From 397104686919edba8d14dae3556c141974a7a25e Mon Sep 17 00:00:00 2001 From: Joel Sallow <32407840+vexx32@users.noreply.github.com> Date: Tue, 10 Mar 2020 20:58:02 -0400 Subject: [PATCH 1/4] :bug: Fix img detection regex. --- .../WebCmdlet/Common/BasicHtmlWebResponseObject.Common.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/BasicHtmlWebResponseObject.Common.cs b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/BasicHtmlWebResponseObject.Common.cs index 664c3d69d46..036ee0cfad1 100644 --- a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/BasicHtmlWebResponseObject.Common.cs +++ b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/BasicHtmlWebResponseObject.Common.cs @@ -226,7 +226,7 @@ private void EnsureHtmlParser() if (s_imageRegex == null) { - s_imageRegex = new Regex(@"]*>", + s_imageRegex = new Regex(@"]*?>", RegexOptions.Singleline | RegexOptions.IgnoreCase | RegexOptions.Compiled); } } From 4c25150b32912469e1d45ae2416c926db8078968 Mon Sep 17 00:00:00 2001 From: Joel Sallow <32407840+vexx32@users.noreply.github.com> Date: Tue, 17 Mar 2020 19:36:07 -0400 Subject: [PATCH 2/4] :white_check_mark: Add test case --- .../WebCmdlets.Tests.ps1 | 10 ++++++++++ .../WebListener/Controllers/DosController.cs | 16 ++++++++++------ 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 b/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 index a6577f0c118..f50bdf97ee0 100644 --- a/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 +++ b/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 @@ -1931,6 +1931,16 @@ Describe "Invoke-WebRequest tests" -Tags "Feature", "RequireAdminOnWindows" { # in some cases we will be running in a Docker container with modest resources $pathologicalRatio | Should -BeGreaterThan 5 } + + It 'correctly parses an image with id, class, and src attributes' { + $dosUri = Get-WebListenerUrl -Test 'Dos' -query @{ + dosType = 'img-attribute' + } + + $response = Invoke-WebRequest -Uri $dosUri + $response.Images | Should -Not -BeNullOrEmpty + } + It "Charset Parsing" { $dosUri = Get-WebListenerUrl -Test 'Dos' -query @{ dosType='charset' diff --git a/test/tools/WebListener/Controllers/DosController.cs b/test/tools/WebListener/Controllers/DosController.cs index 7966ab39bfa..3e2c1d1c668 100644 --- a/test/tools/WebListener/Controllers/DosController.cs +++ b/test/tools/WebListener/Controllers/DosController.cs @@ -29,33 +29,37 @@ public string Index() } StringValues dosLengths; - Int32 dosLength =1; + Int32 dosLength = 1; if (Request.Query.TryGetValue("dosLength", out dosLengths)) { Int32.TryParse(dosLengths.FirstOrDefault(), out dosLength); } string body = string.Empty; - switch(dosType) + switch (dosType) { case "img": contentType = "text/html; charset=utf8"; body = ""; + break; case "charset": contentType = "text/html; charset=melon"; body = " { - var httpContext = (HttpContext) state; - httpContext.Response.ContentType = contentType; - return Task.FromResult(0); + var httpContext = (HttpContext)state; + httpContext.Response.ContentType = contentType; + return Task.FromResult(0); }, HttpContext); Response.ContentLength = Encoding.UTF8.GetBytes(body).Length; From bb42b2114175429c4950ee3a68dbdb6f522a6f62 Mon Sep 17 00:00:00 2001 From: Joel Sallow <32407840+vexx32@users.noreply.github.com> Date: Sat, 21 Mar 2020 16:41:55 -0400 Subject: [PATCH 3/4] :memo: addressed review comments --- test/tools/WebListener/Controllers/DosController.cs | 1 + 1 file changed, 1 insertion(+) diff --git a/test/tools/WebListener/Controllers/DosController.cs b/test/tools/WebListener/Controllers/DosController.cs index 3e2c1d1c668..864bb3aa8f2 100644 --- a/test/tools/WebListener/Controllers/DosController.cs +++ b/test/tools/WebListener/Controllers/DosController.cs @@ -42,6 +42,7 @@ public string Index() contentType = "text/html; charset=utf8"; body = ""; From daec401dd04db5b33516844df1d3e60beddde323 Mon Sep 17 00:00:00 2001 From: Joel Sallow <32407840+vexx32@users.noreply.github.com> Date: Sat, 21 Mar 2020 18:39:32 -0400 Subject: [PATCH 4/4] :recycle: move test to new context --- .../WebCmdlets.Tests.ps1 | 21 +++++++++++-------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 b/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 index f50bdf97ee0..d438df25ebc 100644 --- a/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 +++ b/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 @@ -1900,6 +1900,18 @@ Describe "Invoke-WebRequest tests" -Tags "Feature", "RequireAdminOnWindows" { } } + Context "Regex Parsing" { + + It 'correctly parses an image with id, class, and src attributes' { + $dosUri = Get-WebListenerUrl -Test 'Dos' -query @{ + dosType = 'img-attribute' + } + + $response = Invoke-WebRequest -Uri $dosUri + $response.Images | Should -Not -BeNullOrEmpty + } + } + Context "Denial of service" -Tag 'DOS' { It "Image Parsing" { $dosUri = Get-WebListenerUrl -Test 'Dos' -query @{ @@ -1932,15 +1944,6 @@ Describe "Invoke-WebRequest tests" -Tags "Feature", "RequireAdminOnWindows" { $pathologicalRatio | Should -BeGreaterThan 5 } - It 'correctly parses an image with id, class, and src attributes' { - $dosUri = Get-WebListenerUrl -Test 'Dos' -query @{ - dosType = 'img-attribute' - } - - $response = Invoke-WebRequest -Uri $dosUri - $response.Images | Should -Not -BeNullOrEmpty - } - It "Charset Parsing" { $dosUri = Get-WebListenerUrl -Test 'Dos' -query @{ dosType='charset'