Sql-injection safe functions: Difference between revisions
No edit summary |
No edit summary |
||
(11 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
This is a reference for the safe functions to use against sql-injection. | |||
(Click [[Sql_injection_protection|here]] to go to the Sql-injection Protection introduction.) | |||
For simple straight-forward sql strings, used frequently. | |||
int sqlSafef(char* buffer, int bufSize, char *format, ...); | int sqlSafef(char* buffer, int bufSize, char *format, ...); | ||
/* Format string to buffer, vsprintf style, only with buffer overflow | /* Format string to buffer, vsprintf style, only with buffer overflow | ||
Line 10: | Line 12: | ||
* NOSLQINJ tag is added to beginning. */ | * NOSLQINJ tag is added to beginning. */ | ||
For more complex sql constructed conditionally using dyString. | |||
void sqlDyStringPrintf(struct dyString *ds, char *format, ...); | void sqlDyStringPrintf(struct dyString *ds, char *format, ...); | ||
/* Printf to end of dyString after scanning string parameters for illegal sql chars. | /* Printf to end of dyString after scanning string parameters for illegal sql chars. | ||
* Strings inside quotes are automatically escaped. | |||
* NOSLQINJ tag is added to beginning if it is a new empty string. */ | |||
void sqlDyStringAppend(struct dyString *ds, char *string); | void sqlDyStringAppend(struct dyString *ds, char *string); | ||
/* Append zero terminated string to end of dyString. | /* Append zero terminated string to end of dyString. | ||
* Adds the NOSQLINJ prefix if dy string is empty. */ | |||
To create a SQL clause and pass it to a subroutine, | |||
create the clause with the usual SQL safe functions, | |||
and then pass the safe string to a subroutine | |||
* | where it can be included with %-s (unquoted at the SQL source level). | ||
e.g. | |||
* | sqlStringPrintf(dy, "select * from someTable where %-s", passedInSqlClause); | ||
Minor helper function that was easy to add, | |||
it just obviates the need for declaring your initial dy size. | |||
This function is used around 20 times, mostly in just one source file. | |||
struct dyString *sqlDyStringCreate(char *format, ...); | |||
/* Create a dyString with a printf style initial content | |||
* Adds the NOSQLINJ prefix. */ | |||
void | Standard error handling used by the functions for dealing with | ||
/* | errors related to checking and escaping sql input. | ||
void sqlCheckError(char *format, ...); | |||
/* A sql injection error has occurred. Check for settings and respond | |||
* as appropriate with error, warning, logOnly, ignore, dumpstack. | |||
* Then abort if needed. NOTE: unless it aborts, this function will return! */ | |||
Used in the cart, handy for escaping very large strings a little more efficiently. | |||
void sqlDyAppendEscaped(struct dyString *dy, char *s); | |||
/* Append to dy an escaped s */ | |||
Used by sql safe functions for unquoted strings which are treated as identifiers. | |||
#define sqlCkId sqlCheckIdentifier | |||
char *sqlCheckIdentifier(char *identifier); | |||
/* Check that only valid identifier characters are used */ | |||
/* | |||
Only used rarely. | |||
/* | #define sqlCkIl sqlCheckIdentifiersList | ||
char *sqlCheckIdentifiersList(char *identifiers); | |||
/* Check that only valid identifier characters are used in a comma-separated list */ | |||
=== varArgs versions of functions, included just for completeness === | |||
=== varArgs versions of functions, | |||
VarArgs versions that can be used to create | VarArgs versions that can be used to create | ||
Line 80: | Line 69: | ||
being safe from sql injection and get input strings escaped. | being safe from sql injection and get input strings escaped. | ||
int vaSqlSafefNoAbort(char* buffer, int bufSize, boolean newString, char *format, va_list args); | int vaSqlSafefNoAbort(char* buffer, int bufSize, boolean newString, char *format, va_list args); | ||
/* VarArgs Format string to buffer, vsprintf style, only with buffer overflow | /* VarArgs Format string to buffer, vsprintf style, only with buffer overflow | ||
* checking. The resulting string is always terminated with zero byte. | |||
* Scans string parameters for illegal sql chars. | |||
* Automatically escapes quoted string values. | |||
* This function should be efficient on statements with many strings to be escaped. */ | |||
int vaSqlSafef(char* buffer, int bufSize, char *format, va_list args); | int vaSqlSafef(char* buffer, int bufSize, char *format, va_list args); | ||
/* VarArgs Format string to buffer, vsprintf style, only with buffer overflow | |||
* checking. The resulting string is always terminated with zero byte. | |||
* Scans unquoted string parameters for illegal literal sql chars. | |||
* Escapes quoted string parameters. | |||
* NOSLQINJ tag is added to beginning. */ | |||
void vaSqlDyStringPrintf(struct dyString *ds, char *format, va_list args); | |||
/* VarArgs Format string to buffer, vsprintf style, only with buffer overflow | /* Printf to end of dyString after scanning string parameters for illegal sql chars. | ||
* Strings inside quotes are automatically escaped. | |||
* NOSLQINJ tag is added to beginning if it is a new empty string. */ | |||
void vaSqlDyStringPrintf(struct dyString *ds, char *format, va_list args); | |||
/* Printf to end of dyString after scanning string parameters for illegal sql chars. | |||
Latest revision as of 19:51, 28 April 2022
This is a reference for the safe functions to use against sql-injection.
