librex 0.0.68 → 0.0.70

data/lib/rex/proto/http/request.rb

@@ -13,342 +13,339 @@ module Http
 ###
 class Request < Packet
 
-	PostRequests = ['POST', 'SEARCH']
-
-	##
-	#
-	# Some individual request types.
-	#
-	##
-
-	#
-	# HTTP GET request class wrapper.
-	#
-	class Get < Request
-		def initialize(uri = '/', proto = DefaultProtocol)
-			super('GET', uri, proto)
-		end
-	end
-
-	#
-	# HTTP POST request class wrapper.
-	#
-	class Post < Request
-		def initialize(uri = '/', proto = DefaultProtocol)
-			super('POST', uri, proto)
-		end
-	end
-
-	#
-	# HTTP PUT request class wrapper.
-	#
-	class Put < Request
-		def initialize(uri = '/', proto = DefaultProtocol)
-			super('PUT', uri, proto)
-		end
-	end
-
-	#
-	# Initializes an instance of an HTTP request with the supplied method, URI,
-	# and protocol.
-	#
-	def initialize(method = 'GET', uri = '/', proto = DefaultProtocol)
-		super()
-
-		self.method    = method
-		self.raw_uri   = uri
-		self.uri_parts = {}
-		self.proto     = proto || DefaultProtocol
-		self.chunk_min_size = 1
-		self.chunk_max_size = 10
-		self.uri_encode_mode = 'hex-normal'
-
-		update_uri_parts
-	end
-
-	#
-	# Updates the command parts for this specific packet type.
-	#
-	def update_cmd_parts(str)
-		if (md = str.match(/^(.+?)\s+(.+?)\s+HTTP\/(.+?)\r?\n?$/))
-			self.method  = md[1]
-			self.raw_uri = URI.decode(md[2])
-			self.proto   = md[3]
-
-			update_uri_parts
-		else
-			raise RuntimeError, "Invalid request command string", caller
-		end
-	end
-
-	#
-	# Split the URI into the resource being requested and its query string.
-	#
-	def update_uri_parts
-		# If it has a query string, get the parts.
-		if ((self.raw_uri) and (md = self.raw_uri.match(/(.+?)\?(.*)$/)))
-			self.uri_parts['QueryString'] = parse_cgi_qstring(md[2])
-			self.uri_parts['Resource']    = md[1]
-		# Otherwise, just assume that the URI is equal to the resource being
-		# requested.
-		else
-			self.uri_parts['QueryString'] = {}
-			self.uri_parts['Resource']    = self.raw_uri
-		end
-
-		self.normalize!(resource)
-		# Set the relative resource to the actual resource.
-		self.relative_resource = resource
-	end
-
-	# normalize out multiple slashes, directory traversal, and self referrential directories
-	def normalize!(str)
-		i = 0
-		while (str.gsub!(/(\/\.\/|\/\w+\/\.\.\/|\/\/)/,'/')); i += 1; end
-		i
-	end
-
-	# Puts a URI back together based on the URI parts
-	def uri
-		str = self.uri_parts['Resource'].dup || '/'
-
-		# /././././
-		if self.junk_self_referring_directories
-			str.gsub!(/\//) {
-				'/.' * (rand(3) + 1) + '/'
-			}
-		end
-
-		# /%3faaa=bbbbb
-		# which could possibly decode to "/?aaa=bbbbb", which if the IDS normalizes first, then splits the URI on ?, then it can be bypassed
-		if self.junk_param_start
-			str.sub!(/\//, '/%3f' + Rex::Text.rand_text_alpha(rand(5) + 1) + '=' + Rex::Text.rand_text_alpha(rand(10) + 1) + '/../')
-		end
-
-		# /RAND/../RAND../
-		if self.junk_directories
-			str.gsub!(/\//) {
-				dirs = ''
-				(rand(5)+5).times {
-					dirs << '/' + Rex::Text.rand_text_alpha(rand(5) + 1) + '/..'
