Initial import

author: Sebastien Blot 2017-09-20 10:11:01 +0200
committer: Sebastien Blot 2017-09-20 10:11:01 +0200
commit: 868f96c759b6650d88ff9f4fbc5c048302134248 (patch)
tree: c0de0af318bf77a8959164ef11aeeeb2b7bab294 /src/sp_config.h
1 files changed, 206 insertions, 0 deletions
diff --git a/src/sp_config.h b/src/sp_config.h
new file mode 100644
index 0000000..54ec2cc
--- /dev/null
+++ b/src/sp_config.h
@@ -0,0 +1,206 @@
+#ifndef SP_CONFIG_H
+#define SP_CONFIG_H
+#include <arpa/inet.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+typedef enum {
+  SP_TYPE_STR = 0,
+  SP_TYPE_REGEXP,
+  SP_TYPE_INT,
+  SP_TYPE_EMPTY
+} sp_type;
+typedef enum {
+  SP_PHP_TYPE_UNDEF = IS_UNDEF, 
+  SP_PHP_TYPE_NULL = IS_NULL, 
+  SP_PHP_TYPE_FALSE = IS_FALSE, 
+  SP_PHP_TYPE_TRUE = IS_TRUE, 
+  SP_PHP_TYPE_LONG = IS_LONG, 
+  SP_PHP_TYPE_DOUBLE = IS_DOUBLE, 
+  SP_PHP_TYPE_STRING = IS_STRING, 
+  SP_PHP_TYPE_ARRAY = IS_ARRAY, 
+  SP_PHP_TYPE_OBJECT = IS_OBJECT, 
+  SP_PHP_TYPE_RESOURCE = IS_RESOURCE, 
+  SP_PHP_TYPE_REFERENCE = IS_REFERENCE
+} sp_php_type;
+typedef struct {
+  int ip_version;
+  union {
+    struct in_addr ipv4;
+    struct in6_addr ipv6;
+  } ip;
+  uint8_t mask;
+} sp_cidr;
+typedef struct { char *encryption_key; } sp_config_encryption_key;
+typedef struct {
+        bool enable;
+        bool simulation;
+} sp_config_readonly_exec;
+typedef struct { bool enable; } sp_config_global_strict;
+typedef struct { bool enable; } sp_config_random;
+typedef struct { bool enable; } sp_config_auto_cookie_secure;
+typedef struct { bool enable; } sp_config_disable_xxe;
+typedef struct {
+  HashTable *names;
+  uint32_t mask_ipv4;
+  uint32_t mask_ipv6;
+} sp_config_cookie_encryption;
+typedef struct {
+  bool enable;
+  bool simulation;
+} sp_config_unserialize;
+typedef struct {
+  char *filename;
+  pcre *r_filename;
+  char *function;
+  pcre *r_function;
+  char *hash;
+  int simulation;
+  bool enable;
+  char *param;
+  pcre *r_param;
+  sp_php_type param_type;
+  char *ret;
+  pcre *r_ret;
+  sp_php_type ret_type;
+  
+  pcre *regexp;
+  char *value;
+  char *dump;
+  char *alias;
+  bool param_is_array;
+  bool var_is_array;
+  sp_node_t *param_array_keys;
+  sp_node_t *var_array_keys;
+  bool allow;
+  bool drop;
+  char *var;
+  sp_cidr *cidr;
+} sp_disabled_function;
+typedef struct {
+  sp_node_t *disabled_functions;  // list of sp_disabled_function
+} sp_config_disabled_functions;
+typedef struct {
+  sp_node_t *regexp_inclusion;  // list of regexp for inclusion
+} sp_config_regexp_inclusion;
+typedef struct {
+  char *script;
+  bool simulation;
+  bool enable;
+} sp_config_upload_validation;
+typedef struct {
+  sp_config_random *config_random;
+  sp_config_unserialize *config_unserialize;
+  sp_config_disabled_functions *config_disabled_functions;
+  sp_config_disabled_functions *config_disabled_functions_ret;
+  sp_config_readonly_exec *config_readonly_exec;
+  sp_config_upload_validation *config_upload_validation;
