others-how to compile and install libinjection on linux server?

1. Purpose

In this post, I will introduce how to compile and install libinjection on linux server.



2. Solution

1) What is libinjection?

Libinjection is a library used as SQL / SQLI tokenizer parser analyzer , it can be used to analyze web requests to avoid sql injection or xss injection.



2) How to make or compile libinjection?

First , you should clone the library to local directories:

git clone https://github.com/client9/libinjection

You should get a directory as follows:

-rw-r--r-- 1 501 games    18 6月  27 14:11 CHANGELOG
-rw-r--r-- 1 501 games 12791 6月  27 14:11 CHANGELOG.md
-rwxr-xr-x 1 501 games   756 6月  17 14:07 configure-clang-asan.sh
-rwxr-xr-x 1 501 games   737 6月  17 14:07 configure-clang.sh
-rwxr-xr-x 1 501 games   709 6月  17 14:07 configure-gcc-hardened.sh
-rwxr-xr-x 1 501 games   144 6月  17 14:07 configure-gcov.sh
-rwxr-xr-x 1 501 games    85 6月  17 14:07 configure-gprof.sh
-rw-r--r-- 1 501 games  1575 6月  17 14:07 COPYING
drwxr-xr-x 2 501 games  4096 6月  27 14:13 data
drwxr-xr-x 2 501 games    37 6月  27 14:13 go
-rwxr-xr-x 1 501 games 13997 6月  17 14:07 install-sh
drwxr-xr-x 2 501 games   178 6月  27 14:13 lua
-rwxr-xr-x 1 501 games  1697 6月  17 14:07 make-ci.sh
-rw-r--r-- 1 501 games   581 6月  27 14:05 Makefile
drwxr-xr-x 3 501 games  4096 6月  27 14:13 misc
drwxr-xr-x 2 501 games   141 6月  27 14:13 php
drwxr-xr-x 3 501 games   157 6月  27 14:13 python
-rw-r--r-- 1 501 games  3329 6月  27 14:05 README.md
-rw-r--r-- 1 501 games   610 6月  27 14:11 RELEASE-HOWTO.md
-rwxr-xr-x 1 501 games   208 6月  17 14:07 run-clang-asan.sh
-rwxr-xr-x 1 501 games   562 6月  17 14:07 run-gcov-samples.sh
-rwxr-xr-x 1 501 games   570 6月  17 14:07 run-gcov-unittests.sh
drwxr-xr-x 2 501 games  4096 6月  27 14:11 src
-rwxr-xr-x 1 501 games   260 6月  27 14:11 tags.sh
-rwxr-xr-x 1 501 games   257 6月  17 14:07 test-gprof.sh
drwxr-xr-x 2 501 games 20480 6月  27 14:13 tests

Then, compile libinjection:

[root@bswen-k8s-app1 libinjection]# cd src
[root@bswen-k8s-app1 src]# make
./make_parens.py < fingerprints.txt > fingerprints2.txt
mv fingerprints2.txt fingerprints.txt
./sqlparse_map.py > sqlparse_data.json
./sqlparse2c.py < sqlparse_data.json > libinjection_sqli_data.h
cc -Wall -Wextra -Werror -pedantic -ansi -g -O3 -fPIC -c -o libinjection_sqli.o libinjection_sqli.c
cc -Wall -Wextra -Werror -pedantic -ansi -g -O3 -fPIC -c -o libinjection_html5.o libinjection_html5.c
cc -Wall -Wextra -Werror -pedantic -ansi -g -O3 -fPIC -c -o libinjection_xss.o libinjection_xss.c
cc libinjection_sqli.o libinjection_html5.o libinjection_xss.o -shared -lc -o libinjection.so
rm -f libinjection.a
ar -r libinjection.a libinjection_sqli.o libinjection_html5.o libinjection_xss.o
ar: Creating libinjection.a
[root@bswen-k8s-app1 src]#

At last, we can test libinjection as follows:

