github
/
gixy
mirror of https://github.com/yandex/gixy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixed invalid escape sequences

pull/94/head
Andrew Krasichkov 2018-11-22 10:10:17 +03:00
parent cbc7f91f4b
commit 340f715f00
4 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
gixy/core/builtin_variables.py
View File

@ -3,19 +3,19 @@ from gixy.core.variable import Variable
BUILTIN_VARIABLES = { BUILTIN_VARIABLES = {
# http://nginx.org/en/docs/http/ngx_http_core_module.html#var_uri # http://nginx.org/en/docs/http/ngx_http_core_module.html#var_uri
'uri': '/[^\x20\t]*', 'uri': r'/[^\x20\t]*',
# http://nginx.org/en/docs/http/ngx_http_core_module.html#var_document_uri # http://nginx.org/en/docs/http/ngx_http_core_module.html#var_document_uri
'document_uri': '/[^\x20\t]*', 'document_uri': r'/[^\x20\t]*',
# http://nginx.org/en/docs/http/ngx_http_core_module.html#var_arg_ # http://nginx.org/en/docs/http/ngx_http_core_module.html#var_arg_
'arg_': '[^\s&]+', 'arg_': r'[^\s&]+',
# http://nginx.org/en/docs/http/ngx_http_core_module.html#var_args # http://nginx.org/en/docs/http/ngx_http_core_module.html#var_args
'args': '[^\s]+', 'args': r'[^\s]+',
# http://nginx.org/en/docs/http/ngx_http_core_module.html#var_query_string # http://nginx.org/en/docs/http/ngx_http_core_module.html#var_query_string
'query_string': '[^\s]+', 'query_string': r'[^\s]+',
# http://nginx.org/en/docs/http/ngx_http_core_module.html#var_request_uri # http://nginx.org/en/docs/http/ngx_http_core_module.html#var_request_uri
'request_uri': '/[^\s]*', 'request_uri': r'/[^\s]*',
# http://nginx.org/en/docs/http/ngx_http_core_module.html#var_http_ # http://nginx.org/en/docs/http/ngx_http_core_module.html#var_http_
'http_': '[\x21-\x7e]', 'http_': r'[\x21-\x7e]',
# http://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_http_ # http://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_http_
'upstream_http_': '', 'upstream_http_': '',

2
gixy/directives/directive.py
View File

@ -115,7 +115,7 @@ class SetByLuaDirective(Directive):
class RewriteDirective(Directive): class RewriteDirective(Directive):
nginx_name = 'rewrite' nginx_name = 'rewrite'
provide_variables = True provide_variables = True
boundary = Regexp('[^\s\r\n]') boundary = Regexp(r'[^\s\r\n]')
def __init__(self, name, args): def __init__(self, name, args):
super(RewriteDirective, self).__init__(name, args) super(RewriteDirective, self).__init__(name, args)

2
gixy/plugins/http_splitting.py
View File

@ -4,7 +4,7 @@ from gixy.core.variable import compile_script
class http_splitting(Plugin): class http_splitting(Plugin):
""" r"""
Insecure examples: Insecure examples:
rewrite ^ http://$host$uri; rewrite ^ http://$host$uri;
return 301 http://$host$uri; return 301 http://$host$uri;

4
gixy/plugins/origins.py
View File

@ -8,7 +8,7 @@ LOG = logging.getLogger(__name__)
class origins(Plugin): class origins(Plugin):
""" r"""
Insecure example: Insecure example:
if ($http_referer !~ "^https?://([^/]+metrika.*yandex\.ru/"){ if ($http_referer !~ "^https?://([^/]+metrika.*yandex\.ru/"){
add_header X-Frame-Options SAMEORIGIN; add_header X-Frame-Options SAMEORIGIN;
@ -29,7 +29,7 @@ class origins(Plugin):
if self.config.get('domains') and self.config.get('domains')[0] and self.config.get('domains')[0] != '*': if self.config.get('domains') and self.config.get('domains')[0] and self.config.get('domains')[0] != '*':
domains = '|'.join(re.escape(d) for d in self.config.get('domains')) domains = '|'.join(re.escape(d) for d in self.config.get('domains'))
else: else:
domains = '[^/.]*\.[^/]{2,7}' domains = r'[^/.]*\.[^/]{2,7}'
scheme = 'https{http}'.format(http=('?' if not self.config.get('https_only') else '')) scheme = 'https{http}'.format(http=('?' if not self.config.get('https_only') else ''))
regex = r'^{scheme}://(?:[^/.]*\.){{0,10}}(?P<domain>{domains})(?::\d*)?(?:/|\?|$)'.format( regex = r'^{scheme}://(?:[^/.]*\.){{0,10}}(?P<domain>{domains})(?::\d*)?(?:/|\?|$)'.format(