From 4ce5e1386c7d065f4c4f8b68aa57b0e18d6945ca Mon Sep 17 00:00:00 2001 From: RamiBerm <54766858+RamiBerm@users.noreply.github.com> Date: Tue, 3 Sep 2019 17:19:50 +0300 Subject: Updated har_dump,py timings dictionary function the HAR file spec (http://www.softwareishard.com/blog/har-12-spec/#timings) states that timings that do not apply for a certain requests should be set to -1, this example may set -1000 as a timings value for certain requests. This ends up producing invalid HAR files in many cases. My proposed fix is to assign -1 into the dic and only multiply by 1000 for other values --- examples/complex/har_dump.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'examples/complex') diff --git a/examples/complex/har_dump.py b/examples/complex/har_dump.py index 33a2f79f..e0964601 100644 --- a/examples/complex/har_dump.py +++ b/examples/complex/har_dump.py @@ -87,7 +87,7 @@ def response(flow): } # HAR timings are integers in ms, so we re-encode the raw timings to that format. - timings = dict([(k, int(1000 * v)) for k, v in timings_raw.items()]) + timings = dict([(k, -1 if v is -1 else int(1000 * v)) for k, v in timings_raw.items()]) # full_time is the sum of all timings. # Timings set to -1 will be ignored as per spec. -- cgit v1.2.3 From e97a804e89454f5f5f546f3f99635ca8b99d75d3 Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Thu, 5 Sep 2019 22:13:49 +0200 Subject: make dict comprehension more readable --- examples/complex/har_dump.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'examples/complex') diff --git a/examples/complex/har_dump.py b/examples/complex/har_dump.py index e0964601..414b4f61 100644 --- a/examples/complex/har_dump.py +++ b/examples/complex/har_dump.py @@ -87,7 +87,10 @@ def response(flow): } # HAR timings are integers in ms, so we re-encode the raw timings to that format. - timings = dict([(k, -1 if v is -1 else int(1000 * v)) for k, v in timings_raw.items()]) + timings = { + k: int(1000 * v) if v != -1 else -1 + for k, v in timings_raw.items() + } # full_time is the sum of all timings. # Timings set to -1 will be ignored as per spec. -- cgit v1.2.3 From a54954ee1ebb46cd4e163af407faf1e034e1a4e6 Mon Sep 17 00:00:00 2001 From: Thomas Kriechbaumer Date: Sat, 28 Sep 2019 12:01:39 +0200 Subject: fix linting --- examples/complex/har_dump.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'examples/complex') diff --git a/examples/complex/har_dump.py b/examples/complex/har_dump.py index 414b4f61..e3cea9fd 100644 --- a/examples/complex/har_dump.py +++ b/examples/complex/har_dump.py @@ -88,7 +88,7 @@ def response(flow): # HAR timings are integers in ms, so we re-encode the raw timings to that format. timings = { - k: int(1000 * v) if v != -1 else -1 + k: int(1000 * v) if v != -1 else -1 for k, v in timings_raw.items() } -- cgit v1.2.3 From 53cb5bf40f40cef2c5b4e05e7be42949146a3f58 Mon Sep 17 00:00:00 2001 From: Thomas Kriechbaumer Date: Sat, 28 Sep 2019 16:53:24 +0200 Subject: bump deps --- examples/complex/__init__.py | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 examples/complex/__init__.py (limited to 'examples/complex') diff --git a/examples/complex/__init__.py b/examples/complex/__init__.py new file mode 100644 index 00000000..e69de29b -- cgit v1.2.3 From bdc15cbe0c0cd5175af1b58078d65d400cca71d1 Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Tue, 12 Nov 2019 02:59:01 +0100 Subject: update mypy --- examples/complex/xss_scanner.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'examples/complex') diff --git a/examples/complex/xss_scanner.py b/examples/complex/xss_scanner.py index 97e94ed4..d5f4aaab 100755 --- a/examples/complex/xss_scanner.py +++ b/examples/complex/xss_scanner.py @@ -86,7 +86,7 @@ def get_cookies(flow: http.HTTPFlow) -> Cookies: return {name: value for name, value in flow.request.cookies.fields} -def find_unclaimed_URLs(body: str, requestUrl: bytes) -> None: +def find_unclaimed_URLs(body, requestUrl): """ Look for unclaimed URLs in script tags and log them if found""" def getValue(attrs: List[Tuple[str, str]], attrName: str) -> Optional[str]: for name, value in attrs: @@ -111,7 +111,7 @@ def find_unclaimed_URLs(body: str, requestUrl: bytes) -> None: try: socket.gethostbyname(domain) except socket.gaierror: - ctx.log.error("XSS found in %s due to unclaimed URL \"%s\"." % (requestUrl, url)) + ctx.log.error(f"XSS found in {requestUrl} due to unclaimed URL \"{url}\".") def test_end_of_URL_injection(original_body: str, request_URL: str, cookies: Cookies) -> VulnData: -- cgit v1.2.3