1 files changed, 131 insertions, 117 deletions
diff --git a/src/sp_config.h b/src/sp_config.h
index e7b1473..6d48240 100644
--- a/src/sp_config.h
+++ b/src/sp_config.h
@@ -5,15 +5,6 @@
 #include <netinet/in.h>
 #include <sys/socket.h>
-extern size_t sp_line_no;
-typedef enum {
-  SP_TYPE_STR = 0,
-  SP_TYPE_REGEXP,
-  SP_TYPE_INT,
-  SP_TYPE_EMPTY
-} sp_type;
 typedef enum {
  SP_PHP_TYPE_UNDEF = IS_UNDEF,
  SP_PHP_TYPE_NULL = IS_NULL,
@@ -30,6 +21,8 @@ typedef enum {
 typedef enum { SP_ZEND = 0, SP_SYSLOG = 1 } sp_log_media;
+typedef enum { SP_UNSET = 0, SP_READONLY = 1, SP_READWRITE = -1 } sp_ini_permission;
 typedef struct {
  int ip_version;
  union {
@@ -40,11 +33,6 @@ typedef struct {
 } sp_cidr;
 typedef struct {
-  zend_string *encryption_key;
-  zend_string *cookies_env_var;
-} sp_config_global;
-typedef struct {
  bool enable;
  bool simulation;
  zend_string *dump;
@@ -69,13 +57,13 @@ typedef struct {
 typedef struct {
  bool enable;
-} sp_config_disable_xxe;
+} sp_config_xxe_protection;
 typedef struct {
  enum samesite_type { strict = 1, lax = 2 } samesite;
  bool encrypt;
  zend_string *name;
-  sp_pcre *name_r;
+  sp_regexp *name_r;
  bool simulation;
 } sp_cookie;
@@ -88,6 +76,8 @@ typedef struct {
 typedef struct {
  bool encrypt;
  bool simulation;
+  u_long sid_min_length;
+  u_long sid_max_length;
 } sp_config_session;
 typedef struct {
@@ -101,37 +91,37 @@ typedef struct {
  zend_string *textual_representation;
  zend_string *filename;
-  sp_pcre *r_filename;
+  sp_regexp *r_filename;
  zend_string *function;
-  sp_pcre *r_function;
+  sp_regexp *r_function;
  sp_list_node *functions_list;
  zend_string *hash;
  int simulation;
  sp_tree *param;
-  sp_pcre *r_param;
+  sp_regexp *r_param;
  sp_php_type param_type;
  int pos;
  unsigned int line;
-  sp_pcre *r_ret;
+  sp_regexp *r_ret;
  zend_string *ret;
  sp_php_type ret_type;
-  sp_pcre *r_value;
+  sp_regexp *r_value;
  zend_string *value;
-  sp_pcre *r_key;
+  sp_regexp *r_key;
  zend_string *key;
  zend_string *dump;
  zend_string *alias;
  bool param_is_array;
  bool var_is_array;
-  sp_list_node *param_array_keys;
+  // sp_list_node *param_array_keys;
-  sp_list_node *var_array_keys;
+  // sp_list_node *var_array_keys;
  bool allow;
@@ -163,125 +153,149 @@ typedef struct {
 } sp_config_upload_validation;
 typedef struct {
-  sp_config_random *config_random;
+  zend_string *key;
-  sp_config_sloppy *config_sloppy;
+  sp_ini_permission access;
-  sp_config_unserialize *config_unserialize;
+  zend_string *min;
-  sp_config_readonly_exec *config_readonly_exec;
+  zend_string *max;
-  sp_config_upload_validation *config_upload_validation;
+  sp_regexp *regexp;
-  sp_config_cookie *config_cookie;
+  zend_string *msg;
-  sp_config_global *config_snuffleupagus;
+  zend_string *set;
-  sp_config_auto_cookie_secure *config_auto_cookie_secure;
+  bool allow_null;
-  sp_config_global_strict *config_global_strict;
+  bool simulation;
-  sp_config_disable_xxe *config_disable_xxe;
