find_hostname_in_userinput, cleanup & use new normalize function

bitterpanda63 · bitterpanda63 · commit 0ab2c2fd61e7 · 2025-07-11T15:25:07.000+02:00
diff --git a/aikido_zen/vulnerabilities/ssrf/find_hostname_in_userinput.py b/aikido_zen/vulnerabilities/ssrf/find_hostname_in_userinput.py
@@ -2,27 +2,27 @@
 Only exports find_hostname_in_userinput function
 """
 
-from typing import Optional, List, Tuple
+from typing import Optional, List
 
 from aikido_zen.helpers.get_port_from_url import get_port_from_url
 from aikido_zen.helpers.try_parse_url import try_parse_url
+from aikido_zen.vulnerabilities.ssrf.normalize_string_to_hostname_and_port import (
+    normalize_string_to_hostname_and_port,
+)
 
 
 def find_hostname_in_userinput(
-    user_input: str, normalized_hostname: str, port: Optional[int] = None
+    user_input: str, hostname_variants: List[str], port: Optional[int] = None
 ):
     """
     Returns true if the hostname is in userinput
     """
-    normalized_hostname = normalized_hostname.lower()
     if len(user_input) <= 1:
         return False
 
-    user_input_variants = [user_input, f"http://{user_input}", f"https://{user_input}"]
-    user_input_normalized_variants = normalize_raw_url_variants(user_input_variants)
+    user_input_variants = normalize_string_to_hostname_and_port(user_input)
 
-    for user_input_hostname, user_input_port in user_input_normalized_variants:
-        hostname_variants = [normalized_hostname, f"[{normalized_hostname}]"]
+    for user_input_hostname, user_input_port in user_input_variants:
         if user_input_hostname in hostname_variants:
             # We were unable to retrieve the port from the URL, likely because it contains an invalid port.
             # Let's assume we have found the hostname in the user input, even though it doesn't match on port.
@@ -36,17 +36,3 @@ def find_hostname_in_userinput(
                 return True
 
     return False
-
-
-def normalize_raw_url_variants(
-    url_variants: List[str],
-) -> List[Tuple[str, Optional[int]]]:
-    normalized_variants = []
-    for variant in url_variants:
-        # Try parse the variant as an url,
-        user_input_url = try_parse_url(variant)
-        if not user_input_url or not user_input_url.hostname:
-            continue
-        port = get_port_from_url(user_input_url.geturl())
-        normalized_variants.append((user_input_url.hostname.lower(), port))
-    return normalized_variants
diff --git a/aikido_zen/vulnerabilities/ssrf/find_hostname_in_userinput_test.py b/aikido_zen/vulnerabilities/ssrf/find_hostname_in_userinput_test.py
@@ -11,7 +11,7 @@ def find_hostname_in_userinput(user_input, hostname, port=None):
     if not hostname_url:
         return False
     normalized_hostname = hostname_url.hostname
-    return _find_hostname_in_userinput(user_input, normalized_hostname, port)
+    return _find_hostname_in_userinput(user_input, [normalized_hostname], port)
 
 
 def test_returns_false_if_user_input_and_hostname_are_empty():
