def test_explain_rule(self): rv = self.app.get('/sandbox/explain_rule/') self.assertEqual(rv.status_code, 302) self.assertEqual(urlparse(rv.location).path, '/sandbox/') _rule = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first() rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid + 1), follow_redirects=True) self.assertIn('Not rule with id {0}'.format(_rule.sid + 1), str(rv.data)) rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid)) self.assertEqual(rv.status_code, 200) self.assertIn(_rule.explain(), str(rv.data)) rv = self.app.get('/sandbox/explain_rule/?rule=lol') self.assertEqual(rv.status_code, 302) self.assertEqual(urlparse(rv.location).path, '/sandbox/') data = 'MainRule "rx:^POUET$" "msg: sqli" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005 ;' rv = self.app.post('/sandbox/explain_rule/', data={'rule': data}) self.assertEqual(rv.status_code, 200) _rule = NaxsiRules() _rule.parse_rule(data) self.assertIn(_rule.explain(), str(rv.data)) data = 'MainRule "lol:^POUET$" "msg: sqli" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005 ;' rv = self.app.post('/sandbox/explain_rule/', data={'rule': data}) self.assertEqual(rv.status_code, 200)
def test_explain_rule(self): rv = self.app.get('/sandbox/explain_rule/') self.assertEqual(rv.status_code, 302) self.assertEqual(urlparse(rv.location).path, '/sandbox/') _rule = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first() rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid + 1), follow_redirects=True) self.assertIn('Not rule with id {0}'.format(_rule.sid + 1), str(rv.data)) rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid)) self.assertEqual(rv.status_code, 200) self.assertIn(_rule.explain(), str(rv.data)) rv = self.app.get('/sandbox/explain_rule/?rule=lol') self.assertEqual(rv.status_code, 302) self.assertEqual(urlparse(rv.location).path, '/sandbox/') data = 'MainRule "rx:^POUET$" "msg: sqli" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005 ;' rv = self.app.post('/sandbox/explain_rule/', data={'rule': data}) self.assertEqual(rv.status_code, 200) _rule = NaxsiRules() _rule.parse_rule(data) self.assertIn(_rule.explain(), str(rv.data)) data = 'MainRule "lol:^POUET$" "msg: sqli" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005 ;' rv = self.app.post('/sandbox/explain_rule/', data={'rule': data}) self.assertEqual(rv.status_code, 200)
def explain_rule(): errors = warnings = list() rule_get = request.args.get("rule", "") rule_post = request.form.get("rule", "") if rule_get.isdigit(): # explain a rule by id _rule = NaxsiRules.query.filter(NaxsiRules.sid == rule_get).first() if _rule is None: flash("Not rule with id %s" % rule_get) return redirect(url_for("sandbox.index")) elif rule_get is not "": flash("Please provide a numeric id") return redirect(url_for("sandbox.index")) elif not rule_post: flash("Please provide a rule") return redirect(url_for("sandbox.index")) else: _rule = NaxsiRules() errors, warnings, rdict = _rule.parse_rule(rule_post) _rule = NaxsiRules() _rule.from_dict(rdict) _rule.errors = errors _rule.warnings = warnings if _rule.errors: flash("You rule is wrong", "error") return render_template("misc/sandbox.html") if "visualise_rule" in request.form: if _rule.detection.startswith("rx:"): return redirect("https://regexper.com/#" + _rule.detection[3:]) else: flash("The rule is not a regexp, so you can not visualize it.", category="error") if errors: for error in errors: flash(error, category="error") if warnings: for warnings in warnings: flash(warnings, category="warning") return render_template("misc/sandbox.html", rule_explaination=_rule.explain(), rule=_rule)
def explain_rule(): errors = warnings = list() rule_get = request.args.get('rule', '') rule_post = request.form.get("rule", '') if rule_get.isdigit(): # explain a rule by id _rule = NaxsiRules.query.filter(NaxsiRules.sid == rule_get).first() if _rule is None: flash('Not rule with id %s' % rule_get) return redirect(url_for("sandbox.index")) elif rule_get is not '': flash('Please provide a numeric id') return redirect(url_for("sandbox.index")) elif not rule_post: flash('Please provide a rule') return redirect(url_for("sandbox.index")) else: _rule = NaxsiRules() errors, warnings, rdict = _rule.parse_rule(rule_post) _rule = NaxsiRules() _rule.from_dict(rdict) _rule.errors = errors _rule.warnings = warnings if _rule.errors: flash('You rule is wrong', 'error') return render_template("misc/sandbox.html") if 'visualise_rule' in request.form: if _rule.detection.startswith('rx:'): return redirect('https://regexper.com/#' + _rule.detection[3:]) else: flash('The rule is not a regexp, so you can not visualize it.', category='error') if errors: for error in errors: flash(error, category='error') if warnings: for warnings in warnings: flash(warnings, category='warning') return render_template("misc/sandbox.html", rule_explaination=_rule.explain(), rule=_rule)