used gofmt into all the files

cyinnove · Apr 19, 2024 · 56bac80 · 56bac80
1 parent d5eee59
commit 56bac80
Show file tree

Hide file tree

Showing 10 changed files with 168 additions and 192 deletions.
diff --git a/pkg/corser/corser.go b/pkg/corser/corser.go
@@ -17,70 +17,68 @@ import (
 
 type Result struct {
 	URL          string `json:"url"`
-	Vulnerable   bool  	
-	Payload		 string `json:"payload"`
-	Details      []string `json:"details"`
-	ReqData	*PreFlightData `json:"request_data"`
-	ErrorMessage string 
+	Vulnerable   bool
+	Payload      string         `json:"payload"`
+	Details      []string       `json:"details"`
+	ReqData      *PreFlightData `json:"request_data"`
+	ErrorMessage string
 }
 
 type Scanner struct {
-	URL     string
-	Origin  string
-	Method  string
-	Cookies string
-	Header  string
+	URL      string
+	Origin   string
+	Method   string
+	Cookies  string
+	Header   string
 	DeepScan bool
 	NoColor  bool
-	Payloads []string 
-	Timeout int
-	Host    *Host
-	Client *http.Client
-	Result *Result
-
+	Payloads []string
+	Timeout  int
+	Host     *Host
+	Client   *http.Client
+	Result   *Result
 }
-type PreFlightData struct{
-	ACAO string
-	ACAC string
+type PreFlightData struct {
+	ACAO    string
+	ACAC    string
 	Headers []string
 	Methods []string
-
 }
 
 type Host struct {
-	Full 	   string
-	Domain     string
-	TLD        string
+	Full      string
+	Domain    string
+	TLD       string
 	Subdomain string
 }
 
-func NewScanner(url, method, header, origin, cookies string,isDeep bool, timeout int) *Scanner {
-	
+func NewScanner(url, method, header, origin, cookies string, isDeep bool, timeout int) *Scanner {
+
 	transport := &http.Transport{
 		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
 		Dial: (&net.Dialer{
-			Timeout:   5 * time.Second, 
+			Timeout:   5 * time.Second,
 			KeepAlive: 5 * time.Second,
 		}).Dial,
-		TLSHandshakeTimeout: 5 * time.Second, 
+		TLSHandshakeTimeout: 5 * time.Second,
 	}
 
 	client := http.Client{
 		Timeout:   time.Duration(timeout) * time.Second,
 		Transport: transport,
 	}
-	
+
 	return &Scanner{
-		URL:     url,
-		Origin:  origin,
-		Method: method,
-		Cookies: cookies,
-		Timeout: timeout,
-		Header: header,
+		URL:      url,
+		Origin:   origin,
+		Method:   method,
+		Cookies:  cookies,
+		Timeout:  timeout,
+		Header:   header,
 		DeepScan: isDeep,
-		Client: &client,
-		Result:  &Result{
-			URL: url,
+		Client:   &client,
+		Result: &Result{
+			URL:     url,
 			Details: make([]string, 0),
 			ReqData: &PreFlightData{},
 		},
@@ -93,31 +91,31 @@ func (s *Scanner) Scan() *Result {
 
 	if s.Result.ErrorMessage != "" {
 		return &Result{
-			URL: s.URL,
-			Vulnerable: false,
-			Details: []string{},
+			URL:          s.URL,
+			Vulnerable:   false,
+			Details:      []string{},
 			ErrorMessage: fmt.Sprintf("URL not alive or an error in request : %s", s.Result.ErrorMessage),
 		}
 	}
 
 	s.RequestCheck()
-		
+
 	deduplicateDetails(s.Result)
 	return s.Result
 }
 
 func deduplicateDetails(result *Result) {
-    detailsMap := make(map[string]bool)
-    uniqueDetails := []string{}
+	detailsMap := make(map[string]bool)
+	uniqueDetails := []string{}
 
-    for _, detail := range result.Details {
-        if _, exists := detailsMap[detail]; !exists {
-            detailsMap[detail] = true
-            uniqueDetails = append(uniqueDetails, detail)
-        }
-    }
+	for _, detail := range result.Details {
+		if _, exists := detailsMap[detail]; !exists {
+			detailsMap[detail] = true
+			uniqueDetails = append(uniqueDetails, detail)
+		}
+	}
 
-    result.Details = uniqueDetails
+	result.Details = uniqueDetails
 }
 
 func (s *Scanner) RequestCheck() {
@@ -148,8 +146,7 @@ func (s *Scanner) RequestCheck() {
 }
 
 func (s *Scanner) performRequest(payload string, mutex *sync.Mutex) {
-
-
+
 	req, err := http.NewRequest(s.Method, s.URL, nil)
 	if err != nil {
 		mutex.Lock()
@@ -159,7 +156,7 @@ func (s *Scanner) performRequest(payload string, mutex *sync.Mutex) {
 	}
 
 	req.Header.Add("Origin", payload)
-	
+
 	if s.Header != "" {
 		key, value, err := utils.ParseHeader(s.Header)
 		if err != nil {
@@ -169,12 +166,11 @@ func (s *Scanner) performRequest(payload string, mutex *sync.Mutex) {
 		req.Header.Add(key, value)
 
