-
Notifications
You must be signed in to change notification settings - Fork 19
/
Copy pathcrash_detector.py
68 lines (64 loc) · 3.06 KB
/
crash_detector.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
import re
import typing
def get_matchers(
in_admin_or_profile: bool,
) -> typing.List["re.Pattern"]:
flags = re.DOTALL | re.IGNORECASE
matchers = [
# js redirects
re.compile("location=.{0,10}GARLIC", flags),
re.compile("location.href=.{0,10}GARLIC", flags),
re.compile("Unable to prepare statement", flags),
# This is a significant source of FPs, but feel free to enable it
# re.compile("__GARLIC_SPOOFABLE_IP_HEADER__", flags),
re.compile("__FWRITE_OF_GARLIC_DETECTED__", flags),
re.compile("__FILE_EXISTS_OF_GARLIC_DETECTED__", flags),
re.compile("fopen\\(.{0,256}GARLIC", flags),
# [^_D]GARLIC is to exclude __GARLIC and __ENDGARLIC
re.compile("require\\(.{0,256}[^_D]GARLIC", flags),
re.compile("include\\(.{0,256}[^_D]GARLIC", flags),
re.compile("readfile\\(.{0,256}[^_D]GARLIC", flags),
re.compile("require_once\\(.{0,256}[^_D]GARLIC", flags),
re.compile("include_once\\(.{0,256}[^_D]GARLIC", flags),
re.compile("file_get_contents{0,256}GARLIC", flags),
re.compile("unlink.{0,256}GARLIC", flags),
re.compile("__GARLIC_CALL__ srand\\(\\) __ENDGARLIC__", flags),
re.compile("function '.{0,30}GARLIC.{0,30}' not found", flags),
re.compile("SQL syntax.{0,2048}GARLIC", flags),
re.compile(":/bin", flags),
re.compile("<GARLIC", flags),
# Forgot quotes that allow xss?
re.compile("\\s[A-Za-z_0-9-]+\\s*=\\s*[^\\s\"']*GARLIC GARLIC", flags),
re.compile("^\\s*[A-Za-z_0-9-]+\\s*=\\s*[^\\s\"']*GARLIC GARLIC", flags),
# Let's detect escaping only double quotes in the context of a single quote
re.compile("\\s[A-Za-z_0-9-]+\\s*=\\s*'.{0,20}[^e]GARLIC\\\\*'", flags),
re.compile("^\\s*[A-Za-z_0-9-]+\\s*=\\s*'.{0,20}[^e]GARLIC\\\\*'", flags),
re.compile("GARLIC'\"", flags),
re.compile(r"GARLIC\\'\\\"", flags),
re.compile(r"GARLIC\\\\*'\\\\*\"", flags),
re.compile("Error at offset", flags),
re.compile("Parse error", flags),
re.compile("syntax error", flags),
re.compile("__GARLIC_ACCESSED__", flags),
re.compile("GARLIC.{0,256}No such file", flags),
# I decided to skip this one due to a large number of false positives.
# Feel free to uncomment.
# re.compile("GARLIC.{0,512}thrown in", flags),
re.compile("GARLIC.{0,64}[Nn]ot found", flags),
re.compile("GARLIC.{0,512}failed to open stream", flags),
re.compile("command not found", flags),
re.compile("simplexml_load_string().{0,256}error", flags),
re.compile("simplexml_load_string().{0,256}BAD XML", flags),
]
if not in_admin_or_profile:
matchers.extend(
[
re.compile("get_users", flags),
re.compile("UserFullName", flags),
re.compile("fuzz.{0,20}@example.com", flags),
re.compile("file_GARLIC", flags),
re.compile("NOT_PUBLIC_CONTENT", flags),
]
)
return matchers
return True