normalize_uri fixes (double slashes and trailing slash) #1397
Conversation
This will make sure all the double slashes are gone. Also, the function description is updated to clarify its purpose.
These modules require the target URI to be a directory path. So if you remove the trailing slash, the web server might return a 301 or 404 instead of 200. Related to: [SeeRM: rapid7#7727]
| @@ -218,7 +218,7 @@ def run_host(ip) | |||
|
|
|||
| #Get GlassFish version | |||
| edition, version, banner = get_version(res) | |||
| path = normalize_uri(datastore['PATH']) | |||
| path = normalize_uri(target_uri) | |||
There was a problem hiding this comment.
target_uri is a URI object. You probably wanted target_uri.path
|
You're sure it wouldn't be better to just return the old behavior? End with at most one slash, if the TARGET_URI ends with a slash? I feel like the last change that forced dropping slashes was wrong, now. |
|
It restores the old "//" typos but that's the module's problem, not really the normalizer's problem. No? |
|
Egypt and I talked about this problem. Basically, if you go back to the old behavior, you risk having double slashes. If you use normalize_uri(), a missing trailing slash when by default is needed can cause the module to malfunction, too. You are stuck between a rock, and a hard place. I feel like this is the most ideal thing to do because many modules already check if there's a missing trailing slash after it's normalized. Although this kind of remedies our current problem, we'll have to rethink how a URI string should be handled. At one point we even talked about having a URI.join(), kinda like File.join(), for joining URIs. |
|
This is all covered with some pretty exhaustive rspec tests, turns out: Thanks @limhoff-r7 ! |
normalize_uri fixes (double slashes and trailing slash)
This pull request fixes mainly two issues:
Related to the following ticket:
http://dev.metasploit.com/redmine/issues/7727#change-34153