+  bool drop;
-  sp_config_eval *config_eval;
+  PHP_INI_MH((*orig_onmodify));
-  sp_config_wrapper *config_wrapper;
+} sp_ini_entry;
-  sp_config_session *config_session;
-  bool hook_execute;
+typedef struct {
-  char log_media;
+  bool enable;
+  bool simulation;
+  bool policy_readonly;
+  bool policy_silent_ro;
+  bool policy_silent_fail;
+  bool policy_drop;
+  HashTable *entries;  // ht of sp_ini_entry
+} sp_config_ini;
-  HashTable *config_disabled_functions;
+#define SP_PARSE_FN_(fname, kwvar) int fname(char *token, sp_parsed_keyword *kwvar, void *retval)
-  HashTable *config_disabled_functions_hooked;
+#define SP_PARSE_FN(fname) SP_PARSE_FN_(fname, parsed_rule)
-  HashTable *config_disabled_functions_ret;
+#define SP_PARSEKW_FN(fname) SP_PARSE_FN_(fname, kw)
-  HashTable *config_disabled_functions_ret_hooked;
-  sp_config_disabled_functions *config_disabled_functions_reg;
-  sp_config_disabled_functions *config_disabled_functions_reg_ret;
-} sp_config;
 typedef struct {
-  int (*func)(char *, char *, void *);
+  SP_PARSE_FN((*func));
  char *token;
  void *retval;
-} sp_config_functions;
+} sp_config_keyword;
-typedef struct {
+#define SP_PARSER_SUCCESS 0
-  int (*func)(char *);
+#define SP_PARSER_ERROR -1
-  char *token;
+#define SP_PARSER_STOP 1
-} sp_config_tokens;
-#define SP_TOKEN_BASE "sp"
+// #define SP_TOKEN_BASE "sp"
-#define SP_TOKEN_AUTO_COOKIE_SECURE ".auto_cookie_secure"
+#define SP_TOKEN_AUTO_COOKIE_SECURE "auto_cookie_secure"
-#define SP_TOKEN_COOKIE_ENCRYPTION ".cookie"
+#define SP_TOKEN_COOKIE_ENCRYPTION "cookie"
-#define SP_TOKEN_SESSION_ENCRYPTION ".session"
+#define SP_TOKEN_SESSION_ENCRYPTION "session"
-#define SP_TOKEN_DISABLE_FUNC ".disable_function"
+#define SP_TOKEN_DISABLE_FUNC "disable_function"
-#define SP_TOKEN_GLOBAL ".global"
+#define SP_TOKEN_GLOBAL "global"
-#define SP_TOKEN_GLOBAL_STRICT ".global_strict"
+#define SP_TOKEN_GLOBAL_STRICT "global_strict"
-#define SP_TOKEN_HARDEN_RANDOM ".harden_random"
+#define SP_TOKEN_HARDEN_RANDOM "harden_random"
-#define SP_TOKEN_READONLY_EXEC ".readonly_exec"
+#define SP_TOKEN_READONLY_EXEC "readonly_exec"
-#define SP_TOKEN_UNSERIALIZE_HMAC ".unserialize_hmac"
+#define SP_TOKEN_UNSERIALIZE_HMAC "unserialize_hmac"
-#define SP_TOKEN_UPLOAD_VALIDATION ".upload_validation"
+#define SP_TOKEN_UPLOAD_VALIDATION "upload_validation"
-#define SP_TOKEN_DISABLE_XXE ".disable_xxe"
+#define SP_TOKEN_XXE_PROTECTION "xxe_protection"
-#define SP_TOKEN_EVAL_BLACKLIST ".eval_blacklist"
+#define SP_TOKEN_EVAL_BLACKLIST "eval_blacklist"
-#define SP_TOKEN_EVAL_WHITELIST ".eval_whitelist"
+#define SP_TOKEN_EVAL_WHITELIST "eval_whitelist"
-#define SP_TOKEN_SLOPPY_COMPARISON ".sloppy_comparison"
+#define SP_TOKEN_SLOPPY_COMPARISON "sloppy_comparison"
-#define SP_TOKEN_ALLOW_WRAPPERS ".wrappers_whitelist"
+#define SP_TOKEN_ALLOW_WRAPPERS "wrappers_whitelist"
+#define SP_TOKEN_INI_PROTECTION "ini_protection"
+#define SP_TOKEN_INI "ini"
 // common tokens
