diff --git a/gemini-python/gemini_self_protector/CHANGELOG.md b/gemini-python/gemini_self_protector/CHANGELOG.md
index ee4462f..86bbddb 100644
--- a/gemini-python/gemini_self_protector/CHANGELOG.md
+++ b/gemini-python/gemini_self_protector/CHANGELOG.md
@@ -1,5 +1,9 @@
# Changelog
+## v0.1.2-c (01/08/2023)
+
+- Fix bug 'NoneType' object is not subscriptable in decoder
+
## v0.1.2-b (28/07/2023)
- Fix bug Invalid protect mode
diff --git a/gemini-python/gemini_self_protector/pyproject.toml b/gemini-python/gemini_self_protector/pyproject.toml
index e197e1a..d71f523 100644
--- a/gemini-python/gemini_self_protector/pyproject.toml
+++ b/gemini-python/gemini_self_protector/pyproject.toml
@@ -1,6 +1,6 @@
[tool.poetry]
name = "gemini_self_protector"
-version = "0.1.2-b"
+version = "0.1.2-c"
description = "Runtime Application Self-Protection"
authors = ["lethanhphuc"]
license = "MIT"
diff --git a/gemini-python/gemini_self_protector/src/gemini_self_protector/_protect.py b/gemini-python/gemini_self_protector/src/gemini_self_protector/_protect.py
index 87ce1a7..a81a67b 100644
--- a/gemini-python/gemini_self_protector/src/gemini_self_protector/_protect.py
+++ b/gemini-python/gemini_self_protector/src/gemini_self_protector/_protect.py
@@ -243,7 +243,7 @@ def __protect_flask_request__(gemini_protect_mode) -> None:
return {"Status": status}
except Exception as e:
- logger.error("[x_x] Something went wrong, please check your error message.\n Message - {}".format(e))
+ logger.error("[x_x] Something went wrong, please check your error message.\n Message - {}".format('_Protect.__protect_flask_response__', e))
def __protect_flask_response__(safe_redirect, original_response, gemini_protect_mode) -> None:
try:
@@ -292,4 +292,4 @@ def __protect_flask_response__(safe_redirect, original_response, gemini_protect_
return {"Status": status}
except Exception as e:
- logger.error("[x_x] Something went wrong, please check your error message.\n Message - {}".format(e))
+ logger.error("[x_x] Something went wrong, please check your error message.\n Message - {}".format('_Protect.__protect_flask_request__', e))
diff --git a/gemini-python/gemini_self_protector/src/gemini_self_protector/_utils.py b/gemini-python/gemini_self_protector/src/gemini_self_protector/_utils.py
index 050ffdc..8077fa8 100644
--- a/gemini-python/gemini_self_protector/src/gemini_self_protector/_utils.py
+++ b/gemini-python/gemini_self_protector/src/gemini_self_protector/_utils.py
@@ -16,83 +16,87 @@
class _Utils(object):
def decoder(string):
- """Decode a string using the specified encoding type."""
-
- # Remove the invalid escape sequences - # Remove the backslash
- string = string.replace('\%', '%').replace(
- '\\', '').replace('
', '')
-
- string = string.encode().decode('unicode_escape')
-
- string = urllib.parse.unquote(string)
-
- string = html.unescape(string)
-
- # Use a regular expression to find all base64-encoded segments in the string
- base64_pattern = r'( |,|;)base64,([A-Za-z0-9+/]*={0,2})'
-
- # Iterate over the matches and decode the base64-encoded data
- match = re.search(base64_pattern, string)
- if match:
- encoded_string = match.group(2)
-
- # Try first base64-decode
- try:
- decoded_string = base64.b64decode(encoded_string).decode()
- string = string.replace(encoded_string, decoded_string)
- except:
- pass
-
- # Try second base64-decode
- try:
- string = string.replace('\%', '%').replace(
- '\\', '').replace('
', '').replace(' ', '')
- match = re.search(base64_pattern, string)
-
- if match:
- encoded_string = match.group(2)
- try:
- decoded_string = base64.b64decode(
- encoded_string).decode()
- string = string.replace(encoded_string, decoded_string)
- except:
- pass
- except:
- pass
-
- # Use a regular expression to find all url end with .js
- url_pattern = r'(?:https?://|//).+\.js'
-
- matches = re.findall(url_pattern, string)
-
- if matches:
- for match in matches:
- # alert('noobpk') - 5dc6f09bb9f90381814ff9fcbfe0a685
- string = string.replace(
- match, ' 5dc6f09bb9f90381814ff9fcbfe0a685')
-
- # Lowercase string
- string = string.lower()
-
- # Use a regular expression to find all query
- sql_pattern = [
- r'(select.+)|(select.+(?:from|where|and).+)|(exec.+)'
- r".*--$"
- ]
-
- for pattern in sql_pattern:
- if re.search(pattern, string, re.IGNORECASE):
+ try:
+ """Decode a string using the specified encoding type."""
+
+ # Remove the invalid escape sequences - # Remove the backslash
+ string = string.replace('\%', '%').replace(
+ '\\', '').replace('
', '')
+
+ string = string.encode().decode('unicode_escape')
+
+ string = urllib.parse.unquote(string)
+
+ string = html.unescape(string)
+
+ # Use a regular expression to find all base64-encoded segments in the string
+ base64_pattern = r'( |,|;)base64,([A-Za-z0-9+/]*={0,2})'
+
+ # Iterate over the matches and decode the base64-encoded data
+ match = re.search(base64_pattern, string)
+ if match:
+ encoded_string = match.group(2)
+
+ # Try first base64-decode
+ try:
+ decoded_string = base64.b64decode(encoded_string).decode()
+ string = string.replace(encoded_string, decoded_string)
+ except:
+ pass
+
+ # Try second base64-decode
+ try:
+ string = string.replace('\%', '%').replace(
+ '\\', '').replace('
', '').replace(' ', '')
+ match = re.search(base64_pattern, string)
+
+ if match:
+ encoded_string = match.group(2)
+ try:
+ decoded_string = base64.b64decode(
+ encoded_string).decode()
+ string = string.replace(encoded_string, decoded_string)
+ except:
+ pass
+ except:
+ pass
+
+ # Use a regular expression to find all url end with .js
+ url_pattern = r'(?:https?://|//)[^\s/]+\.js'
+
+ matches = re.findall(url_pattern, string)
+
+ if matches:
+ for match in matches:
+ # alert('noobpk') - 5dc6f09bb9f90381814ff9fcbfe0a685
+ string = string.replace(
+ match, ' 5dc6f09bb9f90381814ff9fcbfe0a685')
+
+ # Lowercase string
+ string = string.lower()
+
+ # Use a regular expression to find all query
+ sql_pattern = [
+ r'(select.+)|(select.+(?:from|where|and).+)|(exec.+)'
+ r".*--$"
+ ]
+
+ for pattern in sql_pattern:
+ match = re.search(pattern, string, re.IGNORECASE)
+ if match is not None:
# select * from noobpk; - 90e87fc8ba835e0d2bfeec5e3799ecfe
- string = string.replace(
- match[0], ' 90e87fc8ba835e0d2bfeec5e3799ecfe')
- break
+ string = string.replace(match[0], ' 90e87fc8ba835e0d2bfeec5e3799ecfe')
+ break
- string = string.encode('utf-7').decode()
+ string = string.encode('utf-7').decode()
- # Lowercase string
- string = string.lower()
+ # Lowercase string
+ string = string.lower()
- return string
+ return string
+ except Exception as e:
+ logger.error(
+ "[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Utils.decoder', e))
def web_vuln_detect_predict(payload) -> None:
"""