-				}
-				dirs + '/'
-			}
-		end
-
-		# ////
-		#
-		# NOTE: this must be done after all other odd directory junk, since they would cancel this out, except junk_end_of_uri, since that a specific slash in a specific place
-		if self.junk_slashes
-			str.gsub!(/\//) {
-				'/' * (rand(3) + 2)
-			}
-			str.sub!(/^[\/]+/, '/') # only one beginning slash!
-		end
-
-		# /%20HTTP/1.0%0d%0a/../../
-		# which decodes to "/ HTTP/1.0\r\n"
-		if self.junk_end_of_uri
-			str.sub!(/^\//, '/%20HTTP/1.0%0d%0a/../../')
-		end
-
-		Rex::Text.uri_encode(str, self.uri_encode_mode)
-
-		if !PostRequests.include?(self.method)
-			if param_string.size > 0
-				str << '?' + param_string
-			end
-		end
-		str
-	end
-
-	def param_string
-		params=[]
-		self.uri_parts['QueryString'].each_pair { |param, value|
-			# inject a random number of params in between each param
-			if self.junk_params
-				rand(10)+5.times {
-					params.push(Rex::Text.rand_text_alpha(rand(16) + 5) + '=' + Rex::Text.rand_text_alpha(rand(10) + 1))
-				}
-			end
-			if value.kind_of?(Array)
-				value.each { |subvalue|
+  PostRequests = ['POST', 'SEARCH']
+
+  ##
+  #
+  # Some individual request types.
+  #
+  ##
+
+  #
+  # HTTP GET request class wrapper.
+  #
+  class Get < Request
+    def initialize(uri = '/', proto = DefaultProtocol)
+      super('GET', uri, proto)
+    end
+  end
+
+  #
+  # HTTP POST request class wrapper.
+  #
+  class Post < Request
+    def initialize(uri = '/', proto = DefaultProtocol)
+      super('POST', uri, proto)
+    end
+  end
+
+  #
+  # HTTP PUT request class wrapper.
+  #
+  class Put < Request
+    def initialize(uri = '/', proto = DefaultProtocol)
+      super('PUT', uri, proto)
+    end
+  end
+
+  #
+  # Initializes an instance of an HTTP request with the supplied method, URI,
+  # and protocol.
+  #
+  def initialize(method = 'GET', uri = '/', proto = DefaultProtocol)
+    super()
+
+    self.method    = method
+    self.raw_uri   = uri
+    self.uri_parts = {}
+    self.proto     = proto || DefaultProtocol
+    self.chunk_min_size = 1
+    self.chunk_max_size = 10
+    self.uri_encode_mode = 'hex-normal'
+
+    update_uri_parts
+  end
+
+  #
+  # Updates the command parts for this specific packet type.
+  #
+  def update_cmd_parts(str)
+    if (md = str.match(/^(.+?)\s+(.+?)\s+HTTP\/(.+?)\r?\n?$/))
+      self.method  = md[1]
+      self.raw_uri = URI.decode(md[2])
+      self.proto   = md[3]
+
+      update_uri_parts
+    else
+      raise RuntimeError, "Invalid request command string", caller
+    end
+  end
+
+  #
+  # Split the URI into the resource being requested and its query string.
+  #
+  def update_uri_parts
+    # If it has a query string, get the parts.
+    if ((self.raw_uri) and (md = self.raw_uri.match(/(.+?)\?(.*)$/)))
+      self.uri_parts['QueryString'] = parse_cgi_qstring(md[2])
+      self.uri_parts['Resource']    = md[1]
+    # Otherwise, just assume that the URI is equal to the resource being
+    # requested.
+    else
+      self.uri_parts['QueryString'] = {}
+      self.uri_parts['Resource']    = self.raw_uri
+    end
+
+    self.normalize!(resource)
+    # Set the relative resource to the actual resource.
