Revert "removed HTTP parser, now its a dependency"

This reverts commit ad60362.

Author: luisfontes19

package-lock.json

@@ -42,7 +42,6 @@
     "@types/node": "^13.7.7",
     "axios": "^0.19.2",
     "express": "^4.17.1",
-    "raw-request-parser": "^1.0.7",
     "readline": "^1.3.0",
     "xpath": "0.0.27",
     "yargs": "^15.3.0"

package.json

@@ -0,0 +1,84 @@
+import fs from 'fs';
+import * as Axios from 'axios';
+import { Method } from 'axios';
+import { json } from 'express';
+
+export interface RequestStruct {
+  headers: Record<string, string>;
+  body: string;
+  url: string;
+  method: Method;
+}
+
+export class HTTPParser {
+
+  public static fromString(fileContent: string): RequestStruct | null {
+    try {
+      fileContent = fileContent.replace(/(\r\n|\n|\r)/gm, "\n");
+
+      let firstNewLineIndex = fileContent.indexOf("\n");
+      if (firstNewLineIndex === -1) firstNewLineIndex = fileContent.length;
+
+      const startLine = fileContent.substring(0, firstNewLineIndex);
+      const startLineArray = startLine.split(" ");
+      const method: Method = startLineArray[0] as Method;
+      const path = startLineArray[1];
+      let emptyLine = fileContent.indexOf("\n\n");
+      if (emptyLine === -1) emptyLine = fileContent.length;
+
+      const headersArray = fileContent.substring(firstNewLineIndex + 1, emptyLine).split("\n");
+      const headers: Record<string, string> = {};
+      const body = fileContent.substring(emptyLine + 2);
+
+      headersArray.forEach(h => {
+        const delimiterIndex = h.indexOf(":");
+        const name = h.substring(0, delimiterIndex);
+        const value = h.substring(delimiterIndex + 2);
+        headers[name] = value;
+      });
+
+      //if full url is not in the request lets assume an http to host header
+      let url: string;
+      if (path.startsWith("http"))
+        url = path;
+      else
+        url = "http://" + (headers['host'] || headers['Host']) + path;
+
+      //let axios calculate the length, since we may change it
+      delete headers["content-length"];
+      delete headers["Content-Length"];
+      return { body: body, headers: headers, method: method, url: url };
+    }
+    catch (ex) {
+      console.error("[HTTPParser] - Error parsing request file");
+      console.error(ex);
+      return null;
+    }
+  }
+
+  public static async fromFile(filepath: string): Promise<RequestStruct | null> {
+    return new Promise((resolve, reject) => {
+      fs.readFile(filepath, (err, data: Buffer) => {
+        if (err) { reject(err); return; }
+
+        resolve(HTTPParser.fromString(data.toString()));
+
+      });
+    });
+  }
+
+
+
+  public static axiosResponseToString(r: Axios.AxiosResponse): string {
+    let responseString = `HTTP/${r.request.res.httpVersion} ${r.status} ${r.statusText}\n`;
+
+    Object.entries(r.headers).forEach(([key, value]) => {
+      responseString += `${key}: ${value}\n`;
+    });
+
+    const body = (typeof r.data === "object") ? JSON.stringify(r.data) : r.data;
+    responseString += `\n${body}`;
+
+    return responseString;
+  }
+}

src/HTTPParser.ts

@@ -1,7 +1,8 @@
+import fs from 'fs';
 import * as Axios from 'axios';
 import * as Https from 'https';
 import { PayloadGenerator } from './PayloadGenerator';
-import { RawRequestParser, RequestStruct } from 'raw-request-parser';
+import { HTTPParser, RequestStruct } from './HTTPParser';
 
 
 
@@ -11,7 +12,7 @@ export class Requester {
   public static async fromFile(templatePath: string, payload: string, line?: string): Promise<[Axios.AxiosResponse, string?]> {
 
     return new Promise((resolve, reject) => {
-      RawRequestParser.fromFile(templatePath).then((parsedRequest) => {
+      HTTPParser.fromFile(templatePath).then((parsedRequest) => {
         Requester.doRequest(parsedRequest, payload).then((response) => { resolve([response, line]); }).catch(err => reject([err, line]));
       });
 
@@ -21,7 +22,7 @@ export class Requester {
   public static async fromString(requestContent: string, payload: string, line?: string): Promise<[Axios.AxiosResponse, string?]> {
 
     return new Promise((resolve, reject) => {
-      const parsedRequest = RawRequestParser.fromString(requestContent);
+      const parsedRequest = HTTPParser.fromString(requestContent);
       Requester.doRequest(parsedRequest, payload).then((response) => { resolve([response, line]); }).catch(err => reject([err, line]));
     });
   }

src/Requester.ts

@@ -0,0 +1,55 @@
+
+import { expect } from "chai";
+import * as Axios from 'axios';
+import { XXEServer } from "../src/XXEServer";
+import { HTTPParser } from "../src/HTTPParser";
+import fs from 'fs';
+import path from 'path';
+
+describe('HTTPParser', () => {
+
+
+  it('should parse http request from string', () => {
+    const request = `GET http://localhost:8000/ HTTP/1.1\nHost: localhost:8000\nConnection: keep-alive\n\ntest`;
+
+    const parsed = HTTPParser.fromString(request);
+    expect(Object.keys(parsed?.headers || {}).length).to.eq(2);
+    expect(parsed?.body).to.eq("test");
+    expect(parsed?.url).to.eq("http://localhost:8000/");
+    expect(parsed?.method).to.eq("GET");
+
+  });
+
+  it("should parse axios response object", () => {
+    const s = new XXEServer("127.0.0.1", 18363);
+    s.addRoute("/", "body");
+    s.start();
+
+    const r = Axios.default({
+      method: "GET",
+      url: "http://127.0.0.1:18363/",
+    });
+
+    r.then(resp => {
+      const respString = HTTPParser.axiosResponseToString(resp);
+      expect(respString).to.contain("HTTP/1.1 200 OK");
+      expect(respString).to.contain("x-powered-by: Express");
+      expect(respString).to.contain("\n\nbody");
+      expect(respString).to.contain("connection: close");
+
+      s.stop();
+    });
+
+  });
+
+
+  it("should parse request from filepath", () => {
+    HTTPParser.fromFile("tests/data/request.txt").then((parsed) => {
+      expect(Object.keys(parsed?.headers || {}).length).to.eq(2);
+      expect(parsed?.body).to.eq("test");
+      expect(parsed?.url).to.eq("http://localhost:8000/");
+      expect(parsed?.method).to.eq("GET");
+    });
+  });
+
+});