-#define SP_TOKEN_ENABLE ".enable("
+#define SP_TOKEN_ENABLE "enable"
-#define SP_TOKEN_DISABLE ".disable("
+#define SP_TOKEN_DISABLE "disable"
-#define SP_TOKEN_SIMULATION ".simulation("
+#define SP_TOKEN_SIMULATION "simulation"
-#define SP_TOKEN_TRUE "1"
+#define SP_TOKEN_SIM "sim"
-#define SP_TOKEN_FALSE "0"
+// #define SP_TOKEN_TRUE "1"
-#define SP_TOKEN_DUMP ".dump("
+// #define SP_TOKEN_FALSE "0"
-#define SP_TOKEN_ALIAS ".alias("
+#define SP_TOKEN_DUMP "dump"
-#define SP_TOKEN_ALLOW ".allow("
+#define SP_TOKEN_ALIAS "alias"
-#define SP_TOKEN_DROP ".drop("
+#define SP_TOKEN_ALLOW "allow"
+#define SP_TOKEN_DROP "drop"
-#define SP_TOKEN_END_PARAM ')'
 // disable_function
-#define SP_TOKEN_CIDR ".cidr("
+#define SP_TOKEN_CIDR "cidr"
-#define SP_TOKEN_FILENAME ".filename("
+#define SP_TOKEN_FILENAME "filename"
-#define SP_TOKEN_FILENAME_REGEXP ".filename_r("
+#define SP_TOKEN_FILENAME_REGEXP "filename_r"
-#define SP_TOKEN_FUNCTION ".function("
+#define SP_TOKEN_FUNCTION "function"
-#define SP_TOKEN_FUNCTION_REGEXP ".function_r("
+#define SP_TOKEN_FUNCTION_REGEXP "function_r"
-#define SP_TOKEN_HASH ".hash("
+#define SP_TOKEN_HASH "hash"
-#define SP_TOKEN_LOCAL_VAR ".var("
+#define SP_TOKEN_LOCAL_VAR "var"
-#define SP_TOKEN_PARAM ".param("
+#define SP_TOKEN_PARAM "param"
-#define SP_TOKEN_PARAM_REGEXP ".param_r("
+#define SP_TOKEN_PARAM_REGEXP "param_r"
-#define SP_TOKEN_PARAM_TYPE ".param_type("
+#define SP_TOKEN_PARAM_TYPE "param_type"
-#define SP_TOKEN_RET ".ret("
+#define SP_TOKEN_RET "ret"
-#define SP_TOKEN_RET_REGEXP ".ret_r("
+#define SP_TOKEN_RET_REGEXP "ret_r"
-#define SP_TOKEN_RET_TYPE ".ret_type("
+#define SP_TOKEN_RET_TYPE "ret_type"
-#define SP_TOKEN_VALUE ".value("
+#define SP_TOKEN_VALUE "value"
-#define SP_TOKEN_VALUE_REGEXP ".value_r("
+#define SP_TOKEN_VALUE_REGEXP "value_r"
-#define SP_TOKEN_KEY ".key("
+#define SP_TOKEN_KEY "key"
-#define SP_TOKEN_KEY_REGEXP ".key_r("
+#define SP_TOKEN_KEY_REGEXP "key_r"
-#define SP_TOKEN_VALUE_ARG_POS ".pos("
+#define SP_TOKEN_VALUE_ARG_POS "pos"
-#define SP_TOKEN_LINE_NUMBER ".line("
+#define SP_TOKEN_LINE_NUMBER "line"
 // cookies encryption
-#define SP_TOKEN_NAME ".name("
+#define SP_TOKEN_NAME "name"
-#define SP_TOKEN_NAME_REGEXP ".name_r("
+#define SP_TOKEN_NAME_REGEXP "name_r"
 // cookies samesite
-#define SP_TOKEN_SAMESITE ".samesite("
+#define SP_TOKEN_SAMESITE "samesite"
-#define SP_TOKEN_ENCRYPT ".encrypt("
+#define SP_TOKEN_ENCRYPT "encrypt"
 #define SP_TOKEN_SAMESITE_LAX "Lax"
 #define SP_TOKEN_SAMESITE_STRICT "Strict"
 // Global configuration options
-#define SP_TOKEN_ENCRYPTION_KEY ".secret_key("
+#define SP_TOKEN_ENCRYPTION_KEY "secret_key"
-#define SP_TOKEN_ENV_VAR ".cookie_env_var("
+#define SP_TOKEN_ENV_VAR "cookie_env_var"
-#define SP_TOKEN_LOG_MEDIA ".log_media("
+#define SP_TOKEN_LOG_MEDIA "log_media"
+#define SP_TOKEN_MAX_EXECUTION_DEPTH "max_execution_depth"
+#define SP_TOKEN_SERVER_ENCODE "server_encode"
+#define SP_TOKEN_SERVER_STRIP "server_strip"
