44ccfacbe3a3d4b300f80d48651c77837a4b571e
galt
  Tue Apr 26 11:12:02 2022 -0700
SQL INJECTION Prevention Version 2 - this improves our methods by making subclauses of SQL that get passed around be both easy and correct to use. The way that was achieved was by getting rid of the obscure and not well used functions sqlSafefFrag and sqlDyStringPrintfFrag and replacing them with the plain versions of those functions, since these are not needed anymore. The new version checks for NOSQLINJ in unquoted %-s which is used to include SQL clauses, and will give an error the NOSQLINJ clause is not present, and this will automatically require the correct behavior by developers. sqlDyStringPrint is a very useful function, however because it was not enforced, users could use various other dyString functions and they operated without any awareness or checking for SQL correct use. Now those dyString functions are prohibited and it will produce an error if you try to use a dyString function on a SQL string, which is simply detected by the presence of the NOSQLINJ prefix.

diff --git src/lib/xp.c src/lib/xp.c
index 87e67fa..82afacd 100644
--- src/lib/xp.c
+++ src/lib/xp.c
@@ -38,71 +38,71 @@
    void (*atStartTag)(void *userData, char *name, char **atts),
    void (*atEndTag)(void *userData, char *name, char *text),
    int (*read)(void *userData, char *buf, int bufSize),
    char *fileName)
 /* Form a new xp parser.  File name may be NULL - just used for
  * error reporting. */
 {
 struct xp *xp;
 AllocVar(xp);
 xp->stack = xp->stackBufEnd = xp->stackBuf + ArraySize(xp->stackBuf);
 xp->userData = userData;
 xp->atStartTag = atStartTag;
 xp->atEndTag = atEndTag;
 xp->read = read;
 xp->lineIx = 1;
-xp->endTag = newDyString(64);
+xp->endTag = dyStringNew(64);
 if (fileName)
     xp->fileName = cloneString(fileName);
 else
     xp->fileName = cloneString("XML");
 xp->inBufEnd = xp->in = xp->inBuf;		
 xp->symHash = xmlEscapeSymHash();
 return xp;
 }
 
 int xpReadFromFile(void *userData, char *buf, int bufSize)
 /* Read some text assuming a file was passed in as user data. */
 {
 FILE *f = userData;
 return fread(buf, 1, bufSize, f);
 }
 
 
 
 void xpFree(struct xp **pXp)
 /* Free up an xp parser. */
 {
 int i;
 struct xp *xp = *pXp;
 if (xp != NULL)
     {
     struct xpStack *stack;
     for (stack = xp->stackBufEnd; --stack >= xp->stackBuf; )
         {
 	if (stack->tag == NULL)
 	    break;
-	freeDyString(&stack->tag);
-	freeDyString(&stack->text);
+	dyStringFree(&stack->tag);
+	dyStringFree(&stack->text);
 	}
     for (i=0; i<ArraySize(xp->attDyBuf); ++i)
         {
 	if (xp->attDyBuf[i] == NULL)
 	    break;
-	freeDyString(&xp->attDyBuf[i]);
+	dyStringFree(&xp->attDyBuf[i]);
 	}
-    freeDyString(&xp->endTag);
+    dyStringFree(&xp->endTag);
     freeMem(xp->fileName);
     hashFree(&xp->symHash);
     freez(pXp);
     }
 }
 
 int xpLineIx(struct xp *xp)
 /* Return current line number. */
 {
 return xp->lineIx;
 }
 
 char *xpFileName(struct xp *xp)
 /* Return current file name. */
 {
@@ -275,31 +275,31 @@
 		{
 		if (c == '\n')
 		    ++xp->lineIx;
 		}
 	    else
 		break;
 	    }
 	if (c == '>' || c == '/')
 	    break;
 
 	/* Allocate space in attribute table. */
 	if (attCount >= maxAttCount - 2)
 	    xpError(xp, "Attribute stack overflow");
 	dy = retAttributes[attCount];
 	if (dy == NULL)
-	    dy = retAttributes[attCount] = newDyString(64);
+	    dy = retAttributes[attCount] = dyStringNew(64);
 	else
 	    dyStringClear(dy);
 	++attCount;
 
 	/* Read until not a label character. */
 	for (;;)
 	    {
 	    dyStringAppendC(dy, c);
 	    if ((c = xpGetChar(xp)) == 0)
 		xpUnexpectedEof(xp);
 	    if (isspace(c))
 		{
 		if (c == '\n')
 		    ++xp->lineIx;
 		break;
@@ -338,31 +338,31 @@
 		{
 		if (c == '\n')
 		    ++xp->lineIx;
 		}
 	    else
 		break;
 	    }
 	if (c != '\'' && c != '"')
 	    xpError(xp, "Expecting quoted string after =");
 
 	/* Allocate space in attribute table. */
 	if (attCount >= maxAttCount - 2)
 	    xpError(xp, "Attribute stack overflow");
 	dy = retAttributes[attCount];
 	if (dy == NULL)
-	    dy = retAttributes[attCount] = newDyString(64);
+	    dy = retAttributes[attCount] = dyStringNew(64);
 	else
 	    dyStringClear(dy);
 	++attCount;
 
 	/* Read until next quote. */
 	quotC = c;
 	lineStart = xp->lineIx;
 	for (;;)
 	    {
 	    if ((c = xpGetChar(xp)) == 0)
 	       xpError(xp, "End of file inside literal string that started at line %d", lineStart);
 	    if (c == quotC)
 		break;
 	    if (c == '&')
 	       xpLookup(xp, xp->endTag, dy);
@@ -492,35 +492,35 @@
 	    xpError(xp, "Extra end tag");
 	xpParseEndTag(xp, stack->tag->string);
 	if (inside)
 	    xp->atEndTag(xp->userData, stack->tag->string, stack->text->string);
 	xp->stack += 1;
 	if (xp->stack == initialStack)
 	    return TRUE;
 	}
     else	/* Start tag. */
         {
 	/* Push new frame on stack and check for overflow and unallocated strings. */
 	struct xpStack *stack = --xp->stack;
 	if (stack < xp->stackBuf)
 	    xpError(xp, "Stack overflow");
 	if (stack->tag == NULL)
-	    stack->tag = newDyString(32);
+	    stack->tag = dyStringNew(32);
 	else
 	    dyStringClear(stack->tag);
 	if (stack->text == NULL)
-	    stack->text = newDyString(256);
+	    stack->text = dyStringNew(256);
 	else
 	    dyStringClear(stack->text);
 	text = stack->text;
 
 	/* Parse the start tag. */
 	xpUngetChar(xp);
 	xpParseStartTag(xp, ArraySize(xp->attDyBuf), stack->tag, 
 		&attCount, xp->attDyBuf, &isClosed);
 
 	if (!inside && sameString(stack->tag->string, tag))
 	    {
 	    inside = TRUE;
 	    initialStack = xp->stack + 1;
 	    }