search

tijme / angularjs-csti-scanner

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS v1.x.
MIT License
291 stars 86 forks source link

Error: TypeError: argument of type 'NoneType' is not iterable #16

Closed random-robbie closed 5 years ago

random-robbie commented 5 years ago

One line summary of the issue here.

Expected behavior

No errors to be shown

Actual behavior

see output below

Steps to reproduce the behavior

host@host:~/tools/angularjs-csti-scanner$ python acstis.py -c -siv -vp -d https://www.oddschecker.com

  /$$$$$$   /$$$$$$   /$$$$$$  /$$$$$$$$ /$$$$$$  /$$$$$$
 /$$__  $$ /$$__  $$ /$$__  $$|__  $$__/|_  $$_/ /$$__  $$
| $$  \ $$| $$  \__/| $$  \__/   | $$     | $$  | $$  \__/
| $$$$$$$$| $$      |  $$$$$$    | $$     | $$  |  $$$$$$
| $$__  $$| $$       \____  $$   | $$     | $$   \____  $$
| $$  | $$| $$    $$ /$$  \ $$   | $$     | $$   /$$  \ $$
| $$  | $$|  $$$$$$/|  $$$$$$/   | $$    /$$$$$$|  $$$$$$/
|__/  |__/ \______/  \______/    |__/   |______/ \______/

Version 3.0.6 - Copyright 2017 Tijme Gommers <tijme@finnwea.com>

[INFO] Looking for AngularJS version using a headless browser.
[INFO] Waiting until DOM is completely loaded.
[INFO] Found AngularJS version 1.3.20.
[INFO] Angular CSTI scanner started.
[INFO] Scanning https://www.oddschecker.com
argument of type 'NoneType' is not iterable
Traceback (most recent call last):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Driver.py", line 256, in cb_request_in_thread_after_finish
    queue_item.vulnerable_items = Scanner(self, self.__angular_version, self.__args.verify_payload, queue_item).get_vulnerable_items()
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 99, in get_vulnerable_items
    if self.__is_item_vulnerable(item):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 120, in __is_item_vulnerable
    if not "html" in queue_item.response.headers.get("content-type"):
TypeError: argument of type 'NoneType' is not iterable

[INFO] Scanning https://www.oddschecker.com/search?query=FaaIGDVVxm
[INFO] Scanning https://www.oddschecker.com/
[INFO] Scanning https://www.oddschecker.com/tips
[INFO] Scanning https://www.oddschecker.com/free-bets
[INFO] Scanning https://www.oddschecker.com/casino-bonus
[INFO] Scanning https://www.oddschecker.com/bingo-bonuses
[INFO] Scanning https://www.oddschecker.com/insight
[INFO] Scanning https://www.oddschecker.com/myoddschecker/login
[INFO] Scanning https://www.oddschecker.com/myoddschecker/my-profile
[INFO] Scanning https://www.oddschecker.com/myoddschecker/bookmakers
[INFO] Scanning https://www.oddschecker.com/myoddschecker/my-bets
[INFO] Scanning https://www.oddschecker.com/myoddschecker/logout
[INFO] Scanning https://www.oddschecker.com/odds-format
[INFO] Scanning https://www.oddschecker.com/exchange-settings
[INFO] Scanning https://www.oddschecker.com/bet-basket
[INFO] Scanning https://www.oddschecker.com/market-movers
[INFO] Scanning https://www.oddschecker.com/tv-sports-calendar
[INFO] Scanning https://www.oddschecker.com/betting-tools/bet-calculator
[INFO] Scanning https://www.oddschecker.com/help/using-oddschecker/how-it-works
[INFO] Scanning https://www.oddschecker.com/football
argument of type 'NoneType' is not iterable
Traceback (most recent call last):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Driver.py", line 256, in cb_request_in_thread_after_finish
    queue_item.vulnerable_items = Scanner(self, self.__angular_version, self.__args.verify_payload, queue_item).get_vulnerable_items()
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 99, in get_vulnerable_items
    if self.__is_item_vulnerable(item):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 120, in __is_item_vulnerable
    if not "html" in queue_item.response.headers.get("content-type"):
TypeError: argument of type 'NoneType' is not iterable

