concat = require('gulp-concat'), zip = require('gulp-zip'), confirm = require('gulp-confirm'), awspublish = require('gulp-awspublish'), aws = require('aws-sdk'), watch = require('gulp-watch'), batch = require('gulp-batch'), merge = require('merge-stream'), S = require('string'), path = require('path'), fs = require('fs'); var awsJson = require('./aws.json'), meta = require('./meta.json'), appName = S(meta.name).slugify().s; //////////////////////////// /// Server gulp.task('browser-sync', function () { browserSync.init({ files: ['./public/**/*'], server: { baseDir: './public/' }, ghostMode: false }); });
payload.getPageContent(function(err, content) { // did we get a error ? if(err) { // low out the error payload.error('favicon', 'Got a error trying to get the content', err); // done return setImmediate(fn, null); } // sanity check for content if(S(content || '').isEmpty() === true) return fn(null); // load up cheerio var $ = cheerio.load(content || ''); // parse the lines var lines = content.split('\n') // the defined hrefs var hrefs = []; // local line count var last_current_line = -1; // check for title tags $('link').each(function(i, elem) { // get the url var rel = $(elem).attr('rel') || ''; var href = $(elem).attr('href') || ''; var sizes = $(elem).attr('sizes') || ''; // get the sections var sections = S(rel || '').trim().s.toLowerCase().split(' '); // check if icon if(sections.indexOf('icon') === -1) return; // check the url if(S(href).isEmpty() === true) return; if(href.toLowerCase().indexOf('//') === 0 || href.toLowerCase().indexOf('http://') === 0 || href.toLowerCase().indexOf('https://') === 0) { // add to the list hrefs.push({ href: href, sizes: sizes }); } else { // go get the robots file var uri = url.parse(data.url); // update path uri.search = ''; uri.pathname = href; // add to the list hrefs.push({ href: url.format(uri), sizes: sizes }); } }); // check if defined if(hrefs.length == 0) { // add the rule // add in the favicon item payload.addRule({ message: 'Favicon not defined', key: 'favicon.missing', type: 'warning' }) // done return fn(null); } // done async.each(hrefs || [], function(item, cb) { // local link var link = item.href; var sizes = item.sizes; // request payload.doRequest({ url: link, options: { encoding: null } }, function(err, response, body) { // sanity checks if(err) return setImmediate(fn, null); if(!response) return setImmediate(fn, null); // get the status code var statusCode = response.statusCode || 500; // was this a success ? if(statusCode == 200) { // only if we found it if(response.headers['content-length']) { // parse the item var parsedLength = parseInt('' + response.headers['content-length'], 10); // check it if(parsedLength !== NaN && parsedLength !== null && parsedLength !== undefined) { // check if we can use it if(parsedLength > 1024 * 200) { // add in the favicon item /*payload.addRule({ message: 'Favicon should be small and cacheable', key: 'favicon.size', type: 'warning' }, { message: 'The favicon at $ was $', identifiers: [ faviconPath, (Math.round((parsedLength / 1024) * 100) / 100) + 'kb' ] })*/ } } } } else if(statusCode >= 300 && statusCode < 400) { // add in the favicon item payload.addRule({ message: 'Favicon request redirected', key: 'favicon.redirect', type: 'warning' }, { message: '$ was redirected', identifiers: [ link ], display: 'url', url: link }); } else { // add in the favicon item payload.addRule({ message: 'Favicon url was not found at the defined url', key: 'favicon.exists', type: 'warning' }, { message: '$ returned status code of $', identifiers: [ link, statusCode ], display: 'url', url: link }); } // send back all the rules setImmediate(cb, null) }); }, function() { // send back all the rules setImmediate(fn, null) }); });
'use strict'; const S = require('string'); const title = S('Blog Post'); console.log(title.slugify().s); // <1> console.log(title.wrapHTML('h1').s); // <2> console.log(title.wrapHTML('h1').escapeHTML().s); // <3>
glob.sync('*', {cwd: path}).forEach(function(option) { key = option.replace(/\.js$/,''); key = string(key).camelize().s; object[key] = require(path + option); });
var escapedFlagsArr = _.map(flags, function(flag) { return s(flag).trim().escapeHTML().s; });
module.exports = exports = function(payload, fn) { // get the data var data = payload.getData(); // only if SSL if(S( (data.url || '').toLowerCase() ).startsWith("https") == true) { // debugging payload.debug('fields', 'Skipping fields check as HTTPS is enabled for request'); // done return fn(null); } // get the content payload.getPageContent(function(err, content) { // check for a error if(err) { // output the error payload.error('fields', 'Problem getting the page content', err); // done return fn(err); } // check if the content is not empty if(S(content || '').isEmpty() === true) { // debug payload.warning('fields', 'The content given was empty or blank'); // done return fn(null); } // parse the url var uri = url.parse(data.url); // load the content var $ = cheerio.load(content || ''); // get the lines of the file var lines = content.split('\n'); // the last line for the code search var lastLine = -1; // flag if we found credit cards on this page var creditCardFlag = false; var passwordFlag = false; // loop the fields on the page $('body input').each(function(index, elem) { // get the type of the input var fieldType = $(elem).attr('type') || ''; var fieldAuto = $(elem).attr('autocomplete'); var fieldName = S($(elem).attr('name') || '').truncate(255).s; // check if we found the type if(S(fieldType || '').isEmpty() === true) { // debug payload.debug('fields', fieldType + ' was blank'); // done return; } // check if password and protocol HTTPS if(fieldType == 'text' && (uri.protocol || '').indexOf('http:') === 0 && creditCardFlag == false) { // did we find the flag var localCreditFlag = false; // check if CC if((fieldAuto || '').toLowerCase().indexOf('cc-') === 0) { // yeap yeap localCreditFlag = true; } // loop the patterns for(var i = 0; i < CARD_PATTERNS.length; i++) { // sanity check if(localCreditFlag === true) break; // check if this has anything to do with credit card information if(fieldName.match(CARD_PATTERNS[i]) !