Alexandre Flament dalf

## revid.py
# require : gitpython
import git
import time
import sys

# searx repository URL
# TODO : support git URL
searx_url = 'https://github.com/asciimoo/searx'

# where is the local clone

## http2_proxy.sh
# existing setup : tinc tunnel :
# laptop on 10.2.0.2
# server on 10.2.0.1 with apache proxy on 10.2.0.1:8223
#
# configure laptop to use proxy 127.0.0.1:4000

# Laptop : 127.0.0.1:4000 (HTTP1) --> nghttpx --> 10.2.0.1:3000 (HTTP2)
docker run -d --net host dalf/nghttpx /usr/bin/nghttpx --backend 10.2.0.1,3000 --backend-no-tls --frontend-no-tls --http2-bridge --frontend=127.0.0.1,4000 --no-location-rewrite

# Server : 10.2.0.1:3000 (HTTP2) --> nghttpx --> 10.2.0.1:8223 (HTTP1) Apache

## htmlpage.php
<?php

function normalizeString($str) {
  $str = strtolower(trim(html_entity_decode($str)));
  // $str = preg_split('/\s+/', $str, NULL, PREG_SPLIT_NO_EMPTY);
  return $str;
}

function fuzzyCompare($str1, $str2, $normalize = FALSE) {
  if ($str1 === $str2) {

## curladapter.py
import logging
import pycurl
import threading
from itertools import cycle
# use of cStringIO
from cStringIO import StringIO
from time import time
from urllib import urlencode
from multiprocessing import Pool, TimeoutError
from multiprocessing.pool import ThreadPool

## dalf.css
.result_heqder a:hover {
	text-decoration: underline;
}

.result .text-muted small {
	color: #61A75E;
}

.result {
	margin-bottom: 10px;

## morty_test.html
<html>
  <head>
    <title>test</title>
  </head>
  <body BACKGROUND="javascript:alert('XSS')">
    <p>paragrpah</p>

    <a href="    	test.html">test simple</a>

    <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

## transform_engines.py
#!/usr/bin/env python3
#
# helper to do the boring stuff of https://github.com/asciimoo/searx/issues/302
# usage : ```python utils/transform_engines.py```
#
# use redbaron (pip install redbaron)
# have a look to : https://libcst.readthedocs.io/en/latest/why_libcst.html
#
# perhaps some engine specific QA could be done using redbaron, libcst, ast or similar libraries.

## service_identity_test.py
from __future__ import absolute_import, division, print_function

import socket

from OpenSSL import SSL
from service_identity import VerificationError
from service_identity.pyopenssl import verify_hostname


def _verify_callback(conn, cert, errno, depth, ok):

## Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :

# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
  # The most common configuration options are documented and commented below.
  # For a complete reference, please see the online documentation at

## rules.json
[
    {
        "name": "searx.space",
        "filters": ["Header:X-Forwarded-For=(2001:41d0:8:de3::1|176.31.252.227)"],
        "stop": true,
        "actions": [{ "name": "log"}]
    },
    {
        "name": "IP limit, all paths",
        "interval": 3,
	# require : gitpython
	import git
	import time
	import sys

	# searx repository URL
	# TODO : support git URL
	searx_url = 'https://github.com/asciimoo/searx'

	# where is the local clone
	# existing setup : tinc tunnel :
	# laptop on 10.2.0.2
	# server on 10.2.0.1 with apache proxy on 10.2.0.1:8223
	#
	# configure laptop to use proxy 127.0.0.1:4000

	# Laptop : 127.0.0.1:4000 (HTTP1) --> nghttpx --> 10.2.0.1:3000 (HTTP2)
	docker run -d --net host dalf/nghttpx /usr/bin/nghttpx --backend 10.2.0.1,3000 --backend-no-tls --frontend-no-tls --http2-bridge --frontend=127.0.0.1,4000 --no-location-rewrite

	# Server : 10.2.0.1:3000 (HTTP2) --> nghttpx --> 10.2.0.1:8223 (HTTP1) Apache
	<?php

	function normalizeString($str) {
	$str = strtolower(trim(html_entity_decode($str)));
	// $str = preg_split('/\s+/', $str, NULL, PREG_SPLIT_NO_EMPTY);
	return $str;
	}

	function fuzzyCompare($str1, $str2, $normalize = FALSE) {
	if ($str1 === $str2) {
	import logging
	import pycurl
	import threading
	from itertools import cycle
	# use of cStringIO
	from cStringIO import StringIO
	from time import time
	from urllib import urlencode
	from multiprocessing import Pool, TimeoutError
	from multiprocessing.pool import ThreadPool
	.result_heqder a:hover {
	text-decoration: underline;
	}

	.result .text-muted small {
	color: #61A75E;
	}

	.result {
	margin-bottom: 10px;
	<html>
	<head>
	<title>test</title>
	</head>
	<body BACKGROUND="javascript:alert('XSS')">
	<p>paragrpah</p>

	<a href=" test.html">test simple</a>

	<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
	#!/usr/bin/env python3
	#
	# helper to do the boring stuff of https://github.com/asciimoo/searx/issues/302
	# usage : ```python utils/transform_engines.py```
	#
	# use redbaron (pip install redbaron)
	# have a look to : https://libcst.readthedocs.io/en/latest/why_libcst.html
	#
	# perhaps some engine specific QA could be done using redbaron, libcst, ast or similar libraries.
	from __future__ import absolute_import, division, print_function

	import socket

	from OpenSSL import SSL
	from service_identity import VerificationError
	from service_identity.pyopenssl import verify_hostname


	def _verify_callback(conn, cert, errno, depth, ok):
	# -- mode: ruby --
	# vi: set ft=ruby :

	# All Vagrant configuration is done below. The "2" in Vagrant.configure
	# configures the configuration version (we support older styles for
	# backwards compatibility). Please don't change it unless you know what
	# you're doing.
	Vagrant.configure("2") do \|config\|
	# The most common configuration options are documented and commented below.
	# For a complete reference, please see the online documentation at
	[
	{
	"name": "searx.space",
	"filters": ["Header:X-Forwarded-For=(2001:41d0:8:de3::1\|176.31.252.227)"],
	"stop": true,
	"actions": [{ "name": "log"}]
	},
	{
	"name": "IP limit, all paths",
	"interval": 3,