Block arguments.

DEMON1A · Apr 19, 2021 · 8892591 · 8892591
1 parent 6cfe7e9
commit 8892591
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/assets/CommandInjection.py b/assets/CommandInjection.py
@@ -1,5 +1,15 @@
+import re
+
 def commandInjection(argument , RCE):
     for char in argument:
         if char in RCE: return False
 
-    return True
+    argumentFinder = re.search(r"(..*\-|^\-)[a-zA-Z]", argument)
+    if argumentFinder != None:
+        argument = argument.split(' ')[1].strip()
+        if not argument.startswith('https://') or not argument.startswith('http://'):
+            return False
+        else:
+            return True
+    else:
+        return True