Improve filtering out of false endpoints. (#49)

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

atom_tools/__init__.py

@@ -1,4 +1,4 @@
 """
 A cli, classes and functions for converting an atom slice to a different format
 """
-__version__ = '0.5.4'
+__version__ = '0.5.5'

atom_tools/lib/converter.py

@@ -23,8 +23,10 @@
 
 logger = logging.getLogger(__name__)
 regex = OpenAPIRegexCollection()
+
 exclusions = ['/content-type', '/application/javascript', '/application/json', '/application/text',
-              '/application/xml', '/*', '/*/*', '/allow', '/GET', '/POST', '/xml', '/cookie']
+              '/application/xml', '/*', '/*/*', '/allow', '/get', '/post', '/xml', '/cookie',
+              '/usestrict', '/maxage', '/sessionid']
 
 
 class OpenAPI:
@@ -256,7 +258,7 @@ def _extract_endpoints(self, method: str) -> List[str]:
         matches = self._filter_matches(matches, method)
         return [
             v for v in matches
-            if v and v not in exclusions and not v.lower().startswith('/x-')
+            if v and v.lower() not in exclusions and not v.lower().startswith('/x-')
         ]
 
     def _extract_params(self, ep: str) -> Tuple[str, bool, List]:
@@ -298,7 +300,8 @@ def _filter_matches(self, matches: List[str], code: str) -> List[str]:
                 ):
                     return filtered_matches
             case 'js' | 'ts' | 'javascript' | 'typescript':
-                if 'app.' not in code and 'route' not in code and 'ftp' not in code:
+                if ('app.' not in code and 'route' not in code and 'ftp' not in code) or (
+                        'app.set(' in code):
                     return filtered_matches
 
         for m in matches:

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "atom-tools"
-version = "0.5.4"
+version = "0.5.5"
 description = "Collection of tools for use with AppThreat/atom."
 authors = [
   { name = "Caroline Russell", email = "caroline@appthreat.dev" },