== null) { // debug payload.debug('fields', CARD_PATTERNS[i] + ' matched for the name: ' + fieldName); // set done localCreditFlag = true; // break it break; } } // should we add it ? if(localCreditFlag === true) { // build a code snippet var build = payload.getSnippetManager().build(lines, lastLine, function(line) { return line.toLowerCase().indexOf('<input') !== -1 && line.toLowerCase().indexOf('type="' + fieldType) !== -1; }); // check if we got it if(build) { // set the subject lastLine = build.subject; // set as flagged creditCardFlag = true; // the occurrence to add var occurrence = { message: '', identifiers: '', display: 'code', code: build }; // if the name is blank if(S(fieldName || '').isEmpty() === false) { // yeap try and fallback to the autocomplete occurrence.message = '<input name="$"'; occurrence.identifiers = [ fieldName ]; } else if(S(fieldAuto || '').isEmpty() === false) { // yeap try and fallback to the autocomplete occurrence.message = '<input autocomplete="$"'; occurrence.identifiers = [ fieldAuto ]; } else { // well kinda out of ideas here occurrence.message = '<input type="$" />'; occurrence.identifiers = [ fieldType ]; } // add the rule payload.addRule({ type: 'critical', key: 'fields.creditcard', message: 'Page will be marked as unsecure because of credit card input' }, occurrence); } } } // check if password and protocol HTTPS if(fieldType == 'password' && (uri.protocol || '').indexOf('http:') === 0 && passwordFlag == false) { // build a code snippet var build = payload.getSnippetManager().build(lines, lastLine, function(line) { return line.toLowerCase().indexOf('<input') !== -1 && line.toLowerCase().indexOf('type="' + fieldType) !== -1; }); // check if we got it if(build) { // set the subject lastLine = build.subject; // set as flagged passwordFlag = true; // add the rule payload.addRule({ type: 'critical', key: 'fields.password', message: 'Page will be marked as unsecure because of password input' }, { message: '<input name="$"', identifiers: [ uri.hostname ], display: 'code', code: build }); } } }); // done ! fn(null); }); };
add: function (name, rest, force) { name = S(name).capitalize(); addPackage(name, !!rest, !!force); },
dataKeys.forEach(k => (json[S(k).underscore()] = _this.driver.profile.data[k]));
function checkValidity(type){ var filetype = "binary"; if( STRING(type).contains( 'rtf' ) ){ type = 'T'; filetype = "google"; }else if( STRING(type).contains( 'tiff' ) ){ type = 'T'; filetype = "google"; }else if( STRING(type).contains( 'text' ) ){ type = 'T'; filetype = "text"; }else if ( STRING(type).contains( 'inode' ) ){ type = 'T'; filetype = "text"; }else if ( STRING(type).contains( 'open' ) ){ type = 'T'; filetype = "google"; }else if ( STRING(type).contains( 'json' ) ){ type = 'T'; filetype = "text"; }else if ( STRING(type).contains( 'script' ) ){ type = 'T'; filetype = "text"; }else if ( STRING(type).contains( 'xml' ) ){ type = 'T'; filetype = "text"; }else if ( STRING(type).contains( 'x-tex' ) ){ type = 'T'; filetype = "text"; }else if ( STRING(type).contains( 'plain' ) ){ type = 'T'; filetype = "text"; }else if ( STRING(type).contains( 'binary' ) ){ type = 'F'; }else if ( STRING(type).contains( 'zip' ) ){ type = 'F'; }else if ( STRING(type).contains( 'excel' ) ){ type = 'T'; filetype = "google"; }else if ( STRING(type).contains( 'chemical' ) ){ type = 'F'; }else if ( STRING(type).contains( 'word' ) ){ type = 'T'; filetype = "google"; }else if ( STRING(type).contains( 'world' ) ){ type = 'T'; filetype = "google"; }else if ( STRING(type).contains( 'koan' ) ){ type = 'F'; }else if ( STRING(type).contains( 'powerpoint' ) ){ type = 'T'; filetype = "google"; }else if ( STRING(type).contains( 'octet-stream' ) ){ type = 'F'; }else if ( STRING(type).contains( 'project' ) ){ type = 'T'; filetype = "google"; }else if ( STRING(type).contains( 'fractals' ) ){ type = 'F'; }else if ( STRING(type).contains( 'class' ) ){ type = 'F'; }else if ( STRING(type).contains( 'tar' ) ){ type = 'F'; }else if ( STRING(type).contains( 'book' ) ){ type = 'F'; }else if ( STRING(type).contains( 'binhex' ) ){ type = 'F'; }else if ( STRING(type).contains( 'model' ) ){ type = 'F'; }else if ( STRING(type).contains( 'pdf' ) ){ type = 'T'; filetype = "google"; }else if ( STRING(type).contains( 'hlp' ) ){ type = 'T'; filetype = "google"; }else if ( STRING(type).contains( 'help' ) ){ type = 'T'; filetype = "google"; }else if ( STRING(type).contains( 'compressed' ) ){ type = 'F'; }else if ( STRING(type).contains( 'visio' ) ){ type = 'T'; filetype = "google"; }else if ( STRING(type).contains( 'movie' ) ){ type = 'T'; filetype = "google"; }else if ( STRING(type).contains( 'flash' ) ){ type = 'T'; filetype = "image"; }else if ( STRING(type).contains( 'music' ) ){ type = 'T'; filetype = "google"; }else if ( STRING(type).contains( 'media' ) ){ type = 'F'; }else if ( STRING(type).contains( 'image' ) ){ type = 'T'; filetype = "image"; }else if ( STRING(type).contains( 'audio' ) ){ type = 'T'; filetype = "google"; }else if ( STRING(type).contains( 'video' ) ){ type = 'T'; filetype = "google"; }else if ( STRING(type).contains( 'vnd.' ) ){ type = 'F'; }else{ type = 'F'; } response = { loadable: type, filetype:filetype }; return JSON.stringify( response );; }
