def audit(self, directive):
if directive.operand not in ['~', '~*', '!~', '!~*']:
# Not regexp
return
if directive.variable not in ['$http_referer', '$http_origin']:
# Not interesting
return
invalid_referers = set()
regexp = Regexp(directive.value, case_sensitive=(directive.operand in ['~', '!~']))
for value in regexp.generate('/', anchored=True):
if value.startswith('^'):
value = value[1:]
else:
value = 'http://evil.com/' + value
if value.endswith('$'):
value = value[:-1]
elif not value.endswith('/'):
value += '.evil.com'
valid = self.valid_re.match(value)
if not valid or valid.group('domain') == 'evil.com':
invalid_referers.add(value)
if invalid_referers:
invalid_referers = '", "'.join(invalid_referers)
name = 'origin' if directive.variable == '$http_origin' else 'referrer'
severity = gixy.severity.HIGH if directive.variable == '$http_origin' else gixy.severity.MEDIUM
reason = 'Regex matches "{value}" as a valid {name}.'.format(value=invalid_referers, name=name)
self.add_issue(directive=directive, reason=reason, severity=severity)
def test_gen_anchor():
reg = Regexp('^some$')
val = next(reg.generate('', anchored=False))
assert_equals(val, 'some')
reg = Regexp('^some$')
val = next(reg.generate('', anchored=True))
assert_equals(val, '^some$')
reg = Regexp('^some$', strict=True)
val = next(reg.generate('', anchored=False))
assert_equals(val, 'some')
reg = Regexp('^some$', strict=True)
val = next(reg.generate('', anchored=True))
assert_equals(val, '^some$')
def validate():
body = request.get_json()
regex = body.get('regex', '')
danger = body.get('danger', 'a')[:1]
try:
regex = Regexp(regex)
values = regex.generate(char=danger, anchored=True)
result = {'status': 'ok', 'result': [x for x in values]}
except Exception as e:
result = {
'status': 'failed',
'error': 'Error occurred: {}'.format(str(e))
}
return Response(response=json.dumps(result),
status=200,
mimetype='application/json')
def check_generate(regexp, values):
reg = Regexp(regexp)
assert_equals(sorted(reg.generate('|', anchored=True)), sorted(values))
def test_strict_generate():
reg = Regexp('^foo|bar', strict=True)
assert_equals(sorted(reg.generate('|', anchored=True)),
sorted({'^foo', '^bar'}))