diff --git a/.clang-format b/.clang-format deleted file mode 100644 index d30c5da2..00000000 --- a/.clang-format +++ /dev/null @@ -1,121 +0,0 @@ ---- -Language: Cpp -# BasedOnStyle: LLVM -AccessModifierOffset: -2 -AlignAfterOpenBracket: Align -AlignConsecutiveAssignments: false -AlignConsecutiveDeclarations: false -AlignEscapedNewlines: Right -AlignOperands: true -AlignTrailingComments: true -AllowAllParametersOfDeclarationOnNextLine: true -AllowShortBlocksOnASingleLine: false -AllowShortCaseLabelsOnASingleLine: false -AllowShortFunctionsOnASingleLine: All -AllowShortIfStatementsOnASingleLine: false -AllowShortLoopsOnASingleLine: false -AlwaysBreakAfterDefinitionReturnType: None -AlwaysBreakAfterReturnType: None -AlwaysBreakBeforeMultilineStrings: false -AlwaysBreakTemplateDeclarations: MultiLine -BinPackArguments: true -BinPackParameters: true -BraceWrapping: - AfterClass: false - AfterControlStatement: false - AfterEnum: false - AfterFunction: false - AfterNamespace: false - AfterObjCDeclaration: false - AfterStruct: false - AfterUnion: false - AfterExternBlock: false - BeforeCatch: false - BeforeElse: false - IndentBraces: false - SplitEmptyFunction: true - SplitEmptyRecord: true - SplitEmptyNamespace: true -BreakBeforeBinaryOperators: None -BreakBeforeBraces: Attach -BreakBeforeInheritanceComma: false -BreakInheritanceList: BeforeColon -BreakBeforeTernaryOperators: true -BreakConstructorInitializersBeforeComma: false -BreakConstructorInitializers: BeforeColon -BreakAfterJavaFieldAnnotations: false -BreakStringLiterals: true -ColumnLimit: 80 -CommentPragmas: '^ IWYU pragma:' -CompactNamespaces: false -ConstructorInitializerAllOnOneLineOrOnePerLine: false -ConstructorInitializerIndentWidth: 4 -ContinuationIndentWidth: 4 -Cpp11BracedListStyle: true -DerivePointerAlignment: false -DisableFormat: false -ExperimentalAutoDetectBinPacking: false -FixNamespaceComments: true -ForEachMacros: - - foreach - - Q_FOREACH - - BOOST_FOREACH -IncludeBlocks: Preserve -IncludeCategories: - - Regex: '^"(llvm|llvm-c|clang|clang-c)/' - Priority: 2 - - Regex: '^(<|"(gtest|gmock|isl|json)/)' - Priority: 3 - - Regex: '.*' - Priority: 1 -IncludeIsMainRegex: '(Test)?$' -IndentCaseLabels: false -IndentPPDirectives: None -IndentWidth: 2 -IndentWrappedFunctionNames: false -JavaScriptQuotes: Leave -JavaScriptWrapImports: true -KeepEmptyLinesAtTheStartOfBlocks: true -MacroBlockBegin: '' -MacroBlockEnd: '' -MaxEmptyLinesToKeep: 1 -NamespaceIndentation: None -ObjCBinPackProtocolList: Auto -ObjCBlockIndentWidth: 2 -ObjCSpaceAfterProperty: false -ObjCSpaceBeforeProtocolList: true -PenaltyBreakAssignment: 2 -PenaltyBreakBeforeFirstCallParameter: 19 -PenaltyBreakComment: 300 -PenaltyBreakFirstLessLess: 120 -PenaltyBreakString: 1000 -PenaltyBreakTemplateDeclaration: 10 -PenaltyExcessCharacter: 1000000 -PenaltyReturnTypeOnItsOwnLine: 60 -PointerAlignment: Right -ReflowComments: true -SortIncludes: true -SortUsingDeclarations: true -SpaceAfterCStyleCast: false -SpaceAfterTemplateKeyword: true -SpaceBeforeAssignmentOperators: true -SpaceBeforeCpp11BracedList: false -SpaceBeforeCtorInitializerColon: true -SpaceBeforeInheritanceColon: true -SpaceBeforeParens: ControlStatements -SpaceBeforeRangeBasedForLoopColon: true -SpaceInEmptyParentheses: false -SpacesBeforeTrailingComments: 1 -SpacesInAngles: false -SpacesInContainerLiterals: true -SpacesInCStyleCastParentheses: false -SpacesInParentheses: false -SpacesInSquareBrackets: false -Standard: Cpp11 -StatementMacros: - - Q_UNUSED - - QT_REQUIRE_VERSION -TabWidth: 8 -UseTab: Never -... - diff --git a/.gitmodules b/.gitmodules deleted file mode 100644 index e69de29b..00000000 diff --git a/CMakeLists.txt b/CMakeLists.txt deleted file mode 100644 index 1190a371..00000000 --- a/CMakeLists.txt +++ /dev/null @@ -1,12 +0,0 @@ -cmake_minimum_required(VERSION 3.0) -project(angel_security) -set(CMAKE_EXPORT_COMPILE_COMMANDS ON) -list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_LIST_DIR}/cmake_dart_utils/cmake") -find_package(Dart REQUIRED) -include_directories(libinjection/src) -add_subdirectory(libinjection/src) -add_dart_native_extension(angel_security_native lib/src/native/angel_security.c) -target_link_libraries(angel_security_native injection) -install(TARGETS angel_security_native injection - ARCHIVE DESTINATION "${CMAKE_CURRENT_LIST_DIR}/lib/src/native" - LIBRARY DESTINATION "${CMAKE_CURRENT_LIST_DIR}/lib/src/native") \ No newline at end of file diff --git a/example/sqli_filter.dart b/example/sqli_filter.dart deleted file mode 100644 index 83c4dac1..00000000 --- a/example/sqli_filter.dart +++ /dev/null @@ -1,29 +0,0 @@ -import 'package:angel_framework/angel_framework.dart'; -import 'package:angel_framework/http.dart'; -import 'package:angel_security/native.dart'; -import 'package:logging/logging.dart'; -import 'package:pretty_logging/pretty_logging.dart'; - -main() async { - // Logging boilerplate. - Logger.root.onRecord.listen(prettyLog); - - // Create an app, and HTTP driver. - var app = Angel(logger: Logger('rate_limit')), http = AngelHttp(app); - - // Filter out SQL injections from the query. On every GET request, - // print out the query parameters (as JSON). - app - ..fallback(sqliFilterQuery) - ..get('/', (req, res) => req.queryParameters) - ..fallback((req, res) => throw AngelHttpException.notFound()); - - // Start the server. - await http.startServer('127.0.0.1', 3000); - print('SQLi filtering example listening at ${http.uri}'); - - var exampleUri = http.uri.replace(queryParameters: { - 'id': "-1' and 1=1 union/* foo */select load_file('/etc/passwd')--" - }); - print('Example URI: $exampleUri'); -} diff --git a/lib/native.dart b/lib/native.dart deleted file mode 100644 index 3dffded9..00000000 --- a/lib/native.dart +++ /dev/null @@ -1 +0,0 @@ -export 'src/native/native.dart'; diff --git a/lib/src/native/angel_security.c b/lib/src/native/angel_security.c deleted file mode 100644 index a4f9b80f..00000000 --- a/lib/src/native/angel_security.c +++ /dev/null @@ -1,61 +0,0 @@ -#include -#include -#include -#include -#include - -Dart_NativeFunction ResolveName(Dart_Handle name, int argc, - bool *auto_setup_scope); - -DART_EXPORT Dart_Handle angel_security_native_Init(Dart_Handle parent_library) { - if (Dart_IsError(parent_library)) - return parent_library; - - Dart_Handle result_code = - Dart_SetNativeResolver(parent_library, ResolveName, NULL); - if (Dart_IsError(result_code)) - return result_code; - - return Dart_Null(); -} - -Dart_Handle HandleError(Dart_Handle handle) { - if (Dart_IsError(handle)) - Dart_PropagateError(handle); - return handle; -} - -void Angel_Security_IsSqli(Dart_NativeArguments arguments) { - const char *text; - Dart_Handle textHandle = Dart_GetNativeArgument(arguments, 