Merge pull request #74 from dreamer-coding/main

Author: dreamer-coding

code/logic/fossil/io/input.h

@@ -23,9 +23,21 @@ typedef enum {
     FOSSIL_CTX_HTML,
     FOSSIL_CTX_SQL,
     FOSSIL_CTX_SHELL,
-    FOSSIL_CTX_FILENAME
+    FOSSIL_CTX_FILENAME,
+    FOSSIL_CTX_NONE
 } fossil_context_t;
 
+/* Bitmask flags for string sanitization results */
+#define FOSSIL_SAN_OK        0x00  /* No issues detected; string is clean */
+#define FOSSIL_SAN_MODIFIED  0x01  /* Input was modified during sanitization */
+#define FOSSIL_SAN_SCRIPT    0x02  /* Script or JavaScript patterns detected */
+#define FOSSIL_SAN_SQL       0x04  /* SQL injection patterns detected */
+#define FOSSIL_SAN_SHELL     0x08  /* Shell or command execution patterns detected */
+#define FOSSIL_SAN_BASE64    0x10  /* Suspiciously long base64 sequences detected */
+#define FOSSIL_SAN_PATH      0x20  /* Path traversal or filesystem patterns detected */
+#define FOSSIL_SAN_BOT       0x40  /* Bot or automated agent patterns detected */
+#define FOSSIL_SAN_SPAM      0x80  /* Spam or suspicious marketing content detected */
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -223,7 +235,7 @@ int fossil_io_validate_is_suspicious_user(const char *input);
  *       output_size bytes. The function uses heuristics and is not a substitute
  *       for context-specific escaping or prepared statements in SQL/HTML.
  */
-int fossil_io_validate_sanitize_string_ctx(const char *input,
+int fossil_io_validate_sanitize_string(const char *input,
                                            char *output,
                                            size_t output_size,
                                            fossil_context_t ctx);
@@ -573,7 +585,7 @@ namespace fossil {
              */
             static int validate_sanitize_string(std::string &input, fossil_context_t ctx) {
                 std::vector<char> buffer(input.size() + 1);
-                int flags = fossil_io_validate_sanitize_string_ctx(
+                int flags = fossil_io_validate_sanitize_string(
                     input.c_str(),
                     buffer.data(),
                     buffer.size(),

code/logic/input.c

@@ -127,20 +127,6 @@ static int strncase_contains(const char *haystack, const char *needle, size_t le
     return 0;
 }
 
-/* ============================================================
- * Bitmask flags for detection
- * ============================================================ */
-#define FOSSIL_SAN_OK        0x00
-#define FOSSIL_SAN_MODIFIED  0x01
-#define FOSSIL_SAN_SCRIPT    0x02
-#define FOSSIL_SAN_SQL       0x04
-#define FOSSIL_SAN_SHELL     0x08
-#define FOSSIL_SAN_BASE64    0x10
-#define FOSSIL_SAN_PATH      0x20
-#define FOSSIL_SAN_BOT       0x40
-#define FOSSIL_SAN_SPAM      0x80
-
-
 // Function to trim leading and trailing spaces from a string
 void fossil_io_trim(char *str) {
     if (str == NULL) return;
@@ -243,7 +229,7 @@ char *fossil_io_gets_from_stream(char *buf, size_t size, fossil_fstream_t *input
 }
 
 /* --- sanitizer --- */
-int fossil_io_validate_sanitize_string_ctx(const char *input,
+int fossil_io_validate_sanitize_string(const char *input,
                                            char *output,
                                            size_t output_size,
                                            fossil_context_t ctx) {
@@ -268,25 +254,51 @@ int fossil_io_validate_sanitize_string_ctx(const char *input,
 
