Attachment #224467 for bug #255182

View | Details | Raw Unified | Return to bug 255182
Collapse All | Expand All

Added Link Here

(-)b/www/hiawatha/files/patch-src_session.c (+27 lines)
1	--- src/session.c.orig 2021-04-27 07:15:50 UTC
2	+++ src/session.c
3	@@ -33,15 +33,15 @@
4	static const struct {
5	const char *text;
6	} sqli_detection[] = {
7	- {"'\\s(;\\s)?--(\\s\|')"},
8	- {"\\s+(and\|or\|xor\|&&\|\\\|\\\|)\\s\\(?\\s('\|[0-9]\|`?[a-z\\._-]+`?\\s(=\|like)\|[a-z]+\\s\\()"},
9	- {"\\s+(not\\s+)?in\\s\\(\\s['0-9]"},
10	- {"union(\\s+all)?(\\s\\(\\s\|\\s+)select(`\|\\s)"},
11	- {"select(\\s`\|\\s+)(\\\|[a-z0-9_\\, ])(`\\s\|\\s+)from(\\s`\|\\s+)[a-z0-9_\\.]"},
12	- {"insert\\s+into(\\s`\|\\s+).(`\\s\|\\s+)(values\\s)?\\(.*\\)"},
13	- {"update(\\s`\|\\s+)[a-z0-9_\\.](`\\s\|\\s+)set(\\s`\|\\s+).*="},
14	- {"delete\\s+from(\\s`\|\\s+)[a-z0-9_\\.]`?"},
15	- {"extractvalue\\s\\(\\s[0-9'\"@]"},
16	+ {"'[[:space:]](;[[:space:]])?--([[:space:]]\|')"},
17	+ {"[[:space:]]+(and\|or\|xor\|&&\|\\\|\\\|)[[:space:]]\\(?[[:space:]]('\|[0-9]\|`?[a-z\\._-]+`?[[:space:]](=\|like)\|[a-z]+[[:space:]]\\()"},
18	+ {"[[:space:]]+(not[[:space:]]+)?in[[:space:]]\\([[:space:]]['0-9]"},
19	+ {"union([[:space:]]+all)?([[:space:]]\\([[:space:]]\|[[:space:]]+)select(`\|[[:space:]])"},
20	+ {"select([[:space:]]`\|[[:space:]]+)(\\\|[a-z0-9_\\, ])(`[[:space:]]\|[[:space:]]+)from([[:space:]]`\|[[:space:]]+)[a-z0-9_\\.]"},
21	+ {"insert[[:space:]]+into([[:space:]]`\|[[:space:]]+).(`[[:space:]]\|[[:space:]]+)(values[[:space:]])?\\(.*\\)"},
22	+ {"update([[:space:]]`\|[[:space:]]+)[a-z0-9_\\.](`[[:space:]]\|[[:space:]]+)set([[:space:]]`\|[[:space:]]+).*="},
23	+ {"delete[[:space:]]+from([[:space:]]`\|[[:space:]]+)[a-z0-9_\\.]`?"},
24	+ {"extractvalue[[:space:]]\\([[:space:]][0-9'\"@]"},
25	{NULL}
26	};
27

Return to bug 255182