Fix edge cases `disable-path-automerge` (#4035)

* fix edge cases for disable-path-automerge * misc update
2023-08-10 19:28:05 +05:30 · 2023-08-10 19:28:05 +05:30 · 7997e8dbec
parent b2916c1348
commit 7997e8dbec
3 changed files with 11 additions and 2 deletions
--- a/integration_tests/http/disable-path-automerge.yaml
+++ b/integration_tests/http/disable-path-automerge.yaml
@ -10,6 +10,9 @@ http:
      - |
        GET /api/v1/test?id=123 HTTP/1.1
        Host: {{Hostname}}
+      - |
+        GET HTTP/1.1
+        Host: {{Hostname}}
    disable-path-automerge: true
    matchers:
      - type: status
--- a/v2/cmd/integration-test/http.go
+++ b/v2/cmd/integration-test/http.go
@ -1453,11 +1453,15 @@ func (h *httpDisablePathAutomerge) Execute(filePath string) error {
 	router.GET("/api/v1/test", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
 		fmt.Fprint(w, r.URL.Query().Get("id"))
 	})
+	router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+		fmt.Fprint(w, "empty path in raw request")
+	})
+
 	ts := httptest.NewServer(router)
 	defer ts.Close()
 	got, err := testutils.RunNucleiTemplateAndGetResults(filePath, ts.URL+"/api/v1/user", debug)
 	if err != nil {
 		return err
 	}
-	return expectResultsCount(got, 1)
+	return expectResultsCount(got, 2)
 }
--- a/v2/pkg/protocols/http/raw/raw.go
+++ b/v2/pkg/protocols/http/raw/raw.go
@ -36,7 +36,9 @@ func Parse(request string, inputURL *urlutil.URL, unsafe, disablePathAutomerge b
 	// If path is empty do not tamper input url (see doc)
 	// can be omitted but makes things clear
 	case rawrequest.Path == "":
-		rawrequest.Path = inputURL.GetRelativePath()
+		if !disablePathAutomerge {
+			rawrequest.Path = inputURL.GetRelativePath()
+		}

 	// full url provided instead of rel path
 	case strings.HasPrefix(rawrequest.Path, "http") && !unsafe: