diff options
| author | xXx-caillou-xXx | 2017-12-21 15:38:20 +0100 |
|---|---|---|
| committer | jvoisin | 2017-12-21 15:38:20 +0100 |
| commit | f9da3ecb31683f77e899e57f780c04d772490558 (patch) | |
| tree | 9f876d6fe170349aade28de8e51ea21702fb70f5 /src | |
| parent | 6b6598098a205fadc90c72d510f90b431f77739e (diff) | |
Remove the now useless `validate_str` function
Diffstat (limited to 'src')
| -rw-r--r-- | src/sp_config_utils.c | 43 | ||||
| -rw-r--r-- | src/sp_tree.h | 4 | ||||
| -rw-r--r-- | src/sp_var_parser.c | 45 | ||||
| -rw-r--r-- | src/tests/broken_conf_local_var_16.phpt | 1 | ||||
| -rw-r--r-- | src/tests/broken_conf_quotes.phpt | 3 | ||||
| -rw-r--r-- | src/tests/broken_regexp.phpt | 2 | ||||
| -rw-r--r-- | src/tests/broken_unmatching_brackets.phpt | 3 | ||||
| -rw-r--r-- | src/tests/config/broken_conf_quotes.ini | 2 |
8 files changed, 37 insertions, 66 deletions
diff --git a/src/sp_config_utils.c b/src/sp_config_utils.c index 3c1d89d..bf558d4 100644 --- a/src/sp_config_utils.c +++ b/src/sp_config_utils.c | |||
| @@ -2,32 +2,6 @@ | |||
| 2 | 2 | ||
| 3 | size_t sp_line_no; | 3 | size_t sp_line_no; |
| 4 | 4 | ||
| 5 | static int validate_str(const char *value) { | ||
| 6 | int balance = 0; // ghetto [] validation | ||
| 7 | |||
| 8 | if (!strchr(value, '[')) { | ||
| 9 | return 0; | ||
| 10 | } | ||
| 11 | |||
| 12 | for (size_t i = 0; i < strlen(value); i++) { | ||
| 13 | if (value[i] == '[') { | ||
| 14 | balance++; | ||
| 15 | } else if (value[i] == ']') { | ||
| 16 | balance--; | ||
| 17 | } | ||
| 18 | if (balance < 0) { | ||
| 19 | sp_log_err("config", "The string '%s' contains unbalanced brackets.", value); | ||
| 20 | return -1; | ||
| 21 | } | ||
| 22 | } | ||
| 23 | if (balance != 0) { | ||
| 24 | sp_log_err("config", "You forgot to close %d bracket%c in the string '%s'", | ||
| 25 | balance, (balance>1)?'s':' ', value); | ||
| 26 | return -1; | ||
| 27 | } | ||
| 28 | return 0; | ||
| 29 | } | ||
| 30 | |||
| 31 | int parse_keywords(sp_config_functions *funcs, char *line) { | 5 | int parse_keywords(sp_config_functions *funcs, char *line) { |
| 32 | int value_len = 0; | 6 | int value_len = 0; |
| 33 | const char *original_line = line; | 7 | const char *original_line = line; |
| @@ -58,8 +32,8 @@ int parse_keywords(sp_config_functions *funcs, char *line) { | |||
| 58 | return 0; | 32 | return 0; |
| 59 | } | 33 | } |
| 60 | 34 | ||
| 61 | static char *get_string(size_t *consumed, char *restrict line, | 35 | char *get_param(size_t *consumed, char *restrict line, sp_type type, |
| 62 | const char *restrict keyword) { | 36 | const char *restrict keyword) { |
| 63 | enum { IN_ESCAPE, NONE } state = NONE; | 37 | enum { IN_ESCAPE, NONE } state = NONE; |
| 64 | char *original_line = line; | 38 | char *original_line = line; |
| 65 | size_t j = 0; | 39 | size_t j = 0; |
| @@ -122,19 +96,8 @@ err: | |||
| 122 | return NULL; | 96 | return NULL; |
| 123 | } | 97 | } |
| 124 | 98 | ||
| 125 | char *get_param(size_t *consumed, char *restrict line, sp_type type, | ||
| 126 | const char *restrict keyword) { | ||
| 127 | char *retval = get_string(consumed, line, keyword); | ||
