void RegExp::compileMatchOnly(VM* vm, Yarr::YarrCharSize charSize)
{
Yarr::YarrPattern pattern(m_patternString, ignoreCase(), multiline(), &m_constructionError);
if (m_constructionError) {
RELEASE_ASSERT_NOT_REACHED();
#if COMPILER_QUIRK(CONSIDERS_UNREACHABLE_CODE)
m_state = ParseError;
return;
#endif
}
ASSERT(m_numSubpatterns == pattern.m_numSubpatterns);
if (!hasCode()) {
ASSERT(m_state == NotCompiled);
vm->regExpCache()->addToStrongCache(this);
m_state = ByteCode;
}
#if ENABLE(YARR_JIT)
if (!pattern.m_containsBackreferences && !pattern.containsUnsignedLengthPattern() && vm->canUseRegExpJIT()) {
Yarr::jitCompile(pattern, charSize, vm, m_regExpJITCode, Yarr::MatchOnly);
if (!m_regExpJITCode.isFallBack()) {
m_state = JITCode;
return;
}
}
#else
UNUSED_PARAM(charSize);
#endif
m_state = ByteCode;
m_regExpBytecode = Yarr::byteCompile(pattern, &vm->m_regExpAllocator);
}
std::string Srs::codeString() const
{
if (!hasCode()) throw std::runtime_error("No SRS code found");
std::string s(authority() + ':' + horizontal());
if (hasVerticalCode()) s += '+' + vertical();
return s;
}
/*
* Fetch the event code filter value.
*/
wbem::framework::UINT16 wbem::support::EventLogFilter::getCode() throw (framework::Exception)
{
if (!hasCode())
{
COMMON_LOG_ERROR("requested code filter when none set");
throw framework::ExceptionBadParameter("code");
}
return m_codeValue;
}
void RegExp::deleteCode()
{
if (!hasCode())
return;
m_state = NotCompiled;
#if ENABLE(YARR_JIT)
m_regExpJITCode.clear();
#endif
m_regExpBytecode = nullptr;
}
void RegExp::deleteCode()
{
ConcurrentJSLocker locker(m_lock);
if (!hasCode())
return;
m_state = NotCompiled;
#if ENABLE(YARR_JIT)
m_regExpJITCode.clear();
#endif
m_regExpBytecode = nullptr;
}
void RegExp::compileIfNecessaryMatchOnly(VM& vm, Yarr::YarrCharSize charSize)
{
if (hasCode()) {
#if ENABLE(YARR_JIT)
if (m_state != JITCode)
return;
if ((charSize == Yarr::Char8) && (m_regExpJITCode.has8BitCodeMatchOnly()))
return;
if ((charSize == Yarr::Char16) && (m_regExpJITCode.has16BitCodeMatchOnly()))
return;
#else
return;
#endif
}
compileMatchOnly(&vm, charSize);
}
void RegExp::compileMatchOnly(VM* vm, Yarr::YarrCharSize charSize)
{
ConcurrentJSLocker locker(m_lock);
Yarr::YarrPattern pattern(m_patternString, m_flags, m_constructionErrorCode, vm->stackLimit());
if (hasError(m_constructionErrorCode)) {
m_state = ParseError;
return;
}
ASSERT(m_numSubpatterns == pattern.m_numSubpatterns);
if (!hasCode()) {
ASSERT(m_state == NotCompiled);
vm->regExpCache()->addToStrongCache(this);
m_state = ByteCode;
}
#if ENABLE(YARR_JIT)
if (!pattern.containsUnsignedLengthPattern() && VM::canUseRegExpJIT()
#if !ENABLE(YARR_JIT_BACKREFERENCES)
&& !pattern.m_containsBackreferences
#endif
) {
Yarr::jitCompile(pattern, m_patternString, charSize, vm, m_regExpJITCode, Yarr::MatchOnly);
if (!m_regExpJITCode.failureReason()) {
m_state = JITCode;
return;
}
}
#else
UNUSED_PARAM(charSize);
#endif
if (Options::dumpCompiledRegExpPatterns())
dataLog("Can't JIT this regular expression: \"", m_patternString, "\"\n");
m_state = ByteCode;
m_regExpBytecode = byteCodeCompilePattern(vm, pattern);
}
void RegExp::compile(VM* vm, Yarr::YarrCharSize charSize)
{
Yarr::YarrPattern pattern(m_patternString, ignoreCase(), multiline(), &m_constructionError);
if (m_constructionError) {
RELEASE_ASSERT_NOT_REACHED();
m_state = ParseError;
return;
}
ASSERT(m_numSubpatterns == pattern.m_numSubpatterns);
if (!hasCode()) {