+    self.relative_resource = resource
+  end
+
+  # normalize out multiple slashes, directory traversal, and self referrential directories
+  def normalize!(str)
+    i = 0
+    while (str.gsub!(/(\/\.\/|\/\w+\/\.\.\/|\/\/)/,'/')); i += 1; end
+    i
+  end
+
+  # Puts a URI back together based on the URI parts
+  def uri
+    str = self.uri_parts['Resource'].dup || '/'
+
+    # /././././
+    if self.junk_self_referring_directories
+      str.gsub!(/\//) {
+        '/.' * (rand(3) + 1) + '/'
+      }
+    end
+
+    # /%3faaa=bbbbb
+    # which could possibly decode to "/?aaa=bbbbb", which if the IDS normalizes first, then splits the URI on ?, then it can be bypassed
+    if self.junk_param_start
+      str.sub!(/\//, '/%3f' + Rex::Text.rand_text_alpha(rand(5) + 1) + '=' + Rex::Text.rand_text_alpha(rand(10) + 1) + '/../')
+    end
+
+    # /RAND/../RAND../
+    if self.junk_directories
+      str.gsub!(/\//) {
+        dirs = ''
+        (rand(5)+5).times {
+          dirs << '/' + Rex::Text.rand_text_alpha(rand(5) + 1) + '/..'
+        }
+        dirs + '/'
+      }
+    end
+
+    # ////
+    #
+    # NOTE: this must be done after all other odd directory junk, since they would cancel this out, except junk_end_of_uri, since that a specific slash in a specific place
+    if self.junk_slashes
+      str.gsub!(/\//) {
+        '/' * (rand(3) + 2)
+      }
+      str.sub!(/^[\/]+/, '/') # only one beginning slash!
+    end
+
+    # /%20HTTP/1.0%0d%0a/../../
+    # which decodes to "/ HTTP/1.0\r\n"
+    if self.junk_end_of_uri
+      str.sub!(/^\//, '/%20HTTP/1.0%0d%0a/../../')
+    end
+
+    Rex::Text.uri_encode(str, self.uri_encode_mode)
+
+    if !PostRequests.include?(self.method)
+      if param_string.size > 0
+        str << '?' + param_string
+      end
+    end
+    str
+  end
+
+  def param_string
+    params=[]
+    self.uri_parts['QueryString'].each_pair { |param, value|
+      # inject a random number of params in between each param
+      if self.junk_params
+        rand(10)+5.times {
+          params.push(Rex::Text.rand_text_alpha(rand(16) + 5) + '=' + Rex::Text.rand_text_alpha(rand(10) + 1))
+        }
+      end
+      if value.kind_of?(Array)
+        value.each { |subvalue|
     				params.push(Rex::Text.uri_encode(param, self.uri_encode_mode) + '=' + Rex::Text.uri_encode(subvalue, self.uri_encode_mode))
-				}
-			else
-				if !value.nil?
-					params.push(Rex::Text.uri_encode(param, self.uri_encode_mode) + '=' + Rex::Text.uri_encode(value, self.uri_encode_mode))
-				else
-					params.push(Rex::Text.uri_encode(param, self.uri_encode_mode))
-				end
-			end
-		}
-
-		# inject some junk params at the end of the param list, just to be sure :P
-		if self.junk_params
-			rand(10)+5.times {
-				params.push(Rex::Text.rand_text_alpha(rand(32) + 5) + '=' + Rex::Text.rand_text_alpha(rand(64) + 5))
-			}
-		end
-		params.join('&')
-	end
-
-	# Updates the underlying URI structure
-	def uri=(str)
-		self.raw_uri = str
-		update_uri_parts
-	end
-
-	# Returns a request packet
-	def to_s
-		str = ''
-		if self.junk_pipeline
-			host = ''
-			if self.headers['Host']
-				host = "Host: #{self.headers['Host']}\r\n"
-			end
-			str << "GET / HTTP/1.1\r\n#{host}Connection: Keep-Alive\r\n\r\n" * self.junk_pipeline
-			self.headers['Connection'] = 'Closed'
-		end
-		str + super
-	end
-
-	def body
-		str = super || ''
-		if str.length > 0
-			return str
-		end
-
-		if PostRequests.include?(self.method)
-			return param_string
-		end
-		''
-	end
-
-	#
-	# Returns the command string derived from the three values.
