Merge pull request #11 from vvMelody/develop

Improve code quality

core/requester.py

@@ -13,7 +13,8 @@ headers = {
 }
 
 def requester(url, scheme, origin):
+
     headers['Origin'] = scheme + origin
     response = requests.get(url, headers=headers, verify=False).headers
-	if 'Access-Control-Allow-Origin' in response:
+    return response.get('Access-Control-Allow-Origin', None)
-		return response['Access-Control-Allow-Origin']
+

core/tests.py

@@ -3,6 +3,7 @@ import time
 from core.utils import host
 from core.requester import requester
 
+
 def passive_tests(url, acao_header):
     root = host(url)
     if acao_header == '*':
@@ -14,46 +15,45 @@ def passive_tests(url, acao_header):
         elif url.startswith('http://'):
             return 'HTTP origin allowed'
         else:
-			return False
+            return None
     else:
         return 'Invalid value'
 
 def active_tests(url, root, scheme, delay):
     acao_header = requester(url, scheme, 'example.com')
-	if acao_header:
+    if acao_header and acao_header == (scheme + 'example.com'):
-		if acao_header == (scheme + 'example.com'):
             return 'Origin reflected'
     time.sleep(delay)
+
     acao_header = requester(url, scheme, root + '.example.com')
-	if acao_header:
+    if acao_header and acao_header == (scheme + root + '.example.com'):
-		if acao_header == (scheme + root + '.example.com'):
             return 'Post-domain wildcard'
     time.sleep(delay)
+
     acao_header = requester(url, scheme, 'd3v' + root)
-	if acao_header:
+    if acao_header and acao_header == (scheme + 'd3v' + root):
-		if acao_header == (scheme + 'd3v' + root):
             return 'Pre-domain wildcard'
     time.sleep(delay)
+
     acao_header = requester(url, '', 'null')
-	if acao_header:
+    if acao_header and acao_header == 'null':
-		if acao_header == 'null':
             return 'Null origin allowed'
     time.sleep(delay)
+
     acao_header = requester(url, scheme, root + '%60.example.com')
-	if acao_header:
+    if acao_header and '`.example.com' in acao_header:
-		if '`.example.com' in acao_header:
             return 'Broken parser'
+
     if root.count('.') > 1:
         time.sleep(delay)
         spoofed_root = root.replace('.', 'x', 1)
         acao_header = requester(url, scheme, spoofed_root)
-		if acao_header:
+        if acao_header and host(acao_header) == spoofed_root:
-			if host(acao_header) == spoofed_root:
                 return 'Unescaped regex'
         time.sleep(delay)
+
     acao_header = requester(url, 'http', root)
-	if acao_header:
+    if acao_header and acao_header.startswith('http://'):
-		if acao_header.startswith('http://'):
         return 'HTTP origin allowed'
     else:
         return passive_tests(url, acao_header)

core/utils.py

@@ -1,17 +1,11 @@
 import tld
 import json
 
-def load_file(path):
-    with open(path, 'r') as f:
-        result = [line.rstrip('\n').encode('utf-8').decode('utf-8') for line in f]
-    return '\n'.join(result)
 
 def host(string):
     if string and '*' not in string:
-		try:
+        return tld.get_fld(string, fix_protocol=True, fail_silently=True)
-			return tld.get_fld(string, fix_protocol=True)
-		except:
-			return False
 
 def load_json(file):
-	return json.loads(load_file('./db/details.json'))
+    with open(file) as f:
+        return json.load(f)

corsy.py

@@ -30,8 +30,7 @@ def cors(target, delay, scheme=False):
 		url = scheme + '://' + url
 	root = host(url)
 	parsed = urlparse(url)
-	netloc = parsed.netloc
+	netloc, scheme = parsed.netloc, parsed.scheme
-	scheme = parsed.scheme
 	url = scheme + '://' + netloc
 	active = active_tests(url, root, scheme, delay)
 	return active