summaryrefslogtreecommitdiffstats
path: root/htp/htp_core.h
diff options
context:
space:
mode:
Diffstat (limited to 'htp/htp_core.h')
-rw-r--r--htp/htp_core.h353
1 files changed, 353 insertions, 0 deletions
diff --git a/htp/htp_core.h b/htp/htp_core.h
new file mode 100644
index 0000000..e4c933e
--- /dev/null
+++ b/htp/htp_core.h
@@ -0,0 +1,353 @@
+/***************************************************************************
+ * Copyright (c) 2009-2010 Open Information Security Foundation
+ * Copyright (c) 2010-2013 Qualys, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+
+ * - Neither the name of the Qualys, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ ***************************************************************************/
+
+/**
+ * @file
+ * @author Ivan Ristic <ivanr@webkreator.com>
+ */
+
+#ifndef HTP_CORE_H
+#define HTP_CORE_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef int htp_status_t;
+
+typedef struct htp_cfg_t htp_cfg_t;
+typedef struct htp_conn_t htp_conn_t;
+typedef struct htp_connp_t htp_connp_t;
+typedef struct htp_file_t htp_file_t;
+typedef struct htp_file_data_t htp_file_data_t;
+typedef struct htp_header_t htp_header_t;
+typedef struct htp_header_line_t htp_header_line_t;
+typedef struct htp_log_t htp_log_t;
+typedef struct htp_param_t htp_param_t;
+typedef struct htp_tx_data_t htp_tx_data_t;
+typedef struct htp_tx_t htp_tx_t;
+typedef struct htp_uri_t htp_uri_t;
+typedef struct timeval htp_time_t;
+
+// Below are all htp_status_t return codes used by LibHTP. Enum is not
+// used here to allow applications to define their own codes.
+
+/**
+ * The lowest htp_status_t value LibHTP will use internally.
+ */
+#define HTP_ERROR_RESERVED -1000
+
+/** General-purpose error code. */
+#define HTP_ERROR -1
+
+/**
+ * No processing or work was done. This is typically used by callbacks
+ * to indicate that they were not interested in doing any work in the
+ * given context.
+ */
+#define HTP_DECLINED 0
+
+/** Returned by a function when its work was successfully completed. */
+#define HTP_OK 1
+
+/**
+ * Returned when processing a connection stream, after consuming all
+ * provided data. The caller should call again with more data.
+ */
+#define HTP_DATA 2
+
+/**
+ * Returned when processing a connection stream, after encountering
+ * a situation where processing needs to continue on the alternate
+ * stream (e.g., the inbound parser needs to observe some outbound
+ * data). The data provided was not completely consumed. On the next
+ * invocation the caller should supply only the data that has not
+ * been processed already. Use htp_connp_req_data_consumed() and
+ * htp_connp_res_data_consumed() to determine how much of the most
+ * recent data chunk was consumed.
+ */
+#define HTP_DATA_OTHER 3
+
+/**
+ * Used by callbacks to indicate that the processing should stop. For example,
+ * returning HTP_STOP from a connection callback indicates that LibHTP should
+ * stop following that particular connection.
+ */
+#define HTP_STOP 4
+
+/**
+ * Same as HTP_DATA, but indicates that any non-consumed part of the
+ * data chunk should be preserved (buffered) for later.
+ */
+#define HTP_DATA_BUFFER 5
+
+/**
+ * The highest htp_status_t value LibHTP will use internally.
+ */
+#define HTP_STATUS_RESERVED 1000
+
+/**
+ * Enumerates the possible values for authentication type.
+ */
+enum htp_auth_type_t {
+ /**
+ * This is the default value that is used before
+ * the presence of authentication is determined (e.g.,
+ * before request headers are seen).
+ */
+ HTP_AUTH_UNKNOWN = 0,
+
+ /** No authentication. */
+ HTP_AUTH_NONE = 1,
+
+ /** HTTP Basic authentication used. */
+ HTP_AUTH_BASIC = 2,
+
+ /** HTTP Digest authentication used. */
+ HTP_AUTH_DIGEST = 3,
+
+ /** HTTP Digest authentication used. */
+ HTP_AUTH_BEARER = 4,
+
+ /** Unrecognized authentication method. */
+ HTP_AUTH_UNRECOGNIZED = 9
+};
+
+enum htp_content_encoding_t {
+ /**
+ * This is the default value, which is used until the presence
+ * of content encoding is determined (e.g., before request headers
+ * are seen.
