1 files changed, 86 insertions, 79 deletions
diff --git a/src/sp_config.h b/src/sp_config.h
index 0ba2e7f..fd6dc15 100644
--- a/src/sp_config.h
+++ b/src/sp_config.h
@@ -5,15 +5,6 @@
 #include <netinet/in.h>
 #include <sys/socket.h>
-extern size_t sp_line_no;
-typedef enum {
-  SP_TYPE_STR = 0,
-  SP_TYPE_REGEXP,
-  SP_TYPE_INT,
-  SP_TYPE_EMPTY
-} sp_type;
 typedef enum {
  SP_PHP_TYPE_UNDEF = IS_UNDEF,
  SP_PHP_TYPE_NULL = IS_NULL,
@@ -214,99 +205,115 @@ typedef struct {
  sp_config_disabled_functions *config_disabled_functions_reg_ret;
 } sp_config;
+#define SP_PARSE_FN_(fname, kwvar) int fname(char *token, sp_parsed_keyword *kwvar, void *retval)
+#define SP_PARSE_FN(fname) SP_PARSE_FN_(fname, parsed_rule)
+#define SP_PARSEKW_FN(fname) SP_PARSE_FN_(fname, kw)
 typedef struct {
-  int (*func)(char *, char *, void *);
+  SP_PARSE_FN((*func));
  char *token;
  void *retval;
-} sp_config_functions;
+} sp_config_keyword;
-typedef struct {
+#define SP_PARSER_SUCCESS 0
-  int (*func)(char *);
+#define SP_PARSER_ERROR -1
-  char *token;
+#define SP_PARSER_STOP 1
-} sp_config_tokens;
-#define SP_TOKEN_BASE "sp"
+// #define SP_TOKEN_BASE "sp"
-#define SP_TOKEN_AUTO_COOKIE_SECURE ".auto_cookie_secure"
+#define SP_TOKEN_AUTO_COOKIE_SECURE "auto_cookie_secure"
-#define SP_TOKEN_COOKIE_ENCRYPTION ".cookie"
+#define SP_TOKEN_COOKIE_ENCRYPTION "cookie"
-#define SP_TOKEN_SESSION_ENCRYPTION ".session"
+#define SP_TOKEN_SESSION_ENCRYPTION "session"
-#define SP_TOKEN_DISABLE_FUNC ".disable_function"
+#define SP_TOKEN_DISABLE_FUNC "disable_function"
-#define SP_TOKEN_GLOBAL ".global"
+#define SP_TOKEN_GLOBAL "global"
-#define SP_TOKEN_GLOBAL_STRICT ".global_strict"
+#define SP_TOKEN_GLOBAL_STRICT "global_strict"
-#define SP_TOKEN_HARDEN_RANDOM ".harden_random"
+#define SP_TOKEN_HARDEN_RANDOM "harden_random"
-#define SP_TOKEN_READONLY_EXEC ".readonly_exec"
+#define SP_TOKEN_READONLY_EXEC "readonly_exec"
-#define SP_TOKEN_UNSERIALIZE_HMAC ".unserialize_hmac"
+#define SP_TOKEN_UNSERIALIZE_HMAC "unserialize_hmac"
-#define SP_TOKEN_UPLOAD_VALIDATION ".upload_validation"
+#define SP_TOKEN_UPLOAD_VALIDATION "upload_validation"
-#define SP_TOKEN_DISABLE_XXE ".disable_xxe"
+#define SP_TOKEN_DISABLE_XXE "disable_xxe"
-#define SP_TOKEN_EVAL_BLACKLIST ".eval_blacklist"
+#define SP_TOKEN_EVAL_BLACKLIST "eval_blacklist"
-#define SP_TOKEN_EVAL_WHITELIST ".eval_whitelist"
+#define SP_TOKEN_EVAL_WHITELIST "eval_whitelist"
-#define SP_TOKEN_SLOPPY_COMPARISON ".sloppy_comparison"
+#define SP_TOKEN_SLOPPY_COMPARISON "sloppy_comparison"
-#define SP_TOKEN_ALLOW_WRAPPERS ".wrappers_whitelist"
+#define SP_TOKEN_ALLOW_WRAPPERS "wrappers_whitelist"
-#define SP_TOKEN_INI ".ini"
+#define SP_TOKEN_INI_PROTECTION "ini_protection"
+#define SP_TOKEN_INI "ini"
 // common tokens
-#define SP_TOKEN_ENABLE ".enable("
+#define SP_TOKEN_ENABLE "enable"
-#define SP_TOKEN_DISABLE ".disable("
+#define SP_TOKEN_DISABLE "disable"
-#define SP_TOKEN_SIMULATION ".simulation("
+#define SP_TOKEN_SIMULATION "simulation"
-#define SP_TOKEN_TRUE "1"
