Fix powershell test cases for in-depth escaping scenario

This also handles a few other cases not specifically covered by the new
scenario but which are obviously easily fixable

Author: pimterry

src/targets/powershell/common.js

@@ -1,9 +1,16 @@
 'use strict'
 
 const CodeBuilder = require('../../helpers/code-builder')
-const { escape } = require('../../helpers/format')
 const helpers = require('../../helpers/headers')
 
+// Within a single quote, the ONLY character to worry about is the single quote
+// itself (escaped by doubling). Newlines, backticks, slashes etc are all treated
+// as literal characters.
+const psSqEscape = function (input) {
+  return input
+    .replace(/'/g, "''")
+}
+
 module.exports = function (command) {
   return function (source, options) {
     const code = new CodeBuilder()
@@ -23,7 +30,10 @@ module.exports = function (command) {
       code.push('$headers=@{}')
       headers.forEach(function (key) {
         if (key !== 'connection') { // Not allowed
-          code.push('$headers.Add("%s", "%s")', key, escape(source.headersObj[key], { escapeChar: '`' }))
+          code.push("$headers.Add('%s', '%s')",
+            psSqEscape(key),
+            psSqEscape(source.headersObj[key])
+          )
         }
       })
       commandOptions.push('-Headers $headers')
@@ -36,21 +46,32 @@ module.exports = function (command) {
       source.cookies.forEach(function (cookie) {
         code.push('$cookie = New-Object System.Net.Cookie')
 
-        code.push("$cookie.Name = '%s'", cookie.name)
-        code.push("$cookie.Value = '%s'", cookie.value)
-        code.push("$cookie.Domain = '%s'", source.uriObj.host)
+        code.push("$cookie.Name = '%s'", psSqEscape(cookie.name))
+        code.push("$cookie.Value = '%s'", psSqEscape(cookie.value))
+        code.push("$cookie.Domain = '%s'", psSqEscape(source.uriObj.host))
 
         code.push('$session.Cookies.Add($cookie)')
       })
       commandOptions.push('-WebSession $session')
     }
 
     if (source.postData.text) {
-      commandOptions.push("-ContentType '" + helpers.getHeader(source.allHeaders, 'content-type') + "'")
-      commandOptions.push("-Body '" + source.postData.text + "'")
+      const contentType = helpers.getHeader(source.allHeaders, 'content-type')
+      if (contentType) {
+        commandOptions.push("-ContentType '" + psSqEscape(contentType) + "'")
+      }
+
+      commandOptions.push(
+        "-Body '" + psSqEscape(source.postData.text) + "'"
+      )
     }
 
-    code.push("$response = %s -Uri '%s' -Method %s %s", command, source.fullUrl, source.method, commandOptions.join(' '))
+    code.push("$response = %s -Uri '%s' -Method %s %s",
+      command,
+      psSqEscape(source.fullUrl),
+      source.method,
+      commandOptions.join(' ')
+    )
     return code.join()
   }
 }

test/fixtures/output/powershell/restmethod/application-form-encoded.ps1

@@ -1,3 +1,3 @@
 $headers=@{}
-$headers.Add("content-type", "application/x-www-form-urlencoded")
+$headers.Add('content-type', 'application/x-www-form-urlencoded')
 $response = Invoke-RestMethod -Uri 'http://mockbin.com/har' -Method POST -Headers $headers -ContentType 'application/x-www-form-urlencoded' -Body 'foo=bar&hello=world'

test/fixtures/output/powershell/restmethod/application-json.ps1

@@ -1,3 +1,3 @@
 $headers=@{}
-$headers.Add("content-type", "application/json")
+$headers.Add('content-type', 'application/json')
 $response = Invoke-RestMethod -Uri 'http://mockbin.com/har' -Method POST -Headers $headers -ContentType 'application/json' -Body '{"number":1,"string":"f\"oo","arr":[1,2,3],"nested":{"a":"b"},"arr_mix":[1,"a",{"arr_mix_nested":{}}],"boolean":false}'

test/fixtures/output/powershell/restmethod/compression.ps1

@@ -1,3 +1,3 @@
 $headers=@{}
-$headers.Add("accept-encoding", "deflate, gzip, br")
+$headers.Add('accept-encoding', 'deflate, gzip, br')
 $response = Invoke-RestMethod -Uri 'http://mockbin.com/har' -Method GET -Headers $headers

