Format existing BCheck example scripts.

PortSwigger · Nov 28, 2023 · 3d3d9f2 · 3d3d9f2
1 parent d03be8e
commit 3d3d9f2
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 16 deletions.
diff --git a/examples/exposed-backup-file.bcheck b/examples/exposed-backup-file.bcheck
@@ -6,20 +6,17 @@ metadata:
 
 run for each:
     # you could add more values to this list to make the check repeat
-    extension =
-        ".bak",
-        ".back",
-        ".backup",
-        ".old"
+    extension = ".bak", ".back", ".backup", ".old"
 
 given path then
-    if not ({base.response.status_code} is "404") then
+    if not({base.response.status_code} is "404") then
         send request called check:
-            replacing path: {regex_replace ({base.response.url.path}, "(.)/?$", `$1{extension}`)}
+            replacing path: {regex_replace({base.response.url.path}, "(.)/?$", `$1{extension}`)}
 
         if {check.response.status_code} is {base.response.status_code} then
             send request called garbage:
-                replacing path: {regex_replace ({base.response.url.path}, "(.)/?$", `$1.{random_str(10)}`)}
+                replacing path: {regex_replace({base.response.url.path}, "(.)/?$", `$1.{random_str(10)}`)}
+
             if {garbage} differs from {check} then
                 report issue and continue:
                     severity: info

diff --git a/examples/exposed-git-directory.bcheck b/examples/exposed-git-directory.bcheck
@@ -6,9 +6,7 @@ metadata:
 
 run for each:
     # you could add more values to this list to make the check repeat
-    potential_path =
-        "/.git/config",
-        "/.git/config~"
+    potential_path = "/.git/config", "/.git/config~"
 
 given host then
     send request called check:

diff --git a/examples/server-side-prototype-pollution.bcheck b/examples/server-side-prototype-pollution.bcheck
@@ -23,7 +23,8 @@ given request then
             method: "POST"
             body: "{,}"
 
-        if {latest.response.body} matches "\"statusCode\":510" or {latest.response.status_code} is "510" then
+        if {latest.response.body} matches "\"statusCode\":510" or
+            {latest.response.status_code} is "510" then
             send request called clean_sspp:
                 method: "POST"
                 body: {regex_replace({base.request.body}, "[}]$", {nullify})}
@@ -32,7 +33,8 @@ given request then
                 method: "POST"
                 body: "{,}"
 
-            if not({followup_check_sspp.response.body} matches "\"statusCode\":510" or {followup_check_sspp.response.status_code} is "510") then
+            if not({followup_check_sspp.response.body} matches "\"statusCode\":510" or
+                {followup_check_sspp.response.status_code} is "510") then
                 report issue:
                     severity: high
                     confidence: firm

diff --git a/examples/suspicious-input-transformation.bcheck b/examples/suspicious-input-transformation.bcheck
@@ -5,12 +5,11 @@ metadata:
     author: "Carlos Montoya"
 
 define:
-    calculation="{{1337*1337}}"
-    answer="1787569"
+    calculation = "{{1337*1337}}"
+    answer = "1787569"
 
 # we will automatically insert into nested insertion points
 given insertion point then
-
     # prevent false positives by checking answer isn't
     # already in base response
     if not({answer} in {base.response}) then