fix missing trailing slash (#3127)

* raw: fix missing trailing slash * adds rawpath integration test * rename trailing slash test
2023-01-03 23:45:34 +05:30 · 2023-01-03 23:45:34 +05:30 · e66ed30cec
parent bfbc12826d
commit e66ed30cec
3 changed files with 42 additions and 0 deletions
--- a/integration_tests/http/raw-path-trailing-slash.yaml
+++ b/integration_tests/http/raw-path-trailing-slash.yaml
@ -0,0 +1,13 @@
+id: raw-path-trailing-slash
+
+info:
+  name: Test RAW HTTP Template with trailing slash
+  author: pdteam
+  severity: info
+
+requests:
+  - raw:
+      - |
+        GET /test/..;/..;/ HTTP/1.1
+        Host: {{Hostname}}
+        Origin: {{BaseURL}}
--- a/v2/cmd/integration-test/http.go
+++ b/v2/cmd/integration-test/http.go
@ -33,6 +33,7 @@ var httpTestcases = map[string]testutils.TestCase{
 	"http/raw-dynamic-extractor.yaml":               &httpRawDynamicExtractor{},
 	"http/raw-get-query.yaml":                       &httpRawGetQuery{},
 	"http/raw-get.yaml":                             &httpRawGet{},
+	"http/raw-path-trailing-slash.yaml":             &httpRawPathTrailingSlash{},
 	"http/raw-payload.yaml":                         &httpRawPayload{},
 	"http/raw-post-body.yaml":                       &httpRawPostBody{},
 	"http/request-condition.yaml":                   &httpRequestCondition{},
@ -505,6 +506,31 @@ func (h *httpRawGet) Execute(filePath string) error {
 	return expectResultsCount(results, 1)
 }

+type httpRawPathTrailingSlash struct{}
+
+func (h *httpRawPathTrailingSlash) Execute(filepath string) error {
+	router := httprouter.New()
+	var routerErr error
+
+	router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+		if r.RequestURI != "/test/..;/..;/" {
+			routerErr = fmt.Errorf("expected path /test/..;/..;/ but got %v", r.RequestURI)
+			return
+		}
+	})
+	ts := httptest.NewServer(router)
+	defer ts.Close()
+
+	_, err := testutils.RunNucleiTemplateAndGetResults(filepath, ts.URL, debug)
+	if err != nil {
+		return err
+	}
+	if routerErr != nil {
+		return routerErr
+	}
+	return nil
+}
+
 type httpRawPayload struct{}

 // Execute executes a test case and returns an error if occurred
--- a/v2/pkg/protocols/http/utils/url.go
+++ b/v2/pkg/protocols/http/utils/url.go
@ -13,8 +13,11 @@ func JoinURLPath(elem1 string, elem2 string) string {
 		Path.Join converts /test/ to /test
 		this should be handled manually
 	*/
+	// if any one of path is empty path.Join removes trailing slash
 	if elem2 == "" {
 		return elem1
+	} else if elem1 == "" {
+		return elem2
 	}
 	if elem2 == "/" || elem2 == "/?" {
 		// check for extra slash