Ran tidy for #727

sullo · sullo · commit 150cb9ef535e · 2023-12-03T11:16:14.000-05:00
diff --git a/program/plugins/nikto_auth.plugin b/program/plugins/nikto_auth.plugin
@@ -132,7 +132,8 @@ sub nikto_auth {
     $save_auth = $response->{'www-authenticate'};
 
     # Now we can try the passwords
-    nprint("Testing creds for '$realm'", "v", ($mark->{'hostname'}, $mark->{'ip'}, $mark->{'displayname'}));
+    nprint("Testing creds for '$realm'",
+           "v", ($mark->{'hostname'}, $mark->{'ip'}, $mark->{'displayname'}));
     my $success = 0;
     foreach my $entry (@{$REALMS}) {
         return if $mark->{'terminate'};
@@ -164,7 +165,7 @@ sub nikto_auth {
         $mark->{'realms'}{$realm}{'password'} = $entry->{'password'};
         $mark->{'realms'}{$realm}{'authtype'} = $authtype;
 
-        if ($response->{'whisker'}->{'code'} !~ /40[13]/
+        if (   $response->{'whisker'}->{'code'} !~ /40[13]/
             && $response->{'whisker'}->{'code'} ne "500"
             && !defined $response->{'whisker'}->{'error'}) {
             unless ($entry->{'checked'} == 1) {
@@ -180,7 +181,8 @@ sub nikto_auth {
                     $ref = "CWE-16";
                 }
                 else {
-                    $message = $request->{'whisker'}->{'uri'} .": Default account found for '$realm' at (ID '$entry->{'id'}', PW '$entry->{'password'}'). $entry->{message}.";
+                    $message = $request->{'whisker'}->{'uri'}
+                      . ": Default account found for '$realm' at (ID '$entry->{'id'}', PW '$entry->{'password'}'). $entry->{message}.";
                     $ref = "CWE-16";
                 }
 
@@ -189,7 +191,7 @@ sub nikto_auth {
                                   $request, $response);
 
                 # Mark it successful
-                $success = 1;
+                $success                            = 1;
                 $entry->{'checked'}                 = 1;
                 $mark->{'realms'}{$realm}{'status'} = 1;
                 $mark->{'realms'}{'default'}        = $mark->{'realms'}{$realm};
diff --git a/program/plugins/nikto_cookies.plugin b/program/plugins/nikto_cookies.plugin
@@ -50,7 +50,8 @@ sub nikto_cookies_postfetch {
         # secure flag
         if ($c !~ /secure/i && $mark->{ssl}) {
             add_vulnerability($mark,
-                              $request->{'whisker'}->{'uri'} . ": Cookie $cname created without the secure flag",
+                              $request->{'whisker'}->{'uri'}
+                                . ": Cookie $cname created without the secure flag",
                               999961,
                               "https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies",
                               $request->{'whisker'}->{'method'},
@@ -63,7 +64,8 @@ sub nikto_cookies_postfetch {
         # httponly flag
         if ($c !~ /httponly/i) {
             add_vulnerability($mark,
-                              $request->{'whisker'}->{'uri'} . ": Cookie $cname created without the httponly flag",
+                              $request->{'whisker'}->{'uri'}
+                                . ": Cookie $cname created without the httponly flag",
                               000137,
                               "https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies",
                               $request->{'whisker'}->{'method'},
@@ -96,7 +98,8 @@ sub nikto_cookies_postfetch {
                         # is it an internal, or just different?
                         my $int;
                         if ($internal) { $int = "RFC-1918 "; }
-                        $msg = $request->{'whisker'}->{'uri'} . ": ${int}IP address found in the '$cname' cookie. The IP is \"$ip\".";
+                        $msg = $request->{'whisker'}->{'uri'}
+                          . ": ${int}IP address found in the '$cname' cookie. The IP is \"$ip\".";
                     }
                     add_vulnerability($mark, $msg, 999991, $refs,
                                       $request->{'whisker'}->{'method'},
diff --git a/program/plugins/nikto_core.plugin b/program/plugins/nikto_core.plugin
@@ -1544,13 +1544,13 @@ sub check_dbs {
                     nprint("\t+ ERROR: Possible \@CGIDIRS misspelling: $line");
                 }
                 if ($L[3] =~ /[\s]/) {
-                        nprint("\t+ ERROR: space in file portion test #$L[0]: '$L[3]'");
+                    nprint("\t+ ERROR: space in file portion test #$L[0]: '$L[3]'");
                 }
                 if ($line =~ /[^\\]"\s/) {
-                        nprint("\t+ ERROR: space after quote #$L[0]: $line");
+                    nprint("\t+ ERROR: space after quote #$L[0]: $line");
                 }
                 if ($line =~ /\s"/) {
-                        nprint("\t+ ERROR: space before quote #$L[0]: $line");
+                    nprint("\t+ ERROR: space before quote #$L[0]: $line");
                 }
                 $ENTRIES{"$L[3],$L[4],$L[5],$L[6],$L[7],$L[8],$L[9],$L[11],$L[12]"}++;
                 if ((count_fields($line, 1) ne 12) && (count_fields($line) ne '')) {
@@ -2476,7 +2476,10 @@ sub nfetch {
 
