Feature/8561 cdn detection #18368
Feature/8561 cdn detection #18368
Conversation
fix an error occurred while calling the function generate_404_by_shuffle
Bumps [pillow](https://github.com/python-pillow/Pillow) from 1.7.8 to 6.2.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst) - [Commits](python-pillow/Pillow@1.7.8...6.2.0) Signed-off-by: dependabot[bot] <support@github.com>
…s/pillow-6.2.0 Bump pillow from 1.7.8 to 6.2.0 in /w3af/tests
w3af/plugins/grep/cdn_providers.py
Outdated
| [".v3cdn.net", "Edgecast"], | ||
| [".v4cdn.net", "Edgecast"], | ||
| [".v5cdn.net", "Edgecast"], | ||
| ["hwcdn.net", "Highwinds"], |
There was a problem hiding this comment.
Missing leading dot here? Or all the others don't need the leading dot?
There was a problem hiding this comment.
I guess Highwinds is discovered only when we can't see any subdomain in url, while for example Netlify's url may look like cdn.netlify.com, so we have here .netlify.com to make sure that subdomain is used.
| if cdn_header[1] == headers[cdn_header_name]: | ||
| self._detect_cdn(response, cdn_header[2]) | ||
|
|
||
| url = request.get_url() |
There was a problem hiding this comment.
Do you want to run URL detection even after the CDN was identified using the headers? This might yield duplicates in some cases?
Also, for a very very small % of requests, the ones that match to a CDN by domain; the grep method will be faster if you do the URL match first.
There was a problem hiding this comment.
You're right, I thought about case when plugin detects another CDN provider with header and another with URL. But in fact if someone adds wrong CDN info to header.. It just shouldn't happen. I changed it to return after detecting provider via header. URL is here as backup option if we can't detect CDN with header.
|
|
Added CDN detection plugin, closes #8561