ASSERT(m_state == NotCompiled);
vm->regExpCache()->addToStrongCache(this);
m_state = ByteCode;
}
#if ENABLE(YARR_JIT)
if (!pattern.m_containsBackreferences && vm->canUseRegExpJIT()) {
Yarr::jitCompile(pattern, charSize, vm, m_regExpJITCode);
#if ENABLE(YARR_JIT_DEBUG)
if (!m_regExpJITCode.isFallBack())
m_state = JITCode;
else
m_state = ByteCode;
#else
if (!m_regExpJITCode.isFallBack()) {
m_state = JITCode;
return;
}
#endif
}
#else
UNUSED_PARAM(charSize);
#endif
m_regExpBytecode = Yarr::byteCompile(pattern, &vm->m_regExpAllocator);
}
void toPLSQLEditor::changePackage(const QModelIndex ¤t, const QModelIndex &previous)
{
toBusy busy;
// qDebug() << "toDebug::changePackage 1";
toCodeModelItem *item = static_cast<toCodeModelItem*>(current.internalPointer());
if (item && item->parent())
{
QString ctype = item->parent()->display();
if (ctype.isEmpty() || ctype == "Code")
return;
ctype = ctype.toUpper();
viewSource(Schema->currentText(), item->display(), ctype, 0);
if (ctype == "PACKAGE" ||
(ctype == "TYPE" && hasCode(Schema->currentText(), ctype + " BODY", item->display())))
viewSource(Schema->currentText(), item->display(), ctype + " BODY", 0);
}
#ifdef AUTOEXPAND
else if (item && !item->parent())
item->setOpen(true);
#endif
// qDebug() << "toDebug::changePackage 2";
}
bool AutoBan::hasPerm(long ip,
char *code, long codeLen,
char *uip, long uipLen,
TcpSocket *s,
HttpRequest *r,
SafeBuf* testBuf,
bool justCheck ) {
char *reqStr = r->getRequest();
long reqLen = r->getRequestLen();
long raw = r->getLong("xml", 0);
long isHuman = 0;
if(code && hasCode(code, codeLen, ip )) {
//don't close client's sockets
if(s) s->m_prefLevel++;
//no ip, but valid code, let them through.
if(!uip) return true;
ip = atoip(uip, uipLen);
// log(LOG_WARN, "has uip %s", uip);
if(!ip) return true;
//has code and uip, do the check.
//the front end can administer a turing test
//and tell us to unban them
isHuman = r->getLong("ishuman", 0);
}
// if ip is local and uip is there, use it
if ( uip && r->isLocal() ) {
// it's local, let it through
if( ! uip ) return true;
// get the new ip then
ip = atoip(uip, uipLen);
// log(LOG_WARN, "has uip %s", uip);
if ( !ip ) return true;
//has code and uip, do the check.
}
//now we check the ip block which the ip is in.
unsigned long ipBlock = (unsigned long)ip & 0x0000ffff;
unsigned long i = getSlot((unsigned long)ipBlock);
if((unsigned long)m_detectKeys[i] == ipBlock) {
if(m_detectVals[i].m_flags & ALLOW) {
if ( justCheck ) return true;
m_detectVals[i].m_dayCount++;
if(s) s->m_prefLevel++;
return true;
}
if(m_detectVals[i].m_flags & DENY) {
if ( justCheck ) return false;
m_detectVals[i].m_dayCount++;
return false;
}
}
//now we check the ip group which the ip is in.
unsigned long ipGroup = (unsigned long)ip & 0x00ffffff;
i = getSlot((unsigned long)ipGroup);
if((unsigned long)m_detectKeys[i] == ipGroup) {
if(m_detectVals[i].m_flags & ALLOW) {
if ( justCheck ) return true;
m_detectVals[i].m_dayCount++;
if(s) s->m_prefLevel++;
return true;
}
if(m_detectVals[i].m_flags & DENY) {
if ( justCheck ) return false;
m_detectVals[i].m_dayCount++;
return false;
}
}
i = getSlot((unsigned long)ip);
long now = getTime();
long banTest = r->getLong("bantest",0);
if ( banTest ) {
log("autoban: doing ban test");
goto doTuringTest;
}
if(m_detectKeys[i] == ip) {
if(m_detectVals[i].m_flags & ALLOW) {
// do not inc if just checking, like for a gif file
if ( justCheck ) return true;
//explicitly allowed.
