2020-12-21 16:46:25 +05:30
|
|
|
package raw
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"testing"
|
|
|
|
|
|
2023-02-01 17:23:28 +05:30
|
|
|
urlutil "github.com/projectdiscovery/utils/url"
|
2020-12-21 16:46:25 +05:30
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
|
)
|
|
|
|
|
|
2025-09-15 23:48:02 +05:30
|
|
|
func TestTryFillCustomHeaders_BufferDetached(t *testing.T) {
|
|
|
|
|
r := &Request{
|
|
|
|
|
UnsafeRawBytes: []byte("GET / HTTP/1.1\r\nHost: example.com\r\n\r\nBody"),
|
|
|
|
|
}
|
|
|
|
|
// first fill
|
|
|
|
|
err := r.TryFillCustomHeaders([]string{"X-Test: 1"})
|
|
|
|
|
require.NoError(t, err, "unexpected error on first call")
|
|
|
|
|
prev := r.UnsafeRawBytes
|
|
|
|
|
prevStr := string(prev) // content snapshot
|
|
|
|
|
err = r.TryFillCustomHeaders([]string{"X-Another: 2"})
|
|
|
|
|
require.NoError(t, err, "unexpected error on second call")
|
|
|
|
|
require.Equal(t, prevStr, string(prev), "first slice mutated after second call; buffer not detached")
|
|
|
|
|
require.NotEqual(t, prevStr, string(r.UnsafeRawBytes), "request bytes did not change after second call")
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-05 15:03:58 +05:30
|
|
|
func TestParseRawRequestWithPort(t *testing.T) {
|
|
|
|
|
request, err := Parse(`GET /gg/phpinfo.php HTTP/1.1
|
2021-02-08 16:07:16 +05:30
|
|
|
Host: {{Hostname}}:123
|
|
|
|
|
Origin: {{BaseURL}}
|
|
|
|
|
Connection: close
|
|
|
|
|
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
|
|
|
|
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
|
2023-06-19 20:22:17 +05:30
|
|
|
Accept-Language: en-US,en;q=0.9`, parseURL(t, "https://example.com:8080"), false, false)
|
2021-02-05 15:03:58 +05:30
|
|
|
require.Nil(t, err, "could not parse GET request")
|
2021-05-03 17:21:30 +05:30
|
|
|
require.Equal(t, "https://example.com:8080/gg/phpinfo.php", request.FullURL, "Could not parse request url correctly")
|
2021-02-05 15:03:58 +05:30
|
|
|
require.Equal(t, "/gg/phpinfo.php", request.Path, "Could not parse request path correctly")
|
2021-02-08 16:07:16 +05:30
|
|
|
|
|
|
|
|
t.Run("path-suffix", func(t *testing.T) {
|
|
|
|
|
request, err := Parse(`GET /hello HTTP/1.1
|
2023-06-19 20:22:17 +05:30
|
|
|
Host: {{Hostname}}`, parseURL(t, "https://example.com:8080/test"), false, false)
|
2021-02-08 16:07:16 +05:30
|
|
|
require.Nil(t, err, "could not parse GET request")
|
|
|
|
|
require.Equal(t, "https://example.com:8080/test/hello", request.FullURL, "Could not parse request url correctly")
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
t.Run("query-values", func(t *testing.T) {
|
|
|
|
|
request, err := Parse(`GET ?username=test&password=test HTTP/1.1
|
2023-06-19 20:22:17 +05:30
|
|
|
Host: {{Hostname}}:123`, parseURL(t, "https://example.com:8080/test"), false, false)
|
2021-02-08 16:07:16 +05:30
|
|
|
require.Nil(t, err, "could not parse GET request")
|
2022-12-13 12:09:31 +05:30
|
|
|
// url.values are sorted to avoid randomness of using maps
|
2023-07-03 12:43:24 +05:30
|
|
|
require.Equal(t, "https://example.com:8080/test?username=test&password=test", request.FullURL, "Could not parse request url correctly")
|
2021-02-08 16:07:16 +05:30
|
|
|
|
|
|
|
|
request, err = Parse(`GET ?username=test&password=test HTTP/1.1
|
2023-06-19 20:22:17 +05:30
|
|
|
Host: {{Hostname}}:123`, parseURL(t, "https://example.com:8080/test/"), false, false)
|
2021-02-08 16:07:16 +05:30
|
|
|
require.Nil(t, err, "could not parse GET request")
|
2023-07-03 12:43:24 +05:30
|
|
|
require.Equal(t, "https://example.com:8080/test/?username=test&password=test", request.FullURL, "Could not parse request url correctly")
|
2021-02-08 16:09:54 +05:30
|
|
|
|
|
|
|
|
request, err = Parse(`GET /?username=test&password=test HTTP/1.1
|
2023-06-19 20:22:17 +05:30
|
|
|
Host: {{Hostname}}:123`, parseURL(t, "https://example.com:8080/test/"), false, false)
|
2021-02-08 16:09:54 +05:30
|
|
|
require.Nil(t, err, "could not parse GET request")
|
2023-07-03 12:43:24 +05:30
|
|
|
require.Equal(t, "https://example.com:8080/test/?username=test&password=test", request.FullURL, "Could not parse request url correctly")
|
2021-02-08 16:07:16 +05:30
|
|
|
})
|
2021-02-05 15:03:58 +05:30
|
|
|
}
|
|
|
|
|
|
2020-12-21 16:46:25 +05:30
|
|
|
func TestParseRawRequest(t *testing.T) {
|
|
|
|
|
request, err := Parse(`GET /manager/html HTTP/1.1
|
|
|
