Sql-injection safe functions: Difference between revisions

From genomewiki
Jump to navigationJump to search
No edit summary
No edit summary
Line 1: Line 1:
This is a reference for the safe functions to use against sql-injection.
This is a reference for the safe functions to use against sql-injection.


(Handle simple straight-forward sql strings, used frequently)
Handle simple straight-forward sql strings, used frequently
  int sqlSafef(char* buffer, int bufSize, char *format, ...);
  int sqlSafef(char* buffer, int bufSize, char *format, ...);
  /* Format string to buffer, vsprintf style, only with buffer overflow
  /* Format string to buffer, vsprintf style, only with buffer overflow
Line 10: Line 9:
   * NOSLQINJ tag is added to beginning. */
   * NOSLQINJ tag is added to beginning. */


(Handle more complex sql constructed conditionally)
Handle more complex sql constructed conditionally
void sqlDyStringPrintf(struct dyString *ds, char *format, ...);
void sqlDyStringPrintf(struct dyString *ds, char *format, ...);
/* Printf to end of dyString after scanning string parameters for illegal sql chars.
/* Printf to end of dyString after scanning string parameters for illegal sql chars.
* Strings inside quotes are automatically escaped.
  * Strings inside quotes are automatically escaped.
* NOSLQINJ tag is added to beginning if it is a new empty string. */
  * NOSLQINJ tag is added to beginning if it is a new empty string. */
void sqlDyStringAppend(struct dyString *ds, char *string);
/* Append zero terminated string to end of dyString.
  * Adds the NOSQLINJ prefix if dy string is empty. */


void sqlDyStringAppend(struct dyString *ds, char *string);
/* Append zero terminated string to end of dyString.
* Adds the NOSQLINJ prefix if dy string is empty. */




 
Frag functions for assembling fragments of sql or sql clauses  
(Frag functions for assembling fragments of sql or sql clauses  
without the NOSQLINJ tag.  These sql fragments may get passed  
without the NOSQLINJ tag.  These sql fragments may get passed  
to other functions.)
to other functions.
 
int sqlSafefFrag(char* buffer, int bufSize, char *format, ...);
/* Format string to buffer, vsprintf style, only with buffer overflow
* checking.  The resulting string is always terminated with zero byte.
* Scans unquoted string parameters for illegal literal sql chars.
* Escapes quoted string parameters.
* NOSLQINJ tag is NOT added to beginning since it is assumed to be just a fragment of
* the entire sql string. */
 
void sqlDyStringPrintfFrag(struct dyString *ds, char *format, ...);
/* Printf to end of dyString after scanning string parameters for illegal sql chars.
* Strings inside quotes are automatically escaped.
* NOSLQINJ tag is NOT added to beginning since it is assumed to be just a fragment of
* the entire sql string. */
 


int sqlSafefFrag(char* buffer, int bufSize, char *format, ...);
/* Format string to buffer, vsprintf style, only with buffer overflow
  * checking.  The resulting string is always terminated with zero byte.
  * Scans unquoted string parameters for illegal literal sql chars.
  * Escapes quoted string parameters.
  * NOSLQINJ tag is NOT added to beginning since it is assumed to be just a fragment of
  * the entire sql string. */
void sqlDyStringPrintfFrag(struct dyString *ds, char *format, ...);
/* Printf to end of dyString after scanning string parameters for illegal sql chars.
  * Strings inside quotes are automatically escaped.
  * NOSLQINJ tag is NOT added to beginning since it is assumed to be just a fragment of
  * the entire sql string. */
Minor helper function that was easy to add,
just obviates the need for declaring your initial dy size.
This function is used around 20 times mostly in one source file.
struct dyString *sqlDyStringCreate(char *format, ...);
/* Create a dyString with a printf style initial content
  * Adds the NOSQLINJ prefix. */


