looksLikeFormEncoded heuristically classifies body as application/ x-www-form-urlencoded payload. Used by the noise-aware ExactBodyMatch pass to decide whether to take the form-segment path. Heuristic mirrors enterprise/pkg/secret's same-named helper: must contain '=', must not start with a JSON or
(body string)
| 929 | // enterprise/pkg/secret's same-named helper: must contain '=', must not |
| 930 | // start with a JSON or XML marker, and must parse via url.ParseQuery. |
| 931 | func looksLikeFormEncoded(body string) bool { |
| 932 | if !strings.Contains(body, "=") { |
| 933 | return false |
| 934 | } |
| 935 | trimmed := strings.TrimSpace(body) |
| 936 | if len(trimmed) > 0 && (trimmed[0] == '<' || trimmed[0] == '{' || trimmed[0] == '[') { |
| 937 | return false |
| 938 | } |
| 939 | _, err := url.ParseQuery(body) |
| 940 | return err == nil |
| 941 | } |
| 942 | |
| 943 | // valueHasUnixTimestamp reports whether s contains a decimal run that looks |
| 944 | // like a modern unix timestamp — 10 digits in [1_500_000_000, 2_500_000_000] |