-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathmain.py
More file actions
41 lines (24 loc) · 902 Bytes
/
main.py
File metadata and controls
41 lines (24 loc) · 902 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
from flask import Flask, request
from urllib3.util.url import parse_url
from bs4 import BeautifulSoup
import re
import requests
ALLOWED_HOSTS = ["google.com", "checkmarx.com"]
app = Flask(__name__)
@app.route('/')
def proxy():
url = request.args.get('url')
# CVE-2020-7212 - parse_url() -> _encode_invalid_chars()
# CVE-2021-33503 - parse_url()
host = parse_url(url).host
if host not in ALLOWED_HOSTS:
return "Not allowed"
r = requests.get(url)
soup = BeautifulSoup(r.text, 'html.parser')
to_change = soup.find_all(text = re.compile('o'))
for element in to_change:
fixed_text = element.replace('o', 'O')
element.replace_with(fixed_text)
return str(soup)
if __name__ == '__main__':
app.run(port=8080)