1 #ifndef SP_CONFIG_H
2 #define SP_CONFIG_H
3 
4 #include <arpa/inet.h>
5 #include <netinet/in.h>
6 #include <sys/socket.h>
7 
8 extern size_t sp_line_no;
9 
10 typedef enum {
11   SP_TYPE_STR = 0,
12   SP_TYPE_REGEXP,
13   SP_TYPE_INT,
14   SP_TYPE_EMPTY
15 } sp_type;
16 
17 typedef enum {
18   SP_PHP_TYPE_UNDEF = IS_UNDEF,
19   SP_PHP_TYPE_NULL = IS_NULL,
20   SP_PHP_TYPE_FALSE = IS_FALSE,
21   SP_PHP_TYPE_TRUE = IS_TRUE,
22   SP_PHP_TYPE_LONG = IS_LONG,
23   SP_PHP_TYPE_DOUBLE = IS_DOUBLE,
24   SP_PHP_TYPE_STRING = IS_STRING,
25   SP_PHP_TYPE_ARRAY = IS_ARRAY,
26   SP_PHP_TYPE_OBJECT = IS_OBJECT,
27   SP_PHP_TYPE_RESOURCE = IS_RESOURCE,
28   SP_PHP_TYPE_REFERENCE = IS_REFERENCE
29 } sp_php_type;
30 
31 typedef enum { SP_ZEND = 0, SP_SYSLOG = 1 } sp_log_media;
32 
33 typedef struct {
34   int ip_version;
35   union {
36     struct in_addr ipv4;
37     struct in6_addr ipv6;
38   } ip;
39   uint8_t mask;
40 } sp_cidr;
41 
42 typedef struct {
43   zend_string *encryption_key;
44   zend_string *cookies_env_var;
45 } sp_config_global;
46 
47 typedef struct {
48   bool enable;
49   bool simulation;
50   zend_string *dump;
51   zend_string *textual_representation;
52 } sp_config_readonly_exec;
53 
54 typedef struct {
55   bool enable;
56 } sp_config_global_strict;
57 
58 typedef struct {
59   bool enable;
60 } sp_config_random;
61 
62 typedef struct {
63   bool enable;
64 } sp_config_sloppy;
65 
66 typedef struct {
67   bool enable;
68 } sp_config_auto_cookie_secure;
69 
70 typedef struct {
71   bool enable;
72 } sp_config_disable_xxe;
73 
74 typedef struct {
75   enum samesite_type { strict = 1, lax = 2 } samesite;
76   bool encrypt;
77   zend_string *name;
78   sp_pcre *name_r;
79   bool simulation;
80 } sp_cookie;
81 
82 typedef struct {
83   sp_list_node *whitelist;
84   bool enabled;
85   size_t num_wrapper;  // Used to verify if wrappers were added.
86 } sp_config_wrapper;
87 
88 typedef struct {
89   bool encrypt;
90   bool simulation;
91 } sp_config_session;
92 
93 typedef struct {
94   bool enable;
95   bool simulation;
96   zend_string *dump;
97   zend_string *textual_representation;
98 } sp_config_unserialize;
99 
100 typedef struct {
101   zend_string *textual_representation;
102 
103   zend_string *filename;
104   sp_pcre *r_filename;
105 
106   zend_string *function;
107   sp_pcre *r_function;
108   sp_list_node *functions_list;
109 
110   zend_string *hash;
111   int simulation;
112 
113   sp_tree *param;
114   sp_pcre *r_param;
115   sp_php_type param_type;
116   int pos;
117   unsigned int line;
118 
119   sp_pcre *r_ret;
120   zend_string *ret;
121   sp_php_type ret_type;
122 
123   sp_pcre *r_value;
124   zend_string *value;
125 
126   sp_pcre *r_key;
127   zend_string *key;
128 
129   zend_string *dump;
130   zend_string *alias;
131   bool param_is_array;
132   bool var_is_array;
133   sp_list_node *param_array_keys;
134   sp_list_node *var_array_keys;
135 
136   bool allow;
137 
138   sp_tree *var;
139 
140   sp_cidr *cidr;
141 } sp_disabled_function;
142 
143 typedef struct {
144   sp_list_node *blacklist;
145   sp_list_node *whitelist;
146   bool simulation;
147   zend_string *dump;
148   zend_string *textual_representation;
149 } sp_config_eval;
150 
151 typedef struct {
152   sp_list_node *disabled_functions;  // list of sp_disabled_function
153 } sp_config_disabled_functions;
154 
155 typedef struct {
156   sp_list_node *cookies;  // list of sp_cookie for regexp/names
157 } sp_config_cookie;
158 
159 typedef struct {
160   zend_string *script;
161   bool simulation;
162   bool enable;
163 } sp_config_upload_validation;
164 
165 typedef struct {
166   sp_config_random *config_random;
167   sp_config_sloppy *config_sloppy;
168   sp_config_unserialize *config_unserialize;
169   sp_config_readonly_exec *config_readonly_exec;
170   sp_config_upload_validation *config_upload_validation;
171   sp_config_cookie *config_cookie;
172   sp_config_global *config_snuffleupagus;
173   sp_config_auto_cookie_secure *config_auto_cookie_secure;
174   sp_config_global_strict *config_global_strict;
