New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
normalize_uri fixes (double slashes and trailing slash) #1397
Conversation
This will make sure all the double slashes are gone. Also, the function description is updated to clarify its purpose.
These modules require the target URI to be a directory path. So if you remove the trailing slash, the web server might return a 301 or 404 instead of 200. Related to: [SeeRM: rapid7#7727]
@@ -218,7 +218,7 @@ def run_host(ip) | |||
|
|||
#Get GlassFish version | |||
edition, version, banner = get_version(res) | |||
path = normalize_uri(datastore['PATH']) | |||
path = normalize_uri(target_uri) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
target_uri
is a URI object. You probably wanted target_uri.path
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup, fixed.
You're sure it wouldn't be better to just return the old behavior? End with at most one slash, if the TARGET_URI ends with a slash? I feel like the last change that forced dropping slashes was wrong, now. |
It restores the old "//" typos but that's the module's problem, not really the normalizer's problem. No? |
Egypt and I talked about this problem. Basically, if you go back to the old behavior, you risk having double slashes. If you use normalize_uri(), a missing trailing slash when by default is needed can cause the module to malfunction, too. You are stuck between a rock, and a hard place. I feel like this is the most ideal thing to do because many modules already check if there's a missing trailing slash after it's normalized. Although this kind of remedies our current problem, we'll have to rethink how a URI string should be handled. At one point we even talked about having a URI.join(), kinda like File.join(), for joining URIs. |
This is all covered with some pretty exhaustive rspec tests, turns out:
Thanks @limhoff-r7 ! |
normalize_uri fixes (double slashes and trailing slash)
This pull request fixes mainly two issues:
Related to the following ticket:
http://dev.metasploit.com/redmine/issues/7727#change-34153