add POST check for debugging console from laravel, symfony, and rails

hannob · Jul 27, 2024 · ece8e7b · ece8e7b
1 parent c788e62
commit ece8e7b
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 0 deletions.
diff --git a/TESTS.md b/TESTS.md
@@ -418,6 +418,14 @@ about possibly installed software on a developer machine or file names. Impact i
 usually low, but it is very common.
 
 
+postdebug
+---------
+
+Some web frameworks show a debugging console when they receive an unexpected HTTP
+method. This can often be triggered by sending a POST request to the main page. This
+test looks for such debugging consoles from Laravel, Symfony, and Rails.
+
+
 axfr
 ----
 

diff --git a/snallygaster b/snallygaster
@@ -785,6 +785,24 @@ def test_desktopini(url):
         pout("desktopini", url + "/Desktop.ini")
 
 
+@DEFAULT
+def test_postdebug(url):
+    try:
+        r = pool.request("POST", url, retries=False, redirect=False)
+        data = r.data.decode("ascii", errors="ignore")
+        if (
+            "The POST method is not supported for" in data
+            and "Symfony\\Component\\HttpKernel\\Exception" in data
+        ):
+            pout("postdebug_laravel", url + " POST")
+        elif "Symfony Exception" in data and '<div class="exception-' in data:
+            pout("postdebug_symfony", url + " POST")
+        elif "<title>Action Controller: Exception caught" in data:
+            pout("postdebug_rails", url + " POST")
+    except (urllib3.exceptions.HTTPError, UnicodeError, ConnectionRefusedError):
+        pass
+
+
 @DEFAULT
 @HOSTNAME
 def test_axfr(qhost):