From 4458dc80a553811c8a8b857420fa2294a4b5e802 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Thu, 30 Jan 2014 16:39:19 -0600
Subject: [PATCH] Clean the find_csrf mehtod

---
 .../exploits/multi/http/tomcat_mgr_upload.rb  | 30 +++++++++----------
 1 file changed, 14 insertions(+), 16 deletions(-)

diff --git a/modules/exploits/multi/http/tomcat_mgr_upload.rb b/modules/exploits/multi/http/tomcat_mgr_upload.rb
index f82aeb8369..7be5a042a2 100644
--- a/modules/exploits/multi/http/tomcat_mgr_upload.rb
+++ b/modules/exploits/multi/http/tomcat_mgr_upload.rb
@@ -10,6 +10,8 @@ class Metasploit3 < Msf::Exploit::Remote
 
   HttpFingerprint = { :pattern => [ /Apache.*(Coyote|Tomcat)/ ] }
 
+  CSRF_VAR = "CSRF_NONCE="
+
   include Msf::Exploit::Remote::HttpClient
   include Msf::Exploit::EXE
 
@@ -303,23 +305,19 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def find_csrf(res = nil)
-    print_status("Finding CSRF")
-    body=res.body
-    body.each_line { |ln|
+    return "" if res.blank?
+
+    print_status("Finding CSRF token...")
+
+    body = res.body
+
+    body.each_line do |ln|
       ln.chomp!
-      csrf_string = "CSRF_NONCE="
-      csrf_nonce = ln.index(csrf_string)
-      csrf_test = 0
-      if csrf_nonce == nil
-        csrf_test = -1
-      else
-        csrf_test = csrf_nonce
-      end
-      if csrf_test >= 0
-        token = ln[csrf_nonce+csrf_string.length,32]
-        return token
-      end
-    }
+      csrf_nonce = ln.index(CSRF_VAR)
+      next if csrf_nonce.nil?
+      token = ln[csrf_nonce + CSRF_VAR.length, 32]
+      return token
+    end
 
     return ""
   end