module.exports = exports = function(payload, options, fn) { // pull out the params we can use var address = options.address; var algorithm = options.algorithm; var client = options.client; var socket = options.client; // get the data var data = payload.getData(); // only if SSL if(S( data.url.toLowerCase() ).startsWith("https") == false) return fn(null); // get the SSL var ssl = new OpenSSL(payload, address, socket); // parse the url var uri = url.parse( data.url ); // build the commands to send var args = [ 'echo', 'QUIT', '|', ssl.getExecutable(), 's_client', '-CApath', '/etc/ssl/certs', '-status', '-tlsextdebug', '-connect', address + ':' + (uri.port || 443), '-servername', uri.hostname ]; // execute the actual process ssl.exec(args.join(' '), function(err, stdout, stderr) { // check the error if(err) { // output the rror payload.debug('checks', 'Something went wrong checking the FREAK attack', err); // done return fn(null); } // to string just in case stdout = (stdout || '').toString(); stderr = (stderr || '').toString(); // check if client connected if(stdout.toLowerCase().indexOf('connected(') == -1) return fn(null); // split up the lines var lines = (stdout + '\n' + stderr).split('\n'); // check if the server has SNI configured if(stdout.toLowerCase().indexOf('tls server extension "server name"') === -1) { // build a code sample var build = payload.getSnippetManager().build( lines, -1, function(line) { return line.toLowerCase().indexOf('tls server extension "server name"') != -1; }); // add the vunerable rule payload.addRule({ type: 'warning', key: 'sni', message: 'Enable SNI' }, { display: 'code', message: '$ does not have SNI enabled', code: build, identifiers: [ address ] }); } // match OSCP var oscpResult = new RegExp(/OCSP\s+Response\s+Status\:\s+(.*)/gi).exec(stdout); // check if the server has SNI configured if(oscpResult) { // get the code var oscpCode = oscpResult[1]; // if not success full ? if((oscpCode || '').toLowerCase().indexOf('success') === -1) { // build a code sample var build = payload.getSnippetManager().build( lines, -1, function(line) { return line.toLowerCase().indexOf('ocsp response status') != -1; }); // add the vunerable rule payload.addRule({ type: 'critical', key: 'oscp.cert', message: 'OCSP status did not report as successful' }, { message: 'The server at $ responded with the OSCP status $', identifiers: [ address, oscpCode ], code: build, display: 'code' }); } } // get the OCP status var ocpStatus = stdout.match(/ocsp\s+response\:\s+(.*)/gi); // check if we found the status if(ocpStatus) { // check if revoked if((ocpStatus[1] || '').toLowerCase().indexOf('revoked') != -1) { // build a code sample var build = payload.getSnippetManager().build( lines, -1, function(line) { return line.toLowerCase().indexOf('ocsp response') != -1; }); // add the vunerable rule payload.addRule({ type: 'critical', key: 'ocsp.cert', message: 'OCSP reports that certificate is revoked' }, { display: 'code', message: '$ reported $ as OSCP status', code: build, identifiers: [ address, ocpStatus[1] ] }); } } // done ! fn(null); }); };
keys.forEach(k => (json[S(k).underscore()] = _this.driver.user[k]));
function toSSML(statement) { if (!statement) return null; if (S(statement).startsWith('<speak>')) return statement; statement = statement.replace(/&/g, '&'); //Hack. Full xml escaping would be better, but the & is currently the only special character used. return '<speak>' + statement + '</speak>'; }
var symbolicateEntry = function(metaInfo, entry, cb) { var isMac = (process.platform === 'darwin'); var ATOS_TOOL = isMac?'atos':'atosl', DEV_SUPP_PATH = isMac?'~/Library/Developer/Xcode/iOS\ DeviceSupport':'/opt/xcode', SYS_FW_PATH = '/Symbols/System/Library/Frameworks', SYS_DYLIB_PATH = '/Symbols/usr/lib/system/'; // Ex: atos -o xyz.dSYM -arch arm64 -l 0x26312000 0x2638dfb4 var cmdTemplate; if(isMac) cmdTemplate = "{{ATOS_TOOL}} -o {{SYM_FILE}} -arch {{ARCH}} -l {{OBJECT_ADDR}} {{INSTRUCTION_ADDR}}"; else cmdTemplate = "{{ATOS_TOOL}} -o {{SYM_FILE}} --arch {{ARCH}} -l {{OBJECT_ADDR}} {{INSTRUCTION_ADDR}}"; // Ex: ~/Library/Developer/Xcode/iOS\ DeviceSupport/9.2.1\ \(13D15\) // If we are using single version of system symbol files point that path here. var systemSymbolsPath = S("{{SYS_VER}} \\({{OS_VER}}\\)").template({'SYS_VER': metaInfo.system_version, 'OS_VER': metaInfo.os_version}).s; var nonProcessSymFile = path.join(DEV_SUPP_PATH, systemSymbolsPath).replace(/ /g, '\\ '); var hexSymbols = {}, toSymbolicate = [], object_name = entry.object_name; if (_.isEmpty(object_name)) { cb(null, entry); return; } _.each(entry.symbols, function(name, decimalAddr) { var hex = nc.convert(decimalAddr); hexSymbols[hex] = name; toSymbolicate.push(hex); }) // TODO: If symbol name exists then skip from symbolication. entry.symbols = hexSymbols; entry.object_addr = nc.convert(entry.object_addr); entry.symbol_addr = nc.convert(entry.symbol_addr); var values = {}; if (object_name === metaInfo.process_name) { values = { 'ATOS_TOOL': ATOS_TOOL, 'SYM_FILE' : metaInfo.dSYMPath, 'ARCH' : ((metaInfo.cpu_arch === 'armv7s')?'armv7':metaInfo.cpu_arch), 'OBJECT_ADDR': entry.object_addr, 'INSTRUCTION_ADDR': toSymbolicate.join(' ') }; } else if (S(object_name).endsWith('dylib')) { // TODO: Check in ../SYS_DYLIB_PATH as well for libs like sqlite values = { 'ATOS_TOOL': ATOS_TOOL, 'SYM_FILE' : path.join(nonProcessSymFile, SYS_DYLIB_PATH, entry.object_name), 'ARCH' : ((metaInfo.cpu_arch === 'armv7')?'armv7s':metaInfo.cpu_arch), 'OBJECT_ADDR': entry.object_addr, 'INSTRUCTION_ADDR': toSymbolicate.join(' ') }; } else { // TODO: When not found check in PrivateFrameworks folder also. values = { 'ATOS_TOOL': ATOS_TOOL, // Ex: <nonProcessSymFile>/System/Library/Frameworks/UIKit.framework/UIKit 'SYM_FILE' : path.join(nonProcessSymFile, SYS_FW_PATH, entry.object_name+'.framework', entry.object_name), 'ARCH' : ((metaInfo.cpu_arch === 'armv7')?'armv7s':metaInfo.cpu_arch), 'OBJECT_ADDR': entry.object_addr, 'INSTRUCTION_ADDR': toSymbolicate.join(' ') }; } var cmd = S(cmdTemplate).template(values).s; exec(cmd, function(err, stdout, stderr) { if (err) { if (verbose) console.log('***error:'+cmd+':'+stderr); if (strict) cb(err); else cb(null, entry); } else { if (_.isEmpty(stdout)) { if (strict) cb(new Error("Empty result from "+cmd)); else cb(null, entry); } else { var names = S(S(stdout).trim().s).lines(); var symbolNames = _.object(toSymbolicate, names); entry.symbols = symbolNames; cb(null, entry); } } }); }
},(err,res,body)=>{ if(!err&&res.statusCode===200){ if(typeof body==="undefined"||body==""){ console.log("body null"); retryNum++; setTimeout(function(){ getSeeds(term,current_index); },again_time*1000); return; } var content = JSON.parse(body); var q_request = content['queries']['request']; var q_num = content['queries']['totalResults']; var q_nextPage = content['queries']['nextPage']; var q_items = content['items']; fs.appendFile('./demo1.list',JSON.stringify(body,null,2)+'\n\n',()=>{ }); fs.appendFile('./demo2.list',JSON.stringify(content,null,2)+'\n\n',()=>{ }); if(typeof q_items==='undefined'){ writeLog('Can\'t get available seedname:\n'+body,'error','append',0); return; } //TODO:testing if(q_num=="0"||q_num==0){ count_index=101; } else{ var seeds=""; var i; for(i=0;i<q_items.length;i++){ if(q_items[i]['link'].indexOf('profile')!=-1){ continue; } var seedname = S(q_items[i]['link']).between('facebook.com/','/').s; if(seedname==""||typeof seedname==="undefined"){ seedname = S(q_items[i]['link']).strip('https://www.facebook.com/').s; seedname = S(seedname).strip('https://zh-tw.facebook.com/').s; seedname = S(seedname).strip('https://tw.facebook.com/').s; seedname = S(seedname).strip('https://tw.facebook.com/').s; seedname = S(seedname).strip('http://zh-tw.facebook.com/').s; seedname = S(seedname).strip('jp.facebook.com/').s; var another = seedname.split('?'); if(another.length>=2){ seedname=another[0]; } } if(seedname=='business'||seedname=='commerce'){ continue; } if(seedname==""||typeof seedname==="undefined"){ writeLog('Can\'t get available seedname:'+q_items[i]['link'],'error','append',0); } else{ getSeedID(seedname); } } //console.log('next page:'+JSON.stringify(q_nextPage)); if(typeof q_nextPage==="undefined"&&q_request['count']!=10){ writeLog('Can\'t get available seedname:'+JSON.stringify(content,null,2),'error','append',0); count_index=101; } else if(typeof q_nextPage==="undefined"&&q_request['count']==10){ console.log("q_nextPage retry"); retryNum++; setTimeout(function(){ getSeeds(term,current_index); },again_time*1000); return; } else{ console.log(q_nextPage[0]['startIndex']); count_index = q_nextPage[0]['startIndex']; if(q_nextPage[0]['startIndex']<101){ setTimeout(()=>{ getSeeds(term,q_nextPage[0]['startIndex']); },require_Interval*1000); } } } } else{ var msg=""; if(res){ if(res.statusCode>=500&&res.statusCode<600){ console.log("[getSeeds] retry code:"+res.statusCode); retryNum++; setTimeout(function(){ getSeeds(term,current_index); },again_time*1000); return; } else if(res['body']){ let info = JSON.parse(res['body']); if(info['error']['message'].indexOf("Daily Limit Exceeded")!=-1||info['error']['message'].indexOf('billing')!=-1){ writeLog(info['error']['message'],'process','append',0); key_index++; if(key_index>=googlekey.length){ console.log('All keys be used...'); writeLog('All keys be used...','process','append',0); } else{ //console.log('googlekey.length:'+googlekey.length); console.log('Use next key...['+key_index+']'); writeLog('Use next key...['+key_index+']','process','append',0); getSeeds(term,current_index); } } else{ console.log(info['error']['message']); writeLog(info['error']['message'],'error','append',1); } } msg = JSON.stringify(res,null,2); } else if(err){ if(err.code.indexOf('TIMEDOUT')!=-1){ console.log('getSeeds:'+err.code); retryNum++; setTimeout(function(){ getSeeds(term,current_index); },again_time*1000); return; } msg = JSON.stringify(err,null,2); } writeLog(msg,'error','append',0); } });
return str.split(/\r?\n/).map(function(line) { return S(" ").times(width || 2).s + line; }).join("\n");
_(ninjas).filter(function (ninja) { return S(ninja.name.toLowerCase()).contains(ss); }).each(function(ninja) {
this.request( url, params, function(err, res){ var type = S( S( S(res.Mensaje).stripTags().s.split(':')[1] ).trim().s ).capitalize().s; callback( type ); });
const pathSlugs = sanitizedPath.map(part => { const slugPart = S(part).dasherize().chompLeft('-').s return slugPart })
