OpenVAS Libraries  9.0.3
nasl_http.c
Go to the documentation of this file.
1 /* Nessus Attack Scripting Language
2  *
3  * Copyright (C) 2002 - 2004 Tenable Network Security
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License version 2,
7  * as published by the Free Software Foundation
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
17  */
18 
19 #include <glib.h>
20 
21 #include <ctype.h> /* for isspace */
22 #include <string.h> /* for strlen */
23 
24 #include "../misc/prefs.h" /* for prefs_get */
25 
26 #include "../base/kb.h" /* for kb_item_get_str */
27 #include "../misc/plugutils.h" /* plug_get_host_fqdn */
28 
29 #include "nasl_tree.h"
30 #include "nasl_global_ctxt.h"
31 #include "nasl_func.h"
32 #include "nasl_var.h"
33 #include "nasl_lex_ctxt.h"
34 #include "exec.h"
35 
36 #include "nasl_debug.h"
37 #include "nasl_socket.h"
38 
39 #include "nasl_http.h"
40 
41 #include "../misc/www_funcs.h" /* for build_encode_URL */
42 
43 /*-----------------[ http_* functions ]-------------------------------*/
44 
45 
46 tree_cell *
48 {
49  return nasl_open_sock_tcp_bufsz (lexic, 65536);
50 }
51 
52 tree_cell *
54 {
55  return nasl_close_socket (lexic);
56 }
57 
58 
59 static tree_cell *
60 _http_req (lex_ctxt * lexic, char *keyword)
61 {
62  tree_cell *retc;
63  char *str;
64  char *item = get_str_local_var_by_name (lexic, "item");
65  char *data = get_str_local_var_by_name (lexic, "data");
66  int port = get_int_local_var_by_name (lexic, "port", -1);
67  char *url = NULL;
68  struct arglist *script_infos = lexic->script_infos;
69  char *auth, tmp[32];
70  int ver;
71  int cl;
72  int al;
73  char content_l_str[32];
74  kb_t kb;
75  int str_length = 0;
76 
77 
78  if (item == NULL || port < 0)
79  {
80  nasl_perror (lexic,
81  "Error : http_* functions have the following syntax :\n");
82  nasl_perror (lexic, "http_*(port:<port>, item:<item> [, data:<data>]\n");
83  return NULL;
84  }
85 
86  if (port <= 0 || port > 65535)
87  {
88  nasl_perror (lexic, "http_req: invalid value %d for port parameter\n",
89  port);
90  return NULL;
91  }
92 
93  kb = plug_get_kb (script_infos);
94  g_snprintf (tmp, sizeof (tmp), "/tmp/http/auth/%d", port);
95  auth = kb_item_get_str (kb, tmp);
96 
97  if (auth == NULL)
98  auth = kb_item_get_str (kb, "http/auth");
99 
100  g_snprintf (tmp, sizeof (tmp), "http/%d", port);
101  ver = kb_item_get_int (kb, tmp);
102 
103  if (data == NULL)
104  {
105  cl = 0;
106  *content_l_str = '\0';
107  }
108  else
109  {
110  cl = strlen (data);
111  g_snprintf (content_l_str, sizeof (content_l_str),
112  "Content-Length: %d\r\n", cl);
113  }
114 
115  if (auth != NULL)
116  al = strlen (auth);
117  else
118  al = 0;
119 
120  if ((ver <= 0) || (ver == 11))
121  {
122  char *hostname, *ua, *hostheader;
123 
124  hostname = plug_get_host_fqdn (script_infos);
125  if (hostname == NULL)
126  return NULL;
127  ua = kb_item_get_str (kb, "http/user-agent");
128 #define OPENVAS_USER_AGENT "Mozilla/5.0 [en] (X11, U; OpenVAS)"
129  if (ua == NULL)
130  ua = g_strdup (OPENVAS_USER_AGENT);
131  else
132  {
133  while (isspace (*ua))
134  ua++;
135  if (*ua == '\0')
136  {
137  g_free (ua);
138  ua = g_strdup (OPENVAS_USER_AGENT);
139  }
140  }
141 
142  /* Servers should not have a problem with port 80 or 443 appended.
143  * RFC2616 allows to omit the port in which case the default port for
144  * that service is assumed.
145  * However, some servers like IIS/OWA wrongly respond with a "404"
146  * instead of a "200" in case the port is appended. Because of this,
147  * ports 80 and 443 are not appended.