+#define SP_TOKEN_SID_MIN_LENGTH "sid_min_length"
+#define SP_TOKEN_SID_MAX_LENGTH "sid_max_length"
+#define SP_TOKEN_SHOW_OLD_PHP_WARNING "show_old_php_warning"
 // upload_validator
-#define SP_TOKEN_UPLOAD_SCRIPT ".script("
+#define SP_TOKEN_UPLOAD_SCRIPT "script"
+#define SP_TOKEN_LIST "list"
+zend_result sp_process_rule(sp_parsed_keyword *parsed_rule, sp_config_keyword *config_keywords);
+zend_result sp_parse_config(const char *filename);
-#define SP_TOKEN_LIST ".list("
+#define SP_PARSE_CHECK_ARG_EXISTS(value) \
+if (!value) { \
+  sp_log_err("config", "Missing argument to keyword '%s' - it should be '%s(\"...\")' on line %zu", token, token, kw->lineno); \
+  return SP_PARSER_ERROR; \
+}
-int sp_parse_config(const char *);
+#define SP_PARSE_ARG(value) \
-int parse_array(sp_disabled_function *);
+  zend_string *value = sp_get_arg_string(kw); \
+  SP_PARSE_CHECK_ARG_EXISTS(value);
-int parse_str(char *restrict, char *restrict, void *);
+SP_PARSEKW_FN(parse_str);
-int parse_regexp(char *restrict, char *restrict, void *);
+SP_PARSEKW_FN(parse_regexp);
-int parse_empty(char *restrict, char *restrict, void *);
+SP_PARSEKW_FN(parse_empty);
-int parse_cidr(char *restrict, char *restrict, void *);
+SP_PARSEKW_FN(parse_int);
-int parse_php_type(char *restrict, char *restrict, void *);
+SP_PARSEKW_FN(parse_ulong);
-int parse_list(char *restrict, char *restrict, void *);
+SP_PARSEKW_FN(parse_php_type);
+SP_PARSEKW_FN(parse_cidr);
+SP_PARSEKW_FN(parse_list);
 // cleanup
-void sp_disabled_function_list_free(sp_list_node *);
+void sp_free_disabled_function(void *data);
-void sp_cookie_list_free(sp_list_node *);
+void sp_free_cookie(void *data);
+void sp_free_zstr(void *data);
+void sp_free_ini_entry(void *data);
 #endif /* SP_CONFIG_H */

diff --git a/src/sp_config.h b/src/sp_config.h index e7b1473..6d48240 100644 --- a/src/sp_config.h +++ b/src/sp_config.h
@@ -5,15 +5,6 @@
5	#include <netinet/in.h>	5	#include <netinet/in.h>
6	#include <sys/socket.h>	6	#include <sys/socket.h>
7		7
8	extern size_t sp_line_no;
9
10	typedef enum {
11	SP_TYPE_STR = 0,
12	SP_TYPE_REGEXP,
13	SP_TYPE_INT,
14	SP_TYPE_EMPTY
15	} sp_type;
16
17	typedef enum {	8	typedef enum {
18	SP_PHP_TYPE_UNDEF = IS_UNDEF,	9	SP_PHP_TYPE_UNDEF = IS_UNDEF,
19	SP_PHP_TYPE_NULL = IS_NULL,	10	SP_PHP_TYPE_NULL = IS_NULL,
@@ -30,6 +21,8 @@ typedef enum {
30		21
31	typedef enum { SP_ZEND = 0, SP_SYSLOG = 1 } sp_log_media;	22	typedef enum { SP_ZEND = 0, SP_SYSLOG = 1 } sp_log_media;
32		23
		24	typedef enum { SP_UNSET = 0, SP_READONLY = 1, SP_READWRITE = -1 } sp_ini_permission;
		25
33	typedef struct {	26	typedef struct {
34	int ip_version;	27	int ip_version;
35	union {	28	union {
@@ -40,11 +33,6 @@ typedef struct {
40	} sp_cidr;	33	} sp_cidr;
41		34
42	typedef struct {	35	typedef struct {
43	zend_string *encryption_key;
44	zend_string *cookies_env_var;
45	} sp_config_global;
46
47	typedef struct {
48	bool enable;	36	bool enable;
49	bool simulation;	37	bool simulation;
50	zend_string *dump;	38	zend_string *dump;
