mirror of
https://github.com/vel21ripn/nDPI.git
synced 2026-05-05 10:41:40 +00:00
950f5cc4e3
Some notes: * libinjection: according to https://github.com/libinjection/libinjection/issues/44, it seems NULL characters are valid in the input string; * RTP: `rtp_get_stream_type()` is called only for RTP packets; if you want to tell RTP from RTCP you should use `is_rtp_or_rtcp()`; * TLS: unnecessary check; we already make the same check just above, at the beginning of the `while` loop
29 lines
1.1 KiB
C
29 lines
1.1 KiB
C
#include "ndpi_api.h"
|
|
#include "../src/lib/third_party/include/libinjection.h"
|
|
#include "../src/lib/third_party/include/libinjection_xss.h"
|
|
#include "../src/lib/third_party/include/libinjection_sqli.h"
|
|
|
|
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|
struct libinjection_sqli_state state;
|
|
|
|
/* No memory allocations involved */
|
|
|
|
libinjection_sqli_init(&state, (char *)data, size, 0); /* Default: FLAG_QUOTE_NONE | FLAG_SQL_ANSI */
|
|
libinjection_is_sqli(&state);
|
|
libinjection_sqli_init(&state, (char *)data, size, FLAG_QUOTE_SINGLE | FLAG_SQL_ANSI);
|
|
libinjection_is_sqli(&state);
|
|
libinjection_sqli_init(&state, (char *)data, size, FLAG_QUOTE_DOUBLE | FLAG_SQL_ANSI);
|
|
libinjection_is_sqli(&state);
|
|
libinjection_sqli_init(&state, (char *)data, size, FLAG_QUOTE_NONE | FLAG_SQL_MYSQL);
|
|
libinjection_is_sqli(&state);
|
|
libinjection_sqli_init(&state, (char *)data, size, FLAG_QUOTE_SINGLE | FLAG_SQL_MYSQL);
|
|
libinjection_is_sqli(&state);
|
|
libinjection_sqli_init(&state, (char *)data, size, FLAG_QUOTE_DOUBLE | FLAG_SQL_MYSQL);
|
|
libinjection_is_sqli(&state);
|
|
|
|
libinjection_xss((char *)data, size);
|
|
|
|
libinjection_version();
|
|
|
|
return 0;
|
|
}
|