INCLUDEDIR@ APU_LDADD = @APU_LDADD@ APU_LDFLAGS = @APU_LDFLAGS@ +APU_LINKLD = @APU_LINKLD@ APU_VERSION = @APU_VERSION@ APXS = @APXS@ APXS_BINDIR = @APXS_BINDIR@

@@ -1,5 +1,5 @@ ModSecurity (www.modsecurity.org) - Copyright [2004-2011] Trustwave Holdings, Inc + Copyright [2004-2013] Trustwave Holdings, Inc This product includes software developed at Trustwave Holdings, Inc (http://www.trustwave.com/).

@@ -1,5 +1,5 @@ ModSecurity for Apache 2.x, http://www.modsecurity.org/ -Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) You may not use this file except in compliance with the License. You may obtain a copy of the License at

@@ -108,13 +108,17 @@ APR_CFLAGS = @APR_CFLAGS@ APR_CONFIG = @APR_CONFIG@ APR_CPPFLAGS = @APR_CPPFLAGS@ +APR_INCLUDEDIR = @APR_INCLUDEDIR@ APR_LDADD = @APR_LDADD@ APR_LDFLAGS = @APR_LDFLAGS@ +APR_LINKLD = @APR_LINKLD@ APR_VERSION = @APR_VERSION@ APU_CFLAGS = @APU_CFLAGS@ APU_CONFIG = @APU_CONFIG@ +APU_INCLUDEDIR = @APU_INCLUDEDIR@ APU_LDADD = @APU_LDADD@ APU_LDFLAGS = @APU_LDFLAGS@ +APU_LINKLD = @APU_LINKLD@ APU_VERSION = @APU_VERSION@ APXS = @APXS@ APXS_BINDIR = @APXS_BINDIR@

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at

@@ -11,7 +11,7 @@ re_variables.c msc_logging.c msc_xml.c \ msc_multipart.c modsecurity.c msc_parsers.c \ msc_util.c msc_pcre.c persist_dbm.c msc_reqbody.c \ - msc_geo.c msc_gsb.c msc_crypt.c msc_tree.c msc_unicode.c acmp.c msc_lua.c msc_release.c + msc_geo.c msc_gsb.c msc_crypt.c msc_tree.c msc_unicode.c acmp.c msc_lua.c msc_release.c libinjection/sqlparse.c mod_security2_la_CFLAGS = @APXS_CFLAGS@ @APR_CFLAGS@ @APU_CFLAGS@ \ @PCRE_CFLAGS@ @LIBXML2_CFLAGS@ @LUA_CFLAGS@ @MODSEC_EXTRA_CFLAGS@ @CURL_CFLAGS@

@@ -93,7 +93,7 @@ mod_security2_la-msc_gsb.lo mod_security2_la-msc_crypt.lo \ mod_security2_la-msc_tree.lo mod_security2_la-msc_unicode.lo \ mod_security2_la-acmp.lo mod_security2_la-msc_lua.lo \ - mod_security2_la-msc_release.lo + mod_security2_la-msc_release.lo mod_security2_la-sqlparse.lo mod_security2_la_OBJECTS = $(am_mod_security2_la_OBJECTS) mod_security2_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(mod_security2_la_CFLAGS) \ @@ -122,13 +122,17 @@ APR_CFLAGS = @APR_CFLAGS@ APR_CONFIG = @APR_CONFIG@ APR_CPPFLAGS = @APR_CPPFLAGS@ +APR_INCLUDEDIR = @APR_INCLUDEDIR@ APR_LDADD = @APR_LDADD@ APR_LDFLAGS = @APR_LDFLAGS@ +APR_LINKLD = @APR_LINKLD@ APR_VERSION = @APR_VERSION@ APU_CFLAGS = @APU_CFLAGS@ APU_CONFIG = @APU_CONFIG@ +APU_INCLUDEDIR = @APU_INCLUDEDIR@ APU_LDADD = @APU_LDADD@ APU_LDFLAGS = @APU_LDFLAGS@ +APU_LINKLD = @APU_LINKLD@ APU_VERSION = @APU_VERSION@ APXS = @APXS@ APXS_BINDIR = @APXS_BINDIR@ @@ -305,7 +309,7 @@ re_variables.c msc_logging.c msc_xml.c \ msc_multipart.c modsecurity.c msc_parsers.c \ msc_util.c msc_pcre.c persist_dbm.c msc_reqbody.c \ - msc_geo.c msc_gsb.c msc_crypt.c msc_tree.c msc_unicode.c acmp.c msc_lua.c msc_release.c + msc_geo.c msc_gsb.c msc_crypt.c msc_tree.c msc_unicode.c acmp.c msc_lua.c msc_release.c libinjection/sqlparse.c mod_security2_la_CFLAGS = @APXS_CFLAGS@ @APR_CFLAGS@ @APU_CFLAGS@ \ @PCRE_CFLAGS@ @LIBXML2_CFLAGS@ @LUA_CFLAGS@ @MODSEC_EXTRA_CFLAGS@ @CURL_CFLAGS@ @@ -462,6 +466,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-re_operators.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-re_tfns.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-re_variables.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-sqlparse.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -666,6 +671,13 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_security2_la_CPPFLAGS) $(CPPFLAGS) $(mod_security2_la_CFLAGS) $(CFLAGS) -c -o mod_security2_la-msc_release.lo `test -f 'msc_release.c' || echo '$(srcdir)/'`msc_release.c +mod_security2_la-sqlparse.lo: libinjection/sqlparse.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_security2_la_CPPFLAGS) $(CPPFLAGS) $(mod_security2_la_CFLAGS) $(CFLAGS) -MT mod_security2_la-sqlparse.lo -MD -MP -MF $(DEPDIR)/mod_security2_la-sqlparse.Tpo -c -o mod_security2_la-sqlparse.lo `test -f 'libinjection/sqlparse.c' || echo '$(srcdir)/'`libinjection/sqlparse.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mod_security2_la-sqlparse.Tpo $(DEPDIR)/mod_security2_la-sqlparse.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='libinjection/sqlparse.c' object='mod_security2_la-sqlparse.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_security2_la_CPPFLAGS) $(CPPFLAGS) $(mod_security2_la_CFLAGS) $(CFLAGS) -c -o mod_security2_la-sqlparse.lo `test -f 'libinjection/sqlparse.c' || echo '$(srcdir)/'`libinjection/sqlparse.c + mostlyclean-libtool: -rm -f *.lo

@@ -46,7 +46,7 @@ msc_logging.obj msc_xml.obj msc_multipart.obj modsecurity.obj \ msc_parsers.obj msc_util.obj msc_pcre.obj persist_dbm.obj \ msc_reqbody.obj msc_geo.obj msc_gsb.obj msc_crypt.obj msc_tree.obj msc_unicode.obj acmp.obj msc_lua.obj \ - msc_release.obj + msc_release.obj libinjection\sqlparse.obj all: $(DLL)

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at @@ -2346,7 +2346,7 @@ dcfg->hash_is_enabled = HASH_DISABLED; dcfg->hash_enforcement = HASH_DISABLED; } - else return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SexHashEngine: %s", p1); + else return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecHashEngine: %s", p1); return NULL; }

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at @@ -198,6 +198,10 @@ apr_size_t nbytes, nbytes_written; apr_file_t *debuglog_fd = NULL; int filter_debug_level = 0; + char *remote = NULL; + char *parse_remote = NULL; + char *saved = NULL; + char *str = NULL; char str1[1024] = ""; char str2[1256] = ""; @@ -269,8 +273,8 @@ hostname, log_escape(msr->mp, r->uri), unique_id); #else ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, 0, r->server, - "[client %s] ModSecurity: %s%s [uri \"%s\"]%s", r->connection->remote_ip, str1, - hostname, log_escape(msr->mp, r->uri), unique_id); + "[client %s] ModSecurity: %s%s [uri \"%s\"]%s", msr->remote_addr ? msr->remote_addr : r->connection->remote_ip, str1, + hostname, log_escape(msr->mp, r->uri), unique_id); #endif /* Add this message to the list. */

+(directory)

@@ -0,0 +1,37 @@ +/* + * Copyright 2012, 2013 + * Nick Galbreath -- nickg [at] client9 [dot] com + * http://www.client9.com/projects/libinjection/ + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * Neither the name of libinjection nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * This is the standard "new" BSD license: + * http://www.opensource.org/licenses/bsd-license.php + */

