Feature #356: Treat URLs as Equivalent when Only the Protocol is Different - ThreatFactor NSIA - LukeMurphey.net

Feature #356

Treat URLs as Equivalent when Only the Protocol is Different

Added by Luke Murphey over 12 years ago. Updated almost 10 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Scan Engine

Target version:

Start date:

Due date:

% Done:

Description

NSIA currently treats "https://web.site/path" and "http://web.site/path" as different even though they are most likely the same. NSIA should treat them as the same and not rescan the path.

History

#1 Updated by Luke Murphey over 12 years ago

Subject changed from Treat URLs as Equivalent when Only the Protocol is DIfferent to Treat URLs as Equivalent when Only the Protocol is Different

#2 Updated by Luke Murphey over 12 years ago

The problem is that the URLs are currently stored as Strings.

Here is a snippet from HttpSeekingScanRule.java:

// See if the entry is in the list or URLs already processed
for( String oldURL : urls ){
    if( oldURL.equalsIgnoreCase(str) ){
        found = true;
    }
}

We need to stored URL instances in order to treat protocols differently or parse the URL into a URL instance and search for both HTTP and HTTPS instances.

#3 Updated by Luke Murphey over 12 years ago

Target version deleted (~~1.0.6~~)

#4 Updated by Luke Murphey almost 10 years ago

Assignee deleted (~~Luke Murphey~~)

Also available in: Atom PDF

Project

General

Profile

ThreatFactor NSIA

Issues

Custom queries