//log(LOG_WARN,"autoban: %li allowed.", ip);
m_detectVals[i].m_dayCount++;
if(s) s->m_prefLevel++;
return true;
}
if(m_detectVals[i].m_flags & DENY) {
// do not inc if just checking, like for a gif file
if ( justCheck ) return false;
//banned by autoban, or explicity banned by matt.
long explicitBan = m_detectVals[i].m_flags & FROMCONF;
//log(LOG_WARN,"autoban: %li rejected.", ip);
if(!explicitBan &&
// MDW yippy project - no! don't unban bots!
//(m_detectVals[i].m_dayExpires < now || isHuman)) {
(isHuman)) {
//they are unbanned for now, I guess.
m_detectVals[i].m_flags &= ~DENY;
m_detectVals[i].m_dayExpires = now + ONE_DAY;
m_detectVals[i].m_minuteExpires = now + 60;
m_detectVals[i].m_dayCount = 1;
m_detectVals[i].m_minuteCount = 1;
log("autoban: auto-unbanning %s",iptoa(ip));
//return true;
goto checkSubstr;
}
m_detectVals[i].m_dayCount++;
if(explicitBan) return false;
if(uip) return false;
goto doTuringTest;
}
// do not inc if just checking, like a gif file
if ( justCheck ) return true;
/*
if( m_detectVals[i].m_minuteCount > 0 &&
// two requests in one second?
now == m_detectVals[i].m_minuteExpires - 60 ) {
m_detectVals[i].m_flags |= DENY;
log("autoban: second-banning %s",iptoa(ip));
long banUntil = now +
(ONE_DAY *
(m_detectVals[i].m_timesBanned + 1));
if(banUntil < 0 ||
m_detectVals[i].m_timesBanned == 255 ) {
m_detectVals[i].m_dayExpires =
0x7fffffff;
}
else {
m_detectVals[i].m_timesBanned++;
m_detectVals[i].m_dayExpires =banUntil;
}
return false;
}
*/
if(m_detectVals[i].m_minuteCount >=
g_conf.m_numFreeQueriesPerMinute) {
if(m_detectVals[i].m_minuteExpires > now) {
//ban 'em, they are a cowbot, so they
//don't get the turing test
m_detectVals[i].m_flags |= DENY;
log("autoban: minute-banning %s",iptoa(ip));
long banUntil = now +
(ONE_DAY *
(m_detectVals[i].m_timesBanned + 1));
if(banUntil < 0 || m_detectVals[i].m_timesBanned == 255 ) {
m_detectVals[i].m_dayExpires = 0x7fffffff;
}
else {
m_detectVals[i].m_timesBanned++;
m_detectVals[i].m_dayExpires = banUntil;
}
return false;
//goto doTuringTest;
}
else {
m_detectVals[i].m_minuteExpires = now + 60;
m_detectVals[i].m_minuteCount = 0;
}
}
if((unsigned long)m_detectVals[i].m_dayCount >=
g_conf.m_numFreeQueriesPerDay) {
if(m_detectVals[i].m_dayExpires > now) {
//ban 'em
log("autoban: day-banning %s",iptoa(ip));
m_detectVals[i].m_flags |= DENY;
if(m_detectVals[i].m_timesBanned != 255)
m_detectVals[i].m_timesBanned++;
m_detectVals[i].m_dayExpires = now +
(ONE_DAY * m_detectVals[i].