@@ -0,0 +1,2327 @@ +#ifndef _SQLPARSE_FINGERPRINTS_H +#define _SQLPARSE_FINGERPRINTS_H + +static const char* patmap[] = { + "&1o1U", + "&1osU", + "&1ovU", + "&f()o", + "&f(1)", + "&f(1o", + "&f(s)", + "&f(v)", + "&f(vo", + "&so1U", + "&sosU", + "&sovU", + "&vo1U", + "&vosU", + "&vovU", + "1&((f", + "1&((k", + "1&(1)", + "1&(1,", + "1&(1o", + "1&(f(", + "1&(k(", + "1&(k1", + "1&(kf", + "1&(kk", + "1&(kn", + "1&(ko", + "1&(ks", + "1&(kv", + "1&(s)", + "1&(s,", + "1&(so", + "1&(v)", + "1&(v,", + "1&(vo", + "1&1", + "1&1Bf", + "1&1Uk", + "1&1c", + "1&1f(", + "1&1o(", + "1&1o1", + "1&1of", + "1&1ok", + "1&1on", + "1&1oo", + "1&1os", + "1&1ov", + "1&f((", + "1&f()", + "1&f(1", + "1&f(f", + "1&f(k", + "1&f(n", + "1&f(s", + "1&f(v", + "1&k(1", + "1&k(f", + "1&k(s", + "1&k(v", + "1&k1k", + "1&kUk", + "1&kk1", + "1&kks", + "1&kkv", + "1&ksk", + "1&kvk", + "1&n()", + "1&no1", + "1&nos", + "1&nov", + "1&o(1", + "1&o(s", + "1&o(v", + "1&o1o", + "1&oso", + "1&ovo", + "1&sBf", + "1&sU(", + "1&sUk", + "1&sf(", + "1&so(", + "1&so1", + "1&sof", + "1&sok", + "1&son", + "1&soo", + "1&sos", + "1&sov", + "1&v", + "1&vBf", + "1&vU(", + "1&vUk", + "1&vc", + "1&vf(", + "1&vo(", + "1&vo1", + "1&vof", + "1&vok", + "1&von", + "1&voo", + "1&vos", + "1&vov", + "1)&(1", + "1)&(f", + "1)&(k", + "1)&(n", + "1)&(s", + "1)&(v", + "1)&1B", + "1)&1U", + "1)&1f", + "1)&1o", + "1)&f(", + "1)&o(", + "1)&sB", + "1)&sU", + "1)&sf", + "1)&so", + "1)&vB", + "1)&vU", + "1)&vf", + "1)&vo", + "1)()s", + "1)()v", + "1))&(", + "1))&1", + "1))&f", + "1))&o", + "1))&s", + "1))&v", + "1)))&", + "1))))", + "1)));", + "1)))B", + "1)))U", + "1)))c", + "1)))k", + "1)))o", + "1));c", + "1));k", + "1))B1", + "1))Bs", + "1))Bv", + "1))Uk", + "1))Un", + "1))c", + "1))k1", + "1))kk", + "1))ks", + "1))kv", + "1))o(", + "1))o1", + "1))of", + "1))ok", + "1))on", + "1))os", + "1))ov", + "1),(1", + "1),(s", + "1),(v", + "1);c", + "1);k&", + "1);k(", + "1);kf", + "1);kk", + "1);kn", + "1);ko", + "1)B1", + "1)B1&", + "1)B1c", + "1)B1o", + "1)Bs", + "1)Bs&", + "1)Bsc", + "1)Bso", + "1)Bv", + "1)Bv&", + "1)Bvc", + "1)Bvo", + "1)U(k", + "1)Uk(", + "1)Uk1", + "1)Ukf", + "1)Ukk", + "1)Ukn", + "1)Uko", + "1)Uks", + "1)Ukv", + "1)Unk", + "1)c", + "1)k1", + "1)k1c", + "1)k1o", + "1)kks", + "1)kkv", + "1)knk", + "1)ks", + "1)ksc", + "1)kso", + "1)kv", + "1)kvc", + "1)kvo", + "1)o(1", + "1)o(k", + "1)o(n", + "1)o(s", + "1)o(v", + "1)o1)", + "1)o1B", + "1)o1U", + "1)o1f", + "1)o1k", + "1)o1o", + "1)of(", + "1)ok(", + "1)ok1", + "1)oks", + "1)okv", + "1)on&", + "1)os)", + "1)osB", + "1)osU", + "1)osf", + "1)osk", + "1)oso", + "1)ov)", + "1)ovB", + "1)ovU", + "1)ovf", + "1)ovk", + "1)ovo", + "1,(f(", + "1,(k(", + "1,(k1", + "1,(kf", + "1,(ks", + "1,(kv", + "1,1),", + "1,1)o", + "1,1B1", + "1,1Bs", + "1,1Bv", + "1,1Uk", + "1,f(1", + "1,f(s", + "1,f(v", + "1,s),", + "1,s)o", + "1,sB1", + "1,sBs", + "1,sBv", + "1,sUk", + "1,v),", + "1,v)o", + "1,vB1", + "1,vBs", + "1,vBv", + "1,vUk", + "1;c", + "1;k&k", + "1;k((", + "1;k(1", + "1;k(o", + "1;k(s", + "1;k(v", + "1;k1,", + "1;kf(", + "1;kks", + "1;kkv", + "1;kn(", + "1;kn,", + "1;knc", + "1;ko(", + "1;kok", + "1;ks,", + "1;kv,", + "1B1", + "1B1,1", + "1B1,n", + "1B1,s", + "1B1,v", + "1B1Uk", + "1B1c", + "1B1k1", + "1B1ks", + "1B1kv", + "1Bf(1", + "1Bf(f", + "1Bf(s", + "1Bf(v", + "1Bk(1", + "1Bk(s", + "1Bk(v", + "1Bn,n", + "1Bnk1", + "1Bnks", + "1Bnkv", + "1Bs", + "1Bs,1", + "1Bs,n", + "1Bs,s", + "1Bs,v", + "1BsUk", + "1Bsc", + "1Bsk1", + "1Bsks", + "1Bskv", + "1Bv", + "1Bv,1", + "1Bv,n", + "1Bv,s", + "1Bv,v", + "1BvUk", + "1Bvc", + "1Bvk1", + "1Bvks", + "1Bvkv", + "1U", + "1U((k", + "1U(k1", + "1U(kf", + "1U(kn", + "1U(ks", + "1U(kv", + "1U1,1", + "1U1,s", + "1U1,v", + "1Uc", + "1Uk", + "1Uk(1", + "1Uk(k", + "1Uk(n", + "1Uk(s", + "1Uk(v", + "1Uk1", + "1Uk1,", + "1Uk1c", + "1Uk1f", + "1Uk1k", + "1Uk1n", + "1Uk1o", + "1Ukf", + "1Ukf(", + "1Ukf,", + "1Ukk(", + "1Ukk,", + "1Ukk1", + "1Ukkk", + "1Ukkn", + "1Ukks", + "1Ukkv", + "1Ukn&", + "1Ukn(", + "1Ukn,", + "1Ukn1", + "1Uknc", + "1Uknk", + "1Ukno", + "1Ukns", + "1Uknv", + "1Uko1", + "1Ukok", + "1Ukos", + "1Ukov", + "1Uks", + "1Uks,", + "1Uksc", + "1Uksf", + "1Uksk", + "1Uksn", + "1Ukso", + "1Ukv", + "1Ukv,", + "1Ukvc", + "1Ukvf", + "1Ukvk", + "1Ukvn", + "1Ukvo", + "1Un,1", + "1Un,s", + "1Un,v", + "1Un1,", + "1Unk(", + "1Unk1", + "1Unkf", + "1Unks", + "1Unkv", + "1Uns,", + "1Unv,", + "1Uon1", + "1Uons", + "1Uonv", + "1Us,1", + "1Us,s", + "1Us,v", + "1Uv,1", + "1Uv,s", + "1Uv,v", + "1c", + "1f()k", + "1k1U(", + "1k1Uk", + "1k1c", + "1k1o1", + "1k1ov", + "1kU1,", + "1kUs,", + "1kUv,", + "1kf(1", + "1kf(s", + "1kf(v", + "1kk(1", + "1kk(s", + "1kk(v", + "1kksc", + "1kkvc", + "1knkn", + "1kno1", + "1knov", + "1kokn", + "1ksU(", + "1ksUk", + "1ksc", + "1kvU(", + "1kvUk", + "1kvc", + "1kvo1", + "1kvov", + "1n&f(", + "1n)Uk", + "1nUk1", + "1nUkn", + "1nUks", + "1nUkv", + "1nk1c", + "1nkf(", + "1nksc", + "1nkvc", + "1o(((", + "1o((1", + "1o((f", + "1o((s", + "1o((v", + "1o(1)", + "1o(1o", + "1o(f(", + "1o(k(", + "1o(k1", + "1o(kf", + "1o(kn", + "1o(ks", + "1o(kv", + "1o(n)", + "1o(o1", + "1o(os", + "1o(ov", + "1o(s)", + "1o(so", + "1o(v)", + "1o(vo", + "1o1)&", + "1o1)o", + "1o1Bf", + "1o1Uk", + "1o1f(", + "1o1kf", + "1o1o(", + "1o1o1", + "1o1of", + "1o1oo", + "1o1os", + "1o1ov", + "1of()", + "1of(1", + "1of(f", + "1of(n", + "1of(s", + "1of(v", + "1ok(1", + "1ok(k", + "1ok(s", + "1ok(v", + "1ok)U", + "1ok)o", + "1ok1", + "1ok1,", + "1ok1c", + "1ok1k", + "1okUk", + "1okf(", + "1oks", + "1oks,", + "1oksc", + "1oksk", + "1okv", + "1okv,", + "1okvc", + "1okvk", + "1onos", + "1onov", + "1os)&", + "1os)U", + "1os)o", + "1osBf", + "1osUk", + "1osf(", + "1oskf", + "1oso(", + "1oso1", + "1osof", + "1osoo", + "1osos", + "1osov", + "1ov)&", + "1ov)U", + "1ov)o", + "1ovBf", + "1ovUk", + "1ovf(", + "1ovkf", + "1ovo(", + "1ovo1", + "1ovof", + "1ovoo", + "1ovos", + "1ovov", + ";kknc", + "Uk1,1", + "Uk1,f", + "Uk1,n", + "Uk1,s", + "Uk1,v", + "Ukkkn", + "Uks,1", + "Uks,f", + "Uks,n", + "Uks,s", + "Uks,v", + "Ukv,1", + "Ukv,f", + "Ukv,n", + "Ukv,s", + "Ukv,v", + "f((f(", + "f((k(", + "f((kf", + "f()&f", + "f()of", + "f(1)&", + "f(1)U", + "f(1)o", + "f(1,1", + "f(1,f", + "f(1,s", + "f(1,v", + "f(1o1", + "f(1os", + "f(1ov", + "f(f()", + "f(f(1", + "f(f(f", + "f(f(s", + "f(f(v", + "f(k()", + "f(k,(", + "f(k,f", + "f(k,n", + "f(n()", + "f(s)&", + "f(s)U", + "f(s)o", + "f(s,1", + "f(s,f", + "f(s,s", + "f(s,v", + "f(so1", + "f(sos", + "f(sov", + "f(v)&", + "f(v)U", + "f(v)o", + "f(v,1", + "f(v,f", + "f(v,s", + "f(v,v", + "f(vo1", + "f(vos", + "f(vov", + "k()ok", + "k(1)U", + "k(f(1", + "k(f(v", + "k(ok(", + "k(s)U", + "k(sv)", + "k(v)U", + "k(vs)", + "k(vv)", + "k1,1,", + "k1,1c", + "k1,1k", + "k1,f(", + "k1,n,", + "k1,s,", + "k1,sc", + "k1,sk", + "k1,v,", + "k1,vc", + "k1,vk", + "k1k(k", + "k1kf(", + "k1o(s", + "k1o(v", + "k;non", + "kc", + "kf((f", + "kf(1)", + "kf(1,", + "kf(f(", + "kf(n,", + "kf(o)", + "kf(s)", + "kf(s,", + "kf(s:", + "kf(v)", + "kf(v,", + "kf(v:", + "kk(f(", + "kk1f(", + "kk1fn", + "kk1kk", + "kk1nk", + "kk1sf", + "kk1sk", + "kk1sn", + "kk1vf", + "kk1vk", + "kk1vn", + "kksf(", + "kksfn", + "kkskk", + "kksnk", + "kksvk", + "kksvn", + "kkvf(", + "kkvfn", + "kkvkk", + "kkvnk", + "kkvsf", + "kkvsk", + "kkvsn", + "kkvvf", + "kkvvk", + "kkvvn", + "kn1kk", + "kn1sk", + "kn1sn", + "kn1vk", + "kn1vn", + "knk(k", + "knskk", + "knsvk", + "knsvn", + "knvkk", + "knvsk", + "knvsn", + "knvvk", + "knvvn", + "ko(k(", + "ko(kf", + "ko(n,", + "ko(s,", + "ko(v,", + "kok(k", + "ks&(k", + "ks&(o", + "ks)", + "ks,1,", + "ks,1c", + "ks,1k", + "ks,f(", + "ks,s,", + "ks,sc", + "ks,sk", + "ks,v,", + "ks,vc", + "ks,vk", + "ksf(1", + "ksf(s", + "ksf(v", + "ksk(1", + "ksk(k", + "ksk(s", + "ksk(v", + "kso(s", + "kso(v", + "kv&(k", + "kv&(o", + "kv)", + "kv,1,", + "kv,1c", + "kv,1k", + "kv,f(", + "kv,n,", + "kv,s,", + "kv,sc", + "kv,sk", + "kv,v,", + "kv,vc", + "kv,vk", + "kvf(1", + "kvf(s", + "kvf(v", + "kvk(1", + "kvk(k", + "kvk(s", + "kvk(v", + "kvkf(", + "kvo(s", + "kvo(v", + "n&(1)", + "n&(1,", + "n&(k1", + "n&(ks", + "n&(kv", + "n&(o1", + "n&(os", + "n&(ov", + "n&(s)", + "n&(s,", + "n&(v)", + "n&(v,", + "n&1Bf", + "n&1f(", + "n&1o(", + "n&1o1", + "n&1of", + "n&1oo", + "n&1os", + "n&1ov", + "n&f(1", + "n&f(f", + "n&f(s", + "n&f(v", + "n&k(1", + "n&k(s", + "n&k(v", + "n&o1o", + "n&oso", + "n&ovo", + "n&sf(", + "n&so(", + "n&so1", + "n&sof", + "n&soo", + "n&sos", + "n&sov", + "n&vBf", + "n&vf(", + "n&vo(", + "n&vo1", + "n&vof", + "n&voo", + "n&vos", + "n&vov", + "n)&(k", + "n)&1f", + "n)&1o", + "n)&f(", + "n)&sf", + "n)&so", + "n)&vf", + "n)&vo", + "n))&(", + "n))&1", + "n))&f", + "n))&s", + "n))&v", + "n)))&", + "n)));", + "n)))B", + "n)))U", + "n)))c", + "n)))k", + "n)))o", + "n));c", + "n));k", + "n))B1", + "n))Bv", + "n))Uk", + "n))c", + "n))kk", + "n))o(", + "n))o1", + "n))of", + "n))ok", + "n))os", + "n))ov", + "n);c", + "n);k&", + "n);k(", + "n);kf", + "n);kk", + "n);kn", + "n);ko", + "n)B1c", + "n)Bvc", + "n)Uk1", + "n)Ukv", + "n)c", + "n)k1o", + "n)kks", + "n)kkv", + "n)kso", + "n)kvo", + "n)o(k", + "n)o1&", + "n)o1f", + "n)o1o", + "n)of(", + "n)ok(", + "n)os&", + "n)osf", + "n)oso", + "n)ov&", + "n)ovf", + "n)ovo", + "n,(f(", + "n,(k(", + "n,(k1", + "n,(kf", + "n,(ks", + "n,(kv", + "n,f(1", + "n,f(s", + "n,f(v", + "n:o1U", + "n:osU", + "n:ovU", + "n;c", + "n;k&k", + "n;k((", + "n;k(1", + "n;k(s", + "n;k(v", + "n;kf(", + "n;kks", + "n;kkv", + "n;kn(", + "n;ko(", + "n;kok", + "nB1c", + "nBvc", + "nUk(k", + "nUk1,", + "nUk1c", + "nUkf(", + "nUkn,", + "nUks,", + "nUkv,", + "nUkvc", + "nUnk(", + "nc", + "nk1Uk", + "nk1o1", + "nk1ov", + "nkf(1", + "nkf(s", + "nkf(v", + "nkksc", + "nkkvc", + "nksUk", + "nkvUk", + "nkvo1", + "nkvov", + "nnn)U", + "nno1U", + "nnosU", + "nnovU", + "no(k1", + "no(ks", + "no(kv", + "no(o1", + "no(os", + "no(ov", + "no1&1", + "no1&s", + "no1&v", + "no1Uk", + "no1f(", + "no1o(", + "no1of", + "no1oo", + "no1os", + "no1ov", + "nof(1", + "nof(s", + "nof(v", + "nok(1", + "nok(f", + "nok(k", + "nok(s", + "nok(v", + "nono1", + "nonov", + "nos&1", + "nos&s", + "nos&v", + "nosUk", + "nosf(", + "noso(", + "noso1", + "nosof", + "nosoo", + "nosos", + "nosov", + "nov&1", + "nov&s", + "nov&v", + "novUk", + "novf(", + "novo(", + "novo1", + "novof", + "novoo", + "novos", + "novov", + "o1kf(", + "oUk1,", + "oUks,", + "oUkv,", + "oc", + "of()o", + "of(1)", + "of(s)", + "of(v)", + "ok1o1", + "ok1os", + "ok1ov", + "okkkn", + "okso1", + "oksos", + "oksov", + "okvo1", + "okvos", + "okvov", + "ook1,", + "ooks,", + "ookv,", + "oskf(", + "ovkf(", + "s&((f", + "s&((k", + "s&(1)", + "s&(1,", + "s&(1o", + "s&(f(", + "s&(k(", + "s&(k)", + "s&(k1", + "s&(kc", + "s&(kf", + "s&(kk", + "s&(kn", + "s&(ko", + "s&(ks", + "s&(kv", + "s&(s)", + "s&(s,", + "s&(so", + "s&(v)", + "s&(v,", + "s&(vo", + "s&1", + "s&1Bf", + "s&1Uk", + "s&1c", + "s&1f(", + "s&1o(", + "s&1o1", + "s&1of", + "s&1ok", + "s&1on", + "s&1oo", + "s&1os", + "s&1ov", + "s&f((", + "s&f()", + "s&f(1", + "s&f(f", + "s&f(k", + "s&f(n", + "s&f(s", + "s&f(v", + "s&k&s", + "s&k&v", + "s&k(1", + "s&k(f", + "s&k(o", + "s&k(s", + "s&k(v", + "s&k1k", + "s&k1o", + "s&kUk", + "s&kc", + "s&kk1", + "s&kks", + "s&kkv", + "s&knk", + "s&ko(", + "s&ko1", + "s&kok", + "s&kos", + "s&kov", + "s&ksk", + "s&kso", + "s&kvk", + "s&kvo", + "s&n&s", + "s&n&v", + "s&n()", + "s&no1", + "s&nos", + "s&nov", + "s&o(1", + "s&o(k", + "s&o(s", + "s&o(v", + "s&o1o", + "s&okc", + "s&oko", + "s&os", + "s&oso", + "s&ov", + "s&ovo", + "s&s", + "s&s:o", + "s&sBf", + "s&sU(", + "s&sUk", + "s&sc", + "s&sf(", + "s&so(", + "s&so1", + "s&sof", + "s&sok", + "s&son", + "s&soo", + "s&sos", + "s&sov", + "s&svo", + "s&v", + "s&v:o", + "s&vBf", + "s&vU(", + "s&vUk", + "s&vc", + "s&vf(", + "s&vo(", + "s&vo1", + "s&vof", + "s&vok", + "s&von", + "s&voo", + "s&vos", + "s&vov", + "s&vso", + "s&vvo", + "s(c", + "s)&(1", + "s)&(f", + "s)&(k", + "s)&(n", + "s)&(s", + "s)&(v", + "s)&1B", + "s)&1U", + "s)&1f", + "s)&1o", + "s)&f(", + "s)&o(", + "s)&sB", + "s)&sU", + "s)&sf", + "s)&so", + "s)&vB", + "s)&vU", + "s)&vf", + "s)&vo", + "s)()s", + "s)()v", + "s))&(", + "s))&1", + "s))&f", + "s))&n", + "s))&o", + "s))&s", + "s))&v", + "s)))&", + "s))))", + "s)));", + "s)))B", + "s)))U", + "s)))c", + "s)))k", + "s)))o", + "s));c", + "s));k", + "s))B1", + "s))Bs", + "s))Bv", + "s))Uk", + "s))Un", + "s))c", + "s))k1", + "s))kk", + "s))ks", + "s))kv", + "s))o(", + "s))o1", + "s))of", + "s))ok", + "s))on", + "s))os", + "s))ov", + "s),(1", + "s),(s", + "s),(v", + "s);c", + "s);k&", + "s);k(", + "s);kf", + "s);kk", + "s);kn", + "s);ko", + "s)B1", + "s)B1&", + "s)B1c", + "s)B1o", + "s)Bs", + "s)Bs&", + "s)Bsc", + "s)Bso", + "s)Bv", + "s)Bv&", + "s)Bvc", + "s)Bvo", + "s)U(k", + "s)Uk(", + "s)Uk1", + "s)Ukf", + "s)Ukk", + "s)Ukn", + "s)Uko", + "s)Uks", + "s)Ukv", + "s)Unk", + "s)c", + "s)k1", + "s)k1c", + "s)k1o", + "s)kks", + "s)kkv", + "s)ks", + "s)ksc", + "s)kso", + "s)kv", + "s)kvc", + "s)kvo", + "s)o(1", + "s)o(k", + "s)o(n", + "s)o(s", + "s)o(v", + "s)o1B", + "s)o1U", + "s)o1f", + "s)o1k", + "s)o1o", + "s)of(", + "s)ok(", + "s)ok1", + "s)oks", + "s)okv", + "s)on&", + "s)os)", + "s)osB", + "s)osU", + "s)osf", + "s)osk", + "s)oso", + "s)ov)", + "s)ovB", + "s)ovU", + "s)ovf", + "s)ovk", + "s)ovo", + "s,(f(", + "s,(k(", + "s,(k1", + "s,(kf", + "s,(ks", + "s,(kv", + "s,1),", + "s,1)o", + "s,1B1", + "s,1Bs", + "s,1Bv", + "s,1Uk", + "s,f(1", + "s,f(s", + "s,f(v", + "s,s),", + "s,s)o", + "s,sB1", + "s,sBs", + "s,sBv", + "s,sUk", + "s,v),", + "s,v)o", + "s,vB1", + "s,vBs", + "s,vBv", + "s,vUk", + "s:o1)", + "s:os)", + "s:ov)", + "s;c", + "s;k&k", + "s;k((", + "s;k(1", + "s;k(o", + "s;k(s", + "s;k(v", + "s;k1,", + "s;k1o", + "s;k;", + "s;k[k", + "s;k[n", + "s;kf(", + "s;kkn", + "s;kks", + "s;kkv", + "s;kn(", + "s;kn,", + "s;knc", + "s;knk", + "s;knn", + "s;ko(", + "s;kok", + "s;ks,", + "s;ksc", + "s;ksk", + "s;kso", + "s;kv,", + "s;kvc", + "s;kvk", + "s;kvo", + "s;n:k", + "sB1", + "sB1&s", + "sB1&v", + "sB1,1", + "sB1,n", + "sB1,s", + "sB1,v", + "sB1Uk", + "sB1c", + "sB1k1", + "sB1ks", + "sB1kv", + "sB1os", + "sB1ov", + "sBf(1", + "sBf(f", + "sBf(s", + "sBf(v", + "sBk(1", + "sBk(s", + "sBk(v", + "sBn,n", + "sBnk1", + "sBnks", + "sBnkv", + "sBs", + "sBs&s", + "sBs&v", + "sBs,1", + "sBs,n", + "sBs,s", + "sBs,v", + "sBsUk", + "sBsc", + "sBsk1", + "sBsks", + "sBskv", + "sBsos", + "sBsov", + "sBv", + "sBv&s", + "sBv&v", + "sBv,1", + "sBv,n", + "sBv,s", + "sBv,v", + "sBvUk", + "sBvc", + "sBvk1", + "sBvks", + "sBvkv", + "sBvos", + "sBvov", + "sU((k", + "sU(k(", + "sU(k1", + "sU(kf", + "sU(kk", + "sU(kn", + "sU(ks", + "sU(kv", + "sU1,1", + "sU1,s", + "sU1,v", + "sUc", + "sUk", + "sUk(1", + "sUk(k", + "sUk(n", + "sUk(s", + "sUk(v", + "sUk1", + "sUk1&", + "sUk1,", + "sUk1c", + "sUk1f", + "sUk1k", + "sUk1n", + "sUk1o", + "sUkf", + "sUkf(", + "sUkf,", + "sUkk(", + "sUkk,", + "sUkk1", + "sUkkk", + "sUkkn", + "sUkks", + "sUkkv", + "sUkn&", + "sUkn(", + "sUkn,", + "sUkn1", + "sUknc", + "sUknk", + "sUkno", + "sUkns", + "sUknv", + "sUko1", + "sUkok", + "sUkos", + "sUkov", + "sUks", + "sUks&", + "sUks,", + "sUksc", + "sUksf", + "sUksk", + "sUksn", + "sUkso", + "sUkv", + "sUkv&", + "sUkv,", + "sUkvc", + "sUkvf", + "sUkvk", + "sUkvn", + "sUkvo", + "sUn(k", + "sUn,1", + "sUn,s", + "sUn,v", + "sUn1,", + "sUnk(", + "sUnk1", + "sUnkf", + "sUnks", + "sUnkv", + "sUno1", + "sUnos", + "sUnov", + "sUns,", + "sUnv,", + "sUon1", + "sUons", + "sUonv", + "sUs,1", + "sUs,s", + "sUs,v", + "sUv,1", + "sUv,s", + "sUv,v", + "sc", + "sf()k", + "sf(1)", + "sf(n,", + "sf(s)", + "sf(v)", + "sk)&(", + "sk)&1", + "sk)&f", + "sk)&s", + "sk)&v", + "sk);k", + "sk)B1", + "sk)Bs", + "sk)Bv", + "sk)Uk", + "sk)Un", + "sk)k1", + "sk)kk", + "sk)ks", + "sk)kv", + "sk)o(", + "sk)o1", + "sk)of", + "sk)ok", + "sk)os", + "sk)ov", + "sk1&1", + "sk1&s", + "sk1&v", + "sk1U(", + "sk1Uk", + "sk1c", + "sk1o1", + "sk1os", + "sk1ov", + "skU1,", + "skUs,", + "skUv,", + "skf(1", + "skf(s", + "skf(v", + "skk(1", + "skk(s", + "skk(v", + "skks", + "skksc", + "skkv", + "skkvc", + "sknkn", + "sks&1", + "sks&s", + "sks&v", + "sksU(", + "sksUk", + "sksc", + "skso1", + "sksos", + "sksov", + "skv&1", + "skv&s", + "skv&v", + "skvU(", + "skvUk", + "skvc", + "skvo1", + "skvos", + "skvov", + "sn&f(", + "sn,f(", + "snUk1", + "snUkn", + "snUks", + "snUkv", + "snk1c", + "snkf(", + "snksc", + "snkvc", + "sno(s", + "sno(v", + "sno1U", + "snosU", + "snovU", + "so(((", + "so((1", + "so((f", + "so((k", + "so((s", + "so((v", + "so(1)", + "so(1o", + "so(f(", + "so(k(", + "so(k)", + "so(k1", + "so(kc", + "so(kf", + "so(kk", + "so(kn", + "so(ko", + "so(ks", + "so(kv", + "so(n)", + "so(o1", + "so(os", + "so(ov", + "so(s)", + "so(so", + "so(v)", + "so(vo", + "so1&1", + "so1&o", + "so1&s", + "so1&v", + "so1)&", + "so1)o", + "so1Bf", + "so1Uk", + "so1c", + "so1f(", + "so1kf", + "so1o(", + "so1o1", + "so1of", + "so1ok", + "so1oo", + "so1os", + "so1ov", + "sof()", + "sof(1", + "sof(f", + "sof(k", + "sof(n", + "sof(s", + "sof(v", + "sok&s", + "sok&v", + "sok(1", + "sok(k", + "sok(o", + "sok(s", + "sok(v", + "sok1", + "sok1,", + "sok1c", + "sok1k", + "sok1o", + "sokUk", + "sokc", + "sokf(", + "sokn,", + "soknk", + "soko(", + "soko1", + "sokok", + "sokos", + "sokov", + "soks", + "soks,", + "soksc", + "soksk", + "sokso", + "sokv", + "sokv,", + "sokvc", + "sokvk", + "sokvo", + "sonk1", + "sonks", + "sonkv", + "sonos", + "sonov", + "sos", + "sos&(", + "sos&1", + "sos&o", + "sos&s", + "sos&v", + "sos)&", + "sos)o", + "sos:o", + "sosBf", + "sosUk", + "sosc", + "sosf(", + "soskf", + "soso(", + "soso1", + "sosof", + "sosok", + "sosoo", + "sosos", + "sosov", + "sosvo", + "sov", + "sov&(", + "sov&1", + "sov&o", + "sov&s", + "sov&v", + "sov)&", + "sov)o", + "sov:o", + "sovBf", + "sovUk", + "sovc", + "sovf(", + "sovkf", + "sovo(", + "sovo1", + "sovof", + "sovok", + "sovoo", + "sovos", + "sovov", + "sovso", + "sovvo", + "v&((f", + "v&((k", + "v&(1)", + "v&(1,", + "v&(1o", + "v&(f(", + "v&(k(", + "v&(k)", + "v&(k1", + "v&(kc", + "v&(kf", + "v&(kk", + "v&(kn", + "v&(ko", + "v&(ks", + "v&(kv", + "v&(s)", + "v&(s,", + "v&(so", + "v&(v)", + "v&(v,", + "v&(vo", + "v&1", + "v&1Bf", + "v&1Uk", + "v&1c", + "v&1f(", + "v&1o(", + "v&1o1", + "v&1of", + "v&1ok", + "v&1on", + "v&1oo", + "v&1os", + "v&1ov", + "v&f((", + "v&f()", + "v&f(1", + "v&f(f", + "v&f(k", + "v&f(n", + "v&f(s", + "v&f(v", + "v&k&s", + "v&k&v", + "v&k(1", + "v&k(f", + "v&k(o", + "v&k(s", + "v&k(v", + "v&k1k", + "v&k1o", + "v&kUk", + "v&kc", + "v&kk1", + "v&kks", + "v&kkv", + "v&knk", + "v&ko(", + "v&ko1", + "v&kok", + "v&kos", + "v&kov", + "v&ksk", + "v&kso", + "v&kvk", + "v&kvo", + "v&n&s", + "v&n&v", + "v&n()", + "v&no1", + "v&nos", + "v&nov", + "v&o(1", + "v&o(k", + "v&o(s", + "v&o(v", + "v&o1o", + "v&okc", + "v&oko", + "v&os", + "v&oso", + "v&ov", + "v&ovo", + "v&s", + "v&s:o", + "v&sBf", + "v&sU(", + "v&sUk", + "v&sc", + "v&sf(", + "v&so(", + "v&so1", + "v&sof", + "v&sok", + "v&son", + "v&soo", + "v&sos", + "v&sov", + "v&svo", + "v&v", + "v&v:o", + "v&vBf", + "v&vU(", + "v&vUk", + "v&vc", + "v&vf(", + "v&vo(", + "v&vo1", + "v&vof", + "v&vok", + "v&von", + "v&voo", + "v&vos", + "v&vov", + "v&vso", + "v&vvo", + "v(c", + "v)&(1", + "v)&(f", + "v)&(k", + "v)&(n", + "v)&(s", + "v)&(v", + "v)&1B", + "v)&1U", + "v)&1f", + "v)&1o", + "v)&f(", + "v)&o(", + "v)&sB", + "v)&sU", + "v)&sf", + "v)&so", + "v)&vB", + "v)&vU", + "v)&vf", + "v)&vo", + "v)()s", + "v)()v", + "v))&(", + "v))&1", + "v))&f", + "v))&n", + "v))&o", + "v))&s", + "v))&v", + "v)))&", + "v))))", + "v)));", + "v)))B", + "v)))U", + "v)))c", + "v)))k", + "v)))o", + "v));c", + "v));k", + "v))B1", + "v))Bs", + "v))Bv", + "v))Uk", + "v))Un", + "v))c", + "v))k1", + "v))kk", + "v))ks", + "v))kv", + "v))o(", + "v))o1", + "v))of", + "v))ok", + "v))on", + "v))os", + "v))ov", + "v),(1", + "v),(s", + "v),(v", + "v);c", + "v);k&", + "v);k(", + "v);kf", + "v);kk", + "v);kn", + "v);ko", + "v)B1", + "v)B1&", + "v)B1c", + "v)B1o", + "v)Bs", + "v)Bs&", + "v)Bsc", + "v)Bso", + "v)Bv", + "v)Bv&", + "v)Bvc", + "v)Bvo", + "v)U(k", + "v)Uk(", + "v)Uk1", + "v)Ukf", + "v)Ukk", + "v)Ukn", + "v)Uko", + "v)Uks", + "v)Ukv", + "v)Unk", + "v)c", + "v)k1", + "v)k1c", + "v)k1o", + "v)kks", + "v)kkv", + "v)knk", + "v)ks", + "v)ksc", + "v)kso", + "v)kv", + "v)kvc", + "v)kvo", + "v)o(1", + "v)o(k", + "v)o(n", + "v)o(s", + "v)o(v", + "v)o1)", + "v)o1B", + "v)o1U", + "v)o1f", + "v)o1k", + "v)o1o", + "v)of(", + "v)ok(", + "v)ok1", + "v)oks", + "v)okv", + "v)on&", + "v)os)", + "v)osB", + "v)osU", + "v)osf", + "v)osk", + "v)oso", + "v)ov)", + "v)ovB", + "v)ovU", + "v)ovf", + "v)ovk", + "v)ovo", + "v,(f(", + "v,(k(", + "v,(k1", + "v,(kf", + "v,(ks", + "v,(kv", + "v,1),", + "v,1)o", + "v,1B1", + "v,1Bs", + "v,1Bv", + "v,1Uk", + "v,f(1", + "v,f(s", + "v,f(v", + "v,s),", + "v,s)o", + "v,sB1", + "v,sBs", + "v,sBv", + "v,sUk", + "v,v),", + "v,v)o", + "v,vB1", + "v,vBs", + "v,vBv", + "v,vUk", + "v:o1)", + "v:os)", + "v:ov)", + "v;c", + "v;k&k", + "v;k((", + "v;k(1", + "v;k(o", + "v;k(s", + "v;k(v", + "v;k1,", + "v;k1o", + "v;k;", + "v;k[k", + "v;k[n", + "v;kf(", + "v;kkn", + "v;kks", + "v;kkv", + "v;kn(", + "v;kn,", + "v;knc", + "v;knk", + "v;knn", + "v;ko(", + "v;kok", + "v;ks,", + "v;ksc", + "v;ksk", + "v;kso", + "v;kv,", + "v;kvc", + "v;kvk", + "v;kvo", + "v;n:k", + "vB1", + "vB1&s", + "vB1&v", + "vB1,1", + "vB1,n", + "vB1,s", + "vB1,v", + "vB1Uk", + "vB1c", + "vB1k1", + "vB1ks", + "vB1kv", + "vB1os", + "vB1ov", + "vBf(1", + "vBf(f", + "vBf(s", + "vBf(v", + "vBk(1", + "vBk(s", + "vBk(v", + "vBn,n", + "vBnk1", + "vBnks", + "vBnkv", + "vBs", + "vBs&s", + "vBs&v", + "vBs,1", + "vBs,n", + "vBs,s", + "vBs,v", + "vBsUk", + "vBsc", + "vBsk1", + "vBsks", + "vBskv", + "vBsos", + "vBsov", + "vBv", + "vBv&s", + "vBv&v", + "vBv,1", + "vBv,n", + "vBv,s", + "vBv,v", + "vBvUk", + "vBvc", + "vBvk1", + "vBvks", + "vBvkv", + "vBvos", + "vBvov", + "vU", + "vU((k", + "vU(k(", + "vU(k1", + "vU(kf", + "vU(kk", + "vU(kn", + "vU(ks", + "vU(kv", + "vU1,1", + "vU1,s", + "vU1,v", + "vUc", + "vUk", + "vUk(1", + "vUk(k", + "vUk(n", + "vUk(s", + "vUk(v", + "vUk1", + "vUk1&", + "vUk1,", + "vUk1c", + "vUk1f", + "vUk1k", + "vUk1n", + "vUk1o", + "vUkf", + "vUkf(", + "vUkf,", + "vUkk(", + "vUkk,", + "vUkk1", + "vUkkk", + "vUkkn", + "vUkks", + "vUkkv", + "vUkn&", + "vUkn(", + "vUkn,", + "vUkn1", + "vUknc", + "vUknk", + "vUkno", + "vUkns", + "vUknv", + "vUko1", + "vUkok", + "vUkos", + "vUkov", + "vUks", + "vUks&", + "vUks,", + "vUksc", + "vUksf", + "vUksk", + "vUksn", + "vUkso", + "vUkv", + "vUkv&", + "vUkv,", + "vUkvc", + "vUkvf", + "vUkvk", + "vUkvn", + "vUkvo", + "vUn(k", + "vUn,1", + "vUn,s", + "vUn,v", + "vUn1,", + "vUnk(", + "vUnk1", + "vUnkf", + "vUnks", + "vUnkv", + "vUno1", + "vUnos", + "vUnov", + "vUns,", + "vUnv,", + "vUon1", + "vUons", + "vUonv", + "vUs,1", + "vUs,s", + "vUs,v", + "vUv,1", + "vUv,s", + "vUv,v", + "vc", + "vf()k", + "vf(1)", + "vf(n,", + "vf(s)", + "vf(v)", + "vk)&(", + "vk)&1", + "vk)&f", + "vk)&s", + "vk)&v", + "vk);k", + "vk)B1", + "vk)Bs", + "vk)Bv", + "vk)Uk", + "vk)Un", + "vk)k1", + "vk)kk", + "vk)ks", + "vk)kv", + "vk)o(", + "vk)o1", + "vk)of", + "vk)ok", + "vk)os", + "vk)ov", + "vk1&1", + "vk1&s", + "vk1&v", + "vk1U(", + "vk1Uk", + "vk1c", + "vk1o1", + "vk1os", + "vk1ov", + "vkU1,", + "vkUs,", + "vkUv,", + "vkf(1", + "vkf(s", + "vkf(v", + "vkk(1", + "vkk(s", + "vkk(v", + "vkks", + "vkksc", + "vkkv", + "vkkvc", + "vknkn", + "vkno1", + "vknov", + "vkokn", + "vks&1", + "vks&s", + "vks&v", + "vksU(", + "vksUk", + "vksc", + "vkso1", + "vksos", + "vksov", + "vkv&1", + "vkv&s", + "vkv&v", + "vkvU(", + "vkvUk", + "vkvc", + "vkvo1", + "vkvos", + "vkvov", + "vn&f(", + "vn)Uk", + "vn,f(", + "vnUk1", + "vnUkn", + "vnUks", + "vnUkv", + "vnk1c", + "vnkf(", + "vnksc", + "vnkvc", + "vno(s", + "vno(v", + "vno1U", + "vnosU", + "vnovU", + "vo(((", + "vo((1", + "vo((f", + "vo((k", + "vo((s", + "vo((v", + "vo(1)", + "vo(1o", + "vo(f(", + "vo(k(", + "vo(k)", + "vo(k1", + "vo(kc", + "vo(kf", + "vo(kk", + "vo(kn", + "vo(ko", + "vo(ks", + "vo(kv", + "vo(n)", + "vo(o1", + "vo(os", + "vo(ov", + "vo(s)", + "vo(so", + "vo(v)", + "vo(vo", + "vo1&1", + "vo1&o", + "vo1&s", + "vo1&v", + "vo1)&", + "vo1)o", + "vo1Bf", + "vo1Uk", + "vo1c", + "vo1f(", + "vo1kf", + "vo1o(", + "vo1o1", + "vo1of", + "vo1ok", + "vo1oo", + "vo1os", + "vo1ov", + "vof()", + "vof(1", + "vof(f", + "vof(k", + "vof(n", + "vof(s", + "vof(v", + "vok&s", + "vok&v", + "vok(1", + "vok(k", + "vok(o", + "vok(s", + "vok(v", + "vok)U", + "vok)o", + "vok1", + "vok1,", + "vok1c", + "vok1k", + "vok1o", + "vokUk", + "vokc", + "vokf(", + "vokn,", + "voknk", + "voko(", + "voko1", + "vokok", + "vokos", + "vokov", + "voks", + "voks,", + "voksc", + "voksk", + "vokso", + "vokv", + "vokv,", + "vokvc", + "vokvk", + "vokvo", + "vonk1", + "vonks", + "vonkv", + "vono1", + "vonos", + "vonov", + "vos", + "vos&(", + "vos&1", + "vos&o", + "vos&s", + "vos&v", + "vos)&", + "vos)U", + "vos)o", + "vos:o", + "vosBf", + "vosUk", + "vosc", + "vosf(", + "voskf", + "voso(", + "voso1", + "vosof", + "vosok", + "vosoo", + "vosos", + "vosov", + "vosvo", + "vov", + "vov&(", + "vov&1", + "vov&o", + "vov&s", + "vov&v", + "vov)&", + "vov)U", + "vov)o", + "vov:o", + "vovBf", + "vovUk", + "vovc", + "vovf(", + "vovkf", + "vovo(", + "vovo1", + "vovof", + "vovok", + "vovoo", + "vovos", + "vovov", + "vovso", + "vovvo", +}; +static const size_t patmap_sz = 2298; + + +/* Simple binary search */ +int is_sqli_pattern(const char *key) +{ + int left = 0; + int right = (int)patmap_sz - 1; + + while (left <= right) { + int pos = (left + right) / 2; + int cmp = strcmp(patmap[pos], key); + if (cmp == 0) { + return 1; /* TRUE */ + } else if (cmp < 0) { + left = pos + 1; + } else { + right = pos - 1; + } + } + return 0; /* FALSE */ +} + +#endif

