Update module to work with upstream libinjection and improve Python 3 compatibility

Co-authored-by: fzipi <3012076+fzipi@users.noreply.github.com>

Author: Copilot

.gitignore

@@ -136,3 +136,7 @@ libinjection/libinjection_xss.*
 libinjection/libinjection_html5.*
 libinjection/libinjection_sqli*
 libinjection/libinjection_wrap*
+libinjection/libinjection_error.h
+
+# Generated files
+words.py

Makefile

@@ -4,15 +4,14 @@ all: build
 #
 
 build: upstream libinjection/libinjection_wrap.c
-	rm -f libinjection.py libinjection.pyc
-	python setup.py --verbose build --force
+	rm -f libinjection/libinjection.py
+	python3 setup.py --verbose build_ext --inplace
 
 install: build
-	sudo python setup.py --verbose install
+	sudo python3 setup.py --verbose install
 
 test-unit: build words.py
-	python setup.py build_ext --inplace
-	PYTHON_PATH='.' nosetests -v --with-xunit test_driver.py
+	cd /tmp && python3 -m pytest $(CURDIR)/test_driver.py -v
 
 .PHONY: test
 test: test-unit
@@ -24,16 +23,16 @@ speed:
 upstream: 
 	[ -d $@ ] || git clone --depth=1 https://github.com/libinjection/libinjection.git upstream
 
-libinjection/libinjection.h libinjection/libinjection_sqli.h: upstream
+libinjection/libinjection.h libinjection/libinjection_sqli.h libinjection/libinjection_error.h: upstream
 	cp -f upstream/src/libinjection*.h upstream/src/libinjection*.c libinjection/
 
 words.py: Makefile json2python.py upstream
-	./json2python.py < upstream/src/sqlparse_data.json > words.py
+	python3 json2python.py < upstream/src/sqlparse_data.json > words.py
 
 
-libinjection/libinjection_wrap.c: libinjection/libinjection.i libinjection/libinjection.h libinjection/libinjection_sqli.h
+libinjection/libinjection_wrap.c: libinjection/libinjection.i libinjection/libinjection.h libinjection/libinjection_sqli.h libinjection/libinjection_error.h
 	swig -version
-	swig -py3 -python -builtin -Wall -Wextra libinjection/libinjection.i
+	swig -python -builtin -Wall -Wextra libinjection/libinjection.i
 
 
 .PHONY: copy
@@ -50,5 +49,6 @@ clean:
 	@rm -f nosetests.xml
 	@rm -f words.py
 	@rm -f libinjection/*~ libinjection/*.pyc
-	@rm -f libinjection/libinjection.h libinjection/libinjection_sqli.h libinjection/libinjection_sqli.c libinjection/libinjection_sqli_data.h
+	@rm -f libinjection/libinjection.h libinjection/libinjection_error.h libinjection/libinjection_sqli.h libinjection/libinjection_sqli.c libinjection/libinjection_sqli_data.h
+	@rm -f libinjection/libinjection_html5.h libinjection/libinjection_html5.c libinjection/libinjection_xss.h libinjection/libinjection_xss.c
 	@rm -f libinjection/libinjection_wrap.c libinjection/libinjection.py

README.md

@@ -1,2 +1,93 @@
 # python3-libinjection
 libInjection Python3 bindings
+
+## Overview
+
+Python3 bindings for [libinjection](https://github.com/libinjection/libinjection) - a SQL/SQLI tokenizer, parser and analyzer.
+
+## Requirements
+
+- Python 3.x
+- SWIG 4.x
+- GCC or compatible C compiler
+
+## Building
+
+### 1. Clone the repository and get upstream libinjection
+
+```bash
+git clone https://github.com/libinjection/python3-libinjection.git
+cd python3-libinjection
+make upstream
+```
+
+### 2. Copy upstream C source files
+
+```bash
+make libinjection/libinjection.h libinjection/libinjection_sqli.h libinjection/libinjection_error.h
+```
+
+### 3. Generate the SWIG wrapper
+
+```bash
+swig -python -builtin -Wall -Wextra libinjection/libinjection.i
+```
+
+### 4. Build the Python extension
+
+```bash
+python3 setup.py build_ext --inplace
+```
+
+Or using the Makefile:
+
+```bash
+make build
+```
+
+### 5. Generate the word lookup table (needed for tests)
+
+```bash
+python3 json2python.py < upstream/src/sqlparse_data.json > words.py
+```
+
+## Usage
+
+### SQLi Detection
+
+```python
+import libinjection
+
+# Simple API - detect SQLi in a string
+result, fingerprint = libinjection.sqli("1 UNION SELECT * FROM users")
+if result:
+    print(f"SQLi detected! Fingerprint: {fingerprint}")
+
+# Advanced API with state object
+state = libinjection.sqli_state()
+libinjection.sqli_init(state, "1 UNION SELECT * FROM users",
+                       libinjection.FLAG_QUOTE_NONE | libinjection.FLAG_SQL_ANSI)
+libinjection.sqli_callback(state, None)
+if libinjection.is_sqli(state):
+    print(f"SQLi detected! Fingerprint: {state.fingerprint}")
+```
+
+### XSS Detection
+
+```python
+import libinjection
+
+# Detect XSS in a string
+result = libinjection.xss("<script>alert(1)</script>")
+if result:
+    print("XSS detected!")
+```
+
+## Testing
+
+Run the test suite using pytest:
+
+```bash
+cd /tmp  # run from outside the repo directory to avoid pytest.py conflict
+python3 -m pytest /path/to/python3-libinjection/test_driver.py -v
+```

