fix: relative API URL, escapeHtml quotes, body size limits, probe error isolation
This commit is contained in:
InfoLeak
+5
-2
@@ -52,8 +52,11 @@ async def run_scan(job: ScanJob, modules: list[str]) -> None:
|
||||
|
||||
async def probe(path: str) -> None:
|
||||
async with semaphore:
|
||||
found = await prober.probe(client, job.target_url, path)
|
||||
job.findings.extend(found)
|
||||
try:
|
||||
found = await prober.probe(client, job.target_url, path)
|
||||
job.findings.extend(found)
|
||||
except Exception:
|
||||
pass
|
||||
job.progress += 1
|
||||
|
||||
await asyncio.gather(*[probe(p) for p in paths])
|
||||
|
||||
@@ -34,7 +34,7 @@ class PathProber:
|
||||
|
||||
severity = self._severity(path)
|
||||
if response.status_code == 200:
|
||||
snippet = response.text[:200].replace("\n", " ")
|
||||
snippet = response.content[:512].decode("utf-8", errors="replace")[:200].replace("\n", " ")
|
||||
evidence = f"HTTP 200 — {snippet}" if snippet else "HTTP 200"
|
||||
else:
|
||||
evidence = "HTTP 403 (resource exists but forbidden)"
|
||||
|
||||
@@ -29,7 +29,7 @@ class ResponseInspector:
|
||||
except (httpx.ConnectError, httpx.TimeoutException, httpx.RemoteProtocolError):
|
||||
return []
|
||||
|
||||
body = response.text
|
||||
body = response.text[:524288]
|
||||
findings: list[Finding] = []
|
||||
|
||||
for severity, finding_type, pattern in _PATTERNS:
|
||||
|
||||
+3
-2
@@ -1,4 +1,4 @@
|
||||
const API = 'http://localhost:8000';
|
||||
const API = '';
|
||||
|
||||
const views = {
|
||||
starter: document.getElementById('view-starter'),
|
||||
@@ -30,7 +30,8 @@ function renderFinding(f) {
|
||||
}
|
||||
|
||||
function escapeHtml(str) {
|
||||
return str.replace(/&/g,'&').replace(/</g,'<').replace(/>/g,'>');
|
||||
return str.replace(/&/g,'&').replace(/</g,'<').replace(/>/g,'>')
|
||||
.replace(/"/g,'"').replace(/'/g,''');
|
||||
}
|
||||
|
||||
// ── Scan flow ─────────────────────────────────────────────────────────────────
|
||||
|
||||
Reference in New Issue
Block a user