+#define SP_TOKEN_SIM "sim"
-#define SP_TOKEN_FALSE "0"
+// #define SP_TOKEN_TRUE "1"
-#define SP_TOKEN_DUMP ".dump("
+// #define SP_TOKEN_FALSE "0"
-#define SP_TOKEN_ALIAS ".alias("
+#define SP_TOKEN_DUMP "dump"
-#define SP_TOKEN_ALLOW ".allow("
+#define SP_TOKEN_ALIAS "alias"
-#define SP_TOKEN_DROP ".drop("
+#define SP_TOKEN_ALLOW "allow"
+#define SP_TOKEN_DROP "drop"
-#define SP_TOKEN_END_PARAM ')'
 // disable_function
-#define SP_TOKEN_CIDR ".cidr("
+#define SP_TOKEN_CIDR "cidr"
-#define SP_TOKEN_FILENAME ".filename("
+#define SP_TOKEN_FILENAME "filename"
-#define SP_TOKEN_FILENAME_REGEXP ".filename_r("
+#define SP_TOKEN_FILENAME_REGEXP "filename_r"
-#define SP_TOKEN_FUNCTION ".function("
+#define SP_TOKEN_FUNCTION "function"
-#define SP_TOKEN_FUNCTION_REGEXP ".function_r("
+#define SP_TOKEN_FUNCTION_REGEXP "function_r"
-#define SP_TOKEN_HASH ".hash("
+#define SP_TOKEN_HASH "hash"
-#define SP_TOKEN_LOCAL_VAR ".var("
+#define SP_TOKEN_LOCAL_VAR "var"
-#define SP_TOKEN_PARAM ".param("
+#define SP_TOKEN_PARAM "param"
-#define SP_TOKEN_PARAM_REGEXP ".param_r("
+#define SP_TOKEN_PARAM_REGEXP "param_r"
-#define SP_TOKEN_PARAM_TYPE ".param_type("
+#define SP_TOKEN_PARAM_TYPE "param_type"
-#define SP_TOKEN_RET ".ret("
+#define SP_TOKEN_RET "ret"
-#define SP_TOKEN_RET_REGEXP ".ret_r("
+#define SP_TOKEN_RET_REGEXP "ret_r"
-#define SP_TOKEN_RET_TYPE ".ret_type("
+#define SP_TOKEN_RET_TYPE "ret_type"
-#define SP_TOKEN_VALUE ".value("
+#define SP_TOKEN_VALUE "value"
-#define SP_TOKEN_VALUE_REGEXP ".value_r("
+#define SP_TOKEN_VALUE_REGEXP "value_r"
-#define SP_TOKEN_KEY ".key("
+#define SP_TOKEN_KEY "key"
-#define SP_TOKEN_KEY_REGEXP ".key_r("
+#define SP_TOKEN_KEY_REGEXP "key_r"
-#define SP_TOKEN_VALUE_ARG_POS ".pos("
+#define SP_TOKEN_VALUE_ARG_POS "pos"
-#define SP_TOKEN_LINE_NUMBER ".line("
+#define SP_TOKEN_LINE_NUMBER "line"
 // cookies encryption
-#define SP_TOKEN_NAME ".name("
+#define SP_TOKEN_NAME "name"
-#define SP_TOKEN_NAME_REGEXP ".name_r("
+#define SP_TOKEN_NAME_REGEXP "name_r"
 // cookies samesite
-#define SP_TOKEN_SAMESITE ".samesite("
+#define SP_TOKEN_SAMESITE "samesite"
-#define SP_TOKEN_ENCRYPT ".encrypt("
+#define SP_TOKEN_ENCRYPT "encrypt"
 #define SP_TOKEN_SAMESITE_LAX "Lax"
 #define SP_TOKEN_SAMESITE_STRICT "Strict"
 // Global configuration options
-#define SP_TOKEN_ENCRYPTION_KEY ".secret_key("
+#define SP_TOKEN_ENCRYPTION_KEY "secret_key"
-#define SP_TOKEN_ENV_VAR ".cookie_env_var("
+#define SP_TOKEN_ENV_VAR "cookie_env_var"
-#define SP_TOKEN_LOG_MEDIA ".log_media("
+#define SP_TOKEN_LOG_MEDIA "log_media"
 // upload_validator
-#define SP_TOKEN_UPLOAD_SCRIPT ".script("
+#define SP_TOKEN_UPLOAD_SCRIPT "script"
+#define SP_TOKEN_LIST "list"
+zend_result sp_process_rule(sp_parsed_keyword *parsed_rule, sp_config_keyword *config_keywords);
+zend_result sp_parse_config(const char *filename);
-#define SP_TOKEN_LIST ".list("
+#define SP_PARSE_CHECK_ARG_EXISTS(value) \
+if (!value) { \
+  sp_log_err("config", "Missing argument to keyword '%s' - it should be '%s(\"...\")' on line %zu", token, token, kw->lineno); \