@@ -69,13 +57,13 @@ typedef struct {
69		57
70	typedef struct {	58	typedef struct {
71	bool enable;	59	bool enable;
72	} sp_config_disable_xxe;	60	} sp_config_xxe_protection;
73		61
74	typedef struct {	62	typedef struct {
75	enum samesite_type { strict = 1, lax = 2 } samesite;	63	enum samesite_type { strict = 1, lax = 2 } samesite;
76	bool encrypt;	64	bool encrypt;
77	zend_string *name;	65	zend_string *name;
78	sp_pcre *name_r;	66	sp_regexp *name_r;
79	bool simulation;	67	bool simulation;
80	} sp_cookie;	68	} sp_cookie;
81		69
@@ -88,6 +76,8 @@ typedef struct {
88	typedef struct {	76	typedef struct {
89	bool encrypt;	77	bool encrypt;
90	bool simulation;	78	bool simulation;
		79	u_long sid_min_length;
		80	u_long sid_max_length;
91	} sp_config_session;	81	} sp_config_session;
92		82
93	typedef struct {	83	typedef struct {
@@ -101,37 +91,37 @@ typedef struct {
101	zend_string *textual_representation;	91	zend_string *textual_representation;
102		92
103	zend_string *filename;	93	zend_string *filename;
104	sp_pcre *r_filename;	94	sp_regexp *r_filename;
105		95
106	zend_string *function;	96	zend_string *function;
107	sp_pcre *r_function;	97	sp_regexp *r_function;
108	sp_list_node *functions_list;	98	sp_list_node *functions_list;
109		99
110	zend_string *hash;	100	zend_string *hash;
111	int simulation;	101	int simulation;
112		102
113	sp_tree *param;	103	sp_tree *param;
114	sp_pcre *r_param;	104	sp_regexp *r_param;
115	sp_php_type param_type;	105	sp_php_type param_type;
116	int pos;	106	int pos;
117	unsigned int line;	107	unsigned int line;
118		108
119	sp_pcre *r_ret;	109	sp_regexp *r_ret;
120	zend_string *ret;	110	zend_string *ret;
121	sp_php_type ret_type;	111	sp_php_type ret_type;
122		112
123	sp_pcre *r_value;	113	sp_regexp *r_value;
124	zend_string *value;	114	zend_string *value;
125		115
126	sp_pcre *r_key;	116	sp_regexp *r_key;
127	zend_string *key;	117	zend_string *key;
128		118
129	zend_string *dump;	119	zend_string *dump;
130	zend_string *alias;	120	zend_string *alias;
131	bool param_is_array;	121	bool param_is_array;
132	bool var_is_array;	122	bool var_is_array;
133	sp_list_node *param_array_keys;	123	// sp_list_node *param_array_keys;
134	sp_list_node *var_array_keys;	124	// sp_list_node *var_array_keys;
135		125
136	bool allow;	126	bool allow;
137		127
@@ -163,125 +153,149 @@ typedef struct {
163	} sp_config_upload_validation;	153	} sp_config_upload_validation;
164		154
165	typedef struct {	155	typedef struct {
166	sp_config_random *config_random;	156	zend_string *key;
167	sp_config_sloppy *config_sloppy;	157	sp_ini_permission access;
168	sp_config_unserialize *config_unserialize;	158	zend_string *min;
169	sp_config_readonly_exec *config_readonly_exec;	159	zend_string *max;
170	sp_config_upload_validation *config_upload_validation;	160	sp_regexp *regexp;
171	sp_config_cookie *config_cookie;	161	zend_string *msg;
172	sp_config_global *config_snuffleupagus;	162	zend_string *set;