| 128 | |||
| 129 | if (retval && 0 == validate_str(retval)) { | ||
| 130 | return retval; | ||
| 131 | } | ||
| 132 | |||
| 133 | return NULL; | ||
| 134 | } | ||
| 135 | |||
| 136 | zend_always_inline sp_list_node *parse_functions_list(char *value) { | 99 | zend_always_inline sp_list_node *parse_functions_list(char *value) { |
| 137 | const char *sep = ">"; | 100 | static const char *sep = ">"; |
| 138 | 101 | ||
| 139 | if (NULL == strchr(value, sep[0])) { | 102 | if (NULL == strchr(value, sep[0])) { |
| 140 | return NULL; | 103 | return NULL; |
diff --git a/src/sp_tree.h b/src/sp_tree.h index c831736..d29d095 100644 --- a/src/sp_tree.h +++ b/src/sp_tree.h | |||
| @@ -7,10 +7,10 @@ typedef enum { | |||
| 7 | OBJECT, | 7 | OBJECT, |
| 8 | ARRAY, | 8 | ARRAY, |
| 9 | ARRAY_END, | 9 | ARRAY_END, |
| 10 | STRING_DELIMITER, | 10 | INTERPRETED_STRING, |
| 11 | LITERAL_STRING, | ||
| 11 | CLASS, | 12 | CLASS, |
| 12 | VAR, | 13 | VAR, |
| 13 | ESC_STRING_DELIMITER, | ||
| 14 | CONSTANT | 14 | CONSTANT |
| 15 | } elem_type; | 15 | } elem_type; |
| 16 | 16 | ||
diff --git a/src/sp_var_parser.c b/src/sp_var_parser.c index 2b4c544..3f3dcdc 100644 --- a/src/sp_var_parser.c +++ b/src/sp_var_parser.c | |||
| @@ -72,7 +72,7 @@ static int create_var(sp_tree *tree, const char *restrict value, | |||
| 72 | sp_log_err("config", "Can't allocate a strndup"); | 72 | sp_log_err("config", "Can't allocate a strndup"); |
| 73 | return -1; | 73 | return -1; |
| 74 | } | 74 | } |
| 75 | if (var_node->type != STRING_DELIMITER && !is_var_name_valid(var_node->value)) { | 75 | if (var_node->type != INTERPRETED_STRING && !is_var_name_valid(var_node->value)) { |
| 76 | sp_log_err("config", "Invalid var name: %s.", var_node->value); | 76 | sp_log_err("config", "Invalid var name: %s.", var_node->value); |
| 77 | return -1; | 77 | return -1; |
| 78 | } | 78 | } |
| @@ -101,7 +101,7 @@ static int is_next_token_empty(sp_conf_token *token, sp_conf_token *token_next, | |||
| 101 | return 0; | 101 | return 0; |
| 102 | } | 102 | } |
| 103 | 103 | ||
| 104 | static int is_token_valid(sp_list_node *tokens_list, elem_type ignore, | 104 | static int is_token_valid(sp_list_node *tokens_list, elem_type quote, |
| 105 | int array_count, const char * restrict str, | 105 | int array_count, const char * restrict str, |
| 106 | size_t pos) { | 106 | size_t pos) { |
| 107 | sp_conf_token *token = (sp_conf_token *)tokens_list->data; | 107 | sp_conf_token *token = (sp_conf_token *)tokens_list->data; |
| @@ -111,9 +111,9 @@ static int is_token_valid(sp_list_node *tokens_list, elem_type ignore, | |||
| 111 | token_next = (sp_conf_token *)tokens_list->next->data; | 111 | token_next = (sp_conf_token *)tokens_list->next->data; |
| 112 | } | 112 | } |
| 113 | switch (token->type) { | 113 | switch (token->type) { |
| 114 | case ESC_STRING_DELIMITER: | 114 | case LITERAL_STRING: |
| 115 | case STRING_DELIMITER: | 115 | case INTERPRETED_STRING: |
| 116 | if (ignore == token->type) { | 116 | if (quote == token->type) { |
| 117 | if (token_next) { | 117 | if (token_next) { |
