simplify request-response parsing in apsscan

David Maloney · David Maloney · commit dacaa9e82b3e · 2015-03-18T11:19:00.000-05:00
the record_request_and_response method for the
nokogiri appscan parser was way overcomplicated
it was trying to do way too much trickiness
when the data could be very simply split and consumed

MSP-9972
diff --git a/lib/rex/parser/appscan_nokogiri.rb b/lib/rex/parser/appscan_nokogiri.rb
@@ -187,31 +187,18 @@ def report_service_info
 
     def record_request_and_response
       return unless(in_issue && has_text)
-      return unless @state[:web_site]
+      return unless @state[:web_site].present?
       really_original_traffic = unindent_and_crlf(@text)
-      split_traffic = really_original_traffic.split(/\r\n\r\n/)
-      request_headers_text = split_traffic.first
-      content_length = 0
-      if request_headers_text =~ /\ncontent-length:\s+([0-9]+)/mni
-        content_length = $1.to_i
-      end
-      if(content_length > 0) and (split_traffic[1].to_s.size >= content_length)
-        request_body_text = split_traffic[1].to_s[0,content_length]
-      else
-        request_body_text = nil
-      end
-      response_headers_text = split_traffic[1].to_s[content_length,split_traffic[1].to_s.size].lstrip
-      request = request_headers_text
-      return unless(request && response_headers_text)
-      response_body_text = split_traffic[2]
+      request_headers, request_body, response_headers, response_body = really_original_traffic.split(/\r\n\r\n/)
+      return unless(request_headers && response_headers)
       req_header = Rex::Proto::Http::Packet::Header.new
       res_header = Rex::Proto::Http::Packet::Header.new
-      req_header.from_s request_headers_text.dup
-      res_header.from_s response_headers_text.dup
+      req_header.from_s request_headers.dup
+      res_header.from_s response_headers.dup
       @state[:request_headers] = req_header
-      @state[:request_body] = request_body_text
+      @state[:request_body] = request_body
       @state[:response_headers] = res_header
-      @state[:response_body] = response_body_text
+      @state[:response_body] = response_body
     end
 
     # Appscan tab-indents which makes parsing a little difficult. They
