-
Notifications
You must be signed in to change notification settings - Fork 1
/
transform_content.py
executable file
·112 lines (85 loc) · 4.08 KB
/
transform_content.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
#!/usr/bin/env python
# Copyright 2008-2014 Brett Slatkin
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
__author__ = "Brett Slatkin (bslatkin@gmail.com) and Brandon Barker (brandonbarker767@gmail.com)"
import os
import re
import urlparse
from lxml import etree
################################################################################
# URLs that have absolute addresses
ABSOLUTE_URL_REGEX = r"(http(s?):)?//(?P<url>[^\"'> \t\)]+)"
# URLs that are relative to the base of the current hostname.
BASE_RELATIVE_URL_REGEX = r"/(?!(/)|(http(s?)://)|(url\())(?P<url>[^\"'> \t\)]*)"
# URLs that have '../' or './' to start off their paths.
TRAVERSAL_URL_REGEX = r"(?P<relative>\.(\.)?)/(?!(/)|(http(s?)://)|(url\())(?P<url>[^\"'> \t\)]*)"
# URLs that are in the same directory as the requested URL.
SAME_DIR_URL_REGEX = r"(?!(/)|(http(s?)://)|(url\())(?P<url>[^\"'> \t\)]+)"
# URL matches the root directory.
ROOT_DIR_URL_REGEX = r"(?!//(?!>))/(?P<url>)(?=[ \t\n]*[\"'\)>/])"
# Start of a tag using 'src' or 'href'
TAG_START = r"(?i)\b(?P<tag>src|href|action|url|background)(?P<equals>[\t ]*=[\t ]*)(?P<quote>[\"']?)"
# Start of a CSS import
CSS_IMPORT_START = r"(?i)@import(?P<spacing>[\t ]+)(?P<quote>[\"']?)"
# CSS url() call
CSS_URL_START = r"(?i)\burl\((?P<quote>[\"']?)"
REPLACEMENT_REGEXES = [
(TAG_START + SAME_DIR_URL_REGEX,
"\g<tag>\g<equals>\g<quote>%(accessed_dir)s\g<url>"),
(TAG_START + TRAVERSAL_URL_REGEX,
"\g<tag>\g<equals>\g<quote>%(accessed_dir)s/\g<relative>/\g<url>"),
(TAG_START + BASE_RELATIVE_URL_REGEX,
"\g<tag>\g<equals>\g<quote>/%(base)s/\g<url>"),
(TAG_START + ROOT_DIR_URL_REGEX,
"\g<tag>\g<equals>\g<quote>/%(base)s/"),
# Need this because HTML tags could end with '/>', which confuses the
# tag-matching regex above, since that's the end-of-match signal.
(TAG_START + ABSOLUTE_URL_REGEX,
"\g<tag>\g<equals>\g<quote>/\g<url>"),
(CSS_IMPORT_START + SAME_DIR_URL_REGEX,
"@import\g<spacing>\g<quote>%(accessed_dir)s\g<url>"),
(CSS_IMPORT_START + TRAVERSAL_URL_REGEX,
"@import\g<spacing>\g<quote>%(accessed_dir)s/\g<relative>/\g<url>"),
(CSS_IMPORT_START + BASE_RELATIVE_URL_REGEX,
"@import\g<spacing>\g<quote>/%(base)s/\g<url>"),
(CSS_IMPORT_START + ABSOLUTE_URL_REGEX,
"@import\g<spacing>\g<quote>/\g<url>"),
(CSS_URL_START + SAME_DIR_URL_REGEX,
"url(\g<quote>%(accessed_dir)s\g<url>"),
(CSS_URL_START + TRAVERSAL_URL_REGEX,
"url(\g<quote>%(accessed_dir)s/\g<relative>/\g<url>"),
(CSS_URL_START + BASE_RELATIVE_URL_REGEX,
"url(\g<quote>/%(base)s/\g<url>"),
(CSS_URL_START + ABSOLUTE_URL_REGEX,
"url(\g<quote>/\g<url>"),
]
SCRIPT = "(function(open) {XMLHttpRequest.prototype.open = function(method, url, async, user, pass) {open.call(this, method, rewrittenUrl, async, user, pass);};})(XMLHttpRequest.prototype.open);"
################################################################################
def TransformContent(base_url, accessed_url, content):
#todo- fix it later
#root = etree.fromstring(content, etree.HTMLParser())
#script = etree.SubElement(root.find("head"), "script")
#script.
#content = etree.tounicode(root, pretty_print=False, method='html')
url_obj = urlparse.urlparse(accessed_url)
accessed_dir = os.path.dirname(url_obj.path)
if not accessed_dir.endswith("/"):
accessed_dir += "/"
for pattern, replacement in REPLACEMENT_REGEXES:
fixed_replacement = replacement % {
"base": base_url,
"accessed_dir": accessed_dir,
}
content = re.sub(pattern, fixed_replacement, content)
return content