Skip to content

Commit 5447876

Browse files
bkollmarbkollmar
committed
fixed formatting
1 parent c4ad93a commit 5447876

File tree

1 file changed

+52
-23
lines changed
  • addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules

1 file changed

+52
-23
lines changed

addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/SstiScanRule.java

Lines changed: 52 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -413,7 +413,8 @@ private void searchForMathsExecution(
413413

414414
for (SinkPoint sink : sinksToTest) {
415415

416-
String output = sink.getCurrentStateInString(newMsg, paramName, renderTest);
416+
String output =
417+
sink.getCurrentStateInString(newMsg, paramName, renderTest);
417418

418419
for (String renderResult : renderExpectedResults) {
419420
// Some rendering tests add html tags so we can not only search for
@@ -432,7 +433,8 @@ private void searchForMathsExecution(
432433

433434
if (output.contains(renderResult)
434435
&& output.matches(regex)
435-
&& sstiPayload.engineSpecificCheck(regex, output, renderTest)) {
436+
&& sstiPayload.engineSpecificCheck(
437+
regex, output, renderTest)) {
436438

437439
String attack = getOtherInfo(sink.getLocation(), output);
438440

@@ -452,49 +454,76 @@ private void searchForMathsExecution(
452454
try {
453455
for (TemplateFormat format : TEMPLATE_FORMATS) {
454456
// Construct the SSTI payload
455-
String sstiPayload2 = "zapSSTI'%s7*7%s'".formatted(format.getStartTag(), format.getEndTag());
456-
457+
String sstiPayload2 =
458+
"zapSSTI'%s7*7%s'"
459+
.formatted(
460+
format.getStartTag(), format.getEndTag());
461+
457462
// Create a new POST request
458463
HttpMessage postMsg = getNewMsg();
459464
postMsg.getRequestHeader().setMethod("POST");
460465
postMsg.getRequestHeader()
461-
.setHeader("Content-Type", "application/x-www-form-urlencoded");
462-
466+
.setHeader(
467+
"Content-Type",
468+
"application/x-www-form-urlencoded");
469+
463470
// Manually set the body to prevent url-encoding
464471
String requestBody = paramName + "=" + sstiPayload2;
465472
postMsg.setRequestBody(requestBody);
466-
postMsg.getRequestHeader().setContentLength(postMsg.getRequestBody().length());
467-
473+
postMsg.getRequestHeader()
474+
.setContentLength(postMsg.getRequestBody().length());
475+
468476
sendAndReceive(postMsg, false); // Send the raw POST request
469-
477+
470478
// Now send a GET request to check if SSTI execution occurred
471-
HttpMessage getProfileMsg = new HttpMessage(postMsg.getRequestHeader().getURI());
479+
HttpMessage getProfileMsg =
480+
new HttpMessage(postMsg.getRequestHeader().getURI());
472481
getProfileMsg.getRequestHeader().setMethod("GET");
473-
482+
474483
// Preserve authentication/session details
475-
getProfileMsg.getRequestHeader().setHeader("User-Agent", postMsg.getRequestHeader().getHeader("User-Agent"));
476-
getProfileMsg.getRequestHeader().setHeader("Cookie", postMsg.getRequestHeader().getHeader("Cookie"));
477-
getProfileMsg.getRequestHeader().setHeader("Referer", postMsg.getRequestHeader().getURI().toString());
478-
getProfileMsg.getRequestHeader().setHeader("Origin", postMsg.getRequestHeader().getHostName());
479-
484+
getProfileMsg
485+
.getRequestHeader()
486+
.setHeader(
487+
"User-Agent",
488+
postMsg.getRequestHeader().getHeader("User-Agent"));
489+
getProfileMsg
490+
.getRequestHeader()
491+
.setHeader(
492+
"Cookie",
493+
postMsg.getRequestHeader().getHeader("Cookie"));
494+
getProfileMsg
495+
.getRequestHeader()
496+
.setHeader(
497+
"Referer",
498+
postMsg.getRequestHeader().getURI().toString());
499+
getProfileMsg
500+
.getRequestHeader()
501+
.setHeader(
502+
"Origin", postMsg.getRequestHeader().getHostName());
503+
480504
sendAndReceive(getProfileMsg, false); // Fetch profile page
481-
505+
482506
String responseBody = getProfileMsg.getResponseBody().toString();
483-
484-
if (responseBody.contains("zapSSTI'49'")) { // Check if SSTI was executed
485-
createAlert(newMsg.getRequestHeader().getURI().toString(),paramName,renderTest,sstiPayload2)
507+
508+
if (responseBody.contains(
509+
"zapSSTI'49'")) { // Check if SSTI was executed
510+
createAlert(
511+
newMsg.getRequestHeader().getURI().toString(),
512+
paramName,
513+
renderTest,
514+
sstiPayload2)
486515
.setMessage(newMsg)
487516
.raise();
488517
found = true;
489518
break;
490519
}
491520
}
492-
521+
493522
} catch (IOException e) {
494523
LOGGER.warn("Failed to send SSTI test requests: ", e);
495524
}
496-
}
497-
525+
}
526+
498527
} catch (SocketException ex) {
499528
LOGGER.debug("Caught {} {}", ex.getClass().getName(), ex.getMessage());
500529
} catch (IOException ex) {

0 commit comments

Comments
 (0)