aboutsummaryrefslogtreecommitdiff
path: root/src/lib/ndpi_utils.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/ndpi_utils.c')
-rw-r--r--src/lib/ndpi_utils.c61
1 files changed, 16 insertions, 45 deletions
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 067c9456d..9b0339c3c 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -48,6 +48,10 @@
#include "third_party/include/ndpi_patricia.h"
#include "third_party/include/ht_hash.h"
+#include "third_party/include/libinjection.h"
+#include "third_party/include/libinjection_sqli.h"
+#include "third_party/include/libinjection_xss.h"
+
#define NDPI_CONST_GENERIC_PROTOCOL_NAME "GenericProtocol"
// #define MATCH_DEBUG 1
@@ -211,10 +215,11 @@ void ndpi_tdestroy(void *vrootp, void (*freefct)(void *))
u_int8_t ndpi_net_match(u_int32_t ip_to_check,
u_int32_t net,
- u_int32_t num_bits)
-{
+ u_int32_t num_bits) {
u_int32_t mask = 0;
+ num_bits &= 0x1F; /* Avoid overflows */
+
mask = ~(~mask >> num_bits);
return(((ip_to_check & mask) == (net & mask)) ? 1 : 0);
@@ -970,6 +975,7 @@ int ndpi_flow2json(struct ndpi_detection_module_struct *ndpi_struct,
case NDPI_PROTOCOL_TELNET:
ndpi_serialize_start_of_block(serializer, "telnet");
ndpi_serialize_string_string(serializer, "username", flow->protos.telnet.username);
+ ndpi_serialize_string_string(serializer, "password", flow->protos.telnet.password);
ndpi_serialize_end_of_block(serializer);
break;
@@ -1009,6 +1015,7 @@ int ndpi_flow2json(struct ndpi_detection_module_struct *ndpi_struct,
ndpi_serialize_start_of_block(serializer, "ftp");
ndpi_serialize_string_string(serializer, "user", flow->protos.ftp_imap_pop_smtp.username);
ndpi_serialize_string_string(serializer, "password", flow->protos.ftp_imap_pop_smtp.password);
+ ndpi_serialize_string_uint32(serializer, "auth_failed", flow->protos.ftp_imap_pop_smtp.auth_failed);
ndpi_serialize_end_of_block(serializer);
break;
@@ -1135,56 +1142,20 @@ static int ndpi_url_decode(const char *s, char *out) {
/* ********************************** */
-/* #define URL_CHECK_DEBUG 1 */
-
-static int find_occurrency(char *str, char *what) {
- char *found = strstr(str, what);
- u_int len;
-
-#ifdef URL_CHECK_DEBUG
- printf("%s() [%s][%s]\n", __FUNCTION__, str, what);
-#endif
-
- if(!found) return(0);
-
- len = strlen(what);
-
- if(((found[len] != '\0') || (found[len] != ' '))
- && ((found == str) || (found[-1] == ' ')))
- return(1);
- else
- return(find_occurrency(&found[len], what));
-}
-
-/* ********************************** */
-
-static int ndpi_check_tokens(char* query, char* keywords[]) {
-#ifdef URL_CHECK_DEBUG
- printf("%s() [%s]\n", __FUNCTION__, query);
-#endif
-
- for(int i=0; keywords[i] != NULL; i++) {
- if(find_occurrency(query, keywords[i]) > 0)
- return(1);
- }
-
- return(0);
-}
+static int ndpi_is_sql_injection(char* query) {
+ struct libinjection_sqli_state state;
-/* ********************************** */
+ size_t qlen = strlen(query);
+ libinjection_sqli_init(&state, query, qlen, FLAG_NONE);
-static int ndpi_is_sql_injection(char* query) {
- char* sql_keywords[] = { "select", "from", "where", "any", "all", "join", "inner", "left", "right", "full",
- "table", "alter", "create", "delete", "union", "update", "drop", "group", "order",
- "limit", "primary", "column", NULL };
- return(ndpi_check_tokens(query, sql_keywords));
+ return libinjection_is_sqli(&state);
}
/* ********************************** */
static int ndpi_is_xss_injection(char* query) {
- char* js_keywords[] = { "<script>", "console.", "log.", NULL };
- return(ndpi_check_tokens(query, js_keywords));
+ size_t qlen = strlen(query);
+ return libinjection_xss(query, qlen);
}
/* ********************************** */