External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-24 05:07:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixing full URL output with unsafe requests (#1445)

Browse Source 
* Fixing full URL output with unsafe requests

* using request url as matched url if empty
This commit is contained in:
Mzack9999 2022-01-10 14:24:33 +01:00 committed by GitHub
parent b77723941d
commit 3748eae5fb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
v2/pkg/protocols/http/raw/raw.go
View File

@ -30,7 +30,7 @@ func Parse(request, baseURL string, unsafe bool) (*Request, error) {
rawRequest := &Request{ rawRequest := &Request{
Headers: make(map[string]string), Headers: make(map[string]string),
} }
parsedURL, err := url.Parse(baseURL) parsedURL, err := url.Parse(baseURL)
if err != nil { if err != nil {
return nil, fmt.Errorf("could not parse request URL: %w", err) return nil, fmt.Errorf("could not parse request URL: %w", err)
@ -116,18 +116,21 @@ func Parse(request, baseURL string, unsafe bool) (*Request, error) {
if strings.HasSuffix(parsedURL.Path, "/") && strings.HasPrefix(rawRequest.Path, "/") { if strings.HasSuffix(parsedURL.Path, "/") && strings.HasPrefix(rawRequest.Path, "/") {
parsedURL.Path = strings.TrimSuffix(parsedURL.Path, "/") parsedURL.Path = strings.TrimSuffix(parsedURL.Path, "/")
} }
if parsedURL.Path != rawRequest.Path {
rawRequest.Path = fmt.Sprintf("%s%s", parsedURL.Path, rawRequest.Path)
}
if strings.HasSuffix(rawRequest.Path, "//") {
rawRequest.Path = strings.TrimSuffix(rawRequest.Path, "/")
}
rawRequest.FullURL = fmt.Sprintf("%s://%s%s", parsedURL.Scheme, strings.TrimSpace(hostURL), rawRequest.Path)
// If raw request doesn't have a Host header and isn't marked unsafe, if !unsafe {
// this will generate the Host header from the parsed baseURL if parsedURL.Path != rawRequest.Path {
if !unsafe && rawRequest.Headers["Host"] == "" { rawRequest.Path = fmt.Sprintf("%s%s", parsedURL.Path, rawRequest.Path)
rawRequest.Headers["Host"] = hostURL }
if strings.HasSuffix(rawRequest.Path, "//") {
rawRequest.Path = strings.TrimSuffix(rawRequest.Path, "/")
}
rawRequest.FullURL = fmt.Sprintf("%s://%s%s", parsedURL.Scheme, strings.TrimSpace(hostURL), rawRequest.Path)
// If raw request doesn't have a Host header and isn't marked unsafe,
// this will generate the Host header from the parsed baseURL
if rawRequest.Headers["Host"] == "" {
rawRequest.Headers["Host"] = hostURL
}
} }
// Set the request body // Set the request body

5
v2/pkg/protocols/http/request.go
View File

@ -418,6 +418,11 @@ func (request *Request) executeRequest(reqURL string, generatedRequest *generate
} }
} }
// use request url as matched url if empty
if formedURL == "" {
formedURL = reqURL
}
if err != nil { if err != nil {
// rawhttp doesn't support draining response bodies. // rawhttp doesn't support draining response bodies.
if resp != nil && resp.Body != nil && generatedRequest.rawRequest == nil { if resp != nil && resp.Body != nil && generatedRequest.rawRequest == nil {