XSStrike/core/jsContexter.py

import re

from core.config import xsschecker
from core.utils import stripper

def jsContexter(script):
    broken = script.split(xsschecker)
    pre = broken[0]
    pre = re.sub(r'(?s)\{.*?\}|(?s)\(.*?\)|(?s)".*?"|(?s)\'.*?\'', '', pre)
    breaker = ''
    num = 0
    for char in pre:
        if char == '{':
            breaker += '}'
        elif char == '(':
            breaker += ';)'
        elif char == '[':
            breaker += ']'
        elif char == '/':
            try:
                if pre[num + 1] == '*':
                    breaker += '/*'
            except IndexError:
                pass
        elif char == '}':
            breaker = stripper(breaker, '}')
        elif char == ')':
            breaker = stripper(breaker, ')')
        elif breaker == ']':
            breaker = stripper(breaker, ']')
        num += 1
    return breaker[::-1]
Add files via upload 2018-10-27 18:58:52 +05:30			`import re`
Fixed HTML comment context handling + Refactor 2018-11-15 15:41:01 +05:30
Add files via upload 2018-10-27 18:58:52 +05:30			`from core.config import xsschecker`
Fixed HTML comment context handling + Refactor 2018-11-15 15:41:01 +05:30			`from core.utils import stripper`
Add files via upload 2018-10-27 18:58:52 +05:30
			`def jsContexter(script):`
			`broken = script.split(xsschecker)`
			`pre = broken[0]`
			`pre = re.sub(r'(?s)\{.?\}\|(?s)\(.?\)\|(?s)".?"\|(?s)\'.?\'', '', pre)`
Rewritten to be more accurate 2018-10-28 23:56:12 +05:30			`breaker = ''`
Add files via upload 2018-10-27 18:58:52 +05:30			`num = 0`
			`for char in pre:`
			`if char == '{':`
Rewritten to be more accurate 2018-10-28 23:56:12 +05:30			`breaker += '}'`
Add files via upload 2018-10-27 18:58:52 +05:30			`elif char == '(':`
Rewritten to be more accurate 2018-10-28 23:56:12 +05:30			`breaker += ';)'`
Add files via upload 2018-10-27 18:58:52 +05:30			`elif char == '[':`
Rewritten to be more accurate 2018-10-28 23:56:12 +05:30			`breaker += ']'`
Add files via upload 2018-10-27 18:58:52 +05:30			`elif char == '/':`
			`try:`
			`if pre[num + 1] == '*':`
Rewritten to be more accurate 2018-10-28 23:56:12 +05:30			`breaker += '/*'`
Add files via upload 2018-10-27 18:58:52 +05:30			`except IndexError:`
			`pass`
Rewritten to be more accurate 2018-10-28 23:56:12 +05:30			`elif char == '}':`
			`breaker = stripper(breaker, '}')`
			`elif char == ')':`
			`breaker = stripper(breaker, ')')`
			`elif breaker == ']':`
			`breaker = stripper(breaker, ']')`
Add files via upload 2018-10-27 18:58:52 +05:30			`num += 1`
Fixed HTML comment context handling + Refactor 2018-11-15 15:41:01 +05:30			`return breaker[::-1]`