Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 1bf8939

Browse files
stamparmstamparm
committed
further updates
1 parent de6fa12 commit 1bf8939

4 files changed

Lines changed: 19 additions & 22 deletions

File tree

lib/controller/checks.py

Lines changed: 6 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -22,18 +22,16 @@
2222
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
2323
"""
2424

25-
import codecs
2625
import re
2726
import socket
2827
import time
2928

30-
from xml.dom import minidom
31-
3229
from lib.core.agent import agent
3330
from lib.core.common import getUnicode
3431
from lib.core.common import preparePageForLineComparison
3532
from lib.core.common import randomInt
3633
from lib.core.common import randomStr
34+
from lib.core.common import readXmlFile
3735
from lib.core.common import DynamicContentItem
3836
from lib.core.convert import md5hash
3937
from lib.core.data import conf
@@ -69,18 +67,12 @@ def checkSqlInjection(place, parameter, value, parenthesis):
6967
if conf.postfix:
7068
postfix = conf.postfix
7169

72-
f = codecs.open(paths.INJECTIONS_XML, 'r', conf.dataEncoding)
73-
injections = minidom.parse(f).documentElement
74-
f.close()
70+
injections = readXmlFile(paths.INJECTIONS_XML)
7571

7672
for case in injections.getElementsByTagName("case"):
7773
tag = case.getAttribute("tag")
7874
desc = case.getAttribute("desc")
7975

80-
infoMsg = "testing %s injection " % desc
81-
infoMsg += "on %s parameter '%s'" % (place, parameter)
82-
logger.info(infoMsg)
83-
8476
positive = case.getElementsByTagName("positive")[0]
8577
negative = case.getElementsByTagName("negative")[0]
8678

@@ -89,6 +81,10 @@ def checkSqlInjection(place, parameter, value, parenthesis):
8981

9082
if not prefix and not postfix and tag == "custom":
9183
continue
84+
85+
infoMsg = "testing %s injection " % desc
86+
infoMsg += "on %s parameter '%s'" % (place, parameter)
87+
logger.info(infoMsg)
9288

9389
payload = agent.payload(place, parameter, value, format % eval(params))
9490

lib/core/common.py

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@
4444
from tempfile import NamedTemporaryFile
4545
from tempfile import mkstemp
4646
from xml.etree import ElementTree as ET
47+
from xml.dom import minidom
4748
from xml.sax import parse
4849

4950
from extra.cloak.cloak import decloak
@@ -1218,13 +1219,21 @@ def getConsoleWidth(default=80):
12181219
return width if width else default
12191220

12201221
def parseXmlFile(xmlFile, handler):
1222+
checkFile(xmlFile)
12211223
xfile = codecs.open(xmlFile, 'rb', conf.dataEncoding)
12221224
content = xfile.read()
12231225
stream = StringIO(content)
12241226
parse(stream, handler)
12251227
stream.close()
12261228
xfile.close()
12271229

1230+
def readXmlFile(xmlFile):
1231+
checkFile(xmlFile)
1232+
xfile = codecs.open(xmlFile, 'r', conf.dataEncoding)
1233+
retVal = minidom.parse(xfile).documentElement
1234+
xfile.close()
1235+
return retVal
1236+
12281237
def calculateDeltaSeconds(start, epsilon=0.05):
12291238
"""
12301239
Returns elapsed time from start till now (including expected

lib/core/testing.py

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,6 @@
2121
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
2222
"""
2323

24-
import codecs
2524
import doctest
2625
import logging
2726
import os
@@ -31,12 +30,11 @@
3130
import tempfile
3231
import time
3332

34-
from xml.dom import minidom
35-
3633
from lib.controller.controller import start
3734
from lib.core.common import dataToStdout
3835
from lib.core.common import getCompiledRegex
3936
from lib.core.common import getConsoleWidth
37+
from lib.core.common import readXmlFile
4038
from lib.core.data import conf
4139
from lib.core.data import logger
4240
from lib.core.data import paths
@@ -112,9 +110,7 @@ def liveTest():
112110
count = 0
113111
global_ = {}
114112
vars_ = {}
115-
xfile = codecs.open(paths.LIVE_TESTS_XML, 'r', conf.dataEncoding)
116-
livetests = minidom.parse(xfile).documentElement
117-
xfile.close()
113+
livetests = readXmlFile(paths.LIVE_TESTS_XML)
118114
length = len(livetests.getElementsByTagName("case"))
119115

120116
element = livetests.getElementsByTagName("global")

lib/utils/detection.py

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -22,13 +22,11 @@
2222
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
2323
"""
2424

25-
import codecs
2625
import re
2726
import sre_constants
2827

29-
from xml.dom import minidom
30-
3128
from lib.core.common import getCompiledRegex
29+
from lib.core.common import readXmlFile
3230
from lib.core.data import conf
3331
from lib.core.data import paths
3432
from lib.core.data import logger
@@ -53,9 +51,7 @@ def checkPayload(string):
5351
global rules
5452

5553
if not rules:
56-
xfile = codecs.open(paths.DETECTION_RULES_XML, 'r', conf.dataEncoding)
57-
xmlrules = minidom.parse(xfile).documentElement
58-
xfile.close()
54+
xmlrules = readXmlFile(paths.DETECTION_RULES_XML)
5955
rules = []
6056

6157
for xmlrule in xmlrules.getElementsByTagName("filter"):

0 commit comments

Comments
 (0)