175   sp_config_disable_xxe *config_disable_xxe;
176   sp_config_eval *config_eval;
177   sp_config_wrapper *config_wrapper;
178   sp_config_session *config_session;
179   bool hook_execute;
180   char log_media;
181 
182   HashTable *config_disabled_functions;
183   HashTable *config_disabled_functions_hooked;
184   HashTable *config_disabled_functions_ret;
185   HashTable *config_disabled_functions_ret_hooked;
186   sp_config_disabled_functions *config_disabled_functions_reg;
187   sp_config_disabled_functions *config_disabled_functions_reg_ret;
188 } sp_config;
189 
190 typedef struct {
191   int (*func)(char *, char *, void *);
192   char *token;
193   void *retval;
194 } sp_config_functions;
195 
196 typedef struct {
197   int (*func)(char *);
198   char *token;
199 } sp_config_tokens;
200 
201 #define SP_TOKEN_BASE "sp"
202 
203 #define SP_TOKEN_AUTO_COOKIE_SECURE ".auto_cookie_secure"
204 #define SP_TOKEN_COOKIE_ENCRYPTION ".cookie"
205 #define SP_TOKEN_SESSION_ENCRYPTION ".session"
206 #define SP_TOKEN_DISABLE_FUNC ".disable_function"
207 #define SP_TOKEN_GLOBAL ".global"
208 #define SP_TOKEN_GLOBAL_STRICT ".global_strict"
209 #define SP_TOKEN_HARDEN_RANDOM ".harden_random"
210 #define SP_TOKEN_READONLY_EXEC ".readonly_exec"
211 #define SP_TOKEN_UNSERIALIZE_HMAC ".unserialize_hmac"
212 #define SP_TOKEN_UPLOAD_VALIDATION ".upload_validation"
213 #define SP_TOKEN_DISABLE_XXE ".disable_xxe"
214 #define SP_TOKEN_EVAL_BLACKLIST ".eval_blacklist"
215 #define SP_TOKEN_EVAL_WHITELIST ".eval_whitelist"
216 #define SP_TOKEN_SLOPPY_COMPARISON ".sloppy_comparison"
217 #define SP_TOKEN_ALLOW_WRAPPERS ".wrappers_whitelist"
218 
219 // common tokens
220 #define SP_TOKEN_ENABLE ".enable("
221 #define SP_TOKEN_DISABLE ".disable("
222 #define SP_TOKEN_SIMULATION ".simulation("
223 #define SP_TOKEN_TRUE "1"
224 #define SP_TOKEN_FALSE "0"
225 #define SP_TOKEN_DUMP ".dump("
226 #define SP_TOKEN_ALIAS ".alias("
227 #define SP_TOKEN_ALLOW ".allow("
228 #define SP_TOKEN_DROP ".drop("
229 
230 #define SP_TOKEN_END_PARAM ')'
231 
232 // disable_function
233 #define SP_TOKEN_CIDR ".cidr("
234 #define SP_TOKEN_FILENAME ".filename("
235 #define SP_TOKEN_FILENAME_REGEXP ".filename_r("
236 #define SP_TOKEN_FUNCTION ".function("
237 #define SP_TOKEN_FUNCTION_REGEXP ".function_r("
238 #define SP_TOKEN_HASH ".hash("
239 #define SP_TOKEN_LOCAL_VAR ".var("
240 #define SP_TOKEN_PARAM ".param("
241 #define SP_TOKEN_PARAM_REGEXP ".param_r("
242 #define SP_TOKEN_PARAM_TYPE ".param_type("
243 #define SP_TOKEN_RET ".ret("
244 #define SP_TOKEN_RET_REGEXP ".ret_r("
245 #define SP_TOKEN_RET_TYPE ".ret_type("
246 #define SP_TOKEN_VALUE ".value("
247 #define SP_TOKEN_VALUE_REGEXP ".value_r("
248 #define SP_TOKEN_KEY ".key("
249 #define SP_TOKEN_KEY_REGEXP ".key_r("
250 #define SP_TOKEN_VALUE_ARG_POS ".pos("
251 #define SP_TOKEN_LINE_NUMBER ".line("
252 
253 // cookies encryption
254 #define SP_TOKEN_NAME ".name("
255 #define SP_TOKEN_NAME_REGEXP ".name_r("
256 
257 // cookies samesite
258 #define SP_TOKEN_SAMESITE ".samesite("
259 #define SP_TOKEN_ENCRYPT ".encrypt("
260 #define SP_TOKEN_SAMESITE_LAX "Lax"
261 #define SP_TOKEN_SAMESITE_STRICT "Strict"
262 
263 // Global configuration options
264 #define SP_TOKEN_ENCRYPTION_KEY ".secret_key("
265 #define SP_TOKEN_ENV_VAR ".cookie_env_var("
266 #define SP_TOKEN_LOG_MEDIA ".log_media("
267 
268 // upload_validator
269 #define SP_TOKEN_UPLOAD_SCRIPT ".script("
270 
271 #define SP_TOKEN_LIST ".list("
272 
273 int sp_parse_config(const char *);
274 int parse_array(sp_disabled_function *);
275 
276 int parse_str(char *restrict, char *restrict, void *);
277 int parse_regexp(char *restrict, char *restrict, void *);
278 int parse_empty(char *restrict, char *restrict, void *);
279 int parse_cidr(char *restrict, char *restrict, void *);
280 int parse_php_type(char *restrict, char *restrict, void *);
281 int parse_list(char *restrict, char *restrict, void *);
282 
283 // cleanup
284 void sp_disabled_function_list_free(sp_list_node *);
285 
286 #endif /* SP_CONFIG_H */
287