Fixed IndexError when parsing malformed --modules-extra-args

immortal71 · immortal71 · commit 55cfd7a47de6 · 2026-01-05T19:21:16.000-08:00
- Added validation to check for '=' sign before splitting - Added validation to reject empty keys (e.g., '=value') - Used internationalized error messages with _() function - Added error_modules_extra_args_format and error_modules_extra_args_empty_key to locale - Used split('=', 1) to properly handle values containing '=' characters - Strip whitespace from keys Fixes issue #1199
diff --git a/nettacker/core/arg_parser.py b/nettacker/core/arg_parser.py
@@ -736,7 +736,20 @@ def parse_arguments(self):
         if options.modules_extra_args:
             all_args = {}
             for args in options.modules_extra_args.split("&"):
-                value = args.split("=")[1]
+                # Validate format
+                if "=" not in args:
+                    die_failure(_("error_modules_extra_args_format").format(args))
+                
+                # Split with maxsplit=1 to handle values containing '='
+                parts = args.split("=", 1)
+                key = parts[0].strip()
+                value = parts[1]
+                
+                # Validate key is not empty
+                if not key:
+                    die_failure(_("error_modules_extra_args_empty_key"))
+                
+                # Type conversion logic
                 if value.lower() == "true":
                     value = True
                 elif value.lower() == "false":
@@ -756,7 +769,8 @@ def parse_arguments(self):
                         value = int(value)
                     except Exception:
                         pass
-                all_args[args.split("=")[0]] = value
+                
+                all_args[key] = value
             options.modules_extra_args = all_args
 
         options.timeout = float(options.timeout)
diff --git a/nettacker/locale/en.yaml b/nettacker/locale/en.yaml
@@ -37,6 +37,8 @@ error_target_file: "Cannot specify the target(s), unable to open file: {0}"
 error_username: "Cannot specify the username(s), unable to open file: {0}"
 error_passwords: "Cannot specify the password(s), unable to open file: {0}"
 error_wordlist: "Cannot specify the word(s), unable to open file {0}"
+error_modules_extra_args_format: "Invalid format for --modules-extra-args: '{0}'\nExpected format: key1=value1&key2=value2\nExample: --modules-extra-args \"x_api_key=123&xyz_passwd=abc\""
+error_modules_extra_args_empty_key: "Invalid --modules-extra-args: empty key is not allowed\nEach argument must be in format: key=value"
 exclude_scan_method: choose scan method to exclude {0}
 file_write_error: file "{0}" is not writable!
 library_not_supported: library [{0}] is not support!
