CGI-IDS
view release on metacpan or search on metacpan
lib/CGI/IDS.pm view on Meta::CPAN
_convert_from_js_charcode
_convert_js_regex_modifiers
_convert_entities
_convert_quotes
_convert_from_sql_hex
_convert_from_sql_keywords
_convert_from_control_chars
_convert_from_nested_base64
_convert_from_out_of_range_chars
_convert_from_xml
_convert_from_js_unicode
_convert_from_utf7
_convert_from_concatenated
_convert_from_proprietary_encodings
_run_centrifuge
/;
#------------------------- Subs ------------------------------------------------
#****m* IDS/new
# NAME
lib/CGI/IDS.pm view on Meta::CPAN
# critical ctrl values
my @search = (
chr(0), chr(1), chr(2), chr(3), chr(4), chr(5),
chr(6), chr(7), chr(8), chr(11), chr(12), chr(14),
chr(15), chr(16), chr(17), chr(18), chr(19), chr(24),
chr(25), chr(192), chr(193), chr(238), chr(255)
);
$value = str_replace(\@search, '%00', $value);
# take care for malicious unicode characters
$value = urldecode(preg_replace(qr/(?:%E(?:2|3)%8(?:0|1)%(?:A|8|9)\w|%EF%BB%BF|%EF%BF%BD)|(?:&#(?:65|8)\d{3};?)/i, '',
urlencode($value)));
$value = urldecode(
preg_replace(qr/(?:%F0%80%BE)/i, '>', urlencode($value)));
$value = urldecode(
preg_replace(qr/(?:%F0%80%BC)/i, '<', urlencode($value)));
$value = urldecode(
preg_replace(qr/(?:%F0%80%A2)/i, '"', urlencode($value)));
$value = urldecode(
lib/CGI/IDS.pm view on Meta::CPAN
my ($value) = @_;
my $converted = strip_tags($value);
if ($converted && ($converted ne $value)) {
return $value . "\n" . $converted;
}
return $value;
}
#****if* IDS/_convert_from_js_unicode
# NAME
# _convert_from_js_unicode
# DESCRIPTION
# Converts JS unicode code points to regular characters
# INPUT
# value the string to convert
# OUTPUT
# value converted string
# SYNOPSIS
# IDS::_convert_from_js_unicode($value);
#****
sub _convert_from_js_unicode {
my ($value) = @_;
my @matches = ();
# \\u instead of PHP's \\\u
# PHP to Perl note: additional parenthesis around RegEx for getting PHP's $matches[0]
preg_match_all(qr/(\\u[0-9a-f]{4})/ims, $value, \@matches);
if ($matches[0]) {
foreach my $match ($matches[0]) {
my $chr = chr(hex(substr($match, 2, 4)));
lib/CGI/IDS.xml view on Meta::CPAN
<description>Detects self-executing JavaScript functions</description>
<tags>
<tag>xss</tag>
<tag>csrf</tag>
</tags>
<impact>5</impact>
</filter>
<filter>
<id>9</id>
<rule><![CDATA[(?:\\u00[a-f0-9]{2})|(?:\\x0*[a-f0-9]{2})|(?:\\\d{2,3})]]></rule>
<description>Detects the IE octal, hex and unicode entities</description>
<tags>
<tag>xss</tag>
<tag>csrf</tag>
</tags>
<impact>2</impact>
</filter>
<filter>
<id>10</id>
<rule><![CDATA[(?:(?:\/|\\)?\.+(\/|\\)(?:\.+)?)|(?:\w+\.exe\??\s)|(?:;\s*\w+\s*\/[\w*-]+\/)|(?:\d\.\dx\|)|(?:%(?:c0\.|af\.|5c\.))|(?:\/(?:%2e){2})]]></rule>
<description>Detects basic directory traversal</description>
lib/CGI/IDS.xml view on Meta::CPAN
<tags>
<tag>dt</tag>
<tag>id</tag>
<tag>lfi</tag>
</tags>
<impact>5</impact>
</filter>
<filter>
<id>13</id>
<rule><![CDATA[(?:%u(?:ff|00|e\d)\w\w)|(?:(?:%(?:e\w|c[^3\W]|))(?:%\w\w)(?:%\w\w)?)]]></rule>
<description>Detects halfwidth/fullwidth encoded unicode HTML breaking attempts</description>
<tags>
<tag>xss</tag>
<tag>csrf</tag>
</tags>
<impact>3</impact>
</filter>
<filter>
<id>14</id>
<rule><![CDATA[(?:#@~\^\w+)|(?:\w+script:|@import[^\w]|;base64|base64,)|(?:\w+\s*\([\w\s]+,[\w\s]+,[\w\s]+,[\w\s]+,[\w\s]+,[\w\s]+\))]]></rule>
<description>Detects possible includes, VBSCript/JScript encodeed and packed functions</description>
( run in 0.338 second using v1.01-cache-2.11-cpan-88abd93f124 )