Fixed variables parsing, better highlighting

2019-01-12 09:39:46 +05:30
parent 7ac73b94b9
commit 3723a95db4
1 changed files with 43 additions and 39 deletions
--- a/core/dom.py
+++ b/core/dom.py
@@ -5,44 +5,48 @@ from core.colors import red, end, yellow

 def dom(response):
    highlighted = []
-    allControlledVariables = set()
-    response = response.split('\n')
-    sources = r"""location\.|\.([.\[]\s*["']?\s*arguments|dialogArguments|innerHTML|write|open|showModalDialog|cookie|URL|documentURI|baseURI|referrer|name|opener|parent|top|content|self|frames)[^\w\-]|(localStorage|sessionStorage|Database)[^\w\-]"""
-    sinks = r"""( (src|href|data|location|code|value|action)=)|(replace|assign|navigate|getResponseHeader|open|showModalDialog|eval|evaluate|execCommand|execScript|setTimeout|setInterval)\("""
-    num = 1
-    try:
-        for newLine in response:
-            line = newLine
-            parts = line.split('var ')
-            controlledVariables = set()
-            if len(parts) > 1:
-                for part in parts:
-                    for controlledVariable in allControlledVariables:
-                        if controlledVariable in part:
-                            controlledVariables.add(re.search(r'[a-zA-Z$_][a-zA-Z0-9$_]+', part).group().replace('$', '\$'))
-            pattern = re.findall(sources, newLine)
-            for grp in pattern:
-                source = ''.join(grp)
-                if source:
-                    parts = newLine.split('var ')
+    sources = r'''document\.(URL|documentURI|URLUnencoded|baseURI|cookie|referrer)|location\.(href|search|hash|pathname)|window\.name|history\.(pushState|replaceState)(local|session)Storage'''
+    sinks = r'''eval|evaluate|execCommand|assign|navigate|getResponseHeaderopen|showModalDialog|Function|set(Timeout|Interval|Immediate)|execScript|crypto.generateCRMFRequest|ScriptElement\.(src|text|textContent|innerText)|.*?\.onEventName|document\.(write|writeln)|.*?\.innerHTML|Range\.createContextualFragment|(document|window)\.location'''
+    scripts = re.findall(r'(?i)(?s)<scrip[^>]*(.*?)</script>', response)
+    for script in scripts:
+        script = script.split('\n')
+        num = 1
+        try:
+            for newLine in script:
+                line = newLine
+                parts = line.split('var ')
+                controlledVariables = set()
+                allControlledVariables = set()
+                if len(parts) > 1:
                    for part in parts:
-                        if source in part:
-                            controlledVariables.add(re.search(r'[a-zA-Z$_][a-zA-Z0-9$_]+', part).group().replace('$', '\$'))
-                    line = line.replace(source, yellow + source + end)
-            for controlledVariable in controlledVariables:
-                allControlledVariables.add(controlledVariable)
-            for controlledVariable in allControlledVariables:
-                matches = list(filter(None, re.findall(r'\b%s\b' % controlledVariable, line)))
-                if matches:
-                    line = re.sub(r'\b%s\b' % controlledVariable, yellow + controlledVariable + end, line)
-            pattern = re.findall(sinks, newLine)
-            for grp in pattern:
-                sink = ''.join(grp)
-                if sink:
-                    line = line.replace(sink, red + sink + end)
-            if line != newLine:
-                highlighted.append('%-3s %s' % (str(num), line.lstrip(' ')))
-            num += 1
-    except MemoryError:
-        pass
+                        for controlledVariable in allControlledVariables:
+                            if controlledVariable in part:
+                                controlledVariables.add(re.search(r'[a-zA-Z$_][a-zA-Z0-9$_]+', part).group().replace('$', '\$'))
+                pattern = re.finditer(sources, newLine)
+                for grp in pattern:
+                    if grp:
+                        source = newLine[grp.start():grp.end()].replace(' ', '')
+                        if source:
+                            if len(parts) > 1:
+                               for part in parts:
+                                    if source in part:
+                                        controlledVariables.add(re.search(r'[a-zA-Z$_][a-zA-Z0-9$_]+', part).group().replace('$', '\$'))
+                            line = line.replace(source, yellow + source + end)
+                for controlledVariable in controlledVariables:
+                    allControlledVariables.add(controlledVariable)
+                for controlledVariable in allControlledVariables:
+                    matches = list(filter(None, re.findall(r'\b%s\b' % controlledVariable, line)))
+                    if matches:
+                        line = re.sub(r'\b%s\b' % controlledVariable, yellow + controlledVariable + end, line)
+                pattern = re.finditer(sinks, newLine)
+                for grp in pattern:
+                    if grp:
+                        sink = newLine[grp.start():grp.end()].replace(' ', '')
+                        if sink:
+                            line = line.replace(sink, red + sink + end)
+                if line != newLine:
+                    highlighted.append('%-3s %s' % (str(num), line.lstrip(' ')))
+                num += 1
+        except MemoryError:
+            pass
    return highlighted