def url_fix(s, charset='utf-8'):
if isinstance(s, unicode):
s = s.encode(charset, 'ignore')
scheme, netloc, path, qs, anchor = urlparse.urlsplit(s)
path = urllib.quote(path, '/%')
qs = urllib.quote_plus(qs, ':&=')
return urlparse.urlunsplit((scheme, netloc, path, qs, anchor))
def url_fix(s, charset='utf-8'):
if isinstance(s, unicode):
s = s.encode(charset, 'ignore')
scheme, netloc, path, qs, anchor = urlparse.urlsplit(s)
path = urllib.quote(path, '/%')
qs = urllib.quote_plus(qs, ':&=')
return urlparse.urlunsplit((scheme, netloc, path, qs, anchor))
def YATSServer():
if hasattr(settings, 'SSO_SERVER'):
parts = list(urlparse.urlsplit(settings.SSO_SERVER))
parts[2] = ''
return urlparse.urlunsplit(parts)
else:
return ''
def referrer_path(meta, default=None):
referrer = meta.get("HTTP_REFERER")
if not referrer:
return default
parsed = urlparse.urlsplit(referrer)
next_domain = drop_subdomain(parsed.netloc)
cur_domain = drop_subdomain(meta.get("HTTP_HOST", ""))
if next_domain != cur_domain:
return default
return urlparse.urlunsplit(('', '') + parsed[2:])
def url_fix(
s,
charset='utf-8'
): #UTF-8 is one of the most commonly used encodings. UTF stands for “Unicode Transformation Format”, and the '8' means that 8-bit numbers are used in the encoding.
if isinstance(s, unicode):
s = s.encode(charset, 'ignore')
scheme, netloc, path, qs, anchor = urlparse.urlsplit(s)
path = urllib.quote(path, '/%') #for delimeter
qs = urllib.quote_plus(qs, ':&=') #python data structures key-value pairs
return urlparse.urlunsplit((scheme, netloc, path, qs, anchor))
def audit(arg):
Ii1iI = arg
Oo = urlparse(Ii1iI)
I1Ii11I1Ii1i = urlparse.urlunsplit((Oo.scheme, Oo.netloc, Oo.path, "", ""))
Oo0Ooo = urllib.parse.parse_qsl(Oo.query)
oo = ["__VIEWSTATE", "IbtnEnter.x", "IbtnEnter.y"]
for O0O0OO0O0O0, iiiii in Oo0Ooo:
if O0O0OO0O0O0 in oo:
continue
debug("[RDB] %s %s-", O0O0OO0O0O0, I1Ii11I1Ii1i)
IiII1I1i1i1ii = iI1(I1Ii11I1Ii1i, Oo0Ooo, O0O0OO0O0O0, iiiii)
if IiII1I1i1i1ii:
security_info(IiII1I1i1i1ii[1])
return
def XigniteGlobalRealTime_GetBar(token,
identifier,
identifierType,
endDateTime,
precision,
period,
secureRequest=None):
if dt.datetime_is_naive(endDateTime):
raise Exception("endDateTime must have a timezone")
# Parse the exchange from the identifier.
instrument, exchange = parse_instrument_exchange(identifier)
if secureRequest is None:
secureRequest = USE_SECURE_REQUESTS
if secureRequest:
scheme = "https"
else:
scheme = "http"
# print datetime_to_string(endDateTime, exchange)
params = {
"_Token": token,
"Identifier": identifier,
"IdentifierType": identifierType,
"EndTime": datetime_to_string(endDateTime, exchange),
"Precision": precision,
"Period": period,
}
parts = (scheme, "globalrealtime.xignite.com",
"v3/xGlobalRealTime.json/GetBar", urllib.urlencode(params), "")
url = urlparse.urlunsplit(parts)
ret = json_http_request(url)
if ret.get("Outcome") != "Success":
msg = ret.get("Message")
if msg is None:
msg = "Error %s" % (ret.get("Outcome"))
raise XigniteError(msg, ret)
return ret
def goto(self, href, method='get', **args):
"""
Monkeypatch the TestResponse.goto method so that it doesn't wipe out the
scheme and host.
"""
scheme, host, path, query, fragment = urlparse.urlsplit(href)
# We
fragment = ''
href = urlparse.urlunsplit((scheme, host, path, query, fragment))
href = urlparse.urljoin(self.request.url, href)
method = method.lower()
assert method in ('get', 'post'), (
'Only "get" or "post" are allowed for method (you gave %r)' % method)
if method == 'get':
method = self.test_app.get
else:
method = self.test_app.post
return method(href, **args)
def audit(arg):
I1I11I1I1I = arg
I1IiI = urlparse(I1I11I1I1I)
Oo000 = urlparse.urlunsplit((I1IiI.scheme,
I1IiI.netloc,
I1IiI.path,
"",
""))
o0OOO = urllib.parse.parse_qsl(I1IiI.query)
IIiIi11i1 = ["__VIEWSTATE", "IbtnEnter.x", "IbtnEnter.y"]
iIii1, oOOoO0, o0O0o0Oo, iiI1IiI, iiI1IiI = curl.curl(Oo000)
for iIiiiI, Iii1ii1II11i in o0OOO:
if iIiiiI in IIiIi11i1:
continue
if OOoIi1IIii11(Oo000, o0OOO, iIiiiI, Iii1ii1II11i, o0O0o0Oo):
return
iIii1, oOOoO0, O0OoO000O0OO, iiI1IiI, iiI1IiI = curl.curl(I1I11I1I1I)
iI1I111Ii111i = []
for OoOo in ["<\?[\r\n\s=]", "<\?php[\r\n\s=]", "<%[\r\n\s@]"]:
if not re.search(OoOo, O0OoO000O0OO):
iI1I111Ii111i.append(OoOo)
if not iI1I111Ii111i:
return
oOo0oooo00o = [".", "..", "../..", "../../..", "../../../..", "../../../../.."]
