Mirrors/ffuf
2
0
Fork 0
mirror of https://github.com/ffuf/ffuf synced 2024-12-01 15:49:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

pkg/ffuf: fix panic in Windows when parsing wordlist flag (#335)

Browse source 
This change addresses two panics that happened while parsing the provided
wordlist flag in Windows systems.

- pkg/ffuf/util.go:40: panic happened when the provided path was
invalid. Example: ".\wordlist.txt:" as the os.Stat call returned an
error different than os.ErrNotExist.

- pkg/ffuf/optionsparser.go:179: panic happened when the provided value
did not existed and did not contain a colon character. Example:
".\asdf.txt" when the local file ".\asdf.txt" did not exist. This panic
happened due to strings.LastIndex returning -1 when the provided
substring does not appear. Therefore, v[:-1] panicking.

Fixes #333

Signed-off-by: Miguel Ángel Jimeno <miguelangel4b@gmail.com>
This commit is contained in:
M. Ángel Jimeno 2020-10-26 22:43:09 +01:00 committed by GitHub
parent 5b00f2b4e1
commit c6a6293499
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -14,6 +14,7 @@
- Fixed the issue where the option -ac was overwriting existing filters. Now auto-calibration will add them where needed.
- The `-w` flag now accepts comma delimited values in the form of `file1:W1,file2:W2`.
- Links in the HTML report are now clickable
- Fixed panic during wordlist flag parsing in Windows systems.
- v1.1.0
- New

6
pkg/ffuf/optionsparser.go
View file

@ -176,7 +176,11 @@ func ConfigFromOptions(parseOpts *ConfigOptions, ctx context.Context, cancel con
// The wordlist was supplied without a keyword parameter
wl = []string{v}
} else {
filepart := v[:strings.LastIndex(v, ":")]
filepart := v
if strings.Contains(filepart, ":") {
filepart = v[:strings.LastIndex(filepart, ":")]
}
if FileExists(filepart) {
wl = []string{filepart, v[strings.LastIndex(v, ":")+1:]}
} else {

6
pkg/ffuf/util.go
View file

@ -31,11 +31,13 @@ func UniqStringSlice(inslice []string) []string {
return ret
}
//FileExists checks if the filepath exists and is not a directory
//FileExists checks if the filepath exists and is not a directory.
//Returns false in case it's not possible to describe the named file.
func FileExists(path string) bool {
md, err := os.Stat(path)
if os.IsNotExist(err) {
if err != nil {
return false
}
return !md.IsDir()
}