Fossil

Check-in [5d6efeee47]
Login

Check-in [5d6efeee47]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Improvements to the algorithm for detecting likely SQL injection text.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | verify-options-cgi
Files: files | file ages | folders
SHA3-256: 5d6efeee477ff3087811df663a34e551982f09b34b2bee51fe8a11d129d3879d
User & Date: drh 2023-07-17 12:13:27.036
Context
2023-07-17
12:18
In /raw and /secureraw, ensure that the "m" and "at" vars are fetched before the malice check. Typo fix in cgi.c. ... (check-in: 83015b0d9a user: stephan tags: verify-options-cgi)
12:13
Improvements to the algorithm for detecting likely SQL injection text. ... (check-in: 5d6efeee47 user: drh tags: verify-options-cgi)
11:44
Improve the error log message for 418 responses so that it includes the name of the offending query parameter. Require whitespace around keywords when trying to detect SQL. ... (check-in: ef1702fde3 user: drh tags: verify-options-cgi)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/lookslike.c. 
460
461
462
463
464
465
466
467

468
469
470
471

472


473
474
475
476
477
478
479

               (lookFlags&LOOK_INVALID)?"yes":"no");
  fossil_print("Has flag LOOK_ODD: %s\n",(lookFlags&LOOK_ODD)?"yes":"no");
  fossil_print("Has flag LOOK_SHORT: %s\n",(lookFlags&LOOK_SHORT)?"yes":"no");
  blob_reset(&blob);
}

/*
** Return true if z[i] is the whole word given by zWord

*/
static int isWholeWord(const char *z, unsigned int i, const char *zWord, int n){
  if( i>0 && !fossil_isspace(z[i-1]) ) return 0;
  if( sqlite3_strnicmp(z+i, zWord, n)!=0 ) return 0;

  if( z[i+n]!=0 && !fossil_isspace(z[i+n]) ) return 0;


  return 1;
}

/*
** Returns true if the given text contains certain keywords or
** punctuation which indicate that it might be an SQL injection attempt
** or some other kind of mischief.








|
>


|

>
|
>
>








460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483

               (lookFlags&LOOK_INVALID)?"yes":"no");
  fossil_print("Has flag LOOK_ODD: %s\n",(lookFlags&LOOK_ODD)?"yes":"no");
  fossil_print("Has flag LOOK_SHORT: %s\n",(lookFlags&LOOK_SHORT)?"yes":"no");
  blob_reset(&blob);
}

/*
** Return true if z[i] is the whole word given by zWord in a context that
** might be an attempted SQL injection.
*/
static int isWholeWord(const char *z, unsigned int i, const char *zWord, int n){
  if( i==0 ) return 0;
  if( sqlite3_strnicmp(z+i, zWord, n)!=0 ) return 0;
  if( fossil_isalnum(z[i-1]) ) return 0;
  if( fossil_isalnum(z[i+n]) ) return 0;
  if( strchr("-)_", z[i-1])!=0 ) return 0;
  if( strchr("(_", z[i+n])!=0 ) return 0;
  return 1;
}

/*
** Returns true if the given text contains certain keywords or
** punctuation which indicate that it might be an SQL injection attempt
** or some other kind of mischief.

500
501
502
503
504
505
506
507


508
509
510
511
512
513
514

        break;
      case 'n':
      case 'N':
        if( isWholeWord(zTxt, i, "null", 4) ) return 1;
        break;
      case 'o':
      case 'O':
        if( isWholeWord(zTxt, i, "order", 5) ) return 1;


        if( isWholeWord(zTxt, i, "or", 2) ) return 1;
        break;
      case 's':
      case 'S':
        if( isWholeWord(zTxt, i, "select", 6) ) return 1;
        break;
      case 'w':








|
>
>








504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520

        break;
      case 'n':
      case 'N':
        if( isWholeWord(zTxt, i, "null", 4) ) return 1;
        break;
      case 'o':
      case 'O':
        if( isWholeWord(zTxt, i, "order", 5) && fossil_isspace(zTxt[i+5]) ){
          return 1;
        }
        if( isWholeWord(zTxt, i, "or", 2) ) return 1;
        break;
      case 's':
      case 'S':
        if( isWholeWord(zTxt, i, "select", 6) ) return 1;
        break;
      case 'w':