From 5b119c8e7fb67ef78335c1542cedb33339613555 Mon Sep 17 00:00:00 2001 From: Steve Pinkham Date: Fri, 10 Sep 2010 12:59:06 -0400 Subject: [PATCH] 1.65b: dictionary & CSS MIME sniffing improvements - Relaxed MIME matching on claimed CSS/JS that fails MIME sniffing logic. - Proper detection of @media in CSS. --- ChangeLog | 7 +++++++ Makefile | 2 +- analysis.c | 11 ++++++++--- config.h | 1 + dictionaries/complete.wl | 2 ++ dictionaries/default.wl | 2 ++ dictionaries/minimal.wl | 2 ++ 7 files changed, 23 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index ac4bcd5..c3dbbff 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +Version 1.65b: +-------------- + + - Relaxed MIME matching on claimed CSS/JS that fails MIME sniffing logic. + + - Proper detection of @media in CSS. + Version 1.64b: -------------- diff --git a/Makefile b/Makefile index 4fd80a4..53fc643 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,7 @@ # PROGNAME = skipfish -VERSION = 1.64b +VERSION = 1.65b OBJFILES = http_client.c database.c crawler.c analysis.c report.c INCFILES = alloc-inl.h string-inl.h debug.h types.h http_client.h \ diff --git a/analysis.c b/analysis.c index 8d46701..60b0798 100644 --- a/analysis.c +++ b/analysis.c @@ -1066,9 +1066,10 @@ static u8 is_css(struct http_response* res) { } - /* @import or @charset is a clear indicator of CSS. */ + /* @import, @media, or @charset is a clear indicator of CSS. */ if (*text == '@' && (!strncasecmp((char*)text + 1, "import", 6) || + !strncasecmp((char*)text + 1, "media", 5) || !strncasecmp((char*)text + 1, "charset", 7))) { res->css_type = 2; return 1; @@ -1562,7 +1563,7 @@ void content_checks(struct http_request* req, struct http_response* res) { if (*tmp == '<') { u8* tag_name; - u32 len = strcspn((char*)++tmp, "> \t\r\n"), space_len; + u32 len = strcspn((char*)++tmp, ">= \t\r\n"), space_len; u8 remote_script = 0; /* Skip comments where possible. */ @@ -1809,9 +1810,13 @@ binary_checks: value... and also failed to sniff. Mismatch between MIME_ASC_HTML and MIME_XML_XHTML is not worth - complaining about, too. */ + complaining about; the same about JS or CSS responses being + sniffed as "unknown ASCII". */ if (res->sniff_mime_id != res->decl_mime_id && + !((res->decl_mime_id == MIME_ASC_JAVASCRIPT || + res->decl_mime_id == MIME_ASC_CSS) && + res->sniff_mime_id == MIME_ASC_GENERIC) && !(res->decl_mime_id == MIME_ASC_HTML && res->sniff_mime_id == MIME_XML_XHTML) && !(res->decl_mime_id == MIME_XML_XHTML && diff --git a/config.h b/config.h index e0899a8..09ebca3 100644 --- a/config.h +++ b/config.h @@ -231,6 +231,7 @@ static const char* form_suggestion[][2] = { { "user" , "skipfish" }, { "nick" , "skipfish" }, { "pass" , "skipfish" }, + { "pwd" , "skipfish" }, { "year" , "2010" }, { "card" , "4111111111111111" }, /* Reserved */ { "code" , "000" }, diff --git a/dictionaries/complete.wl b/dictionaries/complete.wl index 239f567..7f3e3f2 100644 --- a/dictionaries/complete.wl +++ b/dictionaries/complete.wl @@ -1221,6 +1221,7 @@ w 1 1 1 online w 1 1 1 op w 1 1 1 open w 1 1 1 openbsd +w 1 1 1 opencart w 1 1 1 opendir w 1 1 1 openejb w 1 1 1 openjpa @@ -1986,6 +1987,7 @@ w 1 1 1 zboard w 1 1 1 zencart w 1 1 1 zend w 1 1 1 zero +w 1 1 1 zimbra w 1 1 1 zipfiles w 1 1 1 zips w 1 1 1 zoom diff --git a/dictionaries/default.wl b/dictionaries/default.wl index eebdfbf..28d2444 100644 --- a/dictionaries/default.wl +++ b/dictionaries/default.wl @@ -1209,6 +1209,7 @@ w 1 1 1 online w 1 1 1 op w 1 1 1 open w 1 1 1 openbsd +w 1 1 1 opencart w 1 1 1 opendir w 1 1 1 openejb w 1 1 1 openjpa @@ -1985,6 +1986,7 @@ w 1 1 1 zboard w 1 1 1 zencart w 1 1 1 zend w 1 1 1 zero +w 1 1 1 zimbra w 1 1 1 zipfiles w 1 1 1 zips w 1 1 1 zoom diff --git a/dictionaries/minimal.wl b/dictionaries/minimal.wl index 7912a2a..76dcaf7 100644 --- a/dictionaries/minimal.wl +++ b/dictionaries/minimal.wl @@ -1192,6 +1192,7 @@ w 1 1 1 online w 1 1 1 op w 1 1 1 open w 1 1 1 openbsd +w 1 1 1 opencart w 1 1 1 opendir w 1 1 1 openejb w 1 1 1 openjpa @@ -1982,6 +1983,7 @@ w 1 1 1 zboard w 1 1 1 zencart w 1 1 1 zend w 1 1 1 zero +w 1 1 1 zimbra w 1 1 1 zipfiles w 1 1 1 zips w 1 1 1 zoom