Consistently use strings for HTTP request options

zeroSteiner · zeroSteiner · commit d4ce2ece8a21 · 2024-10-24T16:43:57.000-04:00
diff --git a/lib/msf/core/exploit/remote/http_client.rb b/lib/msf/core/exploit/remote/http_client.rb
@@ -354,10 +354,17 @@ def cleanup
   end
 
   #
-  # Connects to the server, creates a request, sends the request, reads the response
+  # Connects to the server, creates a request, sends the request, reads the response.
+  #
+  # In certain cases such as when the response is a 401 and the client is configured for authentication, more than one
+  # request may be sent to the server. A degree of control over disconnecting the client's underlying socket can be
+  # obtained by toggling the disconnect option.
   #
   # Passes +opts+ through directly to Rex::Proto::Http::Client#request_raw.
   #
+  # @param [Hash] opts Options with which to make the HTTP request
+  # @param [Integer] timeout The timeout for requests and responses
+  # @param [Boolean] disconnect Whether to disconnect the client's socket after the last request has been made
   def send_request_raw(opts = {}, timeout = 20, disconnect = false)
     if datastore['HttpClientTimeout'] && datastore['HttpClientTimeout'] > 0
       actual_timeout = datastore['HttpClientTimeout']
@@ -366,7 +373,7 @@ def send_request_raw(opts = {}, timeout = 20, disconnect = false)
     end
 
     c = opts['client'] || connect(opts)
-    r = opts[:cgi] ? c.request_cgi(opts) : c.request_raw(opts)
+    r = opts['cgi'] ? c.request_cgi(opts) : c.request_raw(opts)
 
     res = c.send_recv(r, actual_timeout)
 
@@ -410,7 +417,7 @@ def send_request_cgi(opts = {}, timeout = 20, disconnect = true)
       opts = opts.merge({ 'cookie' => cookie_jar.cookies.join('; ') })
     end
 
-    res = send_request_raw(opts.merge(cgi: true), timeout, disconnect)
+    res = send_request_raw(opts.merge('cgi' => true), timeout, disconnect)
     return unless res
 
     if opts['keep_cookies'] && res.headers['Set-Cookie'].present?