[root@bswen-k8s-app1 src]# gcc -Wall -Wextra example1.c libinjection_sqli.c
[root@bswen-k8s-app1 src]# ll
-rw-r--r-- 1  501 games    227 6月  17 14:07 alpine.supp
-rwxr-xr-x 1 root root  257416 6月  27 14:15 a.out
-rwxr-xr-x 1  501 games    559 6月  17 14:07 clang.sh
-rw-r--r-- 1  501 games    557 6月  17 14:07 example1.c
-rwxr-xr-x 1  501 games   1338 6月  17 14:07 fingerprints2sqli.py
-rw-r--r-- 1 root root   49668 6月  27 14:14 fingerprints.txt
-rw-r--r-- 1  501 games   2276 6月  17 14:07 fptool.c
-rw-r--r-- 1  501 games   4194 6月  17 14:07 html5_cli.c
-rw-r--r-- 1 root root  762344 6月  27 14:14 libinjection.a
-rw-r--r-- 1  501 games   1633 6月  17 14:07 libinjection.h
-rw-r--r-- 1  501 games  21694 6月  27 14:11 libinjection_html5.c
-rw-r--r-- 1  501 games   4656 6月  17 14:08 libinjection_html5.gcda
-rw-r--r-- 1  501 games    913 6月  17 14:07 libinjection_html5.h
-rw-r--r-- 1 root root   58600 6月  27 14:14 libinjection_html5.o
-rwxr-xr-x 1 root root  602016 6月  27 14:14 libinjection.so
-rw-r--r-- 1  501 games  72134 6月  27 14:11 libinjection_sqli.c
-rw-r--r-- 1  501 games 206900 6月  27 14:14 libinjection_sqli_data.h
-rw-r--r-- 1  501 games  13464 6月  17 14:08 libinjection_sqli.gcda
-rw-r--r-- 1  501 games   7145 6月  27 14:11 libinjection_sqli.h
-rw-r--r-- 1 root root  674176 6月  27 14:14 libinjection_sqli.o
-rw-r--r-- 1  501 games  14531 6月  27 14:11 libinjection_xss.c
-rw-r--r-- 1  501 games   2908 6月  17 14:08 libinjection_xss.gcda
-rw-r--r-- 1  501 games    267 6月  17 14:07 libinjection_xss.h
-rw-r--r-- 1 root root   28672 6月  27 14:14 libinjection_xss.o
-rw-r--r-- 1  501 games   4557 6月  27 14:11 Makefile
-rwxr-xr-x 1  501 games  11598 6月  17 14:07 make_parens.py
-rw-r--r-- 1  501 games   8273 6月  17 14:07 reader.c
-rw-r--r-- 1  501 games   2092 6月  17 14:08 reader.gcda
-rw-r--r-- 1  501 games   4003 6月  27 14:11 sqli_cli.c
-rwxr-xr-x 1  501 games   3800 6月  17 14:07 sqlparse2c.py
-rw-r--r-- 1  501 games 182535 6月  27 14:14 sqlparse_data.json
-rwxr-xr-x 1  501 games  48384 6月  27 14:11 sqlparse_map.py
-rwxr-xr-x 1  501 games    273 6月  17 14:07 test-cppcheck.sh
-rw-r--r-- 1  501 games   8250 6月  17 14:07 testdriver.c
-rw-r--r-- 1  501 games   2144 6月  17 14:08 testdriver.gcda
-rwxr-xr-x 1  501 games    189 6月  17 14:07 test-driver.sh
-rwxr-xr-x 1  501 games     87 6月  17 14:07 test-samples-sqli-negative.sh
-rwxr-xr-x 1  501 games     93 6月  17 14:07 test-samples-sqli-positive.sh
-rwxr-xr-x 1  501 games     89 6月  17 14:07 test-samples-xss-positive.sh
-rw-r--r-- 1  501 games   1498 6月  17 14:07 test_speed_sqli.c
-rwxr-xr-x 1  501 games     45 6月  17 14:07 test-speed-sqli.sh
-rw-r--r-- 1  501 games   2123 6月  17 14:07 test_speed_xss.c
-rwxr-xr-x 1  501 games     44 6月  17 14:07 test-speed-xss.sh
-rwxr-xr-x 1  501 games     97 6月  17 14:07 test-unit.sh
[root@bswen-k8s-app1 src]# ./a.out "-1' and 1 = 1"
sqli with fingerprint of 's&1'
[root@bswen-k8s-app1 src]#

You can see that the sql injection test is successful.



3. Summary

In this post, I demonstrated how to make ,compile and install libinjection library on linux server. That’s it, thanks for your reading.