cristiancmoises
/
gophish
mirror of https://github.com/gophish/gophish
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Moved rid parameter to a separate constant. Fixes #911

pull/1003/head
Jordan Wright 2018-02-22 23:02:27 -06:00
parent 1426376aa5
commit c9ff8714a0
No known key found for this signature in database
GPG Key ID: 138D5AD2331B3C11
4 changed files with 22 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
controllers/phish.go
View File

@ -127,13 +127,19 @@ func PhishHandler(w http.ResponseWriter, r *http.Request) {
if fn == "" { if fn == "" {
fn = f.Address fn = f.Address
} }
phishURL, _ := url.Parse(c.URL)
q := phishURL.Query()
q.Set(models.RecipientParameter, rs.RId)
phishURL.RawQuery = q.Encode()
rsf := struct { rsf := struct {
models.Result models.Result
URL string URL string
From string From string
}{ }{
rs, rs,
c.URL + "?rid=" + rs.RId, phishURL.String(),
fn, fn,
} }
err = tmpl.Execute(&htmlBuff, rsf) err = tmpl.Execute(&htmlBuff, rsf)
@ -156,7 +162,7 @@ func setupContext(r *http.Request) (error, *http.Request) {
Logger.Println(err) Logger.Println(err)
return err, r return err, r
} }
id := r.Form.Get("rid") id := r.Form.Get(models.RecipientParameter)
if id == "" { if id == "" {
return ErrInvalidRequest, r return ErrInvalidRequest, r
} }

12
controllers/phish_test.go
View File

@ -16,7 +16,7 @@ func (s *ControllersSuite) getFirstCampaign() models.Campaign {
} }
func (s *ControllersSuite) openEmail(rid string) { func (s *ControllersSuite) openEmail(rid string) {
resp, err := http.Get(fmt.Sprintf("%s/track?rid=%s", ps.URL, rid)) resp, err := http.Get(fmt.Sprintf("%s/track?%s=%s", ps.URL, models.RecipientParameter, rid))
s.Nil(err) s.Nil(err)
defer resp.Body.Close() defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body) body, err := ioutil.ReadAll(resp.Body)
@ -27,7 +27,7 @@ func (s *ControllersSuite) openEmail(rid string) {
} }
func (s *ControllersSuite) openEmail404(rid string) { func (s *ControllersSuite) openEmail404(rid string) {
resp, err := http.Get(fmt.Sprintf("%s/track?rid=%s", ps.URL, rid)) resp, err := http.Get(fmt.Sprintf("%s/track?%s=%s", ps.URL, models.RecipientParameter, rid))
s.Nil(err) s.Nil(err)
defer resp.Body.Close() defer resp.Body.Close()
s.Nil(err) s.Nil(err)
@ -35,7 +35,7 @@ func (s *ControllersSuite) openEmail404(rid string) {
} }
func (s *ControllersSuite) clickLink(rid string, campaign models.Campaign) { func (s *ControllersSuite) clickLink(rid string, campaign models.Campaign) {
resp, err := http.Get(fmt.Sprintf("%s/?rid=%s", ps.URL, rid)) resp, err := http.Get(fmt.Sprintf("%s/?%s=%s", ps.URL, models.RecipientParameter, rid))
s.Nil(err) s.Nil(err)
defer resp.Body.Close() defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body) body, err := ioutil.ReadAll(resp.Body)
@ -44,7 +44,7 @@ func (s *ControllersSuite) clickLink(rid string, campaign models.Campaign) {
} }
func (s *ControllersSuite) clickLink404(rid string) { func (s *ControllersSuite) clickLink404(rid string) {
resp, err := http.Get(fmt.Sprintf("%s/?rid=%s", ps.URL, rid)) resp, err := http.Get(fmt.Sprintf("%s/?%s=%s", ps.URL, models.RecipientParameter, rid))
s.Nil(err) s.Nil(err)
defer resp.Body.Close() defer resp.Body.Close()
s.Nil(err) s.Nil(err)
@ -88,11 +88,11 @@ func (s *ControllersSuite) TestNoRecipientID() {
func (s *ControllersSuite) TestInvalidRecipientID() { func (s *ControllersSuite) TestInvalidRecipientID() {
rid := "XXXXXXXXXX" rid := "XXXXXXXXXX"
resp, err := http.Get(fmt.Sprintf("%s/track?rid=%s", ps.URL, rid)) resp, err := http.Get(fmt.Sprintf("%s/track?%s=%s", ps.URL, models.RecipientParameter, rid))
s.Nil(err) s.Nil(err)
s.Equal(resp.StatusCode, http.StatusNotFound) s.Equal(resp.StatusCode, http.StatusNotFound)
resp, err = http.Get(fmt.Sprintf("%s/?rid=%s", ps.URL, rid)) resp, err = http.Get(fmt.Sprintf("%s/?%s=%s", ps.URL, models.RecipientParameter, rid))
s.Nil(err) s.Nil(err)
s.Equal(resp.StatusCode, http.StatusNotFound) s.Equal(resp.StatusCode, http.StatusNotFound)
} }

3
models/campaign.go
View File

@ -91,6 +91,9 @@ var ErrPageNotFound = errors.New("Page not found")
// ErrSMTPNotFound indicates a sending profile specified by the user does not exist in the database // ErrSMTPNotFound indicates a sending profile specified by the user does not exist in the database
var ErrSMTPNotFound = errors.New("Sending profile not found") var ErrSMTPNotFound = errors.New("Sending profile not found")
// RecipientParameter is the URL parameter that points to the result ID for a recipient.
const RecipientParameter = "rid"
// Validate checks to make sure there are no invalid fields in a submitted campaign // Validate checks to make sure there are no invalid fields in a submitted campaign
func (c *Campaign) Validate() error { func (c *Campaign) Validate() error {
switch { switch {

10
models/maillog_test.go
View File

@ -241,10 +241,10 @@ func (s *ModelsSuite) TestUnlockAllMailLogs(ch *check.C) {
func (s *ModelsSuite) TestURLTemplateRendering(ch *check.C) { func (s *ModelsSuite) TestURLTemplateRendering(ch *check.C) {
template := Template{ template := Template{
Name: "URLTemplate", Name: "URLTemplate",
UserId: 1, UserId: 1,
Text: "{{.URL}}", Text: "{{.URL}}",
HTML: "{{.URL}}", HTML: "{{.URL}}",
Subject: "{{.URL}}", Subject: "{{.URL}}",
} }
ch.Assert(PostTemplate(&template), check.Equals, nil) ch.Assert(PostTemplate(&template), check.Equals, nil)
@ -254,7 +254,7 @@ func (s *ModelsSuite) TestURLTemplateRendering(ch *check.C) {
ch.Assert(PostCampaign(&campaign, campaign.UserId), check.Equals, nil) ch.Assert(PostCampaign(&campaign, campaign.UserId), check.Equals, nil)
result := campaign.Results[0] result := campaign.Results[0]
expectedURL := fmt.Sprintf("http://127.0.0.1/%s/?rid=%s", result.Email, result.RId) expectedURL := fmt.Sprintf("http://127.0.0.1/%s/?%s=%s", result.Email, RecipientParameter, result.RId)
m := &MailLog{} m := &MailLog{}
err := db.Where("r_id=? AND campaign_id=?", result.RId, campaign.Id). err := db.Where("r_id=? AND campaign_id=?", result.RId, campaign.Id).