TODO List updated - check_declaration will be created
parent
c78a7d950d
commit
6588cb094a
|
@ -34,9 +34,9 @@ def check_exception(match):
|
|||
# Analyse the source code of a single page
|
||||
def analysis(path):
|
||||
with open(path, 'r') as content_file:
|
||||
content = content_file.read()
|
||||
|
||||
# Clean source for a better detection
|
||||
content = content_file.read()
|
||||
content = clean_source_and_format(content)
|
||||
|
||||
# Detection of RCE/SQLI/LFI/RFI/RFU/XSS
|
||||
|
@ -51,9 +51,11 @@ def analysis(path):
|
|||
line_declaration = ""
|
||||
|
||||
if check_exception(vuln[1]) == False:
|
||||
|
||||
# TODO check_declaration(content, vuln[1])
|
||||
# Parse include and content = include_content + content
|
||||
regex_declaration = re.compile("\$"+vuln[1][1:]+"([\t ]*)=(?!=)(.*)")
|
||||
declaration = regex_declaration.findall(content)
|
||||
declaration = regex_declaration.findall(content)
|
||||
|
||||
if len(declaration)>0:
|
||||
declaration_text = "$"+vuln[1][1:] +declaration[0][0]+"="+declaration[0][1]
|
||||
line_declaration = find_line_declaration(declaration_text, content)
|
||||
|
|
5
index.py
5
index.py
|
@ -5,8 +5,11 @@
|
|||
# How to use : python index.py --dir test
|
||||
# Educational purpose only !
|
||||
|
||||
# TODO Parcourir les fichiers en recursif avec les includes et afficher toutes les modifications de la variable - detecter les constantes
|
||||
# TODO remonter les includes (parse include/require xxx , chercher son contenu et l'ajouter au debut du content actuel)
|
||||
# TODO afficher toutes les modifications de la variable -
|
||||
# TODO enlever les faux positifs : constantes
|
||||
# BUG variable multiple
|
||||
# BUG color var['something']
|
||||
|
||||
import sys
|
||||
import argparse
|
||||
|
|
Loading…
Reference in New Issue