Add rules

Marven11 · Marven11 · commit b3af8add78b3 · 2025-01-31T20:33:11.000+08:00
diff --git a/fenjing/const.py b/fenjing/const.py
@@ -267,7 +267,9 @@ class DetectWafKeywords(Enum):
     (STRING, "__add__"),
     (STRING, "__globals__"),
     (STRING, "__builtins__"),
+    (STRING, "__getitem__"),
     (STRING, "eval"),
+    (STRING, "bytes"),
 ]
 
 RENDER_ERROR_KEYWORDS = [
diff --git a/fenjing/rules/string.py b/fenjing/rules/string.py
@@ -529,7 +529,6 @@ def gen_string_lipsumtobytes4(context: dict, value: str):
     ints: List[Target] = join_target(
         sep=(LITERAL, ","), targets=[(INTEGER, ord(c)) for c in value]
     )
-    # TODO: rewrite it with GENERATED_EXPR
     bytes_targets = targets_from_pattern(
         "lipsum[GLOBALS][BUILTINS][BYTES]( ( INTS ) MAYBE_COMMA)[DECODE]( )",
         {
@@ -579,6 +578,40 @@ def gen_string_lipsumtobytes5(context: dict, value: str):
     ] + [(REQUIRE_PYTHON3,)]
 
 
+@expression_gen
+def gen_string_undefinedtobytes(context: dict, value: str):
+
+    bytes_targets = targets_from_pattern(
+        "UNDEFINED|attr( ADD )|attr( GLOBALS )|attr( GETITEM )( BUILTINS )"
+        "|attr( GETITEM )( BYTES )( ( INTS ) MAYBE_COMMA)|attr(DECODE)( )",
+        {
+            "UNDEFINED": (ONEOF, [
+                [(LITERAL, "a")],
+                [(LITERAL, "t")],
+                [(LITERAL, "r")],
+                [(LITERAL, "x")],
+            ]),
+            "ADD": (GENERATED_EXPR, (STRING, "__add__")),
+            "GLOBALS": (GENERATED_EXPR, (STRING, "__globals__")),
+            "GETITEM": (GENERATED_EXPR, (STRING, "__getitem__")),
+            "BUILTINS": (GENERATED_EXPR, (STRING, "__builtins__")),
+            "BYTES": (GENERATED_EXPR, (STRING, "bytes")),
+            " ": (WHITESPACE,),
+            "INTS": join_target(
+                sep=(LITERAL, ","), targets=[(INTEGER, ord(c)) for c in value]
+            ),
+            "MAYBE_COMMA": (ONEOF, [[(LITERAL, ",")], [(LITERAL, "")]]),
+            "DECODE": (GENERATED_EXPR, (STRING, "decode")),
+        },
+    )
+    return [
+        (
+            EXPRESSION,
+            precedence["function_call"],
+            bytes_targets,
+        )
+    ] + [(REQUIRE_PYTHON3,)]
+
 @expression_gen
 def gen_string_formatpercent1(context: dict, value: str):
     # (('%c'*n)%(97,98,99))

Original file line number	Diff line number	Diff line change
`@@ -267,7 +267,9 @@ class DetectWafKeywords(Enum):`
`267`	`267`	`(STRING, "__add__"),`
`268`	`268`	`(STRING, "__globals__"),`
`269`	`269`	`(STRING, "__builtins__"),`
	`270`	`+ (STRING, "__getitem__"),`
`270`	`271`	`(STRING, "eval"),`
	`272`	`+ (STRING, "bytes"),`
`271`	`273`	`]`
`272`	`274`
`273`	`275`	`RENDER_ERROR_KEYWORDS = [`