def request_and_verify(case):
vul = case.vul
method = case.method
url = case.url
headers = case.headers
body = case.body
args = case.args
old_param = args[2]
old_value = args[3]
print 'Verify case use:\n%s' % url
# time out
with gevent.Timeout(20, False) as t:
resp = make_request(method, url, headers, body)
if resp:
if Verify.verify(resp, args):
poc = gen_poc(method, url, body, old_param, old_value)
print_warn('Found %s in %s' % (vul, poc))
result = (vul, url, poc)
return result
# count++ when error happened
else:
Verify.ERROR_COUNT += 1
def request_and_verify(case):
vul = case.vul
method = case.method
url = case.url
headers = case.headers
body = case.body
args = case.args
old_param = args[2]
old_value = args[3]
LOGGER.info('Verify: %s' % url)
# time out
with gevent.Timeout(20, False) as t:
resp = make_request(method, url, headers, body)
if resp:
if Verify.verify(resp, args):
poc = gen_poc(method, url, body, old_param, old_value)
LOGGER.critical(
'Found cross-site script vulnerability(%s) in %s' %
(vul, poc))
result = (vul, url, poc)
return result
# count++ when error happened
else:
Verify.ERROR_COUNT += 1
('Render get()', url, 'BadStatusLine'))
splited = url.split('/', 3)
path = '/'.join(splited)
blocked_urls.append(path)
except UnicodeDecodeError:
pass
else:
try:
page_source = browser.page_source
# handle alert
except UnexpectedAlertPresentException:
alert = browser.switch_to_alert()
alert.accept()
page_source = browser.page_source
if Verify.verify(page_source, args):
poc = gen_poc('GET', url, '')
result = (vul, url, poc)
openner_result.append(result)
# must close the browser.
browser.quit()
@staticmethod
def verify_with_browser(browser_type, case_list, process_num):
open_task = []
i = len(case_list)
k = 0
if i > process_num:
j = i / process_num
for i in range(process_num):
if i == process_num - 1:
cases = case_list[k:]