English

Nick Galbreath · Nick Galbreath · commit 1ebc4fde1829 · 2016-01-31T19:29:29.000-08:00
diff --git a/src/libinjection_html5.c b/src/libinjection_html5.c
@@ -106,9 +106,9 @@ int libinjection_h5_next(h5_state_t* hs)
 static int h5_is_white(char ch)
 {
     /*
-     * \t = htab = 0x09
+     * \t = horizontal tab = 0x09
      * \n = newline = 0x0A
-     * \v = vtab = 0x0B
+     * \v = vertical tab = 0x0B
      * \f = form feed = 0x0C
      * \r = cr  = 0x0D
      */
@@ -458,7 +458,7 @@ static int h5_state_attribute_value_quote(h5_state_t* hs, char qchar)
     TRACE();
 
     /* skip initial quote in normal case.
-     * dont do this is pos == 0 since it means we have started
+     * don't do this "if (pos == 0)" since it means we have started
      * in a non-data state.  given an input of '><foo
      * we want to make 0-length attribute name
      */
diff --git a/src/libinjection_sqli.c b/src/libinjection_sqli.c
@@ -1,5 +1,5 @@
 /**
- * Copyright 2012,2013  Nick Galbreath
+ * Copyright 2012,2016  Nick Galbreath
  * nickg@client9.com
  * BSD License -- see COPYING.txt for details
  *
@@ -187,11 +187,11 @@ static int char_is_white(char ch) {
     /* ' '  space is 0x32
        '\t  0x09 \011 horizontal tab
        '\n' 0x0a \012 new line
-       '\v' 0x0b \013 verical tab
+       '\v' 0x0b \013 vertical tab
        '\f' 0x0c \014 new page
        '\r' 0x0d \015 carriage return
             0x00 \000 null (oracle)
-            0xa0 \240 is latin1
+            0xa0 \240 is Latin-1
     */
     return strchr(" \t\n\v\f\r\240\000", ch) != NULL;
 }
@@ -290,7 +290,7 @@ static void st_clear(stoken_t * st)
 static void st_assign_char(stoken_t * st, const char stype, size_t pos, size_t len,
                            const char value)
 {
-    /* done to elimiate unused warning */
+    /* done to eliminate unused warning */
     (void)len;
     st->type = (char) stype;
     st->pos = pos;
@@ -398,7 +398,7 @@ static size_t parse_eol_comment(struct libinjection_sqli_state * sf)
     }
 }
 
-/** In Ansi mode, hash is an operator
+/** In ANSI mode, hash is an operator
  *  In MYSQL mode, it's a EOL comment like '--'
  */
 static size_t parse_hash(struct libinjection_sqli_state * sf)
@@ -1526,7 +1526,7 @@ int libinjection_sqli_fold(struct libinjection_sqli_state * sf)
             continue;
         } else if ((sf->tokenvec[left].type == TYPE_BAREWORD || sf->tokenvec[left].type == TYPE_VARIABLE) &&
                    sf->tokenvec[left+1].type == TYPE_LEFTPARENS && (
-                       /* TSQL functions but common enough to be collumn names */
+                       /* TSQL functions but common enough to be column names */
                        cstrcasecmp("USER_ID", sf->tokenvec[left].val, sf->tokenvec[left].len) == 0 ||
                        cstrcasecmp("USER_NAME", sf->tokenvec[left].val, sf->tokenvec[left].len) == 0 ||
 
@@ -1549,7 +1549,7 @@ int libinjection_sqli_fold(struct libinjection_sqli_state * sf)
 
             /* pos is the same
              * other conversions need to go here... for instance
-             * password CAN be a function, coalese CAN be a function
+             * password CAN be a function, coalesce CAN be a function
              */
             sf->tokenvec[left].type = TYPE_FUNCTION;
             continue;
@@ -1813,7 +1813,7 @@ int libinjection_sqli_fold(struct libinjection_sqli_state * sf)
              * 1,-sin(1) --> 1 (1)
              * Here, just do
              * 1,-sin(1) --> 1,sin(1)
-             * just remove unary opartor
+             * just remove unary operator
              */
             st_copy(&sf->tokenvec[left+1], &sf->tokenvec[left+2]);
             pos -= 1;
@@ -2016,7 +2016,7 @@ int libinjection_sqli_blacklist(struct libinjection_sqli_state* sql_state)
 }
 