+  return SP_PARSER_ERROR; \
+}
-int sp_parse_config(const char *);
+#define SP_PARSE_ARG(value) \
-int parse_array(sp_disabled_function *);
+  zend_string *value = sp_get_arg_string(kw); \
+  SP_PARSE_CHECK_ARG_EXISTS(value);
-int parse_str(char *restrict, char *restrict, void *);
+SP_PARSEKW_FN(parse_str);
-int parse_regexp(char *restrict, char *restrict, void *);
+SP_PARSEKW_FN(parse_regexp);
-int parse_empty(char *restrict, char *restrict, void *);
+SP_PARSEKW_FN(parse_empty);
-int parse_cidr(char *restrict, char *restrict, void *);
+SP_PARSEKW_FN(parse_int);
-int parse_php_type(char *restrict, char *restrict, void *);
+SP_PARSEKW_FN(parse_ulong);
-int parse_list(char *restrict, char *restrict, void *);
+SP_PARSEKW_FN(parse_php_type);
+SP_PARSEKW_FN(parse_cidr);
+SP_PARSEKW_FN(parse_list);
 // cleanup
 void sp_free_disabled_function(void *data);

diff --git a/src/sp_config.h b/src/sp_config.h index 0ba2e7f..fd6dc15 100644 --- a/src/sp_config.h +++ b/src/sp_config.h
@@ -5,15 +5,6 @@
5	#include <netinet/in.h>	5	#include <netinet/in.h>
6	#include <sys/socket.h>	6	#include <sys/socket.h>
7		7
8	extern size_t sp_line_no;
9
10	typedef enum {
11	SP_TYPE_STR = 0,
12	SP_TYPE_REGEXP,
13	SP_TYPE_INT,
14	SP_TYPE_EMPTY
15	} sp_type;
16
17	typedef enum {	8	typedef enum {
18	SP_PHP_TYPE_UNDEF = IS_UNDEF,	9	SP_PHP_TYPE_UNDEF = IS_UNDEF,
19	SP_PHP_TYPE_NULL = IS_NULL,	10	SP_PHP_TYPE_NULL = IS_NULL,
@@ -214,99 +205,115 @@ typedef struct {
214	sp_config_disabled_functions *config_disabled_functions_reg_ret;	205	sp_config_disabled_functions *config_disabled_functions_reg_ret;
215	} sp_config;	206	} sp_config;
216		207
		208	#define SP_PARSE_FN_(fname, kwvar) int fname(char token, sp_parsed_keyword kwvar, void *retval)
		209	#define SP_PARSE_FN(fname) SP_PARSE_FN_(fname, parsed_rule)
		210	#define SP_PARSEKW_FN(fname) SP_PARSE_FN_(fname, kw)
		211
217	typedef struct {	212	typedef struct {
218	int (func)(char , char , void );	213	SP_PARSE_FN((*func));
219	char *token;	214	char *token;
220	void *retval;	215	void *retval;
221	} sp_config_functions;	216	} sp_config_keyword;
222		217
223	typedef struct {	218	#define SP_PARSER_SUCCESS 0
224	int (func)(char );	219	#define SP_PARSER_ERROR -1
225	char *token;	220	#define SP_PARSER_STOP 1
226	} sp_config_tokens;
227		221
228	#define SP_TOKEN_BASE "sp"	222	// #define SP_TOKEN_BASE "sp"
229		223
230	#define SP_TOKEN_AUTO_COOKIE_SECURE ".auto_cookie_secure"	224	#define SP_TOKEN_AUTO_COOKIE_SECURE "auto_cookie_secure"
231	#define SP_TOKEN_COOKIE_ENCRYPTION ".cookie"	225	#define SP_TOKEN_COOKIE_ENCRYPTION "cookie"
232	#define SP_TOKEN_SESSION_ENCRYPTION ".session"	226	#define SP_TOKEN_SESSION_ENCRYPTION "session"
233	#define SP_TOKEN_DISABLE_FUNC ".disable_function"	227	#define SP_TOKEN_DISABLE_FUNC "disable_function"
234	#define SP_TOKEN_GLOBAL ".global"	228	#define SP_TOKEN_GLOBAL "global"
235	#define SP_TOKEN_GLOBAL_STRICT ".global_strict"	229	#define SP_TOKEN_GLOBAL_STRICT "global_strict"