@@ -0,0 +1,1340 @@ +/** + * Copyright 2012,2013 Nick Galbreath + * nickg@client9.com + * BSD License -- see COPYING.txt for details + * + * (setq-default indent-tabs-mode nil) + * (setq c-default-style "k&r" + * c-basic-offset 4) + * indent -kr -nut + */ + +#include <string.h> +#include <stdlib.h> +#include <stdio.h> +#include <ctype.h> +#include <assert.h> + +#ifndef TRUE +#define TRUE 1 +#endif +#ifndef FALSE +#define FALSE 0 +#endif + +#if 0 +#define FOLD_DEBUG printf("%d: Fold state = %d, current=%c, last=%c\n", __LINE__, sf->fold_state, current->type, last->type == CHAR_NULL ? '~': last->type) +#else +#define FOLD_DEBUG +#endif + +/* order is important here */ +#include "sqlparse_private.h" +#include "sqlparse_data.h" + +/* memchr2 finds a string of 2 characters inside another string + * This a specialized version of "memmem" or "memchr". + * 'memmem' doesn't exist on all platforms + * + * Porting notes: this is just a special version of + * astring.find("AB") + * + */ +const char * +memchr2(const char *haystack, size_t haystack_len, char c0, char c1) +{ + const char *cur = haystack; + const char *last = haystack + haystack_len - 1; + + if (haystack_len < 2) { + return NULL; + } + if (c0 == c1) { + return NULL; + } + + while (cur < last) { + if (cur[0] == c0) { + if (cur[1] == c1) { + return cur; + } else { + cur += 2; + } + } else { + cur += 1; + } + } + + return NULL; +} + +/** Find largest string containing certain characters. + * + * C Standard library 'strspn' only works for 'c-strings' (null terminated) + * This works on arbitrary length. + * + * Porting notes: + * if accept is 'ABC', then this function would be similar to + * a_regexp.match(a_str, '[ABC]*'), + */ +size_t strlenspn(const char *s, size_t len, const char *accept) +{ + size_t i; + for (i = 0; i < len; ++i) { + /* likely we can do better by inlining this function + * but this works for now + */ + if (strchr(accept, s[i]) == NULL) { + return i; + } + } + return len; +} + +/* + * ASCII case insenstive compare only! + */ +int cstrcasecmp(const char *a, const char *b) +{ + int ca, cb; + + do { + ca = *a++ & 0xff; + cb = *b++ & 0xff; + if (ca >= 'a' && ca <= 'z') + ca -= 0x20; + if (cb >= 'a' && cb <= 'z') + cb -= 0x20; + } while (ca == cb && ca != '\0'); + + return ca - cb; +} + +/** + * Case insentive string compare. + * Here only to make code more readable + */ +int streq(const char *a, const char *b) +{ + return cstrcasecmp(a, b) == 0; +} + +/* + * Case-sensitive binary search. + * + */ +int bsearch_cstr(const char *key, const char *base[], size_t nmemb) +{ + int left = 0; + int right = (int) nmemb - 1; + + while (left <= right) { + int pos = (left + right) / 2; + int cmp = strcmp(base[pos], key); + if (cmp == 0) { + return TRUE; + } else if (cmp < 0) { + left = pos + 1; + } else { + right = pos - 1; + } + } + return FALSE; +} + +/* + * Case-insensitive binary search + */ +int bsearch_cstrcase(const char *key, const char *base[], size_t nmemb) +{ + int left = 0; + int right = (int) nmemb - 1; + + while (left <= right) { + int pos = (left + right) / 2; + int cmp = cstrcasecmp(base[pos], key); + if (cmp == 0) { + return TRUE; + } else if (cmp < 0) { + left = pos + 1; + } else { + right = pos - 1; + } + } + return FALSE; +} + +/** + * + * + * + * Porting Notes: + * given a mapping/hash of string to char + * this is just + * mapping[key.upper()] + */ +char bsearch_keyword_type(const char *key, const keyword_t * keywords, + size_t numb) +{ + int left = 0; + int right = (int) numb - 1; + + while (left <= right) { + int pos = (left + right) / 2; + int cmp = cstrcasecmp(keywords[pos].word, key); + if (cmp == 0) { + return keywords[pos].type; + } else if (cmp < 0) { + left = pos + 1; + } else { + right = pos - 1; + } + } + return CHAR_NULL; +} + +/* st_token methods + * + * The folow just manipulates the stoken_t type + * + * + */ + +void st_clear(stoken_t * st) +{ + st->type = CHAR_NULL; + st->str_open = CHAR_NULL; + st->str_close = CHAR_NULL; + st->val[0] = CHAR_NULL; +} + +int st_is_empty(const stoken_t * st) +{ + return st->type == CHAR_NULL; +} + +void st_assign_char(stoken_t * st, const char stype, const char value) +{ + st->type = stype; + st->val[0] = value; + st->val[1] = CHAR_NULL; +} + +void st_assign(stoken_t * st, const char stype, const char *value, + size_t len) +{ + size_t last = len < ST_MAX_SIZE ? len : (ST_MAX_SIZE - 1); + st->type = stype; + memcpy(st->val, value, last); + st->val[last] = CHAR_NULL; +} + +void st_copy(stoken_t * dest, const stoken_t * src) +{ + memcpy(dest, src, sizeof(stoken_t)); +} + +int st_is_multiword_start(const stoken_t * st) +{ + return bsearch_cstrcase(st->val, + multikeywords_start, + multikeywords_start_sz); +} + +int st_is_unary_op(const stoken_t * st) +{ + return (st->type == 'o' && !(strcmp(st->val, "+") && + strcmp(st->val, "-") && + strcmp(st->val, "!") && + strcmp(st->val, "!!") && + cstrcasecmp(st->val, "NOT") && + strcmp(st->val, "~"))); +} + +int st_is_arith_op(const stoken_t * st) +{ + return (st->type == 'o' && !(strcmp(st->val, "-") && + strcmp(st->val, "+") && + strcmp(st->val, "~") && + strcmp(st->val, "!") && + strcmp(st->val, "/") && + strcmp(st->val, "%") && + strcmp(st->val, "*") && + strcmp(st->val, "|") && + strcmp(st->val, "&") && + cstrcasecmp(st->val, "MOD") && + cstrcasecmp(st->val, "DIV"))); +} + +/* Parsers + * + * + */ + + +size_t parse_white(sfilter * sf) +{ + return sf->pos + 1; +} + +size_t parse_operator1(sfilter * sf) +{ + stoken_t *current = &sf->syntax_current; + const char *cs = sf->s; + size_t pos = sf->pos; + + st_assign_char(current, 'o', cs[pos]); + return pos + 1; +} + +size_t parse_other(sfilter * sf) +{ + stoken_t *current = &sf->syntax_current; + const char *cs = sf->s; + size_t pos = sf->pos; + + st_assign_char(current, '?', cs[pos]); + return pos + 1; +} + +size_t parse_char(sfilter * sf) +{ + stoken_t *current = &sf->syntax_current; + const char *cs = sf->s; + size_t pos = sf->pos; + + st_assign_char(current, cs[pos], cs[pos]); + return pos + 1; +} + +size_t parse_eol_comment(sfilter * sf) +{ + stoken_t *current = &sf->syntax_current; + const char *cs = sf->s; + const size_t slen = sf->slen; + size_t pos = sf->pos; + + const char *endpos = + (const char *) memchr((const void *) (cs + pos), '\n', slen - pos); + if (endpos == NULL) { + st_assign(current, 'c', cs + pos, slen - pos); + return slen; + } else { + st_assign(current, 'c', cs + pos, endpos - cs - pos); + return (endpos - cs) + 1; + } +} + +size_t parse_dash(sfilter * sf) +{ + stoken_t *current = &sf->syntax_current; + const char *cs = sf->s; + const size_t slen = sf->slen; + size_t pos = sf->pos; + + + size_t pos1 = pos + 1; + if (pos1 < slen && cs[pos1] == '-') { + return parse_eol_comment(sf); + } else { + st_assign_char(current, 'o', '-'); + return pos1; + } +} + +size_t is_mysql_comment(const char *cs, const size_t len, size_t pos) +{ + size_t i; + + if (pos + 2 >= len) { + return 0; + } + if (cs[pos + 2] != '!') { + return 0; + } + /* + * this is a mysql comment + * got "/x!" + */ + if (pos + 3 >= len) { + return 3; + } + + if (!isdigit(cs[pos + 3])) { + return 3; + } + /* + * handle odd case of /x!0SELECT + */ + if (!isdigit(cs[pos + 4])) { + return 4; + } + + if (pos + 7 >= len) { + return 4; + } + + for (i = pos + 5; i <= pos + 7; ++i) { + if (!isdigit(cs[i])) { + return 3; + } + } + return 8; +} + +size_t parse_slash(sfilter * sf) +{ + stoken_t *current = &sf->syntax_current; + const char *cs = sf->s; + const size_t slen = sf->slen; + size_t pos = sf->pos; + const char* cur = cs + pos; + size_t inc; + + size_t pos1 = pos + 1; + if (pos1 == slen || cs[pos1] != '*') { + return parse_operator1(sf); + } + + inc = is_mysql_comment(cs, slen, pos); + if (inc == 0) { + + /* + * skip over initial '/x' + */ + const char *ptr = memchr2(cur + 2, slen - (pos + 2), '*', '/'); + if (ptr == NULL) { + /* + * unterminated comment + */ + st_assign(current, 'c', cs + pos, slen - pos); + return slen; + } else { + /* + * postgresql allows nested comments which makes + * this is incompatible with parsing so + * if we find a '/x' inside the coment, then + * make a new token. + */ + char ctype = 'c'; + const size_t clen = (ptr + 2) - (cur); + if (memchr2(cur + 2, ptr - (cur + 1), '/', '*') != NULL) { + ctype = 'X'; + } + st_assign(current, ctype, cs + pos, clen); + + return pos + clen; + } + } else { + /* + * MySQL Comment + */ + sf->in_comment = TRUE; + st_clear(current); + return pos + inc; + } +} + +size_t parse_backslash(sfilter * sf) +{ + stoken_t *current = &sf->syntax_current; + const char *cs = sf->s; + const size_t slen = sf->slen; + size_t pos = sf->pos; + + /* + * Weird MySQL alias for NULL, "\N" (capital N only) + */ + if (pos + 1 < slen && cs[pos + 1] == 'N') { + st_assign(current, '1', "NULL", 4); + return pos + 2; + } else { + return parse_other(sf); + } +} + +/** Is input a 2-char operator? + * + */ +int is_operator2(const char *key) +{ + return bsearch_cstr(key, operators2, operators2_sz); +} + +size_t parse_operator2(sfilter * sf) +{ + stoken_t *current = &sf->syntax_current; + const char *cs = sf->s; + const size_t slen = sf->slen; + size_t pos = sf->pos; + char op2[3]; + + if (pos + 1 >= slen) { + return parse_operator1(sf); + } + + op2[0] = cs[pos]; + op2[1] = cs[pos + 1]; + op2[2] = CHAR_NULL; + + /* + * Special Hack for MYSQL style comments + * instead of turning: + * /x! FOO x/ into FOO by rewriting the string, we + * turn it into FOO x/ and ignore the ending comment + */ + if (sf->in_comment && op2[0] == '*' && op2[1] == '/') { + sf->in_comment = FALSE; + st_clear(current); + return pos + 2; + } else if (pos + 2 < slen && op2[0] == '<' && op2[1] == '=' + && cs[pos + 2] == '>') { + /* + * special 3-char operator + */ + st_assign(current, 'o', "<=>", 3); + return pos + 3; + } else if (is_operator2(op2)) { + if (streq(op2, "&&") || streq(op2, "||")) { + st_assign(current, '&', op2, 2); + } else { + /* + * normal 2 char operator + */ + st_assign(current, 'o', op2, 2); + } + return pos + 2; + } else { + /* + * must be a single char operator + */ + return parse_operator1(sf); + } +} + +size_t parse_string_core(const char *cs, const size_t len, size_t pos, + stoken_t * st, char delim, size_t offset) +{ + /* + * offset is to skip the perhaps first quote char + */ + const char *qpos = + (const char *) memchr((const void *) (cs + pos + offset), delim, + len - pos - offset); + + /* + * then keep string open/close info + */ + if (offset == 1) { + /* + * this is real quote + */ + st->str_open = delim; + } else { + /* + * this was a simulated quote + */ + st->str_open = CHAR_NULL; + } + + while (TRUE) { + if (qpos == NULL) { + /* + * string ended with no trailing quote + * assign what we have + */ + st_assign(st, 's', cs + pos + offset, len - pos - offset); + st->str_close = CHAR_NULL; + return len; + } else if (*(qpos - 1) != '\\') { + /* + * ending quote is not escaped.. copy and end + */ + st_assign(st, 's', cs + pos + offset, + qpos - (cs + pos + offset)); + st->str_close = delim; + return qpos - cs + 1; + } else { + qpos = + (const char *) memchr((const void *) (qpos + 1), delim, + (cs + len) - (qpos + 1)); + } + } +} + +/** + * Used when first char is a ' or " + */ +size_t parse_string(sfilter * sf) +{ + stoken_t *current = &sf->syntax_current; + const char *cs = sf->s; + const size_t slen = sf->slen; + size_t pos = sf->pos; + + /* + * assert cs[pos] == single or double quote + */ + return parse_string_core(cs, slen, pos, current, cs[pos], 1); +} + +size_t parse_word(sfilter * sf) +{ + stoken_t *current = &sf->syntax_current; + const char *cs = sf->s; + size_t pos = sf->pos; + char *dot; + char ch; + size_t slen = + strlenspn(cs + pos, sf->slen - pos, + "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_$."); + + st_assign(current, 'n', cs + pos, slen); + + dot = strchr(current->val, '.'); + if (dot != NULL) { + *dot = '\0'; + + ch = bsearch_keyword_type(current->val, sql_keywords, + sql_keywords_sz); + if (ch == 'k' || ch == 'o') { + /* + * we got something like "SELECT.1" + */ + current->type = ch; + return pos + strlen(current->val); + } else { + /* + * something else, put back dot + */ + *dot = '.'; + } + } + + /* + * do normal lookup with word including '.' + */ + if (slen < ST_MAX_SIZE) { + ch = bsearch_keyword_type(current->val, sql_keywords, + sql_keywords_sz); + if (ch == CHAR_NULL) { + ch = 'n'; + } + current->type = ch; + } + return pos + slen; +} + +size_t parse_var(sfilter * sf) +{ + stoken_t *current = &sf->syntax_current; + const char *cs = sf->s; + const size_t slen = sf->slen; + size_t pos = sf->pos; + size_t pos1 = pos + 1; + size_t xlen; + + /* + * move past optional other '@' + */ + if (pos1 < slen && cs[pos1] == '@') { + pos1 += 1; + } + + xlen = strlenspn(cs + pos1, slen - pos1, + "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_.$"); + if (xlen == 0) { + st_assign(current, 'v', cs + pos, (pos1 - pos)); + return pos1; + } else { + st_assign(current, 'v', cs + pos, xlen + (pos1 - pos)); + return pos1 + xlen; + } +} + +size_t parse_money(sfilter *sf) +{ + stoken_t *current = &sf->syntax_current; + const char *cs = sf->s; + const size_t slen = sf->slen; + size_t pos = sf->pos; + size_t xlen; + + /* + * $1,000.00 or $1.000,00 ok! + * This also parses $....,,,111 but that's ok + */ + xlen = strlenspn(cs + pos + 1, slen - pos - 1, "0123456789.,"); + if (xlen == 0) { + /* + * just ignore '$' + */ + return pos + 1; + } else { + st_assign(current, '1', cs + pos, 1 + xlen); + return pos + 1 + xlen; + } +} + +size_t parse_number(sfilter * sf) +{ + stoken_t *current = &sf->syntax_current; + const char *cs = sf->s; + const size_t slen = sf->slen; + size_t pos = sf->pos; + size_t xlen; + size_t start; + + if (pos + 1 < slen && cs[pos] == '0' && (cs[pos + 1] == 'X' || cs[pos + 1] == 'x')) { + /* + * TBD compare if isxdigit + */ + xlen = + strlenspn(cs + pos + 2, slen - pos - 2, "0123456789ABCDEFabcdef"); + if (xlen == 0) { + st_assign(current, 'n', "0X", 2); + return pos + 2; + } else { + st_assign(current, '1', cs + pos, 2 + xlen); + return pos + 2 + xlen; + } + } + + start = pos; + while (pos < slen && isdigit(cs[pos])) { + pos += 1; + } + if (pos < slen && cs[pos] == '.') { + pos += 1; + while (pos < slen && isdigit(cs[pos])) { + pos += 1; + } + if (pos - start == 1) { + st_assign_char(current, 'n', '.'); + return pos; + } + } + + if (pos < slen) { + if (cs[pos] == 'E' || cs[pos] == 'e') { + pos += 1; + if (pos < slen && (cs[pos] == '+' || cs[pos] == '-')) { + pos += 1; + } + while (pos < slen && isdigit(cs[pos])) { + pos += 1; + } + } else if (isalpha(cs[pos])) { + /* + * oh no, we have something like '6FOO' + * use microsoft style parsing and take just + * the number part and leave the rest to be + * parsed later + */ + st_assign(current, '1', cs + start, pos - start); + return pos; + } + } + + st_assign(current, '1', cs + start, pos - start); + return pos; +} + +int parse_token(sfilter * sf) +{ + stoken_t *current = &sf->syntax_current; + const char *s = sf->s; + const size_t slen = sf->slen; + size_t *pos = &sf->pos; + pt2Function fnptr; + + st_clear(current); + + /* + * if we are at beginning of string + * and in single-quote or double quote mode + * then pretend the input starts with a quote + */ + if (*pos == 0 && sf->delim != CHAR_NULL) { + *pos = parse_string_core(s, slen, 0, current, sf->delim, 0); + return TRUE; + } + + while (*pos < slen) { + /* + * get current character + */ + const int ch = (int) (s[*pos]); + + /* + * if not ascii, then continue... + * actually probably need to just assuming + * it's a string + */ + if (ch < 0 || ch > 127) { + *pos += 1; + continue; + } + + /* + * look up the parser, and call it + * + * Porting Note: this is mapping of char to function + * charparsers[ch]() + */ + fnptr = char_parse_map[ch]; + *pos = (*fnptr) (sf); + + /* + * + */ + if (current->type != CHAR_NULL) { + return TRUE; + } + } + return FALSE; +} + +void sfilter_reset(sfilter * sf, const char *s, size_t len) +{ + memset(sf, 0, sizeof(sfilter)); + sf->s = s; + sf->slen = len; +} + +int syntax_merge_words(stoken_t * a, stoken_t * b) +{ + size_t sz1; + size_t sz2; + size_t sz3; + char tmp[ST_MAX_SIZE]; + char ch; + + if (! + (a->type == 'k' || a->type == 'n' || a->type == 'o' + || a->type == 'U')) { + return FALSE; + } + + sz1 = strlen(a->val); + sz2 = strlen(b->val); + sz3 = sz1 + sz2 + 1; + if (sz3 >= ST_MAX_SIZE) { + return FALSE; + } + /* + * oddly annoying last.val + ' ' + current.val + */ + memcpy(tmp, a->val, sz1); + tmp[sz1] = ' '; + memcpy(tmp + sz1 + 1, b->val, sz2); + tmp[sz3] = CHAR_NULL; + + ch = bsearch_keyword_type(tmp, multikeywords, multikeywords_sz); + if (ch != CHAR_NULL) { + /* + * -1, don't copy the null byte + */ + st_assign(a, ch, tmp, sz3); + return TRUE; + } else { + return FALSE; + } +} + +/* This does some simple syntax cleanup based on the token + * + * + */ +int sqli_tokenize(sfilter * sf, stoken_t * sout) +{ + stoken_t *last = &sf->syntax_last; + stoken_t *current = &sf->syntax_current; + + while (parse_token(sf)) { + char ttype = current->type; + + /* + * TBD: hmm forgot logic here. + */ + if (ttype == 'c') { + st_copy(&sf->syntax_comment, current); + continue; + } + st_clear(&sf->syntax_comment); + + /* + * If we don't have a saved token, and we have + * a string: save it. if the next token is also a string + * then merge them. e.g. "A" "B" in SQL is actually "AB" + * a n/k/U/o type: save since next token my be merged together + * for example: "LEFT" + "JOIN" = "LEFT JOIN" + * a o/& type: TBD need to review. + * + */ + if (last->type == CHAR_NULL) { + switch (ttype) { + + /* + * items that have special needs + */ + case 's': + st_copy(last, current); + continue; + case 'n': + case 'k': + case 'U': + case '&': + case 'o': + if (st_is_multiword_start(current)) { + st_copy(last, current); + continue; + } else if (current->type == 'o' || current->type == '&') { + /* } else if (st_is_unary_op(current)) { */ + st_copy(last, current); + continue; + } else { + /* + * copy to out + */ + st_copy(sout, current); + return TRUE; + } + default: + /* + * copy to out + */ + st_copy(sout, current); + return TRUE; + } + } + /* + * We have a saved token + */ + + switch (ttype) { + case 's': + if (last->type == 's') { + /* + * "FOO" "BAR" == "FOO" (skip second string) + */ + continue; + } else { + st_copy(sout, last); + st_copy(last, current); + return TRUE; + } + break; + + case 'o': + /* + * first case to handle "IS" + "NOT" + */ + if (syntax_merge_words(last, current)) { + continue; + } else if (st_is_unary_op(current) + && (last->type == 'o' || last->type == '&' + || last->type == 'U')) { + /* + * if an operator is followed by a unary operator, skip it. + * 1, + ==> "+" is not unary, it's arithmetic + * AND, + ==> "+" is unary + */ + continue; + } else { + /* + * no match + */ + st_copy(sout, last); + st_copy(last, current); + return TRUE; + } + break; + + case 'n': + case 'k': + if (syntax_merge_words(last, current)) { + continue; + } else { + /* + * total no match + */ + st_copy(sout, last); + st_copy(last, current); + return TRUE; + } + break; + + default: + /* + * fix up for ambigous "IN" + * handle case where IN is typically a function + * but used in compound "IN BOOLEAN MODE" jive + */ + if (last->type == 'n' && !cstrcasecmp(last->val, "IN")) { + st_copy(last, current); + st_assign(sout, 'f', "IN", 2); + return TRUE; + } else { + /* + * no match at all + */ + st_copy(sout, last); + st_copy(last, current); + return TRUE; + } + break; + } + } + + /* + * final cleanup + */ + if (last->type) { + st_copy(sout, last); + st_clear(last); + return TRUE; + } else if (sf->syntax_comment.type) { + /* + * TBD + */ + st_copy(sout, &sf->syntax_comment); + st_clear(&sf->syntax_comment); + return TRUE; + } else { + return FALSE; + } +} + +/* + * My apologies, this code is a mess + */ +int filter_fold(sfilter * sf, stoken_t * sout) +{ + stoken_t *last = &sf->fold_last; + stoken_t *current = &sf->fold_current; + + if (sf->fold_state == 4 && !st_is_empty(last)) { + st_copy(sout, last); + sf->fold_state = 2; + st_clear(last); + return FALSE; + } + + while (sqli_tokenize(sf, current)) { + /* + * 0 = start of statement + * skip ( and unary ops + */ + if (sf->fold_state == 0) { + if (current->type == '(') { + continue; + } + if (st_is_unary_op(current)) { + continue; + } + sf->fold_state = 1; + } + + if (st_is_empty(last)) { + FOLD_DEBUG; + if (current->type == '1' || current->type == 'n' + || current->type == '(') { + sf->fold_state = 2; + st_copy(last, current); + } + st_copy(sout, current); + return FALSE; + } else if (last->type == '(' && st_is_unary_op(current)) { + /* + * similar to beginning of statement + * an opening '(' resets state, and we should skip all + * unary operators + */ + continue; + } else if (last->type == '(' && current->type == '(') { + /* if we get another '(' after another + * emit 1, but keep state + */ + st_copy(sout, current); + return FALSE; + } else if ((last->type == '1' || last->type == 'n') + && st_is_arith_op(current)) { + FOLD_DEBUG; + st_copy(last, current); + } else if (last->type == 'o' + && (current->type == '1' || current->type == 'n')) { + FOLD_DEBUG; + st_copy(last, current); + } else { + if (sf->fold_state == 2) { + if (last->type != '1' && last->type != '(' + && last->type != 'n') { + FOLD_DEBUG; + st_copy(sout, last); + st_copy(last, current); + sf->fold_state = 4; + } else { + FOLD_DEBUG; + st_copy(sout, current); + st_clear(last); + } + return FALSE; + } else { + if (last->type == 'o') { + st_copy(sout, last); + st_copy(last, current); + sf->fold_state = 4; + } else { + sf->fold_state = 2; + st_copy(sout, current); + st_clear(last); + } + return FALSE; + } + } + } + + if (!st_is_empty(last)) { + if (st_is_arith_op(last)) { + st_copy(sout, last); + st_clear(last); + return FALSE; + } else { + st_clear(last); + } + } + + /* + * all done: nothing more to parse + */ + return TRUE; +} + +/* secondary api: detects SQLi in a string, GIVEN a context. + * + * A context can be: + * * CHAR_NULL (\0), process as is + * * CHAR_SINGLE ('), process pretending input started with a + * single quote. + * * CHAR_DOUBLE ("), process pretending input started with a + * double quote. + * + */ +int is_string_sqli(sfilter * sql_state, const char *s, size_t slen, + const char delim, ptr_fingerprints_fn fn) +{ + int tlen = 0; + char ch; + int patmatch; + int all_done; + + sfilter_reset(sql_state, s, slen); + sql_state->delim = delim; + + while (tlen < MAX_TOKENS) { + all_done = filter_fold(sql_state, &(sql_state->tokenvec[tlen])); + if (all_done) { + break; + } + + sql_state->pat[tlen] = sql_state->tokenvec[tlen].type; + tlen += 1; + } + + /* + * make the fingerprint pattern a c-string (null delimited) + */ + sql_state->pat[tlen] = CHAR_NULL; + + /* + * check for 'X' in pattern + * this means parsing could not be done + * accurately due to pgsql's double comments + * or other syntax that isn't consistent + * should be very rare false positive + */ + if (strchr(sql_state->pat, 'X')) { + return TRUE; + } + + patmatch = fn(sql_state->pat); + + /* + * No match. + * + * Set sql_state->reason to current line number + * only for debugging purposes. + */ + if (!patmatch) { + sql_state->reason = __LINE__; + return FALSE; + } + + /* + * We got a SQLi match + * This next part just helps reduce false positives. + * + */ + switch (tlen) { + case 2:{ + /* + * if 'comment' is '#' ignore.. too many FP + */ + if (sql_state->tokenvec[1].val[0] == '#') { + sql_state->reason = __LINE__; + return FALSE; + } + + /* + * for fingerprint like 'nc', only comments of /x are treated + * as SQL... ending comments of "--" and "#" are not sqli + */ + if (sql_state->tokenvec[0].type == 'n' && + sql_state->tokenvec[1].type == 'c' && + sql_state->tokenvec[1].val[0] != '/') { + sql_state->reason = __LINE__; + return FALSE; + } + + /** + * there are some odd base64-looking query string values + * 1234-ABCDEFEhfhihwuefi-- + * which evaluate to "1c"... these are not SQLi + * but 1234-- probably is. + * Make sure the "1" in "1c" is actually a true decimal number + * + * Need to check -original- string since the folding step + * may have merged tokens, e.g. "1+FOO" is folded into "1" + */ + if (sql_state->tokenvec[0].type == '1'&& sql_state->tokenvec[1].type == 'c') { + /* + * we check that next character after the number is either whitespace, + * or '/' or a '-' ==> sqli. + */ + ch = sql_state->s[strlen(sql_state->tokenvec[0].val)]; + if ( ch <= 32 ) { + /* next char was whitespace,e.g. "1234 --" + * this isn't exactly correct.. ideally we should skip over all whitespace + * but this seems to be ok for now + */ + return TRUE; + } + if (ch == '/' && sql_state->s[strlen(sql_state->tokenvec[0].val) + 1] == '*') { + return TRUE; + } + if (ch == '-' && sql_state->s[strlen(sql_state->tokenvec[0].val) + 1] == '-') { + return TRUE; + } + + sql_state->reason = __LINE__; + return FALSE; + } + + /* + * detect obvious sqli scans.. many people put '--' in plain text + * so only detect if input ends with '--', e.g. 1-- but not 1-- foo + */ + if ((strlen(sql_state->tokenvec[1].val) > 2) + && sql_state->tokenvec[1].val[0] == '-') { + sql_state->reason = __LINE__; + return FALSE; + } + + break; + } /* case 2 */ + case 3:{ + /* + * ...foo' + 'bar... + * no opening quote, no closing quote + * and each string has data + */ + if (streq(sql_state->pat, "sos") + || streq(sql_state->pat, "s&s")) { + if ((sql_state->tokenvec[0].str_open == CHAR_NULL) + && (sql_state->tokenvec[2].str_close == CHAR_NULL)) { + /* + * if ....foo" + "bar.... + */ + return TRUE; + } else { + /* + * not sqli + */ + sql_state->reason = __LINE__; + return FALSE; + } + break; + } + } /* case 3 */ + case 5: { + if (streq(sql_state->pat, "sosos")) { + if (sql_state->tokenvec[0].str_open == CHAR_NULL) { + /* + * if ....foo" + "bar.... + */ + return TRUE; + } else { + /* + * not sqli + */ + sql_state->reason = __LINE__; + return FALSE; + } + break; + } + } /* case 5 */ + } /* end switch */ + + return TRUE; +} + +/** Main API, detects SQLi in an input. + * + * + */ +int is_sqli(sfilter * sql_state, const char *s, size_t slen, + ptr_fingerprints_fn fn) +{ + + /* + * no input? not sqli + */ + if (slen == 0) { + return FALSE; + } + + /* + * test input "as-is" + */ + if (is_string_sqli(sql_state, s, slen, CHAR_NULL, fn)) { + return TRUE; + } + + /* + * if input has a single_quote, then + * test as if input was actually ' + * example: if input if "1' = 1", then pretend it's + * "'1' = 1" + * Porting Notes: example the same as doing + * is_string_sqli(sql_state, "'" + s, slen+1, NULL, fn) + * + */ + if (memchr(s, CHAR_SINGLE, slen) + && is_string_sqli(sql_state, s, slen, CHAR_SINGLE, fn)) { + return TRUE; + } + + /* + * same as above but with a double-quote " + */ + if (memchr(s, CHAR_DOUBLE, slen) + && is_string_sqli(sql_state, s, slen, CHAR_DOUBLE, fn)) { + return TRUE; + } + + /* + * Hurray, input is not SQLi + */ + return FALSE; +}

