search

flipkart-incubator / Astra

Automated Security Testing For REST API's
Apache License 2.0
2.49k stars 397 forks source link

Uncaught Exception in in `modules/cors.py` #38

Closed snguyenthanh closed 6 years ago

snguyenthanh commented 6 years ago

I got the following error when trying to submit an URL to my local REST server:

  File "../astra.py", line 110, in modules_scan
    cors_main(url,method,headers,body,scanid)
  File "../modules/cors.py", line 69, in cors_main
    origin_headers = generate_origin(url)
  File "../modules/cors.py", line 60, in generate_origin
    postfixurl = domain_name+'.attackersite.com'
TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'

As I see, in modules.cors.generate_origin, from line 59, this caused the error:

domain_name = urlparse(url).hostname
postfixurl = domain_name+'.attackersite.com'

From the urlparse's docs, the hostname return a None object if no hostname is found. I think we need to add a validator here to check domain_name is not None.

sagarpo commented 6 years ago

@snguyenthanh. What arguments did you pass to astra?

snguyenthanh commented 6 years ago

@sagarpo I didn't pass anything in the headers and body. I only filled the Product Name and URL.

sagarpo commented 6 years ago

@snguyenthanh I am not able to reproduce the same in my system. I have tried the same on my mac and Ubuntu system. What was the URL did you pass?

snguyenthanh commented 6 years ago

hmm I also fail to reproduce the error again... I think just leave this as a note. The issue can be closed.

sagarpo commented 6 years ago

@snguyenthanh.. cool. I am closing the issue. Feel free to open it if you face the same.