 /*
- * return TRUE if sqli, false is benign
+ * return TRUE if SQLi, false is benign
  */
 int libinjection_sqli_not_whitelist(struct libinjection_sqli_state* sql_state)
 {
@@ -2030,10 +2030,10 @@ int libinjection_sqli_not_whitelist(struct libinjection_sqli_state* sql_state)
 
     if (tlen > 1 && sql_state->fingerprint[tlen-1] == TYPE_COMMENT) {
         /*
-         * if ending comment is contains 'sp_password' then it's sqli!
+         * if ending comment is contains 'sp_password' then it's SQLi!
          * MS Audit log apparently ignores anything with
-         * 'sp_password' in it. Unable to find primary refernece to
-         * this "feature" of SQL Server but seems to be known sqli
+         * 'sp_password' in it. Unable to find primary reference to
+         * this "feature" of SQL Server but seems to be known SQLi
          * technique
          */
         if (my_memmem(sql_state->s, sql_state->slen,
@@ -2052,7 +2052,7 @@ int libinjection_sqli_not_whitelist(struct libinjection_sqli_state* sql_state)
 
         if (sql_state->fingerprint[1] == TYPE_UNION) {
             if (sql_state->stats_tokens == 2) {
-                /* not sure why but 1U comes up in Sqli attack
+                /* not sure why but 1U comes up in SQLi attack
                  * likely part of parameter splitting/etc.
                  * lots of reasons why "1 union" might be normal
                  * input, so beep only if other SQLi things are present
@@ -2077,7 +2077,7 @@ int libinjection_sqli_not_whitelist(struct libinjection_sqli_state* sql_state)
 
         /*
          * for fingerprint like 'nc', only comments of /x are treated
-         * as SQL... ending comments of "--" and "#" are not sqli
+         * as SQL... ending comments of "--" and "#" are not SQLi
          */
         if (sql_state->tokenvec[0].type == TYPE_BAREWORD &&
             sql_state->tokenvec[1].type == TYPE_COMMENT &&
@@ -2087,7 +2087,7 @@ int libinjection_sqli_not_whitelist(struct libinjection_sqli_state* sql_state)
         }
 
         /*
-         * if '1c' ends with '/x' then it's sqli
+         * if '1c' ends with '/x' then it's SQLi
          */
         if (sql_state->tokenvec[0].type == TYPE_NUMBER &&
             sql_state->tokenvec[1].type == TYPE_COMMENT &&
@@ -2110,13 +2110,13 @@ int libinjection_sqli_not_whitelist(struct libinjection_sqli_state* sql_state)
         if (sql_state->tokenvec[0].type == TYPE_NUMBER &&
             sql_state->tokenvec[1].type == TYPE_COMMENT) {
             if (sql_state->stats_tokens > 2) {
-                /* we have some folding going on, highly likely sqli */
+                /* we have some folding going on, highly likely SQLi */
                 sql_state->reason = __LINE__;
                 return TRUE;
             }
             /*
              * we check that next character after the number is either whitespace,
-             * or '/' or a '-' ==> sqli.
+             * or '/' or a '-' ==> SQLi.
              */
             ch = sql_state->s[sql_state->tokenvec[0].len];
             if ( ch <= 32 ) {
@@ -2138,7 +2138,7 @@ int libinjection_sqli_not_whitelist(struct libinjection_sqli_state* sql_state)
         }
 
         /*
-         * detect obvious sqli scans.. many people put '--' in plain text
+         * detect obvious SQLi scans.. many people put '--' in plain text
          * so only detect if input ends with '--', e.g. 1-- but not 1-- foo
          */
         if ((sql_state->tokenvec[1].len > 2)
@@ -2174,7 +2174,7 @@ int libinjection_sqli_not_whitelist(struct libinjection_sqli_state* sql_state)
                 }
 
                 /*
-                 * not sqli
+                 * not SQLi
                  */
                 sql_state->reason = __LINE__;
                 return FALSE;
@@ -2183,8 +2183,8 @@ int libinjection_sqli_not_whitelist(struct libinjection_sqli_state* sql_state)
                    streq(sql_state->fingerprint, "1&1") ||
                    streq(sql_state->fingerprint, "1&v") ||
                    streq(sql_state->fingerprint, "1&s")) {
-            /* 'sexy and 17' not sqli
-             * 'sexy and 17<18'  sqli
+            /* 'sexy and 17' not SQLi
+             * 'sexy and 17<18'  SQLi
              */
             if (sql_state->stats_tokens == 3) {
                 sql_state->reason = __LINE__;
@@ -2240,7 +2240,7 @@ int libinjection_is_sqli(struct libinjection_sqli_state * sql_state)
     size_t slen = sql_state->slen;
 
     /*
-     * no input? not sqli
+     * no input? not SQLi
      */
     if (slen == 0) {
         return FALSE;
diff --git a/src/libinjection_sqli.h b/src/libinjection_sqli.h
@@ -53,7 +53,7 @@ struct libinjection_sqli_token {
 
     /*  count:
      *  in type 'v', used for number of opening '@'
-     *  but maybe unsed in other contexts
+     *  but maybe used in other contexts
      */
     int  count;
 