|
|
Host: {{Hostname}}
|
|
|
|
|
Authorization: Basic {{base64('username:password')}}
|
|
|
|
|
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0
|
|
|
|
|
Accept-Language: en-US,en;q=0.9
|
2023-06-19 20:22:17 +05:30
|
|
|
Connection: close`, parseURL(t, "https://test.com"), false, false)
|
2020-12-21 16:46:25 +05:30
|
|
|
require.Nil(t, err, "could not parse GET request")
|
|
|
|
|
require.Equal(t, "GET", request.Method, "Could not parse GET method request correctly")
|
|
|
|
|
require.Equal(t, "/manager/html", request.Path, "Could not parse request path correctly")
|
|
|
|
|
|
|
|
|
|
request, err = Parse(`POST /login HTTP/1.1
|
|
|
|
|
Host: {{Hostname}}
|
2021-01-17 00:51:43 +05:30
|
|
|
Content-Type: application/x-www-form-urlencoded
|
2020-12-21 16:46:25 +05:30
|
|
|
Connection: close
|
|
|
|
|
|
2023-06-19 20:22:17 +05:30
|
|
|
username=admin&password=login`, parseURL(t, "https://test.com"), false, false)
|
2020-12-21 16:46:25 +05:30
|
|
|
require.Nil(t, err, "could not parse POST request")
|
|
|
|
|
require.Equal(t, "POST", request.Method, "Could not parse POST method request correctly")
|
|
|
|
|
require.Equal(t, "username=admin&password=login", request.Data, "Could not parse request data correctly")
|
|
|
|
|
}
|
2021-11-02 14:12:59 +05:30
|
|
|
|
|
|
|
|
func TestParseUnsafeRequestWithPath(t *testing.T) {
|
|
|
|
|
request, err := Parse(`GET /manager/html HTTP/1.1
|
|
|
|
|
Host: {{Hostname}}
|
|
|
|
|
Authorization: Basic {{base64('username:password')}}
|
|
|
|
|
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0
|
|
|
|
|
Accept-Language: en-US,en;q=0.9
|
2023-06-19 20:22:17 +05:30
|
|
|
Connection: close`, parseURL(t, "https://test.com/test/"), true, false)
|
2021-11-02 14:12:59 +05:30
|
|
|
require.Nil(t, err, "could not parse unsafe request")
|
|
|
|
|
require.Contains(t, string(request.UnsafeRawBytes), "GET /test/manager/html", "Could not parse unsafe method request path correctly")
|
2022-10-27 20:09:38 +02:00
|
|
|
|
|
|
|
|
request, err = Parse(`GET ?a=b HTTP/1.1
|
|
|
|
|
Host: {{Hostname}}
|
2023-06-19 20:22:17 +05:30
|
|
|
Origin: {{BaseURL}}`, parseURL(t, "https://test.com/test.js"), true, false)
|
2022-10-27 20:09:38 +02:00
|
|
|
require.Nil(t, err, "could not parse unsafe request")
|
|
|
|
|
require.Contains(t, string(request.UnsafeRawBytes), "GET /test.js?a=b", "Could not parse unsafe method request path correctly")
|
2021-11-02 14:12:59 +05:30
|
|
|
}
|
2021-11-09 08:50:18 +01:00
|
|
|
|
|
|
|
|
func TestTryFillCustomHeaders(t *testing.T) {
|
|
|
|
|
testValue := "GET /manager/html HTTP/1.1\r\nHost: Test\r\n"
|
|
|
|
|
expected := "GET /test/manager/html HTTP/1.1\r\nHost: Test\r\ntest: test\r\n"
|
2023-06-19 20:22:17 +05:30
|
|
|
request, err := Parse(testValue, parseURL(t, "https://test.com/test/"), true, false)
|
2021-11-09 08:50:18 +01:00
|
|
|
require.Nil(t, err, "could not parse unsafe request")
|
|
|
|
|
err = request.TryFillCustomHeaders([]string{"test: test"})
|
|
|
|
|
require.Nil(t, err, "could not add custom headers")
|
|
|
|
|
require.Equal(t, expected, string(request.UnsafeRawBytes), "actual value and expected value are different")
|
|
|
|
|
}
|
2023-02-01 17:23:28 +05:30
|
|
|
|
2023-06-19 20:22:17 +05:30
|
|
|
func TestDisableMergePath(t *testing.T) {
|
|
|
|
|
request, err := Parse(` GET /api/v1/id=123 HTTP/1.1
|
|
|
|
|
Host: {{Hostname}}`, parseURL(t, "https://example.com/api/v1/user"), false, true)
|
|
|
|
|
require.Nil(t, err, "could not parse GET request with disable merge path")
|
|
|
|
|
require.Equal(t, "https://example.com/api/v1/id=123", request.FullURL, "Could not parse request url with disable merge path correctly")
|
|
|
|
|
|
|
|
|
|
request, err = Parse(` GET /api/v1/id=123 HTTP/1.1
|
|
|
|
|
Host: {{Hostname}}`, parseURL(t, "https://example.com/api/v1/user"), false, false)
|
|
|
|
|
require.Nil(t, err, "could not parse GET request with merge path")
|
|
|
|
|
require.Equal(t, "https://example.com/api/v1/user/api/v1/id=123", request.FullURL, "Could not parse request url with merge path correctly")
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-01 17:23:28 +05:30
|
|
|
func parseURL(t *testing.T, inputurl string) *urlutil.URL {
|
|
|
|
|
urlx, err := urlutil.Parse(inputurl)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("failed to parse url %v", urlx)
|
|
|
|
|
}
|
|
|
|
|
return urlx
|
|
|
|
|
}
|