(Minor helper function that was easy to add,
Standard error handling used by the functions for dealing with
just obviates the need for declaring your initial dy size.
errors related to checking and escaping sql input.
This function is used around 20 times mostly in one source file.)
void sqlCheckError(char *format, ...);
struct dyString *sqlDyStringCreate(char *format, ...);
/* A sql injection error has occurred. Check for settings and respond
/* Create a dyString with a printf style initial content
  * as appropriate with error, warning, logOnly, ignore, dumpstack.
* Adds the NOSQLINJ prefix. */
  * Then abort if needed. NOTE: unless it aborts, this function will return! */


(Standard error handling used by the functions for dealing with
Used in the cart, handy for handling escaping of very large strings.
errors related to checking and escaping sql input)
void sqlDyAppendEscaped(struct dyString *dy, char *s);
void sqlCheckError(char *format, ...);
/* Append to dy an escaped s */
/* A sql injection error has occurred. Check for settings and respond
* as appropriate with error, warning, logOnly, ignore, dumpstack.
* Then abort if needed. NOTE: unless it aborts, this function will return! */


void sqlDyAppendEscaped(struct dyString *dy, char *s);
/* Append to dy an escaped s */
(used in the cart, handy for handling escaping very large strings).


(Used by sql safe functions for unquoted strings which are treated as identifiers)
Used by sql safe functions for unquoted strings which are treated as identifiers.
#define sqlCkId sqlCheckIdentifier
#define sqlCkId sqlCheckIdentifier
char *sqlCheckIdentifier(char *identifier);
char *sqlCheckIdentifier(char *identifier);
/* Check that only valid identifier characters are used */
/* Check that only valid identifier characters are used */




(Only used rarely)
Only used rarely.
#define sqlCkIl sqlCheckIdentifiersList
#define sqlCkIl sqlCheckIdentifiersList
char *sqlCheckIdentifiersList(char *identifiers);
char *sqlCheckIdentifiersList(char *identifiers);
/* Check that only valid identifier characters are used in a comma-separated list */
/* Check that only valid identifier characters are used in a comma-separated list */




Line 80: Line 78:
being safe from sql injection and get input strings escaped.
being safe from sql injection and get input strings escaped.


int vaSqlSafefNoAbort(char* buffer, int bufSize, boolean newString, char *format, va_list args);
int vaSqlSafefNoAbort(char* buffer, int bufSize, boolean newString, char *format, va_list args);
/* VarArgs Format string to buffer, vsprintf style, only with buffer overflow
/* VarArgs Format string to buffer, vsprintf style, only with buffer overflow
* checking.  The resulting string is always terminated with zero byte.
  * checking.  The resulting string is always terminated with zero byte.
* Scans string parameters for illegal sql chars.
  * Scans string parameters for illegal sql chars.
* Automatically escapes quoted string values.
  * Automatically escapes quoted string values.
* This function should be efficient on statements with many strings to be escaped. */
  * This function should be efficient on statements with many strings to be escaped. */
 
int vaSqlSafef(char* buffer, int bufSize, char *format, va_list args);
int vaSqlSafef(char* buffer, int bufSize, char *format, va_list args);
/* VarArgs Format string to buffer, vsprintf style, only with buffer overflow
/* VarArgs Format string to buffer, vsprintf style, only with buffer overflow
* checking.  The resulting string is always terminated with zero byte.
  * checking.  The resulting string is always terminated with zero byte.
* Scans unquoted string parameters for illegal literal sql chars.
  * Scans unquoted string parameters for illegal literal sql chars.
* Escapes quoted string parameters.
  * Escapes quoted string parameters.
* NOSLQINJ tag is added to beginning. */
  * NOSLQINJ tag is added to beginning. */
 