$('body input').each(function(index, elem) { // get the type of the input var fieldType = $(elem).attr('type') || ''; var fieldAuto = $(elem).attr('autocomplete'); var fieldName = S($(elem).attr('name') || '').truncate(255).s; // check if we found the type if(S(fieldType || '').isEmpty() === true) { // debug payload.debug('fields', fieldType + ' was blank'); // done return; } // check if password and protocol HTTPS if(fieldType == 'text' && (uri.protocol || '').indexOf('http:') === 0 && creditCardFlag == false) { // did we find the flag var localCreditFlag = false; // check if CC if((fieldAuto || '').toLowerCase().indexOf('cc-') === 0) { // yeap yeap localCreditFlag = true; } // loop the patterns for(var i = 0; i < CARD_PATTERNS.length; i++) { // sanity check if(localCreditFlag === true) break; // check if this has anything to do with credit card information if(fieldName.match(CARD_PATTERNS[i]) !== null) { // debug payload.debug('fields', CARD_PATTERNS[i] + ' matched for the name: ' + fieldName); // set done localCreditFlag = true; // break it break; } } // should we add it ? if(localCreditFlag === true) { // build a code snippet var build = payload.getSnippetManager().build(lines, lastLine, function(line) { return line.toLowerCase().indexOf('<input') !== -1 && line.toLowerCase().indexOf('type="' + fieldType) !== -1; }); // check if we got it if(build) { // set the subject lastLine = build.subject; // set as flagged creditCardFlag = true; // the occurrence to add var occurrence = { message: '', identifiers: '', display: 'code', code: build }; // if the name is blank if(S(fieldName || '').isEmpty() === false) { // yeap try and fallback to the autocomplete occurrence.message = '<input name="$"'; occurrence.identifiers = [ fieldName ]; } else if(S(fieldAuto || '').isEmpty() === false) { // yeap try and fallback to the autocomplete occurrence.message = '<input autocomplete="$"'; occurrence.identifiers = [ fieldAuto ]; } else { // well kinda out of ideas here occurrence.message = '<input type="$" />'; occurrence.identifiers = [ fieldType ]; } // add the rule payload.addRule({ type: 'critical', key: 'fields.creditcard', message: 'Page will be marked as unsecure because of credit card input' }, occurrence); } } } // check if password and protocol HTTPS if(fieldType == 'password' && (uri.protocol || '').indexOf('http:') === 0 && passwordFlag == false) { // build a code snippet var build = payload.getSnippetManager().build(lines, lastLine, function(line) { return line.toLowerCase().indexOf('<input') !== -1 && line.toLowerCase().indexOf('type="' + fieldType) !== -1; }); // check if we got it if(build) { // set the subject lastLine = build.subject; // set as flagged passwordFlag = true; // add the rule payload.addRule({ type: 'critical', key: 'fields.password', message: 'Page will be marked as unsecure because of password input' }, { message: '<input name="$"', identifiers: [ uri.hostname ], display: 'code', code: build }); } } });
var publicRoute = _.find(reporter.authentication.publicRoutes, function (r) { return S(req.url).startsWith(r); });
// // Class that represents a task loaded from a file. // function Task(taskName, relativeFilePath, fullFilePath, log, validate, taskRunner) { assert.isString(taskName); assert.isString(relativeFilePath); assert.isString(fullFilePath); assert.isFunction(log.info); assert.isFunction(log.error); assert.isFunction(log.warn); assert.isFunction(log.verbose); assert.isObject(validate); assert.isObject(taskRunner); assert.isFunction(taskRunner.getTask); var self = this; self.taskName = taskName; self.relativeFilePath = relativeFilePath; self.fullFilePath = fullFilePath; var resolvedDependencies = []; if (S(fullFilePath).endsWith(".js")) { var moduleLoadFunction = require(fullFilePath); if (!moduleLoadFunction || !Object.isFunction(moduleLoadFunction)) { throw new Error('Task module ' + fullFilePath + ' should export a function.'); } else { self.module = moduleLoadFunction(log, validate, taskRunner); } } // // The name of this task. // self.name = function () { return self.taskName; }; // // Gets the tasks that this task depends on. // Returns a promise, just in case the task needs some time to figure out it's dependencies. // var establishDependencies = function (config) { assert.isObject(config); if (!self.module) { return Promise.resolve([]); } if (!self.module.dependsOn) { return Promise.resolve([]); } var dependencies; if (Object.isFunction(self.module.dependsOn)) { dependencies = self.module.dependsOn(config); } else { dependencies = self.module.dependsOn; } // // Normalize dependencies. // var normalizeDependencies = function (dependencies) { assert.isArray(dependencies); // Normalize dependencies. return E.from(dependencies) .select(function (dependency) { if (util.isObject(dependency)) { if (!dependency.configure) { // Auto-supply a configure function. dependency.configure = function () { return []; }; } return dependency; } else { assert.isString(dependency); return { task: dependency, configure: function () { return {}; // No effect. }, }; } }) .toArray(); }; if (util.isFunction(dependencies.then)) { // Assume dependencies is a promise. return dependencies .then(function (deps) { return normalizeDependencies(deps); }); } else { return Promise.resolve(normalizeDependencies(dependencies)); } }; // // Resolve dependencies for the task. // self.resolveDependencies = function (config) { assert.isObject(config); assert.isObject(taskRunner); assert.isFunction(taskRunner.getTask); try { return establishDependencies(config) .then(function (deps) { resolvedDependencies = deps; resolvedDependencies.forEach(function (dependency) { dependency.resolvedTask = taskRunner.getTask(dependency.task); }); return E.from(resolvedDependencies) .select(function (dependency) { return dependency.resolvedTask; }) .aggregate(Promise.resolve(), function (prevPromise, dependencyTask) { return prevPromise.then(function () { return dependencyTask.resolveDependencies(config); }); }); }); } catch (err) { log.error('Exception while resolving dependencies for task: ' + self.name() + "\r\n" + err.stack); throw err; } }; // // Validate the task. // self.validate = function (configOverride, config, tasksValidated) { assert.isObject(configOverride); assert.isObject(config); assert.isObject(tasksValidated); var taskName = self.name(); var taskKey = taskName + '_' + hash(configOverride); if (tasksValidated[taskKey]) { //todo: include the hash code here for the task and it's configuration. // Skip tasks that have already been satisfied. return Promise.resolve(); } config.push(configOverride); // // Run sequential dependencies. // return self.configure(config) //todo: rename this to 'setup', but probably will want a cleanup as well!! .then(function () { return E.from(resolvedDependencies) .aggregate( Promise.resolve(), // Starting promise. function (prevPromise, dependency) { return prevPromise .then(function () { return dependency.configure(config); }) .then(function (configOverride) { assert.isObject(configOverride); return dependency.resolvedTask.validate(configOverride, config, tasksValidated); }); } ); }) .then(function () { tasksValidated[taskKey] = true; // Make that the task has been invoked. //log.info("Validating " + taskName); if (!self.module) { //log.warn("Task not implemented: " + taskName); return; } else if (!self.module.validate) { return; } try { var resultingPromise = self.module.validate.apply(this, [config]); if (resultingPromise) { return resultingPromise.then(function (result) { //log.info("Validated " + taskName); return result; }) } else { //log.info("Validated " + taskName); } } catch (e) { log.error("Exception while validating task: " + taskName); throw e; } }) .then(function () { config.pop(); // Restore previous config. }) .catch(function (e) { config.pop(); // Restore previous config. throw e; // Propagate error. }); }; // // Configure the task. // self.configure = function (config) { assert.isObject(config); if (self.module.configure) { var promise = self.module.configure.apply(this, [config]) if (promise) { return promise; } } return Q(); }; // // Invoke the task. // self.invoke = function (configOverride, config, tasksInvoked) { assert.isObject(configOverride); assert.isObject(config); assert.isObject(tasksInvoked); var taskName = self.name(); var taskKey = taskName + '_' + hash(configOverride); if (tasksInvoked[taskKey]) { // Skip tasks that have already been satisfied. return Promise.resolve(); } config.push(configOverride); // // Run sequential dependencies. // return self.configure(config) //todo: rename this to 'setup' .then(function () { return E.from(resolvedDependencies) .aggregate( Promise.resolve(), // Starting promise. function (prevPromise, dependency) { return prevPromise .then(function () { return dependency.configure(config); }) .then(function (configOverride) { assert.isObject(configOverride); return dependency.resolvedTask.invoke(configOverride, config, tasksInvoked); }); } ); }) .then(function () { tasksInvoked[taskKey] = true; // Make that the task has been invoked. if (!self.module) { log.warn("Task not implemented: " + taskName); return; } else if (!self.module.invoke) { return; } log.info(taskName); try { var stopWatch = new Stopwatch(); stopWatch.start(); var resultingPromise = self.module.invoke.apply(this, [config]); if (resultingPromise) { return resultingPromise.then(function (result) { stopWatch.stop(); log.info(taskName + " completed : " + (stopWatch.read() * 0.001).toFixed(2) + " seconds"); return result; }) .catch(function (ex) { stopWatch.stop(); log.info(taskName + " failed : " + (stopWatch.read() * 0.001).toFixed(2) + " seconds"); throw ex; }) } else { stopWatch.stop(); log.info(taskName + " completed : " + (stopWatch.read() * 0.001).toFixed(2) + " seconds"); } } catch (ex) { stopWatch.stop(); log.info(taskName + " exception : " + (stopWatch.read() * 0.001).toFixed(2) + " seconds"); throw ex; } }) .then(function () { config.pop(); // Restore previous config. }) .catch(function (ex) { config.pop(); // Restore previous config. throw ex; // Propagate error. }); }; var makeIndent = function (indentLevel) { var output = ""; while (indentLevel-- > 0) { output += "#"; } return output; }; self.genTree = function (indentLevel) { var output = makeIndent(indentLevel); output += self.name(); output += "\n"; resolvedDependencies.forEach(function (dependency) { output += dependency.resolvedTask.genTree(indentLevel+1); }); return output; }; };
function isNestedListArray(s){ if(! S(s).contains('¶') ) return false s = S(s).replaceAll('\\¶', '*|*').s; return ( S(s).contains('¶') ) }
