/* * wrapper */ int libinjection_xss(const char* s, size_t len) { if (libinjection_is_xss(s, len, DATA_STATE)) { return 1; } if (libinjection_is_xss(s, len, VALUE_NO_QUOTE)) { return 1; } if (libinjection_is_xss(s, len, VALUE_SINGLE_QUOTE)) { return 1; } if (libinjection_is_xss(s, len, VALUE_DOUBLE_QUOTE)) { return 1; } if (libinjection_is_xss(s, len, VALUE_BACK_QUOTE)) { return 1; } return 0; }
static ib_status_t xss_op_execute( ib_tx_t *tx, const ib_field_t *field, ib_field_t *capture, ib_num_t *result, void *instance_data, void *cbdata ) { assert(tx != NULL); assert(field != NULL); assert(result != NULL); ib_bytestr_t *bs; ib_status_t rc; *result = 0; /* Currently only bytestring types are supported. * Other types will just get passed through. */ if (field->type != IB_FTYPE_BYTESTR) { return IB_OK; } rc = ib_field_value(field, ib_ftype_bytestr_mutable_out(&bs)); if (rc != IB_OK) { return rc; } /* Run through libinjection. */ // TODO: flags parameter is currently undocumented - using 0 if (libinjection_is_xss((const char *)ib_bytestr_const_ptr(bs), ib_bytestr_length(bs), 0)) { ib_log_debug_tx(tx, "Matched XSS."); *result = 1; } return IB_OK; }