     # Set auth
     if ($mark->{'realms'}{'default'}{'authtype'} ne '') {
-        LW2::auth_set($mark->{'realms'}{'default'}{'authtype'}, $request, $mark->{'realms'}{'default'}{'id'}, $mark->{'realms'}{'default'}{'password'});
+        LW2::auth_set($mark->{'realms'}{'default'}{'authtype'},
+                      $request,
+                      $mark->{'realms'}{'default'}{'id'},
+                      $mark->{'realms'}{'default'}{'password'});
     }
 
     # Set cookies
diff --git a/program/plugins/nikto_embedded.plugin b/program/plugins/nikto_embedded.plugin
@@ -59,9 +59,15 @@ sub nikto_embedded {
                     $model =~ s/\+/ /g;
 
                     if ($model ne "") {
-                        add_vulnerability($mark, "$item->{'uri'}: $item->{'message'} $model",
-                                          $item->{'nikto_id'}, "", "GET", $item->{'uri'}, $request,
-                                          $response);
+                        add_vulnerability($mark,
+                                          "$item->{'uri'}: $item->{'message'} $model",
+                                          $item->{'nikto_id'},
+                                          "",
+                                          "GET",
+                                          $item->{'uri'},
+                                          $request,
+                                          $response
+                                          );
                     }
                 }
             }
diff --git a/program/plugins/nikto_headers.plugin b/program/plugins/nikto_headers.plugin
@@ -245,16 +245,16 @@ sub nikto_headers_postfetch {
         $HFOUND{'x-drupal-cache'} = 1;
     }
     if (defined $result->{'link'} && $HFOUND{'link'} != 1) {
-        add_vulnerability($mark,
-                          $request->{'whisker'}{'uri'}
-                            . ": Link header found with value: $result->{'link'}.",
-                          "000427",
-                          "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Link",
-                          $request->{'whisker'}->{'method'},
-                          $request->{'whisker'}->{'uri'},
-                          $request,
-                          $result
-                          );
+        add_vulnerability(
+                $mark,
+                $request->{'whisker'}{'uri'} . ": Link header found with value: $result->{'link'}.",
+                "000427",
+                "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Link",
+                $request->{'whisker'}->{'method'},
+                $request->{'whisker'}->{'uri'},
+                $request,
+                $result
+                );
         $HFOUND{'link'} = 1;
     }
 
@@ -372,19 +372,19 @@ sub nikto_headers_postfetch {
             my ($protocol, $msg);
             $result->{'alt-svc'} =~ /.*(h[23])="([^"]+)"/;
             my $endpoint = $2;
-            if    ($1 eq "h2")  { 
-                $protocol = "HTTP/2 over TLS"; 
+            if ($1 eq "h2") {
+                $protocol = "HTTP/2 over TLS";
             }
-            elsif ($1 eq "h2c") { 
-                $protocol = "HTTP/2 over TCP"; 
-                $msg = " Unencrypted."; 
+            elsif ($1 eq "h2c") {
+                $protocol = "HTTP/2 over TCP";
+                $msg      = " Unencrypted.";
             }
             elsif ($1 eq "h3") {
                 $protocol = "HTTP/3";
                 $msg      = " Nikto cannot test HTTP/3 over QUIC.";
             }
-            else { 
-                $protocol = $1; 
+            else {
+                $protocol = $1;
             }
 
             add_vulnerability(
diff --git a/program/plugins/nikto_put_del_test.plugin b/program/plugins/nikto_put_del_test.plugin
@@ -46,15 +46,15 @@ sub nikto_put_del_test {
           nfetch($mark, $uri, "GET", "", "", "", "put_del_test: GET");
         if ($content =~ /This was a Nikto test/) {
             add_vulnerability(
-                            $mark,
-                            "$uri: HTTP method 'PUT' allows clients to save files on the web server.",
-                            999995,
-                            "https://portswigger.net/kb/issues/00100900_http-put-method-is-enabled",
-                            "PUT",
-                            $uri,
-                            $request,
-                            $response
-                            );
+                          $mark,
+                          "$uri: HTTP method 'PUT' allows clients to save files on the web server.",
+                          999995,
+                          "https://portswigger.net/kb/issues/00100900_http-put-method-is-enabled",
+                          "PUT",
+                          $uri,
+                          $request,
+                          $response
+                          );
 
