diff options
Diffstat (limited to 'src/lib/ndpi_utils.c')
-rw-r--r-- | src/lib/ndpi_utils.c | 61 |
1 files changed, 16 insertions, 45 deletions
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 067c9456d..9b0339c3c 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -48,6 +48,10 @@ #include "third_party/include/ndpi_patricia.h" #include "third_party/include/ht_hash.h" +#include "third_party/include/libinjection.h" +#include "third_party/include/libinjection_sqli.h" +#include "third_party/include/libinjection_xss.h" + #define NDPI_CONST_GENERIC_PROTOCOL_NAME "GenericProtocol" // #define MATCH_DEBUG 1 @@ -211,10 +215,11 @@ void ndpi_tdestroy(void *vrootp, void (*freefct)(void *)) u_int8_t ndpi_net_match(u_int32_t ip_to_check, u_int32_t net, - u_int32_t num_bits) -{ + u_int32_t num_bits) { u_int32_t mask = 0; + num_bits &= 0x1F; /* Avoid overflows */ + mask = ~(~mask >> num_bits); return(((ip_to_check & mask) == (net & mask)) ? 1 : 0); @@ -970,6 +975,7 @@ int ndpi_flow2json(struct ndpi_detection_module_struct *ndpi_struct, case NDPI_PROTOCOL_TELNET: ndpi_serialize_start_of_block(serializer, "telnet"); ndpi_serialize_string_string(serializer, "username", flow->protos.telnet.username); + ndpi_serialize_string_string(serializer, "password", flow->protos.telnet.password); ndpi_serialize_end_of_block(serializer); break; @@ -1009,6 +1015,7 @@ int ndpi_flow2json(struct ndpi_detection_module_struct *ndpi_struct, ndpi_serialize_start_of_block(serializer, "ftp"); ndpi_serialize_string_string(serializer, "user", flow->protos.ftp_imap_pop_smtp.username); ndpi_serialize_string_string(serializer, "password", flow->protos.ftp_imap_pop_smtp.password); + ndpi_serialize_string_uint32(serializer, "auth_failed", flow->protos.ftp_imap_pop_smtp.auth_failed); ndpi_serialize_end_of_block(serializer); break; @@ -1135,56 +1142,20 @@ static int ndpi_url_decode(const char *s, char *out) { /* ********************************** */ -/* #define URL_CHECK_DEBUG 1 */ - -static int find_occurrency(char *str, char *what) { - char *found = strstr(str, what); - u_int len; - -#ifdef URL_CHECK_DEBUG - printf("%s() [%s][%s]\n", __FUNCTION__, str, what); -#endif - - if(!found) return(0); - - len = strlen(what); - - if(((found[len] != '\0') || (found[len] != ' ')) - && ((found == str) || (found[-1] == ' '))) - return(1); - else - return(find_occurrency(&found[len], what)); -} - -/* ********************************** */ - -static int ndpi_check_tokens(char* query, char* keywords[]) { -#ifdef URL_CHECK_DEBUG - printf("%s() [%s]\n", __FUNCTION__, query); -#endif - - for(int i=0; keywords[i] != NULL; i++) { - if(find_occurrency(query, keywords[i]) > 0) - return(1); - } - - return(0); -} +static int ndpi_is_sql_injection(char* query) { + struct libinjection_sqli_state state; -/* ********************************** */ + size_t qlen = strlen(query); + libinjection_sqli_init(&state, query, qlen, FLAG_NONE); -static int ndpi_is_sql_injection(char* query) { - char* sql_keywords[] = { "select", "from", "where", "any", "all", "join", "inner", "left", "right", "full", - "table", "alter", "create", "delete", "union", "update", "drop", "group", "order", - "limit", "primary", "column", NULL }; - return(ndpi_check_tokens(query, sql_keywords)); + return libinjection_is_sqli(&state); } /* ********************************** */ static int ndpi_is_xss_injection(char* query) { - char* js_keywords[] = { "<script>", "console.", "log.", NULL }; - return(ndpi_check_tokens(query, js_keywords)); + size_t qlen = strlen(query); + return libinjection_xss(query, qlen); } /* ********************************** */ |