Panics when a link doesn't have a base

Question

Panics when a link doesn't have a base

pwnwriter opened this issue a year ago · 10 comments

When i parse a url without defining the protocol http(s). it panics.

https://github.com/pwnwriter/kanha/blob/1e610e1ee2a84b3ca68173417d707fa124a83f6b/src/commands/takeover/sub_takeover.rs#L59C10-L59C10

Answer 1 · 2023-10-12T12:26:20.000Z

Hello, I would like to try to fix this bug. What behavior are you expecting?

Answer 2 · 2023-10-12T12:34:39.000Z

When a url doesn't have a base (the protocol) , http(s). It panics. I'm looking for some sort of implementation which adds the protocol if the url doesn't have already.

For example:

A url https://foo.com is working as expected but without the base only foo.com panics.

Answer 3 · 2023-10-12T12:41:56.000Z

I understand you, I will try to do something about it.

Answer 4 · 2023-10-12T12:53:21.000Z

For sure <3

Answer 5 · 2023-10-12T13:34:22.000Z

I currently have these two ways to handle this situation,

Writing a new function or any other implementation that takes a url if that url doesn't have a base then add it and return the url.

#[tokio::main]
async fn main() -> anyhow::Result<(), Box<dyn std::error::Error>> {
    let url = "hackerone.com".to_string();
    let url_with_base = add_protocol(url.clone());

    let code = reqwest::get(&url_with_base).await?.status();

    println!("{:#?}", code);

    Ok(())
}

fn add_protocol(mut url: String) -> String {
    if !url.starts_with("http://") && !url.starts_with("https://") {
        url = format!("https://{}", url);
    }
    url
}

When a url doesn't have a base then just print error and exit the app.

Not sure which would be helpful in this case. Do you have any comment on this? @ndfz

Answer 6 · 2023-10-12T14:22:04.000Z

I think the most straightforward way to do this would be to return an error. But your idea of substitution also has its merit, so what have we concluded? Your wishes? (─‿‿─)

Answer 7 · 2023-10-12T14:35:16.000Z

I'm considering the addition of a new option or flag, such as --checks. By default, it won't check the base, but if an end user parses an option like --checks, then the url should undergo verification before initiating a web request.?

Answer 8 · 2023-10-12T14:47:43.000Z

A new flag for this, in my opinion, seems unnecessary. I think it will only make it more complex. Instead, it's better to just check it directly or add a flag to specify the base. But then again, we are mostly considering an exception. By exception, I mean that in most cases, the base is already specified. That's what I think.

Answer 9 · 2023-10-12T15:22:21.000Z

Then the second option would be good to go. Just returning an errorcase with some nice suggestions :P

Answer 10 · 2023-10-12T15:33:18.000Z

Good, agreed 😄