236	#define SP_TOKEN_HARDEN_RANDOM ".harden_random"	230	#define SP_TOKEN_HARDEN_RANDOM "harden_random"
237	#define SP_TOKEN_READONLY_EXEC ".readonly_exec"	231	#define SP_TOKEN_READONLY_EXEC "readonly_exec"
238	#define SP_TOKEN_UNSERIALIZE_HMAC ".unserialize_hmac"	232	#define SP_TOKEN_UNSERIALIZE_HMAC "unserialize_hmac"
239	#define SP_TOKEN_UPLOAD_VALIDATION ".upload_validation"	233	#define SP_TOKEN_UPLOAD_VALIDATION "upload_validation"
240	#define SP_TOKEN_DISABLE_XXE ".disable_xxe"	234	#define SP_TOKEN_DISABLE_XXE "disable_xxe"
241	#define SP_TOKEN_EVAL_BLACKLIST ".eval_blacklist"	235	#define SP_TOKEN_EVAL_BLACKLIST "eval_blacklist"
242	#define SP_TOKEN_EVAL_WHITELIST ".eval_whitelist"	236	#define SP_TOKEN_EVAL_WHITELIST "eval_whitelist"
243	#define SP_TOKEN_SLOPPY_COMPARISON ".sloppy_comparison"	237	#define SP_TOKEN_SLOPPY_COMPARISON "sloppy_comparison"
244	#define SP_TOKEN_ALLOW_WRAPPERS ".wrappers_whitelist"	238	#define SP_TOKEN_ALLOW_WRAPPERS "wrappers_whitelist"
245	#define SP_TOKEN_INI ".ini"	239	#define SP_TOKEN_INI_PROTECTION "ini_protection"
		240	#define SP_TOKEN_INI "ini"
246		241
247	// common tokens	242	// common tokens
248	#define SP_TOKEN_ENABLE ".enable("	243	#define SP_TOKEN_ENABLE "enable"
249	#define SP_TOKEN_DISABLE ".disable("	244	#define SP_TOKEN_DISABLE "disable"
250	#define SP_TOKEN_SIMULATION ".simulation("	245	#define SP_TOKEN_SIMULATION "simulation"
251	#define SP_TOKEN_TRUE "1"	246	#define SP_TOKEN_SIM "sim"
252	#define SP_TOKEN_FALSE "0"	247	// #define SP_TOKEN_TRUE "1"
253	#define SP_TOKEN_DUMP ".dump("	248	// #define SP_TOKEN_FALSE "0"
254	#define SP_TOKEN_ALIAS ".alias("	249	#define SP_TOKEN_DUMP "dump"
255	#define SP_TOKEN_ALLOW ".allow("	250	#define SP_TOKEN_ALIAS "alias"
256	#define SP_TOKEN_DROP ".drop("	251	#define SP_TOKEN_ALLOW "allow"
257		252	#define SP_TOKEN_DROP "drop"
258	#define SP_TOKEN_END_PARAM ')'
259		253
260	// disable_function	254	// disable_function
261	#define SP_TOKEN_CIDR ".cidr("	255	#define SP_TOKEN_CIDR "cidr"
262	#define SP_TOKEN_FILENAME ".filename("	256	#define SP_TOKEN_FILENAME "filename"
263	#define SP_TOKEN_FILENAME_REGEXP ".filename_r("	257	#define SP_TOKEN_FILENAME_REGEXP "filename_r"
264	#define SP_TOKEN_FUNCTION ".function("	258	#define SP_TOKEN_FUNCTION "function"
265	#define SP_TOKEN_FUNCTION_REGEXP ".function_r("	259	#define SP_TOKEN_FUNCTION_REGEXP "function_r"
266	#define SP_TOKEN_HASH ".hash("	260	#define SP_TOKEN_HASH "hash"
267	#define SP_TOKEN_LOCAL_VAR ".var("	261	#define SP_TOKEN_LOCAL_VAR "var"
268	#define SP_TOKEN_PARAM ".param("	262	#define SP_TOKEN_PARAM "param"
269	#define SP_TOKEN_PARAM_REGEXP ".param_r("	263	#define SP_TOKEN_PARAM_REGEXP "param_r"
270	#define SP_TOKEN_PARAM_TYPE ".param_type("	264	#define SP_TOKEN_PARAM_TYPE "param_type"
271	#define SP_TOKEN_RET ".ret("	265	#define SP_TOKEN_RET "ret"
272	#define SP_TOKEN_RET_REGEXP ".ret_r("	266	#define SP_TOKEN_RET_REGEXP "ret_r"
273	#define SP_TOKEN_RET_TYPE ".ret_type("	267	#define SP_TOKEN_RET_TYPE "ret_type"
