From 553f7bc0f1e859ccd9481cd6ae196beb1799b42a Mon Sep 17 00:00:00 2001 From: Xavier Mendez Date: Fri, 24 Oct 2014 10:44:01 +0100 Subject: [PATCH] quote subprocess call --- plugins/scripts/screenshot.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/plugins/scripts/screenshot.py b/plugins/scripts/screenshot.py index 9e3190b9..cf3efdad 100644 --- a/plugins/scripts/screenshot.py +++ b/plugins/scripts/screenshot.py @@ -3,6 +3,7 @@ import subprocess import tempfile +import pipes @moduleman_plugin class screenshot(BasePlugin): @@ -12,10 +13,10 @@ class screenshot(BasePlugin): priority = 99 def validate(self, fuzzresult): - return fuzzresult.code in [200] + return fuzzresult.code not in [404] def process(self, fuzzresult): (fd, filename) = tempfile.mkstemp() - subprocess.call(['cutycapt', '--url=%s' % fuzzresult.url, '--out=%s.png' % filename]) + subprocess.call(['cutycapt', '--url=%s' % pipes.quote(fuzzresult.url), '--out=%s.png' % filename]) self.add_result("Screnshot taken, output at %s.png" % filename)