148  */
149  if (port == 80 || port == 443)
150  hostheader = g_strdup (hostname);
151  else
152  hostheader = g_strdup_printf ("%s:%d", hostname, port);
153 
154  url = build_encode_URL (script_infos, keyword, NULL, item, "HTTP/1.1");
155  str_length =
156  strlen (url) + strlen (hostname) + al + cl + strlen (ua) + 1024;
157  str = g_malloc0 (str_length);
158  /* NIDS evasion */
159  g_snprintf (str, str_length, "%s\r\n\
160 Connection: Close\r\n\
161 Host: %s\r\n\
162 Pragma: no-cache\r\n\
163 Cache-Control: no-cache\r\n\
164 User-Agent: %s\r\n\
165 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\n\
166 Accept-Language: en\r\n\
167 Accept-Charset: iso-8859-1,*,utf-8\r\n", url, hostheader, ua);
168  g_free (hostname);
169  g_free (hostheader);
170  g_free (ua);
171  }
172  else
173  {
174  /* NIDS evasion */
175  url =
176  build_encode_URL (script_infos, keyword, NULL, item, "HTTP/1.0\r\n");
177 
178  str_length = strlen (url) + al + cl + 120;
179  str = g_malloc0 (str_length);
180  g_strlcpy (str, url, str_length);
181  }
182  g_free (url);
183 
184  if (auth != NULL)
185  {
186  g_strlcat (str, auth, str_length);
187  g_strlcat (str, "\r\n", str_length);
188  }
189 
190  if (data != NULL)
191  g_strlcat (str, content_l_str, str_length);
192 
193  g_strlcat (str, "\r\n", str_length);
194 
195  if (data != NULL)
196  {
197  g_strlcat (str, data, str_length);
198  }
199 
200  retc = alloc_tree_cell (0, NULL);
201  retc->type = CONST_DATA;
202  retc->size = strlen (str);
203  retc->x.str_val = str;
204  return retc;
205 }
206 
207 /*
208  * Syntax :
209  *
210  * http_get(port:<port>, item:<item>);
211  *
212  */
213 tree_cell *
215 {
216  return _http_req (lexic, "GET");
217 }
218 
219 /*
220  * Syntax :
221  *
222  * http_head(port:<port>, item:<item>);
223  *
224  */
225 tree_cell *
227 {
228  return _http_req (lexic, "HEAD");
229 }
230 
231 
232 /*
233  * Syntax :
234  * http_post(port:<port>, item:<item>)
235  */
236 tree_cell *
238 {
239  return _http_req (lexic, "POST");
240 }
241 
242 /*
243  * http_delete(port:<port>, item:<item>)
244  */
245 tree_cell *
247 {
248  return _http_req (lexic, "DELETE");
249 }
250 
251 /*
252  * http_put(port:<port>, item:<item>, data:<data>)
253  */
254 tree_cell *
256 {
257  return _http_req (lexic, "PUT");
258 }
259 
260 
261 /*-------------------[ cgibin() ]--------------------------------*/
262 
263 
264 tree_cell *
265 cgibin (lex_ctxt * lexic)
266 {
267  const char *path = prefs_get ("cgi_path");
268  tree_cell *retc;
269 
270  if (path == NULL)
271  path = "/cgi-bin:/scripts";
272  retc = alloc_tree_cell (0, NULL);
273  retc->type = CONST_DATA;
274  retc->x.str_val = g_strdup (path);
275  retc->size = strlen (path);
276 
277  return retc;
278 }
tree_cell * nasl_open_sock_tcp_bufsz(lex_ctxt *lexic, int bufsz)
Definition: nasl_socket.c:426
tree_cell * http_get(lex_ctxt *lexic)
Definition: nasl_http.c:214
tree_cell * http_open_socket(lex_ctxt *lexic)
Definition: nasl_http.c:47
short type
Definition: nasl_tree.h:107
char * str_val
Definition: nasl_tree.h:113
#define OPENVAS_USER_AGENT
tree_cell * http_delete(lex_ctxt *lexic)
Definition: nasl_http.c:246
char * plug_get_host_fqdn(struct arglist *desc)
Definition: plugutils.c:200
long int get_int_local_var_by_name(lex_ctxt *, const char *, int)
Definition: nasl_var.c:1240
const gchar * prefs_get(const gchar *key)
Get a string preference value via a key.
Definition: prefs.c:86
char * get_str_local_var_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:1262
union TC::@7 x
tree_cell * cgibin(lex_ctxt *lexic)
Definition: nasl_http.c:265
tree_cell * http_head(lex_ctxt *lexic)
Definition: nasl_http.c:226
kb_t plug_get_kb(struct arglist *args)
Definition: plugutils.c:710
Top-level KB. This is to be inherited by KB implementations.
Definition: kb.h:102
Definition: nasl_tree.h:105
tree_cell * nasl_close_socket(lex_ctxt *lexic)
Definition: nasl_socket.c:947
void nasl_perror(lex_ctxt *lexic, char *msg,...)
Definition: nasl_debug.c:94
tree_cell * http_close_socket(lex_ctxt *lexic)
Definition: nasl_http.c:53
tree_cell * alloc_tree_cell(int lnb, char *s)
Definition: nasl_tree.c:37
tree_cell * http_post(lex_ctxt *lexic)
Definition: nasl_http.c:237
char * build_encode_URL(struct arglist *data, char *method, char *path, char *name, char *httpver)
Definition: www_funcs.c:83
struct arglist * script_infos
Definition: nasl_lex_ctxt.h:39
tree_cell * http_put(lex_ctxt *lexic)
Definition: nasl_http.c:255
int size
Definition: nasl_tree.h:110