vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-05 19:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

Added check for invalid HTTP URLs

Browse source
This commit is contained in:
Luca Deri 2020-05-16 00:10:35 +02:00
parent c375782b96
commit 3d9285f1be
15 changed files with 878 additions and 849 deletions
Download patch file Download diff file Expand all files Collapse all files

25
src/lib/ndpi_utils.c
View file

@ -1332,9 +1332,9 @@ static int ndpi_is_rce_injection(char* query) {
/* ********************************** */
ndpi_risk ndpi_validate_url(char *url) {
ndpi_risk_enum ndpi_validate_url(char *url) {
char *orig_str = NULL, *str = NULL, *question_mark = strchr(url, '?');
ndpi_risk rc = NDPI_NO_RISK;
ndpi_risk_enum rc = NDPI_NO_RISK;
if(question_mark) {
char *tmp;
@ -1389,6 +1389,15 @@ ndpi_risk ndpi_validate_url(char *url) {
validate_rc:
if(orig_str) ndpi_free(orig_str);
if(rc == NDPI_NO_RISK) {
/* Let's do an extra check */
if(strstr(url, "..")) {
/* 127.0.0.1/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe */
rc = NDPI_HTTP_SUSPICIOUS_URL;
}
}
return(rc);
}
@ -1406,7 +1415,9 @@ u_int8_t ndpi_is_protocol_detected(struct ndpi_detection_module_struct *ndpi_str
/* ******************************************************************** */
const char* ndpi_risk2str(ndpi_risk risk) {
const char* ndpi_risk2str(ndpi_risk_enum risk) {
static char buf[16];
switch(risk) {
case NDPI_URL_POSSIBLE_XSS:
return("XSS attack");
@ -1443,8 +1454,12 @@ const char* ndpi_risk2str(ndpi_risk risk) {
case NDPI_HTTP_NUMERIC_IP_HOST:
return("HTTP Numeric IP Address");
case NDPI_HTTP_SUSPICIOUS_URL:
return("HTTP Suspicious URL");
default:
return("");
default:
snprintf(buf, sizeof(buf), "%d", (int)risk);
return(buf);
}
}