173	sp_config_auto_cookie_secure *config_auto_cookie_secure;	163	bool allow_null;
174	sp_config_global_strict *config_global_strict;	164	bool simulation;
175	sp_config_disable_xxe *config_disable_xxe;	165	bool drop;
176	sp_config_eval *config_eval;	166	PHP_INI_MH((*orig_onmodify));
177	sp_config_wrapper *config_wrapper;	167	} sp_ini_entry;
178	sp_config_session *config_session;	168
179	bool hook_execute;	169	typedef struct {
180	char log_media;	170	bool enable;
		171	bool simulation;
		172	bool policy_readonly;
		173	bool policy_silent_ro;
		174	bool policy_silent_fail;
		175	bool policy_drop;
		176	HashTable *entries; // ht of sp_ini_entry
		177	} sp_config_ini;
181		178
182	HashTable *config_disabled_functions;	179	#define SP_PARSE_FN_(fname, kwvar) int fname(char token, sp_parsed_keyword kwvar, void *retval)
183	HashTable *config_disabled_functions_hooked;	180	#define SP_PARSE_FN(fname) SP_PARSE_FN_(fname, parsed_rule)
184	HashTable *config_disabled_functions_ret;	181	#define SP_PARSEKW_FN(fname) SP_PARSE_FN_(fname, kw)
185	HashTable *config_disabled_functions_ret_hooked;
186	sp_config_disabled_functions *config_disabled_functions_reg;
187	sp_config_disabled_functions *config_disabled_functions_reg_ret;
188	} sp_config;
189		182
190	typedef struct {	183	typedef struct {
191	int (func)(char , char , void );	184	SP_PARSE_FN((*func));
192	char *token;	185	char *token;
193	void *retval;	186	void *retval;
194	} sp_config_functions;	187	} sp_config_keyword;
195		188
196	typedef struct {	189	#define SP_PARSER_SUCCESS 0
197	int (func)(char );	190	#define SP_PARSER_ERROR -1
198	char *token;	191	#define SP_PARSER_STOP 1
199	} sp_config_tokens;
200		192
201	#define SP_TOKEN_BASE "sp"	193	// #define SP_TOKEN_BASE "sp"
202		194
203	#define SP_TOKEN_AUTO_COOKIE_SECURE ".auto_cookie_secure"	195	#define SP_TOKEN_AUTO_COOKIE_SECURE "auto_cookie_secure"
204	#define SP_TOKEN_COOKIE_ENCRYPTION ".cookie"	196	#define SP_TOKEN_COOKIE_ENCRYPTION "cookie"
205	#define SP_TOKEN_SESSION_ENCRYPTION ".session"	197	#define SP_TOKEN_SESSION_ENCRYPTION "session"
206	#define SP_TOKEN_DISABLE_FUNC ".disable_function"	198	#define SP_TOKEN_DISABLE_FUNC "disable_function"
207	#define SP_TOKEN_GLOBAL ".global"	199	#define SP_TOKEN_GLOBAL "global"
208	#define SP_TOKEN_GLOBAL_STRICT ".global_strict"	200	#define SP_TOKEN_GLOBAL_STRICT "global_strict"
209	#define SP_TOKEN_HARDEN_RANDOM ".harden_random"	201	#define SP_TOKEN_HARDEN_RANDOM "harden_random"
210	#define SP_TOKEN_READONLY_EXEC ".readonly_exec"	202	#define SP_TOKEN_READONLY_EXEC "readonly_exec"
211	#define SP_TOKEN_UNSERIALIZE_HMAC ".unserialize_hmac"	203	#define SP_TOKEN_UNSERIALIZE_HMAC "unserialize_hmac"
212	#define SP_TOKEN_UPLOAD_VALIDATION ".upload_validation"	204	#define SP_TOKEN_UPLOAD_VALIDATION "upload_validation"
213	#define SP_TOKEN_DISABLE_XXE ".disable_xxe"	205	#define SP_TOKEN_XXE_PROTECTION "xxe_protection"
214	#define SP_TOKEN_EVAL_BLACKLIST ".eval_blacklist"	206	#define SP_TOKEN_EVAL_BLACKLIST "eval_blacklist"
