Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

疑似offset BUG #2

Open
grayguest opened this issue Sep 5, 2019 · 1 comment
Open

疑似offset BUG #2

grayguest opened this issue Sep 5, 2019 · 1 comment

Comments

@grayguest
Copy link

以JQuery为例,

{
    "name": "jQuery",
    "website": "https://jquery.com",
    "matches": [
        {
            "search": "script",
            "regexp": "jquery[.-]([\\d.]*\\d)[^/]*\\.js",
            "offset": 1
        },
        {
            "search": "script",
            "regexp": "/([\\d.]+)/jquery(?:\\.min)?\\.js",
            "offset": 1
        },
        {
            "search": "script",
            "regexp": "jquery.*\\.js(?:\\?ver(?:sion)?=([\\d.]+))?",
            "offset": 1
        }
    ]
}

对应解析代码如下

                    if 'offset' in match:
                        if isinstance(result[0], str):
                            version = result[0]
                        elif isinstance(result[0], tuple):
                            if len(result[0]) > match['offset']:
                                version = result[0][match['offset']]
                            else:
                                version = ''.join(result[0])

实际上,wappalyzer中的offset应该是re.search匹配后的m.group(1),对应re.findall()应该是m[0][0],因为代码中有下面这个判断,所以并没有出错。

if isinstance(result[0], str):
                            version = result[0]

但是如果wappalyzer中有个规则匹配后返回tuple类型,那么就会有问题,
考虑将offset-1,或代码由findall改为group?
@fate0 fate0 transferred this issue from webanalyzer/rules Sep 9, 2019
@grayguest
Copy link
Author

应该是bug,我改成了re.search()返回group这样,
https://www.wappalyzer.com/docs/specification
最后关于Version syntax的部分,\1 | Returns the first match.
大致改了一下

                    result = match[key].search(search_context)  # findall change to search
                    if not result:
                        continue

                    if 'offset' in match:  # offset判定版本的优先级 > version
                        if len(result.groups()) >= match['offset']:
                            version = result.group(match['offset'])
                        else:
                            version = result.group()
                    if 'offset' not in match and not version:
                        if len(result.groups()):
                            version = result.group()
                    break

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@grayguest