(Click here to go to the Sql-injection Protection introduction.)
For simple straight-forward sql strings, used frequently.
int sqlSafef(char* buffer, int bufSize, char *format, ...); /* Format string to buffer, vsprintf style, only with buffer overflow * checking. The resulting string is always terminated with zero byte. * Scans unquoted string parameters for illegal literal sql chars. * Escapes quoted string parameters. * NOSLQINJ tag is added to beginning. */
For more complex sql constructed conditionally using dyString.
void sqlDyStringPrintf(struct dyString *ds, char *format, ...); /* Printf to end of dyString after scanning string parameters for illegal sql chars. * Strings inside quotes are automatically escaped. * NOSLQINJ tag is added to beginning if it is a new empty string. */ void sqlDyStringAppend(struct dyString *ds, char *string); /* Append zero terminated string to end of dyString. * Adds the NOSQLINJ prefix if dy string is empty. */
To create a SQL clause and pass it to a subroutine,
create the clause with the usual SQL safe functions,
and then pass the safe string to a subroutine
where it can be included with %-s (unquoted at the SQL source level).
e.g.
sqlStringPrintf(dy, "select * from someTable where %-s", passedInSqlClause);
Minor helper function that was easy to add, it just obviates the need for declaring your initial dy size. This function is used around 20 times, mostly in just one source file.
struct dyString *sqlDyStringCreate(char *format, ...); /* Create a dyString with a printf style initial content * Adds the NOSQLINJ prefix. */
Standard error handling used by the functions for dealing with errors related to checking and escaping sql input.
void sqlCheckError(char *format, ...); /* A sql injection error has occurred. Check for settings and respond * as appropriate with error, warning, logOnly, ignore, dumpstack. * Then abort if needed. NOTE: unless it aborts, this function will return! */
Used in the cart, handy for escaping very large strings a little more efficiently.
void sqlDyAppendEscaped(struct dyString *dy, char *s); /* Append to dy an escaped s */
Used by sql safe functions for unquoted strings which are treated as identifiers.
#define sqlCkId sqlCheckIdentifier char *sqlCheckIdentifier(char *identifier); /* Check that only valid identifier characters are used */
Only used rarely.
#define sqlCkIl sqlCheckIdentifiersList char *sqlCheckIdentifiersList(char *identifiers); /* Check that only valid identifier characters are used in a comma-separated list */
varArgs versions of functions, included just for completeness
VarArgs versions that can be used to create your own customized var-args functions that will then automatically enjoy the benefits of being safe from sql injection and get input strings escaped.
int vaSqlSafefNoAbort(char* buffer, int bufSize, boolean newString, char *format, va_list args); /* VarArgs Format string to buffer, vsprintf style, only with buffer overflow * checking. The resulting string is always terminated with zero byte. * Scans string parameters for illegal sql chars. * Automatically escapes quoted string values. * This function should be efficient on statements with many strings to be escaped. */ int vaSqlSafef(char* buffer, int bufSize, char *format, va_list args); /* VarArgs Format string to buffer, vsprintf style, only with buffer overflow * checking. The resulting string is always terminated with zero byte. * Scans unquoted string parameters for illegal literal sql chars. * Escapes quoted string parameters. * NOSLQINJ tag is added to beginning. */ void vaSqlDyStringPrintf(struct dyString *ds, char *format, va_list args); /* Printf to end of dyString after scanning string parameters for illegal sql chars. * Strings inside quotes are automatically escaped. * NOSLQINJ tag is added to beginning if it is a new empty string. */