Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upHTTP default port simplification #781
Comments
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
nnposter
Apr 1, 2017
I have identified a number of scripts that could benefit from the same code abstraction.
@dmiller-nmap Do you have any concerns over moving get_default_port() to url.lua to make it consumable outside of http.lua?
nnposter
commented
Apr 1, 2017
|
I have identified a number of scripts that could benefit from the same code abstraction. @dmiller-nmap Do you have any concerns over moving |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
nnposter
Apr 1, 2017
Here is the subsequent patch that moves the function to url.lua. Seems like a nice reduction in code clutter:
--- a/nselib/data/http-default-accounts-fingerprints.lua
+++ b/nselib/data/http-default-accounts-fingerprints.lua
@@ -155,10 +155,8 @@
local parts = tcopy(parsed or {})
parts.host = parts.host or stdnse.get_hostname(host, port)
parts.scheme = parts.scheme or shortport.ssl(host, port) and "https" or "http"
- local pn = parts.port or tostring(port.number)
- if not (parts.scheme == "http" and pn == "80"
- or parts.scheme == "https" and pn == "443") then
- parts.port = pn
+ if not parts.port and port.number ~= url.get_default_port(parts.scheme) then
+ parts.port = tostring(port.number)
end
return parts
end
--- a/nselib/http.lua
+++ b/nselib/http.lua
@@ -158,10 +158,9 @@
end
--- Provide the default port for a given scheme.
-local function get_default_port (scheme)
- local ports = {http=80, https=443}
- return ports[scheme]
-end
+-- The localization is necessary because functions in http.lua like to use
+-- "url" as a local parameter
+local get_default_port = url.get_default_port
--- Get a value suitable for the Host header field.
-- See RFC 2616 sections 14.23 and 5.2.
--- a/nselib/url.lua
+++ b/nselib/url.lua
@@ -373,4 +373,16 @@
return table.concat(qstr, '&')
end
+---
+-- Provides the default port for a given URI scheme.
+--
+-- @param scheme for determining the port, such as "http" or "https".
+-- @return A port number as an integer, such as 443 for scheme "https",
+-- or nil in case of an undefined scheme
+-----------------------------------------------------------------------------
+function get_default_port (scheme)
+ local ports = {http=80, https=443}
+ return ports[(scheme or ""):lower()]
+end
+
return _ENV;
--- a/nselib/httpspider.lua
+++ b/nselib/httpspider.lua
@@ -233,9 +233,7 @@
base_href = base_href .. '/'
end
- if ( ( base_url:getProto() == 'https' and base_url:getPort() == 443 ) or
- ( base_url:getProto() == 'http' and base_url:getPort() == 80 ) ) then
-
+ if base_url:getPort() == url.get_default_port(base_url:getProto()) then
if ( leading_slash ) then
return ("%s://%s/%s"):format(base_url:getProto(), base_url:getHost(), rel_url)
else
@@ -427,14 +425,7 @@
self.proto, self.host, self.port, self.file = self.raw:match("^(http[s]?)://([^:/]*)[:]?(%d*)")
if ( self.proto and self.host ) then
self.file = self.raw:match("^http[s]?://[^:/]*[:]?%d*(/[^#]*)") or '/'
- self.port = tonumber(self.port)
- if ( not(self.port) ) then
- if ( self.proto:match("https") ) then
- self.port = 443
- elseif ( self.proto:match("http")) then
- self.port = 80
- end
- end
+ self.port = tonumber(self.port) or url.get_default_port(self.proto)
self.path = self.file:match("^([^?]*)[%?]?")
self.dir = self.path:match("^(.+%/)") or "/"
--- a/scripts/http-backup-finder.nse
+++ b/scripts/http-backup-finder.nse
@@ -122,13 +122,8 @@
if ( parsed.path:match(".*%.*.$") ) then
-- iterate over possible backup files
for link in backupNames(parsed.path) do
- local host, port = parsed.host, parsed.port
-
- -- if no port was found, try to deduce it from the scheme
- if ( not(port) ) then
- port = (parsed.scheme == 'https') and 443
- port = port or ((parsed.scheme == 'http') and 80)
- end
+ local host = parsed.host
+ local port = parsed.port or url.get_default_port(parsed.scheme)
-- the url.escape doesn't work here as it encodes / to %2F
-- which results in 400 bad request, so we simple do a space
--- a/scripts/http-favicon.nse
+++ b/scripts/http-favicon.nse
@@ -128,21 +128,17 @@
-- host, port, and path if the URL is relative. Return nil if the scheme is not
-- "http" or "https".