int vaSqlSafefFrag(char* buffer, int bufSize, char *format, va_list args);
int vaSqlSafefFrag(char* buffer, int bufSize, char *format, va_list args);
/* VarArgs Format string to buffer, vsprintf style, only with buffer overflow
/* VarArgs Format string to buffer, vsprintf style, only with buffer overflow
* checking.  The resulting string is always terminated with zero byte.
  * checking.  The resulting string is always terminated with zero byte.
* Scans unquoted string parameters for illegal literal sql chars.
  * Scans unquoted string parameters for illegal literal sql chars.
* Escapes quoted string parameters.
  * Escapes quoted string parameters.
* NOSLQINJ tag is NOT added to beginning since it is assumed to be just a fragment of
  * NOSLQINJ tag is NOT added to beginning since it is assumed to be just a fragment of
* the entire sql string. */
  * the entire sql string. */
 
void vaSqlDyStringPrintfExt(struct dyString *ds, boolean isFrag, char *format, va_list args);
void vaSqlDyStringPrintfExt(struct dyString *ds, boolean isFrag, char *format, va_list args);
/* VarArgs Printf to end of dyString after scanning string parameters for illegal sql chars.
/* VarArgs Printf to end of dyString after scanning string parameters for illegal sql chars.
* Strings inside quotes are automatically escaped.
  * Strings inside quotes are automatically escaped.
* NOSLQINJ tag is added to beginning if it is a new empty string and isFrag is FALSE. */
  * NOSLQINJ tag is added to beginning if it is a new empty string and isFrag is FALSE. */
 
void vaSqlDyStringPrintf(struct dyString *ds, char *format, va_list args);
void vaSqlDyStringPrintf(struct dyString *ds, char *format, va_list args);
/* Printf to end of dyString after scanning string parameters for illegal sql chars.
/* Printf to end of dyString after scanning string parameters for illegal sql chars.
* Strings inside quotes are automatically escaped.
  * Strings inside quotes are automatically escaped.
* NOSLQINJ tag is added to beginning if it is a new empty string. */
  * NOSLQINJ tag is added to beginning if it is a new empty string. */
 
void vaSqlDyStringPrintfFrag(struct dyString *ds, char *format, va_list args);
void vaSqlDyStringPrintfFrag(struct dyString *ds, char *format, va_list args);
/* VarArgs Printf to end of dyString after scanning string parameters for illegal sql chars.
/* VarArgs Printf to end of dyString after scanning string parameters for illegal sql chars.
* Strings inside quotes are automatically escaped.
  * Strings inside quotes are automatically escaped.
* NOSLQINJ tag is NOT added to beginning since it is assumed to be just a fragment of
  * NOSLQINJ tag is NOT added to beginning since it is assumed to be just a fragment of
* the entire sql string. */
  * the entire sql string. */

Revision as of 07:32, 17 July 2013

This is a reference for the safe functions to use against sql-injection.

Handle simple straight-forward sql strings, used frequently

int sqlSafef(char* buffer, int bufSize, char *format, ...);
/* Format string to buffer, vsprintf style, only with buffer overflow
 * checking.  The resulting string is always terminated with zero byte.
 * Scans unquoted string parameters for illegal literal sql chars.
 * Escapes quoted string parameters.
 * NOSLQINJ tag is added to beginning. */

Handle more complex sql constructed conditionally

void sqlDyStringPrintf(struct dyString *ds, char *format, ...);
/* Printf to end of dyString after scanning string parameters for illegal sql chars.
 * Strings inside quotes are automatically escaped.
 * NOSLQINJ tag is added to beginning if it is a new empty string. */

void sqlDyStringAppend(struct dyString *ds, char *string);
/* Append zero terminated string to end of dyString.
 * Adds the NOSQLINJ prefix if dy string is empty. */


Frag functions for assembling fragments of sql or sql clauses without the NOSQLINJ tag. These sql fragments may get passed to other functions.

