diff --git a/src/main/java/hae/component/board/message/MessageTableModel.java b/src/main/java/hae/component/board/message/MessageTableModel.java index d90db8c..409dc14 100644 --- a/src/main/java/hae/component/board/message/MessageTableModel.java +++ b/src/main/java/hae/component/board/message/MessageTableModel.java @@ -173,8 +173,6 @@ public class MessageTableModel extends AbstractTableModel { log.add(logEntry); } } - // 批量更新完成后一次性通知表格更新 - fireTableDataChanged(); } public void deleteByHost(String filterText) { diff --git a/src/main/resources/rules/Rules.yml b/src/main/resources/rules/Rules.yml index 753e4a7..63c8165 100644 --- a/src/main/resources/rules/Rules.yml +++ b/src/main/resources/rules/Rules.yml @@ -46,6 +46,15 @@ rules: scope: response body engine: dfa sensitive: false + - name: PDF.js Viewer + loaded: true + f_regex: (pdf.worker) + s_regex: '' + format: '{0}' + color: green + scope: response body + engine: dfa + sensitive: false - group: Maybe Vulnerability rule: - name: Java Deserialization @@ -162,8 +171,9 @@ rules: sensitive: true - name: Password Field loaded: true - f_regex: ((|\\)(|'|")(|[\w]{1,10})([p](ass|wd|asswd|assword))(|[\w]{1,10})(|\\)(|'|")(:|=|\)\.val\()( - |)(|\\)('|")([^'"]+?)(|\\)('|")(|,|\))) + f_regex: (((|\\)(|'|")(|[\.\w]{1,10})([p](ass|wd|asswd|assword))(|[\.\w]{1,10})(|\\)(|'|")( + |)(:|[=]{1,3}|![=]{1,2}|[\)]{0,1}\.val\()( |)(|\\)('|")([^'"]+?)(|\\)('|")(|,|\)))|((|\\)('|")([^'"]+?)(|\\)('|")(|\\)(|'|")( + |)(:|[=]{1,3}|![=]{1,2})( |)(|[\.\w]{1,10})([p](ass|wd|asswd|assword))(|[\.\w]{1,10})(|\\)(|'|"))) s_regex: '' format: '{0}' color: yellow @@ -172,8 +182,9 @@ rules: sensitive: false - name: Username Field loaded: true - f_regex: ((|\\)(|'|")(|[\w]{1,10})(([u](ser|name|sername))|(account)|((((create|update)((d|r)|(by|on|at)))|(creator))))(|[\w]{1,10})(|\\)(|'|")(:|=|\)\.val\()( - |)(|\\)('|")([^'"]+?)(|\\)('|")(|,|\))) + f_regex: (((|\\)(|'|")(|[\.\w]{1,10})(([u](ser|name|sername))|(account)|((((create|update)((d|r)|(by|on|at)))|(creator))))(|[\.\w]{1,10})(|\\)(|'|")( + |)(:|=|!=|[\)]{0,1}\.val\()( |)(|\\)('|")([^'"]+?)(|\\)('|")(|,|\)))|((|\\)('|")([^'"]+?)(|\\)('|")(|\\)(|'|")( + |)(:|[=]{1,3}|![=]{1,2})( |)(|[\.\w]{1,10})(([u](ser|name|sername))|(account)|((((create|update)((d|r)|(by|on|at)))|(creator))))(|[\.\w]{1,10})(|\\)(|'|"))) s_regex: '' format: '{0}' color: green @@ -209,8 +220,9 @@ rules: sensitive: false - name: Sensitive Field loaded: true - f_regex: ((\[)?('|")?([\w]{0,10})((key)|(secret)|(token)|(config)|(auth)|(access)|(admin)|(ticket))([\w]{0,10})('|")?(\])?( - |)(:|=|\)\.val\()( |)('|")([^'"]+?)('|")(|,|\))) + f_regex: (((\[)?('|")?([\.\w]{0,10})(key|secret|token|config|auth|access|admin|ticket)([\.\w]{0,10})('|")?(\])?( + |)(:|=|!=|[\)]{0,1}\.val\()( |)('|")([^'"]+?)('|")(|,|\)))|((|\\)('|")([^'"]+?)(|\\)('|")(|\\)(|'|")( + |)(:|[=]{1,3}|![=]{1,2})( |)(|[\.\w]{1,10})(key|secret|token|config|auth|access|admin|ticket)(|[\.\w]{1,10})(|\\)(|'|"))) s_regex: '' format: '{0}' color: yellow @@ -219,8 +231,9 @@ rules: sensitive: false - name: Mobile Number Field loaded: true - f_regex: ((|\\)(|'|")(|[\w]{1,10})(mobile|phone|sjh|shoujihao|concat)(|[\w]{1,10})(|\\)(|'|")(:|=|\)\.val\()( - |)(|\\)('|")([^'"]+?)(|\\)('|")(|,|\))) + f_regex: '(((|\\)(|''|")(|[\w]{1,10})(mobile|phone|sjh|shoujihao|concat)(|[\.\w]{1,10})(|\\)(|''|")( + |)(:|=|!=|[\)]{0,1}\.val\()( |)(|\\)(''|")([^''"]+?)(|\\)(''|")(|,|\)))|((|\\)(''|")([^''"]+?)(|\\)(''|")(|\\)(|''|")( + |)(:|[=]{1,3}|![=]{1,2})( |)(|[\.\w]{1,10})(mobile|phone|sjh|shoujihao|concat)(|[\.\w]{1,10})(|\\)(|''|"))) ' s_regex: '' format: '{0}' color: green @@ -284,7 +297,7 @@ rules: engine: nfa sensitive: true - name: Request URI - loaded: true + loaded: false f_regex: ' ((?!.*\.js(\?.*)?$)(.*?[^.js$])) ' s_regex: '' format: '{0}'