def generate_redirect_reg_exp(self, first_loc, first_path, second_loc,
second_path):
# Use a unique sign to locate where the path gets reflected in the redirect
self.sign = rand_string(n=20)
first_loc = first_loc.replace(first_path, self.sign)
second_loc = second_loc.replace(second_path, self.sign)
self.redirect_parser = SimilarityParser(first_loc, second_loc)
self.redirect_parser.unquote = True
self.redirect_parser.ignorecase = True
def setup(self):
"""
Generate wildcard response information containers, this will be
used to compare with other path responses
"""
first_path = (self.prefix +
(self.custom or rand_string(TEST_PATH_LENGTH)) +
self.suffix)
first_response = self.requester.request(first_path)
self.response = first_response
if self.response.status == 404:
# Using the response status code is enough :-}
return
duplicate = self.get_duplicate(first_response)
# Another test was performed before and has the same response as this
if duplicate:
self.content_parser = duplicate.content_parser
self.wildcard_redirect_regex = duplicate.wildcard_redirect_regex
return
second_path = (
self.prefix +
(self.custom or rand_string(TEST_PATH_LENGTH, omit=first_path)) +
self.suffix)
second_response = self.requester.request(second_path)
if first_response.redirect and second_response.redirect:
self.wildcard_redirect_regex = self.generate_redirect_regex(
first_response.redirect,
first_path,
second_response.redirect,
second_path,
)
self.content_parser = DynamicContentParser(first_response.content,
second_response.content)
def setup(self):
first_path = self.prefix + (self.calibration if self.calibration else
rand_string()) + self.suffix
first_response = self.requester.request(first_path)
self.response = first_response
if self.response.status == 404:
# Using the response status code is enough :-}
return
duplicate = self.duplicate(first_response)
if duplicate:
# Another test had been performed and shows the same response as this
self.ratio = duplicate.ratio
self.dynamic_parser = duplicate.dynamic_parser
self.redirect_parser = duplicate.redirect_parser
self.sign = duplicate.sign
return
second_path = self.prefix + (self.calibration
if self.calibration else rand_string(
omit=first_path)) + self.suffix
second_response = self.requester.request(second_path)
if first_response.redirect and second_response.redirect:
self.generate_redirect_reg_exp(
first_response.redirect,
first_path,
second_response.redirect,
second_path,
)
# Analyze response bodies
if first_response.body is not None and second_response.body is not None:
self.dynamic_parser = DynamicContentParser(self.requester,
first_path,
first_response.body,
second_response.body)
else:
self.dynamic_parser = None
self.ratio = float("{0:.2f}".format(
self.dynamic_parser.comparisonRatio)) # Rounding to 2 decimals
# The wildcard response is static
if self.ratio == 1:
pass
# Adjusting ratio based on response length
elif len(first_response) < 100:
self.ratio -= 0.1
elif len(first_response) < 500:
self.ratio -= 0.05
elif len(first_response) < 2000:
self.ratio -= 0.02
else:
self.ratio -= 0.01
"""
If the path is reflected in response, decrease the ratio. Because
the difference between path lengths can reduce the similarity ratio
"""
if first_path in first_response.body.decode():
if len(first_response) < 200:
self.ratio -= 0.15 + 15 / len(first_response)
elif len(first_response) < 800:
self.ratio -= 0.06 + 30 / len(first_response)
elif len(first_response) < 5000:
self.ratio -= 0.03 + 80 / len(first_response)
elif len(first_response) < 20000:
self.ratio -= 0.02 + 200 / len(first_response)
else:
self.ratio -= 0.01