int sqlSafefFrag(char* buffer, int bufSize, char *format, ...);
/* Format string to buffer, vsprintf style, only with buffer overflow
 * checking.  The resulting string is always terminated with zero byte.
 * Scans unquoted string parameters for illegal literal sql chars.
 * Escapes quoted string parameters.
 * NOSLQINJ tag is NOT added to beginning since it is assumed to be just a fragment of
 * the entire sql string. */

void sqlDyStringPrintfFrag(struct dyString *ds, char *format, ...);
/* Printf to end of dyString after scanning string parameters for illegal sql chars.
 * Strings inside quotes are automatically escaped.
 * NOSLQINJ tag is NOT added to beginning since it is assumed to be just a fragment of
 * the entire sql string. */

Minor helper function that was easy to add, just obviates the need for declaring your initial dy size. This function is used around 20 times mostly in one source file.

struct dyString *sqlDyStringCreate(char *format, ...);
/* Create a dyString with a printf style initial content
 * Adds the NOSQLINJ prefix. */

Standard error handling used by the functions for dealing with errors related to checking and escaping sql input.

void sqlCheckError(char *format, ...);
/* A sql injection error has occurred. Check for settings and respond
 * as appropriate with error, warning, logOnly, ignore, dumpstack.
 * Then abort if needed. NOTE: unless it aborts, this function will return! */

Used in the cart, handy for handling escaping of very large strings.

void sqlDyAppendEscaped(struct dyString *dy, char *s);
/* Append to dy an escaped s */


Used by sql safe functions for unquoted strings which are treated as identifiers.

#define sqlCkId sqlCheckIdentifier
char *sqlCheckIdentifier(char *identifier);
/* Check that only valid identifier characters are used */


Only used rarely.

#define sqlCkIl sqlCheckIdentifiersList
char *sqlCheckIdentifiersList(char *identifiers);
/* Check that only valid identifier characters are used in a comma-separated list */


varArgs versions of functions, mostly just for reference

VarArgs versions that can be used to create your own customized var-args functions that will then automatically enjoy the benefits of being safe from sql injection and get input strings escaped.

int vaSqlSafefNoAbort(char* buffer, int bufSize, boolean newString, char *format, va_list args);
/* VarArgs Format string to buffer, vsprintf style, only with buffer overflow
 * checking.  The resulting string is always terminated with zero byte.
 * Scans string parameters for illegal sql chars.
 * Automatically escapes quoted string values.
 * This function should be efficient on statements with many strings to be escaped. */

int vaSqlSafef(char* buffer, int bufSize, char *format, va_list args);
/* VarArgs Format string to buffer, vsprintf style, only with buffer overflow
 * checking.  The resulting string is always terminated with zero byte.
 * Scans unquoted string parameters for illegal literal sql chars.
 * Escapes quoted string parameters.
 * NOSLQINJ tag is added to beginning. */

int vaSqlSafefFrag(char* buffer, int bufSize, char *format, va_list args);
/* VarArgs Format string to buffer, vsprintf style, only with buffer overflow
 * checking.  The resulting string is always terminated with zero byte.
 * Scans unquoted string parameters for illegal literal sql chars.
 * Escapes quoted string parameters.
 * NOSLQINJ tag is NOT added to beginning since it is assumed to be just a fragment of
 * the entire sql string. */

void vaSqlDyStringPrintfExt(struct dyString *ds, boolean isFrag, char *format, va_list args);
/* VarArgs Printf to end of dyString after scanning string parameters for illegal sql chars.
 * Strings inside quotes are automatically escaped.
 * NOSLQINJ tag is added to beginning if it is a new empty string and isFrag is FALSE. */

void vaSqlDyStringPrintf(struct dyString *ds, char *format, va_list args);
/* Printf to end of dyString after scanning string parameters for illegal sql chars.
 * Strings inside quotes are automatically escaped.
 * NOSLQINJ tag is added to beginning if it is a new empty string. */

void vaSqlDyStringPrintfFrag(struct dyString *ds, char *format, va_list args);
/* VarArgs Printf to end of dyString after scanning string parameters for illegal sql chars.
 * Strings inside quotes are automatically escaped.
 * NOSLQINJ tag is NOT added to beginning since it is assumed to be just a fragment of
 * the entire sql string. */