/*

  Copyright 2016-2017 David Anderson. All rights reserved.

  This program is free software; you can redistribute it and/or modify it

  under the terms of version 2 of the GNU General Public License as

  published by the Free Software Foundation.

  This program is distributed in the hope that it would be useful, but

  WITHOUT ANY WARRANTY; without even the implied warranty of

  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

  Further, this software is distributed without any warranty that it is

  free of the rightful claim of any third person regarding infringement

  or the like.  Any license provided herein, whether implied or

  otherwise, applies only to this software file.  Patent licenses, if

  any, provided herein do not apply to combinations of this program with

  other software, or any other product whatsoever.

  You should have received a copy of the GNU General Public License along

  with this program; if not, write the Free Software Foundation, Inc., 51

  Franklin Street - Fifth Floor, Boston MA 02110-1301, USA.

*/

#include "globals.h"

#include "naming.h"

#include "dwconf.h"

#include "esb.h"

/*  This does a uri-style conversion of control characters.

    So  SOH prints as %01 for example.

    Which stops corrupted or crafted strings from

    doing things to the terminal the string is routed to.

    We do not translate an input % to %% (as in real uri)

    as that would be a bit confusing for most readers.

    The conversion makes it possble to print UTF-8 strings

    reproducibly, sort of (not showing the

    real glyph!).

    Only call this in a printf or sprintf, and

    only call it once in any single printf/sprintf.

    Othewise you will get bogus results and confusion. */

/* ASCII control codes:

We leave newline as is, NUL is end of string,

the others are translated.

NUL Null             0  00              Ctrl-@ ^@

SOH Start of heading 1  01      Alt-1   Ctrl-A ^A

STX Start of text    2  02      Alt-2   Ctrl-B ^B

ETX End of text	     3  03      Alt-3   Ctrl-C ^C

EOT End of transmission	4 04    Alt-4   Ctrl-D ^D

ENQ Enquiry          5    05    Alt-5   Ctrl-E ^E

ACK Acknowledge	     6    06    Alt-6   Ctrl-F ^F

BEL Bell             7    07    Alt-7   Ctrl-G ^G

BS  Backspace        8    08    Alt-8   Ctrl-H ^H

HT  Horizontal tab   9    09    Alt-9   Ctrl-I ^I

LF  Line feed       10    0A    Alt-10  Ctrl-J ^J

VT  Vertical tab    11    0B    Alt-11  Ctrl-K ^K

FF  Form feed       12    0C    Alt-12  Ctrl-L ^L

CR  Carriage return 13    0D    Alt-13  Ctrl-M ^M

SO  Shift out       14    0E    Alt-14  Ctrl-N ^N

SI  Shift in        15    0F    Alt-15	Ctrl-O ^O

DLE Data line escape 16   10    Alt-16  Ctrl-P ^P

DC1 Device control 1 17   11    Alt-17  Ctrl-Q ^Q

DC2 Device control 2 18   12    Alt-18  Ctrl-R ^R

DC3 Device control 3 19   13    Alt-19  Ctrl-S ^S

DC4 Device control 4 20   14    Alt-20  Ctrl-T ^T

NAK Negative acknowledge 21 15  Alt-21  Ctrl-U ^U

SYN Synchronous idle 22   16    Alt-22  Ctrl-V ^V

ETB End transmission block 23 17 Alt-23 Ctrl-W ^W

CAN Cancel              24 18   Alt-24  Ctrl-X ^X

EM  End of medium       25 19   Alt-25  Ctrl-Y ^Y

SU  Substitute          26 1A   Alt-26  Ctrl-Z ^Z

ES  Escape              27 1B   Alt-27  Ctrl-[ ^[

FS  File separator      28 1C   Alt-28  Ctrl-\ ^\

GS  Group separator     29 1D   Alt-29  Ctrl-] ^]

RS  Record separator    30 1E   Alt-30  Ctrl-^ ^^

US  Unit separator      31 1F   Alt-31  Ctrl-_ ^_

In addition,  characters decimal 141, 157, 127,128, 129

143,144,157

appear to be questionable too.

