improvement of reflective mechanism

2025-02-03 13:14:13 +03:00 · 2012-04-11 08:58:03 +00:00 · 2012-04-11 08:58:03 +00:00 · 2e92d8636e
commit 2e92d8636e
parent 60ca44e0cf
1 changed files with 27 additions and 24 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -2645,17 +2645,20 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
        payload = getUnicode(urldecode(payload.replace(PAYLOAD_DELIMITER, '')))
        regex = _(filterStringValue(payload, r'[A-Za-z0-9]', REFLECTED_REPLACEMENT_REGEX.encode("string-escape")))

-        if all(part.lower() in content.lower() for part in regex.split(REFLECTED_REPLACEMENT_REGEX)):  # fast optimization check
+        if regex != payload:
+            regex = re.sub(r"\A([A-Za-z0-9]+)", r"(\1)?", regex)
+
+            if all(part.lower() in content.lower() or part.endswith(')?') for part in regex.split(REFLECTED_REPLACEMENT_REGEX)):  # fast optimization check
                parts = regex.split(REFLECTED_REPLACEMENT_REGEX)
                if len(parts) > REFLECTED_MAX_REGEX_PARTS:  # preventing CPU hogs
                    regex = _("%s%s%s" % (REFLECTED_REPLACEMENT_REGEX.join(parts[:REFLECTED_MAX_REGEX_PARTS / 2]), REFLECTED_REPLACEMENT_REGEX, REFLECTED_REPLACEMENT_REGEX.join(parts[-REFLECTED_MAX_REGEX_PARTS / 2:])))

-            if regex.lstrip(REFLECTED_REPLACEMENT_REGEX) != regex:
+                if regex.startswith(REFLECTED_REPLACEMENT_REGEX):
                    regex = r"%s%s" % (REFLECTED_BORDER_REGEX, regex.lstrip(REFLECTED_REPLACEMENT_REGEX))
                else:
                    regex = r"\b%s" % regex

-            if regex.rstrip(REFLECTED_REPLACEMENT_REGEX) != regex:
+                if regex.endswith(REFLECTED_REPLACEMENT_REGEX):
                    regex = r"%s%s" % (regex.rstrip(REFLECTED_REPLACEMENT_REGEX), REFLECTED_BORDER_REGEX)
                else:
                    regex = r"%s\b" % regex