const jsonString = require('jsonstring'); var Twitter = require('twitter'); var fs = require('fs'); var s = require('string'); var accessTokens = { consumer_key: "", consumer_secret: "", access_token_key: "", access_token_secret: "" }; var tokens = fs.readFileSync('./Configuration/tokensApp.txt', 'utf8'); tokens += fs.readFileSync('./Configuration/tokensUser.txt', 'utf8'); if (s(tokens).contains('\r\n')) { var tab = tokens.split('\r\n').map(function (val) { return val; }); } else if (s(tokens).contains('\n')) { var tab = tokens.split('\n').map(function (val) { return val; }); } else { var tab = tokens.split('\r').map(function (val) { return val; }); } tab.forEach(function(item){ var token = item.split('=').map(function(val){
var match = _.find(alternativeNames, function(name) { return S(name.toLowerCase()).contains(queryString); });
var escapedTypesArr = _.map(types, function(type) { return s(type).trim().escapeHTML().s; });
this.words.map(function(word) { if(S(textLine.toUpperCase()).contains(word.toUpperCase())) result = true; })
_.each(response.body.views, function(view) { if (S(view.filter.query.toLowerCase()).contains(check[0]) || S(view.filter.query.toLowerCase()).contains(check[1])) { rapids.push(view); } });
this.compile = function(page) { var ms = null,i=0,m; //remove java tag if(ms = page.match(/\<\%\@.*\%\>/ig)){ for(i=0; m=ms[i]; i++) { page = page.replace(m, ''); } } var cSetBegins = 0; if (ms = page.match(/\<c\:set.*\>/ig)) { for(i=0; m=ms[i]; i++) { var _ms = m.match(/\<c\:set.*?var=\"(.*?)\".*?value=\"(\$\{.*?\}.*?)\"\>/i);//if value of cset is variable like 'value="${num}"' or like 'value="${num}/123456"' if (_ms) { var value = _ms[2]; var variable = '${'+_ms[1]+'}'; page = S(page).replaceAll(variable,value).s; cSetBegins++; } var _ms = m.match(/\<c\:set.*?var=\"(.*?)\".*?value=\"(.*?)\".*?\>/i);//if value of cset is constant like 'value="123"' if (_ms) { var value = _ms[2]; var variable = '${'+_ms[1]+'}'; page = S(page).replaceAll(variable,value).s; cSetBegins++; } page = page.replace(m,''); } } var cSetEnds = 0; if (ms = page.match(/\<\/c\:set.*\>/ig)) { for(i=0; m=ms[i]; i++) { page = page.replace(m,''); cSetEnds++; } } var foreachBegins = 0; if (ms = page.match(/\<c\:forEach.*?\>/ig))//do not support varStatus attribute { for(i=0; m=ms[i]; i++) { // console.log("m:" + m); var onlyBeginAndEnd = true;//flag that decides if only begin and end attributes in foreach tag var _ms = m.match(/\<c\:forEach.*?\$\{(.*)\}.*?var=\"(.*?)\"(.*?)\>/i);//compile foreach:var is behind items,include begin and end attributes if (_ms) { var variable = this._replace_var_name_jsp(_ms[1]); var item = _ms[2]; var option = _ms[3]; var beginAndEnd = option.match(/.*?begin.*?end.*?/i); if(beginAndEnd){ var beiginNum = option.match(/begin="(\d+)"/i)[1]; var endNum = option.match(/end="(\d+)"/i)[1]; var code = '(function()\n{\nvar __var = '+variable+';\nfor(var __key in __var)\n{\nif(__key >= '+beiginNum+' && __key <= '+endNum+')\n{\nthis.data[\"'+item+'\"] = __var[__key];\n'; }else{ var code = '(function()\n{\nvar __var = '+variable+';\nfor(var __key in __var)\n{\nif(true)\n{\nthis.data[\"'+item+'\"] = __var[__key]; \n'; } codeBlocks.push(code); page = page.replace(m,'{{{{EndSkin.codeblock['+(codeBlocks.length-1)+']}}}}'); onlyBeginAndEnd = false; } var _ms = m.match(/\<c\:forEach.*?var=\"(.*?)\".*?\$\{(.*)\}\"(.*?)\>/i);//compile foreach:items is behind var,include begin and end attributes if (_ms) { var variable = this._replace_var_name_jsp(_ms[2]); var item = _ms[1]; var option = _ms[3]; var beginAndEnd = option.match(/.*?begin.*?end.*?/i); if(beginAndEnd){ var beiginNum = option.match(/begin="(\d+)"/i)[1]; var endNum = option.match(/end="(\d+)"/i)[1]; var code = '(function()\n{\nvar __var = '+variable+';\nfor(var __key in __var)\n{\nif(__key >= '+beiginNum+' && __key <= '+endNum+')\n{\nthis.data[\"'+item+'\"] = __var[__key];\n'; }else{ var code = '(function()\n{\nvar __var = '+variable+';\nfor(var __key in __var)\n{\nif(true)\n{\nthis.data[\"'+item+'\"] = __var[__key]; \n'; } codeBlocks.push(code); page = page.replace(m,'{{{{EndSkin.codeblock['+(codeBlocks.length-1)+']}}}}'); onlyBeginAndEnd = false; } if(onlyBeginAndEnd){//compile foreach:there is no items and var,just begin and end attributes var _ms = m.match(/\<c\:forEach.*?begin="(\d+)".*?end="(\d+)".*?\>/i); if(_ms){ var beginNum = _ms[1]; var endNum = _ms[2]; var code = '(function()\n{\nfor(var i = '+beginNum+';i<='+endNum+';i++)\n{\nif(true)\n{\n'; codeBlocks.push(code); page = page.replace(m,'{{{{EndSkin.codeblock['+(codeBlocks.length-1)+']}}}}'); } } foreachBegins++; } } var foreachEnds = 0; if (ms = page.match(/\<\/c:forEach>/ig)) { // console.log(ms); for(i=0; m=ms[i]; i++) { var code = '}\n}\n}).call(this);\n'; codeBlocks.push(code); page = page.replace(m,'{{{{EndSkin.codeblock['+(codeBlocks.length-1)+']}}}}'); foreachEnds++; } } var ifBegins = 0;//support complex expression if (ms = page.match(/\<c\:if.*?\"\s*\>/ig))//types:1 x>2;2 y > x;3 x;4 x==='test',support || or && like "a > 1 && b <10" { // console.log(ms); for(i=0; m=ms[i]; i++) { var _ms = m.match(/\<c\:if.*?test=\"\$\{(.*?)\}.*?\>/i); if (_ms) { var code = 'if ('; var _msMatch = _ms[1].match(/\s*(\w*)\s*(>=|<=|===|==|<|>|!==|!=)?\s*(\'.*\'|\w*)?\s*(&&|\|\|)?(.*)/i); while(_msMatch){//recursive process that compiles if-expression to js code var variable = this._replace_var_name_jsp(_msMatch[1]); if(_msMatch[2]){ var cond = _msMatch[2] + _msMatch[3]; code = code + variable + cond; }else{ code = code + variable; } if(_msMatch[4]){ code = code + _msMatch[4]; _msMatch = _msMatch[5].match(/\s*(\w*)\s*(>=|<=|===|==|<|>|!==|!=)?\s*(\'.*\'|\w*)?\s*(&&|\|\|)?(.