Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [patch] Bug in httpspider.LinkExtractor
From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 22 May 2012 19:26:44 +0200

On Tue, May 22, 2012 at 6:03 PM, Daniel Miller <bonsaiviking () gmail com>wrote:

List,

Two bugs and a code structure improvement in this patch to the httpspider
library, found while working with the http-chrono script.

First bug, the LinkExtractor portion of httpspider doesn't check for a
negative maxdepth (indicating no limit), and rejects all links.

Second bug, the withinhost and withindomain matching functions would throw
an error when presented with a URL without a host portion. Example: <a
href="http://";>link</a>. I threw in a test for parsed_u.host == nil,
assuming that that would fail either of the checks.

Lastly, the attached patch fixes moves the function definition for
validate_link out of the innermost loop of the LinkExtractor.parse
function. It had been declared as a closure over url, then called on the
very next line. I chose to move it to a method of the LinkExtractor class,
in case it should ever need to be overridden, but it could have just as
easily been inlined.

Dan

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Thanks Dan! Great work.
I committed the change as r28649.

//Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault