def _is_token_concat(self, param_value, tokens):
"""
判断token是否被参数影响
Parameters:
param_value - str, 参数值
tokens - token列表,由iast.js的tokenize获取
Returns:
Boolean
"""
param_value = param_value.strip()
for token in tokens:
if len(token["text"]) >= len(param_value) and token["text"].find(
param_value) != -1:
return True
split_value = self._split_str_word(param_value)
if len(param_value) > 3:
for token in tokens:
for item in split_value:
if len(token["text"]) * len(item) < 10000:
if len(token["text"]) <= 3:
if param_value.find(token["text"]) != -1:
return True
else:
cs = common.lcs(token["text"], item)
if len(cs) > 3:
return True
elif len(token["text"]) >= len(
item) and token["text"].find(item) != -1:
return True
return False
def _is_url_concat(self, param_value, url):
"""
判断url是否被参数影响
Parameters:
param_value - str, 参数值
url - str, url
Returns:
Boolean
"""
try:
parse_result = urllib.parse.urlparse(url)
url_items = {
"scheme": parse_result.scheme,
"netloc": parse_result.netloc,
"path": parse_result.path,
"query": parse_result.query
}
except Exception as e:
Logger().warning(
"Invalid url found in url concat, url: {}".format(url))
return False
for key, value in url_items.items():
if len(value) == 0:
continue
if len(value) >= len(param_value) and value.find(
param_value) != -1:
return True
if len(value) < len(param_value) and param_value.find(value) != -1:
return True
if len(param_value) > 3:
for key in url_items:
path_part = url_items[key].replace("\\", "/").split("/")
split_value = self._split_str_word(param_value)
for item in split_value:
for part in path_part:
if len(part) * len(item) < 10000:
cs = common.lcs(part, item)
if len(cs) > 3:
return True
elif len(part) >= len(item) and part.find(item) != -1:
return True
return False
def _is_url_concat(self, param_value, url):
"""
判断url是否被参数影响
Parameters:
param_value - str, 参数值
url - str, url
Returns:
Boolean
"""
try:
parse_result = urllib.parse.urlparse(url)
url_items = {
"scheme": parse_result.scheme,
"netloc": parse_result.netloc,
"path": parse_result.path,
"query": parse_result.query
}
except Exception as e:
return False
if len(param_value) <= 3:
for key in url_items:
if url_items[key].find(param_value) != -1:
return True
else:
for key in url_items:
path_part = url_items[key].replace("\\", "/").split("/")
split_value = self._split_str_word(param_value)
for item in split_value:
for part in path_part:
if len(part) * len(item) < 10000:
cs = common.lcs(part, item)
if len(cs) > 3:
return True
elif len(part) >= len(item) and part.find(item) != -1:
return True
return False
