Skip to content

Commit 7700436

Browse files
Use more lenient urllib3.util's parse_url
1 parent 636703c commit 7700436

10 files changed

Lines changed: 36 additions & 29 deletions

aikido_zen/helpers/get_port_from_url.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,15 @@
22
Helper function file, see function docstring
33
"""
44

5-
from urllib.parse import urlparse
5+
from urllib3.util import parse_url
66

77

88
def get_port_from_url(url, parsed=False):
99
"""
1010
Tries to retrieve a port number from the given url
1111
"""
1212
if not parsed:
13-
parsed_url = urlparse(url)
13+
parsed_url = parse_url(url)
1414
else:
1515
parsed_url = url
1616

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
import pytest
22
from .get_port_from_url import get_port_from_url
3-
from urllib.parse import urlparse
3+
from urllib3.util import parse_url
44

55

66
def test_get_port_from_url():
@@ -14,14 +14,14 @@ def test_get_port_from_url():
1414

1515

1616
def test_get_port_from_parsed_url():
17-
assert get_port_from_url(urlparse("http://localhost:4000"), True) == 4000
18-
assert get_port_from_url(urlparse("http://localhost"), True) == 80
17+
assert get_port_from_url(parse_url("http://localhost:4000"), True) == 4000
18+
assert get_port_from_url(parse_url("http://localhost"), True) == 80
1919
assert (
20-
get_port_from_url(urlparse("https://test.com:8080/test?abc=123"), True) == 8080
20+
get_port_from_url(parse_url("https://test.com:8080/test?abc=123"), True) == 8080
2121
)
22-
assert get_port_from_url(urlparse("https://localhost"), True) == 443
23-
assert get_port_from_url(urlparse("ftp://localhost"), True) is None
22+
assert get_port_from_url(parse_url("https://localhost"), True) == 443
23+
assert get_port_from_url(parse_url("ftp://localhost"), True) is None
2424
assert (
25-
get_port_from_url(urlparse("http://localhost:1337\\u0000asd.php"), True) is None
25+
get_port_from_url(parse_url("http://localhost:1337\\u0000asd.php"), True) is None
2626
)
27-
assert get_port_from_url(urlparse("http://localhost:123123/asd.php"), True) is None
27+
assert get_port_from_url(parse_url("http://localhost:123123/asd.php"), True) is None

aikido_zen/helpers/get_subdomains_from_url.py

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,7 @@
11
"""
22
Helper function file, see function docstring
33
"""
4-
5-
from urllib.parse import urlparse
4+
from urllib3.util import parse_url
65

76

87
def get_subdomains_from_url(url):
@@ -11,7 +10,7 @@ def get_subdomains_from_url(url):
1110
"""
1211
if not isinstance(url, str):
1312
return []
14-
host = urlparse(url).hostname
13+
host = parse_url(url).hostname
1514
if not host:
1615
return []
1716
parts = host.split(".")
Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,27 +1,33 @@
11
"""Helper function file"""
22

3-
from urllib.parse import urlparse
3+
from urllib3.util import parse_url
44
from pathlib import PurePath
55

66

77
def path_to_string(path):
88
"""Converts an obj that represents a path into a string"""
99
if isinstance(path, str):
1010
try:
11-
parsed_url = urlparse(path)
11+
parsed_url = parse_url(path)
1212
if parsed_url and parsed_url.scheme == "file":
1313
return parsed_url.path
1414
except Exception:
15+
print("can't parse thsi shit! bye")
1516
return None
1617
return path
18+
print("can't parse thsi shit! bye - 9")
1719

1820
if isinstance(path, bytes):
1921
try:
2022
return path.decode("utf-8")
2123
except UnicodeDecodeError:
24+
print("can't parse thsi shit! by - 4 e")
2225
return None
2326
if isinstance(path, PurePath):
2427
# Stringify PurePath. This can still allow path traversal but in extremely
2528
# limited cases so it's safe to just stringify for now.
2629
return str(path)
30+
31+
32+
print("can't parse thsi shit! bye - 1")
2733
return None

aikido_zen/helpers/try_parse_url.py

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,11 @@
11
"""Helper function file"""
22

3-
from urllib.parse import urlparse
4-
3+
from urllib3.util import parse_url
54

65
def try_parse_url(url):
76
"""Tries to parse the url using urlparse"""
87
try:
9-
parsed_url = urlparse(url)
8+
parsed_url = parse_url(url)
109
if parsed_url.scheme and parsed_url.netloc:
1110
return parsed_url
1211
return None

aikido_zen/helpers/try_parse_url_path.py

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,15 +4,16 @@
44
Includes try_parse_url_path
55
"""
66

7-
from urllib.parse import urlparse
7+
from urllib3.util import parse_url
88
import regex as re
99

1010

1111
def try_parse_url(url):
1212
"""try to parse Url with urlparse"""
1313
try:
14-
return urlparse(url)
14+
return parse_url(url)
1515
except ValueError:
16+
print("value error! can't parse this shit!")
1617
return None
1718

1819

aikido_zen/helpers/urls/normalize_url.py

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,13 @@
11
"""Helper function file, exports normalize_url"""
22

3-
from urllib.parse import urlparse, urlunparse
3+
from urllib3.util import parse_url
4+
from urllib.parse import urlunparse
45

56

67
def normalize_url(url):
78
"""Normalizes the url"""
89
# Parse the URL
9-
parsed_url = urlparse(url)
10+
parsed_url = parse_url(url)
1011

1112
# Normalize components
1213
scheme = parsed_url.scheme.lower() # Lowercase scheme

aikido_zen/vulnerabilities/path_traversal/parse_as_file_url.py

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,21 +2,22 @@
22
Mainly exports `parse_as_file_url`
33
"""
44

5-
from urllib.parse import urlparse, urlunparse
5+
from urllib3.util import parse_url
6+
from urllib.parse import urlunparse
67
from pathlib import Path
78

89

910
def parse_as_file_url(path):
1011
"""Convert a file path as a URL to a file path."""
1112
if path.startswith("file:"):
12-
parsed_url = urlparse(path)
13+
parsed_url = parse_url(path)
1314
file_path = Path(parsed_url.path)
1415
else:
1516
if not path.startswith("/"):
1617
path = f"/{path}"
1718
file_path = Path(path)
1819
file_url = urlunparse(("file", "", str(file_path), "", "", ""))
19-
parsed_url = urlparse(file_url)
20+
parsed_url = parse_url(file_url)
2021

2122
normalized_path = Path(parsed_url.path).resolve()
2223

aikido_zen/vulnerabilities/ssrf/get_redirect_origin_test.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,11 @@
11
import pytest
2-
from urllib.parse import urlparse, urlunparse
2+
from urllib3.util import parse_url
33
from .get_redirect_origin import get_redirect_origin
44

55

66
# Helper function to create URL objects
77
def create_url(href):
8-
return urlparse(href)
8+
return parse_url(href)
99

1010

1111
# Test cases

aikido_zen/vulnerabilities/ssrf/is_redirect_to_private_ip_test.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,12 @@
11
import pytest
22
from unittest.mock import MagicMock, patch
33
from .is_redirect_to_private_ip import is_redirect_to_private_ip
4-
from urllib.parse import urlparse, urlunparse
4+
from urllib3.util import parse_url
55

66

77
# Helper function to create URL objects
88
def create_url(href):
9-
return urlparse(href)
9+
return parse_url(href)
1010

1111

1212
def test_is_redirect_to_private_ip_success():

0 commit comments

Comments
 (0)