mirror of https://github.com/daffainfo/nuclei.git
Adding content length edge cases (#3147)
* adding content length edge cases * fixing CL behavior * suppressing -1 error * fixing pathdev
parent
5e70f74aff
commit
d956275e98
|
@ -0,0 +1,15 @@
|
|||
id: cl-body-with-header
|
||||
|
||||
info:
|
||||
name: CL Get Request - Body with header
|
||||
author: pdteam
|
||||
severity: info
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- "content_length==50000 && len(body)==14"
|
|
@ -0,0 +1,15 @@
|
|||
id: cl-body-without-header
|
||||
|
||||
info:
|
||||
name: CL Get Request - Body without header
|
||||
author: pdteam
|
||||
severity: info
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- "content_length==14"
|
|
@ -14,6 +14,7 @@ import (
|
|||
"github.com/julienschmidt/httprouter"
|
||||
|
||||
"github.com/projectdiscovery/nuclei/v2/pkg/testutils"
|
||||
logutil "github.com/projectdiscovery/utils/log"
|
||||
stringsutil "github.com/projectdiscovery/utils/strings"
|
||||
)
|
||||
|
||||
|
@ -59,6 +60,8 @@ var httpTestcases = map[string]testutils.TestCase{
|
|||
"http/custom-attack-type.yaml": &customAttackType{},
|
||||
"http/get-all-ips.yaml": &scanAllIPS{},
|
||||
"http/get-without-scheme.yaml": &httpGetWithoutScheme{},
|
||||
"http/cl-body-without-header.yaml": &httpCLBodyWithoutHeader{},
|
||||
"http/cl-body-with-header.yaml": &httpCLBodyWithHeader{},
|
||||
}
|
||||
|
||||
type httpInteractshRequest struct{}
|
||||
|
@ -1037,3 +1040,46 @@ func (h *httpGetWithoutScheme) Execute(filePath string) error {
|
|||
}
|
||||
return expectResultsCount(got, 1)
|
||||
}
|
||||
|
||||
// content-length in case the response has no header but has a body
|
||||
type httpCLBodyWithoutHeader struct{}
|
||||
|
||||
// Execute executes a test case and returns an error if occurred
|
||||
func (h *httpCLBodyWithoutHeader) Execute(filePath string) error {
|
||||
logutil.DisableDefaultLogger()
|
||||
defer logutil.EnableDefaultLogger()
|
||||
|
||||
router := httprouter.New()
|
||||
router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
|
||||
w.Header()["Content-Length"] = []string{"-1"}
|
||||
fmt.Fprintf(w, "this is a test")
|
||||
})
|
||||
ts := httptest.NewTLSServer(router)
|
||||
defer ts.Close()
|
||||
|
||||
got, err := testutils.RunNucleiTemplateAndGetResults(filePath, ts.URL, debug)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return expectResultsCount(got, 1)
|
||||
}
|
||||
|
||||
// content-length in case the response has content-length header and a body
|
||||
type httpCLBodyWithHeader struct{}
|
||||
|
||||
// Execute executes a test case and returns an error if occurred
|
||||
func (h *httpCLBodyWithHeader) Execute(filePath string) error {
|
||||
router := httprouter.New()
|
||||
router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
|
||||
w.Header()["Content-Length"] = []string{"50000"}
|
||||
fmt.Fprintf(w, "this is a test")
|
||||
})
|
||||
ts := httptest.NewTLSServer(router)
|
||||
defer ts.Close()
|
||||
|
||||
got, err := testutils.RunNucleiTemplateAndGetResults(filePath, ts.URL, debug)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return expectResultsCount(got, 1)
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue