BUGFIX - Only the nth occurence var is colored if dup vuln
parent
37887b7635
commit
bd2d77b6c9
|
@ -24,6 +24,7 @@ def analysis(path):
|
|||
matches = regex.findall(content)
|
||||
|
||||
for vuln_content in matches:
|
||||
occurence = 0
|
||||
|
||||
# Security hole detected, is it protected ?
|
||||
if check_protection(payload[2], vuln_content) == False:
|
||||
|
@ -34,6 +35,7 @@ def analysis(path):
|
|||
regax = re.compile(regex_indicators[2:-2])
|
||||
for vulnerable_var in regax.findall(sentence):
|
||||
false_positive = False
|
||||
occurence += 1
|
||||
|
||||
# No declaration for $_GET, $_POST ...
|
||||
if check_exception(vulnerable_var[1]) == False:
|
||||
|
@ -49,7 +51,7 @@ def analysis(path):
|
|||
if not false_positive:
|
||||
global result_count
|
||||
result_count = result_count + 1
|
||||
display(path, payload, vuln_content, line_vuln, declaration_text, line_declaration, vulnerable_var[1])
|
||||
display(path, payload, vuln_content, line_vuln, declaration_text, line_declaration, vulnerable_var[1], occurence)
|
||||
|
||||
|
||||
# Run thru every files and subdirectories
|
||||
|
|
31
functions.py
31
functions.py
|
@ -4,8 +4,35 @@ import os
|
|||
import re
|
||||
from indicators import *
|
||||
|
||||
# Replace the nth occurence of a string
|
||||
# From https://stackoverflow.com/questions/35091557/replace-nth-occurrence-of-substring-in-string
|
||||
def nth_replace(string, old, new, n=1, option='only nth'):
|
||||
"""
|
||||
This function replaces occurrences of string 'old' with string 'new'.
|
||||
There are three types of replacement of string 'old':
|
||||
1) 'only nth' replaces only nth occurrence (default).
|
||||
2) 'all left' replaces nth occurrence and all occurrences to the left.
|
||||
3) 'all right' replaces nth occurrence and all occurrences to the right.
|
||||
"""
|
||||
if option == 'only nth':
|
||||
left_join = old
|
||||
right_join = old
|
||||
elif option == 'all left':
|
||||
left_join = new
|
||||
right_join = old
|
||||
elif option == 'all right':
|
||||
left_join = old
|
||||
right_join = new
|
||||
else:
|
||||
print("Invalid option. Please choose from: 'only nth' (default), 'all left' or 'all right'")
|
||||
return None
|
||||
groups = string.split(old)
|
||||
nth_split = [left_join.join(groups[:n]), right_join.join(groups[n:])]
|
||||
return new.join(nth_split)
|
||||
|
||||
|
||||
# Display the found vulnerability with basic informations like the line
|
||||
def display(path,payload,vulnerability,line,declaration_text,declaration_line, colored):
|
||||
def display(path,payload,vulnerability,line,declaration_text,declaration_line, colored, occurence):
|
||||
|
||||
# Potential vulnerability found : SQL Injection
|
||||
header = "\033[1mPotential vulnerability found : \033[92m{}\033[0m".format(payload[1])
|
||||
|
@ -14,7 +41,7 @@ def display(path,payload,vulnerability,line,declaration_text,declaration_line, c
|
|||
line = "n°\033[92m{}\033[0m in {}".format(line,path)
|
||||
|
||||
# Code : include($_GET['patisserie'])
|
||||
vuln = ("".join(vulnerability)).replace(colored, "\033[93m"+colored+"\033[0m")
|
||||
vuln = nth_replace("".join(vulnerability), colored, "\033[93m"+colored+"\033[0m", occurence)
|
||||
vuln = "{}({})".format(payload[0], vuln)
|
||||
|
||||
# Final Display
|
||||
|
|
7
index.py
7
index.py
|
@ -5,12 +5,7 @@
|
|||
# How to use : python index.py --dir test
|
||||
# Educational purpose only !
|
||||
|
||||
# TODO afficher toutes les modifications de la variable -
|
||||
# TODO checker recursivement les vulns dans la déclaration d'une var
|
||||
# BUG color var['something']
|
||||
# BUG PGSQL : pg_pconnect / pg_connect detected
|
||||
# BUG nt des var et mettre en couleur la bonne plutôt que la première
|
||||
# BUG ex fct(occurence) et mettre en couleur la xieme occurence
|
||||
# TODO afficher toutes les modifications de la variable
|
||||
|
||||
import sys
|
||||
import argparse
|
||||
|
|
|
@ -37,7 +37,7 @@ payloads = [
|
|||
["mysqli_real_query","SQL Injection",["mysql_real_escape_string"]],
|
||||
["mysqli::query","SQL Injection",["mysql_real_escape_string"]],
|
||||
["mysqli_query","SQL Injection",["mysql_real_escape_string"]],
|
||||
["pg_query","SQL Injection",["pg_escape_string","pg_pconnect"]],
|
||||
["pg_query","SQL Injection",["pg_escape_string","pg_pconnect","pg_connect"]],
|
||||
["->query","SQL Injection",["->prepare"]],
|
||||
["->exec","SQL Injection",["->prepare"]],
|
||||
["->execute","SQL Injection",["->prepare"]],
|
||||
|
|
Loading…
Reference in New Issue