STRLCPY/csprecon

linting
edoardottt committed 1 year ago

b92f69b7

1 parent 03b914fe

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

■ ■ ■ ■ ■ ■

pkg/csprecon/csp.go

		skipped 1 lines
2	2
3	3		import (
4	4		"crypto/tls"
5		-	"fmt"
6		-	"io"
7	5		"net"
8	6		"net/http"
	7	+	"regexp"
	8	+	"strings"
9	9		"time"
10	10		)
11	11
12	12		const (
13	13		TLSHandshakeTimeout = 10
14	14		KeepAlive = 30
	15	+	DomainRegex = `.*[a-zA-Z\_\-0-9]+\.[a-z]+`
15	16		)
16	17
17		-	func checkCSP(url string, client *http.Client) ([]string, error) {
18		-	return get(url, client)
19		-	}
20		-
21		-	func get(url string, client *http.Client) ([]string, error) {
	18	+	func checkCSP(url string, r regexp.Regexp, client http.Client) ([]string, error) {
22	19		result := []string{}
23	20		resp, err := client.Get(url)
24	21
25	22		if err != nil {
26		-	return result, nil
	23	+	return result, err
27	24		}
28	25
29		-	body, _ := io.ReadAll(resp.Body)
30	26		defer resp.Body.Close()
31	27
32		-	headerCSP := resp.Header.Get("Content-Security-Policy")
	28	+	headerCSP := parseCSPHeader(resp.Header.Get("Content-Security-Policy"), r)
33	29
34		-	fmt.Println(headerCSP)
35		-	fmt.Println(string(body))
	30	+	return headerCSP, nil
	31	+	}
36	32
37		-	return []string{}, nil
	33	+	func parseCSPHeader(input string, r *regexp.Regexp) []string {
	34	+	result := []string{}
	35	+
	36	+	splitted := strings.Split(input, ";")
	37	+
	38	+	for _, elem := range splitted {
	39	+	spaceSplit := strings.Split(elem, " ")
	40	+	for _, spaceElem := range spaceSplit {
	41	+	if r.Match([]byte(spaceElem)) {
	42	+	result = append(result, spaceElem)
	43	+	}
	44	+	}
	45	+	}
	46	+
	47	+	return result
	48	+	}
	49	+
	50	+	func parseCSPBody(input string) []string {
	51	+	result := []string{}
	52	+
	53	+	return result
38	54		}
39	55
40	56		func customClient(timeout int) *http.Client {
		skipped 18 lines
59	75		return &client
60	76		}
61	77
	78	+	func CompileRegex(regex string) *regexp.Regexp {
	79	+	r, _ := regexp.Compile(regex)
	80	+
	81	+	return r
	82	+	}
	83	+

■ ■ ■ ■ ■ ■

pkg/csprecon/csprecon.go

		skipped 4 lines
5	5		"fmt"
6	6		"net/http"
7	7		"os"
	8	+	"regexp"
	9	+	"strings"
8	10		"sync"
9	11
10	12		"github.com/edoardottt/csprecon/pkg/input"
	13	+	"github.com/edoardottt/csprecon/pkg/output"
11	14		"github.com/edoardottt/golazy"
12	15		"github.com/projectdiscovery/gologger"
13	16		fileutil "github.com/projectdiscovery/utils/file"
		skipped 3 lines
17	20		Client *http.Client
18	21		Input chan string
19	22		Output chan string
20		-	InWg sync.WaitGroup
21		-	OutWg sync.WaitGroup
	23	+	InWg *sync.WaitGroup
	24	+	OutWg *sync.WaitGroup
22	25		Options input.Options
23	26		}
24	27
25	28		func New(options *input.Options) Runner {
26	29		return Runner{
27	30		Client: customClient(options.Timeout),
28		-	Input: make(chan string),
29		-	Output: make(chan string),
30		-	InWg: sync.WaitGroup{},
31		-	OutWg: sync.WaitGroup{},
	31	+	Input: make(chan string, options.Concurrency),
	32	+	Output: make(chan string, options.Concurrency),
	33	+	InWg: &sync.WaitGroup{},
	34	+	OutWg: &sync.WaitGroup{},
32	35		Options: *options,
33	36		}
34	37		}
		skipped 40 lines
75	78		func execute(r *Runner) {
76	79		defer r.InWg.Done()
77	80
	81	+	regex := regexp.Regexp{}
	82	+
	83	+	if r.Options.Domain != "" {
	84	+	regex = CompileRegex(`.` + r.Options.Domain)
	85	+	}
	86	+
	87	+	dregex := CompileRegex(DomainRegex)
	88	+
78	89		for value := range r.Input {
79		-	result, err := checkCSP(value, r.Client)
80		-	if err == nil {
81		-	for _, res := range result {
82		-	r.Output <- res
	90	+	r.InWg.Add(1)
	91	+
	92	+	go func(value string) {
	93	+	defer r.InWg.Done()
	94	+	result, err := checkCSP(value, dregex, r.Client)
	95	+
	96	+	if err == nil {
	97	+	for _, res := range result {
	98	+	if resTrimmed := strings.TrimSpace(res); resTrimmed != "" {
	99	+	if r.Options.Domain != "" {
	100	+	if regex.Match([]byte(resTrimmed)) {
	101	+	r.Output <- resTrimmed
	102	+	}
	103	+	} else {
	104	+	r.Output <- resTrimmed
	105	+	}
	106	+	}
	107	+	}
83	108		}
84		-	}
	109	+	}(value)
85	110		}
86	111		}
87	112
88	113		func pullOutput(r *Runner) {
89	114		defer r.OutWg.Done()
90	115
	116	+	out := output.New()
	117	+
91	118		for o := range r.Output {
92	119		r.OutWg.Add(1)
93	120
94		-	go writeOutput(&r.OutWg, &r.Options, o)
	121	+	go writeOutput(r.OutWg, &r.Options, &out, o)
95	122		}
96	123		}
97	124
98		-	func writeOutput(wg sync.WaitGroup, options input.Options, out string) {
	125	+	func writeOutput(wg sync.WaitGroup, options input.Options, out *output.Result, o string) {
99	126		defer wg.Done()
100	127
101	128		if options.FileOutput != "" {
		skipped 5 lines
107	134		options.Output = file
108	135		}
109	136
110		-	// write output to file
	137	+	if !out.Printed(o) {
	138	+	if options.Output != nil {
	139	+	if _, err := options.Output.Write([]byte(o + "\n")); err != nil && options.Verbose {
	140	+	gologger.Fatal().Msg(err.Error())
	141	+	}
	142	+	}
111	143
112		-	fmt.Println(out)
	144	+	fmt.Println(o)
	145	+	}
113	146		}
114	147

