def buildElements(element):
jsDOM.removeNamespace(element)
ancestors = []
for ancestor in element.iterancestors():
ancestors.append( ancestor.tag )
ancestors.reverse()
if element.text and element.text.strip():
if element.tag == 'script':
scriptL.append( element.text.strip())
for key, value in element.items():
if key.lower() == 'name':
rawValue = ''
if element.text:
rawValue = element.text.strip()
elif key.lower() == 'contenttype':
if value in ['image/tif','image/tiff']:
pass
#logger.debug('Found a TIFF of size %s bytes'%(len(element.text)))
#logger.debug('\033[91m Potential TIFF Exploit.\033[0m');
elif value in ['application/x-javascript']:
# javascript placeholder. we know about this too.
pass
else:
#logger.debug("\033[91m Unhandled Content-Type found. Please review")
pass
index = 0
for childElement in element.getchildren():
if not (type(childElement) is etree._Element and childElement.tag):
continue
jsDOM.removeNamespace(childElement)
buildElements(childElement)
index += 1
def buildElements(element):
jsDOM.removeNamespace(element, self.logger)
ancestors = []
for ancestor in element.iterancestors():
ancestors.append( ancestor.tag )
ancestors.reverse()
if ancestors:
self.__executeJavaScript( "%s.%s = {}"%('.'.join(ancestors), element.tag) , isDom=is_dom)
else:
self.__executeJavaScript( "%s%s = {}"%('.'.join(ancestors), element.tag) , isDom=is_dom)
if element.text and element.text.strip():
if element.tag == 'script':
scriptL.append( element.text.strip())
#self.__executeJavaScript( "%s"%(element.text.strip()) )
else:
self.__executeJavaScript( "%s.%s = \"%s\""%('.'.join(ancestors), element.tag,element.text.strip()) , isDom=is_dom)
self.__executeJavaScript("var %s = {}; %s.rawValue=\"%s\";"%(element.tag, element.tag, element.text.strip()) ,isDom=is_dom)
for key, value in element.items():
if key.lower() == 'name':
rawValue = ''
if element.text:
rawValue = element.text.strip()
self.__executeJavaScript("var %s = {}; %s.rawValue=\"%s\";"%(value, value, rawValue), isDom=is_dom)
self.__xfa__monitoredFieldNames.add(value)
elif key.lower() == 'contenttype':
if value in ['image/tif','image/tiff']:
self.logger.debug('Found a TIFF of size %s bytes'%(len(element.text)))
self.logger.debug('\033[91m Potential TIFF Exploit.\033[0m');
elif value in ['application/x-javascript']:
# javascript placeholder. we know about this too.
pass
else:
self.logger.debug("\033[91m Unhandled Content-Type found. Please review")
index = 0
for childElement in element.getchildren():
if not (type(childElement) is etree._Element and childElement.tag):
continue
jsDOM.removeNamespace(childElement,self.logger)
if ancestors:
self.__executeJavaScript( "%s.%s.%s = {};" % ('.'.join(ancestors), element.tag, childElement.tag), isDom=is_dom)
self.__executeJavaScript( "%s.%s[%d] = {};" % ('.'.join(ancestors), element.tag, index) , isDom=is_dom)
self.__executeJavaScript( "%s.%s[%d].%s = {};" % ('.'.join(ancestors), element.tag, index, childElement.tag) , isDom=is_dom)
else:
self.__executeJavaScript( "%s%s.%s = {};" % ('.'.join(ancestors), element.tag, childElement.tag) , isDom=is_dom)
self.__executeJavaScript( "%s%s[%d] = {};" % ('.'.join(ancestors), element.tag, index) , isDom=is_dom)
self.__executeJavaScript( "%s%s[%d].%s = {};" % ('.'.join(ancestors), element.tag, index, childElement.tag) , isDom=is_dom)
buildElements(childElement)
index += 1
def buildElements(element):
jsDOM.removeNamespace(element)
ancestors = []
for ancestor in element.iterancestors():
ancestors.append(ancestor.tag)
ancestors.reverse()
if element.text and element.text.strip():
if element.tag == 'script':
scriptL.append(element.text.strip())
for key, value in element.items():
if key.lower() == 'name':
rawValue = ''
if element.text:
rawValue = element.text.strip()
elif key.lower() == 'contenttype':
if value in ['image/tif', 'image/tiff']:
pass
#logger.debug('Found a TIFF of size %s bytes'%(len(element.text)))
#logger.debug('\033[91m Potential TIFF Exploit.\033[0m');
elif value in ['application/x-javascript']:
