Merge pull request #7 from noobpk/dev

bump to v0.1.2-c
noobpk · Aug 1, 2023 · fef8536 · fef8536
2 parents 09077a0 + 89b85ad
commit fef8536
Show file tree

Hide file tree

Showing 4 changed files with 84 additions and 76 deletions.
diff --git a/gemini-python/gemini_self_protector/CHANGELOG.md b/gemini-python/gemini_self_protector/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## v0.1.2-c (01/08/2023)
+
+- Fix bug 'NoneType' object is not subscriptable in decoder
+
 ## v0.1.2-b (28/07/2023)
 
 - Fix bug Invalid protect mode 

diff --git a/gemini-python/gemini_self_protector/pyproject.toml b/gemini-python/gemini_self_protector/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "gemini_self_protector"
-version = "0.1.2-b"
+version = "0.1.2-c"
 description = "Runtime Application Self-Protection"
 authors = ["lethanhphuc"]
 license = "MIT"

diff --git a/gemini-python/gemini_self_protector/src/gemini_self_protector/_protect.py b/gemini-python/gemini_self_protector/src/gemini_self_protector/_protect.py
@@ -243,7 +243,7 @@ def __protect_flask_request__(gemini_protect_mode) -> None:
                 return {"Status": status}
 
         except Exception as e:
-            logger.error("[x_x] Something went wrong, please check your error message.\n Message - {}".format(e))
+            logger.error("[x_x] Something went wrong, please check your error message.\n Message - {}".format('_Protect.__protect_flask_response__', e))
 
     def __protect_flask_response__(safe_redirect, original_response, gemini_protect_mode) -> None:
         try:
@@ -292,4 +292,4 @@ def __protect_flask_response__(safe_redirect, original_response, gemini_protect_
                 return {"Status": status}
 
         except Exception as e:
-            logger.error("[x_x] Something went wrong, please check your error message.\n Message - {}".format(e))
+            logger.error("[x_x] Something went wrong, please check your error message.\n Message - {}".format('_Protect.__protect_flask_request__', e))
diff --git a/gemini-python/gemini_self_protector/src/gemini_self_protector/_utils.py b/gemini-python/gemini_self_protector/src/gemini_self_protector/_utils.py
@@ -16,83 +16,87 @@
 class _Utils(object):
 
     def decoder(string):
-        """Decode a string using the specified encoding type."""
-
-        # Remove the invalid escape sequences  - # Remove the backslash
-        string = string.replace('\%', '%').replace(
-            '\\', '').replace('<br/>', '')
-
-        string = string.encode().decode('unicode_escape')
-
-        string = urllib.parse.unquote(string)
-
-        string = html.unescape(string)
-
-        # Use a regular expression to find all base64-encoded segments in the string
-        base64_pattern = r'( |,|;)base64,([A-Za-z0-9+/]*={0,2})'
-
-        # Iterate over the matches and decode the base64-encoded data
-        match = re.search(base64_pattern, string)
-        if match:
-            encoded_string = match.group(2)
-
-            # Try first base64-decode
-            try:
-                decoded_string = base64.b64decode(encoded_string).decode()
-                string = string.replace(encoded_string, decoded_string)
-            except:
-                pass
-
-            # Try second base64-decode
-            try:
-                string = string.replace('\%', '%').replace(
-                    '\\', '').replace('<br/>', '').replace(' ', '')
-                match = re.search(base64_pattern, string)
-
-                if match:
-                    encoded_string = match.group(2)
-                    try:
-                        decoded_string = base64.b64decode(
-                            encoded_string).decode()
-                        string = string.replace(encoded_string, decoded_string)
-                    except:
-                        pass
-            except:
-                pass
-
-        # Use a regular expression to find all url end with .js
-        url_pattern = r'(?:https?://|//).+\.js'
-
-        matches = re.findall(url_pattern, string)
-
-        if matches:
-            for match in matches:
-                # alert('noobpk') - 5dc6f09bb9f90381814ff9fcbfe0a685
-                string = string.replace(
-                    match, ' 5dc6f09bb9f90381814ff9fcbfe0a685')
-
-        # Lowercase string
-        string = string.lower()
-
-        # Use a regular expression to find all query
-        sql_pattern = [
-            r'(select.+)|(select.+(?:from|where|and).+)|(exec.+)'
-            r".*--$"
-        ]
-
-        for pattern in sql_pattern:
-            if re.search(pattern, string, re.IGNORECASE):
+        try:
+            """Decode a string using the specified encoding type."""
+
+            # Remove the invalid escape sequences  - # Remove the backslash
+            string = string.replace('\%', '%').replace(
+                '\\', '').replace('<br/>', '')
+
+            string = string.encode().decode('unicode_escape')
+
+            string = urllib.parse.unquote(string)
+
+            string = html.unescape(string)
+
+            # Use a regular expression to find all base64-encoded segments in the string
+            base64_pattern = r'( |,|;)base64,([A-Za-z0-9+/]*={0,2})'
+
+            # Iterate over the matches and decode the base64-encoded data
+            match = re.search(base64_pattern, string)
+            if match:
+                encoded_string = match.group(2)
+
+                # Try first base64-decode
+                try:
+                    decoded_string = base64.b64decode(encoded_string).decode()
+                    string = string.replace(encoded_string, decoded_string)
+                except:
+                    pass
+
+                # Try second base64-decode
+                try:
+                    string = string.replace('\%', '%').replace(
+                        '\\', '').replace('<br/>', '').replace(' ', '')
+                    match = re.search(base64_pattern, string)
+
+                    if match:
+                        encoded_string = match.group(2)
+                        try:
+                            decoded_string = base64.b64decode(
+                                encoded_string).decode()
+                            string = string.replace(encoded_string, decoded_string)
+                        except:
+                            pass
+                except:
+                    pass
+
+            # Use a regular expression to find all url end with .js
+            url_pattern = r'(?:https?://|//)[^\s/]+\.js'
+
+            matches = re.findall(url_pattern, string)
+
+            if matches:
+                for match in matches:
+                    # alert('noobpk') - 5dc6f09bb9f90381814ff9fcbfe0a685
+                    string = string.replace(
+                        match, ' 5dc6f09bb9f90381814ff9fcbfe0a685')
+
+            # Lowercase string
+            string = string.lower()
+
+            # Use a regular expression to find all query
+            sql_pattern = [
+                r'(select.+)|(select.+(?:from|where|and).+)|(exec.+)'
+                r".*--$"
+            ]
+
+            for pattern in sql_pattern:
+                match = re.search(pattern, string, re.IGNORECASE)
+                if match is not None:
                 # select * from noobpk; - 90e87fc8ba835e0d2bfeec5e3799ecfe
-                string = string.replace(
-                    match[0], ' 90e87fc8ba835e0d2bfeec5e3799ecfe')
-                break
+                    string = string.replace(match[0], ' 90e87fc8ba835e0d2bfeec5e3799ecfe')
+                    break
 
-        string = string.encode('utf-7').decode()
+            string = string.encode('utf-7').decode()
 
-        # Lowercase string
-        string = string.lower()
+            # Lowercase string
+            string = string.lower()
 
-        return string
+            return string
+        except Exception as e:
+            logger.error(
+                "[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Utils.decoder', e))
 
     def web_vuln_detect_predict(payload) -> None:
         """