From 0ca5c02de71c1df5957064cd5d8cc3497f7c6b79 Mon Sep 17 00:00:00 2001
From: M09Ic <m09ician@gmail.com>
Date: Wed, 30 Oct 2024 16:11:05 +0800
Subject: [PATCH] enhance: skip not same host redirect

---
 internal/pool/brutepool.go | 32 ++++++++++++++++++++------------
 pkg/baseline.go            |  1 +
 2 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/internal/pool/brutepool.go b/internal/pool/brutepool.go
index 2317767..e79ab6e 100644
--- a/internal/pool/brutepool.go
+++ b/internal/pool/brutepool.go
@@ -315,7 +315,7 @@ func (pool *BrutePool) Invoke(v interface{}) {
 
 	// 手动处理重定向
 	if bl.IsValid && unit.source != parsers.CheckSource && bl.RedirectURL != "" {
-		//pool.wg.Add(1)
+		bl.SameDomain = pool.checkHost(bl.RedirectURL)
 		pool.doRedirect(bl, unit.depth)
 	}
 
@@ -508,7 +508,7 @@ func (pool *BrutePool) Handler() {
 
 func (pool *BrutePool) checkRedirect(redirectURL string) bool {
 	if pool.random.RedirectURL == "" {
-		// 如果random的redirectURL为空, 此时该项
+		// 如果random的redirectURL为空, 忽略
 		return true
 	}
 
@@ -562,7 +562,9 @@ func (pool *BrutePool) PreCompare(resp *ihttp.Response) error {
 	return nil
 }
 
-func (pool *BrutePool) checkHostname(u string) bool {
+// same host return true
+// diff host return false
+func (pool *BrutePool) checkHost(u string) bool {
 	if v, err := url.Parse(u); err == nil {
 		if v.Host == "" {
 			return true
@@ -582,8 +584,19 @@ func (pool *BrutePool) BaseCompare(bl *pkg.Baseline) bool {
 	}
 	var status = -1
 
+	// 30x状态码的特殊处理
+	if bl.RedirectURL != "" {
+		if bl.SameDomain && strings.HasSuffix(bl.RedirectURL, bl.Url.Path+"/") {
+			bl.Reason = pkg.ErrFuzzyRedirect.Error()
+			return false
+		}
+	}
+
 	// 使用与baseline相同状态码, 需要在fuzzystatus中提前配置
 	base, ok := pool.baselines[bl.Status] // 挑选对应状态码的baseline进行compare
+	if bl.IsBaseline {
+		ok = false
+	}
 	if !ok {
 		if pool.random.Status == bl.Status {
 			// 当other的状态码与base相同时, 会使用base
@@ -596,15 +609,7 @@ func (pool *BrutePool) BaseCompare(bl *pkg.Baseline) bool {
 		}
 	}
 
-	// 30x状态码的特殊处理
-	if bl.RedirectURL != "" {
-		if pool.checkHostname(bl.RedirectURL) && strings.HasSuffix(bl.RedirectURL, bl.Url.Path+"/") {
-			bl.Reason = pkg.ErrFuzzyRedirect.Error()
-			return false
-		}
-	}
-
-	if ok && !bl.IsBaseline {
+	if ok {
 		if status = base.Compare(bl); status == 1 {
 			bl.Reason = pkg.ErrCompareFailed.Error()
 			return false
@@ -704,6 +709,9 @@ func (pool *BrutePool) doRedirect(bl *pkg.Baseline, depth int) {
 	if depth >= pool.MaxRedirect {
 		return
 	}
+	if !bl.SameDomain {
+		return // 不同域名的重定向不处理
+	}
 	reURL := pkg.FormatURL(bl.Url.Path, bl.RedirectURL)
 	pool.wg.Add(1)
 	go func() {
diff --git a/pkg/baseline.go b/pkg/baseline.go
index aacf1a0..d17e1b1 100644
--- a/pkg/baseline.go
+++ b/pkg/baseline.go
@@ -125,6 +125,7 @@ type Baseline struct {
 	URLs       []string       `json:"-"`
 	Collected  bool           `json:"-"`
 	Retry      int            `json:"-"`
+	SameDomain bool           `json:"-"`
 	IsBaseline bool           `json:"-"`
 }