@@ -118,7 +118,7 @@ struct libinjection_sqli_state {
     /*
      * fingerprint pattern c-string
      * +1 for ending null
-     * Mimimum of 8 bytes to add gcc's -fstack-protector to work
+     * Minimum of 8 bytes to add gcc's -fstack-protector to work
      */
     char fingerprint[8];
 
diff --git a/src/libinjection_xss.c b/src/libinjection_xss.c
@@ -150,7 +150,7 @@ static stringtype_t BLACKATTR[] = {
     , { "DATASRC", TYPE_BLACK }       /* IE */
     , { "DYNSRC", TYPE_ATTR_URL }     /* Obsolete img attribute */
     , { "FILTER", TYPE_STYLE }        /* Opera, SVG inline style */
-    , { "FORMACTION", TYPE_ATTR_URL } /* HTML5 */
+    , { "FORMACTION", TYPE_ATTR_URL } /* HTML 5 */
     , { "FOLDER", TYPE_ATTR_URL }     /* Only on A tags, IE-only */
     , { "FROM", TYPE_ATTR_URL }       /* SVG */
     , { "HANDLER", TYPE_ATTR_URL }    /* SVG Tiny, Opera */
@@ -166,7 +166,7 @@ static stringtype_t BLACKATTR[] = {
 };
 
 /* xmlns */
-/* xml-stylesheet > <eval>, <if expr=> */
+/* `xml-stylesheet` > <eval>, <if expr=> */
 
 /*
   static const char* BLACKATTR[] = {
@@ -240,8 +240,8 @@ static int cstrcasecmp_with_null(const char *a, const char *b, size_t n)
 }
 
 /*
- * Does an HTML encoded  binary string (const char*, lenght) start with
- * a all uppercase c-string (null terminated), case insenstive!
+ * Does an HTML encoded  binary string (const char*, length) start with
+ * a all uppercase c-string (null terminated), case insensitive!
  *
  * also ignore any embedded nulls in the HTML string!
  *
@@ -275,7 +275,7 @@ static int htmlencode_startswith(const char *a, const char *b, size_t n)
         }
 
         if (cb == 10) {
-            /* always ignore vtab characters in user input */
+            /* always ignore vertical tab characters in user input */
             /* who allows this?? */
             continue;
         }
@@ -340,9 +340,9 @@ static attribute_t is_black_attr(const char* s, size_t len)
         return TYPE_NONE;
     }
 
-    /* javascript on.* */
+    /* JavaScript on.* */
     if ((s[0] == 'o' || s[0] == 'O') && (s[1] == 'n' || s[1] == 'N')) {
-        /* printf("Got javascript on- attribute name\n"); */
+        /* printf("Got JavaScript on- attribute name\n"); */
         return TYPE_BLACK;
     }
 
@@ -384,7 +384,7 @@ static int is_black_url(const char* s, size_t len)
         /*
          * HEY: this is a signed character.
          *  We are intentionally skipping high-bit characters too
-         *  since they are not ascii, and Opera sometimes uses UTF8 whitespace.
+         *  since they are not ASCII, and Opera sometimes uses UTF-8 whitespace.
          *
          * Also in EUC-JP some of the high bytes are just ignored.
          */
@@ -433,7 +433,7 @@ int libinjection_is_xss(const char* s, size_t len, int flags)
             /*
              * IE6,7,8 parsing works a bit differently so
              * a whole <script> or other black tag might be hiding
-             * inside an attribute value under HTML5 parsing
+             * inside an attribute value under HTML 5 parsing
              * See http://html5sec.org/#102
              * to avoid doing a full reparse of the value, just
              * look for "<".  This probably need adjusting to
diff --git a/src/reader.c b/src/reader.c
@@ -224,7 +224,7 @@ int main(int argc, const char *argv[])
     int flag_quiet = FALSE;
 
     /*
-     * only print postive results
+     * only print positive results
      * with invert, only print negative results
      */
     int flag_true = FALSE;
diff --git a/src/testdriver.c b/src/testdriver.c
@@ -188,7 +188,7 @@ int read_file(const char* fname, int flags, int testtype)
     g_actual[0] = '\0';
     if (testtype == 0) {
         /*
-         * print sqli tokenization only
+         * print SQLi tokenization only
          */
         libinjection_sqli_init(&sf, copy, slen, flags);
         libinjection_sqli_callback(&sf, NULL, NULL);
@@ -209,7 +209,7 @@ int read_file(const char* fname, int flags, int testtype)
         }
     } else if (testtype == 2) {
         /**
-         * test sqli detection
+         * test SQLi detection
          */
         char buf[100];
         issqli = libinjection_sqli(copy, slen, buf);
@@ -218,7 +218,7 @@ int read_file(const char* fname, int flags, int testtype)
         }
     } else if (testtype == 3) {
         /*
-         * test html5 tokenization only
+         * test HTML 5 tokenization only
          */
 
         h5_state_t hs;
@@ -233,7 +233,7 @@ int read_file(const char* fname, int flags, int testtype)
          */
         sprintf(g_actual, "%d", libinjection_xss(copy, slen));
     } else {
-        fprintf(stderr, "Got stange testtype value of %d\n", testtype);
+        fprintf(stderr, "Got strange testtype value of %d\n", testtype);
         assert(0);
     }
 
