Implement regexp support for cookies encryption

It's now possible to encrypt cookies matching a specific regexp. This should close #106
author: Thibault "bui" Koechlin 2017-12-28 13:37:10 +0100
committer: jvoisin 2017-12-28 13:37:10 +0100
commit: bc4d0e014e9fb1edd05e6f9c91cbf97b6c5546b4 (patch)
tree: cad37642d9c1e5ef786f29c18a030c4a8a288af2 /src/sp_config_keywords.c
parent: fe057bba5baaef8fe428b971604194ef9c9119c0 (diff)
1 files changed, 32 insertions, 33 deletions
diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c
index 32363b8..f4ff249 100644
--- a/src/sp_config_keywords.c
+++ b/src/sp_config_keywords.c
@@ -104,16 +104,15 @@ int parse_global(char *line) {
 int parse_cookie(char *line) {
  int ret = 0;
-  char *samesite = NULL, *name = NULL;
+  char *samesite = NULL;
  sp_cookie *cookie = pecalloc(sizeof(sp_cookie), 1, 1);
-  zend_string *zend_name;
  sp_config_functions sp_config_funcs_cookie_encryption[] = {
-      {parse_str, SP_TOKEN_NAME, &name},
+    {parse_str, SP_TOKEN_NAME, &(cookie->name)},
-      {parse_str, SP_TOKEN_SAMESITE, &samesite},
+    {parse_regexp, SP_TOKEN_NAME_REGEXP, &(cookie->name_r)},
-      {parse_empty, SP_TOKEN_SIMULATION, &cookie->simulation},
+    {parse_str, SP_TOKEN_SAMESITE, &samesite},
-      {parse_empty, SP_TOKEN_ENCRYPT, &cookie->encrypt},
+    {parse_empty, SP_TOKEN_ENCRYPT, &cookie->encrypt},
-      {0}};
+    {0}};
  ret = parse_keywords(sp_config_funcs_cookie_encryption, line);
  if (0 != ret) {
@@ -122,21 +121,18 @@ int parse_cookie(char *line) {
  if (cookie->encrypt) {
    if (0 == (SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var)) {
-      sp_log_err(
+      sp_log_err("config",
-          "config",
+                 "You're trying to use the cookie encryption feature"
-          "You're trying to use the cookie encryption feature"
+                 "on line %zu without having set the `.cookie_env_var` option in"
-          "on line %zu without having set the `.cookie_env_var` option in"
+                 "`sp.global`: please set it first.",
-          "`sp.global`: please set it first.",
          sp_line_no);
      return -1;
-    } else if (0 ==
+    } else if (0 == (SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)) {
-               (SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)) {
+      sp_log_err("config",
-      sp_log_err(
+                 "You're trying to use the cookie encryption feature"
-          "config",
+                 "on line %zu without having set the `.encryption_key` option in"
-          "You're trying to use the cookie encryption feature"
+                 "`sp.global`: please set it first.",
-          "on line %zu without having set the `.encryption_key` option in"
+                 sp_line_no);
-          "`sp.global`: please set it first.",
-          sp_line_no);
      return -1;
    }
  } else if (!samesite) {
@@ -146,9 +142,16 @@ int parse_cookie(char *line) {
               sp_line_no);
    return -1;
  }
-  if (0 == strlen(name)) {
+  if ((!cookie->name || '\0' == cookie->name[0]) && !cookie->name_r) {
+    sp_log_err("config",
+               "You must specify a cookie name/regexp on line "
+               "%zu.",
+               sp_line_no);
+    return -1;
+  }
+  if (cookie->name && cookie->name_r) {
    sp_log_err("config",
-               "You must specify a cookie name on line "
+               "name and name_r are mutually exclusive on line "
               "%zu.",
               sp_line_no);
    return -1;
@@ -159,20 +162,16 @@ int parse_cookie(char *line) {
    } else if (0 == strcasecmp(samesite, SP_TOKEN_SAMESITE_STRICT)) {
      cookie->samesite = strict;
    } else {
-      sp_log_err(
+      sp_log_err("config",
-          "config",
+                 "%s is an invalid value to samesite (expected %s or %s) on line "
-          "%s is an invalid value to samesite (expected %s or %s) on line "
+                 "%zu.",
-          "%zu.",
+                 samesite, SP_TOKEN_SAMESITE_LAX, SP_TOKEN_SAMESITE_STRICT,
-          samesite, SP_TOKEN_SAMESITE_LAX, SP_TOKEN_SAMESITE_STRICT,
+                 sp_line_no);
-          sp_line_no);
      return -1;
    }
  }
+  sp_list_insert(SNUFFLEUPAGUS_G(config).config_cookie->cookies,
-  zend_name = zend_string_init(name, strlen(name), 1);
+                 cookie);
-  zend_hash_add_ptr(SNUFFLEUPAGUS_G(config).config_cookie->cookies, zend_name,
-                    cookie);
  return SUCCESS;
 }
author	Thibault "bui" Koechlin	2017-12-28 13:37:10 +0100
committer	jvoisin	2017-12-28 13:37:10 +0100
