Land rapid7#4898, prefer URI to open-uri

Tod Beardsley · Tod Beardsley · commit df80d56fda97 · 2015-03-09T09:14:10.000-05:00
diff --git a/data/exploits/capture/http/forms/extractforms.rb b/data/exploits/capture/http/forms/extractforms.rb
@@ -11,7 +11,6 @@
 
 require 'rubygems'  # install rubygems
 require 'hpricot'   # gem install hpricot
-require 'open-uri'
 require 'timeout'
 
 def usage
diff --git a/data/exploits/capture/http/forms/grabforms.rb b/data/exploits/capture/http/forms/grabforms.rb
@@ -11,7 +11,7 @@
 
 require 'rubygems'  # install rubygems
 require 'hpricot'   # gem install hpricot
-require 'open-uri'
+require 'uri'
 require 'timeout'
 
 def usage
@@ -26,17 +26,17 @@ def usage
   site.strip!
   next if site.length == 0
   next if site =~ /^#/
-  
+
   out = File.join(output, site + ".txt")
   File.unlink(out) if File.exists?(out)
-  
+
   fd  = File.open(out, "a")
-  
+
 
   ["", "www."].each do |prefix|
     begin
-      Timeout.timeout(10) do 
-        doc = Hpricot(open("http://#{prefix}#{site}/"))
+      Timeout.timeout(10) do
+        doc = Hpricot(URI.parse("http://#{prefix}#{site}/").open)
         doc.search("//form").each do |form|
 
           # Extract the form
@@ -78,9 +78,9 @@ def usage
       $stderr.puts "#{prefix}#{site} #{e.class} #{e}"
     end
   end
-  
+
   fd.close
-  
+
   File.unlink(out) if (File.size(out) == 0)
 
 end
diff --git a/modules/auxiliary/gather/apple_safari_webarchive_uxss.rb b/modules/auxiliary/gather/apple_safari_webarchive_uxss.rb
@@ -4,7 +4,7 @@
 ##
 
 require 'msf/core'
-require 'open-uri'
+require 'uri'
 
 class Metasploit3 < Msf::Auxiliary
 
@@ -732,7 +732,7 @@ def all_script_urls(pages)
       results = []
       print_status "Fetching URL #{url}..."
       # fetch and parse the HTML document
-      doc = Nokogiri::HTML(open(url))
+      doc = Nokogiri::HTML(URI.parse(url).open)
       # recursively add scripts from iframes
       doc.css('iframe').each do |iframe|
         print_status "Checking iframe..."
@@ -771,7 +771,7 @@ def find_cached_scripts
             if url.to_s.starts_with? '//'
               url = "#{page_uri.scheme}:#{url}"
             end
-            io = open(url)
+            io = URI.parse(url).open
           rescue URI::InvalidURIError, OpenURI::HTTPError
             next
           end
diff --git a/modules/auxiliary/gather/flash_rosetta_jsonp_url_disclosure.rb b/modules/auxiliary/gather/flash_rosetta_jsonp_url_disclosure.rb
@@ -4,7 +4,6 @@
 ##
 
 require 'msf/core'
-require 'open-uri'
 require 'uri'
 
 class Metasploit3 < Msf::Auxiliary
@@ -66,7 +65,7 @@ def run
 
   def check
     test_string = Rex::Text.rand_text_alphanumeric(encoded_swf.length)
-    io = open(exploit_url(test_string))
+    io = URI.parse(exploit_url(test_string)).open
     if io.read.start_with? test_string
       Msf::Exploit::CheckCode::Vulnerable
     else