libinjection/__init__.py

@@ -1 +1 @@
-from libinjection import *
+from .libinjection import *

libinjection/libinjection.i

@@ -3,6 +3,8 @@
 %{
 #include "libinjection.h"
 #include "libinjection_sqli.h"
+#include "libinjection_xss.h"
+#include "libinjection_error.h"
 #include <stddef.h>
 
 /* This is the callback function that runs a python function
@@ -13,7 +15,6 @@ static char libinjection_python_check_fingerprint(sfilter* sf, int lookuptype, c
     PyObject *fp;
     PyObject *arglist;
     PyObject *result;
-    const char* strtype;
     char ch;
 
     // get sfilter->pattern
@@ -25,14 +26,21 @@ static char libinjection_python_check_fingerprint(sfilter* sf, int lookuptype, c
     result = PyObject_CallObject((PyObject*) sf->userdata, arglist);
     Py_DECREF(arglist);
     if (result == NULL) {
-        printf("GOT NULL\n");
         // python call has an exception
         // pass it back
         ch = '\0';
     } else {
-        // convert value of python call to a char
-        strtype =  PyString_AsString(result);
-        ch = strtype[0];
+        // convert value of python call to a char (Python 3 compatible)
+        if (PyUnicode_Check(result)) {
+            Py_ssize_t size;
+            const char* str = PyUnicode_AsUTF8AndSize(result, &size);
+            ch = (str != NULL && size > 0) ? str[0] : '\0';
+        } else if (PyBytes_Check(result)) {
+            const char* str = PyBytes_AsString(result);
+            ch = (str != NULL) ? str[0] : '\0';
+        } else {
+            ch = '\0';
+        }
         Py_DECREF(result);
     }
     return ch;
@@ -67,6 +75,18 @@ for (i = 0; i < $1_dim0; i++) {
 
 // automatically append string length into arg array
 %apply (char *STRING, size_t LENGTH) { (const char *s, size_t slen) };
+%apply (char *STRING, size_t LENGTH) { (const char *s, size_t len) };
+
+// Make the fingerprint output parameter in libinjection_sqli() work as an output
+// The fingerprint buffer size matches libinjection's internal LIBINJECTION_SQLI_MAX_TOKENS (5) + null byte
+#define LIBINJECTION_FINGERPRINT_SIZE 8
+%typemap(in, numinputs=0) char fingerprint[] (char temp[LIBINJECTION_FINGERPRINT_SIZE]) {
+    memset(temp, 0, sizeof(temp));
+    $1 = temp;
+}
+%typemap(argout) char fingerprint[] {
+    $result = SWIG_Python_AppendOutput($result, PyUnicode_FromString($1));
+}
 
 %typemap(in) (ptr_lookup_fn fn, void* userdata) {
     if ($input == Py_None) {
@@ -77,5 +97,7 @@ for (i = 0; i < $1_dim0; i++) {
         $2 = $input;
     }
 }
+%include "libinjection_error.h"
 %include "libinjection.h"
 %include "libinjection_sqli.h"
+%include "libinjection_xss.h"

libinjection/libinjection_error.h

@@ -5,20 +5,40 @@
  nickg@client9.com
  BSD License -- see COPYING.txt for details
 """
+import os
+
 try:
     from setuptools import setup, Extension
 except ImportError:
     from distutils.core import setup, Extension
 
+
+def get_libinjection_version():
+    """Read the libinjection version from the upstream source file, if available."""
+    version_file = os.path.join(os.path.dirname(__file__),
+                                'upstream', 'src', 'libinjection_sqli.c')
+    if os.path.exists(version_file):
+        with open(version_file) as f:
+            for line in f:
+                if '#define LIBINJECTION_VERSION' in line and '__clang_analyzer__' not in line:
+                    # Extract version string from: #define LIBINJECTION_VERSION "x.y.z"
+                    parts = line.strip().split('"')
+                    if len(parts) >= 2:
+                        return parts[1]
+    return 'undefined'
+
+
+LIBINJECTION_VERSION = get_libinjection_version()
+
 MODULE = Extension(
-    '_libinjection', [
+    'libinjection._libinjection', [
         'libinjection/libinjection_wrap.c',
         'libinjection/libinjection_sqli.c',
         'libinjection/libinjection_html5.c',
         'libinjection/libinjection_xss.c'
     ],
     swig_opts=['-Wextra', '-builtin'],
-    define_macros = [],
+    define_macros = [('LIBINJECTION_VERSION', '"{}"'.format(LIBINJECTION_VERSION))],
     include_dirs = [],
     libraries = [],
     library_dirs = [],