diff --git a/pyrit/prompt_target/http_target/http_target.py b/pyrit/prompt_target/http_target/http_target.py index f95be4fde0..a4d067cffd 100644 --- a/pyrit/prompt_target/http_target/http_target.py +++ b/pyrit/prompt_target/http_target/http_target.py @@ -280,7 +280,6 @@ def _infer_full_url_from_host( headers_dict: dict[str, str], ) -> str: # If path is already a full URL, return it as is - path = path.lower() if path.startswith(("http://", "https://")): return path diff --git a/tests/unit/target/test_http_target.py b/tests/unit/target/test_http_target.py index 6e977edf7c..e8812da2d9 100644 --- a/tests/unit/target/test_http_target.py +++ b/tests/unit/target/test_http_target.py @@ -93,12 +93,12 @@ def test_parse_raw_http_request_ignores_content_length(patch_central_database): def test_parse_raw_http_respects_url_path(patch_central_database): request1 = ( - "POST https://diffsite.com/test/ HTTP/1.1\nHost: example.com\nContent-Type: " + "POST https://diffsite.com/Test/Path?Token=AbC123 HTTP/1.1\nHost: example.com\nContent-Type: " "application/json\nContent-Length: 100\n\n" ) target = HTTPTarget(http_request=request1) headers, _, url, _, _ = target.parse_raw_http_request(request1) - assert url == "https://diffsite.com/test/" + assert url == "https://diffsite.com/Test/Path?Token=AbC123" # The host header should still be example.com assert headers == {"host": "example.com", "content-type": "application/json"} diff --git a/tests/unit/target/test_http_target_parsing.py b/tests/unit/target/test_http_target_parsing.py index a99ea625e8..d69e79acd6 100644 --- a/tests/unit/target/test_http_target_parsing.py +++ b/tests/unit/target/test_http_target_parsing.py @@ -59,6 +59,17 @@ def test_parse_raw_http_request(mock_http_target): assert version == "HTTP/1.1" +def test_parse_raw_http_request_preserves_relative_url_case(sqlite_instance): + request = "GET /CaseSensitive/Run?token=AbC123&Mode=Keep HTTP/1.1\nHost: Example.COM\n\n" + target = HTTPTarget(http_request=request) + + _, _, url, method, version = target.parse_raw_http_request(request) + + assert url == "https://Example.COM/CaseSensitive/Run?token=AbC123&Mode=Keep" + assert method == "GET" + assert version == "HTTP/1.1" + + def test_parse_regex_response_no_match(): mock_response = MagicMock() mock_response.content = b"No match here"