Not in iso-8859-1 nor in html character entities list.

We translate all strings with a % to do sanitizing and

we change a literal ASCII '%' char to %27 so readers

know any % is a sanitized char. We could double up

a % into %% on output, but switching to %27 is simpler

and for readers and prevents ambiguity.

Since we do not handle utf-8 properly nor detect it

we turn all non-ASCII to %xx below.

*/

static struct esb_s localesb = {0,0,0};

#define FALSE 0

#define TRUE 1

boolean no_sanitize_string_garbage = FALSE;

/*  This is safe to use because it is only

    callable here and we copy the value

    returned in the static buffer

    to a safe spot immediately. */

static const char *

as_number(int c)

{

    static char tmpbuf[4];

    snprintf(tmpbuf,sizeof(tmpbuf),"%%%02x",c & 0xff);

    return tmpbuf;

}

/*  do_sanity_insert() and no_questionable_chars()

    absolutely must have the same idea of

    questionable characters.  Be Careful.  */

static void

do_sanity_insert( const char *s,struct esb_s *mesb)

{

    const char *cp = s;

    for( ; *cp; cp++) {

        unsigned c = *cp & 0xff ;

        if (c >= 0x20 && c <=0x7e) {

            /* Usual case, ASCII printable characters. */

            esb_appendn(mesb,cp,1);

            continue;

        }

        if (c == '%') {

            /* %xx for this too. Simple and unambiguous */

            esb_append(mesb,as_number(c));

            continue;

        }

#ifdef _WIN32

        if (c == 0x0D) {

            esb_appendn(mesb,cp,1);

            continue;

        }

#endif /* _WIN32 */

        if (c < 0x20) {

            esb_append(mesb,as_number(c));

            continue;

        }

        if (c >= 0x7f) {

            /* ISO-8859 or UTF-8. Not handled well yet. */

            esb_append(mesb,as_number(c));

            continue;

        }

        esb_appendn(mesb,cp,1);

    }

}

/*  This routine improves overall dwarfdump

    run times a lot by separating strings

    that might print badly from strings that

    will print fine.

    In one large test case it reduces run time

    from 140 seconds to 13 seconds. */

static int

no_questionable_chars(const char *s) {

    const char *cp = s;

    for( ; *cp; cp++) {

        unsigned c = *cp & 0xff ;

        if (c >= 0x20 && c <=0x7e) {

            /* Usual case, ASCII printable characters */

            continue;

        }

#ifdef _WIN32

        if (c == 0x0D) {

            continue;

        }

#endif /* _WIN32 */

        if (c == 0x0A || c == 0x09 ) {

            continue;

        }

        if (c == '%') {

            /* Always sanitize a % ASCII char. */

            return FALSE;

        }

        if (c < 0x20) {

            return FALSE;

        }

        if (c >= 0x7f) {

            /*  This notices iso-8859 and UTF-8

                data as we don't deal with them

                properly in dwarfdump. */

            return FALSE;

        }

    }

    return TRUE;

}

void

sanitized_string_destructor(void)

{

    esb_destructor(&localesb);

}

const char *

sanitized(const char *s)

{

    const char *sout = 0;

    if (no_sanitize_string_garbage) {

        return s;

    }

    if (no_questionable_chars(s)) {

        /*  The original string is safe as is. */

        return s;

    }

    /*  Using esb_destructor is quite expensive in cpu time

        when we build the next sanitized string

        so we just empty the localesb.

        One reason it's expensive is that we do the appends

        in such small batches in do_sanity-insert().

        */

    esb_empty_string(&localesb);

    do_sanity_insert(s,&localesb);

    sout = esb_get_string(&localesb);

    return sout;

}