def setup(self):
first_path = self.prefix + (self.calibration if self.calibration else
RandomUtils.rand_string()) + self.suffix
first_response = self.requester.request(first_path)
self.invalid_status = first_response.status
if self.invalid_status == 404:
# Using the response status code is enough :-}
return
second_path = self.prefix + (self.calibration if self.calibration else
RandomUtils.rand_string(
omit=first_path)) + self.suffix
second_response = self.requester.request(second_path)
# Look for redirects
if first_response.redirect and second_response.redirect:
self.redirect_reg_exp = self.generate_redirect_reg_exp(
first_response.redirect,
first_path,
second_response.redirect,
second_path,
)
# Analyze response bodies
if first_response.body is not None and second_response.body is not None:
self.dynamic_parser = DynamicContentParser(self.requester,
first_path,
first_response.body,
second_response.body)
else:
self.dynamic_parser = None
self.ratio = float("{0:.2f}".format(
self.dynamic_parser.comparisonRatio)) # Rounding to 2 decimals
# The wildcard response is static
if self.ratio == 1:
pass
# Adjusting ratio based on response length
elif len(first_response) < 100:
self.ratio -= 0.1
elif len(first_response) < 500:
self.ratio -= 0.05
elif len(first_response) < 2000:
self.ratio -= 0.02
else:
self.ratio -= 0.01
# If the path is reflected in response, decrease the ratio. Because
# the difference between path lengths can reduce the similarity ratio
if first_path in first_response.body.decode(
) and len(first_response) < 100000:
self.ratio -= 0.1
def setup(self):
first_path = self.prefix + (
self.calibration if self.calibration else RandomUtils.rand_string()
) + self.suffix
first_response = self.requester.request(first_path)
self.invalid_status = first_response.status
if self.invalid_status == 404:
# Using the response status code is enough :-}
return
second_path = self.prefix + (
self.calibration if self.calibration else RandomUtils.rand_string(omit=first_path)
) + self.suffix
second_response = self.requester.request(second_path)
# Look for redirects
if first_response.redirect and second_response.redirect:
self.redirect_reg_exp = self.generate_redirect_reg_exp(
first_response.redirect, first_path,
second_response.redirect, second_path,
)
# Analyze response bodies
if first_response.body is not None and second_response.body is not None:
self.dynamic_parser = DynamicContentParser(
self.requester, first_path, first_response.body, second_response.body
)
else:
self.dynamic_parser = None
base_ratio = float(
"{0:.2f}".format(self.dynamic_parser.comparisonRatio)
) # Rounding to 2 decimals
# If response length is small, adjust ratio
if len(first_response) < 500:
base_ratio -= 0.15
elif len(first_response) < 2000:
base_ratio -= 0.1
if base_ratio < self.ratio:
self.ratio = base_ratio
def generate_redirect_reg_exp(self, first_loc, first_path, second_loc, second_path):
# Use a unique sign to locate where the path gets reflected in the redirect
self.sign = RandomUtils.rand_string(n=20)
first_loc = first_loc.replace(first_path, self.sign)
second_loc = second_loc.replace(second_path, self.sign)
reg_exp_start = "^"
reg_exp_end = "$"
for f, s in zip(first_loc, second_loc):
if f == s:
reg_exp_start += re.escape(f)
else:
reg_exp_start += ".*"
break
if reg_exp_start.endswith(".*"):
for f, s in zip(first_loc[::-1], second_loc[::-1]):
if f == s:
reg_exp_end = re.escape(f) + reg_exp_end
else:
break
return unquote(reg_exp_start + reg_exp_end)
