summaryrefslogtreecommitdiff
path: root/src/sp_config.h
diff options
context:
space:
mode:
authorxXx-caillou-xXx2017-11-24 14:03:37 +0100
committerjvoisin2017-11-24 14:03:37 +0100
commit5a224ee0c92d1639395d6a0c629316ae64226125 (patch)
tree8925d27e2bbfa877e9fb1fc20868fbef3d009b04 /src/sp_config.h
parent79304a29661476dc75bba07c5a83133122bbcb5c (diff)
Implement anti csrf measures
This is done by using the "samesite" cookie attribute.
Diffstat (limited to 'src/sp_config.h')
-rw-r--r--src/sp_config.h23
1 files changed, 19 insertions, 4 deletions
diff --git a/src/sp_config.h b/src/sp_config.h
index e14e30b..12f12e8 100644
--- a/src/sp_config.h
+++ b/src/sp_config.h
@@ -55,7 +55,12 @@ typedef struct { bool enable; } sp_config_auto_cookie_secure;
55 55
56typedef struct { bool enable; } sp_config_disable_xxe; 56typedef struct { bool enable; } sp_config_disable_xxe;
57 57
58typedef struct { HashTable *names; } sp_config_cookie_encryption; 58enum samesite_type {strict=1, lax=2};
59
60typedef struct {
61 enum samesite_type samesite;
62 bool encrypt;
63} sp_cookie;
59 64
60typedef struct { 65typedef struct {
61 bool enable; 66 bool enable;
@@ -105,6 +110,10 @@ typedef struct {
105} sp_config_disabled_functions; 110} sp_config_disabled_functions;
106 111
107typedef struct { 112typedef struct {
113 HashTable *cookies; // HashTable of sp_cookie
114} sp_config_cookie;
115
116typedef struct {
108 sp_node_t *construct_include; // list of rules for `(include|require)_(once)?` 117 sp_node_t *construct_include; // list of rules for `(include|require)_(once)?`
109 sp_node_t *construct_echo; 118 sp_node_t *construct_echo;
110} sp_config_disabled_constructs; 119} sp_config_disabled_constructs;
@@ -122,7 +131,7 @@ typedef struct {
122 sp_config_disabled_functions *config_disabled_functions_ret; 131 sp_config_disabled_functions *config_disabled_functions_ret;
123 sp_config_readonly_exec *config_readonly_exec; 132 sp_config_readonly_exec *config_readonly_exec;
124 sp_config_upload_validation *config_upload_validation; 133 sp_config_upload_validation *config_upload_validation;
125 sp_config_cookie_encryption *config_cookie_encryption; 134 sp_config_cookie *config_cookie;
126 sp_config_global *config_snuffleupagus; 135 sp_config_global *config_snuffleupagus;
127 sp_config_auto_cookie_secure *config_auto_cookie_secure; 136 sp_config_auto_cookie_secure *config_auto_cookie_secure;
128 sp_config_global_strict *config_global_strict; 137 sp_config_global_strict *config_global_strict;
@@ -144,7 +153,7 @@ typedef struct {
144#define SP_TOKEN_BASE "sp" 153#define SP_TOKEN_BASE "sp"
145 154
146#define SP_TOKEN_AUTO_COOKIE_SECURE ".auto_cookie_secure" 155#define SP_TOKEN_AUTO_COOKIE_SECURE ".auto_cookie_secure"
147#define SP_TOKEN_COOKIE_ENCRYPTION ".cookie_encryption" 156#define SP_TOKEN_COOKIE_ENCRYPTION ".cookie"
148#define SP_TOKEN_DISABLE_FUNC ".disable_function" 157#define SP_TOKEN_DISABLE_FUNC ".disable_function"
149#define SP_TOKEN_GLOBAL ".global" 158#define SP_TOKEN_GLOBAL ".global"
150#define SP_TOKEN_GLOBAL_STRICT ".global_strict" 159#define SP_TOKEN_GLOBAL_STRICT ".global_strict"
@@ -187,7 +196,13 @@ typedef struct {
187#define SP_TOKEN_LINE_NUMBER ".line(" 196#define SP_TOKEN_LINE_NUMBER ".line("
188 197
189// cookies encryption 198// cookies encryption
190#define SP_TOKEN_NAME ".cookie(" 199#define SP_TOKEN_NAME ".name("
200
201// cookies samesite
202#define SP_TOKEN_SAMESITE ".samesite("
203#define SP_TOKEN_ENCRYPT ".encrypt("
204#define SP_TOKEN_SAMESITE_LAX "Lax"
205#define SP_TOKEN_SAMESITE_STRICT "Strict"
191 206
192// Global configuration options 207// Global configuration options
193#define SP_TOKEN_ENCRYPTION_KEY ".secret_key(" 208#define SP_TOKEN_ENCRYPTION_KEY ".secret_key("