     /* Suspicious patterns */
     const char *script_patterns[] = {
-        "<script", "javascript:", "onerror=", "onload=", "onclick=", "eval(", NULL
+        "<script", "javascript:", "onerror=", "onload=", "onclick=",
+        "eval(", "document.cookie", "alert(", "src=", "iframe", "onmouseover=",
+        "onfocus=", "onblur=", "onchange=", "oninput=", "onreset=", "onsubmit=",
+        "onselect=", "onkeydown=", "onkeyup=", "onkeypress=", "onmousedown=",
+        "onmouseup=", "onmousemove=", "onmouseenter=", "onmouseleave=", "onwheel=",
+        "oncontextmenu=", "oncopy=", "oncut=", "onpaste=", "location.href",
+        "window.open", "window.location", NULL
     };
     const char *sql_patterns[] = {
         "select ", "insert ", "update ", "delete ", "drop ", "union ",
-        "--", ";--", "/*", "*/", "0x", NULL
+        "--", ";--", "/*", "*/", "0x", "xp_", "exec ", "sp_", "information_schema",
+        "truncate ", "alter ", "create ", "rename ", "grant ", "revoke ", "cast(",
+        "convert(", "declare ", "fetch ", "open ", "close ", "rollback ", "commit ",
+        "savepoint ", "release ", "begin ", "end ", NULL
     };
     const char *shell_patterns[] = {
         "curl ", "wget ", "rm -rf", "powershell", "cmd.exe",
-        "exec(", "system(", "|", "&&", "||", NULL
+        "exec(", "system(", "|", "&&", "||", "bash", "sh", "zsh", "fish", "scp ",
+        "ssh ", "ftp ", "tftp ", "nc ", "netcat ", "nmap ", "chmod ", "chown ",
+        "sudo ", "kill ", "pkill ", "ps ", "ls ", "cat ", "dd ", "mkfs ", "mount ",
+        "umount ", "service ", "systemctl ", "init ", "reboot ", "shutdown ",
+        "start ", "stop ", "restart ", NULL
     };
     const char *bot_patterns[] = {
-        "bot", "crawler", "spider", "curl/", "python-requests", "scrapy", NULL
+        "bot", "crawler", "spider", "curl/", "python-requests", "scrapy", "httpclient",
+        "libwww", "wget", "java", "go-http-client", "phantomjs", "selenium", "headless",
+        "robot", "checker", "monitor", "scan", "probe", "harvest", "grabber", "fetcher",
+        "indexer", "parser", "api-client", "node-fetch", "axios", NULL
     };
     const char *spam_patterns[] = {
         "viagra", "free money", "winner", "prize", "click here",
-        "http://", "https://", "meta refresh", NULL
+        "http://", "https://", "meta refresh", "casino", "loan", "credit", "bitcoin",
+        "crypto", "forex", "investment", "guaranteed", "risk-free", "unsubscribe",
+        "buy now", "limited offer", "act now", "earn cash", "work from home", "miracle",
+        "weight loss", "no prescription", "cheap", "discount", "deal", "promo", "bonus",
+        "gift", "exclusive", "urgent", "clearance", "bargain", "order now", "trial",
+        "winner!", "congratulations", "selected", "luxury", "get rich", "easy money",
+        NULL
     };
     const char *path_patterns[] = {
-        "../", "..\\", "/etc/passwd", "C:\\", NULL
+        "../", "..\\", "/etc/passwd", "C:\\", "/proc/self/environ", "/proc/version",
+        "/proc/cpuinfo", "/proc/meminfo", "/boot.ini", "/windows/", "/winnt/", "/system32/",
+        "/sys/", "/dev/", "/bin/", "/sbin/", "/usr/", "/var/", "/tmp/", "/root/", "/home/",
+        "/Users/", "/Documents/", "/AppData/", "/Local/", "/Roaming/", "/Program Files/",
+        "/ProgramData/", "/Desktop/", "/Downloads/", NULL
     };
 
     /* Scan categories */
@@ -385,34 +397,73 @@ int fossil_io_validate_is_suspicious_user(const char *input) {
     // 1. Too long or too short
     if (len < 3 || len > 32) return 1;
 
