1 /* 2 * Copyright (C) 2013-2022 Cisco Systems, Inc. and/or its affiliates. All rights reserved. 3 * Copyright (C) 2007-2013 Sourcefire, Inc. 4 * 5 * Authors: Török Edvin 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 as 9 * published by the Free Software Foundation. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 19 * MA 02110-1301, USA. 20 */ 21 22 #ifndef _PHISH_CHECK_H 23 #define _PHISH_CHECK_H 24 25 #include "regex/regex.h" 26 #include "htmlnorm.h" 27 28 #define CL_PHISH_BASE 100 29 enum phish_status { CL_PHISH_NODECISION = 0, 30 CL_PHISH_CLEAN = CL_PHISH_BASE, 31 CL_PHISH_CLOAKED_UIU, 32 CL_PHISH_NUMERIC_IP, 33 CL_PHISH_HEX_URL, 34 CL_PHISH_CLOAKED_NULL, 35 CL_PHISH_SSL_SPOOF, 36 CL_PHISH_NOMATCH, 37 CL_PHISH_HASH0, 38 CL_PHISH_HASH1, 39 CL_PHISH_HASH2 }; 40 41 #define CHECK_SSL 1 42 #define CHECK_CLOAKING 2 43 #define CLEANUP_URL 4 44 #define CHECK_IMG_URL 8 45 46 #define LINKTYPE_IMAGE 1 47 48 #define CL_PHISH_ALL_CHECKS (CLEANUP_URL | CHECK_SSL | CHECK_CLOAKING | CHECK_IMG_URL) 49 50 struct string { 51 struct string* ref; 52 char* data; 53 int refcount; 54 }; 55 56 struct phishcheck { 57 regex_t preg_numeric; 58 int is_disabled; 59 }; 60 61 struct pre_fixup_info { 62 /* pre_* url before fixup_spaces */ 63 struct string pre_displayLink; 64 size_t host_start; 65 size_t host_end; 66 }; 67 68 struct url_check { 69 struct string realLink; 70 struct string displayLink; 71 struct pre_fixup_info pre_fixup; 72 unsigned short flags; 73 unsigned short always_check_flags; 74 unsigned short link_type; 75 }; 76 77 cl_error_t phishingScan(cli_ctx* ctx, tag_arguments_t* hrefs); 78 79 void phish_disable(struct cl_engine* engine, const char* reason); 80 /* Global, non-thread-safe functions, call only once! */ 81 cl_error_t phishing_init(struct cl_engine* engine); 82 void phishing_done(struct cl_engine* engine); 83 enum phish_status cli_url_canon(const char* inurl, size_t len, char* urlbuff, size_t dest_len, char** host, size_t* hostlen, const char** path, size_t* pathlen); 84 /* end of non-thread-safe functions */ 85 86 #endif 87