@@ -0,0 +1,113 @@ +/** + * Copyright 2012, 2013 Nick Galbreath + * nickg@client9.com + * BSD License -- see COPYING.txt for details + * + * + * HOW TO USE: + * + * // Normalize query or postvar value + * // If it comes in urlencoded, then it's up to you + * // to urldecode it. If it's in correct form already + * // then nothing to do! + * + * sfilter s; + * int sqli = is_sqli(&s, user_string, new_len); + * + * // 0 = not sqli + * // 1 = is sqli + * + * // That's it! sfilter s has some data on how it matched or not + * // details to come! + * + */ + +#ifndef _SQLPARSE_H +#define _SQLPARSE_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Version info. + * See python's normalized version + * http://www.python.org/dev/peps/pep-0386/#normalizedversion + */ +#define LIBINJECTION_VERSION "1.2.0" + +#define ST_MAX_SIZE 32 +#define MAX_TOKENS 5 + +#define CHAR_NULL '\0' +#define CHAR_SINGLE '\'' +#define CHAR_DOUBLE '"' + +typedef struct { + char type; + char str_open; + char str_close; + char val[ST_MAX_SIZE]; +} stoken_t; + +typedef struct { + /* input */ + const char *s; + size_t slen; + + /* current tokenize state */ + size_t pos; + int in_comment; + + /* syntax fixups state */ + stoken_t syntax_current; + stoken_t syntax_last; + stoken_t syntax_comment; + + /* constant folding state */ + stoken_t fold_current; + stoken_t fold_last; + int fold_state; + + /* final sqli data */ + stoken_t tokenvec[MAX_TOKENS]; + + /* +1 for ending null */ + char pat[MAX_TOKENS + 1]; + char delim; + int reason; +} sfilter; + +/** + * Pointer to function, takes cstr input, return true/false + */ +typedef int (*ptr_fingerprints_fn)(const char*); + +/** + * Main API: tests for SQLi in three possible contexts, no quotes, + * single quote and double quote + * + * \return 1 (true) if SQLi, 0 (false) if benign + */ +int is_sqli(sfilter * sql_state, const char *s, size_t slen, + ptr_fingerprints_fn fn); + +/** + * This detects SQLi in a single context, mostly useful for custom + * logic and debugging. + * + * \param delim must be "NULL" (no context), single quote or double quote. + * Other values will likely be ignored. + * + * \return 1 (true) if SQLi, 0 (false) if not SQLi **in this context** + * + */ +int is_string_sqli(sfilter * sql_state, const char *s, size_t slen, + const char delim, + ptr_fingerprints_fn fn); + +#ifdef __cplusplus +} +#endif + +#endif /* _SQLPARSE_H */

@@ -0,0 +1,983 @@ +#ifndef _SQLPARSE_DATA_H +#define _SQLPARSE_DATA_H +#include "sqlparse.h" + +static const char* operators2[] = { + "!!", + "!<", + "!=", + "!>", + "!~", + "%=", + "&&", + "&=", + "*=", + "+=", + "-=", + "/=", + ":=", + "<<", + "<=", + "<>", + "<@", + ">=", + ">>", + "@>", + "^=", + "|/", + "|=", + "||", + "~*", +}; +static const size_t operators2_sz = 25; + +static const keyword_t sql_keywords[] = { + {"ABS", 'f'}, + {"ACCESSIBLE", 'k'}, + {"ACOS", 'f'}, + {"ADD", 'k'}, + {"ADDDATE", 'f'}, + {"ADDTIME", 'f'}, + {"AES_DECRYPT", 'f'}, + {"AES_ENCRYPT", 'f'}, + {"AGAINST", 'k'}, + {"AGE", 'f'}, + {"ALL_USERS", 'k'}, + {"ALTER", 'k'}, + {"ANALYZE", 'k'}, + {"AND", '&'}, + {"APPLOCK_MODE", 'f'}, + {"APPLOCK_TEST", 'f'}, + {"APP_NAME", 'f'}, + {"ARRAY_AGG", 'f'}, + {"ARRAY_CAT", 'f'}, + {"ARRAY_DIM", 'f'}, + {"ARRAY_FILL", 'f'}, + {"ARRAY_LENGTH", 'f'}, + {"ARRAY_LOWER", 'f'}, + {"ARRAY_NDIMS", 'f'}, + {"ARRAY_PREPEND", 'f'}, + {"ARRAY_TO_JSON", 'f'}, + {"ARRAY_TO_STRING", 'f'}, + {"ARRAY_UPPER", 'f'}, + {"AS", 'k'}, + {"ASC", 'k'}, + {"ASCII", 'f'}, + {"ASENSITIVE", 'k'}, + {"ASIN", 'f'}, + {"ASSEMBLYPROPERTY", 'f'}, + {"ASYMKEY_ID", 'f'}, + {"ATAN", 'f'}, + {"ATAN2", 'f'}, + {"AVG", 'f'}, + {"BEFORE", 'k'}, + {"BEGIN", 'k'}, + {"BENCHMARK", 'f'}, + {"BETWEEN", 'k'}, + {"BIGINT", 'k'}, + {"BIN", 'f'}, + {"BINARY", 'k'}, + {"BINARY_DOUBLE_INFINITY", '1'}, + {"BINARY_DOUBLE_NAN", '1'}, + {"BINARY_FLOAT_INFINITY", '1'}, + {"BINARY_FLOAT_NAN", '1'}, + {"BINBINARY", 'f'}, + {"BIT_AND", 'f'}, + {"BIT_COUNT", 'f'}, + {"BIT_LENGTH", 'f'}, + {"BIT_OR", 'f'}, + {"BIT_XOR", 'f'}, + {"BLOB", 'k'}, + {"BOOLEAN", 'k'}, + {"BOOL_AND", 'f'}, + {"BOOL_OR", 'f'}, + {"BOTH", 'k'}, + {"BTRIM", 'f'}, + {"BY", 'n'}, + {"CALL", 'k'}, + {"CASCADE", 'k'}, + {"CASE", 'o'}, + {"CAST", 'f'}, + {"CBOOL", 'f'}, + {"CBRT", 'f'}, + {"CBYTE", 'f'}, + {"CCUR", 'f'}, + {"CDATE", 'f'}, + {"CDBL", 'f'}, + {"CEIL", 'f'}, + {"CEILING", 'f'}, + {"CERTENCODED", 'f'}, + {"CERTPRIVATEKEY", 'f'}, + {"CERT_ID", 'f'}, + {"CERT_PROPERTY", 'f'}, + {"CHANGE", 'k'}, + {"CHAR", 'f'}, + {"CHARACTER", 'k'}, + {"CHARACTER_LENGTH", 'f'}, + {"CHARINDEX", 'f'}, + {"CHARSET", 'f'}, + {"CHAR_LENGTH", 'f'}, + {"CHDIR", 'f'}, + {"CHDRIVE", 'f'}, + {"CHECK", 'k'}, + {"CHECKSUM_AGG", 'f'}, + {"CHOOSE", 'f'}, + {"CHR", 'f'}, + {"CINT", 'f'}, + {"CLNG", 'f'}, + {"CLOCK_TIMESTAMP", 'f'}, + {"COALESCE", 'k'}, + {"COERCIBILITY", 'f'}, + {"COLLATE", 'k'}, + {"COLLATION", 'f'}, + {"COLLATIONPROPERTY", 'f'}, + {"COLUMN", 'k'}, + {"COLUMNPROPERTY", 'f'}, + {"COLUMNS_UPDATED", 'f'}, + {"COL_LENGTH", 'f'}, + {"COL_NAME", 'f'}, + {"COMPRESS", 'f'}, + {"CONCAT", 'f'}, + {"CONCAT_WS", 'f'}, + {"CONDITION", 'k'}, + {"CONNECTION_ID", 'f'}, + {"CONSTRAINT", 'k'}, + {"CONTINUE", 'k'}, + {"CONV", 'f'}, + {"CONVERT", 'f'}, + {"CONVERT_FROM", 'f'}, + {"CONVERT_TO", 'f'}, + {"CONVERT_TZ", 'f'}, + {"COS", 'f'}, + {"COT", 'f'}, + {"COUNT", 'f'}, + {"COUNT_BIG", 'k'}, + {"CRC32", 'f'}, + {"CREATE", 'k'}, + {"CSNG", 'f'}, + {"CTXSYS.DRITHSX.SN", 'f'}, + {"CUME_DIST", 'f'}, + {"CURDATE", 'f'}, + {"CURDIR", 'f'}, + {"CURRENTUSER", 'f'}, + {"CURRENT_DATABASE", 'f'}, + {"CURRENT_DATE", 'k'}, + {"CURRENT_QUERY", 'f'}, + {"CURRENT_SCHEMA", 'f'}, + {"CURRENT_SCHEMAS", 'f'}, + {"CURRENT_SETTING", 'p'}, + {"CURRENT_TIME", 'k'}, + {"CURRENT_TIMESTAMP", 'k'}, + {"CURRENT_USER", 'k'}, + {"CURRVAL", 'f'}, + {"CURSOR", 'k'}, + {"CURSOR_STATUS", 'f'}, + {"CURTIME", 'f'}, + {"CVAR", 'f'}, + {"DATABASE", 'k'}, + {"DATABASEPROPERTYEX", 'f'}, + {"DATABASES", 'k'}, + {"DATABASE_PRINCIPAL_ID", 'f'}, + {"DATALENGTH", 'f'}, + {"DATE", 'f'}, + {"DATEADD", 'f'}, + {"DATEDIFF", 'f'}, + {"DATEFROMPARTS", 'f'}, + {"DATENAME", 'f'}, + {"DATEPART", 'f'}, + {"DATESERIAL", 'f'}, + {"DATETIME2FROMPARTS", 'f'}, + {"DATETIMEFROMPARTS", 'f'}, + {"DATETIMEOFFSETFROMPARTS", 'f'}, + {"DATEVALUE", 'f'}, + {"DATE_ADD", 'f'}, + {"DATE_FORMAT", 'f'}, + {"DATE_PART", 'f'}, + {"DATE_SUB", 'f'}, + {"DATE_TRUNC", 'f'}, + {"DAVG", 'f'}, + {"DAY", 'f'}, + {"DAYNAME", 'f'}, + {"DAYOFMONTH", 'f'}, + {"DAYOFWEEK", 'f'}, + {"DAYOFYEAR", 'f'}, + {"DAY_HOUR", 'k'}, + {"DAY_MICROSECOND", 'k'}, + {"DAY_MINUTE", 'k'}, + {"DAY_SECOND", 'k'}, + {"DBMS_PIPE.RECEIVE_MESSAGE", 'f'}, + {"DB_ID", 'f'}, + {"DB_NAME", 'f'}, + {"DCOUNT", 'f'}, + {"DEC", 'k'}, + {"DECIMAL", 'k'}, + {"DECLARE", 'k'}, + {"DECODE", 'f'}, + {"DECRYPTBYASMKEY", 'f'}, + {"DECRYPTBYCERT", 'f'}, + {"DECRYPTBYKEY", 'f'}, + {"DECRYPTBYKEYAUTOCERT", 'f'}, + {"DECRYPTBYPASSPHRASE", 'f'}, + {"DEFAULT", 'k'}, + {"DEGREES", 'f'}, + {"DELAY", 'k'}, + {"DELAYED", 'k'}, + {"DELETE", 'k'}, + {"DENSE_RANK", 'f'}, + {"DESC", 'k'}, + {"DESCRIBE", 'k'}, + {"DES_DECRYPT", 'f'}, + {"DES_ENCRYPT", 'f'}, + {"DETERMINISTIC", 'k'}, + {"DFIRST", 'f'}, + {"DIFFERENCE", 'f'}, + {"DISTINCROW", 'k'}, + {"DISTINCT", 'k'}, + {"DIV", 'o'}, + {"DLAST", 'f'}, + {"DLOOKUP", 'f'}, + {"DMAX", 'f'}, + {"DMIN", 'f'}, + {"DROP", 'k'}, + {"DSUM", 'f'}, + {"DUAL", 'k'}, + {"EACH", 'k'}, + {"ELSE", 'k'}, + {"ELSEIF", 'k'}, + {"ELT", 'f'}, + {"ENCLOSED", 'k'}, + {"ENCODE", 'f'}, + {"ENCRYPT", 'f'}, + {"ENCRYPTBYASMKEY", 'f'}, + {"ENCRYPTBYCERT", 'f'}, + {"ENCRYPTBYKEY", 'f'}, + {"ENCRYPTBYPASSPHRASE", 'f'}, + {"ENUM_FIRST", 'f'}, + {"ENUM_LAST", 'f'}, + {"ENUM_RANGE", 'f'}, + {"EOMONTH", 'f'}, + {"ESCAPED", 'k'}, + {"EVENTDATA", 'f'}, + {"EXEC", 'k'}, + {"EXECUTE", 'k'}, + {"EXISTS", 'k'}, + {"EXIT", 'k'}, + {"EXP", 'f'}, + {"EXPLAIN", 'k'}, + {"EXPORT_SET", 'f'}, + {"EXTRACT", 'f'}, + {"EXTRACTVALUE", 'f'}, + {"EXTRACT_VALUE", 'f'}, + {"FALSE", '1'}, + {"FETCH", 'k'}, + {"FIELD", 'f'}, + {"FILEDATETIME", 'f'}, + {"FILEGROUPPROPERTY", 'f'}, + {"FILEGROUP_ID", 'f'}, + {"FILEGROUP_NAME", 'f'}, + {"FILELEN", 'f'}, + {"FILEPROPERTY", 'f'}, + {"FILE_ID", 'f'}, + {"FILE_IDEX", 'f'}, + {"FILE_NAME", 'f'}, + {"FIND_IN_SET", 'f'}, + {"FIRST_VALUE", 'f'}, + {"FLOOR", 'f'}, + {"FN_VIRTUALFILESTATS", 'f'}, + {"FOR", 'n'}, + {"FORCE", 'k'}, + {"FOREIGN", 'k'}, + {"FORMAT", 'f'}, + {"FOUND_ROWS", 'f'}, + {"FROM", 'k'}, + {"FROM_DAYS", 'f'}, + {"FROM_UNIXTIME", 'f'}, + {"FULLTEXT", 'k'}, + {"FULLTEXTCATALOGPROPERTY", 'f'}, + {"FULLTEXTSERVICEPROPERTY", 'f'}, + {"GENERATE_SERIES", 'f'}, + {"GENERATE_SUBSCRIPTS", 'f'}, + {"GETATTR", 'f'}, + {"GETDATE", 'f'}, + {"GETUTCDATE", 'f'}, + {"GET_BIT", 'f'}, + {"GET_BYTE", 'f'}, + {"GET_FORMAT", 'f'}, + {"GET_LOCK", 'f'}, + {"GOTO", 'k'}, + {"GRANT", 'k'}, + {"GREATEST", 'f'}, + {"GROUP", 'n'}, + {"GROUPING", 'f'}, + {"GROUPING_ID", 'f'}, + {"GROUP_CONCAT", 'f'}, + {"HASHBYTES", 'f'}, + {"HAS_PERMS_BY_NAME", 'f'}, + {"HAVING", 'k'}, + {"HEX", 'f'}, + {"HIGH_PRIORITY", 'k'}, + {"HOST_NAME", 'f'}, + {"HOUR", 'f'}, + {"HOUR_MICROSECOND", 'k'}, + {"HOUR_MINUTE", 'k'}, + {"HOUR_SECOND", 'k'}, + {"IDENTIFY", 'f'}, + {"IDENT_CURRENT", 'f'}, + {"IDENT_INCR", 'f'}, + {"IDENT_SEED", 'f'}, + {"IF", 'k'}, + {"IFF", 'f'}, + {"IFNULL", 'f'}, + {"IGNORE", 'k'}, + {"IIF", 'f'}, + {"IN", 'n'}, + {"INDEX", 'k'}, + {"INDEXKEY_PROPERTY", 'f'}, + {"INDEXPROPERTY", 'f'}, + {"INDEX_COL", 'f'}, + {"INET_ATON", 'f'}, + {"INET_NTOA", 'f'}, + {"INFILE", 'k'}, + {"INITCAP", 'f'}, + {"INNER", 'k'}, + {"INOUT", 'k'}, + {"INSENSITIVE", 'k'}, + {"INSERT", 'k'}, + {"INSTR", 'f'}, + {"INSTRREV", 'f'}, + {"INT", 'k'}, + {"INT1", 'k'}, + {"INT2", 'k'}, + {"INT3", 'k'}, + {"INT4", 'k'}, + {"INT8", 'k'}, + {"INTEGER", 'k'}, + {"INTERVAL", 'k'}, + {"INTO", 'k'}, + {"IS", 'o'}, + {"ISDATE", 'f'}, + {"ISEMPTY", 'f'}, + {"ISFINITE", 'f'}, + {"ISNULL", 'f'}, + {"ISNUMERIC", 'f'}, + {"IS_FREE_LOCK", 'f'}, + {"IS_MEMBER", 'f'}, + {"IS_OBJECTSIGNED", 'f'}, + {"IS_ROLEMEMBER", 'f'}, + {"IS_SRVROLEMEMBER", 'f'}, + {"IS_USED_LOCK", 'f'}, + {"ITERATE", 'k'}, + {"JOIN", 'k'}, + {"JUSTIFY_DAYS", 'f'}, + {"JUSTIFY_HOURS", 'f'}, + {"JUSTIFY_INTERVAL", 'f'}, + {"KEYS", 'k'}, + {"KEY_GUID", 'f'}, + {"KEY_ID", 'f'}, + {"KILL", 'k'}, + {"LAG", 'f'}, + {"LASTVAL", 'f'}, + {"LAST_INSERT_ID", 'f'}, + {"LAST_VALUE", 'f'}, + {"LCASE", 'f'}, + {"LEAD", 'f'}, + {"LEADING", 'k'}, + {"LEAST", 'f'}, + {"LEAVE", 'k'}, + {"LEFT", 'n'}, + {"LENGTH", 'f'}, + {"LIKE", 'o'}, + {"LIMIT", 'k'}, + {"LINEAR", 'k'}, + {"LINES", 'k'}, + {"LN", 'f'}, + {"LOAD", 'k'}, + {"LOAD_FILE", 'f'}, + {"LOCALTIME", 'k'}, + {"LOCALTIMESTAMP", 'k'}, + {"LOCATE", 'f'}, + {"LOCK", 'n'}, + {"LOG", 'f'}, + {"LOG10", 'f'}, + {"LOG2", 'f'}, + {"LONGBLOB", 'k'}, + {"LONGTEXT", 'k'}, + {"LOOP", 'k'}, + {"LOWER", 'f'}, + {"LOWER_INC", 'f'}, + {"LOWER_INF", 'f'}, + {"LOW_PRIORITY", 'k'}, + {"LPAD", 'f'}, + {"LTRIM", 'f'}, + {"MAKEDATE", 'f'}, + {"MAKE_SET", 'f'}, + {"MASKLEN", 'f'}, + {"MASTER_BIND", 'k'}, + {"MASTER_POS_WAIT", 'f'}, + {"MASTER_SSL_VERIFY_SERVER_CERT", 'k'}, + {"MATCH", 'k'}, + {"MAX", 'f'}, + {"MAXVALUE", 'k'}, + {"MD5", 'f'}, + {"MEDIUMBLOB", 'k'}, + {"MEDIUMINT", 'k'}, + {"MEDIUMTEXT", 'k'}, + {"MERGE", 'k'}, + {"MICROSECOND", 'f'}, + {"MID", 'f'}, + {"MIDDLEINT", 'k'}, + {"MIN", 'f'}, + {"MINUTE", 'f'}, + {"MINUTE_MICROSECOND", 'k'}, + {"MINUTE_SECOND", 'k'}, + {"MKDIR", 'f'}, + {"MOD", 'o'}, + {"MODE", 'n'}, + {"MODIFIES", 'k'}, + {"MONTH", 'f'}, + {"MONTHNAME", 'f'}, + {"NAME_CONST", 'f'}, + {"NETMASK", 'f'}, + {"NEXTVAL", 'f'}, + {"NOT", 'o'}, + {"NOW", 'f'}, + {"NO_WRITE_TO_BINLOG", 'k'}, + {"NTH_VALUE", 'f'}, + {"NTILE", 'f'}, + {"NULL", '1'}, + {"NULLIF", 'f'}, + {"NUMERIC", 'k'}, + {"NZ", 'f'}, + {"OBJECTPROPERTY", 'f'}, + {"OBJECTPROPERTYEX", 'f'}, + {"OBJECT_DEFINITION", 'f'}, + {"OBJECT_ID", 'f'}, + {"OBJECT_NAME", 'f'}, + {"OBJECT_SCHEMA_NAME", 'f'}, + {"OCT", 'f'}, + {"OCTET_LENGTH", 'f'}, + {"OFFSET", 'k'}, + {"OLD_PASSWORD", 'f'}, + {"ONE_SHOT", 'k'}, + {"OPEN", 'k'}, + {"OPENDATASOURCE", 'f'}, + {"OPENQUERY", 'f'}, + {"OPENROWSET", 'f'}, + {"OPENXML", 'f'}, + {"OPTIMIZE", 'k'}, + {"OPTION", 'k'}, + {"OPTIONALLY", 'k'}, + {"OR", '&'}, + {"ORD", 'f'}, + {"ORDER", 'n'}, + {"ORIGINAL_DB_NAME", 'f'}, + {"ORIGINAL_LOGIN", 'f'}, + {"OUT", 'k'}, + {"OUTFILE", 'k'}, + {"OVERLAPS", 'f'}, + {"OVERLAY", 'f'}, + {"OWN3D", 'k'}, + {"PARSENAME", 'f'}, + {"PARTITION", 'k'}, + {"PASSWORD", 'k'}, + {"PATHINDEX", 'f'}, + {"PATINDEX", 'f'}, + {"PERCENTILE_COUNT", 'f'}, + {"PERCENTILE_DISC", 'f'}, + {"PERCENTILE_RANK", 'f'}, + {"PERCENT_RANK", 'f'}, + {"PERIOD_ADD", 'f'}, + {"PERIOD_DIFF", 'f'}, + {"PERMISSIONS", 'f'}, + {"PG_ADVISORY_LOCK", 'f'}, + {"PG_BACKEND_PID", 'f'}, + {"PG_CANCEL_BACKEND", 'f'}, + {"PG_CLIENT_ENCODING", 'f'}, + {"PG_CONF_LOAD_TIME", 'f'}, + {"PG_CREATE_RESTORE_POINT", 'f'}, + {"PG_HAS_ROLE", 'f'}, + {"PG_IS_IN_RECOVERY", 'f'}, + {"PG_IS_OTHER_TEMP_SCHEMA", 'f'}, + {"PG_LISTENING_CHANNELS", 'f'}, + {"PG_LS_DIR", 'f'}, + {"PG_MY_TEMP_SCHEMA", 'f'}, + {"PG_POSTMASTER_START_TIME", 'f'}, + {"PG_READ_BINARY_FILE", 'f'}, + {"PG_READ_FILE", 'f'}, + {"PG_RELOAD_CONF", 'f'}, + {"PG_ROTATE_LOGFILE", 'f'}, + {"PG_SLEEP", 'f'}, + {"PG_START_BACKUP", 'f'}, + {"PG_STAT_FILE", 'f'}, + {"PG_STOP_BACKUP", 'f'}, + {"PG_SWITCH_XLOG", 'f'}, + {"PG_TERMINATE_BACKEND", 'f'}, + {"PG_TRIGGER_DEPTH", 'f'}, + {"PI", 'f'}, + {"POSITION", 'f'}, + {"POW", 'f'}, + {"POWER", 'f'}, + {"PRECISION", 'k'}, + {"PRIMARY", 'k'}, + {"PROCEDURE", 'k'}, + {"PUBLISHINGSERVERNAME", 'f'}, + {"PURGE", 'k'}, + {"PWDCOMPARE", 'f'}, + {"PWDENCRYPT", 'f'}, + {"QUARTER", 'f'}, + {"QUOTE", 'f'}, + {"QUOTENAME", 'f'}, + {"QUOTE_IDENT", 'f'}, + {"QUOTE_LITERAL", 'f'}, + {"QUOTE_NULLABLE", 'f'}, + {"RADIANS", 'f'}, + {"RAND", 'f'}, + {"RANDOM", 'f'}, + {"RANDOMBLOB", 'f'}, + {"RANGE", 'k'}, + {"RANK", 'f'}, + {"READ", 'k'}, + {"READS", 'k'}, + {"READ_WRITE", 'k'}, + {"REAL", 'n'}, + {"REFERENCES", 'k'}, + {"REGEXP", 'o'}, + {"REGEXP_MATCHES", 'f'}, + {"REGEXP_REPLACE", 'f'}, + {"REGEXP_SPLIT_TO_ARRAY", 'f'}, + {"REGEXP_SPLIT_TO_TABLE", 'f'}, + {"RELEASE", 'k'}, + {"RELEASE_LOCK", 'f'}, + {"RENAME", 'k'}, + {"REPEAT", 'k'}, + {"REPLACE", 'k'}, + {"REPLICATE", 'f'}, + {"REQUIRE", 'k'}, + {"RESIGNAL", 'k'}, + {"RESTRICT", 'k'}, + {"RETURN", 'k'}, + {"REVERSE", 'f'}, + {"REVOKE", 'k'}, + {"RIGHT", 'n'}, + {"RLIKE", 'o'}, + {"ROUND", 'f'}, + {"ROW", 'f'}, + {"ROW_COUNT", 'f'}, + {"ROW_NUMBER", 'f'}, + {"ROW_TO_JSON", 'f'}, + {"RPAD", 'f'}, + {"RTRIM", 'f'}, + {"SCHAMA_NAME", 'f'}, + {"SCHEMA", 'k'}, + {"SCHEMAS", 'k'}, + {"SCHEMA_ID", 'f'}, + {"SCOPE_IDENTITY", 'f'}, + {"SECOND_MICROSECOND", 'k'}, + {"SEC_TO_TIME", 'f'}, + {"SELECT", 'k'}, + {"SENSITIVE", 'k'}, + {"SEPARATOR", 'k'}, + {"SESSION_USER", 'f'}, + {"SET", 'k'}, + {"SETATTR", 'f'}, + {"SETSEED", 'f'}, + {"SETVAL", 'f'}, + {"SET_BIT", 'f'}, + {"SET_BYTE", 'f'}, + {"SET_CONFIG", 'f'}, + {"SET_MASKLEN", 'f'}, + {"SHA", 'f'}, + {"SHA1", 'f'}, + {"SHA2", 'f'}, + {"SHOW", 'n'}, + {"SHUTDOWN", 'k'}, + {"SIGN", 'f'}, + {"SIGNAL", 'k'}, + {"SIGNBYASMKEY", 'f'}, + {"SIGNBYCERT", 'f'}, + {"SIMILAR", 'k'}, + {"SIN", 'f'}, + {"SLEEP", 'f'}, + {"SMALLDATETIMEFROMPARTS", 'f'}, + {"SMALLINT", 'k'}, + {"SOUNDEX", 'f'}, + {"SOUNDS", 'o'}, + {"SPACE", 'f'}, + {"SPATIAL", 'k'}, + {"SPECIFIC", 'k'}, + {"SPLIT_PART", 'f'}, + {"SQL", 'k'}, + {"SQLEXCEPTION", 'k'}, + {"SQLSTATE", 'k'}, + {"SQLWARNING", 'k'}, + {"SQL_BIG_RESULT", 'k'}, + {"SQL_CALC_FOUND_ROWS", 'k'}, + {"SQL_SMALL_RESULT", 'k'}, + {"SQL_VARIANT_PROPERTY", 'f'}, + {"SQRT", 'f'}, + {"SSL", 'k'}, + {"STARTING", 'k'}, + {"STATEMENT_TIMESTAMP", 'f'}, + {"STATS_DATE", 'f'}, + {"STDDEV", 'p'}, + {"STDDEV_POP", 'f'}, + {"STDDEV_SAMP", 'f'}, + {"STRAIGHT_JOIN", 'k'}, + {"STRCMP", 'f'}, + {"STRCONV", 'f'}, + {"STRING_AGG", 'f'}, + {"STRING_TO_ARRAY", 'f'}, + {"STRPOS", 'f'}, + {"STR_TO_DATE", 'f'}, + {"STUFF", 'f'}, + {"SUBDATE", 'f'}, + {"SUBSTR", 'f'}, + {"SUBSTRING", 'f'}, + {"SUBSTRING_INDEX", 'f'}, + {"SUBTIME", 'f'}, + {"SUM", 'f'}, + {"SUSER_ID", 'f'}, + {"SUSER_NAME", 'f'}, + {"SUSER_SID", 'f'}, + {"SUSER_SNAME", 'f'}, + {"SWITCHOFFET", 'f'}, + {"SYS.FN_BUILTIN_PERMISSIONS", 'f'}, + {"SYS.FN_GET_AUDIT_FILE", 'f'}, + {"SYS.FN_MY_PERMISSIONS", 'f'}, + {"SYS.STRAGG", 'f'}, + {"SYSCOLUMNS", 'k'}, + {"SYSDATE", 'f'}, + {"SYSDATETIME", 'f'}, + {"SYSDATETIMEOFFSET", 'f'}, + {"SYSOBJECTS", 'k'}, + {"SYSTEM_USER", 'f'}, + {"SYSUSERS", 'k'}, + {"SYSUTCDATETME", 'f'}, + {"TABLE", 'k'}, + {"TAN", 'f'}, + {"TERMINATED", 'k'}, + {"TERTIARY_WEIGHTS", 'f'}, + {"TEXTPTR", 'f'}, + {"TEXTVALID", 'f'}, + {"THEN", 'k'}, + {"TIME", 'k'}, + {"TIMEDIFF", 'f'}, + {"TIMEFROMPARTS", 'f'}, + {"TIMEOFDAY", 'f'}, + {"TIMESERIAL", 'f'}, + {"TIMESTAMP", 'f'}, + {"TIMESTAMPADD", 'f'}, + {"TIMEVALUE", 'f'}, + {"TIME_FORMAT", 'f'}, + {"TIME_TO_SEC", 'f'}, + {"TINYBLOB", 'k'}, + {"TINYINT", 'k'}, + {"TINYTEXT", 'k'}, + {"TODATETIMEOFFSET", 'f'}, + {"TOP", 'k'}, + {"TO_ASCII", 'f'}, + {"TO_CHAR", 'f'}, + {"TO_DATE", 'f'}, + {"TO_DAYS", 'f'}, + {"TO_HEX", 'f'}, + {"TO_NUMBER", 'f'}, + {"TO_SECONDS", 'f'}, + {"TO_TIMESTAMP", 'f'}, + {"TRAILING", 'n'}, + {"TRANSACTION_TIMESTAMP", 'f'}, + {"TRANSLATE", 'f'}, + {"TRIGGER", 'k'}, + {"TRIGGER_NESTLEVEL", 'f'}, + {"TRIM", 'f'}, + {"TRUE", '1'}, + {"TRUNC", 'f'}, + {"TRUNCATE", 'f'}, + {"TRY_CAST", 'f'}, + {"TRY_CONVERT", 'f'}, + {"TRY_PARSE", 'f'}, + {"TYPEPROPERTY", 'f'}, + {"TYPE_ID", 'f'}, + {"TYPE_NAME", 'f'}, + {"UCASE", 'f'}, + {"UNCOMPRESS", 'f'}, + {"UNCOMPRESS_LENGTH", 'f'}, + {"UNDO", 'k'}, + {"UNHEX", 'f'}, + {"UNION", 'U'}, + {"UNIQUE", 'n'}, + {"UNIX_TIMESTAMP", 'f'}, + {"UNI_ON", 'U'}, + {"UNKNOWN", 'k'}, + {"UNLOCK", 'k'}, + {"UNNEST", 'f'}, + {"UNSIGNED", 'k'}, + {"UPDATE", 'k'}, + {"UPDATEXML", 'f'}, + {"UPPER", 'f'}, + {"UPPER_INC", 'f'}, + {"UPPER_INF", 'f'}, + {"USAGE", 'k'}, + {"USE", 'k'}, + {"USER_ID", 'n'}, + {"USER_NAME", 'f'}, + {"USING", 'f'}, + {"UTC_DATE", 'k'}, + {"UTC_TIME", 'k'}, + {"UTC_TIMESTAMP", 'k'}, + {"UTL_INADDR.GET_HOST_ADDRESS", 'f'}, + {"UUID", 'f'}, + {"UUID_SHORT", 'f'}, + {"VALUES", 'k'}, + {"VAR", 'f'}, + {"VARBINARY", 'k'}, + {"VARCHAR", 'k'}, + {"VARCHARACTER", 'k'}, + {"VARIANCE", 'f'}, + {"VARP", 'f'}, + {"VARYING", 'k'}, + {"VAR_POP", 'f'}, + {"VAR_SAMP", 'f'}, + {"VERIFYSIGNEDBYASMKEY", 'f'}, + {"VERIFYSIGNEDBYCERT", 'f'}, + {"VERSION", 'f'}, + {"WAITFOR", 'k'}, + {"WEEK", 'f'}, + {"WEEKDAY", 'f'}, + {"WEEKDAYNAME", 'f'}, + {"WEEKOFYEAR", 'f'}, + {"WHEN", 'k'}, + {"WHERE", 'k'}, + {"WHILE", 'k'}, + {"WIDTH_BUCKET", 'f'}, + {"WITH", 'k'}, + {"XMLAGG", 'f'}, + {"XMLCOMMENT", 'f'}, + {"XMLCONCAT", 'f'}, + {"XMLELEMENT", 'f'}, + {"XMLEXISTS", 'f'}, + {"XMLFOREST", 'f'}, + {"XMLFORMAT", 'f'}, + {"XMLPI", 'f'}, + {"XMLROOT", 'f'}, + {"XMLTYPE", 'f'}, + {"XML_IS_WELL_FORMED", 'f'}, + {"XOR", 'o'}, + {"XPATH", 'f'}, + {"XPATH_EXISTS", 'f'}, + {"XP_EXECRESULTSET", 'k'}, + {"YEAR", 'f'}, + {"YEARWEEK", 'f'}, + {"YEAR_MONTH", 'k'}, + {"ZEROFILL", 'k'}, +}; +static const size_t sql_keywords_sz = 737; +static const char* multikeywords_start[] = { + "ALTER", + "AT", + "AT TIME", + "CROSS", + "FULL", + "GROUP", + "IN", + "IN BOOLEAN", + "INTERSECT", + "IS", + "IS DISTINCT", + "IS NOT", + "LEFT", + "LOCK", + "NATURAL", + "NEXT", + "NEXT VALUE", + "NOT", + "NOT SIMILAR", + "ORDER", + "OWN3D", + "READ", + "RIGHT", + "SELECT", + "SIMILAR", + "SOUNDS", + "UNION", +}; +static const size_t multikeywords_start_sz = 27; +static const keyword_t multikeywords[] = { + {"ALTER DOMAIN", 'k'}, + {"ALTER TABLE", 'k'}, + {"AT TIME", 'n'}, + {"AT TIME ZONE", 'k'}, + {"CROSS JOIN", 'k'}, + {"FULL OUTER", 'k'}, + {"GROUP BY", 'B'}, + {"IN BOOLEAN", 'n'}, + {"IN BOOLEAN MODE", 'k'}, + {"INTERSECT ALL", 'o'}, + {"IS DISTINCT", 'n'}, + {"IS DISTINCT FROM", 'k'}, + {"IS NOT", 'o'}, + {"IS NOT DISTINCT", 'n'}, + {"IS NOT DISTINCT FROM", 'k'}, + {"LEFT JOIN", 'k'}, + {"LEFT OUTER", 'k'}, + {"LOCK TABLE", 'k'}, + {"LOCK TABLES", 'k'}, + {"NATURAL FULL", 'k'}, + {"NATURAL INNER", 'k'}, + {"NATURAL JOIN", 'k'}, + {"NATURAL LEFT", 'k'}, + {"NATURAL OUTER", 'k'}, + {"NATURAL RIGHT", 'k'}, + {"NEXT VALUE", 'n'}, + {"NEXT VALUE FOR", 'k'}, + {"NOT BETWEEN", 'o'}, + {"NOT IN", 'o'}, + {"NOT LIKE", 'o'}, + {"NOT REGEXP", 'o'}, + {"NOT RLIKE", 'o'}, + {"NOT SIMILAR", 'o'}, + {"NOT SIMILAR TO", 'o'}, + {"ORDER BY", 'B'}, + {"OWN3D BY", 'B'}, + {"READ WRITE", 'k'}, + {"RIGHT JOIN", 'k'}, + {"RIGHT OUTER", 'k'}, + {"SELECT ALL", 'k'}, + {"SIMILAR TO", 'o'}, + {"SOUNDS LIKE", 'o'}, + {"UNION ALL", 'U'}, +}; +static const size_t multikeywords_sz = 43; + +typedef size_t (*pt2Function)(sfilter *sf); +static const pt2Function char_parse_map[] = { + &parse_white, /* 0 */ + &parse_white, /* 1 */ + &parse_white, /* 2 */ + &parse_white, /* 3 */ + &parse_white, /* 4 */ + &parse_white, /* 5 */ + &parse_white, /* 6 */ + &parse_white, /* 7 */ + &parse_white, /* 8 */ + &parse_white, /* 9 */ + &parse_white, /* 10 */ + &parse_white, /* 11 */ + &parse_white, /* 12 */ + &parse_white, /* 13 */ + &parse_white, /* 14 */ + &parse_white, /* 15 */ + &parse_white, /* 16 */ + &parse_white, /* 17 */ + &parse_white, /* 18 */ + &parse_white, /* 19 */ + &parse_white, /* 20 */ + &parse_white, /* 21 */ + &parse_white, /* 22 */ + &parse_white, /* 23 */ + &parse_white, /* 24 */ + &parse_white, /* 25 */ + &parse_white, /* 26 */ + &parse_white, /* 27 */ + &parse_white, /* 28 */ + &parse_white, /* 29 */ + &parse_white, /* 30 */ + &parse_white, /* 31 */ + &parse_white, /* 32 */ + &parse_operator2, /* 33 */ + &parse_string, /* 34 */ + &parse_eol_comment, /* 35 */ + &parse_money, /* 36 */ + &parse_operator1, /* 37 */ + &parse_operator2, /* 38 */ + &parse_string, /* 39 */ + &parse_char, /* 40 */ + &parse_char, /* 41 */ + &parse_operator2, /* 42 */ + &parse_operator1, /* 43 */ + &parse_char, /* 44 */ + &parse_dash, /* 45 */ + &parse_number, /* 46 */ + &parse_slash, /* 47 */ + &parse_number, /* 48 */ + &parse_number, /* 49 */ + &parse_number, /* 50 */ + &parse_number, /* 51 */ + &parse_number, /* 52 */ + &parse_number, /* 53 */ + &parse_number, /* 54 */ + &parse_number, /* 55 */ + &parse_number, /* 56 */ + &parse_number, /* 57 */ + &parse_char, /* 58 */ + &parse_char, /* 59 */ + &parse_operator2, /* 60 */ + &parse_operator2, /* 61 */ + &parse_operator2, /* 62 */ + &parse_other, /* 63 */ + &parse_var, /* 64 */ + &parse_word, /* 65 */ + &parse_word, /* 66 */ + &parse_word, /* 67 */ + &parse_word, /* 68 */ + &parse_word, /* 69 */ + &parse_word, /* 70 */ + &parse_word, /* 71 */ + &parse_word, /* 72 */ + &parse_word, /* 73 */ + &parse_word, /* 74 */ + &parse_word, /* 75 */ + &parse_word, /* 76 */ + &parse_word, /* 77 */ + &parse_word, /* 78 */ + &parse_word, /* 79 */ + &parse_word, /* 80 */ + &parse_word, /* 81 */ + &parse_word, /* 82 */ + &parse_word, /* 83 */ + &parse_word, /* 84 */ + &parse_word, /* 85 */ + &parse_word, /* 86 */ + &parse_word, /* 87 */ + &parse_word, /* 88 */ + &parse_word, /* 89 */ + &parse_word, /* 90 */ + &parse_other, /* 91 */ + &parse_backslash, /* 92 */ + &parse_other, /* 93 */ + &parse_operator1, /* 94 */ + &parse_word, /* 95 */ + &parse_word, /* 96 */ + &parse_word, /* 97 */ + &parse_word, /* 98 */ + &parse_word, /* 99 */ + &parse_word, /* 100 */ + &parse_word, /* 101 */ + &parse_word, /* 102 */ + &parse_word, /* 103 */ + &parse_word, /* 104 */ + &parse_word, /* 105 */ + &parse_word, /* 106 */ + &parse_word, /* 107 */ + &parse_word, /* 108 */ + &parse_word, /* 109 */ + &parse_word, /* 110 */ + &parse_word, /* 111 */ + &parse_word, /* 112 */ + &parse_word, /* 113 */ + &parse_word, /* 114 */ + &parse_word, /* 115 */ + &parse_word, /* 116 */ + &parse_word, /* 117 */ + &parse_word, /* 118 */ + &parse_word, /* 119 */ + &parse_word, /* 120 */ + &parse_word, /* 121 */ + &parse_word, /* 122 */ + &parse_other, /* 123 */ + &parse_operator2, /* 124 */ + &parse_other, /* 125 */ + &parse_operator1, /* 126 */ + &parse_white, /* 127 */ +}; + +#endif