function parse_url_relative(u, host, port, path)
- local defaultport, scheme, abspath
+ local scheme, abspath
u = url.parse(u)
scheme = u.scheme or "http"
- if scheme == "http" then
- defaultport = 80
- elseif scheme == "https" then
- defaultport = 443
- else
+ if not (scheme == "http" or scheme == "https") then
return nil
end
abspath = u.path or ""
if not string.find(abspath, "^/") then
abspath = dirname(path) .. "/" .. abspath
end
- return u.host or host, u.port or defaultport, abspath
+ return u.host or host, u.port or url.get_default_port(scheme), abspath
end
function parseIcon( body )
--- a/scripts/http-open-redirect.nse
+++ b/scripts/http-open-redirect.nse
@@ -54,13 +54,7 @@
end
local function getHostPort(parsed)
- local host, port = parsed.host, parsed.port
- -- if no port was found, try to deduce it from the scheme
- if ( not(port) ) then
- port = (parsed.scheme == 'https') and 443
- port = port or ((parsed.scheme == 'http') and 80)
- end
- return host, port
+ return parsed.host, parsed.port or url.get_default_port(parsed.scheme)
end
local function isRedirect(status)
--- a/scripts/http-phpself-xss.nse
+++ b/scripts/http-phpself-xss.nse
@@ -143,12 +143,8 @@
--Only work with .php files
if ( parsed.path and parsed.path:match(".*.php") ) then
- --The following port/scheme code was seen in http-backup-finder and its neat =)
- local host, port = parsed.host, parsed.port
- if ( not(port) ) then
- port = (parsed.scheme == 'https') and 443
- port = port or ((parsed.scheme == 'http') and 80)
- end
+ local host = parsed.host
+ local port = parsed.port or url.get_default_port(parsed.scheme)
local escaped_link = parsed.path:gsub(" ", "%%20")
if launch_probe(host,port,escaped_link) then
table.insert(vulnpages, parsed.scheme..'://'..host..escaped_link..PHP_SELF_PROBE)
--- a/scripts/http-unsafe-output-escaping.nse
+++ b/scripts/http-unsafe-output-escaping.nse
@@ -49,14 +49,9 @@
local dbg = stdnse.debug2
local function getHostPort(parsed)
- local host, port = parsed.host, parsed.port
- -- if no port was found, try to deduce it from the scheme
- if ( not(port) ) then
- port = (parsed.scheme == 'https') and 443
- port = port or ((parsed.scheme == 'http') and 80)
- end
- return host, port
+ return parsed.host, parsed.port or url.get_default_port(parsed.scheme)
end
+
local function getReflected(parsed, r)
local reflected_values,not_reflected_values = {},{}
local count = 0
nnposter
commented
Apr 1, 2017
|
Here is the subsequent patch that moves the function to --- a/nselib/data/http-default-accounts-fingerprints.lua
+++ b/nselib/data/http-default-accounts-fingerprints.lua
@@ -155,10 +155,8 @@
local parts = tcopy(parsed or {})
parts.host = parts.host or stdnse.get_hostname(host, port)
parts.scheme = parts.scheme or shortport.ssl(host, port) and "https" or "http"
- local pn = parts.port or tostring(port.number)
- if not (parts.scheme == "http" and pn == "80"
- or parts.scheme == "https" and pn == "443") then
- parts.port = pn
+ if not parts.port and port.number ~= url.get_default_port(parts.scheme) then
+ parts.port = tostring(port.number)
end
return parts
end
--- a/nselib/http.lua
+++ b/nselib/http.lua
@@ -158,10 +158,9 @@
end
--- Provide the default port for a given scheme.
-local function get_default_port (scheme)
- local ports = {http=80, https=443}
- return ports[scheme]
-end
+-- The localization is necessary because functions in http.lua like to use
+-- "url" as a local parameter
+local get_default_port = url.get_default_port
--- Get a value suitable for the Host header field.
-- See RFC 2616 sections 14.23 and 5.2.
--- a/nselib/url.lua
+++ b/nselib/url.lua
@@ -373,4 +373,16 @@
return table.concat(qstr, '&')
end
+---
+-- Provides the default port for a given URI scheme.
+--
+-- @param scheme for determining the port, such as "http" or "https".
+-- @return A port number as an integer, such as 443 for scheme "https",
+-- or nil in case of an undefined scheme
+-----------------------------------------------------------------------------
+function get_default_port (scheme)
+ local ports = {http=80, https=443}
+ return ports[(scheme or ""):lower()]
+end
+
return _ENV;
--- a/nselib/httpspider.lua
+++ b/nselib/httpspider.lua
@@ -233,9 +233,7 @@
base_href = base_href .. '/'
end
- if ( ( base_url:getProto() == 'https' and base_url:getPort() == 443 ) or
- ( base_url:getProto() == 'http' and base_url:getPort() == 80 ) ) then
-
+ if base_url:getPort() == url.get_default_port(base_url:getProto()) then
if ( leading_slash ) then
return ("%s://%s/%s"):format(base_url:getProto(), base_url:getHost(), rel_url)
else
@@ -427,14 +425,7 @@
self.proto, self.host, self.port, self.file = self.raw:match("^(http[s]?)://([^:/]*)[:]?(%d*)")
if ( self.proto and self.host ) then
self.file = self.raw:match("^http[s]?://[^:/]*[:]?%d*(/[^#]*)") or '/'
- self.port = tonumber(self.port)
- if ( not(self.port) ) then
- if ( self.proto:match("https") ) then
- self.port = 443
- elseif ( self.proto:match("http")) then
- self.port = 80
- end
- end
+ self.port = tonumber(self.port) or url.get_default_port(self.proto)
self.path = self.file:match("^([^?]*)[%?]?")
