Fossil

Diff
Login
Home Timeline Docs Branches Tickets Wiki DownloadMore...
Annotate Patch Unified Diff

Differences From Artifact [bd17f4126f]:

To Artifact [05e4515240]:

465
466
467
468
469
470
471
472
473
474
475
476
477
478
479

480


481
482
483
484
485
486
487
488
489




490
491
492
493
494
495
496


/*
** Return true if z[i] is the whole word given by zWord
*/
static int isWholeWord(const char *z, unsigned int i, const char *zWord, int n){
  if( i>0 && fossil_isalnum(z[i-1]) ) return 0;
  if( sqlite3_strnicmp(z+i, zWord, n)!=0 ) return 0;
  if( z[i+n]!=0&& fossil_isalnum(z[i+n]) ) return 0;
  return 1;
}

/*
** Returns true if the given text contains certain keywords or
** punctuation which indicate that it might be SQL. This is only a
** high-level check, not intended to be used for any application-level

** logic other than in defense against spiders in limited contexts.


*/
int looks_like_sql_injection(const char *zTxt){
  unsigned int i;
  if( zTxt==0 ) return 0;
  for(i=0; zTxt[i]; i++){
    switch( zTxt[i] ){
      case ';':
      case '\'':
        return 1;




      case 'a':
      case 'A':
        if( isWholeWord(zTxt, i, "and", 3) ) return 1;
        break;
      case 'n':
      case 'N':
        if( isWholeWord(zTxt, i, "null", 4) ) return 1;








|





|
|
>
|
>
>









>
>
>
>








465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503


/*
** Return true if z[i] is the whole word given by zWord
*/
static int isWholeWord(const char *z, unsigned int i, const char *zWord, int n){
  if( i>0 && fossil_isalnum(z[i-1]) ) return 0;
  if( sqlite3_strnicmp(z+i, zWord, n)!=0 ) return 0;
  if( fossil_isalnum(z[i+n]) ) return 0;
  return 1;
}

/*
** Returns true if the given text contains certain keywords or
** punctuation which indicate that it might be an SQL injection attempt
** or some other kind of mischief.
**
** This is not a defense against vulnerabilities in the Fossil code.
** Rather, this is part of an effort to do early detection of malicious
** spiders to avoid them using up too many CPU cycles.
*/
int looks_like_sql_injection(const char *zTxt){
  unsigned int i;
  if( zTxt==0 ) return 0;
  for(i=0; zTxt[i]; i++){
    switch( zTxt[i] ){
      case ';':
      case '\'':
        return 1;
      case '/':             /* 0123456789 123456789 */
        if( strncmp(zTxt+i+1, "/wp-content/plugins/", 20)==0 ) return 1;
        if( strncmp(zTxt+i+1, "/wp-admin/admin-ajax", 20)==0 ) return 1;
        break;
      case 'a':
      case 'A':
        if( isWholeWord(zTxt, i, "and", 3) ) return 1;
        break;
      case 'n':
      case 'N':
        if( isWholeWord(zTxt, i, "null", 4) ) return 1;
This page was generated in about 0.017s by Fossil 2.26 [1205ec86cb] 2025-04-30 16:57:32