foglar/ffuff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added additional proxy URL verification (#574)

Browse Source 
* Added additional proxy URL verification

* Update pkg/ffuf/optionsparser.go

Co-authored-by: Joona Hoikkala <joohoi@users.noreply.github.com>

---------

Co-authored-by: Joona Hoikkala <joohoi@users.noreply.github.com>
This commit is contained in:
DoI 2023-02-03 20:09:29 +13:00 committed by GitHub
parent bbb97abff9
commit 39c89344a0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 101 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/ffuf/optionsparser.go
View File

@ -374,9 +374,9 @@ func ConfigFromOptions(parseOpts *ConfigOptions, ctx context.Context, cancel con
// Verify proxy url format // Verify proxy url format
if len(parseOpts.HTTP.ProxyURL) > 0 { if len(parseOpts.HTTP.ProxyURL) > 0 {
_, err := url.Parse(parseOpts.HTTP.ProxyURL) u, err := url.Parse(parseOpts.HTTP.ProxyURL)
if err != nil { if err != nil || u.Opaque != "" || (u.Scheme != "http" && u.Scheme != "https" && u.Scheme != "socks5") {
errs.Add(fmt.Errorf("Bad proxy url (-x) format: %s", err)) errs.Add(fmt.Errorf("Bad proxy url (-x) format. Expected http, https or socks5 url"))
} else { } else {
conf.ProxyURL = parseOpts.HTTP.ProxyURL conf.ProxyURL = parseOpts.HTTP.ProxyURL
} }
@ -384,9 +384,9 @@ func ConfigFromOptions(parseOpts *ConfigOptions, ctx context.Context, cancel con
// Verify replayproxy url format // Verify replayproxy url format
if len(parseOpts.HTTP.ReplayProxyURL) > 0 { if len(parseOpts.HTTP.ReplayProxyURL) > 0 {
_, err := url.Parse(parseOpts.HTTP.ReplayProxyURL) u, err := url.Parse(parseOpts.HTTP.ReplayProxyURL)
if err != nil { if err != nil || u.Opaque != "" || (u.Scheme != "http" && u.Scheme != "https" && u.Scheme != "socks5" && u.Scheme != "socks5h") {
errs.Add(fmt.Errorf("Bad replay-proxy url (-replay-proxy) format: %s", err)) errs.Add(fmt.Errorf("Bad replay-proxy url (-replay-proxy) format. Expected http, https or socks5 url"))
} else { } else {
conf.ReplayProxyURL = parseOpts.HTTP.ReplayProxyURL conf.ReplayProxyURL = parseOpts.HTTP.ReplayProxyURL
} }

95
pkg/ffuf/optionsparser_test.go
View File

@ -1,6 +1,7 @@
package ffuf package ffuf
import ( import (
"strings"
"testing" "testing"
) )
@ -83,3 +84,97 @@ func TestTemplatePresent(t *testing.T) {
t.Errorf("Expected-bad config (Header key) failed validation") t.Errorf("Expected-bad config (Header key) failed validation")
} }
} }
func TestProxyParsing(t *testing.T) {
configOptions := NewConfigOptions()
errorString := "Bad proxy url (-x) format. Expected http, https or socks5 url"
// http should work
configOptions.HTTP.ProxyURL = "http://127.0.0.1:8080"
_, err := ConfigFromOptions(configOptions, nil, nil)
if strings.Contains(err.Error(), errorString) {
t.Errorf("Expected http proxy string to work")
}
// https should work
configOptions.HTTP.ProxyURL = "https://127.0.0.1"
_, err = ConfigFromOptions(configOptions, nil, nil)
if strings.Contains(err.Error(), errorString) {
t.Errorf("Expected https proxy string to work")
}
// socks5 should work
configOptions.HTTP.ProxyURL = "socks5://127.0.0.1"
_, err = ConfigFromOptions(configOptions, nil, nil)
if strings.Contains(err.Error(), errorString) {
t.Errorf("Expected socks5 proxy string to work")
}
// garbage data should FAIL
configOptions.HTTP.ProxyURL = "Y0 y0 it's GREASE"
_, err = ConfigFromOptions(configOptions, nil, nil)
if !strings.Contains(err.Error(), errorString) {
t.Errorf("Expected garbage proxy string to fail")
}
// Opaque URLs with the right scheme should FAIL
configOptions.HTTP.ProxyURL = "http:sixhours@dungeon"
_, err = ConfigFromOptions(configOptions, nil, nil)
if !strings.Contains(err.Error(), errorString) {
t.Errorf("Expected opaque proxy string to fail")
}
// Unsupported protocols should FAIL
configOptions.HTTP.ProxyURL = "imap://127.0.0.1"
_, err = ConfigFromOptions(configOptions, nil, nil)
if !strings.Contains(err.Error(), errorString) {
t.Errorf("Expected proxy string with unsupported protocol to fail")
}
}
func TestReplayProxyParsing(t *testing.T) {
configOptions := NewConfigOptions()
errorString := "Bad replay-proxy url (-replay-proxy) format. Expected http, https or socks5 url"
// http should work
configOptions.HTTP.ReplayProxyURL = "http://127.0.0.1:8080"
_, err := ConfigFromOptions(configOptions, nil, nil)
if strings.Contains(err.Error(), errorString) {
t.Errorf("Expected http replay proxy string to work")
}
// https should work
configOptions.HTTP.ReplayProxyURL = "https://127.0.0.1"
_, err = ConfigFromOptions(configOptions, nil, nil)
if strings.Contains(err.Error(), errorString) {
t.Errorf("Expected https proxy string to work")
}
// socks5 should work
configOptions.HTTP.ReplayProxyURL = "socks5://127.0.0.1"
_, err = ConfigFromOptions(configOptions, nil, nil)
if strings.Contains(err.Error(), errorString) {
t.Errorf("Expected socks5 proxy string to work")
}
// garbage data should FAIL
configOptions.HTTP.ReplayProxyURL = "Y0 y0 it's GREASE"
_, err = ConfigFromOptions(configOptions, nil, nil)
if !strings.Contains(err.Error(), errorString) {
t.Errorf("Expected garbage proxy string to fail")
}
// Opaque URLs with the right scheme should FAIL
configOptions.HTTP.ReplayProxyURL = "http:sixhours@dungeon"
_, err = ConfigFromOptions(configOptions, nil, nil)
if !strings.Contains(err.Error(), errorString) {
t.Errorf("Expected opaque proxy string to fail")
}
// Unsupported protocols should FAIL
configOptions.HTTP.ReplayProxyURL = "imap://127.0.0.1"
_, err = ConfigFromOptions(configOptions, nil, nil)
if !strings.Contains(err.Error(), errorString) {
t.Errorf("Expected proxy string with unsupported protocol to fail")
}
}