*)/i); }else{ _msMatch = ''; } } code = code + ')\n{\n'; codeBlocks.push(code); page = page.replace(m,'{{{{EndSkin.codeblock['+(codeBlocks.length-1)+']}}}}'); ifBegins++; } } } var ifEnds = 0; if (ms = page.match(/\<\/c\:if>/ig)) { for(i=0; m=ms[i]; i++) { var code = '}\n'; codeBlocks.push(code); page = page.replace(m,'{{{{EndSkin.codeblock['+(codeBlocks.length-1)+']}}}}'); ifEnds++; } } var cwhenBegins = 0;//support complex expression if (ms = page.match(/\<c\:when.*\"\s*>/ig))//types:1 x>2;2 y > x;3 x;4 x==='test',support || or && like "a > 1 && b <10" { // console.log(ms); for(i=0; m=ms[i]; i++) { var _ms = m.match(/\<c\:when.*?test=\"\$\{(.*?)\}.*?\>/i); if (_ms) { var code = 'case ('; var _msMatch = _ms[1].match(/\s*(\w*)\s*(>=|<=|===|==|<|>|!==|!=)?\s*(\'.*\'|\w*)?\s*(&&|\|\|)?(.*)/i); while(_msMatch){//recursive process that compiles when-expression to js code var variable = this._replace_var_name_jsp(_msMatch[1]); if(_msMatch[2]){ var cond = _msMatch[2] + _msMatch[3]; code = code + variable + cond; }else{ code = code + variable; } if(_msMatch[4]){ code = code + _msMatch[4]; _msMatch = _msMatch[5].match(/\s*(\w*)\s*(>=|<=|===|==|<|>|!==|!=)?\s*(\'.*\'|\w*)?\s*(&&|\|\|)?(.*)/i); }else{ _msMatch = ''; } } code = code + '):'; // console.log(code); codeBlocks.push(code); page = page.replace(m,'{{{{EndSkin.codeblock['+(codeBlocks.length-1)+']}}}}'); cwhenBegins++; } } } var cWhenEnds = 0; if (ms = page.match(/\<\/c\:when>/ig)) { for(i=0; m=ms[i]; i++) { var code = '\nbreak;\n'; codeBlocks.push(code); page = page.replace(m,'{{{{EndSkin.codeblock['+(codeBlocks.length-1)+']}}}}'); cWhenEnds++; } } var cOthersBegins = 0; if (ms = page.match(/\<c\:otherwise\>/ig)) { for(i=0; m=ms[i]; i++) { var code = '\ndefault :\n'; codeBlocks.push(code); page = page.replace(m,'{{{{EndSkin.codeblock['+(codeBlocks.length-1)+']}}}}'); cOthersBegins++; } } var cOthersEnds = 0; if (ms = page.match(/\<\/c\:otherwise\>/ig)) { for(i=0; m=ms[i]; i++) { var code = '\nbreak;'; codeBlocks.push(code); page = page.replace(m,'{{{{EndSkin.codeblock['+(codeBlocks.length-1)+']}}}}'); cOthersEnds++; } } var cChooseBegins = 0; if(ms = page.match(/\<c\:choose>/ig)){ for(i=0; m=ms[i]; i++){ code = '\nswitch (true) {\n'; codeBlocks.push(code); page = page.replace(m,'{{{{EndSkin.codeblock['+(codeBlocks.length-1)+']}}}}'); cChooseBegins++; } } var cChooseEnds = 0; if(ms = page.match(/\<\/c\:choose>/ig)){ for(i=0; m=ms[i]; i++){ code = '\n}\n'; codeBlocks.push(code); page = page.replace(m,'{{{{EndSkin.codeblock['+(codeBlocks.length-1)+']}}}}'); cChooseEnds++; } } if (ms = page.match(/\$\{([a-zA-Z\_][a-zA-Z0-9\_\.\[\]\'\"]*)\}/ig)) { for(i=0; m=ms[i]; i++) { var _ms = m.match(/\$\{([a-zA-Z\_][a-zA-Z0-9\_\.\[\]\'\"]*)\}/i); var code = 'output.push('+this._replace_var_name_jsp(_ms[1])+');'; codeBlocks.push(code); page = page.replace(m,'{{{{EndSkin.codeblock['+(codeBlocks.length-1)+']}}}}'); } } var arr = page.split(/\{\{\{\{EndSkin\.codeblock\[\d+\]\}\}\}\}/); var ms = page.match(/\{\{\{\{EndSkin\.codeblock\[(\d+)\]\}\}\}\}/g); var codes = ['var output = [];']; for(i=0;i<arr.length-1; i++) { if(arr[i].replace(/\s+/g,"") != ""){ codes.push('output.push('+JSON.stringify(arr[i])+');\n'); } var _ms = ms[i].match(/\{\{\{\{EndSkin\.codeblock\[(\d+)\]\}\}\}\}/); codes.push(codeBlocks[parseInt(_ms[1])]+'\n'); } codes.push('output.push('+JSON.stringify(arr.pop())+');\n'); codes.push("return output.join('');"); // check the converted code // console.log("codes:" + codes.join('')); try { return new Function(codes.join('')); } catch(e) { var err = []; if (cChooseBegins > cChooseEnds) err.push('missing '+ (cChooseBegins - cChooseEnds) +' {/choose}'); if (cChooseBegins < cChooseEnds) err.push('too much {/choose}'); if (foreachBegins > foreachEnds) err.push('missing '+ (foreachBegins - foreachEnds) +' {/foreach}'); if (foreachBegins < foreachEnds) err.push('too much {/foreach}'); if (cOthersBegins > cOthersEnds) err.push('missing' + (cOthersBegins - cOthersEnds) + '{/foreach}'); if (cOthersBegins < cOthersEnds) err.push('too much {/foreach}'); if (ifBegins > ifEnds) err.push('missing '+(ifBegins - ifEnds)+' {/if}'); if (ifBegins < ifEnds) err.push('too much {/if}'); var re = 'EndSkin Compile Error: \nview file:'+tmpId+'\n'+e.toString() + ';\n' + err.join(';\n'); throw new Error(re); return re; } }
module.exports = exports = function(payload, fn) { // start tracking payload.start('ssl'); // get the url var data = payload.getData(); // the subject address const subjectAddress = { key: 'seo', rule: 'ssl', subject: S(data.url || '').slugify().s }; // check if the url is https if(S(data.url || '').trim().s.toLowerCase().indexOf('https://') !== 0) { // check if not checked already for this site payload.isMentioned(subjectAddress, function(err, isMentioned) { // check for a error if(err) { // output to log payload.error('Problem checking the sitemap txt', err); // finish return fn(null); } // is sitemap not empty if(isMentioned === true) { // done return fn(null); } payload.mention(subjectAddress, function() { // show the error payload.addRule({ key: 'ssl', type: 'warning', message: 'HTTPS not enabled' }, { display: 'url', message: '$ was served over $', identifiers: [ data.url, 'HTTP' ] }); // end tracking payload.end('ssl'); // done fn(null); }); }); } else { // end tracking payload.end('ssl'); // done ... ? fn(null) } };
this.Then(/^I should see the body text: "([^"]*)"$/, function (expectedText, callback) { expect(S(response.text.toString()).trim().s).to.equal(expectedText); callback(); });