HTTP default port simplification #781
Comments
|
I have identified a number of scripts that could benefit from the same code abstraction. @dmiller-nmap Do you have any concerns over moving |
|
Here is the subsequent patch that moves the function to --- a/nselib/data/http-default-accounts-fingerprints.lua
+++ b/nselib/data/http-default-accounts-fingerprints.lua
@@ -155,10 +155,8 @@
local parts = tcopy(parsed or {})
parts.host = parts.host or stdnse.get_hostname(host, port)
parts.scheme = parts.scheme or shortport.ssl(host, port) and "https" or "http"
- local pn = parts.port or tostring(port.number)
- if not (parts.scheme == "http" and pn == "80"
- or parts.scheme == "https" and pn == "443") then
- parts.port = pn
+ if not parts.port and port.number ~= url.get_default_port(parts.scheme) then
+ parts.port = tostring(port.number)
end
return parts
end
--- a/nselib/http.lua
+++ b/nselib/http.lua
@@ -158,10 +158,9 @@
end
--- Provide the default port for a given scheme.
-local function get_default_port (scheme)
- local ports = {http=80, https=443}
- return ports[scheme]
-end
+-- The localization is necessary because functions in http.lua like to use
+-- "url" as a local parameter
+local get_default_port = url.get_default_port
--- Get a value suitable for the Host header field.
-- See RFC 2616 sections 14.23 and 5.2.
--- a/nselib/url.lua
+++ b/nselib/url.lua
@@ -373,4 +373,16 @@
return table.concat(qstr, '&')
end
+---
+-- Provides the default port for a given URI scheme.
+--
+-- @param scheme for determining the port, such as "http" or "https".
+-- @return A port number as an integer, such as 443 for scheme "https",
+-- or nil in case of an undefined scheme
+-----------------------------------------------------------------------------
+function get_default_port (scheme)
+ local ports = {http=80, https=443}
+ return ports[(scheme or ""):lower()]
+end
+
return _ENV;
--- a/nselib/httpspider.lua
+++ b/nselib/httpspider.lua
@@ -233,9 +233,7 @@
base_href = base_href .. '/'
end
- if ( ( base_url:getProto() == 'https' and base_url:getPort() == 443 ) or
- ( base_url:getProto() == 'http' and base_url:getPort() == 80 ) ) then
-
+ if base_url:getPort() == url.get_default_port(base_url:getProto()) then
if ( leading_slash ) then
return ("%s://%s/%s"):format(base_url:getProto(), base_url:getHost(), rel_url)
else
@@ -427,14 +425,7 @@
self.proto, self.host, self.port, self.file = self.raw:match("^(http[s]?)://([^:/]*)[:]?(%d*)")
if ( self.proto and self.host ) then
self.file = self.raw:match("^http[s]?://[^:/]*[:]?%d*(/[^#]*)") or '/'
- self.port = tonumber(self.port)
- if ( not(self.port) ) then
- if ( self.proto:match("https") ) then
- self.port = 443
- elseif ( self.proto:match("http")) then
- self.port = 80
- end
- end
+ self.port = tonumber(self.port) or url.get_default_port(self.proto)
self.path = self.file:match("^([^?]*)[%?]?")
self.dir = self.path:match("^(.+%/)") or "/"
--- a/scripts/http-backup-finder.nse
+++ b/scripts/http-backup-finder.nse
@@ -122,13 +122,8 @@
if ( parsed.path:match(".*%.*.$") ) then
-- iterate over possible backup files
for link in backupNames(parsed.path) do
- local host, port = parsed.host, parsed.port
-
- -- if no port was found, try to deduce it from the scheme
- if ( not(port) ) then
- port = (parsed.scheme == 'https') and 443
- port = port or ((parsed.scheme == 'http') and 80)
- end
+ local host = parsed.host
+ local port = parsed.port or url.get_default_port(parsed.scheme)
-- the url.escape doesn't work here as it encodes / to %2F
-- which results in 400 bad request, so we simple do a space
--- a/scripts/http-favicon.nse
+++ b/scripts/http-favicon.nse
@@ -128,21 +128,17 @@
-- host, port, and path if the URL is relative. Return nil if the scheme is not
-- "http" or "https".
function parse_url_relative(u, host, port, path)
- local defaultport, scheme, abspath
+ local scheme, abspath
u = url.parse(u)
scheme = u.scheme or "http"
- if scheme == "http" then
- defaultport = 80
- elseif scheme == "https" then
- defaultport = 443
- else
+ if not (scheme == "http" or scheme == "https") then
return nil
end
abspath = u.path or ""
if not string.find(abspath, "^/") then
abspath = dirname(path) .. "/" .. abspath
end
- return u.host or host, u.port or defaultport, abspath
+ return u.host or host, u.port or url.get_default_port(scheme), abspath
end
function parseIcon( body )
--- a/scripts/http-open-redirect.nse
+++ b/scripts/http-open-redirect.nse
@@ -54,13 +54,7 @@
end
local function getHostPort(parsed)
- local host, port = parsed.host, parsed.port
- -- if no port was found, try to deduce it from the scheme
- if ( not(port) ) then
- port = (parsed.scheme == 'https') and 443
- port = port or ((parsed.scheme == 'http') and 80)
- end
- return host, port
+ return parsed.host, parsed.port or url.get_default_port(parsed.scheme)
end
local function isRedirect(status)
--- a/scripts/http-phpself-xss.nse
+++ b/scripts/http-phpself-xss.nse
@@ -143,12 +143,8 @@
--Only work with .php files
if ( parsed.path and parsed.path:match(".*.php") ) then
- --The following port/scheme code was seen in http-backup-finder and its neat =)
- local host, port = parsed.host, parsed.port
- if ( not(port) ) then
- port = (parsed.scheme == 'https') and 443
- port = port or ((parsed.scheme == 'http') and 80)
- end
+ local host = parsed.host
+ local port = parsed.port or url.get_default_port(parsed.scheme)
local escaped_link = parsed.path:gsub(" ", "%%20")
if launch_probe(host,port,escaped_link) then
table.insert(vulnpages, parsed.scheme..'://'..host..escaped_link..PHP_SELF_PROBE)
--- a/scripts/http-unsafe-output-escaping.nse
+++ b/scripts/http-unsafe-output-escaping.nse
@@ -49,14 +49,9 @@
local dbg = stdnse.debug2
local function getHostPort(parsed)
- local host, port = parsed.host, parsed.port
- -- if no port was found, try to deduce it from the scheme
- if ( not(port) ) then
- port = (parsed.scheme == 'https') and 443
- port = port or ((parsed.scheme == 'http') and 80)
- end
- return host, port
+ return parsed.host, parsed.port or url.get_default_port(parsed.scheme)
end
+
local function getReflected(parsed, r)
local reflected_values,not_reflected_values = {},{}
local count = 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There are 3 or 4 separate places in http.lua where a scheme is translated into default ports, typically with a code like this:
The following patch moves this code into a separate function, resulting in substantial code clarity.
(The patch assumes that #766 has been already merged in.)
Please let me know if you have any questions or concerns; otherwise I will commit the patch in a few weeks.
The text was updated successfully, but these errors were encountered: