CGI-IDS

 view release on metacpan or  search on metacpan

lib/CGI/IDS.pm  view on Meta::CPAN

                    qr/\s{2,}/ms,
                    '',
                    $tmp_value
                )
            )
        );

        if ($stripped_length != 0 &&
            $overall_length/$stripped_length <= $threshold
        ) {
            $value .= "\n".'$[!!!]';
        }
    }

    if (strlen($value) > 40) {
        # Replace all non-special chars
        my $converted =  preg_replace(qr/[\w\s\p{L},.:!]/, '', $value);

        # Split string into an array, unify and sort
        my @array = str_split($converted);
        my %seen = ();

lib/CGI/IDS.xml  view on Meta::CPAN

        <rule><![CDATA[(?:[".]script\s*\()|(?:\$\$?\s*\(\s*[\w"])|(?:\/[\w\s]+\/\.)|(?:=\s*\/\w+\/\s*\.)|(?:(?:this|window|top|parent|frames|self|content)\[\s*[(,"]*\s*[\w\$])|(?:,\s*new\s+\w+\s*[,;)])]]></rule>
        <description>Detects basic obfuscated JavaScript script injections</description>
        <tags>
            <tag>xss</tag>
            <tag>csrf</tag>
        </tags>
        <impact>5</impact>
    </filter>
    <filter>
        <id>25</id>
        <rule><![CDATA[(?:=\s*[$\w]\s*[\(\[])|(?:\(\s*(?:this|top|window|self|parent|_?content)\s*\))|(?:src\s*=s*(?:\w+:|\/\/))|(?:\w+\[("\w+"|\w+\|\|))|(?:[\d\W]\|\|[\d\W]|\W=\w+,)|(?:\/\s*\+\s*[a-z"])|(?:=\s*\$[^([]*\()|(?:=\s*\(\s*")]]></rule>
        <description>Detects obfuscated JavaScript script injections</description>
        <tags>
            <tag>xss</tag>
            <tag>csrf</tag>
        </tags>
        <impact>5</impact>
    </filter>
    <filter>
        <id>26</id>
        <rule><![CDATA[(?:[^:\s\w]+\s*[^\w\/](href|protocol|host|hostname|pathname|hash|port|cookie)[^\w])]]></rule>

t/01-ids.t  view on Meta::CPAN

                            \$b=!!1e1?\'ion.h\'+\$b:a
                            \$b=!!1e1?\'locat\'+\$b:a
                            \$a=!1e1?!1e1:eval
                            a.a=\$a
                            \$b=a.a(\$b)
                            \$b=a.a(\$b)',
        23 => 'y=name,null
                            \$x=eval,null
                            \$x(y)',
        24 => '\$=\'e\'
                        ,x=\$[\$+\'val\']
                        x(x(\'nam\'+\$)+\$)',
        25 => 'typeof~delete~typeof~alert(1)',
        26 => 'ªª=1&& name
                        ª=1&&window.eval,1
                        ª(ªª)',
        27 => "y='nam' x=this.eval x(x(y  ('e') new Array) y)",
);

my %testConcatenatedXSSList2 = (
        0 => "ä=/ä/?'': 0;b=(ä+'eva'+ä);b=(b+'l'+ä);d=(ä+'XSS'+ä);c=(ä+'aler'+ä);c=(c+'t(d)'+ä);ä=.0[b];ä(c)",

t/01-ids.t  view on Meta::CPAN

                        \$a= !x?\$a+\$b:0
                        \$a setter = !x?0[\$a]:0
                        \$b= !x?\'locat\':0
                        \$c= !x?\'ion.h\':0
                        \$d= !x?\'ash\':0
                        \$b= !x?\$b+\$c+\$d:0
                        \$msg= !x?\'i love ternary operators\':0
                        \$a=\$a=\$b',
        9 => "123[''+<_>ev</_>+<_>al</_>](''+<_>aler</_>+<_>t</_>+<_>(1)</_>);",
        10 => '\$_ = !1-1 ? 0["\ev\al""]("\a\l\ert\(1\)"") : 0',
        11 => "\$\$\$[0] = !1-1 ? 'eva' : 0

                        \$\$\$[1] = !1-1 ? 'l' : 0

                        \$\$\$['".'\j'."o".'\i'."n']([])",
        12 => 'x=/eva/i[-1]
                        \$y=/nam/i[-1]
                        \$x\$_0=(0)[x+\'l\']
                        \$x=\$x\$_0(\$y+\'e\')
                        \$x\$_0(\$x)',
        13 => '\$y=("eva")
                        \$z={}[\$y+"l"]
                        \$y=("aler")
                        \$y+=(/t(1)/)[-1]
                        \$z(\$y)',