From 9e65bfe37121bd1a62763a845f1444ed120cec26 Mon Sep 17 00:00:00 2001 From: stasinopoulos Date: Tue, 12 Nov 2024 07:04:26 +0200 Subject: [PATCH] Potential fix for https://github.com/commixproject/commix/issues/978 --- src/thirdparty/flatten_json/flatten_json.py | 6 +++--- src/utils/settings.py | 4 +++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/thirdparty/flatten_json/flatten_json.py b/src/thirdparty/flatten_json/flatten_json.py index 1d3129d52a..5815734e37 100644 --- a/src/thirdparty/flatten_json/flatten_json.py +++ b/src/thirdparty/flatten_json/flatten_json.py @@ -34,7 +34,7 @@ def _construct_key(previous_key, separator, new_key): else: return new_key -def flatten(nested_dict, separator="_", root_keys_to_ignore=""): +def flatten(nested_dict, separator=settings.FLATTEN_JSON_SEPARATOR, root_keys_to_ignore=""): """ Flattens a dictionary with nested structure to a dictionary with no hierarchy Consider ignoring keys that you are not interested in to prevent unnecessary processing @@ -87,7 +87,7 @@ def _unflatten_asserts(flat_dict, separator): settings.print_data_to_stdout(settings.print_critical_msg(err_msg)) raise SystemExit() -def unflatten(flat_dict, separator='_'): +def unflatten(flat_dict, separator=settings.FLATTEN_JSON_SEPARATOR): """ Creates a hierarchical dictionary from a flattened dictionary Assumes no lists are present @@ -112,7 +112,7 @@ def _unflatten(dic, keys, value): return unflattened_dict -def unflatten_list(flat_dict, separator='_'): +def unflatten_list(flat_dict, separator=settings.FLATTEN_JSON_SEPARATOR): """ Unflattens a dictionary, first assuming no lists exist and then tries to identify lists and replaces them This is probably not very efficient and has not been tested extensively diff --git a/src/utils/settings.py b/src/utils/settings.py index 8df77ea131..5691160847 100755 --- a/src/utils/settings.py +++ b/src/utils/settings.py @@ -262,7 +262,7 @@ def sys_argv_errors(): DESCRIPTION = "The command injection exploiter" AUTHOR = "Anastasios Stasinopoulos" VERSION_NUM = "4.0" -REVISION = "111" +REVISION = "112" STABLE_RELEASE = False VERSION = "v" if STABLE_RELEASE: @@ -1314,6 +1314,8 @@ class END_LINE: IGNORE_SPECIAL_CHAR_REGEX = "[^/()A-Za-z0-9.:,_+]" IGNORE_JSON_CHAR_REGEX = r"[{}\"\[\]]" +FLATTEN_JSON_SEPARATOR = ''.join(random.choice("{}") for _ in range(10)) + "_" + PERFORM_CRACKING = False PAGE_COMPRESSION = None