@@ -0,0 +1,70 @@ +/** + * Copyright 2012, Nick Galbreath + * nickg@client9.com + * BSD License - see COPYING.txt for details + * + * (setq-default indent-tabs-mode nil) + * (setq c-default-style "k&r" + * c-basic-offset 4) + * indent -kr -nut + */ +#ifndef _SQLPARSE_PRIVATE_H +#define _SQLPARSE_PRIVATE_H + +#include "sqlparse.h" + +typedef struct { + const char *word; + char type; +} keyword_t; + +char bsearch_keyword_type(const char *key, const keyword_t keywords[], + size_t len); + +int is_operator2(const char *key); + +int is_sqli_pattern(const char *key); + +size_t parse_none(sfilter * sf); +size_t parse_money(sfilter * sf); +size_t parse_other(sfilter * sf); +size_t parse_white(sfilter * sf); +size_t parse_operator1(sfilter *sf); +size_t parse_char(sfilter *sf); +size_t parse_eol_comment(sfilter *sf); +size_t parse_dash(sfilter *sf); +size_t is_mysql_comment(const char *cs, const size_t len, size_t pos); +size_t parse_slash(sfilter *sf); +size_t parse_backslash(sfilter * sf); +size_t parse_operator2(sfilter *sf); +size_t parse_string_core(const char *cs, const size_t len, size_t pos, + stoken_t * st, char delim, size_t offset); +size_t parse_string(sfilter *sf); +size_t parse_word(sfilter * sf); +size_t parse_var(sfilter * sf); + +size_t parse_number(sfilter * sf); + +int parse_token(sfilter * sf); + +/** + * Looks at syntax_last and syntax_current to see + * if they can be merged into a multi-keyword + */ +int syntax_merge_words(stoken_t * a, stoken_t * b); + +void sfilter_reset(sfilter * sf, const char *s, size_t slen); + +/** + * Takes a raw stream of SQL tokens and does the following: + * * Merge mutliple strings into one "foo", "bar" --> "foo bar" + * * Remove comments except last one 1, +, -- foo, 1 ->> 1,+,1 + * * Merge multi-word keywords and operators into one + * e.g. "UNION", "ALL" --> "UNION ALL" + */ +int sqli_tokenize(sfilter * sf, stoken_t * sout); + +int filter_fold(sfilter * sf, stoken_t * sout); + + +#endif /* _SQLPARSE_PRIVATE_H */

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at @@ -391,11 +391,9 @@ if (msr->matched_vars == NULL) return -1; apr_table_clear(msr->matched_vars); - if(msr->txcfg->max_rule_time > 0) { - msr->perf_rules = apr_table_make(msr->mp, 8); - if (msr->perf_rules == NULL) return -1; - apr_table_clear(msr->perf_rules); - } + msr->perf_rules = apr_table_make(msr->mp, 8); + if (msr->perf_rules == NULL) return -1; + apr_table_clear(msr->perf_rules); /* Locate the cookie headers and parse them */ arr = apr_table_elts(msr->request_headers);

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at @@ -442,6 +442,8 @@ lua_State *L; #endif #endif + + int msc_sdbm_delete_error; }; struct directory_config { @@ -579,7 +581,7 @@ /* Hash */ apr_array_header_t *hash_method; - const char *crypto_key; + const char *crypto_key; int crypto_key_len; const char *crypto_param_name; int hash_is_enabled;

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at @@ -38,7 +38,7 @@ #define MODSEC_VERSION_MAJOR "2" #define MODSEC_VERSION_MINOR "7" -#define MODSEC_VERSION_MAINT "3" +#define MODSEC_VERSION_MAINT "4" #define MODSEC_VERSION_TYPE "" #define MODSEC_VERSION_RELEASE "" @@ -53,10 +53,10 @@ #define MODSEC_MODULE_NAME "ModSecurity for IIS (STABLE)" #else #ifdef VERSION_NGINX -#define MODSEC_MODULE_NAME "ModSecurity for nginx (RC)" +#define MODSEC_MODULE_NAME "ModSecurity for nginx (STABLE)" #else #ifdef VERSION_STANDALONE -#define MODSEC_MODULE_NAME "ModSecurity Standalone (RC)" +#define MODSEC_MODULE_NAME "ModSecurity Standalone (STABLE)" #else #define MODSEC_MODULE_NAME "ModSecurity for Apache" #endif

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at @@ -170,6 +170,7 @@ /* Would storing this chunk mean going over the limit? */ if ((msr->msc_reqbody_spilltodisk) + && (msr->txcfg->reqbody_buffering != REQUEST_BODY_FORCEBUF_ON) && (msr->msc_reqbody_length + length > (apr_size_t)msr->txcfg->reqbody_inmemory_limit)) { msc_data_chunk **chunks;

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at @@ -220,6 +220,7 @@ msr_log(msr, 1, "collection_retrieve_ex: Failed deleting collection (name \"%s\", " "key \"%s\"): %s", log_escape(msr->mp, col_name), log_escape_ex(msr->mp, col_key, col_key_len), get_apr_error(msr->mp, rc)); + msr->msc_sdbm_delete_error = 1; goto cleanup; } @@ -467,7 +468,7 @@ var->value = apr_psprintf(msr->mp, "%d", newval); var->value_len = strlen(var->value); - + if (msr->txcfg->debuglog_level >= 9) { msr_log(msr, 9, "collection_store: Delta applied for %s.%s %d->%d (%d): %d + (%d) = %d [%s,%d]", log_escape_ex(msr->mp, var_name->value, var_name->value_len), @@ -490,7 +491,12 @@ /* Now generate the binary object. */ blob = apr_pcalloc(msr->mp, blob_size); if (blob == NULL) { - goto error; + if (dbm != NULL) { + apr_sdbm_unlock(dbm); + apr_sdbm_close(dbm); + } + + return -1; } blob[0] = 0x49; @@ -542,10 +548,16 @@ rc = apr_sdbm_store(dbm, key, value, APR_SDBM_REPLACE); if (rc != APR_SUCCESS) { msr_log(msr, 1, "collection_store: Failed to write to DBM file \"%s\": %s", dbm_filename, - get_apr_error(msr->mp, rc)); - goto error; + get_apr_error(msr->mp, rc)); + if (dbm != NULL) { + apr_sdbm_unlock(dbm); + apr_sdbm_close(dbm); + } + + return -1; } + apr_sdbm_unlock(dbm); apr_sdbm_close(dbm); if (msr->txcfg->debuglog_level >= 4) { @@ -557,11 +569,6 @@ return 0; error: - - if (dbm) { - apr_sdbm_close(dbm); - } - return -1; } @@ -672,9 +679,10 @@ msr_log(msr, 1, "collections_remove_stale: Failed deleting collection (name \"%s\", " "key \"%s\"): %s", log_escape(msr->mp, col_name), log_escape_ex(msr->mp, key.dptr, key.dsize - 1), get_apr_error(msr->mp, rc)); + msr->msc_sdbm_delete_error = 1; goto error; } - + if (msr->txcfg->debuglog_level >= 4) { msr_log(msr, 4, "collections_remove_stale: Removed stale collection (name \"%s\", " "key \"%s\").", log_escape(msr->mp, col_name),

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at @@ -2604,12 +2604,16 @@ rt_time = apr_table_get(msr->perf_rules, rule->actionset->id); if(rt_time == NULL) { rt_time = apr_psprintf(msr->mp, "%" APR_TIME_T_FMT, (t1 - time_before_op)); - apr_table_setn(msr->perf_rules, rule->actionset->id, rt_time); + rule_time = (apr_time_t)atoi(rt_time); + if(rule_time >= msr->txcfg->max_rule_time) + apr_table_setn(msr->perf_rules, rule->actionset->id, rt_time); } else { rule_time = (apr_time_t)atoi(rt_time); rule_time += (t1 - time_before_op); - rt_time = apr_psprintf(msr->mp, "%" APR_TIME_T_FMT, rule_time); - apr_table_setn(msr->perf_rules, rule->actionset->id, rt_time); + if(rule_time >= msr->txcfg->max_rule_time) { + rt_time = apr_psprintf(msr->mp, "%" APR_TIME_T_FMT, rule_time); + apr_table_setn(msr->perf_rules, rule->actionset->id, rt_time); + } } } }

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at @@ -27,6 +27,9 @@ #include <arpa/inet.h> #endif +#include "libinjection/sqlparse.h" +#include "libinjection/sqli_fingerprints.h" + /** * */ @@ -369,7 +372,7 @@ /* rsub */ static char *param_remove_escape(msre_rule *rule, char *str, int len) { - char *parm = apr_palloc(rule->ruleset->mp, len); + char *parm = apr_pcalloc(rule->ruleset->mp, len); char *ret = parm; for(;*str!='\0';str++) { @@ -2129,6 +2132,42 @@ return 0; } +/** libinjection detectSQLi +* links against files in libinjection directory + * See www.client9.com/libinjection for details + * `is_sqli_pattern` right now is a hardwired set of sqli fingerprints. + * In future, change to read from file. +*/ +static int msre_op_detectSQLi_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, + char **error_msg) { + sfilter sf; + int issqli = is_sqli(&sf, var->value, var->value_len, is_sqli_pattern); + int capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0; + + if (error_msg == NULL) return -1; + *error_msg = NULL; + + if (issqli) { + set_match_to_tx(msr, capture, sf.pat, 0); + + *error_msg = apr_psprintf(msr->mp, "detected SQLi using libinjection fingerprint '%s' at %s", + sf.pat, var->name); + + if (msr->txcfg->debuglog_level >= 9) { + msr_log(msr, 9, "detectSQLi: libinjection fingerprint '%s' matched input '%s'", + sf.pat, + log_escape_ex(msr->mp, var->value, var->value_len)); + } + } else { + if (msr->txcfg->debuglog_level >= 9) { + msr_log(msr, 9, "detectSQLi: no sql, libinjection no match input '%s' at '%s'", + log_escape_ex(msr->mp, var->value, var->value_len), var->name); + } + } + + return issqli; +} + /* containsWord */ static int msre_op_containsWord_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg) { @@ -4502,7 +4541,14 @@ msre_op_containsWord_execute ); - /* is */ + /* detectSQLi */ + msre_engine_op_register(engine, + "detectSQLi", + NULL, + msre_op_detectSQLi_execute + ); + + /* streq */ msre_engine_op_register(engine, "streq", NULL, /* ENH init function to flag var substitution */

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at @@ -511,6 +511,19 @@ return 1; } +/* SDBM_DELETE_ERROR */ +static int var_sdbm_delete_error_generate(modsec_rec *msr, msre_var *var, msre_rule *rule, + apr_table_t *vartab, apr_pool_t *mptmp) +{ + msre_var *rvar = apr_pmemdup(mptmp, var, sizeof(msre_var)); + + rvar->value = apr_psprintf(mptmp, "%d", msr->msc_sdbm_delete_error); + rvar->value_len = strlen(rvar->value); + apr_table_addn(vartab, rvar->name, (void *)rvar); + + return 1; +} + /* REQBODY_ERROR */ static int var_reqbody_processor_error_generate(modsec_rec *msr, msre_var *var, msre_rule *rule, @@ -700,13 +713,20 @@ static int var_remote_addr_generate(modsec_rec *msr, msre_var *var, msre_rule *rule, apr_table_t *vartab, apr_pool_t *mptmp) { +#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 3 + if (ap_find_linked_module("mod_remoteip.c") != NULL) { + if(msr->r->useragent_ip != NULL) msr->remote_addr = apr_pstrdup(msr->mp, msr->r->useragent_ip); + return var_simple_generate(var, vartab, mptmp, msr->remote_addr); + } +#endif + return var_simple_generate(var, vartab, mptmp, msr->remote_addr); } /* REMOTE_HOST */ static int var_remote_host_generate(modsec_rec *msr, msre_var *var, msre_rule *rule, - apr_table_t *vartab, apr_pool_t *mptmp) + apr_table_t *vartab, apr_pool_t *mptmp) { const char *value1 = ap_get_remote_host(msr->r->connection, msr->r->per_dir_config, REMOTE_NAME, NULL); @@ -3117,6 +3137,16 @@ PHASE_REQUEST_HEADERS ); + msre_engine_variable_register(engine, + "SDBM_DELETE_ERROR", + VAR_SIMPLE, + 0, 0, + NULL, + var_sdbm_delete_error_generate, + VAR_DONT_CACHE, /* dynamic */ + PHASE_REQUEST_BODY + ); + /* REQBODY_PROCESSOR_ERROR - Deprecated */ msre_engine_variable_register(engine, "REQBODY_PROCESSOR_ERROR",

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at

@@ -11,7 +11,8 @@ APR_CPPFLAGS="" APR_LDFLAGS="" APR_LDADD="" - +APR_INCLUDEDIR="" +APR_LINKLD="" AC_DEFUN([CHECK_APR], [dnl @@ -63,6 +64,10 @@ if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apr LDFLAGS: $APR_LDFLAGS); fi APR_LDADD="`${APR_CONFIG} --link-libtool`" if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apr LDADD: $APR_LDADD); fi + APR_INCLUDEDIR="`${APR_CONFIG} --includedir`" + if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apr INCLUDEDIR: $APR_INCLUDEDIR); fi + APR_LINKLD="`${APR_CONFIG} --link-ld`" + if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apr LINKLD: $APR_LINKLD); fi else AC_MSG_RESULT([no]) fi @@ -73,6 +78,8 @@ AC_SUBST(APR_CPPFLAGS) AC_SUBST(APR_LDFLAGS) AC_SUBST(APR_LDADD) +AC_SUBST(APR_INCLUDEDIR) +AC_SUBST(APR_LINKLD) if test -z "${APR_VERSION}"; then AC_MSG_NOTICE([*** apr library not found.])