215	#define SP_TOKEN_EVAL_WHITELIST ".eval_whitelist"	207	#define SP_TOKEN_EVAL_WHITELIST "eval_whitelist"
216	#define SP_TOKEN_SLOPPY_COMPARISON ".sloppy_comparison"	208	#define SP_TOKEN_SLOPPY_COMPARISON "sloppy_comparison"
217	#define SP_TOKEN_ALLOW_WRAPPERS ".wrappers_whitelist"	209	#define SP_TOKEN_ALLOW_WRAPPERS "wrappers_whitelist"
		210	#define SP_TOKEN_INI_PROTECTION "ini_protection"
		211	#define SP_TOKEN_INI "ini"
218		212
219	// common tokens	213	// common tokens
220	#define SP_TOKEN_ENABLE ".enable("	214	#define SP_TOKEN_ENABLE "enable"
221	#define SP_TOKEN_DISABLE ".disable("	215	#define SP_TOKEN_DISABLE "disable"
222	#define SP_TOKEN_SIMULATION ".simulation("	216	#define SP_TOKEN_SIMULATION "simulation"
223	#define SP_TOKEN_TRUE "1"	217	#define SP_TOKEN_SIM "sim"
224	#define SP_TOKEN_FALSE "0"	218	// #define SP_TOKEN_TRUE "1"
225	#define SP_TOKEN_DUMP ".dump("	219	// #define SP_TOKEN_FALSE "0"
226	#define SP_TOKEN_ALIAS ".alias("	220	#define SP_TOKEN_DUMP "dump"
227	#define SP_TOKEN_ALLOW ".allow("	221	#define SP_TOKEN_ALIAS "alias"
228	#define SP_TOKEN_DROP ".drop("	222	#define SP_TOKEN_ALLOW "allow"
229		223	#define SP_TOKEN_DROP "drop"
230	#define SP_TOKEN_END_PARAM ')'
231		224
232	// disable_function	225	// disable_function
233	#define SP_TOKEN_CIDR ".cidr("	226	#define SP_TOKEN_CIDR "cidr"
234	#define SP_TOKEN_FILENAME ".filename("	227	#define SP_TOKEN_FILENAME "filename"
235	#define SP_TOKEN_FILENAME_REGEXP ".filename_r("	228	#define SP_TOKEN_FILENAME_REGEXP "filename_r"
236	#define SP_TOKEN_FUNCTION ".function("	229	#define SP_TOKEN_FUNCTION "function"
237	#define SP_TOKEN_FUNCTION_REGEXP ".function_r("	230	#define SP_TOKEN_FUNCTION_REGEXP "function_r"
238	#define SP_TOKEN_HASH ".hash("	231	#define SP_TOKEN_HASH "hash"
239	#define SP_TOKEN_LOCAL_VAR ".var("	232	#define SP_TOKEN_LOCAL_VAR "var"
240	#define SP_TOKEN_PARAM ".param("	233	#define SP_TOKEN_PARAM "param"
241	#define SP_TOKEN_PARAM_REGEXP ".param_r("	234	#define SP_TOKEN_PARAM_REGEXP "param_r"
242	#define SP_TOKEN_PARAM_TYPE ".param_type("	235	#define SP_TOKEN_PARAM_TYPE "param_type"
243	#define SP_TOKEN_RET ".ret("	236	#define SP_TOKEN_RET "ret"
244	#define SP_TOKEN_RET_REGEXP ".ret_r("	237	#define SP_TOKEN_RET_REGEXP "ret_r"
245	#define SP_TOKEN_RET_TYPE ".ret_type("	238	#define SP_TOKEN_RET_TYPE "ret_type"
246	#define SP_TOKEN_VALUE ".value("	239	#define SP_TOKEN_VALUE "value"
247	#define SP_TOKEN_VALUE_REGEXP ".value_r("	240	#define SP_TOKEN_VALUE_REGEXP "value_r"
248	#define SP_TOKEN_KEY ".key("	241	#define SP_TOKEN_KEY "key"
249	#define SP_TOKEN_KEY_REGEXP ".key_r("	242	#define SP_TOKEN_KEY_REGEXP "key_r"
250	#define SP_TOKEN_VALUE_ARG_POS ".pos("	243	#define SP_TOKEN_VALUE_ARG_POS "pos"
251	#define SP_TOKEN_LINE_NUMBER ".line("	244	#define SP_TOKEN_LINE_NUMBER "line"
252		245
253	// cookies encryption	246	// cookies encryption
254	#define SP_TOKEN_NAME ".name("	247	#define SP_TOKEN_NAME "name"
255	#define SP_TOKEN_NAME_REGEXP ".name_r("	248	#define SP_TOKEN_NAME_REGEXP "name_r"
