1.65b: dictionary & CSS MIME sniffing improvements
- Relaxed MIME matching on claimed CSS/JS that fails MIME sniffing logic. - Proper detection of @media in CSS.
This commit is contained in:
parent
ce8e52b8fb
commit
5b119c8e7f
|
@ -1,3 +1,10 @@
|
|||
Version 1.65b:
|
||||
--------------
|
||||
|
||||
- Relaxed MIME matching on claimed CSS/JS that fails MIME sniffing logic.
|
||||
|
||||
- Proper detection of @media in CSS.
|
||||
|
||||
Version 1.64b:
|
||||
--------------
|
||||
|
||||
|
|
2
Makefile
2
Makefile
|
@ -20,7 +20,7 @@
|
|||
#
|
||||
|
||||
PROGNAME = skipfish
|
||||
VERSION = 1.64b
|
||||
VERSION = 1.65b
|
||||
|
||||
OBJFILES = http_client.c database.c crawler.c analysis.c report.c
|
||||
INCFILES = alloc-inl.h string-inl.h debug.h types.h http_client.h \
|
||||
|
|
11
analysis.c
11
analysis.c
|
@ -1066,9 +1066,10 @@ static u8 is_css(struct http_response* res) {
|
|||
|
||||
}
|
||||
|
||||
/* @import or @charset is a clear indicator of CSS. */
|
||||
/* @import, @media, or @charset is a clear indicator of CSS. */
|
||||
|
||||
if (*text == '@' && (!strncasecmp((char*)text + 1, "import", 6) ||
|
||||
!strncasecmp((char*)text + 1, "media", 5) ||
|
||||
!strncasecmp((char*)text + 1, "charset", 7))) {
|
||||
res->css_type = 2;
|
||||
return 1;
|
||||
|
@ -1562,7 +1563,7 @@ void content_checks(struct http_request* req, struct http_response* res) {
|
|||
|
||||
if (*tmp == '<') {
|
||||
u8* tag_name;
|
||||
u32 len = strcspn((char*)++tmp, "> \t\r\n"), space_len;
|
||||
u32 len = strcspn((char*)++tmp, ">= \t\r\n"), space_len;
|
||||
u8 remote_script = 0;
|
||||
|
||||
/* Skip comments where possible. */
|
||||
|
@ -1809,9 +1810,13 @@ binary_checks:
|
|||
value... and also failed to sniff.
|
||||
|
||||
Mismatch between MIME_ASC_HTML and MIME_XML_XHTML is not worth
|
||||
complaining about, too. */
|
||||
complaining about; the same about JS or CSS responses being
|
||||
sniffed as "unknown ASCII". */
|
||||
|
||||
if (res->sniff_mime_id != res->decl_mime_id &&
|
||||
!((res->decl_mime_id == MIME_ASC_JAVASCRIPT ||
|
||||
res->decl_mime_id == MIME_ASC_CSS) &&
|
||||
res->sniff_mime_id == MIME_ASC_GENERIC) &&
|
||||
!(res->decl_mime_id == MIME_ASC_HTML &&
|
||||
res->sniff_mime_id == MIME_XML_XHTML) &&
|
||||
!(res->decl_mime_id == MIME_XML_XHTML &&
|
||||
|
|
1
config.h
1
config.h
|
@ -231,6 +231,7 @@ static const char* form_suggestion[][2] = {
|
|||
{ "user" , "skipfish" },
|
||||
{ "nick" , "skipfish" },
|
||||
{ "pass" , "skipfish" },
|
||||
{ "pwd" , "skipfish" },
|
||||
{ "year" , "2010" },
|
||||
{ "card" , "4111111111111111" }, /* Reserved */
|
||||
{ "code" , "000" },
|
||||
|
|
|
@ -1221,6 +1221,7 @@ w 1 1 1 online
|
|||
w 1 1 1 op
|
||||
w 1 1 1 open
|
||||
w 1 1 1 openbsd
|
||||
w 1 1 1 opencart
|
||||
w 1 1 1 opendir
|
||||
w 1 1 1 openejb
|
||||
w 1 1 1 openjpa
|
||||
|
@ -1986,6 +1987,7 @@ w 1 1 1 zboard
|
|||
w 1 1 1 zencart
|
||||
w 1 1 1 zend
|
||||
w 1 1 1 zero
|
||||
w 1 1 1 zimbra
|
||||
w 1 1 1 zipfiles
|
||||
w 1 1 1 zips
|
||||
w 1 1 1 zoom
|
||||
|
|
|
@ -1209,6 +1209,7 @@ w 1 1 1 online
|
|||
w 1 1 1 op
|
||||
w 1 1 1 open
|
||||
w 1 1 1 openbsd
|
||||
w 1 1 1 opencart
|
||||
w 1 1 1 opendir
|
||||
w 1 1 1 openejb
|
||||
w 1 1 1 openjpa
|
||||
|
@ -1985,6 +1986,7 @@ w 1 1 1 zboard
|
|||
w 1 1 1 zencart
|
||||
w 1 1 1 zend
|
||||
w 1 1 1 zero
|
||||
w 1 1 1 zimbra
|
||||
w 1 1 1 zipfiles
|
||||
w 1 1 1 zips
|
||||
w 1 1 1 zoom
|
||||
|
|
|
@ -1192,6 +1192,7 @@ w 1 1 1 online
|
|||
w 1 1 1 op
|
||||
w 1 1 1 open
|
||||
w 1 1 1 openbsd
|
||||
w 1 1 1 opencart
|
||||
w 1 1 1 opendir
|
||||
w 1 1 1 openejb
|
||||
w 1 1 1 openjpa
|
||||
|
@ -1982,6 +1983,7 @@ w 1 1 1 zboard
|
|||
w 1 1 1 zencart
|
||||
w 1 1 1 zend
|
||||
w 1 1 1 zero
|
||||
w 1 1 1 zimbra
|
||||
w 1 1 1 zipfiles
|
||||
w 1 1 1 zips
|
||||
w 1 1 1 zoom
|
||||
|
|
Loading…
Reference in New Issue