| 118 | if (token_next->pos != token->pos + 1) { | 118 | if (token_next->pos != token->pos + 1) { |
| 119 | return -1; | 119 | return -1; |
| @@ -124,12 +124,12 @@ static int is_token_valid(sp_list_node *tokens_list, elem_type ignore, | |||
| 124 | } | 124 | } |
| 125 | break; | 125 | break; |
| 126 | case ARRAY_END: | 126 | case ARRAY_END: |
| 127 | if (!ignore) { | 127 | if (!quote) { |
| 128 | if (array_count < 1) { | 128 | if (array_count < 1) { |
| 129 | return -1; | 129 | return -1; |
| 130 | } else if (token_next) { | 130 | } else if (token_next) { |
| 131 | if (token_next->type == STRING_DELIMITER | 131 | if (token_next->type == INTERPRETED_STRING |
| 132 | || token_next->type == ESC_STRING_DELIMITER) { | 132 | || token_next->type == LITERAL_STRING) { |
| 133 | return -1; | 133 | return -1; |
| 134 | } | 134 | } |
| 135 | } else if (token->pos != strlen(str) - strlen(token->text_repr)) { | 135 | } else if (token->pos != strlen(str) - strlen(token->text_repr)) { |
| @@ -138,7 +138,7 @@ static int is_token_valid(sp_list_node *tokens_list, elem_type ignore, | |||
| 138 | } | 138 | } |
| 139 | break; | 139 | break; |
| 140 | case OBJECT: | 140 | case OBJECT: |
| 141 | if (!ignore && -1 == is_next_token_empty(token, token_next, str)) { | 141 | if (!quote && -1 == is_next_token_empty(token, token_next, str)) { |
| 142 | return -1; | 142 | return -1; |
| 143 | } | 143 | } |
| 144 | if (pos == 0 && *str != VARIABLE_TOKEN) { | 144 | if (pos == 0 && *str != VARIABLE_TOKEN) { |
| @@ -146,7 +146,7 @@ static int is_token_valid(sp_list_node *tokens_list, elem_type ignore, | |||
| 146 | } | 146 | } |
| 147 | break; | 147 | break; |
| 148 | case CLASS: | 148 | case CLASS: |
| 149 | if (!ignore && -1 == is_next_token_empty(token, token_next, str)) { | 149 | if (!quote && -1 == is_next_token_empty(token, token_next, str)) { |
| 150 | return -1; | 150 | return -1; |
| 151 | } | 151 | } |
| 152 | break; | 152 | break; |
| @@ -160,7 +160,7 @@ static sp_tree *parse_tokens(const char * restrict str, | |||
| 160 | sp_list_node *tokens_list) { | 160 | sp_list_node *tokens_list) { |
| 161 | size_t pos = 0; | 161 | size_t pos = 0; |
| 162 | int array_count = 0, pos_idx_start = -1; | 162 | int array_count = 0, pos_idx_start = -1; |
| 163 | elem_type ignore = 0; | 163 | elem_type quote = 0; |
| 164 | sp_tree *tree = sp_tree_new(); | 164 | sp_tree *tree = sp_tree_new(); |
| 165 | 165 | ||
| 166 | for (; tokens_list && tokens_list->data; tokens_list = tokens_list->next) { | 166 | for (; tokens_list && tokens_list->data; tokens_list = tokens_list->next) { |
| @@ -168,16 +168,16 @@ static sp_tree *parse_tokens(const char * restrict str, | |||
| 168 | size_t value_len; | 168 | size_t value_len; |
| 169 | char *idx = NULL; | 169 | char *idx = NULL; |
| 170 | 170 | ||
| 171 | if (-1 == is_token_valid(tokens_list, ignore, array_count, str, pos)) { | 171 | if (-1 == is_token_valid(tokens_list, quote, array_count, str, pos)) { |
| 172 | sp_log_err("config", "Invalid `%s` position.", token->text_repr); | 172 | sp_log_err("config", "Invalid `%s` position.", token->text_repr); |
| 173 | goto error; | 173 | goto error; |
| 174 | } | 174 | } |