-	#
-	def cmd_string
-		proto_str = (self.proto =~ /^\d/) ? "HTTP/#{self.proto}" : self.proto
-
-		"#{self.method} #{self.uri} #{proto_str}\r\n"
-	end
-
-	#
-	# Returns the resource that is being requested.
-	#
-	def resource
-		self.uri_parts['Resource']
-	end
-
-	#
-	# Changes the resource URI.  This is used when making a request relative to
-	# a given mount point.
-	#
-	def resource=(rsrc)
-		self.uri_parts['Resource'] = rsrc
-	end
-
-	#
-	# If there were CGI parameters in the URI, this will hold a hash of each
-	# variable to value.  If there is more than one value for a given variable,
-	# an array of each value is returned.
-	#
-	def qstring
-		self.uri_parts['QueryString']
-	end
-
-	#
-	# Returns a hash of variables that contain information about the request,
-	# such as the remote host information.
-	#
-	# TODO
-	#
-	def meta_vars
-	end
-
-	#
-	# The method being used for the request (e.g. GET).
-	#
-	attr_accessor :method
-	#
-	# The raw URI being requested, before any mucking gets to it
-	#
-	attr_accessor :raw_uri
-
-	#
-	# The split up parts of the URI.
-	#
-	attr_accessor :uri_parts
-	#
-	# The protocol to be sent with the request.
-	#
-	attr_accessor :proto
-
-	#
-	# The resource path relative to the root of a server mount point.
-	#
-	attr_accessor :relative_resource
-
-	# add junk directories
-	attr_accessor :junk_directories
-
-	# add junk slashes
-	attr_accessor :junk_slashes
-
-	# add junk self referring directories (aka  /././././)
-	attr_accessor :junk_self_referring_directories
-
-	# add junk params
-	attr_accessor :junk_params
-
-	# add junk pipeline requests
-	attr_accessor :junk_pipeline
-
-	# add junk start of params
-	attr_accessor :junk_param_start
-
-	# add junk end of URI
-	attr_accessor :junk_end_of_uri
-
-	# encoding uri
-	attr_accessor :uri_encode_mode
-
-
-protected
-
-	#
-	# Parses a CGI query string into the var/val combinations.
-	#
-	def parse_cgi_qstring(str)
-		qstring = {}
-
-		# Delimit on each variable
-		str.split(/[;&]/).each { |vv|
-			var = vv
-			val = ''
-
-			if (md = vv.match(/(.+?)=(.*)/))
-				var = md[1]
-				val = md[2]
-			end
-
-			# Add the item to the hash with logic to convert values to an array
-			# if so desired.
-			if (qstring.include?(var))
-				if (qstring[var].kind_of?(Array))
-					qstring[var] << val
-				else
-					curr = self.qstring[var]
-					qstring[var] = [ curr, val ]
-				end
-			else
-				qstring[var] = val
-			end
-		}
-
-		return qstring
-	end
+        }
+      else
+        if !value.nil?
