Refactoring WAF scripts

2025-12-07 21:21:33 +00:00 · 2013-02-26 15:54:50 +01:00
parent e5835dc74f
commit be50192d8d
13 changed files with 115 additions and 45 deletions
--- a/waf/denyall.py
+++ b/waf/denyall.py
@@ -13,14 +13,13 @@ from lib.core.settings import WAF_ATTACK_VECTORS
 __product__ = "Deny All Web Application Firewall (DenyAll)"

 def detect(get_page):
-    page, headers, code = get_page()
-    retval = re.search(r"\Asessioncookie=", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None
+    retval = False

-    if not retval:
-        for vector in WAF_ATTACK_VECTORS:
-            page, headers, code = get_page(get=vector)
-            retval = code == 200 and re.search(r"\ACondition Intercepted", page, re.I) is not None
-            if retval:
-                break
+    for vector in WAF_ATTACK_VECTORS:
+        page, headers, code = get_page(get=vector)
+        retval = re.search(r"\Asessioncookie=", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None
+        retval |= code == 200 and re.search(r"\ACondition Intercepted", page, re.I) is not None
+        if retval:
+            break

    return retval