[XSS] Make InjectionChecker's regular expressions easier to debug.

This commit is contained in:
hackademix 2023-07-16 17:57:07 +02:00
parent 61ddfea620
commit 1bd6061414
No known key found for this signature in database
GPG Key ID: 231A83AFDA9C2434
3 changed files with 16 additions and 3 deletions

@ -1 +1 @@
Subproject commit d9e7b863e0d33d4f3636c17ba5ce263ad08d2bb2
Subproject commit fd083f7200cf9357fc2e907b9609fe8103982c9a

View File

@ -47,7 +47,7 @@ include("InjectionChecker.js");
let ic = new (await XSS.InjectionChecker)();
if (debugging) {
ic.logEnabled = true;
ic.debugging = true;
debug("[XSS] InjectionCheckWorker started in %s ms (%s).",
Date.now() - xssReq.timestamp, destUrl);
} else {
@ -91,7 +91,7 @@ include("InjectionChecker.js");
if (msg.handler in Handlers) try {
await Handlers[msg.handler](msg);
} catch (e) {
postMessage({error: e.message});
postMessage({error: `${e.message}\n${e.stack}`});
}
}

View File

@ -22,6 +22,7 @@ XSS.InjectionChecker = (async () => {
await include([
"/nscl/common/SyntaxChecker.js",
"/nscl/common/Base64.js",
"/nscl/common/DebuggableRegExp.js",
"/nscl/common/Timing.js",
"/xss/FlashIdiocy.js",
"/xss/ASPIdiocy.js",
@ -83,6 +84,18 @@ XSS.InjectionChecker = (async () => {
this.log = v ? this._log : function() {};
},
_debugging: false,
get debugging() {
return this._debugging;
},
set debugging(b) {
this.logEnabled = b;
for (const rx of ["_maybeJSRx", "_riskyOperatorsRx"]) {
if (this[rx].originalRx) this[rx] = this[rx].originalRx;
if (b) this[rx] = new DebuggableRegExp(this[rx]);
}
},
escalate: function(msg) {
this.log(msg);
log("[InjectionChecker] ", msg);