■ ■ ■ ■ ■ ■

pkg/input/flags.go

		skipped 20 lines
21	21		Input string
22	22		FileInput string
23	23		FileOutput string
	24	+	Domain string
24	25		Verbose bool
25	26		Output io.Writer
26	27		Silent bool
		skipped 16 lines
43	44
44	45		flag.StringVar(&options.Input, "u", "", `Input domain`)
45	46		flag.StringVar(&options.FileInput, "l", "", `File containing input domains`)
	47	+	flag.StringVar(&options.Domain, "d", "", `Filter results belonging to this domain`)
46	48		flag.StringVar(&options.FileOutput, "o", "", `Output File`)
47	49		flag.BoolVar(&options.Verbose, "v", false, `Be verbose`)
48	50		flag.BoolVar(&options.Silent, "s", false, `Print only results`)
49		-	flag.IntVar(&options.Concurrency, "c", DefaultConcurrency, "Concurrency level (default 100)")
	51	+	flag.IntVar(&options.Concurrency, "c", DefaultConcurrency, "Concurrency level")
50	52		flag.IntVar(&options.Timeout, "t", DefaultTimeout, "Connection timeout in seconds")
51	53
52	54		if help() {
		skipped 31 lines

■ ■ ■ ■ ■ ■

pkg/output/banner.go

		skipped 7 lines
8	8		const (
9	9		Version = "v0.0.1"
10	10		banner = `
11		-	______________ ________ _________ ____
	11	+	______________ ________ _________ ____
12	12		/ ___/ ___/ __ \/ ___/ _ \/ ___/ __ \/ __ \
13	13		/ /__(__ ) /_/ / / / __/ /__/ /_/ / / / /
14	14		\___/____/ .___/_/ \___/\___/\____/_/ /_/
15		-	/_/ %s`
	15	+	/_/ `
16	16		)
17	17
18	18		func ShowBanner() {
19	19		if !printed {
20		-	gologger.Print().Msgf("%s\n", banner)
	20	+	gologger.Print().Msgf("%s%s\n\n", banner, Version)
21	21		gologger.Print().Msgf("\t\t@edoardottt, https://www.edoardoottavianelli.it/\n")
22	22		gologger.Print().Msgf("\t\t https://github.com/edoardottt/\n\n")
23	23
		skipped 4 lines

■ ■ ■ ■ ■ ■

pkg/output/output.go

1	1		package output
2	2
3		-	type Output struct {
4		-	Result map[string]struct{}
	3	+	import (
	4	+	"sync"
	5	+	)
	6	+
	7	+	type Result struct {
	8	+	Map sync.Map
	9	+	}
	10	+
	11	+	func New() Result {
	12	+	return Result{Map: sync.Map{}}
	13	+	}
	14	+
	15	+	func (o *Result) Printed(result string) bool {
	16	+	if _, ok := o.Map.Load(result); !ok {
	17	+	o.Map.Store(result, true)
	18	+	return false
	19	+	}
	20	+
	21	+	return true
5	22		}
6	23

linting