+  sp_config_cookie_encryption *config_cookie_encryption;
+  sp_config_encryption_key *config_snuffleupagus;
+  sp_config_auto_cookie_secure *config_auto_cookie_secure;
+  sp_config_global_strict *config_global_strict;
+  sp_config_disable_xxe *config_disable_xxe;
+  sp_config_regexp_inclusion *config_regexp_inclusion;
+} sp_config;
+typedef struct {
+  int (*func)(char *, char *, void *);
+  char *token;
+  void *retval;
+} sp_config_functions;
+typedef struct {
+  int (*func)(char *);
+  char *token;
+} sp_config_tokens;
+#define SP_TOKEN_BASE "sp"
+#define SP_TOKEN_AUTO_COOKIE_SECURE ".auto_cookie_secure"
+#define SP_TOKEN_COOKIE_ENCRYPTION ".cookie_encryption"
+#define SP_TOKEN_DISABLE_FUNC ".disable_functions"
+#define SP_TOKEN_GLOBAL ".global"
+#define SP_TOKEN_GLOBAL_STRICT ".global_strict"
+#define SP_TOKEN_HARDEN_RANDOM ".harden_random"
+#define SP_TOKEN_READONLY_EXEC ".readonly_exec"
+#define SP_TOKEN_UNSERIALIZE_HMAC ".unserialize_hmac"
+#define SP_TOKEN_UPLOAD_VALIDATION ".upload_validation"
+#define SP_TOKEN_DISABLE_XXE ".disable_xxe"
+// common tokens
+#define SP_TOKEN_ENABLE ".enable("
+#define SP_TOKEN_DISABLE ".disable("
+#define SP_TOKEN_SIMULATION ".simulation("
+#define SP_TOKEN_TRUE "1"
+#define SP_TOKEN_FALSE "0"
+#define SP_TOKEN_DUMP ".dump("
+#define SP_TOKEN_ALIAS ".alias("
+#define SP_TOKEN_ALLOW ".allow("
+#define SP_TOKEN_DROP ".drop("
+#define SP_TOKEN_END_PARAM ')'
+// disable_function
+#define SP_TOKEN_CIDR ".cidr("
+#define SP_TOKEN_FILENAME ".filename("
+#define SP_TOKEN_FILENAME_REGEXP ".filename_r("
+#define SP_TOKEN_FUNCTION ".function("
+#define SP_TOKEN_FUNCTION_REGEXP ".function_r("
+#define SP_TOKEN_HASH ".hash("
+#define SP_TOKEN_LOCAL_VAR ".var("
+#define SP_TOKEN_PARAM ".param("
+#define SP_TOKEN_PARAM_REGEXP ".param_r("
+#define SP_TOKEN_PARAM_TYPE ".param_type("
+#define SP_TOKEN_RET ".ret("
+#define SP_TOKEN_RET_REGEXP ".ret_r("
+#define SP_TOKEN_RET_TYPE ".ret_type("
+#define SP_TOKEN_VALUE ".value("
+#define SP_TOKEN_VALUE_REGEXP ".value_r("
+// cookies encryption
+#define SP_TOKEN_NAME ".cookie("
+#define SP_TOKEN_MASK_IPV4 ".mask_ipv4("
+#define SP_TOKEN_MASK_IPV6 ".mask_ipv6("
+// Global configuration options
+#define SP_TOKEN_ENCRYPTION_KEY ".secret_key("
+// upload_validator
+#define SP_TOKEN_UPLOAD_SCRIPT ".script("
+int sp_parse_config(const char *);
+int parse_array(sp_disabled_function *);
+int parse_str(char *restrict, char *restrict, void *);
+int parse_regexp(char *restrict, char *restrict, void *);
+int parse_empty(char *restrict, char *restrict, void *);
+int parse_int(char *restrict, char *restrict, void *);
+int parse_cidr(char *restrict, char *restrict, void *);
+int parse_php_type(char *restrict, char *restrict, void *);
+#endif /* SP_CONFIG_H */
author	Sebastien Blot	2017-09-20 10:11:01 +0200
committer	Sebastien Blot	2017-09-20 10:11:01 +0200
commit	868f96c759b6650d88ff9f4fbc5c048302134248 (patch)
tree	c0de0af318bf77a8959164ef11aeeeb2b7bab294 /src/sp_config.h

