Removing URL startWith check prior to scanning

[jamesrthomas1984]

Removed this check - why is it necessary? I found that this was causing issues scanning using SSL and a URL /subdirectory/ - i.e. initiating a scan on https://test.com/en:

url.toExternalForm() is https://test.com:443/en/somepage
baseUrl is https://test.com/en
url.toExternalForm().startsWith(baseUrl) is false

[vmwclabot]

@jamesthomas-redmoon, you must sign our contributor license agreement before your changes are merged. Click here to sign the agreement. If you are a VMware employee, read this for further instruction.

[vmwclabot]

@jamesthomas-redmoon, VMware has approved your signed contributor license agreement.

[dmettem]

@jamesthomas-redmoon Reason for this check is to limit the scan to only those URLs that are from baseUrl instead of every URL that is in site map. If you remove this check, the complete site map that is in scope will be scanned, which is not the intention of this method.

[jamesrthomas1984]

Hi @dmettem -

Isn't "limit the scan to only those URLs that are from baseUrl instead of every URL that is in site map" already achieved by

IHttpRequestResponse[] siteMapInScope = BurpExtender.getInstance().getCallbacks().getSiteMap(baseUrl);

? That's the behaviour I am seeing.

[dmettem]

Hi @jamesthomas-redmoon,

Sorry for not getting back early on this. I think you are right.
Can you please resolve the conflicts and update the pull request? I will merge the commit once the conflicts are resolved.

Thanks for your contribution.

[gangelino]

Hi @jamesthomas-redmoon, we'd love to merge your PR, could you please resolve the conflicts? Thanks!

[jamesrthomas1984]

Hi @gangelino @dmettem I've rebased my change with the latest version of burp-rest-api, note that I've not tested my change with the latest burp-rest-api.