Merge pull request #198 from noir-cr/features/add-base64-hook

Add base64 hook in FileAnalyzer
owasp-noir · Dec 15, 2023 · f8b6d1e · f8b6d1e
2 parents 380a460 + cbe5e16
commit f8b6d1e
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 0 deletions.
diff --git a/spec/functional_test/fixtures/file_based/base64.txt b/spec/functional_test/fixtures/file_based/base64.txt
@@ -0,0 +1 @@
+aHR0cHM6Ly93d3cuaGFod3VsLmNvbS90YWcvY3J5c3RhbC8=
diff --git a/src/analyzer/analyzers/file_analyzers/base64.cr b/src/analyzer/analyzers/file_analyzers/base64.cr
@@ -0,0 +1,29 @@
+require "base64"
+require "../../../models/analyzer"
+require "../../../models/endpoint"
+
+FileAnalyzer.add_hook(->(path : String, url : String) : Array(Endpoint) {
+  results = [] of Endpoint
+
+  begin
+    File.open(path, "r", encoding: "utf-8", invalid: :skip) do |file|
+      file.each_line do |line|
+        # Check base64 encoded strings
+        base64_match = line.match(/([A-Za-z0-9+\/]{20,}={0,2})/)
+        if base64_match
+          decoded = Base64.decode_string(base64_match[1])
+          url_match = decoded.match(/\b(https?:\/\/[^\s]+)/)
+          if url_match
+            parsed_url = URI.parse(url_match[1])
+            if parsed_url.to_s.includes? url
+              results << Endpoint.new(parsed_url.path, "GET")
+            end
+          end
+        end
+      end
+    end
+  rescue
+  end
+
+  results
+})