256		249
257	// cookies samesite	250	// cookies samesite
258	#define SP_TOKEN_SAMESITE ".samesite("	251	#define SP_TOKEN_SAMESITE "samesite"
259	#define SP_TOKEN_ENCRYPT ".encrypt("	252	#define SP_TOKEN_ENCRYPT "encrypt"
260	#define SP_TOKEN_SAMESITE_LAX "Lax"	253	#define SP_TOKEN_SAMESITE_LAX "Lax"
261	#define SP_TOKEN_SAMESITE_STRICT "Strict"	254	#define SP_TOKEN_SAMESITE_STRICT "Strict"
262		255
263	// Global configuration options	256	// Global configuration options
264	#define SP_TOKEN_ENCRYPTION_KEY ".secret_key("	257	#define SP_TOKEN_ENCRYPTION_KEY "secret_key"
265	#define SP_TOKEN_ENV_VAR ".cookie_env_var("	258	#define SP_TOKEN_ENV_VAR "cookie_env_var"
266	#define SP_TOKEN_LOG_MEDIA ".log_media("	259	#define SP_TOKEN_LOG_MEDIA "log_media"
		260	#define SP_TOKEN_MAX_EXECUTION_DEPTH "max_execution_depth"
		261	#define SP_TOKEN_SERVER_ENCODE "server_encode"
		262	#define SP_TOKEN_SERVER_STRIP "server_strip"
		263	#define SP_TOKEN_SID_MIN_LENGTH "sid_min_length"
		264	#define SP_TOKEN_SID_MAX_LENGTH "sid_max_length"
		265	#define SP_TOKEN_SHOW_OLD_PHP_WARNING "show_old_php_warning"
267		266
268	// upload_validator	267	// upload_validator
269	#define SP_TOKEN_UPLOAD_SCRIPT ".script("	268	#define SP_TOKEN_UPLOAD_SCRIPT "script"
		269
		270	#define SP_TOKEN_LIST "list"
		271
		272	zend_result sp_process_rule(sp_parsed_keyword parsed_rule, sp_config_keyword config_keywords);
		273
		274	zend_result sp_parse_config(const char *filename);
270		275
271	#define SP_TOKEN_LIST ".list("	276	#define SP_PARSE_CHECK_ARG_EXISTS(value) \
		277	if (!value) { \
		278	sp_log_err("config", "Missing argument to keyword '%s' - it should be '%s(\"...\")' on line %zu", token, token, kw->lineno); \
		279	return SP_PARSER_ERROR; \
		280	}
272		281
273	int sp_parse_config(const char *);	282	#define SP_PARSE_ARG(value) \
274	int parse_array(sp_disabled_function *);	283	zend_string *value = sp_get_arg_string(kw); \
		284	SP_PARSE_CHECK_ARG_EXISTS(value);
275		285
276	int parse_str(char restrict, char restrict, void *);	286	SP_PARSEKW_FN(parse_str);
277	int parse_regexp(char restrict, char restrict, void *);	287	SP_PARSEKW_FN(parse_regexp);
278	int parse_empty(char restrict, char restrict, void *);	288	SP_PARSEKW_FN(parse_empty);
279	int parse_cidr(char restrict, char restrict, void *);	289	SP_PARSEKW_FN(parse_int);
280	int parse_php_type(char restrict, char restrict, void *);	290	SP_PARSEKW_FN(parse_ulong);
281	int parse_list(char restrict, char restrict, void *);	291	SP_PARSEKW_FN(parse_php_type);
		292	SP_PARSEKW_FN(parse_cidr);
		293	SP_PARSEKW_FN(parse_list);
282		294
283	// cleanup	295	// cleanup
284	void sp_disabled_function_list_free(sp_list_node *);	296	void sp_free_disabled_function(void *data);
285	void sp_cookie_list_free(sp_list_node *);	297	void sp_free_cookie(void *data);
		298	void sp_free_zstr(void *data);
		299	void sp_free_ini_entry(void *data);
286		300
287	#endif /* SP_CONFIG_H */	301	#endif /* SP_CONFIG_H */