Skip to content

Commit

Permalink
Removed url-decode on checks + sanitized user input
Browse files Browse the repository at this point in the history
  • Loading branch information
@mattebit
mattebit committed Sep 15, 2023
1 parent 4f6c0c8 commit 2034fea
Show file tree
Hide file tree
Showing 5 changed files with 16 additions and 16 deletions.
8 changes: 4 additions & 4 deletions tool/src/main/java/migt/Check.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -253,8 +253,8 @@ private boolean execute_http(HTTPReqRes message,
}

// URL-decode matched content
if (url_decode)
msg_str = URLDecoder.decode(msg_str, StandardCharsets.UTF_8);
//if (url_decode)
// msg_str = URLDecoder.decode(msg_str, StandardCharsets.UTF_8);

// if a regex is present, execute it
if (!regex.equals("")) {
Expand All @@ -269,8 +269,8 @@ private boolean execute_http(HTTPReqRes message,
}

Pattern p = this.in == CheckIn.URL ?
Pattern.compile("(?<=[?&]" + this.what + "=)[^\\r\\n&]*") :
Pattern.compile("(?<=" + this.what + ":\\s?)[^\\r\\n]*");
Pattern.compile("(?<=[?&]" + Pattern.quote(this.what) + "=)[^\\r\\n&]*") :
Pattern.compile("(?<=" + Pattern.quote(this.what) + ":\\s?)[^\\r\\n]*");
// TODO: this could be done better by using message methods
Matcher m = p.matcher(msg_str);

Expand Down
2 changes: 1 addition & 1 deletion tool/src/main/java/migt/EditOperation.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -318,7 +318,7 @@ public void execute(List<Var> vars) throws ParsingException {
break;

case NONE:
Pattern p = Pattern.compile(txt_action_name);
Pattern p = Pattern.compile(Pattern.quote(txt_action_name));
Matcher m = p.matcher(tmp_imported_api.txt);

if (txt_action == null) {
Expand Down
2 changes: 1 addition & 1 deletion tool/src/main/java/migt/HTTPReqRes.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -369,7 +369,7 @@ public String getUrlParam(String param) {
throw new RuntimeException("Trying to access the url of a response message");
}

Pattern pattern = Pattern.compile("(?<=" + param + "=)[^$\\n&\\s]*");
Pattern pattern = Pattern.compile("(?<=" + Pattern.quote(param) + "=)[^$\\n&\\s]*");
Matcher matcher = pattern.matcher(this.request_url);
String res = "";
while (matcher.find()) {
Expand Down
14 changes: 7 additions & 7 deletions tool/src/main/java/migt/MessageOperation.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,7 @@ public Operation execute(Operation op,
throw new ParsingException("Searching URL in response");
}
String url_header = op.api.message.getUrlHeader();
pattern = Pattern.compile("&?" + mop.what + "=[^& ]*((?=&)|(?= ))");
pattern = Pattern.compile("&?" + Pattern.quote(mop.what) + "=[^& ]*((?=&)|(?= ))");
matcher = pattern.matcher(url_header);
String new_url = matcher.replaceFirst("");
op.api.message.setUrlHeader(new_url);
Expand All @@ -192,7 +192,7 @@ public Operation execute(Operation op,

case BODY:
String body = new String(op.api.message.getBody(op.api.is_request));
pattern = Pattern.compile(mop.what);
pattern = Pattern.compile(Pattern.quote(mop.what));
matcher = pattern.matcher(body);
op.api.message.setBody(op.api.is_request, matcher.replaceAll(""));
//Automatically update content-lenght
Expand Down Expand Up @@ -226,7 +226,7 @@ public Operation execute(Operation op,
}
String header_0 = op.api.message.getUrlHeader();

pattern = Pattern.compile("&?" + mop.what + "=[^& ]*((?=&)|(?= ))");
pattern = Pattern.compile("&?" + Pattern.quote(mop.what) + "=[^& ]*((?=&)|(?= ))");
matcher = pattern.matcher(header_0);

String newHeader_0 = "";
Expand Down Expand Up @@ -268,7 +268,7 @@ public Operation execute(Operation op,
switch (mop.from) {
case HEAD: {
List<String> headers = op.api.message.getHeaders(op.api.is_request);
pattern = Pattern.compile(mop.what);
pattern = Pattern.compile(Pattern.quote(mop.what));
List<String> new_headers = new ArrayList<>();

for (String header : headers) {
Expand All @@ -281,7 +281,7 @@ public Operation execute(Operation op,
break;
}
case BODY: {
pattern = Pattern.compile(mop.what);
pattern = Pattern.compile(Pattern.quote(mop.what));
matcher = pattern.matcher(new String(op.api.message.getBody(op.api.is_request)));
op.api.message.setBody(op.api.is_request, matcher.replaceAll(""));

Expand Down Expand Up @@ -356,8 +356,8 @@ public Operation execute(Operation op,
String header_0 = op.api.message.getUrlHeader();

pattern = mop.action == MessageOperation.MessageOperationActions.SAVE ?
Pattern.compile(mop.what + "=[^& ]*(?=(&| ))") :
Pattern.compile(mop.what);
Pattern.compile(Pattern.quote(mop.what) + "=[^& ]*(?=(&| ))") :
Pattern.compile(Pattern.quote(mop.what));

matcher = pattern.matcher(header_0);
String value = "";
Expand Down
6 changes: 3 additions & 3 deletions tool/src/main/java/migt/Tools.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -723,9 +723,9 @@ public static byte[] editMessageParam(IExtensionHelpers helpers,

case BODY:
if (!isBodyRegex) {
pattern = Pattern.compile("(?<=" + param_name + "=)[^$\\n& ]*");
pattern = Pattern.compile("(?<=" + Pattern.quote(param_name) + "=)[^$\\n& ]*");
} else {
pattern = Pattern.compile(param_name);
pattern = Pattern.compile(Pattern.quote(param_name));
}

matcher = pattern.matcher(new String(messageInfo.getBody(isRequest)));
Expand All @@ -740,7 +740,7 @@ public static byte[] editMessageParam(IExtensionHelpers helpers,
}
String url_header = messageInfo.getUrlHeader();

pattern = Pattern.compile(param_name + "=[^& ]*((?=&)|(?= ))");
pattern = Pattern.compile(Pattern.quote(param_name) + "=[^& ]*((?=&)|(?= ))");
matcher = pattern.matcher(url_header);

messageInfo.setUrlHeader(matcher.replaceAll(param_name + "=" + new_value)); // problema
Expand Down

0 comments on commit 2034fea

Please sign in to comment.