1/*
2 * libwebsockets - small server side websockets and web server implementation
3 *
4 * Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to
8 * deal in the Software without restriction, including without limitation the
9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 * sell copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22 * IN THE SOFTWARE.
23 */
24
25/*! \defgroup pur Sanitize / purify SQL and JSON helpers
26 *
27 * ##Sanitize / purify SQL and JSON helpers
28 *
29 * APIs for escaping untrusted JSON and SQL safely before use
30 */
31//@{
32
33/**
34 * lws_sql_purify() - like strncpy but with escaping for sql quotes
35 *
36 * \param escaped: output buffer
37 * \param string: input buffer ('/0' terminated)
38 * \param len: output buffer max length
39 *
40 * Because escaping expands the output string, it's not
41 * possible to do it in-place, ie, with escaped == string
42 */
43LWS_VISIBLE LWS_EXTERN const char *
44lws_sql_purify(char *escaped, const char *string, size_t len);
45
46/**
47 * lws_sql_purify_len() - return length of purified version of input string
48 *
49 * \param string: input buffer ('/0' terminated)
50 *
51 * Calculates any character escaping without writing it anywhere and returns the
52 * calculated length of the purified string.
53 */
54int
55lws_sql_purify_len(const char *p);
56
57/**
58 * lws_json_purify() - like strncpy but with escaping for json chars
59 *
60 * \param escaped: output buffer
61 * \param string: input buffer ('/0' terminated)
62 * \param len: output buffer max length
63 * \param in_used: number of bytes of string we could escape in len
64 *
65 * Because escaping expands the output string, it's not
66 * possible to do it in-place, ie, with escaped == string
67 */
68LWS_VISIBLE LWS_EXTERN const char *
69lws_json_purify(char *escaped, const char *string, int len, int *in_used);
70
71/**
72 * lws_json_purify_len() - find out the escaped length of a string
73 *
74 * \param string: input buffer ('/0' terminated)
75 *
76 * JSON may have to expand escapes by up to 6x the original depending on what
77 * it is. This doesn't actually do the escaping but goes through the motions
78 * and computes the length of the escaped string.
79 */
80LWS_VISIBLE LWS_EXTERN int
81lws_json_purify_len(const char *string);
82
83/**
84 * lws_filename_purify_inplace() - replace scary filename chars with underscore
85 *
86 * \param filename: filename to be purified
87 *
88 * Replace scary characters in the filename (it should not be a path)
89 * with underscore, so it's safe to use.
90 */
91LWS_VISIBLE LWS_EXTERN void
92lws_filename_purify_inplace(char *filename);
93
94LWS_VISIBLE LWS_EXTERN int
95lws_plat_write_cert(struct lws_vhost *vhost, int is_key, int fd, void *buf,
96 size_t len);
97LWS_VISIBLE LWS_EXTERN int
98lws_plat_write_file(const char *filename, void *buf, size_t len);
99
100LWS_VISIBLE LWS_EXTERN int
101lws_plat_read_file(const char *filename, void *buf, size_t len);
102
103LWS_VISIBLE LWS_EXTERN int
104lws_plat_recommended_rsa_bits(void);
105///@}
106