 	}
-	
+
 	if s.Cookies != "" {
 		req.Header.Add("Cookie", s.Cookies)
 	}
 
-
 	resp, err := s.Client.Do(req)
 	if err != nil {
 		mutex.Lock()
@@ -185,14 +181,14 @@ func (s *Scanner) performRequest(payload string, mutex *sync.Mutex) {
 	defer resp.Body.Close()
 
 	_, err = io.Copy(io.Discard, resp.Body)
-    if err != nil {
+	if err != nil {
 		s.Result.ErrorMessage = err.Error()
-		return 
-    }
+		return
+	}
 
 	acao := resp.Header.Get("Access-Control-Allow-Origin")
 	acac := resp.Header.Get("Access-Control-Allow-Credentials")
-	
+
 	vulnerable, details := evaluateResponse(payload, acao, acac)
 	if vulnerable {
 		mutex.Lock()
@@ -204,15 +200,15 @@ func (s *Scanner) performRequest(payload string, mutex *sync.Mutex) {
 }
 
 func evaluateResponse(payload, acao, acac string) (bool, []string) {
-	details := make([]string, 0)	
-	
+	details := make([]string, 0)
+
 	if vulnerable, detail := checkOriginReflected(payload, acao, acac); vulnerable {
 		details = append(details, detail)
 	}
 	if vulnerable, detail := checkWildCard(acao); vulnerable {
-		
+
 		details = append(details, detail)
-	} 
+	}
 	if vulnerable, detail := checkNullOriginAllowed(acao); vulnerable {
 		details = append(details, detail)
 	}
@@ -223,20 +219,19 @@ func evaluateResponse(payload, acao, acac string) (bool, []string) {
 	return false, []string{}
 }
 
-
 // checkOriginReflected checks for specific CORS misconfigurations involving the Access-Control-Allow-Origin (ACAO)
 // and Access-Control-Allow-Credentials (ACAC) headers.
 func checkOriginReflected(payload, acao, acac string) (bool, string) {
 	// Check for ACAO reflecting the Origin or ACAC set to true.
-	var detail  string
+	var detail string
 	if acao == payload || acac == "true" {
-		
+
 		if acac == "" {
-			detail = fmt.Sprintf("%sACAO Header:%s %s",logz.Green, logz.NC, acao)
+			detail = fmt.Sprintf("%sACAO Header:%s %s", logz.Green, logz.NC, acao)
 		} else {
-			detail = fmt.Sprintf("%sACAO Header:%s %s, ACAC Header: %s",logz.Green, logz.NC, acao, acac)
+			detail = fmt.Sprintf("%sACAO Header:%s %s, ACAC Header: %s", logz.Green, logz.NC, acao, acac)
 		}
-		
+
 		return true, detail
 	}
 
@@ -248,34 +243,33 @@ func checkWildCard(acao string) (bool, string) {
 	if acao == "*" {
 		details := fmt.Sprintf("Wildcard ACAO header found. %s", acao)
 
-		return true, details 
+		return true, details
 	}
 	// No misconfiguration detected.
 	return false, ""
 }
 
 // preflightRequestCheck performs a preflight request to see how it's handled.
 func (s *Scanner) preflightRequest() {
-	
+
 	req, err := http.NewRequest("OPTIONS", s.URL, nil)
 	if err != nil {
 		s.Result.ErrorMessage = err.Error()
-		return 
+		return
 	}
 
-
 	resp, err := s.Client.Do(req)
 	if err != nil {
 		s.Result.ErrorMessage = err.Error()
-		return 
+		return
 	}
 	defer resp.Body.Close()
 
 	_, err = io.Copy(io.Discard, resp.Body)
-    if err != nil {
+	if err != nil {
 		s.Result.ErrorMessage = err.Error()
-		return 
-    }
+		return
+	}
 
 	s.Result.ReqData.ACAO = resp.Header.Get("Access-Control-Allow-Origin")
 	s.Result.ReqData.ACAC = resp.Header.Get("Access-Control-Allow-Credentials")
@@ -285,7 +279,6 @@ func (s *Scanner) preflightRequest() {
 
 	s.Result.ReqData.Headers = utils.ParseHeaders(resp.Header.Get("Access-Control-Request-Headers"))
 
-
 }
 
 func checkNullOriginAllowed(acao string) (bool, string) {
@@ -295,5 +288,3 @@ func checkNullOriginAllowed(acao string) (bool, string) {
 	}
 	return false, ""
 }
-
-