diff --git a/src/sp_config.h b/src/sp_config.h new file mode 100644 index 0000000..54ec2cc --- /dev/null +++ b/src/sp_config.h
@@ -0,0 +1,206 @@
	1	#ifndef SP_CONFIG_H
	2	#define SP_CONFIG_H
	3
	4	#include <arpa/inet.h>
	5	#include <netinet/in.h>
	6	#include <sys/socket.h>
	7
	8	typedef enum {
	9	SP_TYPE_STR = 0,
	10	SP_TYPE_REGEXP,
	11	SP_TYPE_INT,
	12	SP_TYPE_EMPTY
	13	} sp_type;
	14
	15	typedef enum {
	16	SP_PHP_TYPE_UNDEF = IS_UNDEF,
	17	SP_PHP_TYPE_NULL = IS_NULL,
	18	SP_PHP_TYPE_FALSE = IS_FALSE,
	19	SP_PHP_TYPE_TRUE = IS_TRUE,
	20	SP_PHP_TYPE_LONG = IS_LONG,
	21	SP_PHP_TYPE_DOUBLE = IS_DOUBLE,
	22	SP_PHP_TYPE_STRING = IS_STRING,
	23	SP_PHP_TYPE_ARRAY = IS_ARRAY,
	24	SP_PHP_TYPE_OBJECT = IS_OBJECT,
	25	SP_PHP_TYPE_RESOURCE = IS_RESOURCE,
	26	SP_PHP_TYPE_REFERENCE = IS_REFERENCE
	27	} sp_php_type;
	28
	29	typedef struct {
	30	int ip_version;
	31	union {
	32	struct in_addr ipv4;
	33	struct in6_addr ipv6;
	34	} ip;
	35	uint8_t mask;
	36	} sp_cidr;
	37
	38	typedef struct { char *encryption_key; } sp_config_encryption_key;
	39
	40	typedef struct {
	41	bool enable;
	42	bool simulation;
	43	} sp_config_readonly_exec;
	44
	45	typedef struct { bool enable; } sp_config_global_strict;
	46
	47	typedef struct { bool enable; } sp_config_random;
	48
	49	typedef struct { bool enable; } sp_config_auto_cookie_secure;
	50
	51	typedef struct { bool enable; } sp_config_disable_xxe;
	52
	53	typedef struct {
	54	HashTable *names;
	55	uint32_t mask_ipv4;
	56	uint32_t mask_ipv6;
	57	} sp_config_cookie_encryption;
	58
	59	typedef struct {
	60	bool enable;
	61	bool simulation;
	62	} sp_config_unserialize;
	63
	64	typedef struct {
	65	char *filename;
	66	pcre *r_filename;
	67
	68	char *function;
	69	pcre *r_function;
	70
	71	char *hash;
	72	int simulation;
	73	bool enable;
	74
	75	char *param;
	76	pcre *r_param;
	77	sp_php_type param_type;
	78
	79	char *ret;
	80	pcre *r_ret;
	81	sp_php_type ret_type;
	82
	83	pcre *regexp;
	84	char *value;
	85
	86	char *dump;
	87	char *alias;
	88	bool param_is_array;
	89	bool var_is_array;
	90	sp_node_t *param_array_keys;
	91	sp_node_t *var_array_keys;
	92
	93	bool allow;
	94	bool drop;
	95
	96	char *var;
	97
	98	sp_cidr *cidr;
	99	} sp_disabled_function;
	100
	101	typedef struct {
	102	sp_node_t *disabled_functions; // list of sp_disabled_function
	103	} sp_config_disabled_functions;
	104
	105	typedef struct {
	106	sp_node_t *regexp_inclusion; // list of regexp for inclusion
	107	} sp_config_regexp_inclusion;
	108
	109	typedef struct {
	110	char *script;
	111	bool simulation;
	112	bool enable;
	113	} sp_config_upload_validation;
	114
	115	typedef struct {
	116	sp_config_random *config_random;
	117	sp_config_unserialize *config_unserialize;
	118	sp_config_disabled_functions *config_disabled_functions;
	119	sp_config_disabled_functions *config_disabled_functions_ret;
	120	sp_config_readonly_exec *config_readonly_exec;
	121	sp_config_upload_validation *config_upload_validation;
	122	sp_config_cookie_encryption *config_cookie_encryption;