argument of type 'NoneType' is not iterable
Traceback (most recent call last):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Driver.py", line 256, in cb_request_in_thread_after_finish
    queue_item.vulnerable_items = Scanner(self, self.__angular_version, self.__args.verify_payload, queue_item).get_vulnerable_items()
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 99, in get_vulnerable_items
    if self.__is_item_vulnerable(item):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 120, in __is_item_vulnerable
    if not "html" in queue_item.response.headers.get("content-type"):
TypeError: argument of type 'NoneType' is not iterable

argument of type 'NoneType' is not iterable
Traceback (most recent call last):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Driver.py", line 256, in cb_request_in_thread_after_finish
    queue_item.vulnerable_items = Scanner(self, self.__angular_version, self.__args.verify_payload, queue_item).get_vulnerable_items()
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 99, in get_vulnerable_items
    if self.__is_item_vulnerable(item):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 120, in __is_item_vulnerable
    if not "html" in queue_item.response.headers.get("content-type"):
TypeError: argument of type 'NoneType' is not iterable

argument of type 'NoneType' is not iterable
Traceback (most recent call last):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Driver.py", line 256, in cb_request_in_thread_after_finish
    queue_item.vulnerable_items = Scanner(self, self.__angular_version, self.__args.verify_payload, queue_item).get_vulnerable_items()
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 99, in get_vulnerable_items
    if self.__is_item_vulnerable(item):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 120, in __is_item_vulnerable
    if not "html" in queue_item.response.headers.get("content-type"):
TypeError: argument of type 'NoneType' is not iterable

argument of type 'NoneType' is not iterable
Traceback (most recent call last):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Driver.py", line 256, in cb_request_in_thread_after_finish
    queue_item.vulnerable_items = Scanner(self, self.__angular_version, self.__args.verify_payload, queue_item).get_vulnerable_items()
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 99, in get_vulnerable_items
    if self.__is_item_vulnerable(item):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 120, in __is_item_vulnerable
    if not "html" in queue_item.response.headers.get("content-type"):
TypeError: argument of type 'NoneType' is not iterable

[INFO] Scanning https://www.oddschecker.com/horse-racing
argument of type 'NoneType' is not iterable
Traceback (most recent call last):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Driver.py", line 256, in cb_request_in_thread_after_finish
    queue_item.vulnerable_items = Scanner(self, self.__angular_version, self.__args.verify_payload, queue_item).get_vulnerable_items()
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 99, in get_vulnerable_items
    if self.__is_item_vulnerable(item):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 120, in __is_item_vulnerable
    if not "html" in queue_item.response.headers.get("content-type"):
TypeError: argument of type 'NoneType' is not iterable

argument of type 'NoneType' is not iterable
Traceback (most recent call last):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Driver.py", line 256, in cb_request_in_thread_after_finish
    queue_item.vulnerable_items = Scanner(self, self.__angular_version, self.__args.verify_payload, queue_item).get_vulnerable_items()
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 99, in get_vulnerable_items
    if self.__is_item_vulnerable(item):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 120, in __is_item_vulnerable
    if not "html" in queue_item.response.headers.get("content-type"):
TypeError: argument of type 'NoneType' is not iterable

happens on python 2.7 and python 3.5.2

SeriyVol4ishe commented 5 years ago

the same errors

tijme commented 5 years ago

Sorry that this took so long (I've been very busy lately), but it's fixed now. Please note that the website www.oddschecker.com does not accept user agents containing the word 'Python'. If you want to scan this website you would need to change the user agent, as explained under the chapter 'headers' in the readme.