Fix lfi with open redirect

tests/attack/test_mod_file.py

@@ -47,6 +47,23 @@ async def test_inclusion_detection():
         assert ["f", "/etc/services"] in persister.add_payload.call_args_list[0][1]["request"].get_params
 
 
+@pytest.mark.asyncio
+async def test_open_redirect():
+    persister = AsyncMock()
+    request = Request("http://127.0.0.1:65085/open_redirect.php?url=toto")
+    #request.path_id = 42
+
+    crawler_configuration = CrawlerConfiguration(Request("http://127.0.0.1:65085/"))
+    async with AsyncCrawler.with_configuration(crawler_configuration) as crawler:
+        options = {"timeout": 10, "level": 2}
+
+        module = ModuleFile(crawler, persister, options, Event(), crawler_configuration)
+        module.do_post = False
+        await module.attack(request)
+
+        assert pytest.raises(httpx.InvalidURL)
+
+
 @pytest.mark.asyncio
 async def test_loknop_lfi_to_rce():
     # https://gist.github.com/loknop/b27422d355ea1fd0d90d6dbc1e278d4d

wapitiCore/attack/mod_file.py

@@ -22,7 +22,7 @@
 from time import monotonic
 from typing import Optional, Iterator
 
-from httpx import ReadTimeout, RequestError
+from httpx import ReadTimeout, RequestError, InvalidURL
 
 from wapitiCore.main.log import log_red, log_orange, log_verbose, logging
 from wapitiCore.attack.attack import Attack
@@ -200,6 +200,9 @@ async def attack(self, request: Request, response: Optional[Response] = None):
             except RequestError:
                 self.network_errors += 1
                 continue
+            except InvalidURL:
+                logging.warning(f"Invalid URL: {mutated_request.url} potentially vulnerable to open redirect")
+                continue
             else:
                 file_warning = None
                 for i, rule in enumerate(payload_info.rules):