Update scan.go

2025-09-17 20:41:37 +00:00 · 2025-03-01 19:03:26 +08:00 · 2025-03-01 19:03:26 +08:00 · 2bcce572b4
commit 2bcce572b4
parent a6fb61a652
1 changed files with 104 additions and 14 deletions
--- a/scan.go
+++ b/scan.go
@ -41,10 +41,13 @@ func scan() {
 				fmt.Printf("Value is not of type RequestResponseLog\n")
 			}

-			// fmt.Println(r)
+			//
 			if r.Request.Header != nil && r.Response.Header != nil && r.Response.Body != nil && r.Response.StatusCode == 200 {
+				// fmt.Println(r)
 				result, resp1, resp2, err := sendHTTPAndKimi(r) // 主要
 				if err != nil {
+					logs.Delete(key)
+					// fmt.Println(r)
 					fmt.Println(err)
 				} else {
 					var resultOutput Result
@ -66,8 +69,6 @@ func scan() {
 					if err != nil {
 						log.Println("解析 JSON 数据失败("+result+": )", err)
 					} else {
-						// fmt.Printf("Res: %s\n", scanR.Res)
-						// fmt.Printf("Reason: %s\n", scanR.Reason)
 						resultOutput.Result = scanR.Res
 						resultOutput.Reason = scanR.Reason
 						jsonData, err := json.Marshal(resultOutput)
@ -106,7 +107,83 @@ func scan() {
 	}
 }

+// func sendHTTPAndKimi(r *RequestResponseLog) (result string, respA string, respB string, err error) {
+// 	jsonDataReq, err := json.Marshal(r.Request)
+// 	if err != nil {
+// 		fmt.Println("Error marshaling:", err)
+// 		// return
+// 	}
+// 	req1 := string(jsonDataReq)
+
+// 	resp1 := string(r.Response.Body)
+
+// 	fullURL := &url.URL{
+// 		Scheme:   r.Request.URL.Scheme,
+// 		Host:     r.Request.URL.Host,
+// 		Path:     r.Request.URL.Path,
+// 		RawQuery: r.Request.URL.RawQuery,
+// 	}
+
+// 	if isNotSuffix(r.Request.URL.Path, config.GetConfig().Suffixes) && !containsString(r.Response.Header.Get("Content-Type"), config.GetConfig().AllowedRespHeaders) {
+
+// 		req, err := http.NewRequest(r.Request.Method, fullURL.String(), strings.NewReader(string(r.Request.Body)))
+// 		if err != nil {
+// 			fmt.Println("创建请求失败:", err)
+// 			return "", "", "", err
+// 		}
+// 		req.Header = r.Request.Header
+// 		// 增加其他头 2025 02 27
+// 		if config.GetConfig().Headers2 != nil {
+// 			for key, value := range config.GetConfig().Headers2 {
+// 				req.Header.Set(key, value)
+// 			}
+// 		}
+// 		// 2025 02 27 end
+// 		// req.Header.Set("Cookie", config.GetConfig().Cookie2)
+// 		// log.Println(req.Header)
+// 		client := &http.Client{}
+// 		resp, err := client.Do(req)
+// 		if err != nil {
+// 			fmt.Println("请求失败:", err)
+// 			return "", "", "", err
+// 		}
+// 		defer resp.Body.Close()
+// 		bodyBytes, err := io.ReadAll(resp.Body)
+// 		if err != nil {
+// 			fmt.Println("Error reading response body:", err)
+// 			return "", "", "", err
+// 		}
+// 		// 将响应体转换为字符串
+// 		resp2 := string(bodyBytes)
+// 		// 输出响应体字符串
+// 		// fmt.Println("Response1 Body:", resp1)
+// 		// fmt.Println("Response2 Body:", resp2)
+// 		if len(resp1+resp2) < 65535 {
+// 			fmt.Println("Serialized JSON:", req1)
+// 			result, err := detectPrivilegeEscalation(config.GetConfig().AI, fullURL.String(), resp1, resp2)
+// 			if err != nil {
+// 				fmt.Println("Error:", err)
+
+// 				return "", "", "", err
+// 			}
+// 			return result, resp1, resp2, nil
+// 		} else {
+// 			return `{"res": "white", "reason": "请求包太大"}`, resp1, resp2, nil
+// 		}
+
+// 		// log.Println("Result:", result)
+
+//		}
+//		return `{"res": "white", "reason": "白名单后缀或白名单Content-Type接口"}`, resp1, "", nil
+//	}
 func sendHTTPAndKimi(r *RequestResponseLog) (result string, respA string, respB string, err error) {
+	jsonDataReq, err := json.Marshal(r.Request)
+	if err != nil {
+		fmt.Println("Error marshaling:", err)
+		return "", "", "", err // 返回错误
+	}
+	req1 := string(jsonDataReq)
+
 	resp1 := string(r.Response.Body)

 	fullURL := &url.URL{
@ -117,6 +194,7 @@ func sendHTTPAndKimi(r *RequestResponseLog) (result string, respA string, respB
 	}

 	if isNotSuffix(r.Request.URL.Path, config.GetConfig().Suffixes) && !containsString(r.Response.Header.Get("Content-Type"), config.GetConfig().AllowedRespHeaders) {
+
 		req, err := http.NewRequest(r.Request.Method, fullURL.String(), strings.NewReader(string(r.Request.Body)))
 		if err != nil {
 			fmt.Println("创建请求失败:", err)
@ -131,7 +209,7 @@ func sendHTTPAndKimi(r *RequestResponseLog) (result string, respA string, respB
 		}
 		// 2025 02 27 end
 		// req.Header.Set("Cookie", config.GetConfig().Cookie2)
-
+		// log.Println(req.Header)
 		client := &http.Client{}
 		resp, err := client.Do(req)
 		if err != nil {
@ -146,22 +224,34 @@ func sendHTTPAndKimi(r *RequestResponseLog) (result string, respA string, respB
 		}
 		// 将响应体转换为字符串
 		resp2 := string(bodyBytes)
-		// 输出响应体字符串
-		// fmt.Println("Response1 Body:", resp1)
-		// fmt.Println("Response2 Body:", resp2)
+
 		if len(resp1+resp2) < 65535 {
-			result, err := detectPrivilegeEscalation(config.GetConfig().AI, fullURL.String(), resp1, resp2)
-			if err != nil {
-				fmt.Println("Error:", err)
-				return "", "", "", err
+			fmt.Println("Serialized JSON:", req1)
+
+			// 初始值
+			var resultDetect string
+			var detectErr error
+			maxRetries := 5
+			for i := 0; i < maxRetries; i++ {
+				resultDetect, detectErr = detectPrivilegeEscalation(config.GetConfig().AI, fullURL.String(), resp1, resp2)
+				if detectErr == nil {
+					break // 成功退出循环
+				}
+				// 可选：增加延迟避免频繁请求
+				fmt.Println("AI分析异常，重试中，异常原因：", detectErr)
+				time.Sleep(5 * time.Second) // 1秒延迟
 			}
-			return result, resp1, resp2, nil
+
+			if detectErr != nil {
+				fmt.Println("Error after retries:", detectErr)
+				return "", "", "", detectErr
+			}
+
+			return resultDetect, resp1, resp2, nil
 		} else {
 			return `{"res": "white", "reason": "请求包太大"}`, resp1, resp2, nil
 		}

-		// log.Println("Result:", result)
-
 	}
 	return `{"res": "white", "reason": "白名单后缀或白名单Content-Type接口"}`, resp1, "", nil
 }