+          params.push(Rex::Text.uri_encode(param, self.uri_encode_mode) + '=' + Rex::Text.uri_encode(value, self.uri_encode_mode))
+        else
+          params.push(Rex::Text.uri_encode(param, self.uri_encode_mode))
+        end
+      end
+    }
+
+    # inject some junk params at the end of the param list, just to be sure :P
+    if self.junk_params
+      rand(10)+5.times {
+        params.push(Rex::Text.rand_text_alpha(rand(32) + 5) + '=' + Rex::Text.rand_text_alpha(rand(64) + 5))
+      }
+    end
+    params.join('&')
+  end
+
+  # Updates the underlying URI structure
+  def uri=(str)
+    self.raw_uri = str
+    update_uri_parts
+  end
+
+  # Returns a request packet
+  def to_s
+    str = ''
+    if self.junk_pipeline
+      host = ''
+      if self.headers['Host']
+        host = "Host: #{self.headers['Host']}\r\n"
+      end
+      str << "GET / HTTP/1.1\r\n#{host}Connection: Keep-Alive\r\n\r\n" * self.junk_pipeline
+      self.headers['Connection'] = 'Closed'
+    end
+    str + super
+  end
+
+  def body
+    str = super || ''
+    if str.length > 0
+      return str
+    end
+
+    if PostRequests.include?(self.method)
+      return param_string
+    end
+    ''
+  end
+
+  #
+  # Returns the command string derived from the three values.
+  #
+  def cmd_string
+    proto_str = (self.proto =~ /^\d/) ? "HTTP/#{self.proto}" : self.proto
+
+    "#{self.method} #{self.uri} #{proto_str}\r\n"
+  end
+
+  #
+  # Returns the resource that is being requested.
+  #
+  def resource
+    self.uri_parts['Resource']
+  end
+
+  #
+  # Changes the resource URI.  This is used when making a request relative to
+  # a given mount point.
+  #
+  def resource=(rsrc)
+    self.uri_parts['Resource'] = rsrc
+  end
+
+  #
+  # If there were CGI parameters in the URI, this will hold a hash of each
+  # variable to value.  If there is more than one value for a given variable,
+  # an array of each value is returned.
+  #
+  def qstring
+    self.uri_parts['QueryString']
+  end
+
+  #
+  # Returns a hash of variables that contain information about the request,
+  # such as the remote host information.
+  #
+  # TODO
+  #
+  def meta_vars
+  end
+
+  #
+  # The method being used for the request (e.g. GET).
+  #
+  attr_accessor :method
+  #
+  # The raw URI being requested, before any mucking gets to it
+  #
+  attr_accessor :raw_uri
+
+  #
+  # The split up parts of the URI.
+  #
+  attr_accessor :uri_parts
+  #
+  # The protocol to be sent with the request.
+  #
+  attr_accessor :proto
+
+  #
+  # The resource path relative to the root of a server mount point.
+  #
+  attr_accessor :relative_resource
+
+  # add junk directories
+  attr_accessor :junk_directories
+
+  # add junk slashes
+  attr_accessor :junk_slashes
+
+  # add junk self referring directories (aka  /././././)
+  attr_accessor :junk_self_referring_directories
+
+  # add junk params
+  attr_accessor :junk_params
+
+  # add junk pipeline requests
+  attr_accessor :junk_pipeline
+
+  # add junk start of params
+  attr_accessor :junk_param_start
+
+  # add junk end of URI
+  attr_accessor :junk_end_of_uri
+
+  # encoding uri
+  attr_accessor :uri_encode_mode
+
+  #
+  # Parses a CGI query string into the var/val combinations.
+  #
+  def parse_cgi_qstring(str)
+    qstring = {}
+
+    # Delimit on each variable
+    str.split(/[;&]/).each { |vv|
+      var = vv
+      val = ''
+
+      if (md = vv.match(/(.+?)=(.*)/))
+        var = md[1]
+        val = md[2]
+      end
+
+      # Add the item to the hash with logic to convert values to an array
+      # if so desired.
+      if (qstring.include?(var))
+        if (qstring[var].kind_of?(Array))
+          qstring[var] << val
+        else
+          curr = self.qstring[var]
+          qstring[var] = [ curr, val ]
+        end
+      else
+        qstring[var] = val
+      end
+    }
+
+    return qstring
+  end
 
 end