Merge pull request #403 from projectdiscovery/#issue400-bug-in-sending-post-request

Fixing POST requests with body
2024-09-11 17:46:08 +03:00 · 2021-09-24 20:56:21 +02:00 · 2021-09-24 20:56:21 +02:00 · d0b2b0cf68
commit d0b2b0cf68
parent abb8d7d5a6 a39845bd39
2 changed files with 30 additions and 5 deletions
--- a/cmd/integration-test/http.go
+++ b/cmd/integration-test/http.go
@ -2,6 +2,7 @@ package main

 import (
 	"fmt"
+	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"strings"
@ -20,6 +21,7 @@ var httpTestcases = map[string]testutils.TestCase{
 	"Regression test for: https://github.com/projectdiscovery/httpx/issues/276": &issue276{}, // full path with port in output
 	"Regression test for: https://github.com/projectdiscovery/httpx/issues/277": &issue277{}, // scheme://host:port via stdin
 	"Regression test for: https://github.com/projectdiscovery/httpx/issues/303": &issue303{}, // misconfigured gzip header with uncompressed body
+	"Regression test for: https://github.com/projectdiscovery/httpx/issues/400": &issue400{}, // post operation with body
 }

 type standardHttpGet struct {
@ -184,3 +186,26 @@ func (h *issue363) Execute() error {
 	}
 	return nil
 }
+
+type issue400 struct{}
+
+func (h *issue400) Execute() error {
+	var ts *httptest.Server
+	router := httprouter.New()
+	router.POST("/receive", httprouter.Handle(func(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
+		w.Header().Add("Content-Type", "application/json")
+		data, _ := ioutil.ReadAll(r.Body)
+		fmt.Fprintf(w, "data received %s", data)
+	}))
+	ts = httptest.NewServer(router)
+	defer ts.Close()
+
+	results, err := testutils.RunHttpxAndGetResults(ts.URL+"/receive", debug, "-body 'a=b'", "-x POST", "-status-code")
+	if err != nil {
+		return err
+	}
+	if len(results) != 1 {
+		return errIncorrectResultsCount(results)
+	}
+	return nil
+}
--- a/runner/runner.go
+++ b/runner/runner.go
@ -716,7 +716,6 @@ retry:
 	if r.options.ShowStatistics {
 		r.stats.IncrementCounter("requests", 1)
 	}
-
 	var requestDump []byte
 	if scanopts.Unsafe {
 		var errDump error
@ -726,8 +725,10 @@ retry:
 		}
 	} else {
 		// Create a copy on the fly of the request body
-		bodyBytes, _ := req.BodyBytes()
-		req.Request.Body = ioutil.NopCloser(bytes.NewReader(bodyBytes))
+		if scanopts.RequestBody != "" {
+			req.ContentLength = int64(len(scanopts.RequestBody))
+			req.Body = ioutil.NopCloser(strings.NewReader(scanopts.RequestBody))
+		}
 		var errDump error
 		requestDump, errDump = httputil.DumpRequestOut(req.Request, true)
 		if errDump != nil {
@ -735,12 +736,11 @@ retry:
 		}
 		// The original req.Body gets modified indirectly by httputil.DumpRequestOut so we set it again to nil if it was empty
 		// Otherwise redirects like 307/308 would fail (as they require the body to be sent along)
-		if len(bodyBytes) == 0 {
+		if len(scanopts.RequestBody) == 0 {
 			req.ContentLength = 0
 			req.Body = nil
 		}
 	}
-
 	// fix the final output url
 	fullURL := req.URL.String()
 	parsedURL, _ := urlutil.Parse(fullURL)