-    // 2. Count digits, letters, and digit runs
+    // 2. Count digits, letters, digit runs, and symbol runs
     int digit_run = 0, max_digit_run = 0, digit_count = 0, alpha_count = 0;
+    int symbol_run = 0, max_symbol_run = 0, symbol_count = 0;
     for (size_t i = 0; i < len; i++) {
         if (isdigit((unsigned char)input[i])) {
             digit_run++;
             digit_count++;
             if (digit_run > max_digit_run) max_digit_run = digit_run;
+            symbol_run = 0;
+        } else if (isalpha((unsigned char)input[i])) {
+            alpha_count++;
+            digit_run = 0;
+            symbol_run = 0;
         } else {
+            symbol_run++;
+            symbol_count++;
             digit_run = 0;
-            if (isalpha((unsigned char)input[i])) alpha_count++;
+            if (symbol_run > max_symbol_run) max_symbol_run = symbol_run;
         }
     }
 
-    // 3. Check for long digit runs or too few letters
+    // 3. Check for long digit/symbol runs or too few letters
     if (max_digit_run >= 5) return 1;                  // suspicious long digit tail
-    if ((float)digit_count / len > 0.5) return 1;      // mostly digits
+    if (max_symbol_run >= 4) return 1;                 // suspicious long symbol run
+    if (digit_count >= 8) return 1;                    // many digits (new: covers user1234567890)
+    if ((float)digit_count / len > 0.45) return 1;     // high digit ratio (new: covers a1b2c3d4e5f6g7h8i9j0)
     if ((float)alpha_count / len < 0.3) return 1;      // too few letters
-
-    // 4. Suspicious keywords
-    const char *bad_keywords[] = {"bot", "test", "fake", "spam", "zzz", "null", "admin"};
+    if ((float)symbol_count / len > 0.3) return 1;     // too many symbols
+
+    // 4. Suspicious keywords and patterns
+    const char *bad_keywords[] = {
+        "bot", "test", "fake", "spam", "zzz", "null", "admin",
+        "user", "guest", "demo", "temp", "unknown", "default", "root",
+        "system", "anonymous", "trial", "sample", "password", "qwerty",
+        "abc123", "123456", "login", "register", "support", "contact",
+        "info", "webmaster", "help", "service", "account", "manager",
+        "api", "sys", "operator", "mod", "moderator", "superuser",
+        "owner", "master", "testuser", "tester", "dev", "developer",
+        "backup", "restore", "error", "fail", "invalid", "void"
+    };
     size_t nkeys = sizeof(bad_keywords) / sizeof(bad_keywords[0]);
     for (size_t i = 0; i < nkeys; i++) {
         if (fossil_io_cstring_case_search(input, bad_keywords[i]) != NULL) {
             return 1;
         }
     }
 
-    // 5. Very high entropy (simple Shannon estimate)
+    // 5. Common suspicious patterns (repetitive, alternating, keyboard walks)
+    int repetitive = 1, alternating = 1;
+    for (size_t i = 1; i < len; i++) {
+        if (input[i] != input[i - 1]) repetitive = 0;
+        if (i > 1 && input[i] != input[i - 2]) alternating = 0;
+    }
+    if (repetitive || alternating) return 1;
+
+    // 6. Keyboard walk detection (e.g., "qwerty", "asdf", "zxcv")
+    const char *keyboard_walks[] = {
+        "qwerty", "asdf", "zxcv", "12345", "67890", "poiuy", "lkjhg", "mnbvc"
+    };
+    size_t nwalks = sizeof(keyboard_walks) / sizeof(keyboard_walks[0]);
+    for (size_t i = 0; i < nwalks; i++) {
+        if (fossil_io_cstring_case_search(input, keyboard_walks[i]) != NULL) {
+            return 1;
+        }
+    }
+
+    // 7. Very high entropy (simple Shannon estimate)
     int freq[256] = {0};
     for (size_t i = 0; i < len; i++) freq[(unsigned char)input[i]]++;
     double entropy = 0.0;
@@ -422,7 +473,17 @@ int fossil_io_validate_is_suspicious_user(const char *input) {
             entropy -= p * log2(p);
         }
     }
-    if (entropy > 4.5) return 1; // suspiciously random-like
+    if (entropy > 4.2) return 1; // slightly lower threshold for suspicious randomness
+
+    // 8. Looks like an email or URL
+    if (strchr(input, '@') || fossil_io_cstring_case_search(input, "http") != NULL) return 1;
+
+    // 9. Looks like a UUID or hex string
+    size_t hex_count = 0;
+    for (size_t i = 0; i < len; i++) {
+        if (isxdigit((unsigned char)input[i])) hex_count++;
+    }
+    if (hex_count == len && len >= 16) return 1;
 
     return 0; // not flagged
 }

code/tests/cases/test_input.c

@@ -266,6 +266,112 @@ FOSSIL_TEST(c_test_io_clear_keybindings_removes_all) {
     ASSUME_ITS_EQUAL_I32(0, (int)count);
 }
 
