garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix #228, #327 Infinite loop when self-redirect

Browse Source
This commit is contained in:
erwanlr
2013-11-18 11:20:15 +00:00
parent 0c2937936b
commit 1c34f48c39
3 changed files with 20 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lib/common/browser.rb
View File

@@ -120,18 +120,14 @@ class Browser
) )
end end
if @request_timeout params.merge!(timeout: @request_timeout) if @request_timeout
params = params.merge(timeout: @request_timeout) params.merge!(connecttimeout: @connect_timeout) if @connect_timeout
end
if @connect_timeout
params = params.merge(connecttimeout: @connect_timeout)
end
# Used to enable the cache system if :cache_ttl > 0 # Used to enable the cache system if :cache_ttl > 0
unless params.has_key?(:cache_ttl) params.merge!(cache_ttl: @cache_ttl) unless params.has_key?(:cache_ttl)
params = params.merge(cache_ttl: @cache_ttl)
end # Prevent infinite self redirection
params.merge!(maxredirs: 3) unless params.has_key?(:maxredirs)
# Disable SSL-Certificate checks # Disable SSL-Certificate checks
params.merge!(ssl_verifypeer: false) params.merge!(ssl_verifypeer: false)

5
lib/common/models/wp_item/existable.rb
View File

@@ -29,7 +29,10 @@ class WpItem
# #
# @return [ Boolean ] # @return [ Boolean ]
def exists_from_response?(response, options = {}) def exists_from_response?(response, options = {})
if [200, 401, 403].include?(response.code) # 301 included as some items do a self-redirect
# Redirects to the 404 and homepage should be ignored (unless dynamic content is used)
# by the page hashes (error_404_hash & homepage_hash)
if [200, 401, 403, 301].include?(response.code)
if response.has_valid_hash?(options[:error_404_hash], options[:homepage_hash]) if response.has_valid_hash?(options[:error_404_hash], options[:homepage_hash])
if options[:exclude_content] if options[:exclude_content]
unless response.body.match(options[:exclude_content]) unless response.body.match(options[:exclude_content])

11
spec/lib/common/browser_spec.rb
View File

@@ -137,7 +137,8 @@ describe Browser do
headers: { 'User-Agent' => 'SomeUA' }, headers: { 'User-Agent' => 'SomeUA' },
ssl_verifypeer: false, ssl_verifyhost: 0, ssl_verifypeer: false, ssl_verifyhost: 0,
cookiejar: cookie_jar, cookiefile: cookie_jar, cookiejar: cookie_jar, cookiefile: cookie_jar,
timeout: 2000, connecttimeout: 1000 timeout: 2000, connecttimeout: 1000,
maxredirs: 3
} }
} }
@@ -187,6 +188,14 @@ describe Browser do
@expected = default_expectation.merge(params) @expected = default_expectation.merge(params)
end end
end end
context 'when the maxredirs is alreday set' do
let(:params) { { maxredirs: 100 } }
it 'does not override it' do
@expected = default_expectation.merge(params)
end
end
end end
describe '#forge_request' do describe '#forge_request' do