Exemplo n.º 1
0
    def test_explain_rule(self):
        rv = self.app.get('/sandbox/explain_rule/')
        self.assertEqual(rv.status_code, 302)
        self.assertEqual(urlparse(rv.location).path, '/sandbox/')

        _rule = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first()
        rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid + 1), follow_redirects=True)
        self.assertIn('Not rule with id {0}'.format(_rule.sid + 1), str(rv.data))

        rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid))
        self.assertEqual(rv.status_code, 200)
        self.assertIn(_rule.explain(), str(rv.data))

        rv = self.app.get('/sandbox/explain_rule/?rule=lol')
        self.assertEqual(rv.status_code, 302)
        self.assertEqual(urlparse(rv.location).path, '/sandbox/')

        data = 'MainRule "rx:^POUET$" "msg: sqli"  "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005 ;'
        rv = self.app.post('/sandbox/explain_rule/', data={'rule': data})
        self.assertEqual(rv.status_code, 200)
        _rule = NaxsiRules()
        _rule.parse_rule(data)
        self.assertIn(_rule.explain(), str(rv.data))

        data = 'MainRule "lol:^POUET$" "msg: sqli" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005 ;'
        rv = self.app.post('/sandbox/explain_rule/', data={'rule': data})
        self.assertEqual(rv.status_code, 200)
Exemplo n.º 2
0
    def test_explain_rule(self):
        rv = self.app.get('/sandbox/explain_rule/')
        self.assertEqual(rv.status_code, 302)
        self.assertEqual(urlparse(rv.location).path, '/sandbox/')

        _rule = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first()
        rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid +
                                                                   1),
                          follow_redirects=True)
        self.assertIn('Not rule with id {0}'.format(_rule.sid + 1),
                      str(rv.data))

        rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid))
        self.assertEqual(rv.status_code, 200)
        self.assertIn(_rule.explain(), str(rv.data))

        rv = self.app.get('/sandbox/explain_rule/?rule=lol')
        self.assertEqual(rv.status_code, 302)
        self.assertEqual(urlparse(rv.location).path, '/sandbox/')

        data = 'MainRule "rx:^POUET$" "msg: sqli"  "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005 ;'
        rv = self.app.post('/sandbox/explain_rule/', data={'rule': data})
        self.assertEqual(rv.status_code, 200)
        _rule = NaxsiRules()
        _rule.parse_rule(data)
        self.assertIn(_rule.explain(), str(rv.data))

        data = 'MainRule "lol:^POUET$" "msg: sqli" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005 ;'
        rv = self.app.post('/sandbox/explain_rule/', data={'rule': data})
        self.assertEqual(rv.status_code, 200)
Exemplo n.º 3
0
def explain_rule():
    errors = warnings = list()
    rule_get = request.args.get("rule", "")
    rule_post = request.form.get("rule", "")
    if rule_get.isdigit():  # explain a rule by id
        _rule = NaxsiRules.query.filter(NaxsiRules.sid == rule_get).first()
        if _rule is None:
            flash("Not rule with id %s" % rule_get)
            return redirect(url_for("sandbox.index"))
    elif rule_get is not "":
        flash("Please provide a numeric id")
        return redirect(url_for("sandbox.index"))
    elif not rule_post:
        flash("Please provide a rule")
        return redirect(url_for("sandbox.index"))
    else:
        _rule = NaxsiRules()
        errors, warnings, rdict = _rule.parse_rule(rule_post)
        _rule = NaxsiRules()
        _rule.from_dict(rdict)
        _rule.errors = errors
        _rule.warnings = warnings

        if _rule.errors:
            flash("You rule is wrong", "error")
            return render_template("misc/sandbox.html")

    if "visualise_rule" in request.form:
        if _rule.detection.startswith("rx:"):
            return redirect("https://regexper.com/#" + _rule.detection[3:])
        else:
            flash("The rule is not a regexp, so you can not visualize it.", category="error")

    if errors:
        for error in errors:
            flash(error, category="error")
    if warnings:
        for warnings in warnings:
            flash(warnings, category="warning")

    return render_template("misc/sandbox.html", rule_explaination=_rule.explain(), rule=_rule)
Exemplo n.º 4
0
def explain_rule():
    errors = warnings = list()
    rule_get = request.args.get('rule', '')
    rule_post = request.form.get("rule", '')
    if rule_get.isdigit():  # explain a rule by id
        _rule = NaxsiRules.query.filter(NaxsiRules.sid == rule_get).first()
        if _rule is None:
            flash('Not rule with id %s' % rule_get)
            return redirect(url_for("sandbox.index"))
    elif rule_get is not '':
        flash('Please provide a numeric id')
        return redirect(url_for("sandbox.index"))
    elif not rule_post:
        flash('Please provide a rule')
        return redirect(url_for("sandbox.index"))
    else:
        _rule = NaxsiRules()
        errors, warnings, rdict = _rule.parse_rule(rule_post)
        _rule = NaxsiRules()
        _rule.from_dict(rdict)
        _rule.errors = errors
        _rule.warnings = warnings

        if _rule.errors:
            flash('You rule is wrong', 'error')
            return render_template("misc/sandbox.html")

    if 'visualise_rule' in request.form:
        if _rule.detection.startswith('rx:'):
            return redirect('https://regexper.com/#' + _rule.detection[3:])
        else:
            flash('The rule is not a regexp, so you can not visualize it.', category='error')

    if errors:
        for error in errors:
            flash(error, category='error')
    if warnings:
        for warnings in warnings:
            flash(warnings, category='warning')

    return render_template("misc/sandbox.html", rule_explaination=_rule.explain(), rule=_rule)