m_timesBanned);
if(uip) return false;
goto doTuringTest;
}
else {
m_detectVals[i].m_dayExpires = now + ONE_DAY;
m_detectVals[i].m_dayCount = 0;
}
}
m_detectVals[i].m_minuteCount++;
m_detectVals[i].m_dayCount++;
//return true;
goto checkSubstr;
}
// do not inc if just checking, like for a gif file
if ( justCheck ) return true;
if(m_detectKeys[i] == 0) {
if(m_numEntries * 1.2 > m_tableSize ) {
//here we grow the table and adjust i to an
//empty slot in the new (bigger) table
if(!growTable())
//return true;
goto checkSubstr;
i = getSlot(ip);
}
m_detectKeys[i] = ip;
m_detectVals[i].m_flags = 0;
m_detectVals[i].m_minuteCount = 1;
m_detectVals[i].m_dayCount = 1;
m_detectVals[i].m_minuteExpires = now + 60;
m_detectVals[i].m_dayExpires = now + ONE_DAY;
m_detectVals[i].m_timesBanned = 0;
++m_numEntries;
//log(LOG_WARN,"autoban: %li adding to empty slot.",
//ip);
//return true;
goto checkSubstr;
}
//we go here if someone is banned and they are trying to search
doTuringTest:
// sanity!
if ( justCheck ) { char *xx=NULL;*xx=0; }
if( raw == 0 ) {
// did we get a good response from the turing test?
if( g_turingTest.isHuman(r)) {
m_detectVals[i].m_flags &= ~DENY;
//log("autoban: turing-unbanning %s",iptoa(ip));
m_detectVals[i].m_dayExpires = now + ONE_DAY;
m_detectVals[i].m_minuteExpires = now + 60;
m_detectVals[i].m_dayCount = 1;
m_detectVals[i].m_minuteCount = 1;
log(LOG_INFO, "autoban: ip %s has unbanned "
"themselves", iptoa(ip));
return true;
}
testBuf->safePrintf("<form method=get>");
long queryLen = 0;
char* query = r->getValue("q" , &queryLen);
long start = r->getLong("s" , 0);
if ( query )
testBuf->safePrintf("<input type=hidden name=\"q\" "
"value=\"%s\">\n", query);
if ( start > 0 )
testBuf->safePrintf("<input type=hidden name=\"s\" "
"value=\"%li\">\n", start);
long gigabits = r->getLong("gigabits",0);
if ( gigabits )
testBuf->safePrintf("<input type=hidden name=gigabits "
"value=1>\n");
//
// yippy parms
//
char *ifs = r->getString("input-form",NULL);
if ( ifs )
testBuf->safePrintf("<input type=hidden "
"name=\"input-form\" "
"value=\"%s\">\n", ifs );
char *vs = r->getString("v:sources",NULL);
if ( vs )
testBuf->safePrintf("<input type=hidden "
"name=\"v:sources\" "
"value=\"%s\">\n", vs );
char *vp = r->getString("v:project",NULL);
if ( vp )
testBuf->safePrintf("<input type=hidden "
"name=\"v:project\" "
"value=\"%s\">\n", vp );
char *qp = r->getString("query",NULL);
if ( qp )
testBuf->safePrintf("<input type=hidden "
"name=\"query\" "
"value=\"%s\">\n", qp);
if ( banTest )
testBuf->safePrintf("<input type=hidden "
"name=\"bantest\" "
"value=\"1\">\n");
//
// end yippy parms
//
// display the turing test so they can unban themselves
g_turingTest.printTest(testBuf);
testBuf->safePrintf("<br><center><input type=submit "
"value=\"submit\"></center><br>");
testBuf->safePrintf("</form>");
}
return false;
checkSubstr:
// sanity!
if ( justCheck ) { char *xx=NULL;*xx=0; }
// Look for regular expressions that may serve as a signature of
// a botnet attack
char *banRegex = g_conf.m_banRegex;
long banRegexLen = g_conf.m_banRegexLen;
if (!banRegex || !banRegexLen) return true;
// Don't do regex...look for comma-separated lists of substrings
long start = 0;
bool gotMatch = false;
bool missedMatch = false;
for (long i=0;i<= banRegexLen;i++) {
if (i != banRegexLen &&
banRegex[i] && banRegex[i] != '\n' && banRegex[i] != '\r'
&& banRegex[i] != ',')
continue;
char c = banRegex[i];
// NULL terminate
banRegex[i] = '\0';
// search for substr (must be longer than 2 chars
if ( i - start > 2){
if (strnstr(reqStr, reqLen, &banRegex[start]))
gotMatch = true;
else missedMatch = true;
}
banRegex[i] = c;
start = i+1;
// check the next substr if we're not at the
// end of line or end of buffer
if (c != '\n' && c != '\r' && c != '\0') continue;
// did we get all the substrings?
if (gotMatch && !missedMatch) return false;
// reset for the next set of substrings
gotMatch = false;
missedMatch = false;
}
return true;
}
