foglar/ffuff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

pkg/ffuf: fix panic in Windows when parsing wordlist flag (#335)

Browse Source 
This change addresses two panics that happened while parsing the provided
wordlist flag in Windows systems.

- pkg/ffuf/util.go:40: panic happened when the provided path was
invalid. Example: ".\wordlist.txt:" as the os.Stat call returned an
error different than os.ErrNotExist.

- pkg/ffuf/optionsparser.go:179: panic happened when the provided value
did not existed and did not contain a colon character. Example:
".\asdf.txt" when the local file ".\asdf.txt" did not exist. This panic
happened due to strings.LastIndex returning -1 when the provided
substring does not appear. Therefore, v[:-1] panicking.

Fixes #333

Signed-off-by: Miguel Ángel Jimeno <miguelangel4b@gmail.com>
This commit is contained in:
M. Ángel Jimeno 2020-10-26 22:43:09 +01:00 committed by GitHub
parent 5b00f2b4e1
commit c6a6293499
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -14,6 +14,7 @@
- Fixed the issue where the option -ac was overwriting existing filters. Now auto-calibration will add them where needed. - Fixed the issue where the option -ac was overwriting existing filters. Now auto-calibration will add them where needed.
- The `-w` flag now accepts comma delimited values in the form of `file1:W1,file2:W2`. - The `-w` flag now accepts comma delimited values in the form of `file1:W1,file2:W2`.
- Links in the HTML report are now clickable - Links in the HTML report are now clickable
- Fixed panic during wordlist flag parsing in Windows systems.
- v1.1.0 - v1.1.0
- New - New

6
pkg/ffuf/optionsparser.go
View File

@ -176,7 +176,11 @@ func ConfigFromOptions(parseOpts *ConfigOptions, ctx context.Context, cancel con
// The wordlist was supplied without a keyword parameter // The wordlist was supplied without a keyword parameter
wl = []string{v} wl = []string{v}
} else { } else {
filepart := v[:strings.LastIndex(v, ":")] filepart := v
if strings.Contains(filepart, ":") {
filepart = v[:strings.LastIndex(filepart, ":")]
}
if FileExists(filepart) { if FileExists(filepart) {
wl = []string{filepart, v[strings.LastIndex(v, ":")+1:]} wl = []string{filepart, v[strings.LastIndex(v, ":")+1:]}
} else { } else {

6
pkg/ffuf/util.go
View File

@ -31,11 +31,13 @@ func UniqStringSlice(inslice []string) []string {
return ret return ret
} }
//FileExists checks if the filepath exists and is not a directory //FileExists checks if the filepath exists and is not a directory.
//Returns false in case it's not possible to describe the named file.
func FileExists(path string) bool { func FileExists(path string) bool {
md, err := os.Stat(path) md, err := os.Stat(path)
if os.IsNotExist(err) { if err != nil {
return false return false
} }
return !md.IsDir() return !md.IsDir()
} }