modules/audit/source_code_disclosure.rb in arachni-0.4.4 vs modules/audit/source_code_disclosure.rb in arachni-0.4.5
- old
+ new
@@ -25,24 +25,25 @@
# @see http://cwe.mitre.org/data/definitions/540.html
class Arachni::Modules::SourceCodeDisclosure < Arachni::Module::Base
def self.options
@options ||= {
- format: [Format::STRAIGHT],
- regexp: [
- # PHP
- /<\?php/,
-
- # JSP
- /<%|<%=|<%@\s+page|<%@\s+include|<%--|import\s+javax.servlet|
- import\s+java.io|import=['"]java.io|request\.getParameterValues\(|
- response\.setHeader|response\.setIntHeader\(/m,
-
- # ASP
- /<%|Response\.Write|Request\.Form|Request\.QueryString|
- Response\.Flush|Session\.SessionID|Session\.Timeout|
- Server\.CreateObject|Server\.MapPath/im
- ],
+ format: [Format::STRAIGHT],
+ regexp: {
+ php: [
+ /<\?php/
+ ],
+ jsp: [
+ /<%|<%=|<%@\s+page|<%@\s+include|<%--|import\s+javax.servlet|
+ import\s+java.io|import=['"]java.io|request\.getParameterValues\(|
+ response\.setHeader|response\.setIntHeader\(/m
+ ],
+ asp: [
+ /<%|Response\.Write|Request\.Form|Request\.QueryString|
+ Response\.Flush|Session\.SessionID|Session\.Timeout|
+ Server\.CreateObject|Server\.MapPath/im
+ ]
+ },
# Add one more mutation (on the fly) which will include the extension
# of the original value (if that value was a filename) after a null byte.
each_mutation: proc do |mutation|
next if mutation.is_a?( Arachni::Form ) &&