test/fixtures/output/powershell/restmethod/full.ps1

@@ -1,6 +1,6 @@
 $headers=@{}
-$headers.Add("accept", "application/json")
-$headers.Add("content-type", "application/x-www-form-urlencoded")
+$headers.Add('accept', 'application/json')
+$headers.Add('content-type', 'application/x-www-form-urlencoded')
 $session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
 $cookie = New-Object System.Net.Cookie
 $cookie.Name = 'foo'

test/fixtures/output/powershell/restmethod/headers.ps1

@@ -1,5 +1,5 @@
 $headers=@{}
-$headers.Add("accept", "application/json")
-$headers.Add("x-foo", "Bar")
-$headers.Add("quoted-value", "`"quoted`" 'string'")
+$headers.Add('accept', 'application/json')
+$headers.Add('x-foo', 'Bar')
+$headers.Add('quoted-value', '"quoted" ''string''')
 $response = Invoke-RestMethod -Uri 'http://mockbin.com/har' -Method GET -Headers $headers

test/fixtures/output/powershell/restmethod/jsonObj-multiline.ps1

@@ -1,5 +1,5 @@
 $headers=@{}
-$headers.Add("content-type", "application/json")
+$headers.Add('content-type', 'application/json')
 $response = Invoke-RestMethod -Uri 'http://mockbin.com/har' -Method POST -Headers $headers -ContentType 'application/json' -Body '{
   "foo": "bar"
 }'

test/fixtures/output/powershell/restmethod/jsonObj-null-value.ps1

@@ -1,3 +1,3 @@
 $headers=@{}
-$headers.Add("content-type", "application/json")
+$headers.Add('content-type', 'application/json')
 $response = Invoke-RestMethod -Uri 'http://mockbin.com/har' -Method POST -Headers $headers -ContentType 'application/json' -Body '{"foo":null}'

test/fixtures/output/powershell/restmethod/malicious.ps1

@@ -0,0 +1,13 @@
+$headers=@{}
+$headers.Add('squote-value-test', '''')
+$headers.Add('dquote-value-test', '"')
+$headers.Add('backtick-value-test', '`')
+$headers.Add('dollar-parenthesis-value-test', '$(')
+$headers.Add('hash-brace-value-test', '#{')
+$headers.Add('percent-parenthesis-value-test', '%(')
+$headers.Add('percent-brace-value-test', '%{')
+$headers.Add('double-brace-value-test', '{{')
+$headers.Add('null-value-test', '\0')
+$headers.Add('string-fmt-value-test', '%s')
+$headers.Add('slash-value-test', '\')
+$response = Invoke-RestMethod -Uri 'http://example.test/%27%22%60$(%(%%7B%7B%7B/0%s//?''=squote-key-test&squote-value-test=''&%22=dquote-key-test&dquote-value-test=%22&%60=backtick-key-test&backtick-value-test=%60&%24(=dollar-parenthesis-key-test&dollar-parenthesis-value-test=%24(&%23%7B=hash-brace-key-test&hash-brace-value-test=%23%7B&%25(=percent-parenthesis-key-test&percent-parenthesis-value-test=%25(&%25%7B=percent-brace-key-test&percent-brace-value-test=%25%7B&%7B%7B=double-brace-key-test&double-brace-value-test=%7B%7B&%5C0=null-key-test&null-value-test=%5C0&%25s=string-fmt-key-test&string-fmt-value-test=%25s&%5C=slash-key-test&slash-value-test=%5C' -Method POST -Headers $headers -Body ''' " ` $( #{ %( %{ {{ \0 %s \'

test/fixtures/output/powershell/restmethod/multipart-data.ps1

@@ -1,5 +1,5 @@
 $headers=@{}
-$headers.Add("content-type", "multipart/form-data; boundary=---011000010111000001101001")
+$headers.Add('content-type', 'multipart/form-data; boundary=---011000010111000001101001')
 $response = Invoke-RestMethod -Uri 'http://mockbin.com/har' -Method POST -Headers $headers -ContentType 'multipart/form-data; boundary=---011000010111000001101001' -Body '-----011000010111000001101001
 Content-Disposition: form-data; name="foo"; filename="hello.txt"
 Content-Type: text/plain