274	#define SP_TOKEN_VALUE ".value("	268	#define SP_TOKEN_VALUE "value"
275	#define SP_TOKEN_VALUE_REGEXP ".value_r("	269	#define SP_TOKEN_VALUE_REGEXP "value_r"
276	#define SP_TOKEN_KEY ".key("	270	#define SP_TOKEN_KEY "key"
277	#define SP_TOKEN_KEY_REGEXP ".key_r("	271	#define SP_TOKEN_KEY_REGEXP "key_r"
278	#define SP_TOKEN_VALUE_ARG_POS ".pos("	272	#define SP_TOKEN_VALUE_ARG_POS "pos"
279	#define SP_TOKEN_LINE_NUMBER ".line("	273	#define SP_TOKEN_LINE_NUMBER "line"
280		274
281	// cookies encryption	275	// cookies encryption
282	#define SP_TOKEN_NAME ".name("	276	#define SP_TOKEN_NAME "name"
283	#define SP_TOKEN_NAME_REGEXP ".name_r("	277	#define SP_TOKEN_NAME_REGEXP "name_r"
284		278
285	// cookies samesite	279	// cookies samesite
286	#define SP_TOKEN_SAMESITE ".samesite("	280	#define SP_TOKEN_SAMESITE "samesite"
287	#define SP_TOKEN_ENCRYPT ".encrypt("	281	#define SP_TOKEN_ENCRYPT "encrypt"
288	#define SP_TOKEN_SAMESITE_LAX "Lax"	282	#define SP_TOKEN_SAMESITE_LAX "Lax"
289	#define SP_TOKEN_SAMESITE_STRICT "Strict"	283	#define SP_TOKEN_SAMESITE_STRICT "Strict"
290		284
291	// Global configuration options	285	// Global configuration options
292	#define SP_TOKEN_ENCRYPTION_KEY ".secret_key("	286	#define SP_TOKEN_ENCRYPTION_KEY "secret_key"
293	#define SP_TOKEN_ENV_VAR ".cookie_env_var("	287	#define SP_TOKEN_ENV_VAR "cookie_env_var"
294	#define SP_TOKEN_LOG_MEDIA ".log_media("	288	#define SP_TOKEN_LOG_MEDIA "log_media"
295		289
296	// upload_validator	290	// upload_validator
297	#define SP_TOKEN_UPLOAD_SCRIPT ".script("	291	#define SP_TOKEN_UPLOAD_SCRIPT "script"
		292
		293	#define SP_TOKEN_LIST "list"
		294
		295	zend_result sp_process_rule(sp_parsed_keyword parsed_rule, sp_config_keyword config_keywords);
		296
		297	zend_result sp_parse_config(const char *filename);
298		298
299	#define SP_TOKEN_LIST ".list("	299	#define SP_PARSE_CHECK_ARG_EXISTS(value) \
		300	if (!value) { \
		301	sp_log_err("config", "Missing argument to keyword '%s' - it should be '%s(\"...\")' on line %zu", token, token, kw->lineno); \
		302	return SP_PARSER_ERROR; \
		303	}
300		304
301	int sp_parse_config(const char *);	305	#define SP_PARSE_ARG(value) \
302	int parse_array(sp_disabled_function *);	306	zend_string *value = sp_get_arg_string(kw); \
		307	SP_PARSE_CHECK_ARG_EXISTS(value);
303		308
304	int parse_str(char restrict, char restrict, void *);	309	SP_PARSEKW_FN(parse_str);
305	int parse_regexp(char restrict, char restrict, void *);	310	SP_PARSEKW_FN(parse_regexp);
306	int parse_empty(char restrict, char restrict, void *);	311	SP_PARSEKW_FN(parse_empty);
307	int parse_cidr(char restrict, char restrict, void *);	312	SP_PARSEKW_FN(parse_int);
308	int parse_php_type(char restrict, char restrict, void *);	313	SP_PARSEKW_FN(parse_ulong);
309	int parse_list(char restrict, char restrict, void *);	314	SP_PARSEKW_FN(parse_php_type);
		315	SP_PARSEKW_FN(parse_cidr);
		316	SP_PARSEKW_FN(parse_list);
310		317
311	// cleanup	318	// cleanup
312	void sp_free_disabled_function(void *data);	319	void sp_free_disabled_function(void *data);