helpers¶
Package helpers provides utility functions for common operations throughout the Engine-AntiGinx application. This file contains mathematical utility functions for numeric operations.
Package helpers provides utility functions for common operations throughout the Engine-AntiGinx application. It includes string manipulation utilities such as case-insensitive substring matching, duplicate removal, and other helper functions for data processing.
Package Runner provides the TargetFormatter component for intelligent URL formatting based on the tests being executed. This file contains logic for automatically selecting the appropriate protocol (HTTP/HTTPS) based on test requirements.
Index¶
- func AnyStringInSlice(slice []string, items []string) bool
- func CheckParameters(givenParams []*types.CommandParameter) *Errors.Error
- func ContainsAnySubstring(s string, subs []string) bool
- func DeserializeTests(bytes []byte) (*types.TestJson, *Errors.Error)
- func MinInt(a, b int) int
- func RemoveDuplicates(slice []string) []string
- func StringInSlice(slice []string, item string) bool
- func checkArgs(args []string, givenArgs []string) *Errors.Error
- type FileReader
- type OSFileReader
- func CreateFileReader() *OSFileReader
- func (osf *OSFileReader) ReadFileW(filename string) ([]byte, error)
- type targetFormatter
- func InitializeTargetFormatter() *targetFormatter
- func (t *targetFormatter) Format(target string, params []string) *string
- func (t *targetFormatter) containsParam(params []string, token string) bool
func AnyStringInSlice¶
AnyStringInSlice checks if a string slice contains any of the specified items. This extends the StringInSlice function to check for multiple potential matches.
Parameters:
- slice: The slice of strings to search in
- items: The slice of strings to search for
Returns:
- bool: true if any item is found in the slice, false otherwise
Example:
allowed := []string{"GET", "POST", "PUT"}
methods := []string{"GET", "DELETE"}
hasValid := AnyStringInSlice(allowed, methods) // returns true (GET is found)
func CheckParameters¶
CheckParameters iterates through the provided parameters and validates them against the global Params whitelist.
It performs several checks:
- Checks for nil references.
- Verifies if the parameter name exists in the whitelist.
- Validates argument counts (min/max constraints).
- Applies default values for optional parameters if arguments are missing.
- Delegates specific argument validation to checkArgs.
func ContainsAnySubstring¶
ContainsAnySubstring performs a case-insensitive search to determine if any of the provided substrings exist within the target string. This is particularly useful for detecting keywords or patterns in HTTP responses, such as bot protection indicators or security challenges.
The function converts both the target string and all substrings to lowercase before comparison, ensuring consistent matching regardless of character casing.
Parameters:
- s: The target string to search within
- subs: A slice of substrings to search for
Returns:
- bool: true if any substring is found in the target string, false otherwise
Example:
keywords := []string{"cloudflare", "captcha", "challenge"}
body := "Please complete the Cloudflare Challenge to continue"
if ContainsAnySubstring(body, keywords) {
fmt.Println("Bot protection detected")
}
func DeserializeTests¶
func MinInt¶
MinInt returns the smaller of two integers. This is a simple utility function for numeric comparison.
Parameters:
- a: First integer
- b: Second integer
Returns:
- int: The smaller of the two integers
Example:
func RemoveDuplicates¶
RemoveDuplicates removes duplicate strings from a slice while preserving the original order of first occurrence. It uses a map-based approach for efficient O(n) performance.
This function is useful for deduplicating lists of test IDs, HTTP methods, or any other string collections where uniqueness is required.
Parameters:
- slice: The input slice of strings that may contain duplicates
Returns:
- []string: A new slice containing only unique strings in their order of first appearance
Example:
methods := []string{"GET", "POST", "GET", "OPTIONS", "POST"}
unique := RemoveDuplicates(methods)
// Result: ["GET", "POST", "OPTIONS"]
func StringInSlice¶
StringInSlice checks if a string slice contains a specific item. This is a basic utility function for slice membership testing.