+ */
+ HTP_COMPRESSION_UNKNOWN = 0,
+
+ /** No compression. */
+ HTP_COMPRESSION_NONE = 1,
+
+ /** Gzip compression. */
+ HTP_COMPRESSION_GZIP = 2,
+
+ /** Deflate compression. */
+ HTP_COMPRESSION_DEFLATE = 3,
+
+ /** LZMA compression. */
+ HTP_COMPRESSION_LZMA = 4
+};
+
+/**
+ * Enumerates the possible request and response body codings.
+ */
+enum htp_transfer_coding_t {
+ /** Body coding not determined yet. */
+ HTP_CODING_UNKNOWN = 0,
+
+ /** No body. */
+ HTP_CODING_NO_BODY = 1,
+
+ /** Identity coding is used, which means that the body was sent as is. */
+ HTP_CODING_IDENTITY = 2,
+
+ /** Chunked encoding. */
+ HTP_CODING_CHUNKED = 3,
+
+ /** We could not recognize the encoding. */
+ HTP_CODING_INVALID = 4
+};
+
+enum htp_file_source_t {
+
+ HTP_FILE_MULTIPART = 1,
+
+ HTP_FILE_PUT = 2
+};
+
+// Various flag bits. Even though we have a flag field in several places
+// (header, transaction, connection), these fields are all in the same namespace
+// because we may want to set the same flag in several locations. For example, we
+// may set HTP_FIELD_FOLDED on the actual folded header, but also on the transaction
+// that contains the header. Both uses are useful.
+
+// Connection flags are 8 bits wide.
+#define HTP_CONN_PIPELINED 0x000000001ULL
+#define HTP_CONN_HTTP_0_9_EXTRA 0x000000002ULL
+
+// All other flags are 64 bits wide.
+#define HTP_FIELD_UNPARSEABLE 0x000000004ULL
+#define HTP_FIELD_INVALID 0x000000008ULL
+#define HTP_FIELD_FOLDED 0x000000010ULL
+#define HTP_FIELD_REPEATED 0x000000020ULL
+#define HTP_FIELD_LONG 0x000000040ULL
+#define HTP_FIELD_RAW_NUL 0x000000080ULL
+#define HTP_REQUEST_SMUGGLING 0x000000100ULL
+#define HTP_INVALID_FOLDING 0x000000200ULL
+#define HTP_REQUEST_INVALID_T_E 0x000000400ULL
+#define HTP_MULTI_PACKET_HEAD 0x000000800ULL
+#define HTP_HOST_MISSING 0x000001000ULL
+#define HTP_HOST_AMBIGUOUS 0x000002000ULL
+#define HTP_PATH_ENCODED_NUL 0x000004000ULL
+#define HTP_PATH_RAW_NUL 0x000008000ULL
+#define HTP_PATH_INVALID_ENCODING 0x000010000ULL
+#define HTP_PATH_INVALID 0x000020000ULL
+#define HTP_PATH_OVERLONG_U 0x000040000ULL
+#define HTP_PATH_ENCODED_SEPARATOR 0x000080000ULL
+#define HTP_PATH_UTF8_VALID 0x000100000ULL /* At least one valid UTF-8 character and no invalid ones. */
+#define HTP_PATH_UTF8_INVALID 0x000200000ULL
+#define HTP_PATH_UTF8_OVERLONG 0x000400000ULL
+#define HTP_PATH_HALF_FULL_RANGE 0x000800000ULL /* Range U+FF00 - U+FFEF detected. */
+#define HTP_STATUS_LINE_INVALID 0x001000000ULL
+#define HTP_HOSTU_INVALID 0x002000000ULL /* Host in the URI. */
+#define HTP_HOSTH_INVALID 0x004000000ULL /* Host in the Host header. */
+#define HTP_URLEN_ENCODED_NUL 0x008000000ULL
+#define HTP_URLEN_INVALID_ENCODING 0x010000000ULL
+#define HTP_URLEN_OVERLONG_U 0x020000000ULL
+#define HTP_URLEN_HALF_FULL_RANGE 0x040000000ULL /* Range U+FF00 - U+FFEF detected. */
+#define HTP_URLEN_RAW_NUL 0x080000000ULL
+#define HTP_REQUEST_INVALID 0x100000000ULL
+#define HTP_REQUEST_INVALID_C_L 0x200000000ULL
+#define HTP_AUTH_INVALID 0x400000000ULL
+
+#define HTP_MAX_HEADERS_REPETITIONS 64
+
+#define HTP_HOST_INVALID ( HTP_HOSTU_INVALID | HTP_HOSTH_INVALID )
+
+// Logging-related constants.
