1
/* Licensed to the Apache Software Foundation (ASF) under one or more
2
* contributor license agreements. See the NOTICE file distributed with
3
* this work for additional information regarding copyright ownership.
4
* The ASF licenses this file to You under the Apache License, Version 2.0
5
* (the "License"); you may not use this file except in compliance with
6
* the License. You may obtain a copy of the License at
8
* http://www.apache.org/licenses/LICENSE-2.0
10
* Unless required by applicable law or agreed to in writing, software
11
* distributed under the License is distributed on an "AS IS" BASIS,
12
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
* See the License for the specific language governing permissions and
14
* limitations under the License.
27
/* A bunch of functions in util.c scan strings looking for certain characters.
28
* To make that more efficient we encode a lookup table.
30
#define T_ESCAPE_SHELL_CMD (0x01)
31
#define T_ESCAPE_PATH_SEGMENT (0x02)
32
#define T_OS_ESCAPE_PATH (0x04)
33
#define T_HTTP_TOKEN_STOP (0x08)
34
#define T_ESCAPE_LOGITEM (0x10)
35
#define T_ESCAPE_FORENSIC (0x20)
37
int main(int argc, char *argv[])
42
printf("/* this file is automatically generated by gen_test_char, "
44
"#define T_ESCAPE_SHELL_CMD (%u)\n"
45
"#define T_ESCAPE_PATH_SEGMENT (%u)\n"
46
"#define T_OS_ESCAPE_PATH (%u)\n"
47
"#define T_HTTP_TOKEN_STOP (%u)\n"
48
"#define T_ESCAPE_LOGITEM (%u)\n"
49
"#define T_ESCAPE_FORENSIC (%u)\n"
51
"static const unsigned char test_char_table[256] = {",
53
T_ESCAPE_PATH_SEGMENT,
59
for (c = 0; c < 256; ++c) {
64
/* escape_shell_cmd */
65
#if defined(WIN32) || defined(OS2)
66
/* Win32/OS2 have many of the same vulnerable characters
67
* as Unix sh, plus the carriage return and percent char.
68
* The proper escaping of these characters varies from unix
69
* since Win32/OS2 use carets or doubled-double quotes,
70
* and neither lf nor cr can be escaped. We escape unix
71
* specific as well, to assure that cross-compiled unix
72
* applications behave similiarly when invoked on win32/os2.
74
* Rem please keep in-sync with apr's list in win32/filesys.c
76
if (c && strchr("&;`'\"|*?~<>^()[]{}$\\\n\r%", c)) {
77
flags |= T_ESCAPE_SHELL_CMD;
80
if (c && strchr("&;`'\"|*?~<>^()[]{}$\\\n", c)) {
81
flags |= T_ESCAPE_SHELL_CMD;
85
if (!apr_isalnum(c) && !strchr("$-_.+!*'(),:@&=~", c)) {
86
flags |= T_ESCAPE_PATH_SEGMENT;
89
if (!apr_isalnum(c) && !strchr("$-_.+!*'(),:@&=/~", c)) {
90
flags |= T_OS_ESCAPE_PATH;
93
/* these are the "tspecials" from RFC2068 */
94
if (c && (apr_iscntrl(c) || strchr(" \t()<>@,;:\\/[]?={}", c))) {
95
flags |= T_HTTP_TOKEN_STOP;
98
/* For logging, escape all control characters,
99
* double quotes (because they delimit the request in the log file)
100
* backslashes (because we use backslash for escaping)
101
* and 8-bit chars with the high bit set
103
if (c && (!apr_isprint(c) || c == '"' || c == '\\' || apr_iscntrl(c))) {
104
flags |= T_ESCAPE_LOGITEM;
107
/* For forensic logging, escape all control characters, top bit set,
108
* :, | (used as delimiters) and % (used for escaping).
110
if (!apr_isprint(c) || c == ':' || c == '|' || c == '%'
111
|| apr_iscntrl(c) || !c) {
112
flags |= T_ESCAPE_FORENSIC;
115
printf("%u%c", flags, (c < 255) ? ',' : ' ');