0); - HandleError(Dart_StringToCString(textHandle, &text)); - - struct libinjection_sqli_state state; - libinjection_sqli_init(&state, text, strlen(text), FLAG_NONE); - int is_sqli = libinjection_is_sqli(&state); - - // Return list - Dart_Handle outHandle = Dart_NewList(2); - if (is_sqli != 0) { - HandleError(Dart_ListSetAt(outHandle, 0, Dart_NewBoolean(true))); - HandleError(Dart_ListSetAt(outHandle, 1, - Dart_NewStringFromCString(state.fingerprint))); - } else { - HandleError(Dart_ListSetAt(outHandle, 0, Dart_NewBoolean(false))); - HandleError(Dart_ListSetAt(outHandle, 1, Dart_Null())); - } - Dart_SetReturnValue(arguments, outHandle); -} - -Dart_NativeFunction ResolveName(Dart_Handle name, int argc, - bool *auto_setup_scope) { - if (!Dart_IsString(name)) - return NULL; - Dart_NativeFunction result = NULL; - const char *cname; - HandleError(Dart_StringToCString(name, &cname)); - - if (strcmp("Angel_Security_IsSqli", cname) == 0) - result = Angel_Security_IsSqli; - return result; -} diff --git a/lib/src/native/libangel_security_native.dylib b/lib/src/native/libangel_security_native.dylib deleted file mode 100755 index 7145a37f..00000000 Binary files a/lib/src/native/libangel_security_native.dylib and /dev/null differ diff --git a/lib/src/native/libinjection.a b/lib/src/native/libinjection.a deleted file mode 100644 index 41f91c54..00000000 Binary files a/lib/src/native/libinjection.a and /dev/null differ diff --git a/lib/src/native/libinjection.dylib b/lib/src/native/libinjection.dylib deleted file mode 100755 index f8ae95f5..00000000 Binary files a/lib/src/native/libinjection.dylib and /dev/null differ diff --git a/lib/src/native/native.dart b/lib/src/native/native.dart deleted file mode 100644 index 255d5817..00000000 --- a/lib/src/native/native.dart +++ /dev/null @@ -1,3 +0,0 @@ -import 'dart-ext:angel_security_native'; -import 'package:angel_framework/angel_framework.dart'; -part 'sqli.dart'; diff --git a/lib/src/native/sqli.dart b/lib/src/native/sqli.dart deleted file mode 100644 index 6c4c02e4..00000000 --- a/lib/src/native/sqli.dart +++ /dev/null @@ -1,39 +0,0 @@ -part of 'native.dart'; - -List _isSqli(String text) native "Angel_Security_IsSqli"; - -/// Using `libinjection`, determines whether a string contains -/// a SQL injection. -LibInjectionScore sqlInjectionScore(String text) { - var result = _isSqli(text); - return LibInjectionScore(result[0] as bool, result[1] as String); -} - -/// Uses `libinjection` to filter out possible SQL injections from the -/// query parameters ([RequestContext.queryParameters]). -/// -/// Note: This is *destructive*, and modifies the query parameter map, -/// instead of returning new data. -bool sqliFilterQuery(RequestContext req, ResponseContext res) { - var out = {}; - req.queryParameters.forEach((k, v) { - if (v is! String) { - out[k] = v; - } else { - var score = sqlInjectionScore(v as String); - if (!score.isInjection) { - out[k] = v; - } - } - }); - - req.queryParameters..clear()..addAll(out); - return true; -} - -class LibInjectionScore { - final bool isInjection; - final String signature; - - LibInjectionScore(this.isInjection, [this.signature]); -} diff --git a/security.iml b/security.iml deleted file mode 100644 index 5a5ced28..00000000 --- a/security.iml +++ /dev/null @@ -1,14 +0,0 @@ - - - - - - - - - - - - - - \ No newline at end of file