Skip to content

Commit

Permalink
merge dev into main
Browse files Browse the repository at this point in the history 
- removed "force regex" from decode operations
  • Loading branch information
@mattebit
mattebit committed Nov 20, 2023
2 parents 1397b85 + f1259d5 commit 6b4b312
Show file tree
Hide file tree
Showing 31 changed files with 1,651 additions and 711 deletions.
285 changes: 165 additions & 120 deletions doc/language.md
View file

Large diffs are not rendered by default.

15 changes: 15 additions & 0 deletions tool/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,21 @@
<artifactId>json-smart</artifactId>
<version>2.5.0</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.13</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
<version>4.4.14</version>
</dependency>
<dependency>
<groupId>com.networknt</groupId>
<artifactId>json-schema-validator</artifactId>
<version>1.0.87</version>
</dependency>
</dependencies>

<properties>
Expand Down
4 changes: 0 additions & 4 deletions tool/src/main/java/migt/BurpExtender.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,6 @@

/**
* Main class executed by Burp
*
* @author Matteo Bitussi
*/
public class BurpExtender implements IBurpExtender, ITab, IProxyListener {

Expand Down Expand Up @@ -58,7 +56,6 @@ public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
errorStream = new PrintStream(stdErr);

mainPane = new GUI();
mainPane.helpers = callbacks.getHelpers();
mainPane.callbacks = callbacks;
mainPane.messageViewer = callbacks.createMessageEditor(mainPane.controller, false);
mainPane.splitPane.setRightComponent(mainPane.messageViewer.getComponent());
Expand Down Expand Up @@ -165,7 +162,6 @@ private void processMatchedMsg(MessageType msg_type,
HTTPReqRes message) {
messageInfo.setHighlight("red");

mainPane.act_active_op.helpers = helpers;
mainPane.act_active_op.setAPI(new Operation_API(message, msg_type.msg_to_process_is_request));
mainPane.act_active_op.execute();

Expand Down
85 changes: 59 additions & 26 deletions tool/src/main/java/migt/Check.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,13 @@
package migt;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.jayway.jsonpath.JsonPath;
import com.networknt.schema.JsonSchema;
import com.networknt.schema.JsonSchemaFactory;
import com.networknt.schema.SpecVersion;
import com.networknt.schema.ValidationMessage;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
Expand All @@ -10,15 +17,14 @@
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import static migt.Check.CheckOps.*;

/**
* Check Object class. This object is used in Operations to check that a parameter or some text is in as specified.
*
* @author Matteo Bitussi
*/
public class Check extends Module {
String what; // what to search
Expand Down Expand Up @@ -138,6 +144,10 @@ public Check(JSONObject json_check) throws ParsingException {
value_list.add(act_enc);
}
break;
case "json schema compliant":
this.op = JSON_SCHEMA_COMPLIANT;
this.op_val = json_check.getString("json schema compliant");
break;
case "matches regex":
this.op = MATCHES_REGEX;
this.op_val = json_check.getString("matches regex");
Expand All @@ -149,6 +159,8 @@ public Check(JSONObject json_check) throws ParsingException {
case "url decode":
url_decode = json_check.getBoolean("url decode");
break;
default:
throw new ParsingException("Invalid key:\"" + key + "\" used in Check Operation");
}
} catch (JSONException e) {
throw new ParsingException("error in parsing check: " + e);
Expand Down Expand Up @@ -250,14 +262,13 @@ private boolean execute_http(HTTPReqRes message,

if (msg_str.length() == 0) {
applicable = true;
if (this.op != null && op == IS_NOT_PRESENT) {
return true;
}
return false;
return this.op != null && op == IS_NOT_PRESENT;
}

msg_str = url_decode(msg_str);

// if a regex is present, execute it
if (!regex.equals("")) {
if (!regex.isEmpty()) {
return execute_regex(msg_str);
}

Expand Down Expand Up @@ -302,6 +313,22 @@ private boolean execute_http(HTTPReqRes message,
return true;
}

private String url_decode(String string) {
if (url_decode) {
if (string.contains("+")) {
System.err.println("Warning! During a check on the value\"" + string + "\" a '+' symbol has been" +
"converted to a space, as it has been interpreted as url-encoded character. If you want to avoid" +
"this behaviour use 'url decode' tag set to false inside the check to disable url-decoding ");
}
try {
string = URLDecoder.decode(string, StandardCharsets.UTF_8);
} catch (IllegalArgumentException e) {
throw new RuntimeException("Failed URL-decode in check: " + e);
}
}
return string;
}

/**
* Execute the json version of the check
*
Expand Down Expand Up @@ -455,6 +482,21 @@ private boolean execute_json() throws ParsingException {
Matcher m = p.matcher(found);
return !m.find();
}
case JSON_SCHEMA_COMPLIANT: {
JsonSchema schema = null;
JsonNode node = null;
try {
// parse the schema
schema = getJsonSchemaFromStringContent(op_val);
ObjectMapper mapper = new ObjectMapper();
node = mapper.readTree(found);
} catch (JsonProcessingException e) {
throw new RuntimeException(e);
}

Set<ValidationMessage> errors = schema.validate(node);
return errors.isEmpty();
}
}

return false;
Expand Down Expand Up @@ -556,25 +598,10 @@ public void execute(List<Var> vars) throws ParsingException {
if (use_variable) {
// Substitute to the op_val variable (that contains the name), the value of the variable
op_val = Tools.getVariableByName(op_val, vars).value;
}

// URL-decode matched content
// when a string contains a "+" character then, it is replaced with a space.
if (url_decode) {
/*
Pattern p = Pattern.compile("%[0-9a-fA-F]{2}");
Matcher m = p.matcher(op_val);
if (m.find()) {
// if the content contains url-encoded characters then, url-decode the content
op_val = URLDecoder.decode(op_val, StandardCharsets.UTF_8);
}
*/
if (op_val.contains("+")) {
System.err.println("Warning! During a check on the value\"" + op_val + "\" a '+' symbol has been" +
"converted to a space, as it has been interpreted as url-encoded character. If you want to avoid" +
"this behaviour use 'url decode' tag set to false inside the check to disable url-decoding " );
}
op_val = URLDecoder.decode(op_val, StandardCharsets.UTF_8);
// URL-decode variable value
// when a string contains a "+" character then, it is replaced with a space.
op_val = url_decode(op_val);
}

if (imported_api instanceof Operation_API) {
Expand Down Expand Up @@ -612,6 +639,11 @@ public String toString() {
return "check: " + what + (op == null ? "" : " " + op + ": " + op_val);
}

protected JsonSchema getJsonSchemaFromStringContent(String schemaContent) {
JsonSchemaFactory factory = JsonSchemaFactory.getInstance(SpecVersion.VersionFlag.V4);
return factory.getSchema(schemaContent);
}

/**
* enum containing all the possible check operations
*/
Expand All @@ -626,7 +658,8 @@ public enum CheckOps {
IS_NOT_IN,
IS_SUBSET_OF,
MATCHES_REGEX,
NOT_MATCHES_REGEX;
NOT_MATCHES_REGEX,
JSON_SCHEMA_COMPLIANT;

/**
* Function that given a String, returns the corresponding CheckOps enum's value
Expand Down
Loading

0 comments on commit 6b4b312

Please sign in to comment.