+FOSSIL_TEST(c_test_io_validate_is_weak_password_bad) {
+    const char *password = "password123";
+    const char *username = "user";
+    const char *email = "[email protected]";
+    int result = fossil_io_validate_is_weak_password(password, username, email);
+    ASSUME_ITS_TRUE(result);
+}
+
+FOSSIL_TEST(c_test_io_validate_is_weak_password_good) {
+    const char *password = "S3cure!Passw0rd";
+    const char *username = "user";
+    const char *email = "[email protected]";
+    int result = fossil_io_validate_is_weak_password(password, username, email);
+    ASSUME_ITS_FALSE(result);
+}
+
+FOSSIL_TEST(c_test_io_validate_is_suspicious_bot_true) {
+    const char *ua = "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)";
+    int result = fossil_io_validate_is_suspicious_bot(ua);
+    ASSUME_ITS_TRUE(result);
+}
+
+FOSSIL_TEST(c_test_io_validate_is_suspicious_bot_false) {
+    const char *ua = "Mozilla/5.0 (Windows NT 10.0; Win64; x64)";
+    int result = fossil_io_validate_is_suspicious_bot(ua);
+    ASSUME_ITS_FALSE(result);
+}
+
+FOSSIL_TEST(c_test_io_validate_is_disposable_email_true) {
+    const char *input = "[email protected]";
+    int result = fossil_io_validate_is_disposable_email(input);
+    ASSUME_ITS_TRUE(result);
+}
+
+FOSSIL_TEST(c_test_io_validate_is_disposable_email_false) {
+    const char *input = "[email protected]";
+    int result = fossil_io_validate_is_disposable_email(input);
+    ASSUME_ITS_FALSE(result);
+}
+
+FOSSIL_TEST(c_test_io_validate_is_suspicious_user_true) {
+    const char *input = "bot123456";
+    int result = fossil_io_validate_is_suspicious_user(input);
+    ASSUME_ITS_TRUE(result);
+}
+
+FOSSIL_TEST(c_test_io_validate_is_suspicious_user_false) {
+    const char *input = "john_doe";
+    int result = fossil_io_validate_is_suspicious_user(input);
+    ASSUME_ITS_FALSE(result);
+}
+
+FOSSIL_TEST(c_test_io_validate_sanitize_string_script) {
+    const char *input = "<script>alert('xss')</script>";
+    char output[64];
+    int flags = fossil_io_validate_sanitize_string(input, output, sizeof(output), FOSSIL_CTX_HTML);
+    ASSUME_ITS_TRUE(flags & FOSSIL_SAN_SCRIPT);
+    ASSUME_ITS_TRUE(flags & FOSSIL_SAN_MODIFIED);
+}
+
+FOSSIL_TEST(c_test_io_validate_sanitize_string_sql) {
+    const char *input = "SELECT * FROM users WHERE name='admin' --";
+    char output[64];
+    int flags = fossil_io_validate_sanitize_string(input, output, sizeof(output), FOSSIL_CTX_SQL);
+    ASSUME_ITS_TRUE(flags & FOSSIL_SAN_SQL);
+    ASSUME_ITS_TRUE(flags & FOSSIL_SAN_MODIFIED);
+}
+
+FOSSIL_TEST(c_test_io_validate_sanitize_string_clean) {
+    const char *input = "SafeString123";
+    char output[64];
+    int flags = fossil_io_validate_sanitize_string(input, output, sizeof(output), FOSSIL_CTX_GENERIC);
+    ASSUME_ITS_EQUAL_I32(FOSSIL_SAN_OK, flags);
+    ASSUME_ITS_EQUAL_CSTR(input, output);
+}
+
+FOSSIL_TEST(c_test_io_validate_is_suspicious_user_many_digits) {
+    const char *input = "user1234567890";
+    int result = fossil_io_validate_is_suspicious_user(input);
+    ASSUME_ITS_TRUE(result);
+}
+
+FOSSIL_TEST(c_test_io_validate_is_suspicious_user_high_digit_ratio) {
+    const char *input = "a1b2c3d4e5f6g7h8i9j0";
+    int result = fossil_io_validate_is_suspicious_user(input);
+    ASSUME_ITS_TRUE(result);
+}
+
+FOSSIL_TEST(c_test_io_validate_is_suspicious_user_contains_test) {
+    const char *input = "testuser";
+    int result = fossil_io_validate_is_suspicious_user(input);
+    ASSUME_ITS_TRUE(result);
+}
+
+FOSSIL_TEST(c_test_io_validate_is_suspicious_user_contains_fake) {
+    const char *input = "fakeaccount";
+    int result = fossil_io_validate_is_suspicious_user(input);
+    ASSUME_ITS_TRUE(result);
+}
+
+FOSSIL_TEST(c_test_io_validate_is_suspicious_user_entropy) {
+    const char *input = "x7q9z2w8v5r1t3y6u0";
+    int result = fossil_io_validate_is_suspicious_user(input);
+    ASSUME_ITS_TRUE(result);
+}
+
 // * * * * * * * * * * * * * * * * * * * * * * * *
 // * Fossil Logic Test Pool
 // * * * * * * * * * * * * * * * * * * * * * * * *
@@ -290,6 +396,23 @@ FOSSIL_TEST_GROUP(c_input_tests) {
     FOSSIL_TEST_ADD(c_input_suite, c_test_io_validate_is_length_invalid);
     FOSSIL_TEST_ADD(c_input_suite, c_test_io_getc);
 