@@ -10,6 +10,8 @@ APU_CFLAGS="" APU_LDFLAGS="" APU_LDADD="" +APU_INCLUDEDIR="" +APU_LINKLD="" AC_DEFUN([CHECK_APU], [dnl @@ -18,7 +20,7 @@ apu, [AC_HELP_STRING([--with-apu=PATH],[Path to apu prefix or config script])], [test_paths="${with_apu}"], - [test_paths="/usr/local/libapr-util /usr/local/apr-util /usr/local/libapu /usr/local/apu /usr/local /opt/libapr-util /opt/apr-util /opt/libapu /opt/apu /opt /usr"]) + [test_paths="/usr/local/libapr-util /usr/local/apr-util /usr/local/libapu /usr/local/apu /usr/local/apr /usr/local /opt/libapr-util /opt/apr-util /opt/libapu /opt/apu /opt /usr"]) AC_MSG_CHECKING([for libapu config script]) @@ -60,6 +62,10 @@ if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LDFLAGS: $APU_LDFLAGS); fi APU_LDADD="`${APU_CONFIG} --link-libtool`" if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LDADD: $APU_LDADD); fi + APU_INCLUDEDIR="`${APU_CONFIG} --includedir`" + if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu INCLUDEDIR: $APU_INCLUDEDIR); fi + APU_LINKLD="`${APU_CONFIG} --link-ld`" + if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LINKLD: $APU_LINKLD); fi else AC_MSG_RESULT([no]) fi @@ -69,6 +75,8 @@ AC_SUBST(APU_CFLAGS) AC_SUBST(APU_LDFLAGS) AC_SUBST(APU_LDADD) +AC_SUBST(APU_INCLUDEDIR) +AC_SUBST(APU_LINKLD) if test -z "${APU_VERSION}"; then AC_MSG_NOTICE([*** apu library not found.])

@@ -764,11 +764,15 @@ LIBXML2_CFLAGS LIBXML2_VERSION LIBXML2_CONFIG +APU_LINKLD +APU_INCLUDEDIR APU_LDADD APU_LDFLAGS APU_CFLAGS APU_VERSION APU_CONFIG +APR_LINKLD +APR_INCLUDEDIR APR_LDADD APR_LDFLAGS APR_CPPFLAGS @@ -1644,7 +1648,8 @@ --enable-htaccess-config Enable some mod_security directives into htaccess files. - --enable-request-early Place phase1 into post_read_request hook. + --enable-request-early Place phase1 into post_read_request hook. default is + hook_request_early --disable-errors Disable errors during configure. --enable-verbose-output Enable more verbose configure output. --enable-strict-compile Enable strict compilation (warnings are errors). @@ -4746,13 +4751,13 @@ else lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext - (eval echo "\"\$as_me:4749: $ac_compile\"" >&5) + (eval echo "\"\$as_me:4754: $ac_compile\"" >&5) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&5 - (eval echo "\"\$as_me:4752: $NM \\\"conftest.$ac_objext\\\"\"" >&5) + (eval echo "\"\$as_me:4757: $NM \\\"conftest.$ac_objext\\\"\"" >&5) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&5 - (eval echo "\"\$as_me:4755: output\"" >&5) + (eval echo "\"\$as_me:4760: output\"" >&5) cat conftest.out >&5 if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" @@ -5958,7 +5963,7 @@ ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 5961 "configure"' > conftest.$ac_ext + echo '#line 5966 "configure"' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -7487,11 +7492,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:7490: $lt_compile\"" >&5) + (eval echo "\"\$as_me:7495: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:7494: \$? = $ac_status" >&5 + echo "$as_me:7499: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -7826,11 +7831,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:7829: $lt_compile\"" >&5) + (eval echo "\"\$as_me:7834: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:7833: \$? = $ac_status" >&5 + echo "$as_me:7838: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -7931,11 +7936,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:7934: $lt_compile\"" >&5) + (eval echo "\"\$as_me:7939: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:7938: \$? = $ac_status" >&5 + echo "$as_me:7943: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -7986,11 +7991,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:7989: $lt_compile\"" >&5) + (eval echo "\"\$as_me:7994: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:7993: \$? = $ac_status" >&5 + echo "$as_me:7998: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -10370,7 +10375,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 10373 "configure" +#line 10378 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -10466,7 +10471,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 10469 "configure" +#line 10474 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -13209,6 +13214,12 @@ APR_LDADD="`${APR_CONFIG} --link-libtool`" if test "$verbose_output" -eq 1; then { $as_echo "$as_me:${as_lineno-$LINENO}: apr LDADD: $APR_LDADD" >&5 $as_echo "$as_me: apr LDADD: $APR_LDADD" >&6;}; fi + APR_INCLUDEDIR="`${APR_CONFIG} --includedir`" + if test "$verbose_output" -eq 1; then { $as_echo "$as_me:${as_lineno-$LINENO}: apr INCLUDEDIR: $APR_INCLUDEDIR" >&5 +$as_echo "$as_me: apr INCLUDEDIR: $APR_INCLUDEDIR" >&6;}; fi + APR_LINKLD="`${APR_CONFIG} --link-ld`" + if test "$verbose_output" -eq 1; then { $as_echo "$as_me:${as_lineno-$LINENO}: apr LINKLD: $APR_LINKLD" >&5 +$as_echo "$as_me: apr LINKLD: $APR_LINKLD" >&6;}; fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -13221,6 +13232,8 @@ + + if test -z "${APR_VERSION}"; then { $as_echo "$as_me:${as_lineno-$LINENO}: *** apr library not found." >&5 $as_echo "$as_me: *** apr library not found." >&6;} @@ -13237,7 +13250,7 @@ if test "${with_apu+set}" = set; then : withval=$with_apu; test_paths="${with_apu}" else - test_paths="/usr/local/libapr-util /usr/local/apr-util /usr/local/libapu /usr/local/apu /usr/local /opt/libapr-util /opt/apr-util /opt/libapu /opt/apu /opt /usr" + test_paths="/usr/local/libapr-util /usr/local/apr-util /usr/local/libapu /usr/local/apu /usr/local/apr /usr/local /opt/libapr-util /opt/apr-util /opt/libapu /opt/apu /opt /usr" fi @@ -13285,6 +13298,12 @@ APU_LDADD="`${APU_CONFIG} --link-libtool`" if test "$verbose_output" -eq 1; then { $as_echo "$as_me:${as_lineno-$LINENO}: apu LDADD: $APU_LDADD" >&5 $as_echo "$as_me: apu LDADD: $APU_LDADD" >&6;}; fi + APU_INCLUDEDIR="`${APU_CONFIG} --includedir`" + if test "$verbose_output" -eq 1; then { $as_echo "$as_me:${as_lineno-$LINENO}: apu INCLUDEDIR: $APU_INCLUDEDIR" >&5 +$as_echo "$as_me: apu INCLUDEDIR: $APU_INCLUDEDIR" >&6;}; fi + APU_LINKLD="`${APU_CONFIG} --link-ld`" + if test "$verbose_output" -eq 1; then { $as_echo "$as_me:${as_lineno-$LINENO}: apu LINKLD: $APU_LINKLD" >&5 +$as_echo "$as_me: apu LINKLD: $APU_LINKLD" >&6;}; fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -13292,6 +13311,8 @@ + +

@@ -374,7 +374,7 @@ # Enable phase-1 in post_read_request AC_ARG_ENABLE(request-early, AS_HELP_STRING([--enable-request-early], - [Place phase1 into post_read_request hook.]), + [Place phase1 into post_read_request hook. default is hook_request_early]), [ if test "$enableval" != "no"; then request_early="-DREQUEST_EARLY"

@@ -136,13 +136,17 @@ APR_CFLAGS = @APR_CFLAGS@ APR_CONFIG = @APR_CONFIG@ APR_CPPFLAGS = @APR_CPPFLAGS@ +APR_INCLUDEDIR = @APR_INCLUDEDIR@ APR_LDADD = @APR_LDADD@ APR_LDFLAGS = @APR_LDFLAGS@ +APR_LINKLD = @APR_LINKLD@ APR_VERSION = @APR_VERSION@ APU_CFLAGS = @APU_CFLAGS@ APU_CONFIG = @APU_CONFIG@ +APU_INCLUDEDIR = @APU_INCLUDEDIR@ APU_LDADD = @APU_LDADD@ APU_LDFLAGS = @APU_LDFLAGS@ +APU_LINKLD = @APU_LINKLD@ APU_VERSION = @APU_VERSION@ APXS = @APXS@ APXS_BINDIR = @APXS_BINDIR@

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at

@@ -52,6 +52,7 @@ msc_release.obj msc_crypt.obj msc_tree.obj OBJS2 = api.obj buckets.obj config.obj filters.obj hooks.obj regex.obj server.obj OBJS3 = main.obj moduleconfig.obj mymodule.obj +OBJS4 = sqlparse.obj all: $(DLL) @@ -60,14 +61,17 @@ $(OBJS1): ..\apache2\$*.c $(CC) $(CFLAGS) -c ..\apache2\$*.c -Fo$@ +$(OBJS4): ..\apache2\libinjection\$*.c + $(CC) $(CFLAGS) -c ..\apache2\libinjection\$*.c -Fo$@ + $(OBJS2): ..\standalone\$*.c $(CC) $(CFLAGS) -c ..\standalone\$*.c -Fo$@ .cpp.obj: $(CC) $(CFLAGS) -c $< -Fo$@ -$(DLL): $(OBJS1) $(OBJS2) $(OBJS3) - $(LINK) $(LDFLAGS) $(OBJS1) $(OBJS2) $(OBJS3) $(LIBS) +$(DLL): $(OBJS1) $(OBJS2) $(OBJS3) $(OBJS4) + $(LINK) $(LDFLAGS) $(OBJS1) $(OBJS2) $(OBJS3) $(OBJS4) $(LIBS) IF EXIST $(DLL).manifest $(MT) -manifest $(DLL).manifest -outputresource:$(DLL);#1 clean:

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at

@@ -109,13 +109,17 @@ APR_CFLAGS = @APR_CFLAGS@ APR_CONFIG = @APR_CONFIG@ APR_CPPFLAGS = @APR_CPPFLAGS@ +APR_INCLUDEDIR = @APR_INCLUDEDIR@ APR_LDADD = @APR_LDADD@ APR_LDFLAGS = @APR_LDFLAGS@ +APR_LINKLD = @APR_LINKLD@ APR_VERSION = @APR_VERSION@ APU_CFLAGS = @APU_CFLAGS@ APU_CONFIG = @APU_CONFIG@ +APU_INCLUDEDIR = @APU_INCLUDEDIR@ APU_LDADD = @APU_LDADD@ APU_LDFLAGS = @APU_LDFLAGS@ +APU_LINKLD = @APU_LINKLD@ APU_VERSION = @APU_VERSION@ APXS = @APXS@ APXS_BINDIR = @APXS_BINDIR@

@@ -1,7 +1,7 @@ #!@PERL@ # # ModSecurity for Apache 2.x, http://www.modsecurity.org/ -# Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +# Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) # # You may not use this file except in compliance with # the License. You may obtain a copy of the License at

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at

@@ -77,7 +77,7 @@ # Did we see anything that might be a boundary? # SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ -"id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" +"id:'200003',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'" # PCRE Tuning # We want to avoid a potential RegEx DoS condition

@@ -204,6 +204,17 @@ if (APR_BUCKET_IS_EOS(e)) { if (cl == NULL) { + cl = ngx_alloc_chain_link(pool); + if (cl == NULL) { + break; + } + + cl->buf = ngx_calloc_buf(pool); + if (cl->buf == NULL) { + break; + } + + cl->buf->last_buf = 1; *ll = cl; } else { cl->buf->last_buf = 1;

@@ -3,5 +3,5 @@ HTTP_AUX_FILTER_MODULES="ngx_http_modsecurity $HTTP_AUX_FILTER_MODULES" NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_modsecurity.c $ngx_addon_dir/apr_bucket_nginx.c $ngx_addon_dir/ngx_pool_context.c" NGX_ADDON_DEPS="$NGX_ADDON_DEPS $ngx_addon_dir/apr_bucket_nginx.h $ngx_addon_dir/ngx_pool_context.h" -CORE_LIBS="$CORE_LIBS $ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm " -CORE_INCS="$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 /usr/include/httpd /usr/include/apr-1 $ngx_addon_dir $ngx_addon_dir/../../standalone $ngx_addon_dir/../../apache2 /usr/include/libxml2 " +CORE_LIBS="$CORE_LIBS $ngx_addon_dir/../../standalone/.libs/standalone.a -L/usr/local/apr/lib -lapr-1 -L/usr/local/apr/lib -laprutil-1 -lpcre -lxml2 -lz -lm -ldl " +CORE_INCS="$CORE_INCS $ngx_addon_dir $ngx_addon_dir/../../standalone $ngx_addon_dir/../../apache2 /usr/include/libxml2 /usr/local/apache2/include /usr/local/apr/include/apr-1 /usr/local/apr/include/apr-1"

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at @@ -16,6 +16,8 @@ #include <apr_bucket_nginx.h> #include <ngx_pool_context.h> +#include <apr_base64.h> + #undef CR #undef LF #undef CRLF @@ -52,7 +54,6 @@ static ngx_int_t ngx_http_modsecurity_preconfiguration(ngx_conf_t *cf); static ngx_int_t ngx_http_modsecurity_init(ngx_conf_t *cf); static ngx_int_t ngx_http_modsecurity_init_process(ngx_cycle_t *cycle); -static void ngx_http_modsecurity_exit_process(ngx_cycle_t *cycle); static void *ngx_http_modsecurity_create_loc_conf(ngx_conf_t *cf); static char *ngx_http_modsecurity_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child); static char *ngx_http_modsecurity_config(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); @@ -60,6 +61,7 @@ static ngx_http_modsecurity_ctx_t * ngx_http_modsecurity_create_ctx(ngx_http_request_t *r); static int ngx_http_modsecurity_drop_action(request_rec *r); +static void ngx_http_modsecurity_finalize(void *data); static void ngx_http_modsecurity_cleanup(void *data); static int ngx_http_modsecurity_save_headers_in_visitor(void *data, const char *key, const char *value); @@ -113,8 +115,8 @@ ngx_http_modsecurity_init_process, /* init process */ NULL, /* init thread */ NULL, /* exit thread */ - ngx_http_modsecurity_exit_process, /* exit process */ - ngx_http_modsecurity_exit_process, /* exit master */ + NULL, /* exit process */ + NULL, /* exit master */ NGX_MODULE_V1_PADDING }; @@ -156,7 +158,8 @@ } -static inline int ngx_http_modsecurity_method_number(unsigned int nginx) +static inline int +ngx_http_modsecurity_method_number(unsigned int nginx) { /* * http://graphics.stanford.edu/~seander/bithacks.html#ZerosOnRightMultLookup @@ -246,7 +249,7 @@ } #endif - req->parsed_uri.path = req->path_info; + req->parsed_uri.path = (char *)ngx_pstrdup0(r->pool, &r->uri); req->parsed_uri.is_initialized = 1; str.data = r->port_start; @@ -254,7 +257,7 @@ req->parsed_uri.port = ngx_atoi(str.data, str.len); req->parsed_uri.port_str = (char *)ngx_pstrdup0(r->pool, &str); - req->parsed_uri.query = req->args; + req->parsed_uri.query = r->args.len ? req->args : NULL; req->parsed_uri.dns_looked_up = 0; req->parsed_uri.dns_resolved = 0; @@ -786,6 +789,29 @@ return 1; } + +static ngx_inline ngx_int_t +ngx_http_modsecurity_status(ngx_http_request_t *r, int status) +{ + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSecurity: status %d", status); + + if (status == DECLINED || status == APR_SUCCESS) { + return NGX_DECLINED; + } + + /* nginx known status */ + if ( (status >= 300 && status < 308) /* 3XX */ + || (status >= 400 && status < 417) /* 4XX */ + || (status >= 500 && status < 508) /* 5XX */ + || (status == NGX_HTTP_CREATED || status == NGX_HTTP_NO_CONTENT) ) { + + return status; + } + + return NGX_HTTP_INTERNAL_SERVER_ERROR; +} + + /* create loc conf struct */ static void * ngx_http_modsecurity_create_loc_conf(ngx_conf_t *cf) @@ -858,7 +884,8 @@ static ngx_int_t ngx_http_modsecurity_preconfiguration(ngx_conf_t *cf) { - server_rec *s; + server_rec *s; + ngx_pool_cleanup_t *cln; /* XXX: temporary hack, nginx uses pcre as well and hijacks these two */ pcre_malloc = modsec_pcre_malloc; @@ -873,6 +900,12 @@ return NGX_ERROR; } + cln = ngx_pool_cleanup_add(cf->pool, 0); + if (cln == NULL) { + return NGX_ERROR; + } + cln->handler = ngx_http_modsecurity_finalize; + /* set host name */ s->server_hostname = ngx_palloc(cf->pool, ngx_cycle->hostname.len + 1); if (s->server_hostname == NULL) { @@ -886,6 +919,12 @@ } +static void +ngx_http_modsecurity_finalize(void *data) +{ + modsecTerminate(); +} + static ngx_int_t ngx_http_modsecurity_init(ngx_conf_t *cf) @@ -896,9 +935,6 @@ modsecFinalizeConfig(); cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); - if (cmcf == NULL) { - return NGX_ERROR; - } h = ngx_array_push(&cmcf->phases[NGX_HTTP_PREACCESS_PHASE].handlers); if (h == NULL) { @@ -921,17 +957,12 @@ static ngx_int_t ngx_http_modsecurity_init_process(ngx_cycle_t *cycle) { + /* must set log hook here cf->log maybe changed */ modsecSetLogHook(cycle->log, modsecLog); modsecInitProcess(); return NGX_OK; } -static void -ngx_http_modsecurity_exit_process(ngx_cycle_t *cycle) -{ - modsecTerminate(); -} - /* ** [ENTRY POINT] does : this function called by nginx from the request handler @@ -952,18 +983,18 @@ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: handler"); + /* create / retrive request ctx */ if (r->internal) { - /* we have already processed the request headers with previous loc conf */ - - /* TODO: do we need update ctx and process headers again? */ + ctx = ngx_http_get_module_pool_ctx(r, ngx_http_modsecurity); if (ctx) { + /* we have already processed the request headers */ ngx_http_set_ctx(r, ctx, ngx_http_modsecurity); return NGX_DECLINED; } - ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: get internel request ctx failed"); + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: request pool ctx empty"); } ctx = ngx_http_modsecurity_create_ctx(r); @@ -978,52 +1009,34 @@ return NGX_ERROR; } - ngx_http_modsecurity_load_request(r); - - if (ngx_http_modsecurity_load_headers_in(r) != NGX_OK) { + /* load request to request rec */ + if (ngx_http_modsecurity_load_request(r) != NGX_OK + || ngx_http_modsecurity_load_headers_in(r) != NGX_OK) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } /* processing request headers */ - rc = modsecProcessRequestHeaders(ctx->req); - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSecurity: modsecProcessRequestHeaders %d", rc); - - if (rc == DECLINED) { - - if (modsecIsRequestBodyAccessEnabled(ctx->req) - && r->method == NGX_HTTP_POST) { - - /* Processing POST request body, should we process PUT? */ - rc = ngx_http_read_client_request_body(r, ngx_http_modsecurity_body_handler); - if (rc >= NGX_HTTP_SPECIAL_RESPONSE) { - return rc; - } + rc = ngx_http_modsecurity_status(r, modsecProcessRequestHeaders(ctx->req)); - return NGX_DONE; - } - /* other method */ - rc = modsecProcessRequestBody(ctx->req); - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSecurity: modsecProcessRequestBody %d", rc); + if (rc != NGX_DECLINED) { + return rc; } - if (rc != DECLINED) { + if (r->method == NGX_HTTP_POST + && modsecIsRequestBodyAccessEnabled(ctx->req) ) { - /* Nginx and Apache share same response code */ - if (rc < NGX_HTTP_SPECIAL_RESPONSE || rc >= 600) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; + /* read POST request body, should we process PUT? */ + rc = ngx_http_read_client_request_body(r, ngx_http_modsecurity_body_handler); + if (rc >= NGX_HTTP_SPECIAL_RESPONSE) { + return rc; } - return rc; - } - - /* - if (ngx_http_modsecurity_save_headers_in(r) != NGX_OK) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; + return NGX_DONE; } - */ - - return NGX_DECLINED; + + /* other method */ + return ngx_http_modsecurity_status(r, modsecProcessRequestBody(ctx->req)); } @@ -1038,19 +1051,12 @@ ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity); if (ngx_http_modsecurity_load_request_body(r) != NGX_OK) { - return ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); } - rc = modsecProcessRequestBody(ctx->req); - - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSecurity: modsecProcessRequestBody %d", rc); + rc = ngx_http_modsecurity_status(r, modsecProcessRequestBody(ctx->req)); - if (rc != DECLINED) { - /* Nginx and Apache share same response code */ - if (rc < NGX_HTTP_SPECIAL_RESPONSE || rc >= 600) { - rc = NGX_HTTP_INTERNAL_SERVER_ERROR; - } + if (rc != NGX_DECLINED) { return ngx_http_finalize_request(r, rc); } @@ -1070,18 +1076,48 @@ ngx_http_modsecurity_header_filter(ngx_http_request_t *r) { ngx_http_modsecurity_loc_conf_t *cf; ngx_http_modsecurity_ctx_t *ctx; + const char *location; + ngx_table_elt_t *h; ngx_int_t rc; + cf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity); ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity); - if (r != r->main || !cf->enable || ctx->complete) { + /* already processed, checking redirect action. */ + if (ctx && ctx->complete + && r->err_status >= NGX_HTTP_MOVED_PERMANENTLY + && r->err_status < 308) { + + /* 3XX load redirect location header so that we can do redirect in phase 3,4 */ + location = apr_table_get(ctx->req->headers_out, "Location"); + + if (location == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + h = ngx_list_push(&r->headers_out.headers); + if (h == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + h->hash = 1; + h->key.data = (u_char *)"Location"; + h->key.len = ngx_strlen("Location"); + h->value.data = (u_char *)location; + h->value.len = ngx_strlen(location); + + return ngx_http_next_header_filter(r); + } + + if (r != r->main || !cf->enable || ctx == NULL ||ctx->complete) { return ngx_http_next_header_filter(r); } ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: header filter"); - if (r->method == NGX_HTTP_HEAD || r->header_only) { + /* header only or SecResponseBodyAccess off */ + if (r->header_only || (!modsecIsResponseBodyAccessEnabled(ctx->req)) ) { ctx->complete = 1; @@ -1091,26 +1127,26 @@ return NGX_HTTP_INTERNAL_SERVER_ERROR; } - rc = modsecProcessResponse(ctx->req); - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSecurity: modsecProcessResponse %d", rc); - - if (rc == DECLINED || rc == APR_SUCCESS) { - - if (ngx_http_modsecurity_save_headers_in(r) != NGX_OK - || ngx_http_modsecurity_save_headers_out(r) != NGX_OK) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } + rc = ngx_http_modsecurity_status(r, modsecProcessResponse(ctx->req)); - return ngx_http_next_header_filter(r); + if (rc != NGX_DECLINED) { + return ngx_http_filter_finalize_request(r, &ngx_http_modsecurity, rc); } - if (rc < NGX_HTTP_SPECIAL_RESPONSE || rc >= 600) { - rc = NGX_HTTP_INTERNAL_SERVER_ERROR; + if (ngx_http_modsecurity_save_headers_in(r) != NGX_OK + || ngx_http_modsecurity_save_headers_out(r) != NGX_OK) { + return ngx_http_filter_finalize_request(r, &ngx_http_modsecurity, NGX_HTTP_INTERNAL_SERVER_ERROR); } - return rc; + return ngx_http_next_header_filter(r); } + /* SecResponseBodyAccess on, process rules in body filter */ + + /* pretend we are ngx_http_header_filter */ + r->header_sent = 1; + + r->filter_need_in_memory = 1; return NGX_OK; } @@ -1122,80 +1158,105 @@ ngx_http_modsecurity_ctx_t *ctx; ngx_int_t rc; apr_off_t content_length; + ngx_chain_t *cl, *out; + ngx_int_t last_buf = 0; cf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity); ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity); - if (r != r->main || !cf->enable || ctx->complete) { + if (r != r->main || !cf->enable || ctx == NULL || ctx->complete) { return ngx_http_next_body_filter(r, in); } ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: body filter"); - if (in == NULL) { - return NGX_AGAIN; + for (cl = in; cl; cl = cl->next) { + apr_bucket *e; + ngx_buf_t *buf = cl->buf; + apr_bucket_brigade *bb = ctx->brigade; + off_t size = ngx_buf_size(buf); + if (size) { + char *data = apr_pmemdup(bb->p, buf->pos, size); + if (data == NULL) { + return ngx_http_filter_finalize_request(r, + &ngx_http_modsecurity, NGX_HTTP_INTERNAL_SERVER_ERROR); + } + e = apr_bucket_pool_create(data , size, bb->p, bb->bucket_alloc); + if (e == NULL) { + return ngx_http_filter_finalize_request(r, + &ngx_http_modsecurity, NGX_HTTP_INTERNAL_SERVER_ERROR); + } + APR_BRIGADE_INSERT_TAIL(bb, e); + } + + if (buf->last_buf) { + last_buf = 1; + buf->last_buf = 0; + e = apr_bucket_eos_create(bb->bucket_alloc); + if (e == NULL) { + return ngx_http_filter_finalize_request(r, + &ngx_http_modsecurity, NGX_HTTP_INTERNAL_SERVER_ERROR); + } + APR_BRIGADE_INSERT_TAIL(bb, e); + break; + } + + buf->pos = buf->last; } - rc = move_chain_to_brigade(in, ctx->brigade, r->pool, 0); - if (rc != NGX_OK) { - return rc; + if (!last_buf) { + return NGX_AGAIN; } /* last buf has been saved */ - ctx->complete = 1; modsecSetResponseBrigade(ctx->req, ctx->brigade); - // TODO: do we need reload headers_in ? - // if (ngx_http_modsecurity_load_headers_in(r) != NGX_OK || ngx_http_modsecurity_load_headers_out(r) != NGX_OK) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; + return ngx_http_filter_finalize_request(r, + &ngx_http_modsecurity, NGX_HTTP_INTERNAL_SERVER_ERROR); } - rc = modsecProcessResponse(ctx->req); - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSecurity: modsecProcessResponse %d", rc); + rc = ngx_http_modsecurity_status(r, modsecProcessResponse(ctx->req)); - if (rc == DECLINED || rc == APR_SUCCESS) { - - in = NULL; - - apr_brigade_length(ctx->brigade, 0, &content_length); - - rc = move_brigade_to_chain(ctx->brigade, &in, r->pool); - if (rc == NGX_ERROR) { - return NGX_ERROR; - } - - if (ngx_http_modsecurity_save_headers_in(r) != NGX_OK - ||ngx_http_modsecurity_save_headers_out(r) != NGX_OK) { + if (rc != NGX_DECLINED) { + return ngx_http_filter_finalize_request(r, &ngx_http_modsecurity, rc); + } - return ngx_http_filter_finalize_request(r, &ngx_http_modsecurity, NGX_HTTP_INTERNAL_SERVER_ERROR); - } + apr_brigade_length(ctx->brigade, 0, &content_length); - if (r->headers_out.content_length_n != -1) { + rc = move_brigade_to_chain(ctx->brigade, &out, r->pool); + if (rc == NGX_ERROR) { + return ngx_http_filter_finalize_request(r, + &ngx_http_modsecurity, NGX_HTTP_INTERNAL_SERVER_ERROR); + } - r->headers_out.content_length_n = content_length; - r->headers_out.content_length = NULL; /* header filter will set this */ - } + if (ngx_http_modsecurity_save_headers_in(r) != NGX_OK + ||ngx_http_modsecurity_save_headers_out(r) != NGX_OK) { - rc = ngx_http_next_header_filter(r); + return ngx_http_filter_finalize_request(r, + &ngx_http_modsecurity, NGX_HTTP_INTERNAL_SERVER_ERROR); + } - if (rc == NGX_ERROR || rc > NGX_OK) { - return ngx_http_filter_finalize_request(r, &ngx_http_modsecurity, rc); - } + if (r->headers_out.content_length_n != -1) { - return ngx_http_next_body_filter(r, in); + r->headers_out.content_length_n = content_length; + r->headers_out.content_length = NULL; /* header filter will set this */ } - if (rc < NGX_HTTP_SPECIAL_RESPONSE || rc >= 600) { - rc = NGX_HTTP_INTERNAL_SERVER_ERROR; + r->header_sent = 0; + rc = ngx_http_next_header_filter(r); + + if (rc == NGX_ERROR || rc > NGX_OK) { + return ngx_http_filter_finalize_request(r, &ngx_http_modsecurity, rc); } - return ngx_http_filter_finalize_request(r, &ngx_http_modsecurity, rc); + return ngx_http_next_body_filter(r, out); } +#define TXID_SIZE 25 static ngx_http_modsecurity_ctx_t * ngx_http_modsecurity_create_ctx(ngx_http_request_t *r) @@ -1205,6 +1266,9 @@ ngx_http_modsecurity_ctx_t *ctx; apr_sockaddr_t *asa; struct sockaddr_in *sin; + char *txid; + unsigned char salt[TXID_SIZE]; + int i; #if (NGX_HAVE_INET6) struct sockaddr_in6 *sin6; #endif @@ -1278,7 +1342,26 @@ ctx->req = modsecNewRequest(ctx->connection, cf->config); apr_table_setn(ctx->req->notes, NOTE_NGINX_REQUEST_CTX, (const char *) ctx); - apr_table_setn(ctx->req->subprocess_env, "UNIQUE_ID", "12345"); + apr_generate_random_bytes(salt, TXID_SIZE); + + txid = apr_pcalloc (ctx->req->pool, TXID_SIZE); + apr_base64_encode (txid, (const char*)salt, TXID_SIZE); + + for(i=0;i<TXID_SIZE;i++) { + if((salt[i] >= 0x30) && (salt[i] <= 0x39)) {} + else if((salt[i] >= 0x40) && (salt[i] <= 0x5A)) {} + else if((salt[i] >= 0x61) && (salt[i] <= 0x7A)) {} + else { + if((i%2)==0) + salt[i] = 0x41; + else + salt[i] = 0x63; + } + } + + salt[i] = '\0'; + + apr_table_setn(ctx->req->subprocess_env, "UNIQUE_ID", apr_psprintf(ctx->req->pool, "%s", salt)); ctx->brigade = apr_brigade_create(ctx->req->pool, ctx->req->connection->bucket_alloc); @@ -1289,7 +1372,7 @@ return ctx; } -static void + static void ngx_http_modsecurity_cleanup(void *data) { ngx_http_modsecurity_ctx_t *ctx = data; @@ -1299,7 +1382,7 @@ } } -static char * + static char * ngx_http_modsecurity_config(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_http_modsecurity_loc_conf_t *mscf = conf; @@ -1325,7 +1408,7 @@ msg = modsecProcessConfig(mscf->config, (const char *)value[1].data, NULL); if (msg != NULL) { ngx_log_error(NGX_LOG_EMERG, cf->log, 0, "ModSecurityConfig in %s:%ui: %s", - cf->conf_file->file.name.data, cf->conf_file->line, msg); + cf->conf_file->file.name.data, cf->conf_file->line, msg); return NGX_CONF_ERROR; } @@ -1333,7 +1416,7 @@ } -static char * + static char * ngx_http_modsecurity_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_http_modsecurity_loc_conf_t *mscf = conf; @@ -1351,7 +1434,7 @@ } -static int + static int ngx_http_modsecurity_drop_action(request_rec *r) { ngx_http_modsecurity_ctx_t *ctx;