	123	sp_config_encryption_key *config_snuffleupagus;
	124	sp_config_auto_cookie_secure *config_auto_cookie_secure;
	125	sp_config_global_strict *config_global_strict;
	126	sp_config_disable_xxe *config_disable_xxe;
	127	sp_config_regexp_inclusion *config_regexp_inclusion;
	128	} sp_config;
	129
	130	typedef struct {
	131	int (func)(char , char , void );
	132	char *token;
	133	void *retval;
	134	} sp_config_functions;
	135
	136	typedef struct {
	137	int (func)(char );
	138	char *token;
	139	} sp_config_tokens;
	140
	141	#define SP_TOKEN_BASE "sp"
	142
	143	#define SP_TOKEN_AUTO_COOKIE_SECURE ".auto_cookie_secure"
	144	#define SP_TOKEN_COOKIE_ENCRYPTION ".cookie_encryption"
	145	#define SP_TOKEN_DISABLE_FUNC ".disable_functions"
	146	#define SP_TOKEN_GLOBAL ".global"
	147	#define SP_TOKEN_GLOBAL_STRICT ".global_strict"
	148	#define SP_TOKEN_HARDEN_RANDOM ".harden_random"
	149	#define SP_TOKEN_READONLY_EXEC ".readonly_exec"
	150	#define SP_TOKEN_UNSERIALIZE_HMAC ".unserialize_hmac"
	151	#define SP_TOKEN_UPLOAD_VALIDATION ".upload_validation"
	152	#define SP_TOKEN_DISABLE_XXE ".disable_xxe"
	153
	154	// common tokens
	155	#define SP_TOKEN_ENABLE ".enable("
	156	#define SP_TOKEN_DISABLE ".disable("
	157	#define SP_TOKEN_SIMULATION ".simulation("
	158	#define SP_TOKEN_TRUE "1"
	159	#define SP_TOKEN_FALSE "0"
	160	#define SP_TOKEN_DUMP ".dump("
	161	#define SP_TOKEN_ALIAS ".alias("
	162	#define SP_TOKEN_ALLOW ".allow("
	163	#define SP_TOKEN_DROP ".drop("
	164
	165	#define SP_TOKEN_END_PARAM ')'
	166
	167	// disable_function
	168	#define SP_TOKEN_CIDR ".cidr("
	169	#define SP_TOKEN_FILENAME ".filename("
	170	#define SP_TOKEN_FILENAME_REGEXP ".filename_r("
	171	#define SP_TOKEN_FUNCTION ".function("
	172	#define SP_TOKEN_FUNCTION_REGEXP ".function_r("
	173	#define SP_TOKEN_HASH ".hash("
	174	#define SP_TOKEN_LOCAL_VAR ".var("
	175	#define SP_TOKEN_PARAM ".param("
	176	#define SP_TOKEN_PARAM_REGEXP ".param_r("
	177	#define SP_TOKEN_PARAM_TYPE ".param_type("
	178	#define SP_TOKEN_RET ".ret("
	179	#define SP_TOKEN_RET_REGEXP ".ret_r("
	180	#define SP_TOKEN_RET_TYPE ".ret_type("
	181	#define SP_TOKEN_VALUE ".value("
	182	#define SP_TOKEN_VALUE_REGEXP ".value_r("
	183
	184	// cookies encryption
	185	#define SP_TOKEN_NAME ".cookie("
	186	#define SP_TOKEN_MASK_IPV4 ".mask_ipv4("
	187	#define SP_TOKEN_MASK_IPV6 ".mask_ipv6("
	188
	189	// Global configuration options
	190	#define SP_TOKEN_ENCRYPTION_KEY ".secret_key("
	191
	192	// upload_validator
	193	#define SP_TOKEN_UPLOAD_SCRIPT ".script("
	194
	195	int sp_parse_config(const char *);
	196	int parse_array(sp_disabled_function *);
	197
	198	int parse_str(char restrict, char restrict, void *);
	199	int parse_regexp(char restrict, char restrict, void *);
	200	int parse_empty(char restrict, char restrict, void *);
	201	int parse_int(char restrict, char restrict, void *);
	202	int parse_cidr(char restrict, char restrict, void *);
	203	int parse_php_type(char restrict, char restrict, void *);
	204
	205
	206	#endif /* SP_CONFIG_H */