May-07-2020, 08:56 PM
The method below aims to receive parameters in order to detect xss threat. I could not identify an error in the code below but only on the return of the method I get the error (TypeError: expected string or bytes-like object), does anyone know why ?
# Native Module, Import : re, regex import re, json # Name Class : CrositeScript class CrositeScript: def m_post(o_output, v_url, v_inp): # Regex Condition - exist if check if re.search( r"FSCommand|onAbort|onActivate|onAfterPrint|onAfterUpdate|onBeforeActivate|" r"onBeforeCopy|onBeforeCut|onBeforeDeactivate|onBeforeEditFocus|onBeforePaste|" r"onBeforePrint|onBeforeUnload|onBeforeUpdate|onBegin|onBlur|onBounce|onCellChange|" r"onChange|onClick|onContextMenu|onControlSelect|onCopy|onCut|onDataAvailable|" r"onDataSetChanged|onDataSetComplete|onDblClick|onDeactivate|onDrag|onDragEnd|" r"onDragLeave|onDragEnter|onDragOver|onDragDrop|onDragStart|onDrop|onEnd|onError|" r"onErrorUpdate|onFilterChange|onFinish|onFocus|onFocusIn|onFocusOut|onHashChange|" r"onHelp|onInput|onKeyDown|onKeyPress|onKeyUp|onLayoutComplete|onLoad|onLoseCapture|" r"onMediaComplete|onMediaError|onMessage|onMouseDown|onMouseEnter|onMouseLeave|" r"onMouseMove|onMouseOut|onMouseOver|onMouseUp|onMouseWheel|onMove|onMoveEnd|onMoveStart|" r"onOffline|onOnline|onOutOfSync|onPaste|onPause|onPopState|onProgress|onPropertyChange|" r"onReadyStateChange|onRedo|onRepeat|onReset|onResize|onResizeEnd|onResizeStart|onResume|" r"onReverse|onRowsEnter|onRowExit|onRowDelete|onRowInserted|onScroll|onSeek|onSelect|" r"onSelectionChange|onSelectStart|onStart|onStop|onStorage|onSyncRestored|onSubmit|onTimeError|" r"onTrackChange|onUndo|onUnload|onURLFlip|seekSegmentTime|bgsound|xss|rocks|noxss|" r"<script>|</script>|script|livescript|vbscript|alert|[(]|[)]|>|<|;|&#|[*]|`", v_url, re.IGNORECASE ): # Variable : obtem status de resposta para client browser : status = "200 OK" # Variable : obtem cabeçalho http para o browser do client headers = [("Content-type", "application/json; charset=utf-8")] # Function : Envio de variable para o client browser : o_output(status, headers) # Output : return "Hacker Attempt: True, Threat : Cross-Site Scripting, Syntax: " + v_url else: # Regex Condition - exist if check if re.search( r"FSCommand|onAbort|onActivate|onAfterPrint|onAfterUpdate|onBeforeActivate|" r"onBeforeCopy|onBeforeCut|onBeforeDeactivate|onBeforeEditFocus|onBeforePaste|" r"onBeforePrint|onBeforeUnload|onBeforeUpdate|onBegin|onBlur|onBounce|onCellChange|" r"onChange|onClick|onContextMenu|onControlSelect|onCopy|onCut|onDataAvailable|" r"onDataSetChanged|onDataSetComplete|onDblClick|onDeactivate|onDrag|onDragEnd|" r"onDragLeave|onDragEnter|onDragOver|onDragDrop|onDragStart|onDrop|onEnd|onError|" r"onErrorUpdate|onFilterChange|onFinish|onFocus|onFocusIn|onFocusOut|onHashChange|" r"onHelp|onInput|onKeyDown|onKeyPress|onKeyUp|onLayoutComplete|onLoad|onLoseCapture|" r"onMediaComplete|onMediaError|onMessage|onMouseDown|onMouseEnter|onMouseLeave|" r"onMouseMove|onMouseOut|onMouseOver|onMouseUp|onMouseWheel|onMove|onMoveEnd|onMoveStart|" r"onOffline|onOnline|onOutOfSync|onPaste|onPause|onPopState|onProgress|onPropertyChange|" r"onReadyStateChange|onRedo|onRepeat|onReset|onResize|onResizeEnd|onResizeStart|onResume|" r"onReverse|onRowsEnter|onRowExit|onRowDelete|onRowInserted|onScroll|onSeek|onSelect|" r"onSelectionChange|onSelectStart|onStart|onStop|onStorage|onSyncRestored|onSubmit|onTimeError|" r"onTrackChange|onUndo|onUnload|onURLFlip|seekSegmentTime|bgsound|xss|rocks|noxss|" r"<script>|</script>|script|livescript|vbscript|alert|[(]|[)]|>|<|;|&#|[*]|`", v_inp, re.IGNORECASE ): # Variable : obtem status de resposta para client browser : status = "200 OK" # Variable : obtem cabeçalho http para o browser do client headers = [("Content-type", "application/json; charset=utf-8")] # Function : Envio de variable para o client browser : o_output(status, headers) # Output : return "Hacker Attempt: True, Threat : Cross-Site Scripting, Syntax: " + v_inp else: v_keo = v_inp.getvalue("v_query") # Converte para dicionario o_data = dict() # Pre-estrutura para o formato json o_data["term"] = "O termo pesquisado - " + v_keo # Da a saida no formato json v_json = json.dumps(o_data) # Variable : obtem status de resposta para client browser : status = "200 OK" # Variable : obtem cabeçalho http para o browser do client headers = [("Content-type", "application/json; charset=utf-8")] # Function : Envio de variable para o client browser : o_output(status, headers) # Method Return Instruction : return v_json