Skip to content

Commit

Permalink
fix(httpclientpool): rebuild malformed Location URL
Browse files Browse the repository at this point in the history
Signed-off-by: Dwi Siswanto <[email protected]>
  • Loading branch information
dwisiswant0 committed Dec 11, 2024
1 parent c731126 commit 2926a98
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 2 deletions.
30 changes: 28 additions & 2 deletions pkg/protocols/http/httpclientpool/clientpool.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package httpclientpool
import (
"context"
"crypto/tls"
"fmt"
"net"
"net/http"
"net/http/cookiejar"
Expand All @@ -17,14 +18,15 @@ import (
"golang.org/x/net/publicsuffix"

"github.com/projectdiscovery/fastdialer/fastdialer/ja3/impersonate"
"github.com/projectdiscovery/nuclei/v3/pkg/prothttpclientpoolocols/common/protocolstate"
"github.com/projectdiscovery/nuclei/v3/pkg/protocols"
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/utils"
"github.com/projectdiscovery/nuclei/v3/pkg/types"
"github.com/projectdiscovery/nuclei/v3/pkg/types/scanstrategy"
"github.com/projectdiscovery/rawhttp"
"github.com/projectdiscovery/retryablehttp-go"
mapsutil "github.com/projectdiscovery/utils/maps"
urlutil "github.com/projectdiscovery/utils/url"
)

var (
Expand Down Expand Up @@ -377,7 +379,7 @@ func makeCheckRedirectFunc(redirectType RedirectFlow, maxRedirects int) checkRed
}
}

func checkMaxRedirects(_ *http.Request, via []*http.Request, maxRedirects int) error {
func checkMaxRedirects(req *http.Request, via []*http.Request, maxRedirects int) error {
if maxRedirects == 0 {
if len(via) > defaultMaxRedirects {
return http.ErrUseLastResponse
Expand All @@ -388,5 +390,29 @@ func checkMaxRedirects(_ *http.Request, via []*http.Request, maxRedirects int) e
if len(via) > maxRedirects {
return http.ErrUseLastResponse
}

// NOTE(dwisiswant0): rebuild request URL. See #5900.
if u := req.URL.String(); !isURLEncoded(u) {
parsed, err := urlutil.Parse(u)
if err != nil {
return fmt.Errorf("%w: %w", ErrRebuildURL, err)
}

req.URL = parsed.URL
}

return nil
}

// isURLEncoded is an helper function to check if the URL is already encoded
//
// NOTE(dwisiswant0): shall we move this under `projectdiscovery/utils/urlutil`?
func isURLEncoded(s string) bool {
decoded, err := url.QueryUnescape(s)
if err != nil {
// If decoding fails, it may indicate a malformed URL/invalid encoding.
return false
}

return decoded != s
}
7 changes: 7 additions & 0 deletions pkg/protocols/http/httpclientpool/errors.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
package httpclientpool

import "errors"

var (
ErrRebuildURL = errors.New("could not rebuild request URL")
)

0 comments on commit 2926a98

Please sign in to comment.