commit	bc4d0e014e9fb1edd05e6f9c91cbf97b6c5546b4 (patch)
tree	cad37642d9c1e5ef786f29c18a030c4a8a288af2 /src/sp_config_keywords.c
parent	fe057bba5baaef8fe428b971604194ef9c9119c0 (diff)

diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index 32363b8..f4ff249 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c
@@ -104,16 +104,15 @@ int parse_global(char *line) {
104		104
105	int parse_cookie(char *line) {	105	int parse_cookie(char *line) {
106	int ret = 0;	106	int ret = 0;
107	char samesite = NULL, name = NULL;	107	char *samesite = NULL;
108	sp_cookie *cookie = pecalloc(sizeof(sp_cookie), 1, 1);	108	sp_cookie *cookie = pecalloc(sizeof(sp_cookie), 1, 1);
109	zend_string *zend_name;
110		109
111	sp_config_functions sp_config_funcs_cookie_encryption[] = {	110	sp_config_functions sp_config_funcs_cookie_encryption[] = {
112	{parse_str, SP_TOKEN_NAME, &name},	111	{parse_str, SP_TOKEN_NAME, &(cookie->name)},
113	{parse_str, SP_TOKEN_SAMESITE, &samesite},	112	{parse_regexp, SP_TOKEN_NAME_REGEXP, &(cookie->name_r)},
114	{parse_empty, SP_TOKEN_SIMULATION, &cookie->simulation},	113	{parse_str, SP_TOKEN_SAMESITE, &samesite},
115	{parse_empty, SP_TOKEN_ENCRYPT, &cookie->encrypt},	114	{parse_empty, SP_TOKEN_ENCRYPT, &cookie->encrypt},
116	{0}};	115	{0}};
117		116
118	ret = parse_keywords(sp_config_funcs_cookie_encryption, line);	117	ret = parse_keywords(sp_config_funcs_cookie_encryption, line);
119	if (0 != ret) {	118	if (0 != ret) {
@@ -122,21 +121,18 @@ int parse_cookie(char *line) {
122		121
123	if (cookie->encrypt) {	122	if (cookie->encrypt) {
124	if (0 == (SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var)) {	123	if (0 == (SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var)) {
125	sp_log_err(	124	sp_log_err("config",
126	"config",	125	"You're trying to use the cookie encryption feature"
127	"You're trying to use the cookie encryption feature"	126	"on line %zu without having set the `.cookie_env_var` option in"
128	"on line %zu without having set the `.cookie_env_var` option in"	127	"`sp.global`: please set it first.",
129	"`sp.global`: please set it first.",
130	sp_line_no);	128	sp_line_no);
131	return -1;	129	return -1;
132	} else if (0 ==	130	} else if (0 == (SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)) {
133	(SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)) {	131	sp_log_err("config",
134	sp_log_err(	132	"You're trying to use the cookie encryption feature"
135	"config",	133	"on line %zu without having set the `.encryption_key` option in"
136	"You're trying to use the cookie encryption feature"	134	"`sp.global`: please set it first.",
137	"on line %zu without having set the `.encryption_key` option in"	135	sp_line_no);
138	"`sp.global`: please set it first.",
139	sp_line_no);
140	return -1;	136	return -1;
141	}	137	}
142	} else if (!samesite) {	138	} else if (!samesite) {
@@ -146,9 +142,16 @@ int parse_cookie(char *line) {
146	sp_line_no);	142	sp_line_no);
147	return -1;	143	return -1;
148	}	144	}
149	if (0 == strlen(name)) {	145	if ((!cookie->name \|\| '\0' == cookie->name[0]) && !cookie->name_r) {
		146	sp_log_err("config",
		147	"You must specify a cookie name/regexp on line "
		148	"%zu.",
		149	sp_line_no);
		150	return -1;
		151	}
		152	if (cookie->name && cookie->name_r) {
150	sp_log_err("config",	153	sp_log_err("config",
151	"You must specify a cookie name on line "	154	"name and name_r are mutually exclusive on line "
152	"%zu.",	155	"%zu.",
153	sp_line_no);	156	sp_line_no);
154	return -1;	157	return -1;
@@ -159,20 +162,16 @@ int parse_cookie(char *line) {
159	} else if (0 == strcasecmp(samesite, SP_TOKEN_SAMESITE_STRICT)) {	162	} else if (0 == strcasecmp(samesite, SP_TOKEN_SAMESITE_STRICT)) {
160	cookie->samesite = strict;	163	cookie->samesite = strict;
161	} else {	164	} else {
162	sp_log_err(	165	sp_log_err("config",
163	"config",	166	"%s is an invalid value to samesite (expected %s or %s) on line "
164	"%s is an invalid value to samesite (expected %s or %s) on line "	167	"%zu.",
165	"%zu.",	168	samesite, SP_TOKEN_SAMESITE_LAX, SP_TOKEN_SAMESITE_STRICT,
166	samesite, SP_TOKEN_SAMESITE_LAX, SP_TOKEN_SAMESITE_STRICT,	169	sp_line_no);
167	sp_line_no);
168	return -1;	170	return -1;
169	}	171	}
170	}	172	}
171		173	sp_list_insert(SNUFFLEUPAGUS_G(config).config_cookie->cookies,
172	zend_name = zend_string_init(name, strlen(name), 1);	174	cookie);
173	zend_hash_add_ptr(SNUFFLEUPAGUS_G(config).config_cookie->cookies, zend_name,
174	cookie);
175
176	return SUCCESS;	175	return SUCCESS;
177	}	176	}
178		177