# javascript placeholder. we know about this too.
pass
else:
#logger.debug("\033[91m Unhandled Content-Type found. Please review")
pass
index = 0
for childElement in element.getchildren():
if not (type(childElement) is etree._Element
and childElement.tag):
continue
jsDOM.removeNamespace(childElement)
buildElements(childElement)
index += 1
def buildElements(element):
jsDOM.removeNamespace(element, self.logger)
ancestors = []
for ancestor in element.iterancestors():
ancestors.append(ancestor.tag)
ancestors.reverse()
if ancestors:
self.__executeJavaScript("%s.%s = {}" %
('.'.join(ancestors), element.tag),
isDom=is_dom)
else:
self.__executeJavaScript("%s%s = {}" %
('.'.join(ancestors), element.tag),
isDom=is_dom)
if element.text and element.text.strip():
if element.tag == 'script':
scriptL.append(element.text.strip())
#self.__executeJavaScript( "%s"%(element.text.strip()) )
else:
self.__executeJavaScript("%s.%s = \"%s\"" %
('.'.join(ancestors), element.tag,
element.text.strip()),
isDom=is_dom)
self.__executeJavaScript(
"var %s = {}; %s.rawValue=\"%s\";" %
(element.tag, element.tag, element.text.strip()),
isDom=is_dom)
for key, value in element.items():
if key.lower() == 'name':
rawValue = ''
if element.text:
rawValue = element.text.strip()
self.__executeJavaScript(
"var %s = {}; %s.rawValue=\"%s\";" %
(value, value, rawValue),
isDom=is_dom)
self.__xfa__monitoredFieldNames.add(value)
elif key.lower() == 'contenttype':
if value in ['image/tif', 'image/tiff']:
self.logger.debug('Found a TIFF of size %s bytes' %
(len(element.text)))
self.logger.debug(
'\033[91m Potential TIFF Exploit.\033[0m')
elif value in ['application/x-javascript']:
# javascript placeholder. we know about this too.
pass
else:
self.logger.debug(
"\033[91m Unhandled Content-Type found. Please review"
)
index = 0
for childElement in element.getchildren():
if not (type(childElement) is etree._Element
and childElement.tag):
continue
jsDOM.removeNamespace(childElement, self.logger)
if ancestors:
self.__executeJavaScript(
"%s.%s.%s = {};" %
('.'.join(ancestors), element.tag, childElement.tag),
isDom=is_dom)
self.__executeJavaScript(
"%s.%s[%d] = {};" %
('.'.join(ancestors), element.tag, index),
isDom=is_dom)
self.__executeJavaScript("%s.%s[%d].%s = {};" %
('.'.join(ancestors), element.tag,
index, childElement.tag),
isDom=is_dom)
else:
self.__executeJavaScript(
"%s%s.%s = {};" %
('.'.join(ancestors), element.tag, childElement.tag),
isDom=is_dom)
self.__executeJavaScript(
"%s%s[%d] = {};" %
('.'.join(ancestors), element.tag, index),
isDom=is_dom)
self.__executeJavaScript("%s%s[%d].%s = {};" %
('.'.join(ancestors), element.tag,
index, childElement.tag),
isDom=is_dom)
buildElements(childElement)
index += 1