             # we were able to put it there--can we delete it?
             ($res, $content, $error, $request, $response) =
@@ -65,11 +65,15 @@ sub nikto_put_del_test {
                 if ($content !~ /This was a Nikto test/)    # gone now
                 {
                     add_vulnerability(
-                           $mark,
-                           "$uri: HTTP method 'DELETE' allows clients to delete files on the web server.",
-                           999994,   "https://cwe.mitre.org/data/definitions/650.html",
-                           "DELETE", $uri, $request, $response
-                           );
+                        $mark,
+                        "$uri: HTTP method 'DELETE' allows clients to delete files on the web server.",
+                        999994,
+                        "https://cwe.mitre.org/data/definitions/650.html",
+                        "DELETE",
+                        $uri,
+                        $request,
+                        $response
+                        );
                 }
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -1544,13 +1544,13 @@ sub check_dbs {`
`1544`	`1544`	`nprint("\t+ ERROR: Possible \@CGIDIRS misspelling: $line");`
`1545`	`1545`	`}`
`1546`	`1546`	`if ($L[3] =~ /[\s]/) {`
`1547`		`- nprint("\t+ ERROR: space in file portion test #$L[0]: '$L[3]'");`
	`1547`	`+ nprint("\t+ ERROR: space in file portion test #$L[0]: '$L[3]'");`
`1548`	`1548`	`}`
`1549`	`1549`	`if ($line =~ /[^\\]"\s/) {`
`1550`		`- nprint("\t+ ERROR: space after quote #$L[0]: $line");`
	`1550`	`+ nprint("\t+ ERROR: space after quote #$L[0]: $line");`
`1551`	`1551`	`}`
`1552`	`1552`	`if ($line =~ /\s"/) {`
`1553`		`- nprint("\t+ ERROR: space before quote #$L[0]: $line");`
	`1553`	`+ nprint("\t+ ERROR: space before quote #$L[0]: $line");`
`1554`	`1554`	`}`
`1555`	`1555`	`$ENTRIES{"$L[3],$L[4],$L[5],$L[6],$L[7],$L[8],$L[9],$L[11],$L[12]"}++;`
`1556`	`1556`	`if ((count_fields($line, 1) ne 12) && (count_fields($line) ne '')) {`
`@@ -2476,7 +2476,10 @@ sub nfetch {`
`2476`	`2476`
`2477`	`2477`	`# Set auth`
`2478`	`2478`	`if ($mark->{'realms'}{'default'}{'authtype'} ne '') {`
`2479`		`- LW2::auth_set($mark->{'realms'}{'default'}{'authtype'}, $request, $mark->{'realms'}{'default'}{'id'}, $mark->{'realms'}{'default'}{'password'});`
	`2479`	`+ LW2::auth_set($mark->{'realms'}{'default'}{'authtype'},`
	`2480`	`+ $request,`
	`2481`	`+ $mark->{'realms'}{'default'}{'id'},`
	`2482`	`+ $mark->{'realms'}{'default'}{'password'});`
`2480`	`2483`	`}`
`2481`	`2484`
`2482`	`2485`	`# Set cookies`
Original file line number	Diff line number	Diff line change
`@@ -59,9 +59,15 @@ sub nikto_embedded {`
`59`	`59`	`$model =~ s/\+/ /g;`
`60`	`60`
`61`	`61`	`if ($model ne "") {`
`62`		`- add_vulnerability($mark, "$item->{'uri'}: $item->{'message'} $model",`
`63`		`- $item->{'nikto_id'}, "", "GET", $item->{'uri'}, $request,`
`64`		`- $response);`
	`62`	`+ add_vulnerability($mark,`
	`63`	`+ "$item->{'uri'}: $item->{'message'} $model",`
	`64`	`+ $item->{'nikto_id'},`
	`65`	`+ "",`
	`66`	`+ "GET",`
	`67`	`+ $item->{'uri'},`
	`68`	`+ $request,`
	`69`	`+ $response`
	`70`	`+ );`
`65`	`71`	`}`
`66`	`72`	`}`
`67`	`73`	`}`