/*
* wrapper
*/
int libinjection_xss(const char* s, size_t len)
{
if (libinjection_is_xss(s, len, DATA_STATE)) {
return 1;
}
if (libinjection_is_xss(s, len, VALUE_NO_QUOTE)) {
return 1;
}
if (libinjection_is_xss(s, len, VALUE_SINGLE_QUOTE)) {
return 1;
}
if (libinjection_is_xss(s, len, VALUE_DOUBLE_QUOTE)) {
return 1;
}
if (libinjection_is_xss(s, len, VALUE_BACK_QUOTE)) {
return 1;
}
return 0;
}
static
ib_status_t xss_op_execute(
ib_tx_t *tx,
const ib_field_t *field,
ib_field_t *capture,
ib_num_t *result,
void *instance_data,
void *cbdata
)
{
assert(tx != NULL);
assert(field != NULL);
assert(result != NULL);
ib_bytestr_t *bs;
ib_status_t rc;
*result = 0;
/* Currently only bytestring types are supported.
* Other types will just get passed through. */
if (field->type != IB_FTYPE_BYTESTR) {
return IB_OK;
}
rc = ib_field_value(field, ib_ftype_bytestr_mutable_out(&bs));
if (rc != IB_OK) {
return rc;
}
/* Run through libinjection. */
// TODO: flags parameter is currently undocumented - using 0
if (libinjection_is_xss((const char *)ib_bytestr_const_ptr(bs), ib_bytestr_length(bs), 0)) {
ib_log_debug_tx(tx, "Matched XSS.");
*result = 1;
}
return IB_OK;
}