iIi1iIiii111 = []
oOoOO0 = I1IiI.path.split("/")[-1]
iIi1iIiii111.append(oOoOO0)
for IIi1i11111 in oOo0oooo00o:
iIi1iIiii111.append(IIi1i11111 + "/" + oOoOO0)
for IIi1i11111 in oOo0oooo00o:
iIi1iIiii111.append(IIi1i11111 + I1IiI.path)
for iIiiiI, Iii1ii1II11i in o0OOO:
if iIiiiI in IIiIi11i1:
continue
i11i1I1 = ""
if Iii1ii1II11i.find(".") != -1:
i11i1I1 = Iii1ii1II11i.split(".")[-1]
if oo(Oo000, o0OOO, iIiiiI, Iii1ii1II11i, set(iIi1iIiii111), i11i1I1, iI1I111Ii111i):
return
def run_validators(self, value):
if self.allow_plain_hostname:
try:
url_parts = urlparse.urlsplit(value)
if url_parts.hostname and '.' not in url_parts.hostname:
netloc = '{}.local'.format(url_parts.hostname)
if url_parts.port:
netloc = '{}:{}'.format(netloc, url_parts.port)
if url_parts.username:
if url_parts.password:
netloc = '{}:{}@{}' % (url_parts.username,
url_parts.password, netloc)
else:
netloc = '{}@{}' % (url_parts.username, netloc)
value = urlparse.urlunsplit([
url_parts.scheme, netloc, url_parts.path,
url_parts.query, url_parts.fragment
])
except Exception:
raise # If something fails here, just fall through and let the validators check it.
super(URLField, self).run_validators(value)
def read_url_post(url):
'''Transform a JSON contained in a file into an equivalent
nested python dict.
Parameters
----------
url : string
where to get the json.
Returns
-------
dict
Python version of the input
Note: if the input is a bare array or literal, for example,
the output will be of the corresponding type.
'''
urlp = urlparse.urlparse(url)
main_url = urlparse.urlunsplit(
(urlp.scheme, urlp.netloc, urlp.path, '', ''))
data = json.dumps(dict(urlparse.parse_qsl(urlp.query)))
handler = urllib_request.HTTPHandler()
opener = urllib_request.build_opener(handler)
request = urllib_request.Request(main_url, data)
request.add_header("Content-Type", 'application/json')
request.get_method = lambda: 'POST'
try:
response = opener.open(request)
except Exception as e:
response = e
if response.code == 200:
json_string = response.read()
else:
json_string = response.read()
return json.loads(json_string)
def read_url_post(url):
'''Transform a JSON contained in a file into an equivalent
nested python dict.
Parameters
----------
url : string
where to get the json.
Returns
-------
dict
Python version of the input
Note: if the input is a bare array or literal, for example,
the output will be of the corresponding type.
'''
urlp = urlparse.urlparse(url)
main_url = urlparse.urlunsplit(
(urlp.scheme, urlp.netloc, urlp.path, '', ''))
data = json.dumps(dict(urlparse.parse_qsl(urlp.query)))
handler = urllib_request.HTTPHandler()
opener = urllib_request.build_opener(handler)
request = urllib_request.Request(main_url, data)
request.add_header("Content-Type", 'application/json')
request.get_method = lambda: 'POST'
try:
response = opener.open(request)
except Exception as e:
response = e
if response.code == 200:
json_string = response.read()
else:
json_string = response.read()
return json.loads(json_string)
def audit(arg):
ooO0oooOoO0 = arg
II11i = urlparse(ooO0oooOoO0)
i1oOOoo00O0O = urlparse.urlunsplit((II11i.scheme, II11i.netloc, II11i.path, "", ""))
Oo0Ooo = urllib.parse.parse_qsl(II11i.query)
i1111 = ['__VIEWSTATE', 'IbtnEnter.x', 'IbtnEnter.y']
i11 = ["GET", "POST"]
for I11 in i11:
for O0O0OO0O0O0, iiiii in Oo0Ooo:
if O0O0OO0O0O0 in i1111:
continue
debug('[XSS] <%s> %s %s', I11, O0O0OO0O0O0, i1oOOoo00O0O)
Oo0o0000o0o0 = iI1(I11, i1oOOoo00O0O, Oo0Ooo, O0O0OO0O0O0, iiiii)
if Oo0o0000o0o0:
security_info('<%s> %s' % (I11, Oo0o0000o0o0[1]))
return
