fix raw req single slash issue

[dogancanbakir]

Proposed changes

Closes #4921

$ go run .  -t test_template.yaml -u http://testphp.vulnweb.com/index.php -debug-req

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.2.2

                projectdiscovery.io

[WRN] Found 1 templates loaded with deprecated protocol syntax, update before v3 for continued support.
[INF] Current nuclei version: v3.2.2 (latest)
[INF] Current nuclei-templates version: v9.8.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 85
[INF] Templates loaded for current scan: 1
[WRN] Loaded 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [raw-path-single-slash] Dumped HTTP request for http://testphp.vulnweb.com/index.php

GET /index.php HTTP/1.1
Host: testphp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.79 Safari/537.36
Connection: close
Origin: http://testphp.vulnweb.com/index.php
Accept-Encoding: gzip

[INF] No results found. Better luck next time!

Checklist

• Pull request is created against the dev branch
• All checks passed (lint, unit/integration/regression tests etc.) with my changes
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

[tarunKoyalwar]

• edgecase when request in unsafe

id: raw-path-single-slash

info:
  name: Test RAW HTTP Template with single slash
  author: pdteam
  severity: info

requests:
  - raw:
      - |+
        GET / HTTP/1.1
        Host: {{Hostname}}
        Origin: {{BaseURL}}
    
    unsafe: true

$ ./nuclei -t a.yaml  -u http://testphp.vulnweb.com/test.php -debug-req

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.2.2

		projectdiscovery.io

[WRN] Found 1 templates loaded with deprecated protocol syntax, update before v3 for continued support.
[INF] Current nuclei version: v3.2.2 (latest)
[INF] Current nuclei-templates version: v9.8.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 85
[INF] Templates loaded for current scan: 1
[WRN] Loaded 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [raw-path-single-slash] Dumped HTTP request for http://testphp.vulnweb.com/test.php/

GET /test.php/ HTTP/1.1
Host: testphp.vulnweb.com
Origin: http://testphp.vulnweb.com/test.php

[INF] No results found. Better luck next time!

[tarunKoyalwar]

not related to this PR , but sharing here for context , since we will need to remove IncludeEquals hack we use now

• Query Param = (Equals) inconsistency + issue #4963
• Refactor OrderedParams to fix query param inconsistencies utils#379

[ehsandeep]

More reference - #2377 (comment)

[tarunKoyalwar]

looks like this change broke a existing behaviour ( see: integration test)

$ TESTS="protocols/http/get-sni-unsafe.yaml" ./run.sh 
::group::Build nuclei
::endgroup::
::group::Build nuclei integration-test
::endgroup::
::group::Installing nuclei templates

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.2.2

		projectdiscovery.io

[INF] No new updates found for nuclei templates
::endgroup::
2024/04/02 21:45:42 Could not connect to Docker: cannot connect to Docker endpoint
2024/04/02 21:45:42 Could not start resource: dial unix /var/run/docker.sock: connect: connection refused
skipping test case protocols/http/interactsh.yaml. disabled on darwin.
skipping test case protocols/http/interactsh-stop-at-first-match.yaml. disabled on darwin.
skipping test case protocols/http/default-matcher-condition.yaml. disabled on darwin.
skipping test case protocols/code/ps1-snippet.yaml. disabled on darwin.

   ____    __
  / __/___/ /  ___
 / _// __/ _ \/ _ \
/___/\__/_//_/\___/ v4.10.2
High performance, minimalist Go web framework
https://echo.labstack.com
____________________________________O/_______
                                    O\
./nuclei -t protocols/http/get-sni-unsafe.yaml -target https://127.0.0.1:58421 -sni test -duc -interactions-poll-duration 1 -interactions-cooldown-period 10 -allow-local-file-access -debug
⇨ http server started on 127.0.0.1:8082
[ERR] failed to load provider keys got [uncover:RUNTIME] provider config file .uncover-config/uncover/provider-config.yaml does not exist

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.2.2

		projectdiscovery.io

[WRN] Found 1 templates loaded with deprecated protocol syntax, update before v3 for continued support.
[INF] Current nuclei version: v3.2.2 (outdated)
[INF] Current nuclei-templates version: v9.8.0 (latest)
[INF] New templates added in latest release: 85
[INF] Templates loaded for current scan: 1
[WRN] Loaded 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [basic-unsafe-get] Dumped HTTP request for https://127.0.0.1:58421

GET  HTTP/1.1
Host: 127.0.0.1:58421

[DBG] [basic-unsafe-get] Dumped HTTP response https://127.0.0.1:58421

HTTP/1.1 400 Bad Request
Connection: close
Content-Type: text/plain; charset=utf-8

400 Bad Request
[INF] No results found. Better luck next time!

[✘] Test "protocols/http/get-sni-unsafe.yaml" failed: incorrect number of results: 0 (actual) vs [1] (expected) 
Results:
	

skipping test case protocols/javascript/redis-pass-brute.yaml. disabled on darwin.
skipping test case protocols/javascript/ssh-server-fingerprint.yaml. disabled on darwin.

[tarunKoyalwar]

lgtm !