| 175 | if (token->type == STRING_DELIMITER || token->type == ESC_STRING_DELIMITER) { | 175 | if (token->type == INTERPRETED_STRING || token->type == LITERAL_STRING) { |
| 176 | pos = (!ignore && !array_count) ? pos + strlen(token->text_repr) : pos; | 176 | pos = (!quote && !array_count) ? pos + strlen(token->text_repr) : pos; |
| 177 | ignore = (!ignore) ? token->type : (ignore == token->type) ? 0 : ignore; | 177 | quote = (!quote) ? token->type : (quote == token->type) ? 0 : quote; |
| 178 | token->type = STRING_DELIMITER; | 178 | token->type = INTERPRETED_STRING; |
| 179 | } | 179 | } |
| 180 | if (ignore == 0) { | 180 | if (quote == 0) { |
| 181 | if (token->type == ARRAY) { | 181 | if (token->type == ARRAY) { |
| 182 | pos_idx_start = (array_count) ? pos_idx_start : (int)(token->pos + strlen(token->text_repr)); | 182 | pos_idx_start = (array_count) ? pos_idx_start : (int)(token->pos + strlen(token->text_repr)); |
| 183 | array_count++; | 183 | array_count++; |
| @@ -204,7 +204,12 @@ static sp_tree *parse_tokens(const char * restrict str, | |||
| 204 | } | 204 | } |
| 205 | } | 205 | } |
| 206 | 206 | ||
| 207 | if (ignore != 0 || array_count != 0) { | 207 | if (array_count != 0) { |
| 208 | sp_log_err("config", "You forgot to close a bracket."); | ||
| 209 | goto error; | ||
| 210 | } | ||
| 211 | if (quote != 0) { | ||
| 212 | sp_log_err("config", "Missing a closing quote."); | ||
| 208 | error: | 213 | error: |
| 209 | sp_tree_free(tree); | 214 | sp_tree_free(tree); |
| 210 | return NULL; | 215 | return NULL; |
| @@ -223,8 +228,8 @@ sp_tree *parse_var(const char *line) { | |||
| 223 | {.type=OBJECT, .text_repr=OBJECT_TOKEN}, | 228 | {.type=OBJECT, .text_repr=OBJECT_TOKEN}, |
| 224 | {.type=ARRAY, .text_repr=ARRAY_TOKEN}, | 229 | {.type=ARRAY, .text_repr=ARRAY_TOKEN}, |
| 225 | {.type=ARRAY_END, .text_repr=ARRAY_END_TOKEN}, | 230 | {.type=ARRAY_END, .text_repr=ARRAY_END_TOKEN}, |
| 226 | {.type=STRING_DELIMITER, .text_repr=STRING_TOKEN}, | 231 | {.type=INTERPRETED_STRING, .text_repr=STRING_TOKEN}, |
| 227 | {.type=ESC_STRING_DELIMITER, .text_repr=ESC_STRING_TOKEN}, | 232 | {.type=LITERAL_STRING, .text_repr=ESC_STRING_TOKEN}, |
| 228 | {.type=CLASS, .text_repr=CLASS_TOKEN} | 233 | {.type=CLASS, .text_repr=CLASS_TOKEN} |
| 229 | }; | 234 | }; |
| 230 | 235 | ||
diff --git a/src/tests/broken_conf_local_var_16.phpt b/src/tests/broken_conf_local_var_16.phpt index 40b66b2..84b29bf 100644 --- a/src/tests/broken_conf_local_var_16.phpt +++ b/src/tests/broken_conf_local_var_16.phpt | |||
| @@ -6,4 +6,5 @@ Broken configuration | |||
| 6 | sp.configuration_file={PWD}/config/broken_conf_local_var_16.ini | 6 | sp.configuration_file={PWD}/config/broken_conf_local_var_16.ini |
| 7 | --FILE-- | 7 | --FILE-- |
| 8 | --EXPECT-- | 8 | --EXPECT-- |
| 9 | [snuffleupagus][0.0.0.0][config][error] Missing a closing quote. | ||
| 9 | [snuffleupagus][0.0.0.0][config][error] Invalid value '"' for `var` on line 1. | 10 | [snuffleupagus][0.0.0.0][config][error] Invalid value '"' for `var` on line 1. |