+#define HTP_LOG_MARK __FILE__,__LINE__
+
+/**
+ * Enumerates all log levels.
+ */
+enum htp_log_level_t {
+ HTP_LOG_NONE = 0,
+ HTP_LOG_ERROR = 1,
+ HTP_LOG_WARNING = 2,
+ HTP_LOG_NOTICE = 3,
+ HTP_LOG_INFO = 4,
+ HTP_LOG_DEBUG = 5,
+ HTP_LOG_DEBUG2 = 6
+};
+
+/**
+ * HTTP methods.
+ */
+enum htp_method_t {
+ /**
+ * Used by default, until the method is determined (e.g., before
+ * the request line is processed.
+ */
+ HTP_M_UNKNOWN = 0,
+ HTP_M_HEAD = 1,
+ HTP_M_GET = 2,
+ HTP_M_PUT = 3,
+ HTP_M_POST = 4,
+ HTP_M_DELETE = 5,
+ HTP_M_CONNECT = 6,
+ HTP_M_OPTIONS = 7,
+ HTP_M_TRACE = 8,
+ HTP_M_PATCH = 9,
+ HTP_M_PROPFIND = 10,
+ HTP_M_PROPPATCH = 11,
+ HTP_M_MKCOL = 12,
+ HTP_M_COPY = 13,
+ HTP_M_MOVE = 14,
+ HTP_M_LOCK = 15,
+ HTP_M_UNLOCK = 16,
+ HTP_M_VERSION_CONTROL = 17,
+ HTP_M_CHECKOUT = 18,
+ HTP_M_UNCHECKOUT = 19,
+ HTP_M_CHECKIN = 20,
+ HTP_M_UPDATE = 21,
+ HTP_M_LABEL = 22,
+ HTP_M_REPORT = 23,
+ HTP_M_MKWORKSPACE = 24,
+ HTP_M_MKACTIVITY = 25,
+ HTP_M_BASELINE_CONTROL = 26,
+ HTP_M_MERGE = 27,
+ HTP_M_INVALID = 28
+};
+
+// A collection of unique parser IDs.
+enum htp_parser_id_t {
+ /** application/x-www-form-urlencoded parser. */
+ HTP_PARSER_URLENCODED = 0,
+
+ /** multipart/form-data parser. */
+ HTP_PARSER_MULTIPART = 1
+};
+
+// Protocol version constants; an enum cannot be
+// used here because we allow any properly-formatted protocol
+// version (e.g., 1.3), even those that do not actually exist.
+#define HTP_PROTOCOL_INVALID -2
+#define HTP_PROTOCOL_UNKNOWN -1
+#define HTP_PROTOCOL_0_9 9
+#define HTP_PROTOCOL_1_0 100
+#define HTP_PROTOCOL_1_1 101
+
+// A collection of possible data sources.
+enum htp_data_source_t {
+ /** Embedded in the URL. */
+ HTP_SOURCE_URL = 0,
+
+ /** Transported in the query string. */
+ HTP_SOURCE_QUERY_STRING = 1,
+
+ /** Cookies. */
+ HTP_SOURCE_COOKIE = 2,
+
+ /** Transported in the request body. */
+ HTP_SOURCE_BODY = 3
+};
+
+#define HTP_STATUS_INVALID -1
+#define HTP_STATUS_UNKNOWN 0
+
+/**
+ * Enumerates all stream states. Each connection has two streams, one
+ * inbound and one outbound. Their states are tracked separately.
+ */
+enum htp_stream_state_t {
+ HTP_STREAM_NEW = 0,
+ HTP_STREAM_OPEN = 1,
+ HTP_STREAM_CLOSED = 2,
+ HTP_STREAM_ERROR = 3,
+ HTP_STREAM_TUNNEL = 4,
+ HTP_STREAM_DATA_OTHER = 5,
+ HTP_STREAM_STOP = 6,
+ HTP_STREAM_DATA = 9
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HTP_CORE_H */