@@ -196,7 +196,7 @@ { ngx_pool_context_conf_t *pcf = conf; - ngx_conf_init_uint_value(pcf->size, NGX_POOL_CTX_SIZE); + ngx_conf_init_uint_value(pcf->size, cycle->connection_n); ngx_pool_context_hash_size = pcf->size;

@@ -13,7 +13,7 @@ ../apache2/msc_util.c ../apache2/msc_pcre.c ../apache2/persist_dbm.c ../apache2/msc_reqbody.c \ ../apache2/msc_geo.c ../apache2/msc_gsb.c ../apache2/msc_unicode.c \ ../apache2/acmp.c ../apache2/msc_lua.c ../apache2/msc_release.c \ - ../apache2/msc_crypt.c ../apache2/msc_tree.c \ + ../apache2/msc_crypt.c ../apache2/msc_tree.c ../apache2/libinjection/sqlparse.c \ api.c buckets.c \ config.c filters.c \ hooks.c \ @@ -72,6 +72,10 @@ @PCRE_LDFLAGS@ @LIBXML2_LDFLAGS@ @LUA_LDFLAGS@ endif +standalone_INCS = `echo "@LIBXML2_CFLAGS@ @LUA_CFLAGS@" | sed -n 's/ *-I *$[^ ]*$ /\1 /gp'` \ + @APXS_INCLUDEDIR@ @APR_INCLUDEDIR@ @APU_INCLUDEDIR@ +standalone_LIBS = @APR_LINKLD@ @APU_LINKLD@ @APXS_LDFLAGS@ \ + @PCRE_LDADD@ @LIBXML2_LDADD@ @LUA_LDADD@ install-exec-hook: $(pkglib_LTLIBRARIES) @echo "Creating Nginx config file..."; \ rm -f ../nginx/modsecurity/config; \ @@ -79,9 +83,9 @@ echo "CORE_MODULES=\"\$$CORE_MODULES ngx_pool_context_module\"" >> ../nginx/modsecurity/config; \ echo "HTTP_AUX_FILTER_MODULES=\"ngx_http_modsecurity \$$HTTP_AUX_FILTER_MODULES\"" >> ../nginx/modsecurity/config; \ echo "NGX_ADDON_SRCS=\"\$$NGX_ADDON_SRCS \$$ngx_addon_dir/ngx_http_modsecurity.c \$$ngx_addon_dir/apr_bucket_nginx.c \$$ngx_addon_dir/ngx_pool_context.c\"" >> ../nginx/modsecurity/config;\ - echo "NGX_ADDON_DEPS=\"\$$NGX_ADDON_DEPS \$$ngx_addon_dir/apr_bucket_nginx.h \$$ngx_addon_dir/ngx_pool_context.h\"" >> ../nginx/modsecurity/config; \ - echo "CORE_LIBS=\"\$$CORE_LIBS \$$ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm @LUA_LDADD@\"" >> ../nginx/modsecurity/config; \ - echo "CORE_INCS=\"\$$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 /usr/include/httpd /usr/include/apr-1 \$$ngx_addon_dir \$$ngx_addon_dir/../../standalone \$$ngx_addon_dir/../../apache2 /usr/include/libxml2 `echo @LUA_CFLAGS@ | cut -d "I" -f3`\"" >> ../nginx/modsecurity/config; \ + echo "NGX_ADDON_DEPS=\"\$$NGX_ADDON_DEPS \$$ngx_addon_dir/apr_bucket_nginx.h \$$ngx_addon_dir/ngx_pool_context.h \$$ngx_addon_dir/ngx_http_modsecurity.c \$$ngx_addon_dir/apr_bucket_nginx.c \$$ngx_addon_dir/ngx_pool_context.c\"" >> ../nginx/modsecurity/config; \ + echo "CORE_LIBS=\"\$$CORE_LIBS \$$ngx_addon_dir/../../standalone/.libs/standalone.a $(standalone_LIBS) \"" >> ../nginx/modsecurity/config; \ + echo "CORE_INCS=\"\$$CORE_INCS \$$ngx_addon_dir \$$ngx_addon_dir/../../standalone \$$ngx_addon_dir/../../apache2 $(standalone_INCS)\"" >> ../nginx/modsecurity/config; \ echo "Removing unused static libraries..."; \ for m in $(pkglib_LTLIBRARIES); do \ base=`echo $$m | sed 's/\..*//'`; \

@@ -89,10 +89,11 @@ standalone_la-msc_gsb.lo standalone_la-msc_unicode.lo \ standalone_la-acmp.lo standalone_la-msc_lua.lo \ standalone_la-msc_release.lo standalone_la-msc_crypt.lo \ - standalone_la-msc_tree.lo standalone_la-api.lo \ - standalone_la-buckets.lo standalone_la-config.lo \ - standalone_la-filters.lo standalone_la-hooks.lo \ - standalone_la-regex.lo standalone_la-server.lo + standalone_la-msc_tree.lo standalone_la-sqlparse.lo \ + standalone_la-api.lo standalone_la-buckets.lo \ + standalone_la-config.lo standalone_la-filters.lo \ + standalone_la-hooks.lo standalone_la-regex.lo \ + standalone_la-server.lo standalone_la_OBJECTS = $(am_standalone_la_OBJECTS) standalone_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(standalone_la_CFLAGS) \ @@ -121,13 +122,17 @@ APR_CFLAGS = @APR_CFLAGS@ APR_CONFIG = @APR_CONFIG@ APR_CPPFLAGS = @APR_CPPFLAGS@ +APR_INCLUDEDIR = @APR_INCLUDEDIR@ APR_LDADD = @APR_LDADD@ APR_LDFLAGS = @APR_LDFLAGS@ +APR_LINKLD = @APR_LINKLD@ APR_VERSION = @APR_VERSION@ APU_CFLAGS = @APU_CFLAGS@ APU_CONFIG = @APU_CONFIG@ +APU_INCLUDEDIR = @APU_INCLUDEDIR@ APU_LDADD = @APU_LDADD@ APU_LDFLAGS = @APU_LDFLAGS@ +APU_LINKLD = @APU_LINKLD@ APU_VERSION = @APU_VERSION@ APXS = @APXS@ APXS_BINDIR = @APXS_BINDIR@ @@ -306,7 +311,7 @@ ../apache2/msc_util.c ../apache2/msc_pcre.c ../apache2/persist_dbm.c ../apache2/msc_reqbody.c \ ../apache2/msc_geo.c ../apache2/msc_gsb.c ../apache2/msc_unicode.c \ ../apache2/acmp.c ../apache2/msc_lua.c ../apache2/msc_release.c \ - ../apache2/msc_crypt.c ../apache2/msc_tree.c \ + ../apache2/msc_crypt.c ../apache2/msc_tree.c ../apache2/libinjection/sqlparse.c \ api.c buckets.c \ config.c filters.c \ hooks.c \ @@ -349,6 +354,12 @@ @SOLARIS_TRUE@ @APR_LDFLAGS@ @APU_LDFLAGS@ @APXS_LDFLAGS@ \ @SOLARIS_TRUE@ @PCRE_LDFLAGS@ @LIBXML2_LDFLAGS@ @LUA_LDFLAGS@ +standalone_INCS = `echo "@LIBXML2_CFLAGS@ @LUA_CFLAGS@" | sed -n 's/ *-I *$[^ ]*$ /\1 /gp'` \ + @APXS_INCLUDEDIR@ @APR_INCLUDEDIR@ @APU_INCLUDEDIR@ + +standalone_LIBS = @APR_LINKLD@ @APU_LINKLD@ @APXS_LDFLAGS@ \ + @PCRE_LDADD@ @LIBXML2_LDADD@ @LUA_LDADD@ + all: all-am .SUFFIXES: @@ -456,6 +467,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/standalone_la-re_variables.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/standalone_la-regex.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/standalone_la-server.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/standalone_la-sqlparse.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -660,6 +672,13 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(standalone_la_CPPFLAGS) $(CPPFLAGS) $(standalone_la_CFLAGS) $(CFLAGS) -c -o standalone_la-msc_tree.lo `test -f '../apache2/msc_tree.c' || echo '$(srcdir)/'`../apache2/msc_tree.c +standalone_la-sqlparse.lo: ../apache2/libinjection/sqlparse.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(standalone_la_CPPFLAGS) $(CPPFLAGS) $(standalone_la_CFLAGS) $(CFLAGS) -MT standalone_la-sqlparse.lo -MD -MP -MF $(DEPDIR)/standalone_la-sqlparse.Tpo -c -o standalone_la-sqlparse.lo `test -f '../apache2/libinjection/sqlparse.c' || echo '$(srcdir)/'`../apache2/libinjection/sqlparse.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/standalone_la-sqlparse.Tpo $(DEPDIR)/standalone_la-sqlparse.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='../apache2/libinjection/sqlparse.c' object='standalone_la-sqlparse.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(standalone_la_CPPFLAGS) $(CPPFLAGS) $(standalone_la_CFLAGS) $(CFLAGS) -c -o standalone_la-sqlparse.lo `test -f '../apache2/libinjection/sqlparse.c' || echo '$(srcdir)/'`../apache2/libinjection/sqlparse.c + standalone_la-api.lo: api.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(standalone_la_CPPFLAGS) $(CPPFLAGS) $(standalone_la_CFLAGS) $(CFLAGS) -MT standalone_la-api.lo -MD -MP -MF $(DEPDIR)/standalone_la-api.Tpo -c -o standalone_la-api.lo `test -f 'api.c' || echo '$(srcdir)/'`api.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/standalone_la-api.Tpo $(DEPDIR)/standalone_la-api.Plo @@ -918,7 +937,6 @@ pdf pdf-am ps ps-am tags uninstall uninstall-am \ uninstall-pkglibLTLIBRARIES - install-exec-hook: $(pkglib_LTLIBRARIES) @echo "Creating Nginx config file..."; \ rm -f ../nginx/modsecurity/config; \ @@ -926,9 +944,9 @@ echo "CORE_MODULES=\"\$$CORE_MODULES ngx_pool_context_module\"" >> ../nginx/modsecurity/config; \ echo "HTTP_AUX_FILTER_MODULES=\"ngx_http_modsecurity \$$HTTP_AUX_FILTER_MODULES\"" >> ../nginx/modsecurity/config; \ echo "NGX_ADDON_SRCS=\"\$$NGX_ADDON_SRCS \$$ngx_addon_dir/ngx_http_modsecurity.c \$$ngx_addon_dir/apr_bucket_nginx.c \$$ngx_addon_dir/ngx_pool_context.c\"" >> ../nginx/modsecurity/config;\ - echo "NGX_ADDON_DEPS=\"\$$NGX_ADDON_DEPS \$$ngx_addon_dir/apr_bucket_nginx.h \$$ngx_addon_dir/ngx_pool_context.h\"" >> ../nginx/modsecurity/config; \ - echo "CORE_LIBS=\"\$$CORE_LIBS \$$ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm @LUA_LDADD@\"" >> ../nginx/modsecurity/config; \ - echo "CORE_INCS=\"\$$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 /usr/include/httpd /usr/include/apr-1 \$$ngx_addon_dir \$$ngx_addon_dir/../../standalone \$$ngx_addon_dir/../../apache2 /usr/include/libxml2 `echo @LUA_CFLAGS@ | cut -d "I" -f3`\"" >> ../nginx/modsecurity/config; \ + echo "NGX_ADDON_DEPS=\"\$$NGX_ADDON_DEPS \$$ngx_addon_dir/apr_bucket_nginx.h \$$ngx_addon_dir/ngx_pool_context.h \$$ngx_addon_dir/ngx_http_modsecurity.c \$$ngx_addon_dir/apr_bucket_nginx.c \$$ngx_addon_dir/ngx_pool_context.c\"" >> ../nginx/modsecurity/config; \ + echo "CORE_LIBS=\"\$$CORE_LIBS \$$ngx_addon_dir/../../standalone/.libs/standalone.a $(standalone_LIBS) \"" >> ../nginx/modsecurity/config; \ + echo "CORE_INCS=\"\$$CORE_INCS \$$ngx_addon_dir \$$ngx_addon_dir/../../standalone \$$ngx_addon_dir/../../apache2 $(standalone_INCS)\"" >> ../nginx/modsecurity/config; \ echo "Removing unused static libraries..."; \ for m in $(pkglib_LTLIBRARIES); do \ base=`echo $$m | sed 's/\..*//'`; \

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at @@ -223,40 +223,10 @@ } apr_status_t ap_http_out_filter(ap_filter_t *f, apr_bucket_brigade *b) { - modsec_rec *msr = (modsec_rec *)f->ctx; apr_status_t rc; - apr_bucket_brigade *bb_out; - - bb_out = modsecGetResponseBrigade(f->r); - - - if (bb_out) { - APR_BRIGADE_CONCAT(bb_out, b); - return APR_SUCCESS; - } - - // is there a way to tell whether the response body was modified or not? - // - if((msr->txcfg->content_injection_enabled || msr->content_prepend_len != 0 || msr->content_append_len != 0) - && msr->txcfg->resbody_access) { - - if (modsecWriteResponse != NULL) { - char *data = NULL; - apr_size_t length; - - rc = apr_brigade_pflatten(msr->of_brigade, &data, &length, msr->mp); - - if (rc != APR_SUCCESS) { - msr_log(msr, 1, "Output filter: Failed to flatten brigade (%d): %s", rc, - get_apr_error(msr->mp, rc)); - return -1; - } - - /* TODO: return ?*/ - modsecWriteResponse(msr->r, data, msr->stream_output_length); - } - } + apr_bucket_brigade *bb_out = (apr_bucket_brigade *)f->ctx; + APR_BRIGADE_CONCAT(bb_out, b); return APR_SUCCESS; } @@ -551,74 +521,117 @@ } int modsecProcessResponse(request_rec *r) { - int status = DECLINED; + int status; + modsec_rec *msr; + apr_bucket *e; + ap_filter_t *f; + apr_bucket_brigade *bb_in, *bb_out, *bb; - if(r->output_filters != NULL) { - modsec_rec *msr = (modsec_rec *)r->output_filters->ctx; - char buf[8192]; - char *tmp = NULL; - apr_bucket *e = NULL; + if(r->output_filters == NULL) { + return DECLINED; + } + + msr = (modsec_rec *)r->output_filters->ctx; + if (msr == NULL) { + ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, 0, r->server, + "ModSecurity: Internal Error: msr is null in output filter."); + ap_remove_output_filter(r->output_filters); + return APR_EGENERAL; + } + + msr->r = r; + + /* create input response brigade */ + bb_in = apr_brigade_create(msr->mp, r->connection->bucket_alloc); + + if (bb_in == NULL) { + msr_log(msr, 1, "Process response: Failed to create brigade."); + return APR_EGENERAL; + } + + /* get input response brigade */ + bb = modsecGetResponseBrigade(r); + if (bb != NULL) { + APR_BRIGADE_CONCAT(bb_in, bb); + if (!APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(bb_in))) { + e = apr_bucket_eos_create(bb_in->bucket_alloc); + APR_BRIGADE_INSERT_TAIL(bb_in, e); + } + } else if (modsecReadResponse != NULL) { unsigned int readcnt = 0; int is_eos = 0; - ap_filter_t *f = NULL; - apr_bucket_brigade *bb_in, *bb = NULL; + char buf[8192]; + while(!is_eos) { + modsecReadResponse(r, buf, 8192, &readcnt, &is_eos); - if (msr == NULL) { - ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, 0, r->server, - "ModSecurity: Internal Error: msr is null in output filter."); - ap_remove_output_filter(r->output_filters); - return send_error_bucket(msr, r->output_filters, HTTP_INTERNAL_SERVER_ERROR); + if(readcnt > 0) { + char *tmp = (char *)apr_palloc(r->pool, readcnt); + memcpy(tmp, buf, readcnt); + e = apr_bucket_pool_create(tmp, readcnt, r->pool, r->connection->bucket_alloc); + APR_BRIGADE_INSERT_TAIL(bb_in, e); + } } - bb = apr_brigade_create(msr->mp, r->connection->bucket_alloc); + e = apr_bucket_eos_create(r->connection->bucket_alloc); + APR_BRIGADE_INSERT_TAIL(bb_in, e); + } else { + /* cannot read response body process header only */ - if (bb == NULL) { - msr_log(msr, 1, "Process response: Failed to create brigade."); - return APR_EGENERAL; - } + e = apr_bucket_eos_create(r->connection->bucket_alloc); + APR_BRIGADE_INSERT_TAIL(bb_in, e); + } - msr->r = r; - - bb_in = modsecGetResponseBrigade(r); + bb_out = bb ? bb : apr_brigade_create(msr->mp, r->connection->bucket_alloc); - if (bb_in != NULL) { - APR_BRIGADE_CONCAT(bb, bb_in); - if (!APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(bb))) { - e = apr_bucket_eos_create(bb->bucket_alloc); - APR_BRIGADE_INSERT_TAIL(bb, e); - } - } else if (modsecReadResponse != NULL) { - while(!is_eos) { - modsecReadResponse(r, buf, 8192, &readcnt, &is_eos); - - if(readcnt > 0) { - tmp = (char *)apr_palloc(r->pool, readcnt); - memcpy(tmp, buf, readcnt); - e = apr_bucket_pool_create(tmp, readcnt, r->pool, r->connection->bucket_alloc); - APR_BRIGADE_INSERT_TAIL(bb, e); - } + if (bb_out == NULL) { + msr_log(msr, 1, "Process response: Failed to create brigade."); + return APR_EGENERAL; + } + + /* concat output bucket to bb_out */ + f = ap_add_output_filter("HTTP_OUT", bb_out, r, r->connection); + status = ap_pass_brigade(r->output_filters, bb_in); + ap_remove_output_filter(f); + + if (status == APR_EGENERAL) { + /* retrive response status from bb_out */ + for(e = APR_BRIGADE_FIRST(bb_out); + e != APR_BRIGADE_SENTINEL(bb_out); + e = APR_BUCKET_NEXT(e)) { + if (AP_BUCKET_IS_ERROR(e)) { + return ((ap_bucket_error*) e->data)->status; } + } + return APR_EGENERAL; + } - e = apr_bucket_eos_create(r->connection->bucket_alloc); - APR_BRIGADE_INSERT_TAIL(bb, e); - } else { - /* cannot read response body process header only */ + if (status != DECLINED) { + return status; + } - e = apr_bucket_eos_create(r->connection->bucket_alloc); - APR_BRIGADE_INSERT_TAIL(bb, e); + /* copy bb_out */ + // is there a way to tell whether the response body was modified or not? + if (modsecWriteResponse != NULL + && (msr->txcfg->content_injection_enabled || msr->content_prepend_len != 0 || msr->content_append_len != 0) + && msr->txcfg->resbody_access) { + + char *data = NULL; + apr_size_t length; + + status = apr_brigade_pflatten(msr->of_brigade, &data, &length, msr->mp); + + if (status != APR_SUCCESS) { + msr_log(msr, 1, "Output filter: Failed to flatten brigade (%d): %s", status, + get_apr_error(msr->mp, status)); + return APR_EGENERAL; } - - f = ap_add_output_filter("HTTP_OUT", msr, r, r->connection); - status = ap_pass_brigade(r->output_filters, bb); - ap_remove_output_filter(f); - if(status > 0 - && msr->intercept_actionset->intercept_status != 0) { - status = msr->intercept_actionset->intercept_status; + + if ( modsecWriteResponse(msr->r, data, msr->stream_output_length) != APR_SUCCESS) { + return APR_EGENERAL; } - return status; } - - return status; + + return DECLINED; } int modsecFinishRequest(request_rec *r) {

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at

@@ -21,7 +21,8 @@ $(top_srcdir)/apache2/msc_gsb.c \ $(top_srcdir)/apache2/acmp.c \ $(top_srcdir)/apache2/msc_lua.c \ - $(top_srcdir)/apache2/msc_release.c + $(top_srcdir)/apache2/msc_release.c \ + $(top_srcdir)/apache2/libinjection/sqlparse.c msc_test_CFLAGS = @APXS_CFLAGS@ @APR_CFLAGS@ @APU_CFLAGS@ \ @PCRE_CFLAGS@ @LIBXML2_CFLAGS@ @MODSEC_EXTRA_CFLAGS@ @LUA_CFLAGS@ msc_test_CPPFLAGS = -I$(top_srcdir)/apache2 \