+    FOSSIL_TEST_ADD(c_input_suite, c_test_io_validate_is_weak_password_bad);
+    FOSSIL_TEST_ADD(c_input_suite, c_test_io_validate_is_weak_password_good);
+    FOSSIL_TEST_ADD(c_input_suite, c_test_io_validate_is_suspicious_bot_true);
+    FOSSIL_TEST_ADD(c_input_suite, c_test_io_validate_is_suspicious_bot_false);
+    FOSSIL_TEST_ADD(c_input_suite, c_test_io_validate_is_disposable_email_true);
+    FOSSIL_TEST_ADD(c_input_suite, c_test_io_validate_is_disposable_email_false);
+    FOSSIL_TEST_ADD(c_input_suite, c_test_io_validate_is_suspicious_user_true);
+    FOSSIL_TEST_ADD(c_input_suite, c_test_io_validate_is_suspicious_user_false);
+    FOSSIL_TEST_ADD(c_input_suite, c_test_io_validate_sanitize_string_script);
+    FOSSIL_TEST_ADD(c_input_suite, c_test_io_validate_sanitize_string_sql);
+    FOSSIL_TEST_ADD(c_input_suite, c_test_io_validate_sanitize_string_clean);
+    FOSSIL_TEST_ADD(c_input_suite, c_test_io_validate_is_suspicious_user_many_digits);
+    FOSSIL_TEST_ADD(c_input_suite, c_test_io_validate_is_suspicious_user_high_digit_ratio);
+    FOSSIL_TEST_ADD(c_input_suite, c_test_io_validate_is_suspicious_user_contains_test);
+    FOSSIL_TEST_ADD(c_input_suite, c_test_io_validate_is_suspicious_user_contains_fake);
+    FOSSIL_TEST_ADD(c_input_suite, c_test_io_validate_is_suspicious_user_entropy);
+
     FOSSIL_TEST_ADD(c_input_suite, c_test_io_register_keybinding_success);
     FOSSIL_TEST_ADD(c_input_suite, c_test_io_register_keybinding_duplicate);
     FOSSIL_TEST_ADD(c_input_suite, c_test_io_process_keybinding_no_binding);