s0md3v/XSStrike
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
475 Commits 1 Branch 0 Tags
ab27955d367432f944d8f29897e09c15356e76f7
Commit Graph

24 Commits

Author SHA1 Message Date
Peter Chubb
3f46fee699 Fix syntax for Python 3.12 
Backslash needs escaping now.  Otherwise one sees:

.../XSStrike/core/dom.py:27: SyntaxWarning: invalid escape sequence '\$'
  controlledVariables.add(re.search(r'[a-zA-Z$_][a-zA-Z0-9$_]+', part).group().replace('$', '\$'))
.../XSStrike/core/dom.py:36: SyntaxWarning: invalid escape sequence '\$'
  controlledVariables.add(re.search(r'[a-zA-Z$_][a-zA-Z0-9$_]+', part).group().replace('$', '\$'))

Signed-off-by: Peter Chubb <Peter.Chubb@unsw.edu.au>
 2025-02-15 20:20:47 +11:00
s0md3v
9ba0b5ec53 fix #314 2022-03-20 15:41:58 +05:30
s0md3v
ba5c75bee7 bug fix round #1 2022-03-20 14:51:41 +05:30
Somdev Sangwan
509b98ea55 Merge pull request #294 from icepng/master 
fix dom.py allControlledVariables position
 2022-03-20 14:31:07 +05:30
icepng
ce231e4f8f fix dom.py allControlledVariables position 2020-03-05 15:25:43 +08:00
Fabian Foerg
fe81c53167 Fix DOM scanner on Windows/macOS/iOS 
The DOM scanner colors sources and sinks in script lines.  Moreover,
that scanner collects all colored lines:
0ecedc1bba/core/dom.py (L50)

As coloring is disabled on Windows, macOS, and iOS, no potentially
tainted lines will be collected on these platforms:
0ecedc1bba/core/colors.py (L8-L9)
Consequently, the report of potential DOM vulnerabilities is always
empty.

This change fixes this bug by surrounding sources and sinks with `*`
characters.

Also, this change removes unused colors imports.
 2019-12-30 17:10:40 -05:00
Somdev Sangwan
b5ef9979c6 Add files via upload 2019-11-01 00:23:25 +05:30
Somdev Sangwan
58066bbad3 Add files via upload 2019-10-31 18:36:50 +05:30
Somdev Sangwan
01cdf08a2c dom scanning hotfix 2019-04-19 10:17:35 +05:30
Somdev Sangwan
538ecea109 Add files via upload 2019-04-08 13:48:44 +05:30
Somdev Sangwan
d7f2a1bbf1 Add files via upload 2019-04-06 20:45:10 +05:30
Somdev Sangwan
3723a95db4 Fixed variables parsing, better highlighting 2019-01-12 09:39:46 +05:30
Somdev Sangwan
7ac73b94b9 Better variable name parsing (Resolves #182) 2019-01-03 18:23:10 +05:30
Somdev Sangwan
032ff47650 treat all user controlled variables as sources 2018-12-31 04:34:59 +05:30
Somdev Sangwan
51e07b5e95 no more weird characters while scanning DOM 2018-11-23 23:20:06 +05:30
Somdev Sangwan
d27eef116f Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30
Somdev Sangwan
614e47276c Fixed HTML comment context handling + Refactor 2018-11-15 15:41:01 +05:30
Somdev Sangwan
35a11487f5 potential fix for #93 2018-11-12 23:31:57 +05:30
Somdev Sangwan
59c5547a2b Update dom.py 2018-11-12 12:59:31 +05:30
Somdev Sangwan
ad71505327 fixed a bug in DOM scanning while crawling 2018-10-31 12:28:42 +05:30
Somdev Sangwan
0dfb25bc50 better regex for locating sources 2018-10-30 12:49:36 +05:30
Somdev Sangwan
0d3f25bbee Add files via upload 2018-10-27 18:58:52 +05:30
Somdev Sangwan
8109f3d309 Delete dom.py 2018-10-20 22:27:01 +05:30
Somdev Sangwan
ed0ae4132f Add files via upload 2018-10-20 22:21:15 +05:30