@@ -68,7 +68,8 @@ msc_test-msc_reqbody.$(OBJEXT) msc_test-msc_crypt.$(OBJEXT) \ msc_test-msc_tree.$(OBJEXT) msc_test-msc_geo.$(OBJEXT) \ msc_test-msc_gsb.$(OBJEXT) msc_test-acmp.$(OBJEXT) \ - msc_test-msc_lua.$(OBJEXT) msc_test-msc_release.$(OBJEXT) + msc_test-msc_lua.$(OBJEXT) msc_test-msc_release.$(OBJEXT) \ + msc_test-sqlparse.$(OBJEXT) msc_test_OBJECTS = $(am_msc_test_OBJECTS) msc_test_DEPENDENCIES = msc_test_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -99,13 +100,17 @@ APR_CFLAGS = @APR_CFLAGS@ APR_CONFIG = @APR_CONFIG@ APR_CPPFLAGS = @APR_CPPFLAGS@ +APR_INCLUDEDIR = @APR_INCLUDEDIR@ APR_LDADD = @APR_LDADD@ APR_LDFLAGS = @APR_LDFLAGS@ +APR_LINKLD = @APR_LINKLD@ APR_VERSION = @APR_VERSION@ APU_CFLAGS = @APU_CFLAGS@ APU_CONFIG = @APU_CONFIG@ +APU_INCLUDEDIR = @APU_INCLUDEDIR@ APU_LDADD = @APU_LDADD@ APU_LDFLAGS = @APU_LDFLAGS@ +APU_LINKLD = @APU_LINKLD@ APU_VERSION = @APU_VERSION@ APXS = @APXS@ APXS_BINDIR = @APXS_BINDIR@ @@ -293,7 +298,8 @@ $(top_srcdir)/apache2/msc_gsb.c \ $(top_srcdir)/apache2/acmp.c \ $(top_srcdir)/apache2/msc_lua.c \ - $(top_srcdir)/apache2/msc_release.c + $(top_srcdir)/apache2/msc_release.c \ + $(top_srcdir)/apache2/libinjection/sqlparse.c msc_test_CFLAGS = @APXS_CFLAGS@ @APR_CFLAGS@ @APU_CFLAGS@ \ @PCRE_CFLAGS@ @LIBXML2_CFLAGS@ @MODSEC_EXTRA_CFLAGS@ @LUA_CFLAGS@ @@ -394,6 +400,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/msc_test-re_operators.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/msc_test-re_tfns.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/msc_test-re_variables.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/msc_test-sqlparse.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -738,6 +745,20 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(msc_test_CPPFLAGS) $(CPPFLAGS) $(msc_test_CFLAGS) $(CFLAGS) -c -o msc_test-msc_release.obj `if test -f '$(top_srcdir)/apache2/msc_release.c'; then $(CYGPATH_W) '$(top_srcdir)/apache2/msc_release.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/apache2/msc_release.c'; fi` +msc_test-sqlparse.o: $(top_srcdir)/apache2/libinjection/sqlparse.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(msc_test_CPPFLAGS) $(CPPFLAGS) $(msc_test_CFLAGS) $(CFLAGS) -MT msc_test-sqlparse.o -MD -MP -MF $(DEPDIR)/msc_test-sqlparse.Tpo -c -o msc_test-sqlparse.o `test -f '$(top_srcdir)/apache2/libinjection/sqlparse.c' || echo '$(srcdir)/'`$(top_srcdir)/apache2/libinjection/sqlparse.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/msc_test-sqlparse.Tpo $(DEPDIR)/msc_test-sqlparse.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$(top_srcdir)/apache2/libinjection/sqlparse.c' object='msc_test-sqlparse.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(msc_test_CPPFLAGS) $(CPPFLAGS) $(msc_test_CFLAGS) $(CFLAGS) -c -o msc_test-sqlparse.o `test -f '$(top_srcdir)/apache2/libinjection/sqlparse.c' || echo '$(srcdir)/'`$(top_srcdir)/apache2/libinjection/sqlparse.c + +msc_test-sqlparse.obj: $(top_srcdir)/apache2/libinjection/sqlparse.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(msc_test_CPPFLAGS) $(CPPFLAGS) $(msc_test_CFLAGS) $(CFLAGS) -MT msc_test-sqlparse.obj -MD -MP -MF $(DEPDIR)/msc_test-sqlparse.Tpo -c -o msc_test-sqlparse.obj `if test -f '$(top_srcdir)/apache2/libinjection/sqlparse.c'; then $(CYGPATH_W) '$(top_srcdir)/apache2/libinjection/sqlparse.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/apache2/libinjection/sqlparse.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/msc_test-sqlparse.Tpo $(DEPDIR)/msc_test-sqlparse.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$(top_srcdir)/apache2/libinjection/sqlparse.c' object='msc_test-sqlparse.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(msc_test_CPPFLAGS) $(CPPFLAGS) $(msc_test_CFLAGS) $(CFLAGS) -c -o msc_test-sqlparse.obj `if test -f '$(top_srcdir)/apache2/libinjection/sqlparse.c'; then $(CYGPATH_W) '$(top_srcdir)/apache2/libinjection/sqlparse.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/apache2/libinjection/sqlparse.c'; fi` + mostlyclean-libtool: -rm -f *.lo

@@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ -* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/) +* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * You may not use this file except in compliance with * the License. You may obtain a copy of the License at

@@ -0,0 +1,18 @@ +{ + type => "op", + name => "detectSQLi", + input => "", + ret => 0 +}, +{ + type => "op", + name => "detectSQLi", + input => "this is not isqli", + ret => 0 +}, +{ + type => "op", + name => "detectSQLi", + input => "ascii(substring(version() from 1 for 1))", + ret => 1 +}

+(directory)

@@ -0,0 +1,22 @@ + +user root; +worker_processes 1; +daemon on; +error_log logs/error.log debug; +events { + worker_connections 1024; +} + +http { + ModSecurityEnabled [% enable %]; + ModSecurityConfig [% config %]; + server { + + listen [% listen %]; + server_name localhost; + location / { + } + } +} + +

@@ -0,0 +1,736 @@ +#!/usr/bin/perl +# +# Run regression tests. +# +# Syntax: run-regression-tests.pl [options] [file [N]] +# +# All: run-regression-tests.pl +# All in file: run-regression-tests.pl file +# Nth in file: run-regression-tests.pl file N +# +use strict; +use Time::HiRes qw(gettimeofday sleep); +use POSIX qw(WIFEXITED WEXITSTATUS WIFSIGNALED WTERMSIG); +use File::Spec qw(rel2abs); +use File::Basename qw(basename dirname); +use File::Path qw(make_path); +use FileHandle; +use IPC::Open2 qw(open2); +use IPC::Open3 qw(open3); +use Getopt::Std; +use Data::Dumper; +use IO::Socket; +use LWP::UserAgent; +use Cwd 'abs_path'; +use Template; +use File::Copy::Recursive qw(dircopy); + +my @TYPES = qw(action config misc rule target); +my $SCRIPT = basename($0); +my $SCRIPT_DIR = File::Spec->rel2abs(dirname($0)); +my $REG_DIR = "$SCRIPT_DIR/regression"; +my $NGINX_DIR = "$REG_DIR/nginx"; +my $NGINX_CONF_TEMP = "$REG_DIR/nginx/conf/nginx.conf.template"; +my $NGINX = q(/usr/local/nginx/sbin/nginx); + +my $PASSED = 0; +my $TOTAL = 0; +my $BUFSIZ = 32768; +my %C = (); +my %FILE = (); +my $UA_NAME = "ModSecurity Regression Tests/1.2.3"; +my $UA = LWP::UserAgent->new; +$UA->agent($UA_NAME); + +$SIG{TERM} = $SIG{INT} = \&handle_interrupt; + +my %opt; +getopts('A:E:D:C:T:H:a:p:dvh', \%opt); + +if ($opt{d}) { + $Data::Dumper::Indent = 1; + $Data::Dumper::Terse = 1; + $Data::Dumper::Pad = ""; + $Data::Dumper::Quotekeys = 0; +} + +sub usage { + print stderr <<"EOT"; +@_ + Usage: $SCRIPT [options] [file [N]] + + Options: + -P path Specify nginx prefix path (default: $NGINX_DIR) + -a file Specify nginx binary (default: $NGINX) + -p port Specify nginx port (default: 8088) + -v Enable verbose output (details on failure). + -d Enable debugging output. + -h This help. +EOT + + exit(1); +} + +usage() if ($opt{h}); + +### Check nginx binary +if (defined $opt{a}) { + $NGINX = $opt{a}; +} +else { + $opt{a} = $NGINX; +} +usage("Invalid Apache startup script: $NGINX\n") unless (-e $NGINX); + + +### Defaults +$opt{P} = "$NGINX_DIR" unless (defined $opt{P}); + +my $CONF_DIR = "$opt{P}/conf"; +my $FILES_DIR = "$opt{P}/logs"; +my $PID_FILE = "$FILES_DIR/nginx.pid"; + +$opt{A} = "$FILES_DIR/modsec_audit.log"; +$opt{D} = "$FILES_DIR/modsec_debug.log"; +$opt{E} = "$FILES_DIR/error.log"; +$opt{C} = "$CONF_DIR/nginx.conf"; +$opt{p} = 8088 unless (defined $opt{p}); +$opt{v} = 1 if ($opt{d}); + +if ( !-d "$opt{P}" ) { + make_path($opt{P}) or die $!; +} + +if ( !-d "$opt{P}/logs" ) { + make_path("$opt{P}/logs") or die $!; +} + +if ( !-d "$opt{P}/html" ) { + make_path("$opt{P}/html") or die $!; +} + +dircopy("$REG_DIR/server_root/htdocs","$opt{P}/html") or die $!; + +%ENV = ( + %ENV, + $NGINX_DIR => $opt{P}, + SERVER_PORT => $opt{p}, + SERVER_NAME => "localhost", +# TEST_NGX_PREFIX => $NGINX_DIR, +# DATA_DIR => $DATA_DIR, +# TEMP_DIR => $TEMP_DIR, +# UPLOAD_DIR => $UPLOAD_DIR, + CONF_DIR => $CONF_DIR, +# MODULES_DIR => $MODULES_DIR, + LOGS_DIR => $FILES_DIR, + SCRIPT_DIR => $SCRIPT_DIR, + REGRESSION_DIR => $REG_DIR, + DIST_ROOT => File::Spec->rel2abs(dirname("$SCRIPT_DIR/../../..")), + AUDIT_LOG => $opt{A}, + DEBUG_LOG => $opt{D}, + ERROR_LOG => $opt{E}, + NGINX_CONF => $opt{C}, +# HTDOCS => $opt{H}, + USER_AGENT => $UA_NAME, + ); + +#dbg("OPTIONS: ", \%opt); + +if (-e "$PID_FILE") { + msg("Shutting down previous instance: $PID_FILE"); + nginx_stop(); +} + +if (defined $ARGV[0]) { + runfile(dirname($ARGV[0]), basename($ARGV[0]), $ARGV[1]); + done(); +} + +for my $type (@TYPES) { + my $dir = "$SCRIPT_DIR/regression/$type"; + my @cfg = (); + +# Get test names + opendir(DIR, "$dir") or quit(1, "Failed to open \"$dir\": $!"); + @cfg = grep { /\.t$/ && -f "$dir/$_" } readdir(DIR); + closedir(DIR); + + for my $cfg (sort @cfg) { + runfile($dir, $cfg); + } +} +done(); + + +sub runfile { + my($dir, $cfg, $testnum) = @_; + my $fn = "$dir/$cfg"; + my @data = (); + my $edata; + my @C = (); + my @test = (); + my $teststr; + my $n = 0; + my $pass = 0; + + open(CFG, "<$fn") or quit(1, "Failed to open \"$fn\": $!"); + @data = <CFG>; + + $edata = q/@C = (/ . join("", @data) . q/)/; + eval $edata; + quit(1, "Failed to read test data \"$cfg\": $@") if ($@); + + unless (@C) { + msg("\nNo tests defined for $fn"); + return; + } + + msg("\nLoaded ".@C." tests from $fn"); + for my $t (@C) { + $n++; + next if (defined $testnum and $n != $testnum); + + my $nginx_up = 0; + my %t = %{$t || {}}; + my $id = sprintf("%3d", $n); + my $out = ""; + my $rc = 0; + my $conf_fn; + +# Startup nginx with optionally included conf. + if (exists $t{conf} and defined $t{conf}) { + $conf_fn = sprintf "%s/%s_%s_%06d.conf", + $CONF_DIR, $t{type}, $cfg, $n; +#dbg("Writing test config to: $conf_fn"); + open(CONF, ">$conf_fn") or die "Failed to open conf \"$conf_fn\": $!\n"; + print CONF (ref $t{conf} eq "CODE" ? eval { &{$t{conf}} } : $t{conf}); + msg("$@") if ($@); + close CONF; + my %conf=(config => $conf_fn, enable => "on"); + $nginx_up = nginx_start($t, \%conf) ? 0 : 1; + } + else { + $nginx_up = nginx_start($t) ? 0 : 1; + } + +# Run any prerun setup + if ($rc == 0 and exists $t{prerun} and defined $t{prerun}) { + vrb("Executing perl prerun..."); + $rc = &{$t{prerun}}; + vrb("Perl prerun returned: $rc"); + } + + if ($nginx_up) { +# Perform the request and check response + if (exists $t{request}) { + my $resp = do_request($t{request}); + if (!$resp) { + msg("invalid response"); + vrb("RESPONSE: ", $resp); + $rc = 1; + } + else { + for my $key (keys %{ $t{match_response} || {}}) { + my($neg,$mtype) = ($key =~ m/^(-?)(.*)$/); + my $m = $t{match_response}{$key}; + my $match = match_response($mtype, $resp, $m); + if ($neg and defined $match) { + $rc = 1; + msg("response $mtype matched: $m"); + vrb($resp); + last; + } + elsif (!$neg and !defined $match) { + $rc = 1; + msg("response $mtype failed to match: $m"); + vrb($resp); + last; + } + } + } + } + +# Run any arbitrary perl tests + if ($rc == 0 and exists $t{test} and defined $t{test}) { + dbg("Executing perl test(s)..."); + $rc = eval { &{$t{test}} }; + if (! defined $rc) { + msg("Error running test: $@"); + $rc = -1; + } + dbg("Perl tests returned: $rc"); + } + +# Search for all log matches + if ($rc == 0 and exists $t{match_log} and defined $t{match_log}) { + for my $key (keys %{ $t{match_log} || {}}) { + my($neg,$mtype) = ($key =~ m/^(-?)(.*)$/); + my $m = $t{match_log}{$key}; + my $match = match_log($mtype, @{$m || []}); + if ($neg and defined $match) { + $rc = 1; + msg("$mtype log matched: $m->[0]"); + last; + } + elsif (!$neg and !defined $match) { + $rc = 1; + msg("$mtype log failed to match: $m->[0]"); + last; + } + } + } + +# Search for all file matches + if ($rc == 0 and exists $t{match_file} and defined $t{match_file}) { + sleep 1; # Make sure the file exists + for my $key (keys %{ $t{match_file} || {}}) { + my($neg,$fn) = ($key =~ m/^(-?)(.*)$/); + my $m = $t{match_file}{$key}; + my $match = match_file($fn, $m); + if ($neg and defined $match) { + $rc = 1; + msg("$fn file matched: $m"); + last; + } + elsif (!$neg and !defined $match) { + $rc = 1; + msg("$fn file failed match: $m"); + last; + } + } + } + } + else { + msg("Failed to start nginx."); + $rc = 1; + } + + if ($rc == 0) { + $pass++; + } + else { + vrb("Test Config: $conf_fn"); + vrb("Debug Log: $FILE{debug}{fn}"); + dbg(escape("$FILE{debug}{buf}")); + vrb("Error Log: $FILE{error}{fn}"); + dbg(escape("$FILE{error}{buf}")); + } + + msg(sprintf("%s) %s%s: %s%s", $id, $t{type}, (exists($t{comment}) ? " - $t{comment}" : ""), ($rc ? "failed" : "passed"), ((defined($out) && $out ne "")? " ($out)" : ""))); + + if ($nginx_up) { + $nginx_up = nginx_stop(\%t) ? 0 : 1; + } + + } + + $TOTAL += $testnum ? 1 : $n; + $PASSED += $pass; + + msg(sprintf("Passed: %2d; Failed: %2d", $pass, $testnum ? (1 - $pass) : ($n - $pass))); +} + +# Take out any indenting and translate LF -> CRLF +sub normalize_raw_request_data { + my $r = $_[0]; + +# Allow for indenting in test file + $r =~ s/^[ \t]*\x0d?\x0a//s; + my($indention) = ($r =~ m/^([ \t]*)/s); # indention taken from first line + $r =~ s/^$indention//mg; + $r =~ s/(\x0d?\x0a)[ \t]+$/$1/s; + +# Translate LF to CRLF + $r =~ s/^\x0a/\x0d\x0a/mg; + $r =~ s/([^\x0d])\x0a/$1\x0d\x0a/mg; + + return $r; +} + +sub do_raw_request { + my $sock = new IO::Socket::INET( + Proto => "tcp", + PeerAddr => "localhost", + PeerPort => $opt{p}, + ) or msg("Failed to connect to localhost:$opt{p}: $@"); + return unless ($sock); + +# Join togeather the request + my $r = join("", @_); + dbg($r); + +# Write to socket + print $sock "$r"; + $sock->shutdown(1); + +# Read from socket + my @resp = <$sock>; + $sock->close(); + + return HTTP::Response->parse(join("", @resp)); +} + +sub do_request { + my $r = $_[0]; + +# Allow test to execute code + if (ref $r eq "CODE") { + $r = eval { &$r }; + msg("$@") unless (defined $r); + } + + if (ref $r eq "HTTP::Request") { + my $resp = $UA->request($r); + dbg($resp->request()->as_string()) if ($opt{d}); + return $resp + } + else { + return do_raw_request($r); + } + + return; +} + + +sub match_response { + my($name, $resp, $re) = @_; + + msg("Warning: Empty regular expression.") if (!defined $re or $re eq ""); + + if ($name eq "status") { + return $& if ($resp->code =~ m/$re/); + } + elsif ($name eq "content") { + return $& if ($resp->content =~ m/$re/m); + } + elsif ($name eq "raw") { + return $& if ($resp->as_string =~ m/$re/m); + } + + return; +} + +sub read_log { + my($name, $timeout, $graph) = @_; + return match_log($name, undef, $timeout, $graph); +} + +sub match_log { + my($name, $re, $timeout, $graph) = @_; + my $t0 = gettimeofday; + my($fh,$rbuf) = ($FILE{$name}{fd}, \$FILE{$name}{buf}); + my $n = length($$rbuf); + my $rc = undef; + + unless (defined $fh) { + msg("Error: File \"$name\" is not opened for matching."); + return; + } + + $timeout = 0 unless (defined $timeout); + + my $i = 0; + my $graphed = 0; +READ: { + do { + my $nbytes = $fh->sysread($$rbuf, $BUFSIZ, $n); + if (!defined($nbytes)) { + msg("Error: Could not read \"$name\" log: $!"); + last; + } + elsif (!defined($re) and $nbytes == 0) { + last; + } + +# Remove APR pool debugging + $$rbuf =~ s/POOL DEBUG:[^\n]+PALLOC[^\n]+\n//sg; + + $n = length($$rbuf); + +#dbg("Match \"$re\" in $name \"$$rbuf\" ($n)"); + if ($$rbuf =~ m/$re/m) { + $rc = $&; + last; + } +# TODO: Use select()/poll() + sleep 0.1 unless ($nbytes == $BUFSIZ); + if ($graph and $opt{d}) { + $i++; + if ($i == 10) { + $graphed++; + $i=0; + print STDERR $graph if ($graphed == 1); + print STDERR "." + } + } + } while (gettimeofday - $t0 < $timeout); + } + print STDERR "\n" if ($graphed); + + return $rc; +} + +sub match_file { + my($neg,$fn) = ($_[0] =~ m/^(-?)(.*)$/); + unless (exists $FILE{$fn}) { + eval { + $FILE{$fn}{fn} = $fn; + $FILE{$fn}{fd} = new FileHandle($fn, O_RDONLY) or die "$!\n"; + $FILE{$fn}{fd}->blocking(0); + $FILE{$fn}{buf} = ""; + }; + if ($@) { + msg("Warning: Failed to open file \"$fn\": $@"); + return; + } + } + return match_log($_[0], $_[1]); # timeout makes no sense +} + +sub quote_shell { + my($s) = @_; + return $s unless ($s =~ m|[^\w!%+,\-./:@^]|); + $s =~ s/(['\\])/\\$1/g; + return "'$s'"; +} + +sub escape { + my @new = (); + for my $c (split(//, $_[0])) { + my $oc = ord($c); + push @new, ((($oc >= 0x20 and $oc <= 0x7e) or $oc == 0x0a or $oc == 0x0d) ? $c : sprintf("\\x%02x", ord($c))); +} +join('', @new); +} + +sub dbg { + return unless(@_ and $opt{d}); + my $out = join "", map { + (ref $_ ne "" ? Dumper($_) : $_) + } @_; + $out =~ s/^/DBG: /mg; + print STDOUT "$out\n"; +} + +sub vrb { + return unless(@_ and $opt{v}); + msg(@_); +} + +sub msg { + return unless(@_); + my $out = join "", map { + (ref $_ ne "" ? Dumper($_) : $_) + } @_; + print STDOUT "$out\n"; +} + +sub handle_interrupt { + $SIG{TERM} = $SIG{INT} = \&handle_interrupt; + + msg("Interrupted via SIG$_[0]. Shutting down tests..."); + nginx_stop(); + + quit(1); +} + +sub quit { + my($ec,$msg) = @_; + $ec = 0 unless (defined $_[0]); + + msg("$msg") if (defined $msg); + + exit $ec; +} + +sub done { + if ($PASSED != $TOTAL) { + quit(1, "\n$PASSED/$TOTAL tests passed."); + } + + quit(0, "\nAll tests passed ($TOTAL)."); +} + +sub nginx_stop { + my $t = shift; + my @p = ( + $NGINX, + -p => $opt{P}, + -s => "quit", + ); + + my $nginx_out; + my $nginx_pid = open3(undef, $nginx_out, undef, @p) or quit(1); + my $out = join("\\n", grep(!/POOL DEBUG/, (<$nginx_out>))); + close $nginx_out; + waitpid($nginx_pid, 0); + + my $rc = $?; + if ( WIFEXITED($rc) ) { + $rc = WEXITSTATUS($rc); + vrb("Nginx stop returned with $rc.") if ($rc); + } + elsif( WIFSIGNALED($rc) ) { + msg("Nginx stop failed with signal " . WTERMSIG($rc) . "."); + $rc = -1; + } + else { + msg("Nginx stop failed with unknown error."); + $rc = -1; + } + + sleep 0.5; + if (-e $PID_FILE) { + msg("Nginx stop failed: $PID_FILE still exists"); + } + + return $rc; +} + + +sub nginx_reset_fd { + my($t) = @_; + +# Cleanup + for my $key (keys %FILE) { + if (exists $FILE{$key}{fd} and defined $FILE{$key}{fd}) { + $FILE{$key}{fd}->close(); + } + delete $FILE{$key}; + } + +# Error + eval { + $FILE{error}{fn} = $opt{E}; + $FILE{error}{fd} = new FileHandle($opt{E}, O_RDWR|O_CREAT) or die "$!\n"; + $FILE{error}{fd}->blocking(0); + $FILE{error}{fd}->sysseek(0, 2); + $FILE{error}{buf} = ""; + }; + if ($@) { + msg("Warning: Failed to open file \"$opt{E}\": $@"); + return undef; + } + +# Audit + eval { + $FILE{audit}{fn} = $opt{A}; + $FILE{audit}{fd} = new FileHandle($opt{A}, O_RDWR|O_CREAT) or die "$!\n"; + $FILE{audit}{fd}->blocking(0); + $FILE{audit}{fd}->sysseek(0, 2); + $FILE{audit}{buf} = ""; + }; + if ($@) { + msg("Warning: Failed to open file \"$opt{A}\": $@"); + return undef; + } + +# Debug + eval { + $FILE{debug}{fn} = $opt{D}; + $FILE{debug}{fd} = new FileHandle($opt{D}, O_RDWR|O_CREAT) or die "$!\n"; + $FILE{debug}{fd}->blocking(0); + $FILE{debug}{fd}->sysseek(0, 2); + $FILE{debug}{buf} = ""; + }; + if ($@) { + msg("Warning: Failed to open file \"$opt{D}\": $@"); + return undef; + } + +# Any extras listed in "match_log" + if ($t and exists $t->{match_log}) { + for my $k (keys %{ $t->{match_log} || {} }) { + my($neg,$fn) = ($k =~ m/^(-?)(.*)$/); + next if (!$fn or exists $FILE{$fn}); + eval { + $FILE{$fn}{fn} = $fn; + $FILE{$fn}{fd} = new FileHandle($fn, O_RDWR|O_CREAT) or die "$!\n"; + $FILE{$fn}{fd}->blocking(0); + $FILE{$fn}{fd}->sysseek(0, 2); + $FILE{$fn}{buf} = ""; + }; + if ($@) { + msg("Warning: Failed to open file \"$fn\": $@"); + return undef; + } + } + } +} + +sub encode_chunked { + my($data, $size) = @_; + $size = 128 unless ($size); + my $chunked = ""; + + my $n = 0; + my $bytes = length($data); + while ($bytes >= $size) { + $chunked .= sprintf "%x\x0d\x0a%s\x0d\x0a", $size, substr($data, $n, $size); + $n += $size; + $bytes -= $size; + } + if ($bytes) { + $chunked .= sprintf "%x\x0d\x0a%s\x0d\x0a", $bytes, substr($data, $n, $bytes); + } + $chunked .= "0\x0d\x0a\x0d\x0a" +} + +sub nginx_start { + my ($t) = shift; + my($C) = shift; + + my %conf = ( + listen => "$opt{p}", + config => "$REG_DIR/nginx/conf/empty.conf", + enable => "off", + ); + + while(my($k,$v)= each %$C){ + $conf{$k}=$v; + } + + my ($tt) = Template->new(INCLUDE_PATH => "$REG_DIR/nginx/conf/"); + my ($output); + $tt->process("nginx.conf.template", \%conf, \$output) || die $tt->error; + + open (OUTFILE, ">$opt{C}"); + print OUTFILE "$output"; + close(OUTFILE); + + nginx_reset_fd($t); + + my @p = ($NGINX, -p => $opt{P}); + + my $nginx_out; + my $nginx_pid = open3(undef, $nginx_out, undef, @p) or quit(1); + my $out = join("\\n", grep(!/POOL DEBUG/, (<$nginx_out>))); + close $nginx_out; + waitpid($nginx_pid, 0); + + my $rc = $?; + if ( WIFEXITED($rc) ) { + $rc = WEXITSTATUS($rc); + vrb("Nginx start returned with $rc.") if ($rc); + } + elsif( WIFSIGNALED($rc) ) { + msg("Nginx start failed with signal " . WTERMSIG($rc) . "."); + $rc = -1; + } + else { + msg("Nginx start failed with unknown error."); + $rc = -1; + } + +# Look for startup msg +# unless (defined match_log("error", qr/start worker process/, 60, "Waiting on nginx to start: ")) { +# vrb(join(" ", map { quote_shell($_) } @p)); +# vrb(match_log("error", qr/(^.*ModSecurity: .*)/sm, 10)); +# msg("Nginx server failed to start."); +# nginx_stop(); +# return -1; +# } + + return $rc; +} +

@@ -85,13 +85,17 @@ APR_CFLAGS = @APR_CFLAGS@ APR_CONFIG = @APR_CONFIG@ APR_CPPFLAGS = @APR_CPPFLAGS@ +APR_INCLUDEDIR = @APR_INCLUDEDIR@ APR_LDADD = @APR_LDADD@ APR_LDFLAGS = @APR_LDFLAGS@ +APR_LINKLD = @APR_LINKLD@ APR_VERSION = @APR_VERSION@ APU_CFLAGS = @APU_CFLAGS@ APU_CONFIG = @APU_CONFIG@ +APU_INCLUDEDIR = @APU_INCLUDEDIR@ APU_LDADD = @APU_LDADD@ APU_LDFLAGS = @APU_LDFLAGS@ +APU_LINKLD = @APU_LINKLD@ APU_VERSION = @APU_VERSION@ APXS = @APXS@ APXS_BINDIR = @APXS_BINDIR@

Changes of Revision 21