CGI-IDS
view release on metacpan or search on metacpan
lib/CGI/IDS.pm view on Meta::CPAN
}
return $value;
}
#****if* IDS/_convert_from_concatenated
# NAME
# _convert_from_concatenated
# DESCRIPTION
# Converts basic concatenations
# INPUT
# value the string to convert
# OUTPUT
# value converted string
# SYNOPSIS
# IDS::_convert_from_concatenated($value);
#****
sub _convert_from_concatenated {
my ($value) = @_;
# normalize remaining backslashes
# Perl's \\ should be equivalent to PHP's \\\
if ($value ne preg_replace(qr/(?:(\w)\\)/, '$1', $value)) {
$value .= preg_replace(qr/(?:(\w)\\)/, '$1', $value);
}
my $compare = stripslashes($value);
my @pattern = (
qr/(?:<\/\w+>\+<\w+>)/s,
qr/(?:":\d+[^"[]+")/s,
qr/(?:"?"\+\w+\+")/s,
qr/(?:"\s*;[^"]+")|(?:";[^"]+:\s*")/s,
qr/(?:"\s*(?:;|\+).{8,18}:\s*")/s,
qr/(?:";\w+=)|(?:!""&&")|(?:~)/s,
qr/(?:"?"\+""?\+?"?)|(?:;\w+=")|(?:"[|&]{2,})/s,
qr/(?:"\s*\W+")/s,
qr/(?:";\w\s*\+=\s*\w?\s*")/s,
qr/(?:"[|&;]+\s*[^|&\n]*[|&]+\s*"?)/s,
qr/(?:";\s*\w+\W+\w*\s*[|&]*")/s,
qr/(?:"\s*"\s*\.)/s,
qr/(?:\s*new\s+\w+\s*[+",])/,
qr/(?:(?:^|\s+)(?:do|else)\s+)/,
qr/(?:[{(]\s*new\s+\w+\s*[)}])/,
qr/(?:(this|self)\.)/,
qr/(?:undefined)/,
qr/(?:in\s+)/,
);
# strip out concatenations
my $converted = preg_replace(\@pattern, '', $compare);
# strip object traversal
$converted = preg_replace(qr/\w(\.\w\()/, '$1', $converted);
# normalize obfuscated method calls
$converted = preg_replace(qr/\)\s*\+/, ')', $converted);
# convert JS special numbers
$converted = preg_replace(qr/(?:\(*[.\d]e[+-]*[^a-z\W]+\)*)|(?:NaN|Infinity)\W/ims, 1, $converted);
if ($converted && ($compare ne $converted)) {
$value .= "\n" . $converted;
}
return $value;
}
#****if* IDS/_convert_from_proprietary_encodings
# NAME
# _convert_from_proprietary_encodings
# DESCRIPTION
# Collects and decodes proprietary encoding types
# INPUT
# value the string to convert
# OUTPUT
# value converted string
# SYNOPSIS
# IDS::_convert_from_proprietary_encodings($value);
#****
sub _convert_from_proprietary_encodings {
my ($value) = @_;
# Xajax error reportings
$value = preg_replace(qr/<!\[CDATA\[(\W+)\]\]>/im, '$1', $value);
# strip false alert triggering apostrophes
$value = preg_replace(qr/(\w)\"(s)/m, '$1$2', $value);
# strip quotes within typical search patterns
$value = preg_replace(qr/^"([^"=\\!><~]+)"$/, '$1', $value);
# OpenID login tokens
$value = preg_replace(qr/{[\w-]{8,9}\}(?:\{[\w=]{8}\}){2}/, '', $value);
# convert Content to null to avoid false alerts
$value = preg_replace(qr/Content|\Wdo\s/, '', $value);
# strip emoticons
$value = preg_replace(qr/(?:\s[:;]-[)\/PD]+)|(?:\s;[)PD]+)|(?:\s:[)PD]+)|-\.-|\^\^/m, '', $value);
# normalize separation char repetition
$value = preg_replace(qr/([.+~=*_\-;])\1{2,}/m, '$1', $value);
# normalize multiple single quotes
$value = preg_replace(qr/"{2,}/m, '"', $value);
# normalize quoted numerical values and asterisks
$value = preg_replace(qr/"(\d+)"/m, '$1', $value);
# normalize pipe separated request parameters
$value = preg_replace(qr/\|(\w+=\w+)/m, '&$1', $value);
# normalize ampersand listings
$value = preg_replace(qr/(\w\s)&\s(\w)/, '$1$2', $value);
return $value;
}
( run in 1.240 second using v1.01-cache-2.11-cpan-9581c071862 )