检测格式化字符串攻击脚本

'''#------------------------   used for inspect_formatstring_flaw      -------------------------def inspect_format_attack():    print "detecting format attack..........................."    for index in range(0, len(content)):        needoutput = False        if content[index].count("%") > 4:            #find quotes contains char '%'            line = content[index]            pos1 = line.index('%')            begin = pos1            end = pos1            while begin >= 0 and line[begin] != '"':                begin = begin - 1            while end < len(line) and line[end] != '"':                end = end + 1            if begin != -1 and end > begin:                formatstring = line[begin + 1 : end]                formatnum = formatstring.count("%")                formatnum = formatnum - formatstring.count("%%")                formatnum = formatnum + formatstring.count("%ld")                #tranverse the params and validate them, first find the next ','                begin = line[end :].find(',')                if begin == -1:                    needoutput = True                else:                    line = line[begin + end :]                    nindex = index + 1                    #if seperated in several lines                    while line.count(";") == 0:                        line = line + content[nindex]                        nindex = nindex + 1                    pos1 = line.find(';')                    line = line[: pos1]                    if line.count(',') < formatnum:                        needoutput = True                        #IDA failed to recognize more arguments means there may be a format-string attack        if needoutput:            print "\t%d %s"%(index, content[index])'''