self.dir = self.path:match("^(.+%/)") or "/"
--- a/scripts/http-backup-finder.nse
+++ b/scripts/http-backup-finder.nse
@@ -122,13 +122,8 @@
if ( parsed.path:match(".*%.*.$") ) then
-- iterate over possible backup files
for link in backupNames(parsed.path) do
- local host, port = parsed.host, parsed.port
-
- -- if no port was found, try to deduce it from the scheme
- if ( not(port) ) then
- port = (parsed.scheme == 'https') and 443
- port = port or ((parsed.scheme == 'http') and 80)
- end
+ local host = parsed.host
+ local port = parsed.port or url.get_default_port(parsed.scheme)
-- the url.escape doesn't work here as it encodes / to %2F
-- which results in 400 bad request, so we simple do a space
--- a/scripts/http-favicon.nse
+++ b/scripts/http-favicon.nse
@@ -128,21 +128,17 @@
-- host, port, and path if the URL is relative. Return nil if the scheme is not
-- "http" or "https".
function parse_url_relative(u, host, port, path)
- local defaultport, scheme, abspath
+ local scheme, abspath
u = url.parse(u)
scheme = u.scheme or "http"
- if scheme == "http" then
- defaultport = 80
- elseif scheme == "https" then
- defaultport = 443
- else
+ if not (scheme == "http" or scheme == "https") then
return nil
end
abspath = u.path or ""
if not string.find(abspath, "^/") then
abspath = dirname(path) .. "/" .. abspath
end
- return u.host or host, u.port or defaultport, abspath
+ return u.host or host, u.port or url.get_default_port(scheme), abspath
end
function parseIcon( body )
--- a/scripts/http-open-redirect.nse
+++ b/scripts/http-open-redirect.nse
@@ -54,13 +54,7 @@
end
local function getHostPort(parsed)
- local host, port = parsed.host, parsed.port
- -- if no port was found, try to deduce it from the scheme
- if ( not(port) ) then
- port = (parsed.scheme == 'https') and 443
- port = port or ((parsed.scheme == 'http') and 80)
- end
- return host, port
+ return parsed.host, parsed.port or url.get_default_port(parsed.scheme)
end
local function isRedirect(status)
--- a/scripts/http-phpself-xss.nse
+++ b/scripts/http-phpself-xss.nse
@@ -143,12 +143,8 @@
--Only work with .php files
if ( parsed.path and parsed.path:match(".*.php") ) then
- --The following port/scheme code was seen in http-backup-finder and its neat =)
- local host, port = parsed.host, parsed.port
- if ( not(port) ) then
- port = (parsed.scheme == 'https') and 443
- port = port or ((parsed.scheme == 'http') and 80)
- end
+ local host = parsed.host
+ local port = parsed.port or url.get_default_port(parsed.scheme)
local escaped_link = parsed.path:gsub(" ", "%%20")
if launch_probe(host,port,escaped_link) then
table.insert(vulnpages, parsed.scheme..'://'..host..escaped_link..PHP_SELF_PROBE)
--- a/scripts/http-unsafe-output-escaping.nse
+++ b/scripts/http-unsafe-output-escaping.nse
@@ -49,14 +49,9 @@
local dbg = stdnse.debug2
local function getHostPort(parsed)
- local host, port = parsed.host, parsed.port
- -- if no port was found, try to deduce it from the scheme
- if ( not(port) ) then
- port = (parsed.scheme == 'https') and 443
- port = port or ((parsed.scheme == 'http') and 80)
- end
- return host, port
+ return parsed.host, parsed.port or url.get_default_port(parsed.scheme)
end
+
local function getReflected(parsed, r)
local reflected_values,not_reflected_values = {},{}
local count = 0 |
nmap-bot
closed this
in
e80976a
Apr 19, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
nnposter commentedMar 19, 2017
There are 3 or 4 separate places in http.lua where a scheme is translated into default ports, typically with a code like this:
The following patch moves this code into a separate function, resulting in substantial code clarity.
(The patch assumes that #766 has been already merged in.)
Please let me know if you have any questions or concerns; otherwise I will commit the patch in a few weeks.