Parameters:
- slice: The slice of strings to search in
- item: The string to search for
Returns:
- bool: true if item is found in the slice, false otherwise
Example:
allowed := []string{"GET", "POST", "PUT"}
isValid := StringInSlice(allowed, "GET") // returns true
isValid := StringInSlice(allowed, "INVALID") // returns false
func checkArgs¶
checkArgs verifies that the given arguments are allowed for a specific parameter. It checks if the arguments exist in the 'args' whitelist and detects duplicates.
Return error if:
- An argument is not in the whitelist (Error 106).
- An argument appears more than once (Error 107).
type FileReader¶
type OSFileReader¶
func CreateFileReader¶
func (*OSFileReader) ReadFileW¶
type targetFormatter¶
targetFormatter is responsible for formatting target URLs by intelligently adding appropriate protocol prefixes (http:// or https://) based on the tests being executed.
The formatter implements smart protocol selection:
- Uses HTTP protocol when testing HTTP-specific vulnerabilities (https, hsts tests)
- Uses HTTPS protocol for all other tests by default
- Validates that user hasn't already specified a protocol
This ensures tests can properly assess protocol-level security issues without automatic browser redirects interfering with the analysis.
func InitializeTargetFormatter¶
InitializeTargetFormatter creates a new instance of targetFormatter ready to format target URLs. This factory function provides the entry point for creating a formatter that intelligently selects protocols based on test requirements.
The formatter is stateless and can be reused for multiple formatting operations if needed, though typically only one instance is created per test run.
Returns:
- *targetFormatter: A new formatter instance ready to call Format()
Example:
formatter := InitializeTargetFormatter()
targetURL := formatter.Format("example.com", []string{"https", "hsts"})
// Returns: "http://example.com" (HTTP for protocol testing)
func (*targetFormatter) Format¶
Format constructs a properly formatted target URL by adding the appropriate protocol prefix based on the tests being executed. It implements intelligent protocol selection to ensure tests can properly assess security configurations.
Protocol selection logic:
-
HTTP (http://): Used when "https" or "hsts" tests are included Rationale: These tests specifically check for HTTP→HTTPS redirects and HSTS headers, so starting with HTTP is necessary to observe the security behavior
-
HTTPS (https://): Used for all other test combinations (default) Rationale: Most security tests should analyze the secure connection
Validation:
- Panics if target already contains "http://" or "https://" prefix Rationale: User should provide bare domain/hostname to allow automatic protocol selection
Performance optimization:
- Uses strings.Builder with pre-allocated capacity for efficient string construction
- Grows buffer to avoid reallocations: len(target) + len("https://")
Parameters:
- target: Bare domain or hostname without protocol (e.g., "example.com", "api.example.com")
- params: List of test IDs to be executed (e.g., ["https", "hsts", "csp"])
Returns:
- *string: Pointer to formatted URL with appropriate protocol prefix
Panics:
- Errors.Error with code 100: If target already contains protocol prefix
Examples:
formatter := InitializeTargetFormatter()
// HTTPS test requires HTTP to check redirect behavior
url1 := formatter.Format("example.com", []string{"https", "csp"})
// Returns: "http://example.com"
// HSTS test requires HTTP to check HSTS header
url2 := formatter.Format("example.com", []string{"hsts"})
// Returns: "http://example.com"
// Other tests default to HTTPS
url3 := formatter.Format("example.com", []string{"csp", "xFrame"})
// Returns: "https://example.com"
// Invalid: protocol already specified
url4 := formatter.Format("https://example.com", []string{"https"})
// Panics with error code 100
func (*targetFormatter) containsParam¶
containsParam is a helper function that performs a linear search to determine if a specific test ID (token) exists in the list of tests to be executed. This function is used internally by Format to implement protocol selection logic.
The function uses simple iteration with O(n) time complexity, which is acceptable given that the params slice is typically small (usually 1-10 test IDs).
Parameters:
- params: Slice of test IDs to search through
- token: The test ID to search for (e.g., "https", "hsts")
Returns:
- bool: true if token is found in params, false otherwise
Example:
formatter := &targetFormatter{}
tests := []string{"https", "hsts", "csp"}
found1 := formatter.containsParam(tests, "https") // returns true
found2 := formatter.containsParam(tests, "xFrame") // returns false
Generated by gomarkdoc