Skip to content

Commit

Permalink
fix: hostname mismatching when using host:port as input
Browse files Browse the repository at this point in the history
  • Loading branch information
@rverton
rverton committed Aug 11, 2022
1 parent cb9f7cb commit f4b6d59
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 35 deletions.
10 changes: 5 additions & 5 deletions webanalyze.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ import (
"github.com/bobesa/go-domain-util/domainutil"
)

const VERSION = "1.0"
const VERSION = "0.3.7"

var (
timeout = 8 * time.Second
Expand Down Expand Up @@ -102,7 +102,7 @@ func (wa *WebAnalyzer) CategoryById(cid string) string {
return wa.appDefs.Cats[cid].Name
}

func fetchHost(host string, client *http.Client) (*http.Response, error) {
func fetchHost(urlStr string, client *http.Client) (*http.Response, error) {
if client == nil {
client = &http.Client{
Timeout: timeout,
Expand All @@ -111,21 +111,21 @@ func fetchHost(host string, client *http.Client) (*http.Response, error) {
Proxy: http.ProxyFromEnvironment,
},
CheckRedirect: func(req *http.Request, via []*http.Request) error {
url, err := url.Parse(host)
url, err := url.Parse(urlStr)
if err != nil {
return http.ErrUseLastResponse
}

// allow redirects from http -> https on the same host
if url.Host != req.URL.Host {
if url.Hostname() != req.URL.Hostname() {
return http.ErrUseLastResponse
}

return nil
},
}
}
req, err := http.NewRequest("GET", host, nil)
req, err := http.NewRequest("GET", urlStr, nil)
if err != nil {
return nil, err
}
Expand Down
30 changes: 0 additions & 30 deletions webanalyze_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,6 @@ package webanalyze

import (
"fmt"
"io/ioutil"
"net/http"
"net/http/httptest"
"net/url"
"strings"
"testing"
Expand Down Expand Up @@ -91,30 +88,3 @@ func TestIsSubdomain(t *testing.T) {
t.Fatalf("%v is not a subdomain of %v (but should be)", u2, u1)
}
}

func TestRedirect(t *testing.T) {
testServer1 := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("should not be reached"))
}))

testServer2 := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, testServer1.URL, http.StatusTemporaryRedirect)
}))

defer func() {
testServer1.Close()
testServer2.Close()
}()

resp, err := fetchHost(testServer2.URL, nil)

if err != nil {
t.Fatal(err)
}

body, _ := ioutil.ReadAll(resp.Body)
if string(body) == "should not be reached" {
t.Error("fetchHost did follow redirect")
}

}

0 comments on commit f4b6d59

Please sign in to comment.