Documentation ¶
Index ¶
- Constants
- Variables
- func Generate(regex string, limit int) (string, error)
- func NewCELEnv() *cel.Env
- func RandLowerLetter(n int) string
- func SortedQuery(query string) string
- func SortedQueryKey(query string) string
- func SortedURI(u *url.URL) string
- type Generator
- type MutationChain
- type MutationRule
- type RegexpHandler
- func (h *RegexpHandler) HandleRule(rule *MutationRule)
- func (h *RegexpHandler) OnPocMatch(fn ScanEventHandleFunc)
- func (h *RegexpHandler) OnRuleMatch(fn ScanEventHandleFunc)
- func (h *RegexpHandler) Routes() []string
- func (h *RegexpHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
- func (h *RegexpHandler) SetStaticDir(path string)
- type RespMetrics
- type ScanEvent
- type ScanEventHandleFunc
- type YamlPoc
- type YamlRule
- type Yarx
Constants ¶
View Source
const ( PositionBody = "body" PositionHeader = "header" PositionStatus = "status" )
Variables ¶
View Source
var ( ErrReverseNotSupported = errors.New("reverse type is not supported yet") ErrRequestNotSupported = errors.New("request variable is not supported yet") )
Functions ¶
func RandLowerLetter ¶
func SortedQuery ¶
func SortedQueryKey ¶
Types ¶
type Generator ¶
type Generator struct {
// contains filtered or unexported fields
}
type MutationChain ¶
func (*MutationChain) IsFirst ¶
func (g *MutationChain) IsFirst(rule *MutationRule) bool
func (*MutationChain) IsLast ¶
func (g *MutationChain) IsLast(rule *MutationRule) bool
type MutationRule ¶
type MutationRule struct { Name string // eg: poc-yaml-yapi-rce Method string ReplacedURI string URI *regexp.Regexp Body *regexp.Regexp Header map[string]*regexp.Regexp Status int MutateFuncs []func(resp http.ResponseWriter, ctx *celContext) error ExprInfo *expr.SourceInfo YamlRule *YamlRule Chain *MutationChain // contains filtered or unexported fields }
func NewMutationRule ¶
func NewMutationRule(celCtx *celContext) *MutationRule
func (*MutationRule) HTTPHandler ¶
func (m *MutationRule) HTTPHandler() http.HandlerFunc
func (*MutationRule) Match ¶
func (m *MutationRule) Match(req *http.Request, celCtx *celContext) error
func (*MutationRule) String ¶
func (m *MutationRule) String() string
type RegexpHandler ¶
type RegexpHandler struct {
// contains filtered or unexported fields
}
func (*RegexpHandler) HandleRule ¶
func (h *RegexpHandler) HandleRule(rule *MutationRule)
func (*RegexpHandler) OnPocMatch ¶
func (h *RegexpHandler) OnPocMatch(fn ScanEventHandleFunc)
OnPocMatch will be called only if the last rule of poc get matched see details at OnRuleMatch
func (*RegexpHandler) OnRuleMatch ¶
func (h *RegexpHandler) OnRuleMatch(fn ScanEventHandleFunc)
OnRuleMatch will be called if there is a poc rule matched for example, if a poc has there rules, OnRuleMatch will be called there times, meanwhile OnPocMatch will only be called once.
func (*RegexpHandler) Routes ¶
func (h *RegexpHandler) Routes() []string
func (*RegexpHandler) ServeHTTP ¶
func (h *RegexpHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
func (*RegexpHandler) SetStaticDir ¶
func (h *RegexpHandler) SetStaticDir(path string)
type RespMetrics ¶
type RespMetrics struct {
// contains filtered or unexported fields
}
func (*RespMetrics) Header ¶
func (f *RespMetrics) Header() http.Header
func (*RespMetrics) HeaderMap ¶
func (f *RespMetrics) HeaderMap() map[string]string
func (*RespMetrics) WriteHeader ¶
func (f *RespMetrics) WriteHeader(statusCode int)
type ScanEvent ¶
type ScanEvent struct { Request *http.Request Response *RespMetrics PocMatched string RuleMatched string }
type ScanEventHandleFunc ¶
type ScanEventHandleFunc func(e *ScanEvent)
type YamlRule ¶
type YamlRule struct { Name string `yaml:"-"` Request struct { Method string `yaml:"method"` Path string `yaml:"path"` Headers map[string]string `yaml:"headers"` Body string `yaml:"body"` FollowRedirects *bool `yaml:"follow_redirects"` } `yaml:"request"` Expression string `yaml:"expression"` Output yaml.Node `yaml:"output"` }
type Yarx ¶
type Yarx struct {
// contains filtered or unexported fields
}
func (*Yarx) Chains ¶
func (y *Yarx) Chains() []*MutationChain
func (*Yarx) HTTPHandler ¶
func (y *Yarx) HTTPHandler() *RegexpHandler
func (*Yarx) Rules ¶
func (y *Yarx) Rules() []*MutationRule
Click to show internal directories.
Click to hide internal directories.