diff --git a/src/tests/broken_conf_quotes.phpt b/src/tests/broken_conf_quotes.phpt index 7f754e6..a928650 100644 --- a/src/tests/broken_conf_quotes.phpt +++ b/src/tests/broken_conf_quotes.phpt | |||
| @@ -6,4 +6,5 @@ Broken configuration - missing quote | |||
| 6 | sp.configuration_file={PWD}/config/broken_conf_quotes.ini | 6 | sp.configuration_file={PWD}/config/broken_conf_quotes.ini |
| 7 | --FILE-- | 7 | --FILE-- |
| 8 | --EXPECT-- | 8 | --EXPECT-- |
| 9 | [snuffleupagus][0.0.0.0][config][error] You forgot to close 1 bracket in the string '_SERVER[PHP_SELF' | 9 | [snuffleupagus][0.0.0.0][config][error] You forgot to close a bracket. |
| 10 | [snuffleupagus][0.0.0.0][config][error] Invalid value '_SERVER[PHP_SELF' for `var` on line 1. | ||
diff --git a/src/tests/broken_regexp.phpt b/src/tests/broken_regexp.phpt index 680cf22..3f027f1 100644 --- a/src/tests/broken_regexp.phpt +++ b/src/tests/broken_regexp.phpt | |||
| @@ -6,5 +6,5 @@ Broken regexp | |||
| 6 | sp.configuration_file={PWD}/config/broken_regexp.ini | 6 | sp.configuration_file={PWD}/config/broken_regexp.ini |
| 7 | --FILE-- | 7 | --FILE-- |
| 8 | --EXPECTF-- | 8 | --EXPECTF-- |
| 9 | [snuffleupagus][0.0.0.0][config][error] You forgot to close 1 bracket in the string '^$[' | 9 | [snuffleupagus][0.0.0.0][config][error] Failed to compile '^$[': missing terminating ] for character class on line 1. |
| 10 | [snuffleupagus][0.0.0.0][config][error] '.value_r()' is expecting a valid regexp, and not '"^$["' on line 1. | 10 | [snuffleupagus][0.0.0.0][config][error] '.value_r()' is expecting a valid regexp, and not '"^$["' on line 1. |
diff --git a/src/tests/broken_unmatching_brackets.phpt b/src/tests/broken_unmatching_brackets.phpt index 14b9414..ee2bc4d 100644 --- a/src/tests/broken_unmatching_brackets.phpt +++ b/src/tests/broken_unmatching_brackets.phpt | |||
| @@ -6,4 +6,5 @@ Broken configuration - unmatching brackets | |||
| 6 | sp.configuration_file={PWD}/config/config_unmatching_brackets.ini | 6 | sp.configuration_file={PWD}/config/config_unmatching_brackets.ini |
| 7 | --FILE-- | 7 | --FILE-- |
| 8 | --EXPECTF-- | 8 | --EXPECTF-- |
| 9 | [snuffleupagus][0.0.0.0][config][error] The string 'arr[b]]]]]' contains unbalanced brackets. | 9 | [snuffleupagus][0.0.0.0][config][error] Invalid `]` position. |
| 10 | [snuffleupagus][0.0.0.0][config][error] Invalid value 'arr[b]]]]]' for `param` on line 1. | ||
diff --git a/src/tests/config/broken_conf_quotes.ini b/src/tests/config/broken_conf_quotes.ini index 7c3b0cd..eac8739 100644 --- a/src/tests/config/broken_conf_quotes.ini +++ b/src/tests/config/broken_conf_quotes.ini | |||
| @@ -1,3 +1,3 @@ | |||
| 1 | sp.disable_function.filename("static_pages/index.php").var("_SERVER[PHP_SELF").value_r("\"").drop().alias("XSS"); | 1 | sp.disable_function.function("system").filename("/static_pages/index.php").var("_SERVER[PHP_SELF").value_r("\"").drop().alias("XSS"); |
| 2 | sp.disable_function.filename("include/imageobject_im.class.php").function("exec").var("CONFIG[im_options]).value_r("[^a-z0-9]").drop(); | 2 | sp.disable_function.filename("include/imageobject_im.class.php").function("exec").var("CONFIG[im_options]).value_r("[^a-z0-9]").drop(); |
| 3 | 3 | ||