1 /*
2  *  Copyright (C) 2013-2022 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
3  *  Copyright (C) 2007-2013 Sourcefire, Inc.
4  *
5  *  Authors: Török Edvin
6  *
7  *  This program is free software; you can redistribute it and/or modify
8  *  it under the terms of the GNU General Public License version 2 as
9  *  published by the Free Software Foundation.
10  *
11  *  This program is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *  GNU General Public License for more details.
15  *
16  *  You should have received a copy of the GNU General Public License
17  *  along with this program; if not, write to the Free Software
18  *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
19  *  MA 02110-1301, USA.
20  */
21 
22 #ifndef _PHISH_CHECK_H
23 #define _PHISH_CHECK_H
24 
25 #include "regex/regex.h"
26 #include "htmlnorm.h"
27 
28 #define CL_PHISH_BASE 100
29 enum phish_status { CL_PHISH_NODECISION = 0,
30                     CL_PHISH_CLEAN      = CL_PHISH_BASE,
31                     CL_PHISH_CLOAKED_UIU,
32                     CL_PHISH_NUMERIC_IP,
33                     CL_PHISH_HEX_URL,
34                     CL_PHISH_CLOAKED_NULL,
35                     CL_PHISH_SSL_SPOOF,
36                     CL_PHISH_NOMATCH,
37                     CL_PHISH_HASH0,
38                     CL_PHISH_HASH1,
39                     CL_PHISH_HASH2 };
40 
41 #define CHECK_SSL 1
42 #define CHECK_CLOAKING 2
43 #define CLEANUP_URL 4
44 #define CHECK_IMG_URL 8
45 
46 #define LINKTYPE_IMAGE 1
47 
48 #define CL_PHISH_ALL_CHECKS (CLEANUP_URL | CHECK_SSL | CHECK_CLOAKING | CHECK_IMG_URL)
49 
50 struct string {
51     struct string* ref;
52     char* data;
53     int refcount;
54 };
55 
56 struct phishcheck {
57     regex_t preg_numeric;
58     int is_disabled;
59 };
60 
61 struct pre_fixup_info {
62     /* pre_* url before fixup_spaces */
63     struct string pre_displayLink;
64     size_t host_start;
65     size_t host_end;
66 };
67 
68 struct url_check {
69     struct string realLink;
70     struct string displayLink;
71     struct pre_fixup_info pre_fixup;
72     unsigned short flags;
73     unsigned short always_check_flags;
74     unsigned short link_type;
75 };
76 
77 cl_error_t phishingScan(cli_ctx* ctx, tag_arguments_t* hrefs);
78 
79 void phish_disable(struct cl_engine* engine, const char* reason);
80 /* Global, non-thread-safe functions, call only once! */
81 cl_error_t phishing_init(struct cl_engine* engine);
82 void phishing_done(struct cl_engine* engine);
83 enum phish_status cli_url_canon(const char* inurl, size_t len, char* urlbuff, size_t dest_len, char** host, size_t* hostlen, const char** path, size_t* pathlen);
84 /* end of non-thread-safe functions */
85 
86 #endif
87