00001 /*************************************************************************** 00002 * Copyright (c) 2009-2010 Open Information Security Foundation 00003 * Copyright (c) 2010-2013 Qualys, Inc. 00004 * All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that the following conditions are 00008 * met: 00009 * 00010 * - Redistributions of source code must retain the above copyright 00011 * notice, this list of conditions and the following disclaimer. 00012 00013 * - Redistributions in binary form must reproduce the above copyright 00014 * notice, this list of conditions and the following disclaimer in the 00015 * documentation and/or other materials provided with the distribution. 00016 00017 * - Neither the name of the Qualys, Inc. nor the names of its 00018 * contributors may be used to endorse or promote products derived from 00019 * this software without specific prior written permission. 00020 * 00021 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 00022 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 00023 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 00024 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 00025 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 00026 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 00027 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 00028 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 00029 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 00030 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 00031 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 00032 ***************************************************************************/ 00033 00039 #ifndef HTP_CONFIG_PRIVATE_H 00040 #define HTP_CONFIG_PRIVATE_H 00041 00042 #ifdef __cplusplus 00043 extern "C" { 00044 #endif 00045 00046 #define HTP_DECODER_CONTEXTS_MAX 3 00047 00048 typedef struct htp_decoder_cfg_t { 00049 00050 // Path-specific decoding options. 00051 00053 int backslash_convert_slashes; 00054 00056 int convert_lowercase; 00057 00059 int path_separators_compress; 00060 00062 int path_separators_decode; 00063 00065 int plusspace_decode; 00066 00068 enum htp_unwanted_t path_separators_encoded_unwanted; 00069 00070 00071 // Special characters options. 00072 00074 int nul_raw_terminates; 00075 00077 enum htp_unwanted_t nul_raw_unwanted; 00078 00080 enum htp_unwanted_t control_chars_unwanted; 00081 00082 00083 // URL encoding options. 00084 00086 int u_encoding_decode; 00087 00089 enum htp_unwanted_t u_encoding_unwanted; 00090 00092 enum htp_url_encoding_handling_t url_encoding_invalid_handling; 00093 00095 enum htp_unwanted_t url_encoding_invalid_unwanted; 00096 00098 int nul_encoded_terminates; 00099 00101 enum htp_unwanted_t nul_encoded_unwanted; 00102 00103 00104 // UTF-8 options. 00105 00107 enum htp_unwanted_t utf8_invalid_unwanted; 00108 00110 int utf8_convert_bestfit; 00111 00112 00113 // Best-fit mapping options. 00114 00116 unsigned char *bestfit_map; 00117 00119 unsigned char bestfit_replacement_byte; 00120 00121 } htp_decoder_cfg_t; 00122 00123 struct htp_cfg_t { 00129 size_t field_limit_hard; 00130 00135 size_t field_limit_soft; 00136 00141 enum htp_log_level_t log_level; 00142 00147 int tx_auto_destroy; 00148 00152 enum htp_server_personality_t server_personality; 00153 00155 int (*parse_request_line)(htp_connp_t *connp); 00156 00158 int (*parse_response_line)(htp_connp_t *connp); 00159 00161 int (*process_request_header)(htp_connp_t *connp, unsigned char *data, size_t len); 00162 00164 int (*process_response_header)(htp_connp_t *connp, unsigned char *data, size_t len); 00165 00167 int (*parameter_processor)(htp_param_t *param); 00168 00170 htp_decoder_cfg_t decoder_cfgs[HTP_DECODER_CONTEXTS_MAX]; 00171 00173 int generate_request_uri_normalized; 00174 00176 int response_decompression_enabled; 00177 00179 char *request_encoding; 00180 00182 char *internal_encoding; 00183 00185 int parse_request_cookies; 00186 00188 int parse_request_auth; 00189 00191 int extract_request_files; 00192 00194 int extract_request_files_limit; 00195 00197 char *tmpdir; 00198 00199 // Hooks 00200 00206 htp_hook_t *hook_request_start; 00207 00211 htp_hook_t *hook_request_line; 00212 00216 htp_hook_t *hook_request_uri_normalize; 00217 00224 htp_hook_t *hook_request_header_data; 00225 00229 htp_hook_t *hook_request_headers; 00230 00238 htp_hook_t *hook_request_body_data; 00239 00244 htp_hook_t *hook_request_file_data; 00245 00251 htp_hook_t *hook_request_trailer_data; 00252 00257 htp_hook_t *hook_request_trailer; 00258 00262 htp_hook_t *hook_request_complete; 00263 00268 htp_hook_t *hook_response_start; 00269 00273 htp_hook_t *hook_response_line; 00274 00281 htp_hook_t *hook_response_header_data; 00282 00286 htp_hook_t *hook_response_headers; 00287 00296 htp_hook_t *hook_response_body_data; 00297 00303 htp_hook_t *hook_response_trailer_data; 00304 00309 htp_hook_t *hook_response_trailer; 00310 00316 htp_hook_t *hook_response_complete; 00317 00323 htp_hook_t *hook_transaction_complete; 00324 00328 htp_hook_t *hook_log; 00329 00333 void *user_data; 00334 00335 // Request Line parsing options. 00336 00337 // TODO this was added here to maintain a stable ABI, once we can break that 00338 // we may want to move this into htp_decoder_cfg_t (VJ) 00339 00341 enum htp_unwanted_t requestline_leading_whitespace_unwanted; 00342 00344 int response_decompression_layer_limit; 00345 }; 00346 00347 #ifdef __cplusplus 00348 } 00349 #endif 00350 00351 #endif /* HTP_CONFIG_PRIVATE H */ 00352